Closed GoogleCodeExporter closed 9 years ago
can you show me the configuration you have imported? Or the generated
configuration? Also note that tls authentifcation is NOT tls key.
Original comment by arne@rfc2549.org
on 28 Aug 2012 at 1:26
# Enables connection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold
# Log window is better readable this way
suppress-timestamps
client
verb 5
connect-retry-max 5
resolv-retry 5
dev tun
remote gate 1194 tcp-client
pkcs12 /mnt/sdcard/key/gs.pfx
tls-auth /mnt/sdcard/key/ta.key
key-direction 1
route-ipv6 ::/0
route 0.0.0.0 0.0.0.0
tls-remote gate
remote-cert-tls server
# Custom configuration options
# You are on your on own here :)
dh /mnt/sdcard/key/dh1024.pem pem
Original comment by usual....@gmail.com
on 28 Aug 2012 at 1:37
Your configuration seems to be okay. Can you check that the ta.key file is
actually correct? From the error messages it sounds that the file is empty.
Original comment by arne@rfc2549.org
on 28 Aug 2012 at 1:52
Yes, file corrupt while copyng.
i fix it,
now i have another error:
Opening tun interface failed badly
Error: Cannot create interface
on my android a do not root access
Original comment by usual....@gmail.com
on 28 Aug 2012 at 2:42
Can you show me a log file?
Original comment by arne@rfc2549.org
on 28 Aug 2012 at 2:46
Running on U8860 (U8860) Huawei, Android API 15
Building configuration…
Network Status: CONNECTED to WIFI
P:Current Parameter Settings:
P: config = '/data/data/de.blinkt.openvpn/cache/android.conf'
P: mode = 0
P: show_ciphers = DISABLED
P: show_digests = DISABLED
P: show_engines = DISABLED
P: genkey = DISABLED
P: key_pass_file = '[UNDEF]'
P: show_tls_ciphers = DISABLED
P:Connection profiles [default]:
P: proto = tcp-client
P: local = '[UNDEF]'
P: local_port = 0
P: remote = 'gate'
P: remote_port = 1194
P: remote_float = DISABLED
P: bind_defined = DISABLED
P: bind_local = DISABLED
P: connect_retry_seconds = 5
P: connect_timeout = 10
P: connect_retry_max = 5
P: socks_proxy_server = '[UNDEF]'
P: socks_proxy_port = 0
P: socks_proxy_retry = DISABLED
P: tun_mtu = 1500
P: tun_mtu_defined = ENABLED
P: link_mtu = 1500
P: link_mtu_defined = DISABLED
P: tun_mtu_extra = 0
P: tun_mtu_extra_defined = DISABLED
P: mtu_discover_type = -1
P: fragment = 0
P: mssfix = 1450
P: explicit_exit_notification = 0
P:Connection profiles END
P: remote_random = DISABLED
P: ipchange = '[UNDEF]'
P: dev = 'tun'
P: dev_type = '[UNDEF]'
P: dev_node = '[UNDEF]'
P: lladdr = '[UNDEF]'
P: topology = 1
P: tun_ipv6 = DISABLED
P: ifconfig_local = '[UNDEF]'
P: ifconfig_remote_netmask = '[UNDEF]'
P: ifconfig_noexec = DISABLED
P: ifconfig_nowarn = DISABLED
P: ifconfig_ipv6_local = '[UNDEF]'
P: ifconfig_ipv6_netbits = 0
P: ifconfig_ipv6_remote = '[UNDEF]'
P: shaper = 0
P: mtu_test = 0
P: mlock = DISABLED
P: keepalive_ping = 0
P: keepalive_timeout = 0
P: inactivity_timeout = 0
P: ping_send_timeout = 0
P: ping_rec_timeout = 0
P: ping_rec_timeout_action = 0
P: ping_timer_remote = DISABLED
P: remap_sigusr1 = 0
P: persist_tun = DISABLED
P: persist_local_ip = DISABLED
P: persist_remote_ip = DISABLED
P: persist_key = DISABLED
P: resolve_retry_seconds = 5
P: username = '[UNDEF]'
P: groupname = '[UNDEF]'
P: chroot_dir = '[UNDEF]'
P: cd_dir = '[UNDEF]'
P: writepid = '[UNDEF]'
P: up_script = '[UNDEF]'
P: down_script = '[UNDEF]'
P: down_pre = DISABLED
P: up_restart = DISABLED
P: up_delay = DISABLED
P: daemon = DISABLED
P: inetd = 0
P: log = DISABLED
P: suppress_timestamps = ENABLED
P: nice = 0
P: verbosity = 5
P: mute = 0
P: gremlin = 0
P: status_file = '[UNDEF]'
P: status_file_version = 1
P: status_file_update_freq = 60
P: occ = ENABLED
P: rcvbuf = 65536
P: sndbuf = 65536
P: sockflags = 0
P: fast_io = DISABLED
P: lzo = 0
P: route_script = '[UNDEF]'
P: route_default_gateway = '[UNDEF]'
P: route_default_metric = 0
P: route_noexec = DISABLED
P: route_delay = 0
P: route_delay_window = 30
P: route_delay_defined = DISABLED
P: route_nopull = DISABLED
P: route_gateway_via_dhcp = DISABLED
P: max_routes = 100
P: allow_pull_fqdn = DISABLED
P: route 0.0.0.0/0.0.0.0/nil/nil
P: management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
P: management_port = 0
P: management_user_pass = '[UNDEF]'
P: management_log_history_cache = 250
P: management_echo_buffer_size = 100
P: management_write_peer_info_file = '[UNDEF]'
P: management_client_user = '[UNDEF]'
P: management_client_group = '[UNDEF]'
P: management_flags = 294
P: shared_secret_file = '[UNDEF]'
P: key_direction = 2
P: ciphername_defined = ENABLED
P: ciphername = 'BF-CBC'
P: authname_defined = ENABLED
P: authname = 'SHA1'
P: prng_hash = 'SHA1'
P: prng_nonce_secret_len = 16
P: keysize = 0
P: engine = DISABLED
P: replay = ENABLED
P: mute_replay_warnings = DISABLED
P: replay_window = 64
P: replay_time = 15
P: packet_id_file = '[UNDEF]'
P: use_iv = ENABLED
P: test_crypto = DISABLED
P: tls_server = DISABLED
P: tls_client = ENABLED
P: key_method = 2
P: ca_file = '/mnt/sdcard/key/ca.crt'
P: ca_path = '[UNDEF]'
P: dh_file = '/mnt/sdcard/key/dh1024.pem'
P: cert_file = '/mnt/sdcard/key/gs.crt'
P: priv_key_file = '/mnt/sdcard/key/gs.key'
P: pkcs12_file = '[UNDEF]'
P: cipher_list = '[UNDEF]'
P: tls_verify = '[UNDEF]'
P: tls_export_cert = '[UNDEF]'
P: tls_remote = 'gate'
P: crl_file = '[UNDEF]'
P: ns_cert_type = 0
P: remote_cert_ku[i] = 160
P: remote_cert_ku[i] = 136
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_eku = 'TLS Web Server Authentication'
P: ssl_flags = 0
P: tls_timeout = 2
P: renegotiate_bytes = 0
P: renegotiate_packets = 0
P: renegotiate_seconds = 3600
P: handshake_window = 60
P: transition_window = 3600
P: single_session = DISABLED
P: push_peer_info = DISABLED
P: tls_exit = DISABLED
P: tls_auth_file = '/mnt/sdcard/key/ta.key'
P: client = ENABLED
P: pull = ENABLED
P: auth_user_pass_file = '[UNDEF]'
P:OpenVPN 2.3_alpha3 arm-linux-androideabi [SSL (OpenSSL)] [LZO] [EPOLL] [MH]
[PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Aug 2 2012
P:MANAGEMENT: Connected to management server at
/data/data/de.blinkt.openvpn/cache/mgmtsocket
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:WARNING: Make sure you understand the semantics of --tls-remote before using
it (see the man page).
P:WARNING: file '/mnt/sdcard/key/gs.key' is group or others accessible
P:WARNING: file '/mnt/sdcard/key/ta.key' is group or others accessible
P:Control Channel Authentication: using '/mnt/sdcard/key/ta.key' as a OpenVPN
static key file
P:Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1'
for HMAC authentication
P:Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1'
for HMAC authentication
P:Control Channel MTU parms [ L:1543 D:168 EF:68 EB:0 ET:0 EL:0 ]
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:Socket Buffers: R=[1048576->131072] S=[524288->131072]
P:MANAGEMENT: >STATE:1346224015,RESOLVE,,,
P:Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto
TCPv4_CLIENT,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method
2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu
1500,proto TCPv4_SERVER,keydir 0,cipher BF-CBC,auth SHA1,keysize
128,tls-auth,key-method 2,tls-server'
P:Local Options hash (VER=V4): 'd8421bb0'
P:Expected Remote Options hash (VER=V4): 'c413e92e'
P:Attempting to establish TCP connection with [AF_INET]192.168.100.156:1194
[nonblock]
P:MANAGEMENT: >STATE:1346224015,TCP_CONNECT,,,
P:TCP connection established with [AF_INET]192.168.100.156:1194
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET]192.168.100.156:1194
P:MANAGEMENT: >STATE:1346224016,WAIT,,,
P:WRMANAGEMENT: >STATE:1346224016,AUTH,,,
P:TLS: Initial packet from [AF_INET]192.168.100.156:1194, sid=c3ff0ef1 5fe6f235
P:WWWRRRRRWWRWRWRRWWRWRWRRWWRWRWRRWWRWRWRVERIFY OK: depth=1, C=RU, ST=NW,
L=xxx, O=xxx, CN=xxx CA, emailAddress=xxx@xxx
P:Validating certificate key usage
P:++ Certificate has key usage 00a0, expects 00a0
P:VERIFY KU OK
P:Validating certificate extended key usage
P:++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web
Server Authentication
P:VERIFY EKU OK
P:VERIFY X509NAME OK: C=xxx, ST=NW, L=xxx, O=xxx, CN=gate, emailAddress=xxx@xxx
P:VERIFY OK: depth=0, C=xxx, ST=NW, L=xxx, O=xxx, CN=gate, emailAddress=xxx@xxx
P:RWWRWRRWWRRWWWWWRWRRRWWWRWRWRRWWRWRWRRWWRWRWRWRRWWRWRRRRRRRWWRWRWRRWWRWRWRWRWW
WWRRRRRRData Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
P:Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC
authentication
P:Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
P:Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC
authentication
P:WWControl Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
P:[gate] Peer Connection Initiated with [AF_INET]192.168.100.156:1194
P:MANAGEMENT: >STATE:1346224017,GET_CONFIG,,,
P:SENT CONTROL [gate]: 'PUSH_REQUEST' (status=1)
P:WRRRRPUSH: Received control message: 'PUSH_REPLY,route 192.168.88.0
255.255.252.0,topology net30,ping 10,ping-restart 120,dhcp-option DNS
192.168.100.195,route 192.168.0.0 255.255.0.0,route 10.0.0.0 255.0.0.0,route
172.16.0.0 255.240.0.0,route remote_host 255.255.255.255 net_gateway,ifconfig
192.168.88.21 192.168.88.22'
P:OPTIONS IMPORT: timers and/or timeouts modified
P:OPTIONS IMPORT: --ifconfig/up options modified
P:OPTIONS IMPORT: route options modified
P:OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
P:ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=10:c6:1f:a6:92:58
P:ROUTE6: default_gateway=UNDEF
P:OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option
and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6
options
P:OpenVPN ROUTE: failed to parse/resolve route for host/network: ::/0
P:do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
P:MANAGEMENT: >STATE:1346224019,ASSIGN_IP,,192.168.88.21,
P:MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
P:MANAGEMENT: >STATE:1346224019,ADD_ROUTES,,,
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
Opening tun interface failed badly.
Error: Cannot create interface
On some custom ICS images the permission on /dev/tun might be wrong, or the tun
module might be missing completely. For CM9 images try the fix ownership option
under general settings
P:MANAGEMENT: CMD 'needok 'OPENTUN' cancel'
P:MANAGEMENT: Client disconnected
P:ERROR: Cannot open TUN
P:Exiting due to fatal error
MGMT:Got unrecognized command>FATAL:ERROR: Cannot open TUN
Original comment by usual....@gmail.com
on 29 Aug 2012 at 7:15
I think this is similar to the problme the Huawei Tablet has. It ships with a
tun module but does not load the tun module on boot. I fear your only option
is to root the device and use load tun option under general settings.
Original comment by arne@rfc2549.org
on 29 Aug 2012 at 10:39
Original issue reported on code.google.com by
usual....@gmail.com
on 28 Aug 2012 at 1:15