search

schwabe / ics-openvpn

OpenVPN for Android
3.29k stars 1.19k forks source link

simple config with static key: wrong ifconfig line #1665

Closed jbarth-ubhd closed 9 months ago

jbarth-ubhd commented 9 months ago

General information

  1. Android Version Fire OS 7.3.2.8
  2. Android Vendor/Custom ROM Amazon
  3. Device Amazon Fire HD 10, 11th generation
  4. Version of the app (version number/play store version/self-built) latest from f-droid, as of 2023-oct-29: v0.7.49-0-ga...

Description of the issue

Tried simple config with pre-shared static key.

Requires line ifconfig 10.8.0.2 10.8.0.1, but this gets changed to ifconfig 10.8.0.2 255.255.255.255 when importing my openvpn config.

After establishing connection: ifconfig on "terminal emulator app" says: tun0 10.8.0.2 P-t-P 10.8.0.2, and connections to 10.8.0.1 do not work.

Managed to change this by editing the ip adress tab and removing the ip address and adding custom option with correct ifconfig line.

Astonishingly ifconfig on "terminal emulator app" still says tun0 10.8.0.2 P-t-P 10.8.0.2 but connections to 10.8.0.1 work now.

Additionally had some issues with modifying the configuration: the "generated configuration" lagged a bit behind — needed to exit config editing and re-enter to see changes.

Log (if applicable)

n/a

Configuration file

client:

remote xxxx.yyyy.de
cipher AES-256-CBC
dev tun
ifconfig 10.8.0.2 10.8.0.1
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

#
# 2048 bit OpenVPN static key
#
<secret>
-----BEGIN OpenVPN Static key V1-----
((some hex stuff))
-----END OpenVPN Static key V1-----
</secret>
schwabe commented 9 months ago

This is correct. Android does not use the gateway IP, so treating this is a IP/32 is correct on Android.

As a side note, the --secret mode is scheduled to be removed in OpenVPN 2.7/2.8

jbarth-ubhd commented 9 months ago

Thanks. Will switch to peer-fingerprint.