search

schwabe / ics-openvpn

OpenVPN for Android
3.29k stars 1.19k forks source link

Deleting IPv6 routes not working anymore since v0.7.45 #1623

Closed gq5q92t724dctp494wy closed 1 year ago

gq5q92t724dctp494wy commented 1 year ago

General information

  1. Android 11 (Not Rooted)
  2. LineageOS 18.1 (20230218)
  3. Google Nexus 5 (hammerhead)
  4. v0.7.46 (VersionCode: 201 | Source: GitHub-Assets)

Description of the issue

Info in advance: The error occurs with version v0.7.45 and higher, with version v0.7.43 and older everything was fine. This issue appears on every devices at my home, with and without custom roms.

Anytime the VPN-Connection is closed, be it manually or via keepalive-timeout, the VPN-Session crashes with a fatal error. The app is then no longer able to reconnect in the event of a timeout, the app remains crashed and has to be manually connected again. There seems to be an error with deleting the specific route "::/3", of course this doesn't work on Android but this was bypassed earlier with the error message "Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.". Since v0.7.45 this doesn't happen anymore and results in "Exiting due to fatal error". This issue will not be known as almost nobody does IPv6 routing actually. Thanks for your support and this nice App, keep developing.

Log

2023-07-11 12:10:02 official build 0.7.46 running on google Nexus 5 (hammerhead), Android 11 (RQ3A.211001.001) API 30, ABI armeabi-v7a, (google/hammerhead/hammerhead:6.0.1/M4B30Z/3437181:user/release-keys)
2023-07-11 12:10:02 Building configuration…
2023-07-11 12:10:02 Fetched VPN profile (Home) triggered by main profile list
2023-07-11 12:10:02 Scheduling VPN keep alive for VPN Home
2023-07-11 12:10:02 started Socket Thread
2023-07-11 12:10:02 P:WARNING: linker: Warning: "/data/app/~~229D6r5VgiMFnVq7rKs_lw==/de.blinkt.openvpn-WViqYNq4EdJEsbYXfHV80A==/lib/arm/libovpnexec.so" is not a directory (ignoring)
2023-07-11 12:10:02 Network Status: CONNECTED  to WIFI 
2023-07-11 12:10:02 Debug state info: CONNECTED  to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2023-07-11 12:10:02 Debug state info: CONNECTED  to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2023-07-11 12:10:02 Current Parameter Settings:
2023-07-11 12:10:02   config = 'stdin'
2023-07-11 12:10:02   mode = 0
2023-07-11 12:10:02   show_ciphers = DISABLED
2023-07-11 12:10:02   show_digests = DISABLED
2023-07-11 12:10:02   show_engines = DISABLED
2023-07-11 12:10:02   genkey = DISABLED
2023-07-11 12:10:02   genkey_filename = '[UNDEF]'
2023-07-11 12:10:02   key_pass_file = '[UNDEF]'
2023-07-11 12:10:02   show_tls_ciphers = DISABLED
2023-07-11 12:10:02   connect_retry_max = 10
2023-07-11 12:10:02 Connection profiles [0]:
2023-07-11 12:10:02   proto = udp
2023-07-11 12:10:02   local = '[UNDEF]'
2023-07-11 12:10:02   local_port = '[UNDEF]'
2023-07-11 12:10:02   remote = '***HIDDEN***'
2023-07-11 12:10:02   remote_port = '995'
2023-07-11 12:10:02   remote_float = DISABLED
2023-07-11 12:10:02   bind_defined = DISABLED
2023-07-11 12:10:02   bind_local = DISABLED
2023-07-11 12:10:02   bind_ipv6_only = DISABLED
2023-07-11 12:10:02   connect_retry_seconds = 15
2023-07-11 12:10:02   connect_timeout = 60
2023-07-11 12:10:02   socks_proxy_server = '[UNDEF]'
2023-07-11 12:10:02   socks_proxy_port = '[UNDEF]'
2023-07-11 12:10:02   tun_mtu = 1500
2023-07-11 12:10:02   tun_mtu_defined = ENABLED
2023-07-11 12:10:02   link_mtu = 1500
2023-07-11 12:10:02   link_mtu_defined = DISABLED
2023-07-11 12:10:02   tun_mtu_extra = 0
2023-07-11 12:10:02   tun_mtu_extra_defined = DISABLED
2023-07-11 12:10:02   tls_mtu = 1250
2023-07-11 12:10:02   mtu_discover_type = -1
2023-07-11 12:10:02   fragment = 0
2023-07-11 12:10:02   mssfix = 1492
2023-07-11 12:10:02   mssfix_encap = ENABLED
2023-07-11 12:10:02   mssfix_fixed = DISABLED
2023-07-11 12:10:02   explicit_exit_notification = 0
2023-07-11 12:10:02   tls_auth_file = '[UNDEF]'
2023-07-11 12:10:02   key_direction = not set
2023-07-11 12:10:02   tls_crypt_file = '[UNDEF]'
2023-07-11 12:10:02   tls_crypt_v2_file = '[INLINE]'
2023-07-11 12:10:02 Waiting 0s seconds between connection attempt
2023-07-11 12:10:02 Connection profiles END
2023-07-11 12:10:02   remote_random = DISABLED
2023-07-11 12:10:02   ipchange = '[UNDEF]'
2023-07-11 12:10:02   dev = 'tun'
2023-07-11 12:10:02   dev_type = '[UNDEF]'
2023-07-11 12:10:02   dev_node = '[UNDEF]'
2023-07-11 12:10:02   lladdr = '[UNDEF]'
2023-07-11 12:10:02   topology = 1
2023-07-11 12:10:02   ifconfig_local = '[UNDEF]'
2023-07-11 12:10:02   ifconfig_remote_netmask = '[UNDEF]'
2023-07-11 12:10:02   ifconfig_noexec = DISABLED
2023-07-11 12:10:02   ifconfig_nowarn = ENABLED
2023-07-11 12:10:02   ifconfig_ipv6_local = '[UNDEF]'
2023-07-11 12:10:02   ifconfig_ipv6_netbits = 0
2023-07-11 12:10:02   ifconfig_ipv6_remote = '[UNDEF]'
2023-07-11 12:10:02   shaper = 0
2023-07-11 12:10:02   mtu_test = 0
2023-07-11 12:10:02   mlock = DISABLED
2023-07-11 12:10:02   keepalive_ping = 0
2023-07-11 12:10:02   keepalive_timeout = 0
2023-07-11 12:10:02   inactivity_timeout = 0
2023-07-11 12:10:02   session_timeout = 0
2023-07-11 12:10:02   inactivity_minimum_bytes = 0
2023-07-11 12:10:02   ping_send_timeout = 0
2023-07-11 12:10:02   ping_rec_timeout = 0
2023-07-11 12:10:02   ping_rec_timeout_action = 0
2023-07-11 12:10:02   ping_timer_remote = DISABLED
2023-07-11 12:10:02   remap_sigusr1 = 0
2023-07-11 12:10:02   persist_tun = DISABLED
2023-07-11 12:10:02   persist_local_ip = DISABLED
2023-07-11 12:10:02   persist_remote_ip = DISABLED
2023-07-11 12:10:02   persist_key = DISABLED
2023-07-11 12:10:02   passtos = DISABLED
2023-07-11 12:10:02   resolve_retry_seconds = 60
2023-07-11 12:10:02   resolve_in_advance = DISABLED
2023-07-11 12:10:02   username = '[UNDEF]'
2023-07-11 12:10:02   groupname = '[UNDEF]'
2023-07-11 12:10:02   chroot_dir = '[UNDEF]'
2023-07-11 12:10:02   cd_dir = '[UNDEF]'
2023-07-11 12:10:02   writepid = '[UNDEF]'
2023-07-11 12:10:02   up_script = '[UNDEF]'
2023-07-11 12:10:02   down_script = '[UNDEF]'
2023-07-11 12:10:02   down_pre = DISABLED
2023-07-11 12:10:02   up_restart = DISABLED
2023-07-11 12:10:02   up_delay = DISABLED
2023-07-11 12:10:02   daemon = DISABLED
2023-07-11 12:10:02   log = DISABLED
2023-07-11 12:10:02   suppress_timestamps = DISABLED
2023-07-11 12:10:02   machine_readable_output = ENABLED
2023-07-11 12:10:02   nice = 0
2023-07-11 12:10:02   verbosity = 4
2023-07-11 12:10:02   mute = 0
2023-07-11 12:10:02   gremlin = 0
2023-07-11 12:10:02   status_file = '[UNDEF]'
2023-07-11 12:10:02   status_file_version = 1
2023-07-11 12:10:02   status_file_update_freq = 60
2023-07-11 12:10:02   occ = ENABLED
2023-07-11 12:10:02   rcvbuf = 0
2023-07-11 12:10:02   sndbuf = 0
2023-07-11 12:10:02   sockflags = 0
2023-07-11 12:10:02   fast_io = ENABLED
2023-07-11 12:10:02   comp.alg = 0
2023-07-11 12:10:02   comp.flags = 24
2023-07-11 12:10:02   route_script = '[UNDEF]'
2023-07-11 12:10:02   route_default_gateway = '[UNDEF]'
2023-07-11 12:10:02   route_default_metric = 0
2023-07-11 12:10:02   route_noexec = DISABLED
2023-07-11 12:10:02   route_delay = 0
2023-07-11 12:10:02   route_delay_window = 30
2023-07-11 12:10:02   route_delay_defined = DISABLED
2023-07-11 12:10:02   route_nopull = DISABLED
2023-07-11 12:10:02   route_gateway_via_dhcp = DISABLED
2023-07-11 12:10:02   allow_pull_fqdn = DISABLED
2023-07-11 12:10:02   management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2023-07-11 12:10:02   management_port = 'unix'
2023-07-11 12:10:02   management_user_pass = '[UNDEF]'
2023-07-11 12:10:02   management_log_history_cache = 250
2023-07-11 12:10:02   management_echo_buffer_size = 100
2023-07-11 12:10:02   management_client_user = '[UNDEF]'
2023-07-11 12:10:02   management_client_group = '[UNDEF]'
2023-07-11 12:10:02   management_flags = 294
2023-07-11 12:10:02   shared_secret_file = '[UNDEF]'
2023-07-11 12:10:02   key_direction = not set
2023-07-11 12:10:02   ciphername = 'AES-128-GCM'
2023-07-11 12:10:02   ncp_ciphers = 'AES-128-GCM'
2023-07-11 12:10:02   authname = 'SHA256'
2023-07-11 12:10:02   engine = DISABLED
2023-07-11 12:10:02   replay = ENABLED
2023-07-11 12:10:02   mute_replay_warnings = DISABLED
2023-07-11 12:10:02   replay_window = 64
2023-07-11 12:10:02   replay_time = 15
2023-07-11 12:10:02   packet_id_file = '[UNDEF]'
2023-07-11 12:10:02   test_crypto = DISABLED
2023-07-11 12:10:02   tls_server = DISABLED
2023-07-11 12:10:02   tls_client = ENABLED
2023-07-11 12:10:02   ca_file = '[INLINE]'
2023-07-11 12:10:02   ca_path = '[UNDEF]'
2023-07-11 12:10:02   dh_file = '[UNDEF]'
2023-07-11 12:10:02   cert_file = '[INLINE]'
2023-07-11 12:10:02   extra_certs_file = '[UNDEF]'
2023-07-11 12:10:02   priv_key_file = '[INLINE]'
2023-07-11 12:10:02   pkcs12_file = '[UNDEF]'
2023-07-11 12:10:02   cipher_list = '[UNDEF]'
2023-07-11 12:10:02   cipher_list_tls13 = '[UNDEF]'
2023-07-11 12:10:02   tls_cert_profile = 'preferred'
2023-07-11 12:10:02   tls_verify = '[UNDEF]'
2023-07-11 12:10:02   tls_export_cert = '[UNDEF]'
2023-07-11 12:10:02   verify_x509_type = 0
2023-07-11 12:10:02   verify_x509_name = '[UNDEF]'
2023-07-11 12:10:02   crl_file = '[UNDEF]'
2023-07-11 12:10:02   ns_cert_type = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 65535
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_ku[i] = 0
2023-07-11 12:10:02   remote_cert_eku = 'TLS Web Server Authentication'
2023-07-11 12:10:02   ssl_flags = 192
2023-07-11 12:10:02   tls_timeout = 2
2023-07-11 12:10:02   renegotiate_bytes = -1
2023-07-11 12:10:02   renegotiate_packets = 0
2023-07-11 12:10:02   renegotiate_seconds = 0
2023-07-11 12:10:02   handshake_window = 60
2023-07-11 12:10:02   transition_window = 3600
2023-07-11 12:10:02   single_session = DISABLED
2023-07-11 12:10:02   push_peer_info = ENABLED
2023-07-11 12:10:02   tls_exit = DISABLED
2023-07-11 12:10:02   tls_crypt_v2_metadata = '[UNDEF]'
2023-07-11 12:10:02   server_network = 0.0.0.0
2023-07-11 12:10:02   server_netmask = 0.0.0.0
2023-07-11 12:10:02   server_network_ipv6 = ::
2023-07-11 12:10:02   server_netbits_ipv6 = 0
2023-07-11 12:10:02   server_bridge_ip = 0.0.0.0
2023-07-11 12:10:02   server_bridge_netmask = 0.0.0.0
2023-07-11 12:10:02   server_bridge_pool_start = 0.0.0.0
2023-07-11 12:10:02   server_bridge_pool_end = 0.0.0.0
2023-07-11 12:10:02   ifconfig_pool_defined = DISABLED
2023-07-11 12:10:02   ifconfig_pool_start = 0.0.0.0
2023-07-11 12:10:02   ifconfig_pool_end = 0.0.0.0
2023-07-11 12:10:02   ifconfig_pool_netmask = 0.0.0.0
2023-07-11 12:10:02   ifconfig_pool_persist_filename = '[UNDEF]'
2023-07-11 12:10:02   ifconfig_pool_persist_refresh_freq = 600
2023-07-11 12:10:02   ifconfig_ipv6_pool_defined = DISABLED
2023-07-11 12:10:02   ifconfig_ipv6_pool_base = ::
2023-07-11 12:10:02   ifconfig_ipv6_pool_netbits = 0
2023-07-11 12:10:02   n_bcast_buf = 256
2023-07-11 12:10:02   tcp_queue_limit = 64
2023-07-11 12:10:02   real_hash_size = 256
2023-07-11 12:10:02   virtual_hash_size = 256
2023-07-11 12:10:02   client_connect_script = '[UNDEF]'
2023-07-11 12:10:02   learn_address_script = '[UNDEF]'
2023-07-11 12:10:02   client_disconnect_script = '[UNDEF]'
2023-07-11 12:10:02   client_crresponse_script = '[UNDEF]'
2023-07-11 12:10:02   client_config_dir = '[UNDEF]'
2023-07-11 12:10:02   ccd_exclusive = DISABLED
2023-07-11 12:10:02   tmp_dir = '/data/data/de.blinkt.openvpn/cache'
2023-07-11 12:10:02   push_ifconfig_defined = DISABLED
2023-07-11 12:10:02   push_ifconfig_local = 0.0.0.0
2023-07-11 12:10:02   push_ifconfig_remote_netmask = 0.0.0.0
2023-07-11 12:10:02   push_ifconfig_ipv6_defined = DISABLED
2023-07-11 12:10:02   push_ifconfig_ipv6_local = ::/0
2023-07-11 12:10:02   push_ifconfig_ipv6_remote = ::
2023-07-11 12:10:02   enable_c2c = DISABLED
2023-07-11 12:10:02   duplicate_cn = DISABLED
2023-07-11 12:10:02   cf_max = 0
2023-07-11 12:10:02   cf_per = 0
2023-07-11 12:10:02   cf_initial_max = 100
2023-07-11 12:10:02   cf_initial_per = 10
2023-07-11 12:10:02   max_clients = 1024
2023-07-11 12:10:02   max_routes_per_client = 256
2023-07-11 12:10:02   auth_user_pass_verify_script = '[UNDEF]'
2023-07-11 12:10:02   auth_user_pass_verify_script_via_file = DISABLED
2023-07-11 12:10:02   auth_token_generate = DISABLED
2023-07-11 12:10:02   auth_token_lifetime = 0
2023-07-11 12:10:02   auth_token_secret_file = '[UNDEF]'
2023-07-11 12:10:02   port_share_host = '[UNDEF]'
2023-07-11 12:10:02   port_share_port = '[UNDEF]'
2023-07-11 12:10:02   vlan_tagging = DISABLED
2023-07-11 12:10:02   vlan_accept = all
2023-07-11 12:10:02   vlan_pvid = 1
2023-07-11 12:10:02   client = ENABLED
2023-07-11 12:10:02   pull = ENABLED
2023-07-11 12:10:02   auth_user_pass_file = '[UNDEF]'
2023-07-11 12:10:02 OpenVPN 2.7-icsopenvpn [git:icsopenvpn/v0.7.45-0-gc6f83950] armeabi-v7a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun  6 2023
2023-07-11 12:10:02 library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
2023-07-11 12:10:02 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2023-07-11 12:10:02 MANAGEMENT: CMD 'version 3'
2023-07-11 12:10:02 MANAGEMENT: CMD 'hold release'
2023-07-11 12:10:02 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-07-11 12:10:02 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-07-11 12:10:02 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-07-11 12:10:02 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-07-11 12:10:02 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-07-11 12:10:02 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-07-11 12:10:02 TCP/UDP: Preserving recently used remote address: [AF_INET]91.X.X.X:995
2023-07-11 12:10:02 Socket Buffers: R=[163840->163840] S=[163840->163840]
2023-07-11 12:10:02 MANAGEMENT: CMD 'bytecount 2'
2023-07-11 12:10:02 MANAGEMENT: CMD 'state on'
2023-07-11 12:10:02 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2023-07-11 12:10:02 UDPv4 link local: (not bound)
2023-07-11 12:10:02 UDPv4 link remote: [AF_INET]91.X.X.X:995
2023-07-11 12:10:02 MANAGEMENT: >STATE:1689070202,WAIT,,,,,,
2023-07-11 12:10:02 MANAGEMENT: >STATE:1689070202,AUTH,,,,,,
2023-07-11 12:10:02 TLS: Initial packet from [AF_INET]91.X.X.X:995, sid=9f40b7bb a5645211
2023-07-11 12:10:02 VERIFY OK: depth=1, CN=client
2023-07-11 12:10:02 VERIFY KU OK
2023-07-11 12:10:02 Validating certificate extended key usage
2023-07-11 12:10:02 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-07-11 12:10:02 VERIFY EKU OK
2023-07-11 12:10:02 VERIFY OK: depth=0, CN=server_udp
2023-07-11 12:10:05 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_128_GCM_SHA256, peer certificate: 384 bit ECsecp384r1, signature: ecdsa-with-SHA256
2023-07-11 12:10:05 [server_udp] Peer Connection Initiated with [AF_INET]91.X.X.X:995
2023-07-11 12:10:05 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-07-11 12:10:05 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-07-11 12:10:05 PUSH: Received control message: 'PUSH_REPLY,ping 55,ping-restart 0,explicit-exit-notify 3,sndbuf 512000,rcvbuf 512000,dhcp-option DNS 10.2.2.1,redirect-gateway ipv6 def1,tun-ipv6,route-gateway 10.2.2.1,topology subnet,ifconfig-ipv6 2003:e2:XXXX:XXXX:XXXX:XXXX:XXXX:XXX1/68 2003:e2:XXXX:XXXX:XXXX:XXXX:XXXX:XXX2,ifconfig 10.2.2.4 255.255.255.0,peer-id 1,cipher AES-128-GCM,protocol-flags cc-exit,tun-mtu 1500'
2023-07-11 12:10:05 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2023-07-11 12:10:05 Socket Buffers: R=[163840->1024000] S=[163840->1024000]
2023-07-11 12:10:05 OPTIONS IMPORT: --ifconfig/up options modified
2023-07-11 12:10:05 OPTIONS IMPORT: route options modified
2023-07-11 12:10:05 OPTIONS IMPORT: route-related options modified
2023-07-11 12:10:05 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-07-11 12:10:05 OPTIONS IMPORT: tun-mtu set to 1500
2023-07-11 12:10:05 ROUTE_GATEWAY 127.100.103.119 IFACE=android-gw
2023-07-11 12:10:05 GDG6: remote_host_ipv6=n/a
2023-07-11 12:10:05 ROUTE6_GATEWAY :: IFACE=android-gw
2023-07-11 12:10:05 do_ifconfig, ipv4=1, ipv6=1
2023-07-11 12:10:05 MANAGEMENT: >STATE:1689070205,ASSIGN_IP,,10.2.2.4,,,,,2003:e2:XXXX:XXXX:XXXX:XXXX:XXXX:XXX1
2023-07-11 12:10:05 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2023-07-11 12:10:05 MANAGEMENT: CMD 'needok 'IFCONFIG6' ok'
2023-07-11 12:10:05 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2023-07-11 12:10:05 add_route_ipv6(::/3 -> 2003:e2:XXXX:XXXX:XXXX:XXXX:XXXX:XXX2 metric -1) dev (null)
2023-07-11 12:10:05 MANAGEMENT: CMD 'needok 'ROUTE6' ok'
2023-07-11 12:10:05 add_route_ipv6(2000::/4 -> 2003:e2:XXXX:XXXX:XXXX:XXXX:XXXX:XXX2 metric -1) dev (null)
2023-07-11 12:10:05 MANAGEMENT: CMD 'needok 'ROUTE6' ok'
2023-07-11 12:10:05 add_route_ipv6(3000::/4 -> 2003:e2:XXXX:XXXX:XXXX:XXXX:XXXX:XXX2 metric -1) dev (null)
2023-07-11 12:10:05 MANAGEMENT: CMD 'needok 'ROUTE6' ok'
2023-07-11 12:10:05 add_route_ipv6(fc00::/7 -> 2003:e2:XXXX:XXXX:XXXX:XXXX:XXXX:XXX2 metric -1) dev (null)
2023-07-11 12:10:05 MANAGEMENT: CMD 'needok 'ROUTE6' ok'
2023-07-11 12:10:05 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2023-07-11 12:10:05 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2023-07-11 12:10:05 Opening tun interface:
2023-07-11 12:10:05 Local IPv4: 10.2.2.4/24 IPv6: 2003:e2:XXXX:XXXX:XXXX:XXXX:XXXX:XXX1/68 MTU: 1500
2023-07-11 12:10:05 DNS Server: 10.2.2.1, Domain: null
2023-07-11 12:10:05 Routes: 0.0.0.0/0, 10.2.2.0/24 ::/3, 2000::/4, 3000::/4, fc00::/7
2023-07-11 12:10:05 Routes excluded:  
2023-07-11 12:10:05 VpnService routes installed: 0.0.0.0/0 ::/3, 2000::/4, 3000::/4, fc00::/7
2023-07-11 12:10:05 Disallowed VPN apps: 
2023-07-11 12:10:05 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2023-07-11 12:10:05 Data Channel MTU parms [ mss_fix:1400 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-07-11 12:10:05 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2023-07-11 12:10:05 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2023-07-11 12:10:05 Initialization Sequence Completed
2023-07-11 12:10:05 MANAGEMENT: >STATE:1689070205,CONNECTED,SUCCESS,10.2.2.4,91.X.X.X,995,,,2003:e2:XXXX:XXXX:XXXX:XXXX:XXXX:XXX1
2023-07-11 12:10:05 Data Channel: cipher 'AES-128-GCM', peer-id: 1
2023-07-11 12:10:05 Timers: ping 55, ping-restart 0
2023-07-11 12:10:05 Protocol options: explicit-exit-notify 3, protocol-flags cc-exit
2023-07-11 12:10:05 Debug state info: CONNECTED  to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
************ DISCONNECT STARTS HERE ************
2023-07-11 12:11:03 MANAGEMENT: CMD 'signal SIGINT'
2023-07-11 12:11:03 SIGTERM received, sending exit notification to peer
2023-07-11 12:11:03 SENT CONTROL [server_udp]: 'EXIT' (status=1)
2023-07-11 12:11:03 MANAGEMENT: Client disconnected
2023-07-11 12:11:03 MANAGEMENT: Triggering management exit
2023-07-11 12:11:03 TCP/UDP: Closing socket
2023-07-11 12:11:03 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.
2023-07-11 12:11:03 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.
************ THE ISSUE STARTS HERE (WAS TRIGGERED WHEN MANUALLY DISCONNECTING) ************
2023-07-11 12:11:03 delete_route_ipv6(::/3)
2023-07-11 12:11:03 Sorry, but I don't know how to do 'route ipv6' commands on this operating system.  Try putting your routes in a --route-down script
2023-07-11 12:11:03 Exiting due to fatal error
2023-07-11 12:11:03 Process exited with exit value 1
2023-07-11 12:11:03 Unscheduling VPN keep alive
2023-07-11 12:11:03 Debug state info: CONNECTED  to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED

Server_Conf

mode server
proto udp6
port 995
multihome
ping 55
ping-restart 0
push "ping 55"
push "ping-restart 0"
reneg-sec 0
explicit-exit-notify 3
push "explicit-exit-notify 3"

fast-io
sndbuf 512000
rcvbuf 512000
push "sndbuf 512000"
push "rcvbuf 512000"

dev tun
topology subnet
client-to-client
persist-key
persist-tun

client-config-dir /etc/openvpn/ccd/udp-dynamic <--- Passes the current client IPv6, changes nightly with a new address from router.
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_udp.crt
key /etc/openvpn/easy-rsa/pki/private/server_udp.key
dh none
crl-verify /etc/openvpn/crl.pem

server 10.2.2.0 255.255.255.0
server-ipv6 2003:e2:XXXX:XXXX:XXXX:XXXX:XXXX:XXX1/68

push "dhcp-option DNS 10.2.2.1"
push "redirect-gateway ipv6 def1"

remote-cert-tls client
tls-server
tls-version-min 1.3
tls-ciphersuites TLS_AES_128_GCM_SHA256
tls-crypt-v2 /etc/openvpn/easy-rsa/pki/easytls/server_udp-tls-crypt-v2.key

auth SHA384
cipher AES-128-GCM
data-ciphers AES-128-GCM

user nobody
group nogroup

log-append /mnt/tmp-log/ovpn-udp.log
verb 3

script-security 2
learn-address "/usr/bin/sudo -u root /etc/openvpn/ndp-proxy-setup.sh"

Client_Conf

client
proto udp
dev tun
remote ***HIDDEN*** 995
remote-cert-tls server
tls-cert-profile preferred
auth SHA256
cipher AES-128-GCM
data-ciphers AES-128-GCM
fast-io
reneg-sec 0
connect-retry 15 300
connect-retry-max 10
connect-timeout 60
push-peer-info
<ca>
***HIDDEN***
</ca>
<cert>
***HIDDEN***
</cert>
<key>
***HIDDEN***
</key>
<tls-crypt-v2>
***HIDDEN***
</tls-crypt-v2>
schwabe commented 1 year ago

Not what exactly changed between 0.7.43 and 0.7.45 to trigger this error now and not before. But this fix should sovle the problem. I uploaded a prebuilt of the next version with that patch to OpenVPN already applied. Can you test if that fixes the problem for you?

gq5q92t724dctp494wy commented 1 year ago

Dear Schwabe, thank you for the quick reply and for trying to help me. Unfortunately, I can't say why this has been happening since v0.7.45 and not before. I wanted to test your patched Apk right away, but this one doesn't work at all. Sorry for the bad feedback, maybe you could take another look into the piece of patch? ;-|

Log

2023-07-11 14:51:58 official build 0.7.46 running on google Nexus 5 (hammerhead), Android 11 (RQ3A.211001.001) API 30, ABI armeabi-v7a, (google/hammerhead/hammerhead:6.0.1/M4B30Z/3437181:user/release-keys)
2023-07-11 14:51:58 Building configuration…
2023-07-11 14:51:58 Fetched VPN profile (Home) triggered by main profile list
2023-07-11 14:51:58 Scheduling VPN keep alive for VPN Home
2023-07-11 14:51:58 started Socket Thread
2023-07-11 14:51:58 P:WARNING: linker: Warning: "/data/app/~~fTDTaSJScIOVkSto-J76eg==/de.blinkt.openvpn-ASiYUVGwNlQFwXCeNkEjWQ==/lib/arm/libovpnexec.so" is not a directory (ignoring)
2023-07-11 14:51:58 Network Status: CONNECTED  to WIFI 
2023-07-11 14:51:58 Debug state info: CONNECTED  to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2023-07-11 14:51:58 Debug state info: CONNECTED  to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2023-07-11 14:51:58 Current Parameter Settings:
2023-07-11 14:51:58 Error reading from output of OpenVPN process: OpenVpn process was killed form java code

java.lang.InterruptedException: OpenVpn process was killed form java code
    at de.blinkt.openvpn.core.OpenVPNThread.startOpenVPNThreadArgs(OpenVPNThread.java:179)
    at de.blinkt.openvpn.core.OpenVPNThread.run(OpenVPNThread.java:76)
    at java.lang.Thread.run(Thread.java:923)

2023-07-11 14:51:58 Waiting 0s seconds between connection attempt
2023-07-11 14:51:58 Unscheduling VPN keep alive
gq5q92t724dctp494wy commented 1 year ago

@schwabe i have to make a feedback. After your uploaded Apk "v0.7.47pre" not worked anyway, i did build the Apk by myself from the latest ics-openvpn v0.7.46 and OpenVPN v0.7.45 with your Patch . This App is working successfully and has no fatal issues anymore, disconnect manually and with keepalive-timeout just work both. Thank you so much for your great work and showed me the way how to fix this issue. I will use my own build until v0.7.47 is released, without crash, maybe resulting from recent changes on source.