search

schwabe / ics-openvpn

OpenVPN for Android
3.25k stars 1.18k forks source link

ics-openvpn under android connection reset before complete ethervpn #1699

Closed bravvve closed 3 months ago

bravvve commented 3 months ago

Am trying to use https://medium.com/@tanujsinghkushwah/make-your-own-android-vpn-client-with-openvpn-servers-2dfe251f40b6 with specific openvpn server that i have controle

when connecting with linux openvpn client i get no problem with specific configuration file :

dev tun
proto tcp-client
remote X.X.X.X 2300
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
#cipher AES-256-CBC
tls-version-min 1.1
auth SHA256
#data-ciphers AES-256-CBC
data-ciphers-fallback AES-256-CBC
comp-lzo
verb 4
key-direction 1
tls-cipher DHE-RSA-AES256-SHA
keepalive 20 60
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
Certificate:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>

with ethervpn and after forcing it to use that file the connection is restarting before completing and keep retry and there is log file

Tue Apr  2 22:19:03 2024 us=868189 MULTI: multi_create_instance called
Tue Apr  2 22:19:03 2024 us=868244 Re-using SSL/TLS context
Tue Apr  2 22:19:03 2024 us=868265 LZO compression initialized
Tue Apr  2 22:19:03 2024 us=868317 Control Channel MTU parms [ L:1572 D:180 EF:80 EB:0 ET:0 EL:0 ]
Tue Apr  2 22:19:03 2024 us=868330 Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Apr  2 22:19:03 2024 us=868354 Local Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Tue Apr  2 22:19:03 2024 us=868362 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Tue Apr  2 22:19:03 2024 us=868384 Local Options hash (VER=V4): '165db97f'
Tue Apr  2 22:19:03 2024 us=868397 Expected Remote Options hash (VER=V4): '504bba81'
Tue Apr  2 22:19:03 2024 us=868410 TCP connection established with [AF_INET]Y.Y.Y.Y:45770
Tue Apr  2 22:19:03 2024 us=868417 TCPv4_SERVER link local: [undef]
Tue Apr  2 22:19:03 2024 us=868422 TCPv4_SERVER link remote: [AF_INET]Y.Y.Y.Y:45770
RTue Apr  2 22:19:03 2024 us=875567 Y.Y.Y.Y:45770 TLS: Initial packet from [AF_INET]Y.Y.Y.Y:45770, sid=94ed3c40 acb8ba38
WRWWWWWRWRWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRTue Apr  2 22:19:08 2024 us=47848 154.121.16.234:45770 VERIFY OK: depth=1, C=X, ST=X, L=X, O=X, OU=X, CN=X, name=EasyRSA, emailAddress=X@X.com
Tue Apr  2 22:19:08 2024 us=47967 Y.Y.Y.Y:45770 VERIFY OK: depth=0, C=X, ST=X, L=X, O=X, OU=X, CN=X, name=EasyRSA, emailAddress=X@X.com
WRTue Apr  2 22:19:08 2024 us=185314 Y.Y.Y.Y:45770 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher AES-256-CBC'
Tue Apr  2 22:19:08 2024 us=185416 Y.Y.Y.Y:45770 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Apr  2 22:19:08 2024 us=185427 Y.Y.Y.Y:45770 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Apr  2 22:19:08 2024 us=185435 Y.Y.Y.Y:45770 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Apr  2 22:19:08 2024 us=185442 Y.Y.Y.Y:45770 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
WWWRRRTue Apr  2 22:19:08 2024 us=536556 Y.Y.Y.Y:45770 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Apr  2 22:19:08 2024 us=536642 Y.Y.Y.Y:45770 [client1] Peer Connection Initiated with [AF_INET]Y.Y.Y.Y:45770
Tue Apr  2 22:19:08 2024 us=536713 client1/Y.Y.Y.Y:45770 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Tue Apr  2 22:19:08 2024 us=536802 client1/Y.Y.Y.Y:45770 MULTI: Learn: 10.8.0.6 -> client1/Y.Y.Y.Y:45770
Tue Apr  2 22:19:08 2024 us=536860 client1/Y.Y.Y.Y:45770 MULTI: primary virtual IP for client1/Y.Y.Y.Y:45770: 10.8.0.6
RTue Apr  2 22:19:09 2024 us=405497 client1/Y.Y.Y.Y:45770 PUSH: Received control message: 'PUSH_REQUEST'
Tue Apr  2 22:19:09 2024 us=405528 client1/Y.Y.Y.Y:45770 send_push_reply(): safe_cap=940
Tue Apr  2 22:19:09 2024 us=405597 client1/Y.Y.Y.Y:45770 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,route X.X.X.X 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
WWWWTue Apr  2 22:19:09 2024 us=648513 client1/Y.Y.Y.Y:45770 Connection reset, restarting [0]
Tue Apr  2 22:19:09 2024 us=648544 client1/Y.Y.Y.Y:45770 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Apr  2 22:19:09 2024 us=648717 TCP/UDP: Closing socket

server configuration is as

proto tcp
port 2300
dev tun0

# Clés et certificats
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
tls-auth ta.key 0
cipher AES-256-CBC
#FOR MOBILE
#data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:BF-CBC
tls-version-min 1.0
auth RSA-SHA256
# Réseau
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route X.X.X.X 255.255.255.0"
#server-bridge 127.0.0.2 255.255.255.255 10.8.0.1 255.255.255.255
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120

# Sécurite
user nobody
group nogroup
chroot /etc/openvpn/jail 
persist-key
persist-tun
comp-lzo
max-clients 10 

# Log
verb 5 
mute 20
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
syslog

I'v tryed to debug cpp files of the ics-openvpn but android studio is ignoring breakpoints On device debug not giving much details the error seems to be process-push-msg-failed,,,,,

i'v tried to modify ciphers configuration but am getting same problem i'v changed timeout in vpn-profile but not working eather sory for my english

schwabe commented 3 months ago

OpenVPN runs in its own process on android. Debugging it is non-trivial. The best is to reproduce the problem outside of the app and debug it there. Also it would be good if you can provide the client log as your server log is not telling much

schwabe commented 3 months ago

Also closing this issue since the link in the original post talks about making your own client. This project/issue tracker is only about the app that I am developing and not about third party apps

bravvve commented 3 months ago

I am trying to adapt your solution for specific use thank you for your help

schwabe commented 3 months ago

@bravvve good luck with that. But I am not helping people building their business in my spare time and do consolting them on their app for free.

bravvve commented 3 months ago

not bisness,i wan just a easy use solution to bypass no faire control for poor peaple

schwabe commented 3 months ago

@bravvve Still not intresting in other apps. Feel free to contribute/improve my app. But I will not help people building other apps for free.