schwabe
commented
8 years ago See FAQ and issue #185
Closed aneeshATgithub closed 8 years ago
schwabe
commented
8 years ago See FAQ and issue #185
aneeshATgithub
commented
8 years ago I can tick and click "OK" button, then the App getting stuck on requesting permission.. Is this caused by some network monitoring app?
schwabe
commented
8 years ago I still cannot reproduce this. What happens if you try it a second time? Does it show the permission dialog again?
aneeshATgithub
commented
8 years ago We are connecting to VPN using a switch, After turn on first time, we can't turn off switch, switch on screen is not responsive as well.
schwabe
commented
8 years ago Are you checking prepareVPNService before trying to connect?
aneeshATgithub
commented
8 years ago Yes, This intent is not null while running first time after rebooting, and other times this prepareVPNService intent is null... and while calling startVpn() getting "USER_VPN_PERMISSION". I am testing on Nexus 5 with 4.4.4 OS
For newStatus() method in iOpenVPNStatusCallback, the state is USER_VPN_PERMISSION
schwabe
commented
8 years ago Fixed by b889ea77baf597d02e4d3fbfb2e54b7f58d89253
nano2007
commented
8 years ago Thanks for the great app. Here is the issue I am seeing on a Samsung Tab(SM-T231) running Android 4.4.2. This happens only the first time after a reboot.
How can we force this dialog to display in the foreground and if possible to continue connecting to VPN.
The behaviour we had until version 47 was that we could just call startVpn(ovpnFile) (without calling prepareVPNService) and everything used to work. I have gone through the specific change 5e07802 but not able to figure out how to fix our app to behave properly.
schwabe
commented
8 years ago Hm, I am trying to reproduce this on my devices. And at least the remoteExample does not have this behaviour. Also with the current version directly calling startVPN seems work again (quick hack with if(true || requestpermission == null) { in remoteExample).
There is one fix in b889ea77baf597d02e4d3fbfb2e54b7f58d89253 that starting a vpn with permissions did not work.
nano2007
commented
8 years ago We tried the remote example too and did not see the issue. We are calling prepareVpnService (and subsequent startActivity) from within a service. Could this be causing the strange behavior?
schwabe
commented
8 years ago Yes calling from a service might have a different behaviour. Are you using the new task flag?
nano2007
commented
8 years ago Here is the code we use to start the activity for the intent returned from prepareVPNService.
logger.error("startActivityForVPNPermission");
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
startActivity(intent);
I will try to modify our app to call these from a normal flow and see if that helps too.
aneeshATgithub
commented
8 years ago Hi, I changed all the VPN connecting processes of my app from Service class to Fragment class as in RemoteExample.
And it works fine on Android 4.2.2 Google Nexus 10 virtual device (Genymotion emulator), then the testing on Android 4.4.4 Google Nexus 5 (Genymotion emulator) was a failure.
While testing on Android 4.4.4, On each IOpenVPNStatusCallback status while connecting to VPN is below,
msg.obj: VPN_GENERATE_CONFIG| msg.obj: WAIT|,,,,, msg.obj: AUTH|,,,,, msg.obj: GET_CONFIG|,,,,, msg.obj: ASSIGN_IP|,10.0.0.6,,,, msg.obj: ADD_ROUTES|,,,,, msg.obj: NOPROCESS|No process running.
schwabe
commented
8 years ago IIrc the 4.4 Android emulator's VPNService is broken. I have no idea about the Genymotion one but I would try to see if a normal VPN setup works or if it works on a real device.
aneeshATgithub
commented
8 years ago have it tested on a real device?
schwabe
commented
8 years ago On my real devices it works on a 4.4 emulator it does not work. If it dows not work on a real device I would suggest to look into ics-openvpn's log window why it fails.
aneeshATgithub
commented
8 years ago When i tested with ICSOpenVPN version 0.6.56, I got the following logs. and I could not run with versions 0.6.55, 0.6.57 Android OS version I used : 4.4.4
4:41 PM OpenVPN 2.4-icsopenvpn [git:icsopenvpn-405405df9379394e+] android-14-x86 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Jun 16 2016
4:41 PM library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
4:41 PM WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
4:41 PM TCP/UDP: Preserving recently used remote address: [AF_INET]54.209.116.255:3276
4:41 PM UDP link local: (not bound)
4:41 PM UDP link remote: [AF_INET]54.209.116.255:3276
4:41 PM WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1342'
4:41 PM WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1272'
4:41 PM [Enforcer 1] Peer Connection Initiated with [AF_INET]54.209.116.255:3276
4:41 PM Option 'explicit-exit-notify' in [PUSH-OPTIONS]:6 is ignored by previous
4:41 PM do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
4:41 PM Failed to open the tun interface
4:41 PM Error: command '979 interface fwmark rule add tun0' failed with '400 979 Failed to add fwmark rule (Success)'
4:41 PM MGMT: Got unrecognized command>FATAL:ERROR: Cannot open TUN
4:41 PM ERROR: Cannot open TUN
4:41 PM Exiting due to fatal error
4:41 PM Process exited with exit value 1
schwabe
commented
8 years ago Sorry that looks like a broken device/emulator without working VPNService. In my experience is there workaround. Try another device.
aneeshATgithub
commented
8 years ago when I tested on 4.4.2 real device, the ICSOpenVPN log is below,
2016-07-07 13:01:28 MANAGEMENT: >STATE:1467876688,CONNECTED,SUCCESS,10.0.0.6,52.91.217.102,3341,,
2016-07-07 13:01:28 Initialization Sequence Completed
2016-07-07 13:01:28 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2016-07-07 13:01:28 VpnService routes installed: 10.0.0.0/8, 172.16.0.0/13, 172.24.4.0/22, 172.24.8.0/21, 172.24.16.0/20, 172.24.32.0/19, 172.24.64.0/18, 172.24.128.0/17, 172.25.0.0/16, 172.26.0.0/15, 172.28.0.0/14, 192.168.0.0/16
2016-07-07 13:01:28 Routes excluded: 172.24.1.149/22
2016-07-07 13:01:28 Routes: 10.0.0.0/8, 10.0.0.1/32, 172.16.0.0/12, 192.168.0.0/16
2016-07-07 13:01:28 DNS Server: 192.168.10.20, Domain: null
2016-07-07 13:01:28 Local IPv4: 10.0.0.6/30 IPv6: null MTU: 1272
2016-07-07 13:01:28 Forcing MTU to 1280 instead of 1272 to workaround Android Bug #70916
2016-07-07 13:01:28 Opening tun interface:
2016-07-07 13:01:28 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_AFTER_CLOSE'
2016-07-07 13:01:28 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2016-07-07 13:01:28 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2016-07-07 13:01:28 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2016-07-07 13:01:28 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2016-07-07 13:01:28 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2016-07-07 13:01:28 MANAGEMENT: >STATE:1467876688,ADD_ROUTES,,,,,,
2016-07-07 13:01:28 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2016-07-07 13:01:28 MANAGEMENT: >STATE:1467876688,ASSIGN_IP,,10.0.0.6,,,,
2016-07-07 13:01:28 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-07-07 13:01:28 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo HWADDR=00:00:00:00:00:00
2016-07-07 13:01:28 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-07-07 13:01:28 OPTIONS IMPORT: route options modified
2016-07-07 13:01:28 OPTIONS IMPORT: --ifconfig/up options modified
2016-07-07 13:01:28 OPTIONS IMPORT: explicit notify parm(s) modified
2016-07-07 13:01:28 OPTIONS IMPORT: timers and/or timeouts modified
2016-07-07 13:01:28 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:6 is ignored by previous
schwabe
commented
8 years ago Apart from the log being reversed it looks perfectly fine.
aneeshATgithub
commented
8 years ago ok, then this log is enough to why it fails? and what the real cause is?
schwabe
commented
8 years ago Can you clarify the question? Are you asking why it is failing on the emulator?
aneeshATgithub
commented
8 years ago no, why it is failing on a real device with Android OS version 4.4.2 ? We could not connect on a real device with Android OS version 4.4.2
schwabe
commented
8 years ago The log you pasted is from a working connection. What probelmatic behaviour are you seeing on your real 4.4 device. Note that in particular 4.4.0-4.4.2 are even more buggy than later 4.4 versions with regards to VPN.
aneeshATgithub
commented
8 years ago ok, then there is no workaround for this problem for these versions?
schwabe
commented
8 years ago You still have no told me your problem other than it is not working on the emulator.
aneeshATgithub
commented
8 years ago Sorry, The problem is, when we connect using switch on notification bar, the black dialog - "OpenVPN for Android attempts to create a VPN connection" is not coming to foreground. And we need to take manually the ICSOpenVPN app and then we can tick 'I trust this application' and click 'OK'. This behaviour is in a real device with Android OS version 4.4.2
aneeshATgithub
commented
8 years ago hello cau you please reply what causes for this? or how we can bring the OpenVPN app that showing the dialog to foreground?
schwabe
commented
8 years ago I currently strapped for time. I also don't understand Android task and the flags associated with them (NEW_FLAG) etc. to figure out what happens when you start an activity from a service, so currently I don't really the time to fix it.
Also I also would need to first to replicate the bug.
aneeshATgithub
commented
8 years ago Thanks for the great app, the "FLAG_ACTIVITY_NEW_TASK" has been resolved that issue, and it works fine in all the Android OS versions...
While connecting from a remote app to start VPN on ICS Open VPN, "trust this application" dialog is coming , and when we click on OK button with agree "I trust this application", there is no connecting process is going forward and the app is stuck on.The issue will still be there on all HighEnd phones with 4.4.4 and above including NEXUS 5. In the older version of the ICS OpenVPN, Once the agree button is clicked - the vpn connection will start connecting.