option to fix routing on new HTC Roms

[GoogleCodeExporter]

After some debugging i managed to get openvpn working on my Desire with the new 
HTC froyo roms so i am sharing the workaround and maybe hope to be able to set 
it up in openvpn-settings for an automatic fix.

I only tested in LeeDroid 1.3a but i guess this may just as well be the same in 
other HTC Sense roms since they have the same base.

The problem is that on this ROM HTC is defining multiple routing tables:

sh-3.2# ip rule                  
0:      from all lookup local 
3001:   from all lookup wifi 
32766:  from all lookup main 
32767:  from all lookup default 

and when the VPN connects it only modifies the routes on the main table, so the 
wifi table which defines the wifi default GW is still in use: nothing goes into 
the tunnel (the nasty thing is that the network still works so users might not 
even realize they are on the unsecure channel)

The easiest workaround is to issue:
ip rule del from all lookup wifi

IMHO there is nothing of value in the wifi table, before the vpn connects it 
has the same routes as the main table; and it is "safe" as it gets recreated 
when the wifi reconnects.

So would love to see an advanced option to do just that; or better make the 
program detect the situation by itself (since most user probably won't).

Original issue reported on code.google.com by jwick...@gmail.com on 19 Jul 2010 at 9:51

• Merged into: #88

[GoogleCodeExporter]

What about adding the routes to the vpn table, just like the built-in vpn 
client does? For this we need openvpn compiled with iproute support and a 
simple wrapper script to add ' table vpn' to all ip route add and ip route del 
commands. Well, not so simple but feasible.

Original comment by Victor.D...@gmail.com on 26 Jul 2010 at 2:31

[GoogleCodeExporter]

I need this too! I am using openvpn too often. So .. +1

Original comment by pag...@gmail.com on 29 Jul 2010 at 12:43

[GoogleCodeExporter]

Using openvpn with iproute support and a script like this anyone can get it 
running immediately.

#!/system/bin/sh

# ip route wrapper, add 'table vpn' to add/del commands

IPROUTE=/system/bin/ip

case "$@" in

    *'route add'*|*'route del'*)

        exec "$IPROUTE" "$@" table vpn

        ;;
    *)

        exec "$IPROUTE" "$@"

        ;;

esac

# EOF

Original comment by lin...@gmail.com on 30 Jul 2010 at 1:24

Attachments:

• openvpn-iproute.zip

[GoogleCodeExporter]

This sounds great.
What is needed to use that script ? where should it be and what should we edit 
in the config ?

Original comment by jwick...@gmail.com on 31 Jul 2010 at 3:24

[GoogleCodeExporter]

@jwickers
ip rule del from all lookup wifi

solves the problem only if you are connected on WiFi.
It doesn't work on a GSM connection...

Original comment by mpanz...@gmail.com on 5 Aug 2010 at 8:07

[GoogleCodeExporter]

yes, on gsm there is another table try: ip rule del from all lookup gprs . Else 
just type "ip ru" and it should list the tables.

And btw "ip ru del table wifi" also works and is shorter to type.

Original comment by jwick...@gmail.com on 6 Aug 2010 at 12:57

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Re: script usage, just place it somewhere on a "real" FS (with proper 
permissions support), say /data/local/bin/, make sure it's executable (chmod 
755) and add the following to the config file:

iproute /data/local/bin/iproute-wrapper.sh

Original comment by lin...@gmail.com on 11 Aug 2010 at 7:38

[GoogleCodeExporter]

Ok i figured it out, the problem is that using the vpn does not work for me, i 
switched to using the local table and it works.

Thanks !

Original comment by jwick...@gmail.com on 11 Aug 2010 at 9:14

[GoogleCodeExporter]

Oh, I see, I use built-in VPN a lot and that's why I have the vpn table. As 
already pointed out, you can either update the script to work with the 'local' 
table or add 'vpn' table if it does not exist:

#!/system/bin/sh

# ip route wrapper, add 'table vpn' to all commands

PATH=/sbin:/system/sbin:/system/bin:/system/xbin
export PATH

IPROUTE=/system/bin/ip

has_vpn_table=$("$IPROUTE" rule show | grep ' vpn')
case "$@" in
    *'route add'*|*'route del'*)
        if [ -z "$has_vpn_table" ]; then
            "$IPROUTE" rule add from all table vpn
        fi
        exec "$IPROUTE" "$@" table vpn
        ;;
    *)
        exec "$IPROUTE" "$@"
        ;;
esac

# EOF

Original comment by lin...@gmail.com on 11 Aug 2010 at 11:33

[GoogleCodeExporter]

I've learned more on openvpn for my HTC desire with android 2.2 here than in 
most places on the net ;-)

That said, I've ended up using gscript lite to automate deleting the wifi 
table, or gprs table depending on my needs, because while the scripts above do 
certainly work, in my special case, my openvpn server pushes routes to me (such 
as 10.0.0.0/8, 192.168.0.0/16 etc).

Since my wireless at work and at home end up being in those ranges, the routes 
added in the script with ip route seem to take precedence over the local subnet 
on eth0. I've not had time enough to play around and try to add a route, or 
change setting so the local route has more "weight" (dunno if that applies 
here) but maybe someone like me will benefit from the comment!

Would it be possible to make an option to run a script after the VPN tunnel is 
established or re-connects after a wifi, or gprs change?

Original comment by gagnonal...@gmail.com on 16 Aug 2010 at 5:07

[GoogleCodeExporter]

I had the same problem with HTC Desire/ Pinky Froyo ROM so I made a quick patch 
to openvpn-settings.

The patch add an option in the connection preferences to 'Fix HTC Routes'.
If this option is checked, it remove grps/wifi routes after each OpenVPN 
connection (ip ru del route wifi/gprs).
I find it quite dirty because I dont know why this routes are here but at least 
it work for me.

Feel free to test it and merge it if you find it usefull.

Original comment by charles....@gmail.com on 23 Aug 2010 at 9:28

Attachments:

• patch_openvpn_settings_htc_routes.diff

[GoogleCodeExporter]

And is there any way to import this patch into official version which is in the 
market?

Original comment by pag...@gmail.com on 24 Aug 2010 at 7:08

[GoogleCodeExporter]

Original comment by friedrich.schaeuffelhut on 16 Sep 2010 at 3:31

• Changed state: Accepted
• Added labels: Milestone-Release-0.4.7

[GoogleCodeExporter]

Thank you for the patch. I imported it.
Could you please confirm the new version works?

I moved the new option into the advanced menu (Menu -> Advanced -> Fix HTC 
Routes), as the fix should probably be applied to all vpn configurations.

Original comment by friedrich.schaeuffelhut on 18 Sep 2010 at 6:34

Attachments:

• OpenVPN-Settings-0.4.7test1.apk

[GoogleCodeExporter]

It works perfectly on my Desire. Thank you !!!!

Original comment by jesperc...@gmail.com on 18 Sep 2010 at 6:42

[GoogleCodeExporter]

It's working here. 
Desire with oficial rooted HTC froyo ROM. Thanks a lot.

Original comment by freuds....@gmail.com on 18 Sep 2010 at 9:14

[GoogleCodeExporter]

Working on HTC Desire running LeeDrOiD V2.1
Thanks!

Original comment by tscha...@gmail.com on 18 Sep 2010 at 3:17

[GoogleCodeExporter]

Does the patch work for wifi *and* gprs/3g connection?
I got one negative test report. The reporter claims he still has to execute 'ip 
ru del table gprs' to be able to ping the server.

Original comment by friedrich.schaeuffelhut on 18 Sep 2010 at 4:28

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Works with Leedroid 2.1 and 3G/GPRS after activation of the "Fix HTC routes" 
option and re-establishing the OpenVPN connection. 

Original comment by jor...@gmail.com on 18 Sep 2010 at 5:15

[GoogleCodeExporter]

I can confirm that it works as expected using the 3G interface,

I checked that the table gprs exists before connecting. And after the VPN link 
is established, the table gprs is gone and I can ping the remote network.

sry, but I can't test using wifi right now.

[Desire with oficial rooted HTC froyo ROM]

Original comment by freuds....@gmail.com on 18 Sep 2010 at 5:17

[GoogleCodeExporter]

The reporter mentioned in comment 19, confirmed the patch is actually working 
for him.

Original comment by friedrich.schaeuffelhut on 19 Sep 2010 at 7:09

• Changed state: Verified

[GoogleCodeExporter]

confirm that this is working on froyo desire stock + openvpn from XDA devs via 
3G

unable to confirm presently that it works over wifi as only home wifi available 
behind the openvpn gateway ;-)

Many thanks to all involved! great effort !! ;-) 

Original comment by MW0...@gmail.com on 23 Sep 2010 at 3:32

[GoogleCodeExporter]

One caveat I notice here after four days of heavy use.

After stopping the 3G VPN and switching to WIFI (without vpn)it can take some 
time for the browser to find google.

In some cases I actually need to reboot the phone to get things working again.

It might be worthwhile to revisit the "on exit vpn..." part of the code again.

nevertheless the VPN works ;-))

Original comment by MW0...@gmail.com on 27 Sep 2010 at 8:21

[GoogleCodeExporter]

Should I open this bug again?

Original comment by friedrich.schaeuffelhut on 28 Sep 2010 at 6:38

[GoogleCodeExporter]

no ...I think its ok - I think it is down to the flakey HSDPA on my mobile 
operator (T-mobile) 

but I will keep an eye on it for further occurrences 

Original comment by MW0...@gmail.com on 28 Sep 2010 at 1:48

[GoogleCodeExporter]

I have a htc desire with leedroid rom
I use OpenVPN-Settings-0.4.7test1.apk  it remove all rule i can ping 
www.google.com
but i can't use the navigator to go to www.google.com

Original comment by karinetb...@gmail.com on 2 Oct 2010 at 8:23

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Getting a similar problem to no.29, with 0.4.7test1 I can use the VPN OK but 
can't seem to do general web browsing. I tried the Fix DNS and Use VPN DNS 
Servers to no avail.

Will try and tinker with some settings or use ADB shell to diag once I'm home 
this evening

Original comment by Mark.Skr...@gmail.com on 5 Oct 2010 at 12:10

[GoogleCodeExporter]

I fired off that one a bit to quickly! Went back to my OpenVPN server (Zerina 
OpenVPN mod for Smoothwall 3) and disabled the "Redirect Gateway on red" option 
that I'd tweaked whilst tinkering a few days back. Now appears to be working as 
expected :-D

Original comment by Mark.Skr...@gmail.com on 5 Oct 2010 at 12:14

[GoogleCodeExporter]

Hello
Yes it work fine when i remove "redirect gateway" but when you do this the 
delfaut gateway is rwnet (gsm connection). And  i want all go to the vpn.
thank you

Original comment by karinetb...@gmail.com on 5 Oct 2010 at 6:41

[GoogleCodeExporter]

On my Motorola Milestone with firmware 2.1 i can connect to my vpn (StrongVPN) 
but when i open a page to see my ip adress the ip is the same of my isp 
network, and not of my vpn account. I tried to use the new option Fix HTC 
Routes with no results.

Can you help to my Motorola Milestone use the conected VPN access and not the 
3G or Wi-Fi connection ?

Original comment by infovirt...@gmail.com on 17 Oct 2010 at 5:58

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Hi, I am new on openvpn, especially on android platform. I have an HTC Desire 
and I want to use openvpn client on my phone as on PC s. I cannot find a step 
by step guide for newbies. Could you please someone release one? I would be 
very very appreciated and so probably most new users will be. Thanks.

Original comment by cosar1...@gmail.com on 18 Nov 2010 at 12:14

[GoogleCodeExporter]

Hi, thanks for alla your work Friedric!
I've recently change my phone, from htc desire and htc hd2 (both with android 
froyo) to the desire hd. Before the fix htc route work perfectly, but now with 
the desirehd I've to remove manually the rule gprs (ip rule del from all lookup 
gprs) to make openvpn working.
is there anyone that have see this problem?

Thanks!
Davide

Original comment by davide.p...@gmail.com on 26 Feb 2011 at 9:03

[GoogleCodeExporter]

The Fix HTC Routes option doesn't seem to work on the Thunderbolt. What script 
'ip ru del...' command are you using? I tried the one you mentioned 'ip ru del 
route gprs' in comments 12/15, but running that from a terminal gives an error. 
I entered the below command in GScript Lite (for easy access) and it now works:

ip ru del table gprs
ip ru del table wifi

I guess the patch should be updated?

Original comment by epils...@gmail.com on 4 Apr 2011 at 2:42

[GoogleCodeExporter]

Hi, 

I am trying with an HTC Magic. Openvpn client is connected successfully but 
there is no tun0 device or routes installed (I can do an ifconfig tun0 up 
tough... assign IP addressing, etc., but I havent been successful trying to 
load routes manually so far). 
There are no gprs or wifi tables as well :((. Openvpn version is 2.1.4 and I am 
working on cyanogenmod 6.

Any help is appreciated, i do not know what else to do.

Original comment by costas.n...@gmail.com on 8 Jun 2011 at 10:04

[GoogleCodeExporter]

I still cant get this to work on my htc thunderbolt. both the phone and server 
show a successful connection but no data is tunneling though the vpn

Original comment by ddarv...@gmail.com on 15 Jun 2011 at 8:14

[GoogleCodeExporter]

I have to install a cm7 rom to get it working well.
El 15/06/2011 22:14, <android-openvpn-settings@googlecode.com> escribi�:

new

vpn

Original comment by nhd...@gmail.com on 17 Jun 2011 at 6:55

[GoogleCodeExporter]

I am using Froyo 1.72 with the Modaco HTC desire Z image.

I discovered by simply flushing random tables that "ip route flush table 2" 
fixed the problem for when I am on 3G.

If I want to use openvpn when using wifi, "ip route flush table 1" makes that 
work too.

Bear in mind that if you're flip-flopping between using wifi and vpn, the vpn 
server/remote end needs to time out before things will work again properly.

I posted my results to xda-devs which is where I started and someone's hints 
helped me find this page.

http://forum.xda-developers.com/showthread.php?p=14809391#post14809391

Original comment by paul.man...@gmail.com on 17 Jun 2011 at 12:56

[GoogleCodeExporter]

Also cannot get this to work on Thunderbolt.  Running Das BAMF 1.8.6.

Cleared out the ip tables so only local, main, and default remained.  Still no 
go.

Original comment by Jonathan...@gmail.com on 12 Jul 2011 at 1:50

[GoogleCodeExporter]

3g Still  not working on HTC flyer, only wifi I have to enter manually:

# su
# ip rule del from all lookup grps

then it works

Original comment by hrvoje.m...@gmail.com on 27 Aug 2011 at 4:16

[GoogleCodeExporter]

It looks like it is connected with issue 88.

Original comment by hrvoje.m...@gmail.com on 27 Aug 2011 at 4:17

[GoogleCodeExporter]

Original comment by friedrich.schaeuffelhut on 29 Dec 2011 at 12:37

• Added labels: Priority-High
• Removed labels: Priority-Medium

[GoogleCodeExporter]

Original comment by friedrich.schaeuffelhut on 29 Dec 2011 at 12:39

• Changed state: New

[GoogleCodeExporter]

Original comment by friedrich.schaeuffelhut on 29 Dec 2011 at 12:39

• Added labels: long

[GoogleCodeExporter]

Original comment by friedrich.schaeuffelhut on 31 Dec 2011 at 12:10

• Changed state: Duplicate
• Removed labels: long