search

rajannpatel / Pi-Hole-PiVPN-on-Google-Compute-Engine-Free-Tier-with-Full-Tunnel-and-Split-Tunnel-OpenVPN-Configs

Run your own privacy-first ad blocking service in the cloud for free on Google Cloud Services.
MIT License
1.31k stars 111 forks source link

Non-working tcp443 profile #71

Closed Meffistoteusz closed 4 years ago

Meffistoteusz commented 4 years ago

I have a problem with the tcp443 profile on both split and full tunnel, below logs:

2020-05-14 07:32:48 Oficjalna kompilacja 0.7.16 na samsung SM-G950F (universal8895), Android 9 (PPR1.180610.011) API 28, ABI arm64-v8a, (samsung/dreamltexx/dreamlte:9/PPR1.180610.011/G950FXXS8DTC6:user/release-keys) 2020-05-14 07:32:48 Tworzenie konfiguracji… 2020-05-14 07:32:48 Stan sieci: CONNECTED LTE to MOBILE internet 2020-05-14 07:32:48 Debug state info: CONNECTED LTE to MOBILE internet, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2020-05-14 07:32:49 Debug state info: CONNECTED LTE to MOBILE internet, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2020-05-14 07:32:49 OpenVPN core 3.6_git:master(icsopenvpn/v0.7.16-0-gf4b9a655) android arm64 64-bit 2020-05-14 07:32:49 Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved. 2020-05-14 07:32:49 OpenVPN core 3.6_git:master(icsopenvpn/v0.7.16-0-gf4b9a655) android arm64 64-bit 2020-05-14 07:32:49 Frame=512/2048/512 mssfix-ctrl=1250 2020-05-14 07:32:49 UNUSED OPTIONS 1 [verb] [4] 2 [connect-retry] [2] [300] 3 [resolv-retry] [60] 14 [nobind] 19 [resolv-retry] [infinite] 2020-05-14 07:32:49 Contacting 34.74.185.90:443 via TCPv4 2020-05-14 07:32:49 Connecting to [34.74.185.90]:443 (34.74.185.90) via TCPv4 2020-05-14 07:32:49 Tunnel Options:V4,dev-type tun,link-mtu 1523,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client 2020-05-14 07:32:49 Creds: UsernameEmpty/PasswordEmpty 2020-05-14 07:32:49 Peer Info: IV_VER=3.6_git:master IV_PLAT=android IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_AUTO_SESS=1 IV_GUI_VER=de.blinkt.openvpn 0.7.16 IV_SSO=openurl,crtext 2020-05-14 07:32:49 VERIFY OK: depth=1, /CN=ChangeMe 2020-05-14 07:32:49 VERIFY OK: depth=0, /CN=pi-hole_b7d33516-7eec-4ca4-8415-c010b5d11e09 2020-05-14 07:32:50 SSL Handshake: peer certificate: CN=pi-hole_b7d33516-7eec-4ca4-8415-c010b5d11e09, 256 bit EC, curve:prime256v1, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD 2020-05-14 07:32:50 Session is ACTIVE 2020-05-14 07:32:50 Sending PUSH_REQUEST to server... 2020-05-14 07:32:50 OPTIONS: 0 [route] [10.0.0.8] [255.0.0.0] [net_gateway] 1 [route] [172.16.0.0] [255.240.0.0] [net_gateway] 2 [route] [192.168.0.0] [255.255.0.0] [net_gateway] 3 [dhcp-option] [DNS] [10.8.0.1] 4 [dhcp-option] [DNS] [10.9.0.1] 5 [block-outside-dns] 6 [compress] [lz4-v2] 7 [route-gateway] [10.9.0.1] 8 [topology] [subnet] 9 [ping] [10] 10 [ping-restart] [120] 11 [ifconfig] [10.8.0.2] [255.255.255.0] 12 [peer-id] [0] 13 [cipher] [AES-256-GCM] 2020-05-14 07:32:50 PROTOCOL OPTIONS: cipher: AES-256-GCM digest: NONE compress: LZ4v2 peer ID: 0 2020-05-14 07:32:50 exception parsing IPv4 route: [route] [10.0.0.8] [255.0.0.0] [net_gateway] : tun_prop_error: route is not canonical 2020-05-14 07:32:50 We should call this session34.74.185.90 2020-05-14 07:32:50 Otwieram interfejs tun: 2020-05-14 07:32:50 Warning Samsung Android 5.0+ devices ignore DNS servers outside the VPN range. To enable DNS resolution a route to your DNS Server (10.8.0.1) has been added. 2020-05-14 07:32:50 Lokalne IPv4: 10.8.0.2/24 IPv6: (not set) MTU: 1500 2020-05-14 07:32:50 Serwer DNS: 10.8.0.1, 10.9.0.1, Domena: null 2020-05-14 07:32:50 Trasy:
2020-05-14 07:32:50 Wykluczone trasy: 172.16.0.0/12, 192.168.0.0/16 2020-05-14 07:32:50 VpnService dodano trasy: 10.8.0.1/32 2020-05-14 07:32:50 Dozwolone aplikacje VPN: com.chrome.canary, com.brave.browser, com.google.android.webview, com.android.chrome, com.microsoft.emmx 2020-05-14 07:32:50 Connected via tun 2020-05-14 07:32:50 LZ4v2 init asym=1 2020-05-14 07:32:50 COMPRESSION_ENABLED: Asymmetric compression enabled. Server may send compressed data. This may be a potential security issue. 2020-05-14 07:32:51 Debug state info: CONNECTED LTE to MOBILE internet, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED

help wanted

sukuoru commented 4 years ago

I have the same problem, while it looks connected it just leads to failed DNS lookups. Connecting with split tunnel UDP works on my phone, and I have only tested UDP on my laptops. Will paste my log as well, in case it can help resolve this. I am using a Samsung Note 10+. However, if UDP is recommended then I suppose it may not matter, just confused.

Log has been edited to remove my vms ip.

2020-05-25 23:19:58 official build 0.7.15 running on samsung SM-N975U (msmnile), Android 10 (QP1A.190711.020) API 29, ABI arm64-v8a, (samsung/d2qsq/d2q:10/QP1A.190711.020/N975USQS3CTD6:user/release-keys) 2020-05-25 23:19:58 Building configuration… 2020-05-25 23:19:58 OpenVPN core 3.6_git:master(icsopenvpn/v0.7.14-0-g5391351a) android arm64 64-bit 2020-05-25 23:19:58 Copyright (C) 2012-2017 OpenVPN Inc. All rights reserved. 2020-05-25 23:19:58 OpenVPN core 3.6_git:master(icsopenvpn/v0.7.14-0-g5391351a) android arm64 64-bit 2020-05-25 23:19:58 Frame=512/2048/512 mssfix-ctrl=1250 2020-05-25 23:19:58 UNUSED OPTIONS 1 [verb] [4] 2 [connect-retry] [2] [300] 3 [resolv-retry] [60] 6 [connect-timeout] [120] 15 [nobind] 20 [resolv-retry] [infinite] 2020-05-25 23:19:58 Network Status: CONNECTED to WIFI 2020-05-25 23:19:58 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2020-05-25 23:19:58 Contacting VM-IP:443 via TCPv4 2020-05-25 23:19:58 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2020-05-25 23:19:58 Connecting to [VM-IP]:443 (VM-IP) via TCPv4 2020-05-25 23:19:58 Tunnel Options:V4,dev-type tun,link-mtu 1523,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client 2020-05-25 23:19:58 Creds: UsernameEmpty/PasswordEmpty 2020-05-25 23:19:58 Peer Info: IV_VER=3.6_git:master IV_PLAT=android IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 IV_AUTO_SESS=1 IV_GUI_VER=de.blinkt.openvpn 0.7.15 IV_SSO=openurl,crtext 2020-05-25 23:19:58 VERIFY OK: depth=1, /CN=ChangeMe 2020-05-25 23:19:58 VERIFY OK: depth=0, /CN=pi-hole_0ac2c0f8-59b0-4957-93ce-c8705f896227 2020-05-25 23:19:58 SSL Handshake: CN=pi-hole_0ac2c0f8-59b0-4957-93ce-c8705f896227, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384 2020-05-25 23:19:58 Session is ACTIVE 2020-05-25 23:19:58 Sending PUSH_REQUEST to server... 2020-05-25 23:19:59 OPTIONS: 0 [route] [10.0.0.8] [255.0.0.0] [net_gateway] 1 [route] [172.16.0.0] [255.240.0.0] [net_gateway] 2 [route] [192.168.0.0] [255.255.0.0] [net_gateway] 3 [dhcp-option] [DNS] [10.8.0.1] 4 [dhcp-option] [DNS] [10.9.0.1] 5 [block-outside-dns] 6 [compress] [lz4-v2] 7 [route-gateway] [10.9.0.1] 8 [topology] [subnet] 9 [ping] [10] 10 [ping-restart] [120] 11 [ifconfig] [10.8.0.2] [255.255.255.0] 12 [peer-id] [0] 13 [cipher] [AES-256-GCM] 2020-05-25 23:19:59 PROTOCOL OPTIONS: cipher: AES-256-GCM digest: NONE compress: LZ4v2 peer ID: 0 2020-05-25 23:19:59 exception parsing IPv4 route: [route] [10.0.0.8] [255.0.0.0] [net_gateway] : tun_prop_error: route is not canonical 2020-05-25 23:19:59 exception parsing IPv4 route: [route] [10.0.0.73/24] [] [net_gateway] : tun_prop_error: route is not canonical 2020-05-25 23:19:59 We should call this sessionVM-IP 2020-05-25 23:19:59 Opening tun interface: 2020-05-25 23:19:59 Warning Samsung Android 5.0+ devices ignore DNS servers outside the VPN range. To enable DNS resolution a route to your DNS Server (10.8.0.1) has been added. 2020-05-25 23:19:59 Local IPv4: 10.8.0.2/24 IPv6: (not set) MTU: 1500 2020-05-25 23:19:59 DNS Server: 10.8.0.1, 10.9.0.1, Domain: null 2020-05-25 23:19:59 Routes:
2020-05-25 23:19:59 Routes excluded: 172.16.0.0/12, 192.168.0.0/16 2020-05-25 23:19:59 VpnService routes installed: 10.8.0.1/32 2020-05-25 23:19:59 Allowed VPN apps: org.mozilla.firefox, tv.twitch.android.app, org.mozilla.focus, com.facebook.katana, com.google.android.youtube, com.google.android.webview, com.android.chrome 2020-05-25 23:19:59 Connected via tun 2020-05-25 23:19:59 LZ4v2 init asym=1 2020-05-25 23:19:59 COMPRESSION_ENABLED: Asymmetric compression enabled. Server may send compressed data. This may be a potential security issue. 2020-05-25 23:19:59 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED

rajannpatel commented 4 years ago

https://github.com/rajannpatel/Pi-Hole-on-Google-Compute-Engine-Free-Tier-with-Full-Tunnel-and-Split-Tunnel-Wireguard-VPN-Configs

This guide walks you through running a script which will configure a Split Tunnel IPv6 Wireguard connection for your Android, iOS, Linux, macOS, & Windows devices. All you need to do is run a script, scan a QR code, and you're blocking ads with the current Pi-Hole version.

I do not have any plans to support OpenVPN at this time, so I am closing this ticket.