[Q] OpenVPN Tap fails on route add -net? - Nexus 4 Q&A, Help & Troubleshooting

I'm trying to setup OpenVPN with TAP (I know there are other app that set up TUN for you, that's not what I'm trying to do) on andriod, everything seems to be working correctly except the last step. When open vpn tries to add route it fails with error status: 1.
I followed the steps here to install Busybox/OpenVPN Installer/OpenVPN Settings
http://strongvpn.com/setup_android_open.shtml
My VPN seems to connect fine but it fails on
/system/xbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.1.1.2
I've double checked that /system/xbin/route can be executed, though when I'm trying to run the same command in terminal it gives me
siocaddrt operation not permitted
Any thoughts?

I guess no one uses OpenVPN with TAP eh?...

Related

[SOLVED] openvpn on DHD? tun.ko?

Has anyone managed to get openvpn going? compiling custom tun.ko file for DHD?
It's probably possible, now that we have the source. Don't have a DHD just yet, so can't try
Sent from my HDfied HTC Desire
Thread moved to General.
hello
i'm interesting too for the kernel mod tun.ko for the DHD
any reponse ?
Hello,
i'm very interesting in this file too...
My NAS awaits the phone "call".
Hey everyone. First time poster, so hoping its a happy reply
Has anyone had any luck with this ? i also require the tun.ko file for DHD. been searching the net for hours
looking forward to your replies.
I heard that tun.ko file has to be specifically compiled for each kernel version. Is that right?
Is it also linked to the radio version?
If we could have a link for kernel source, i might be able to follow tutorial and publish it here.
I have 2.6.32.21 -g66cfb7a kernel version and you? (not sure if the second part is part of the kernel version)
Lionel
Attached is tun.ko for the Desire HD (for kernel 2.6.32.21-gf3f553d). Built it today & it seems to insert OK and work fine with VPN Connections.
thedji said:
Attached is tun.ko for the Desire HD (for kernel 2.6.32.21-gf3f553d). Built it today & it seems to insert OK and work fine with VPN Connections.
Click to expand...
Click to collapse
Perfect! Thanks!!
Very thanks for the module.
DHD - tun.ko for 2.6.32.21-g66cfb7a
EFCAugure said:
I heard that tun.ko file has to be specifically compiled for each kernel version. Is that right?
Click to expand...
Click to collapse
Yes. After trying other people's tun.ko modules, it wasn't until I checked the output of dmesg that I learnt this (got my first Android 3 weeks ago - so I'm still a n00b).
EFCAugure said:
If we could have a link for kernel source, i might be able to follow tutorial and publish it here. I have 2.6.32.21 -g66cfb7a kernel version and you? (not sure if the second part is part of the kernel version)
Click to expand...
Click to collapse
Lionel, it would appear that my Desire HD has the same kernel.
2.6.32.21-g66cfb7a
2.6.32 is the base kernel version
I assume 21 is the revision or build number.
The hex string on the end seems to vary by which ROM you have installed. This was what was stopping me from loading these other tun.ko modules - including the one posted by @thedji
I've just compiled the tun.ko module for 2.6.32.21-g66cfb7a (on a headless Pentium 2 400 MHz lol). It loads fine and can be seen in the output of lsmod. I've attached it below.
Edit: I was able to use this module successfully to connect to a Cisco VPN with vpnc.
Mike
@MikeMelbourne
Can you explain to me how and with what Software you connected to a Cisco VPN?
C.K. said:
Can you explain to me how and with what Software you connected to a Cisco VPN?
Click to expand...
Click to collapse
First - applications.
1) You're going to need a terminal/console app. I used one called Terminal Emulator.
2) You're going to want an app called "VPN Connections". I downloaded a patched APK in post #4 here:
hxxp://code.google.com/p/get-a-robot-vpnc/issues/detail?id=122&q=patch
Alternatively, you might get it from here: hxxp://code.google.com/p/get-a-robot-vpnc/downloads/list (although YMMV).
Second - setup.
1) You're phone needs to be rooted.
2) You need to have the appropriate tun.ko module (for your phone's kernel) loaded. Load up the Terminal Emulator then:
a) Type 'su' without quotes and hit enter.
b) Type 'insmod /path/to/tun.ko' without quotes and press enter. If your tun.ko is on your sdcard in the root, the path would be /mnt/sdcard/tun.ko
c) If the step above worked, you should be able to type 'lsmod' and see the tun module loaded.
Note: I didn't have any luck running the "VPN Connections" app directly - the connection kept failing (possible due to the configuration of the VPN I was connecting to). So I start it from the command line. You might want to try using the GUI first as it would make things so much easier if it works.
Third - connecting to the VPN by a command line.
1) The command to enter is quite long (and I got sick of typing it), so I put it into a file called 2.sh in the root of the sdcard.
2) Inside the file /mnt/sdcard/2.sh, I entered the following:
Code:
/data/data/org.codeandroid.vpnc_frontend/files/vpnc --script /data/data/org.codeandroid.vpnc_frontend/files/vpnc-script --no-detach --natt-mode cisco-udp --debug 1 --gateway AAA.BBB.CCC.DDD --id groupid --username mike --enable-1des
Note that the gateway is the IP address of the VPN you are connecting to. The username for me is just my username - it isn't prefixed by my company's active directory domain.
3) Open the Terminal Emulator.
4) Enter 'su' without quotes and press enter.
5) Enter 'sh /mnt/sdcard/2.sh' without quotes and press enter.
6) You will be asked to provide the group password, then the personal password for your username. Then it should attempt to connect.
You can change the debug value to 2 or 99 if you want to get more information (if it doesn't connect successfully).
If you want to know what command line options are available, enter the following at the Terminal Emulator:
Code:
/data/data/org.codeandroid.vpnc_frontend/files/vpnc --script /data/data/org.codeandroid.vpnc_frontend/files/vpnc-script --long-help
I think that's it - I hope this helps. After disconnecting I tend to do a long reboot (takes 1-2 minutes) to get the network back to the way it was; although I'm not sure this is necessary.
Mike
Edit: seems like you need to create a directory and a symbolic link. This is my working script:
Code:
mkdir /dev/net
insmod /mnt/sdcard/download/tun.ko
lsmod
ln -s /dev/tun /dev/net/tun
/data/data/org.codeandroid.vpnc_frontend/files/vpnc --script /data/data/org.codeandroid.vpnc_frontend/files/vpnc-script --no-detach --natt-mode cisco-udp --debug 1 --gateway AAA.BBB.CCC.DDD --id groupid --username mike --enable-1des
Damn I hoped it woulld be easier. As I have never worked with Android that sounds like a challenge to me. So there is no easy switching on and off of the VPN connection? I always have to use the scripts?
C.K. said:
Damn I hoped it woulld be easier. As I have never worked with Android that sounds like a challenge to me. So there is no easy switching on and off of the VPN connection? I always have to use the scripts?
Click to expand...
Click to collapse
Because the "VPN Connections" GUI app didn't connect for me, I had to resort to the script - you may not need to (depending upon the configuration of your Cisco VPN box).
I just need to run the final script (the 5 liner above) to connect to the VPN - good enough for the time being. You just need to modify the path to tun.ko, set your gateway server, groupid & username.
I hadn't worked with Android before the weekend just past - I've just rooted my first Android phone. It's all a learning experience - I guess it depends how badly you want VPN access? Hopefully it will get easier in time as the apps improve.
Good luck!
Mike
You can use something GScript to make it a two-click process (open app, click script). It's just as efficient as using VPN Connections (open app, click connect).
For me personally, I use VPN Connections to connect (successfully) but the traffic is routed down the wrong interface (i.e. not tun0).
After connecting I have to run
Code:
ip ru del table wifi
or
Code:
ip ru del table gprs
to fix the issue.
You should definitely try VPN Connections first. If that doesn't work, try the long method above.
thedji said:
You can use something GScript to make it a two-click process (open app, click script). It's just as efficient as using VPN Connections (open app, click connect).
Click to expand...
Click to collapse
GScript is a great idea - it will save me doing any typing to connect to the VPN.
Once I added these VPNC flags (--natt-mode cisco-udp --enable-1des) to "VPN Connections" I was able to successfully connect after running the script in GScript.
It doesn't say I'm connected, however my IP address has been assigned and I can Remote Desktop to my work PC. My routing already seems to be ok, so I don't to run the 'ip ru del' commands that you do.
I'm pretty satisfied with this now... no typing - just point and press.
-Mike-
What about tap.ko? (needed for OpenVPN bridge mode)
Exposure said:
What about tap.ko? (needed for OpenVPN bridge mode)
Click to expand...
Click to collapse
What kernel version are you running? If you have '2.6.32.21-g66cfb7a' I could compile tap.ko for you?

[SOLVED] I'm lost. Openvpn + tun + HMA. [email protected]!

Hi,
Just got myself some nice account at hidemyass_dot_com ... They dont support l2tp yet, and pptp just doesn't work (some encryption issue idk).
So I figured i'd try using openvpn. So I downloaded the market version of openvpn software.
Got the crt files, ovpn files and key file. Everything is in order. When I try to connect, I see that I can pass everything (even get a bloody IP). But the routes dont work. Meaning, I'm not routed through the tunnel but through the normal pdp0 interface.
I got into adb shell, adb logcat etc. This is what I figured out:
Routes are not "implemented" because it can't find the tun0 interface. Why? because its not in "up" mode. Since its not in "up" mode, openvpn software failed when it did "ifconfig IP MASK".
Now get this, if i manually (after openvpn authenticates, assigns an IP and says "connected") netcfg tun0 up, and then manually ifconfig tun0 IP MASK and then manually assign the routes which were automatically failed last time - it works.
Everything is routed properly.
What I figured was an issue with the netcfg tun0 up and ifconfig tun0 ip mask commands ... I read people tried tun.ko files (for each cfw) but couldn't find any for S2 (or lite'ning).
OMG I'm desperate. Help?
[SOLVED] - CHECK BELOW
advocator said:
Hi,
Just got myself some nice account at hidemyass_dot_com ... They dont support l2tp yet, and pptp just doesn't work (some encryption issue idk).
So I figured i'd try using openvpn. So I downloaded the market version of openvpn software.
Got the crt files, ovpn files and key file. Everything is in order. When I try to connect, I see that I can pass everything (even get a bloody IP). But the routes dont work. Meaning, I'm not routed through the tunnel but through the normal pdp0 interface.
I got into adb shell, adb logcat etc. This is what I figured out:
Routes are not "implemented" because it can't find the tun0 interface. Why? because its not in "up" mode. Since its not in "up" mode, openvpn software failed when it did "ifconfig IP MASK".
Now get this, if i manually (after openvpn authenticates, assigns an IP and says "connected") netcfg tun0 up, and then manually ifconfig tun0 IP MASK and then manually assign the routes which were automatically failed last time - it works.
Everything is routed properly.
What I figured was an issue with the netcfg tun0 up and ifconfig tun0 ip mask commands ... I read people tried tun.ko files (for each cfw) but couldn't find any for S2 (or lite'ning).
OMG I'm desperate. Help?
Click to expand...
Click to collapse
I've been trying to do this but just forgot about it when I first got the phone. You need to compile the tun.ko driver.
are you root?
you need root for OpenVPN
also the kernel needs to have tun.ko else it won't work
I wasn't able to test it myself yet but this is what I remembered from my Hero..
Gawis said:
are you root?
you need root for OpenVPN
also the kernel needs to have tun.ko else it won't work
I wasn't able to test it myself yet but this is what I remembered from my Hero..
Click to expand...
Click to collapse
I'm root.
Now not sure about the tun.ko in the kernel. I guess it has the default one (I do afterall, manage to netcfg tun0 up and ifconfig tun0 IP MASK if I do them manually ... they fail when openvpn does them by itself) ..
Maybe I need a special tun.ko? how can I compile my own?
I suddenly remembered thread in which I posted a while back about SGSII and OpenVPN
that member confirmed it as working, the link is here:
http://forum.xda-developers.com/showthread.php?t=1074492
I will root my SGSII somewhere this or next month and try it myself then..
SOLVED
Had to reinstall BusyBox (so I'd have /system/xbin/bb folder).
Now everything works with the default tun.
re-install openvpn when prompt ifconfig directory select /system/xbin/bb. then open console add sym link "ln -s /system/xbin /system/xbin/bb"
your openvpn should now able to up the tun0 interface and accept the push config from openvpn server

[HowTo]Use OpenVPN in Cyanogenmod/based ROMs

Intro:
So, I've had some problems accessing the market from a forbidden country (i.e Sudan, Lebanon). When I tried to use the built-in VPN client in a Cyanogenmod ROM it turned out that it doesn't work so after a well-spent time, I figured out how to use a VPN on my HD2.
What Can it be used for?
- Access the internet using your data connection without revealing your IP address.
- Unlock the market for forbidden countries. (my case)
- Basically, VPN on your Androided HD2.
Requirements:
An HTC HD2 with a Cyanogenmod Rom or a ROM based on it.
OpenVPN Settings application (Provided in the attachments)
An OpenVPN config files and certificates (Recommended will be provided below)
An SD card.
Instructions:
1- I recommend using Hostizzle, go to it then register for a free plan. (go for a paid one if you want)
2- After registering, download your keys (only keys and not .exe ) and extract them to a new folder on the root of your sd card with the following name "openvpn" .
3- Go to your phone and install the "OpenVPN Settings" application (attached) .
4- Run the Application and Allow all the SuperUser Requests. Then press menu and choose "Advanced" . Make sure that "Load tun kernel module" is ticked, then hit "TUN module settings" and make sure that "Load module using" is set to "insmod" and "Path to tun module" is set to "/system/lib/modules/tun.ko" .
5-(optional) if you faced troubles using the internet, long press on your configurations name and then "Preferences" then tick "Use VPN DNS Server" and set the "VPN DNS Server" to "8.8.8.8".
6- Return to the main screen of the app and tick "OpenVPN" and then tick your configuration.
Then it will go through a sequence, when you see "Connected to *.*.*.* as *.*.*.*" then you're connected, if you're seeing a blank after "as" then you have a problem and you have to check the procedures again.
Tips & Warnings:
*You can use any OpenVPN service as long as you can obtain the configurations file.
*I have only tested this on "HyperDroid", but it should work with any cyanogenmod ROM.
*Do not install "OpenVPN installer" as it will mess up your phone's VPN configurations.
*OpenVPN Settings can be obtained from the market, but in my case I couldn't do it .
*The files you should copy to the "openvpn" folder should at least contain the following : (*.ovpn, ca.crt, client.crt, client.key, ta.key)
*It is ok for the connection to keep restarting, it will connect you soon.
*Anything else you tell me
Frequently Asked Questions
-not yet ...
I wrote this tut because I wasn't able to access the Market from my phone because the country was forbidden
Hit thanks if it/I helped.

[Q] SSH / SFTP Server: get always connection refused

Good Morning,
since a few days I'm an owner of a Galaxy S4 I9505. The previous phone was a Galaxy S3. On the S3 I used the Rooted SSH SFTP Daemon * to get access from my PC (Linux) to my mobile phone via FTP or SSH. Worked great. So I tried the same thing with the S4.
The error message:
via ssh:
Code:
ssh: connect to host 192.168.109.51 port 22: Connection refused
via ftp (Filezilla sftp):
Code:
Status: Connecting with 192.168.109.51...
Answer: fzSftp started
Command: open "[email protected]" 22
Error: Connection refused
Settings on the ssh daemon
Login ID: root (=default)
Port: 22 (=default)
Other things I haven't set or changed.
System
Model: GT I9505
Android Version: 4.3
Kernel Version: 3.4.0-2082040, [email protected]#1
Buildnumber: JSS15J.I9505XXUEMKE
SE for Android Status: Enforcing SEPF_GT-I9505_4.3_0018
Secure boot status: Type: Samsung
Knox
When I tried the SSH Daemon first, I got the annoying security message from Knox. Therefore I thought first, Knox could be the problem. So I deinstalled that stuff via Titanium Backup. More in detail, I deinstalled:
com.sec.enterprise.knox.attestation
com.sec.knox.eventsmanager
KNOX 1.0
KNOX 3.0
Knox Notification Manager 1.0
Knox Store
The annoying security message vanished, but the device isn't accessible through ftp or ssh yet.
Additional information
The S4 is rooted, Knox warranty status is set to 0x1. Busybox 1.22.0 is installed. SuperSU v1.89 is also installed and displays ssh/sftp Service in the app list with granted SU access.
When I start or shut down the ssh/sftp server, it prints the text: 'First time' complete. I can't remember that message on the S3. What does it mean?
Approaches to solve
The get sure, it's not a networking problem, I installed also AnyFTP and JuiceSSH on the phone and tried to access the ssh/sftp server via 127.0.0.1 directly from the phone apps. I get the same error messages.
On the other hand I can connect from the S4 to the ftp and ssh server on my desktop PC without any problems.
Also I changed the port on the sftp/ssh server to 2222 without any success.
Conclusion and question:
I suggest 2 possibilities:
Some kind of Non-Knox security feature is blocking the outgoing network service on the S4, so that the ssh/sftp service will be blocked on the network layer.
The ssh/sftp server app isn't working properly on the S4.
What other chances do I have to get this app working?
*) Can't post any external links, because it's my first post here. The id of the used app is web.oss.sshsftpDaemon.
Tried the non-root ftp-server of ESFile explorer - works.
alogcat doesn't provide me any information about blocking any content.
Tried a different ssh-server: com.icecoldapps.sshserver -> works
tried 2 servers no one works
"Connection closed by server with exitcode 1 Error: Could not connect to server"
authentication seems ok , because if change pass then I'm betting the usual deny
any one solved the problem?
any news?
wifi file explorer works, but I would prefer ssh/sftp

SFTP to Nexus Play

Hello Hello,
So am i am trying to FTP into my nexus player with no success.
1) download ssh server apk to NExus Player and set it up
- found ip address through network-->"my ssid"--> status info
2) via winscp typed in ip address from step 1 and port# from step 1 (when setting up the ssh server)
3) username: root password:abc123 (i found this from the firetv, but it could be the issue but i am not even getting an authentication error)
I just get a hang.. doesn't do anything, the connection times out. I Tried making a username and password via sshserver settings, but that didn't work either.
Am I using the wrong IP address? username? password? some help would be greatly appreciated ; >
johentie said:
Hello Hello,
So am i am trying to FTP into my nexus player with no success.
1) download ssh server apk to NExus Player and set it up
- found ip address through network-->"my ssid"--> status info
2) via winscp typed in ip address from step 1 and port# from step 1 (when setting up the ssh server)
3) username: root password:abc123 (i found this from the firetv, but it could be the issue but i am not even getting an authentication error)
I just get a hang.. doesn't do anything, the connection times out. I Tried making a username and password via sshserver settings, but that didn't work either.
Am I using the wrong IP address? username? password? some help would be greatly appreciated ; >
Click to expand...
Click to collapse
Don't FTP, SCP/SFTP. Research what you are doing / trying to do better, it seems you are on very thin ice.
Use username and password from SSH Server settings.
Also, you don't need to manually install it with sideload, you can just go to https://play.google.com from a browser and then use install and choose Nexus Player. Of course logged into the same Google account as the NP.
Does anyone know how to get a remote shell on NP? Since SSH Server can't produce a shell on x86 devices.
Also remote adb doesn't work on latest firmware AFAIK.
Edit: Created a separate thread about remote shell - http://forum.xda-developers.com/nexus-player/help/remote-console-nexus-player-how-adb-ssh-t3000595

Categories

Resources