Hi,
Last week I received my Archos 101. In general it is great. Even better is this forum
I installed urukdroid (thanks to the project-team!). I tried to use openvpn but it failed and I am not sure about the reason.
The server-configuration is
...
ifconfig-pool 10.10.10.120 10.10.10.130
push "route 10.10.10.1"
route 10.10.10.0 255.255.255.0
ifconfig 10.10.10.1 255.255.255.0
push "route-gateway 10.10.10.1"
push "route 10.10.10.0 255.255.255.0"
...
As the Archos is the only device it would get IP 10.10.10.120.
BUT: ifconfig shows:
inet addr.: 10.10.10.255 Bcast: 10.255.255.255 Mask 255.0.0.0
That did (and cannot) work. No ping to home network possible.
When I called route it looked fine (I used redirect-gateway).
When I send the command
ifconfig tap0 10.10.10.120 broadcast 10.10.10.1 netmask 255.255.255.0
from Archos Terminal I had at least access to my home network. But all route entries are gone.
Who has an idea what I am doing wrong? I checked it in the last day again and again... If there is no solution: is it possible to 'save' the entries from route and restore it after my manual change of ifconfig? I would like to do it via script, as my home network I only reachable via dyndns.
Thanks and best regards!
I used the OpenVPN Howto Quickstart and had no problems.
macemoneta said:
I used the OpenVPN Howto Quickstart and had no problems.
Click to expand...
Click to collapse
Yes, I know the guide. I did the same with my ubuntu-netbook and it works directly.
And I think, it would work also on the Archos, if the openvpn/ifconfig on Archos accept the 10.10.10.120. But the IP is changed to 10.10.10.255 and that did not fit.
Where the h*** did the 255 instead of 120 come from?
I noticed the same problem...
No idea where it comes from, but as a workaround, you can put a script somewhere containing a suitable "ip addr add x.x.x.x/y dev z" statement, and reference that in the .conf file as "up scriptname".
Note that you need to add "--script-security 2" to the openvpn commandline to make that work. I added that to the OPENVPN_CFG variable in /etc/uruk.conf/openvpn.
regards
Patrick
This is the openvpn configuration I use for my Archos 101 (on the server). I'm not having any problems, using openvpn 2.1.1:
Code:
port 1194
dev tun
tls-server
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/[COLOR="Blue"]<my host>[/COLOR].crt
key /etc/openvpn/keys/[COLOR="blue"]<my host>[/COLOR].key
dh /etc/openvpn/keys/dh1024.pem
mode server
ifconfig 10.8.0.1 10.8.0.2
ifconfig-pool 10.8.0.4 10.8.0.255
push "route 10.8.0.1 255.255.255.255"
client-config-dir ccd
push "redirect-gateway def1"
push "dhcp-option DOMAIN [COLOR="Blue"]<my domain>[/COLOR]"
push "dhcp-option DNS [COLOR="blue"]<my dns server>[/COLOR]"
keepalive 10 60
inactive 3600
route 10.8.0.0 255.255.255.0
user openvpn
group openvpn
persist-tun
persist-key
verb 4
I examined the situation a bit further.
The problem comes from the ifconfig command that openvpn calls itself:
Code:
/system/bin/ifconfig myvpn \
192.168.x.41 \
netmask 255.255.255.0 \
mtu 1500 \
broadcast 192.168.x.255
This is only used when tap interfaces are involved, which is the case in my setup, but not in the setup macemoneta is showing. caesar68: do you also use tap interfaces?
I can reproduce the problem by just using that ifconfig command again.
When I list the IP-address-to-set as the last argument, instead, it works, i.e.
Code:
/system/bin/ifconfig myvpn \
netmask 255.255.255.0 \
mtu 1500 \
broadcast 192.168.x.255 \
192.168.x.41
A quick scanning of the openvpn manpage, does not suggest a way to override the ifconfig command that is used, but it does give an option --ifconfig-noexec which suppresses its calling.
Unfortuntely, when I just pack the is-working-after-the-interface-is-up ifconfig command into an up script with this option, it just gives me an error SIOCSIFNETMASK (Cannot assign requested address) - even if the same commandline works when I run it over an already upped interface... Probably because the interface then already had an IP address...
No problem, though, ifconfig is obsolete anyway, let us just use ip link and ip addr, which are fortunately available under Uruk.
So, caesar68, the clean solution would be to have
--script-security 2 on the openvpn commandline, e.g. via OPENVPN_CFG in /etc/uruk.conf/openvpn
in your myvpn.conf file:
Code:
ifconfig-noexec
up-delay
up-restart
up /etc/openvpn/myvpn-on-up
a corresponding script /etc/openvpn/myvpn-on-up, executable, with content
Code:
#! /system/bin/sh
ip link set $dev mtu $tun_mtu up
ip addr add $ifconfig_local/$ifconfig_netmask \
broadcast $ifconfig_broadcast \
dev $dev
Works For Me
Thanks for the explanation and the workaround, brian_o'fish. Why are you using tap though? Tap provides an Ethernet bridge, so you'll be transporting packets that really don't need to be sent to your Archos (reducing available bandwidth). Tun is layer 3 routed, so only traffic destined for either endpoint goes over the VPN connection.
macemoneta said:
Why are you using tap though?
Click to expand...
Click to collapse
That's what the server I'm using, is configured to do, as it provides transparant bridged LAN access via VPN, and that is what I want, as I am the admin of said LAN and VPN.
If the low level of broadcasts we have, ever increases or appears to be a problem to me, I'll set up an additional tun server, but for now it is simply not an issue.
Anyway, good hint in general!
Hi all!
Thanks a lot for your comments. Yes I am using tap. I would like to have access to my home network (storage etc.). Therefore I want to use the brigde functionality. And that works only when I changed the ifconfig manually afterwards. But the route is distroyed then and packages to the internet are not routed secure thru my home-network.
@ brian_o'fish: Thanks for the advise. I will try that the next days. In the moment I am happy to read, that I am not the only one with the problem (and maybe to stupid to use openvpn - but on the netbook it works).
I have never worked with tun. Maybe I could check, if that is also a workaround.
I will keep you informed, but I am on a trip the next days.
Thanks again!
*** Update ***:
I didn't work neither with tap nor with tun. Meanwhile I tried to run VPNC. I had some trouble, but it works now.
caesar68 said:
I didn't work neither with tap nor with tun.
Click to expand...
Click to collapse
Did you try the approach I described with tap, and can tell where / how it failed?
OK, so since getting the 3VO, there's been a small void in my heart whereby i couldn't connect to my home server via OpenVPN on the stock ROM with root...
So i've compiled the required module, and tested it as working.
The loose process, for those who are interested was:
Code:
* Download the HTC EVO 3D kernel source from HTCDev
* Download the Android SDK
* Download an ARM compiler (i used http://www.codesourcery.com/sgpp/lite/arm/portal/release1293)
* Extract all of the archives into seperate dirs.
* Grab a copy of the /proc/config.gz off my handset and drop uncompessed into the HTC source folder
* export ARCH as ARM, and CROSS_COMPILER as the /bin dir of the ARM compiler
* Jump into the HTC source, and run a make menuconfig:
** remove the "kineto" network adapter (it causes make issues...)
** in General> Localversion, set the kernel localversion (ie. -gdb5464d in this case)
** Exit and save changes
* Add CONFIG_TUN=m to 'Makefile'
* Edit the line echo "+" to echo "" in scripts/setlocalversion
* run: make modules SUBDIR=drivers/net
* You should now find "tun.ko" in drivers/net :)
NOTE: Only tested on 2.6.35.13-gdb5464d
Unfortunately, i don't have the time to put it into a flashable zip, so here's some basic instructions.
Pre-Requisites:
A. You have already setup an OpenVPN Server, and know it works
B. You have already downloaded and installed the OpenVPN Application to your handset (install to default locations)
C. You have the required configuration file and client certificate on your device (this example uses '/sdcard/openvpn' as the openvpn config directory.)
Process:
1. Download the tun.zip file below, and unzip it.
2. Place the 'tun.ko' file onto your SD card.
3. Open up a terminal emulator, or better yet, SSH to your phone with something like QuickSSHD (makes life easier, but not essential.)
4. Remount the /system partition as read/write:
Code:
mount -o remount,rw /dev/block/mmcblk0p22 /system
5. Create a symlink of the modules directory:
Code:
cd /system/lib/modules
ln -s . `uname -r`
6. Copy the module into the system modules directory
Code:
cp /sdcard/tun.ko /system/lib/modules/
7. Create a symlink for iptables, as the OpenVPN app seems to not work with the defaults for that...
Code:
mkdir /system/xbin/bb
ln -s /system/bin/ifconfig /system/xbin/bb/ifconfig
8. And now test!
Code:
/system/xbin/openvpn --config /sdcard/openvpn/openvpn.conf
9. Once you're happy that all is well, don't forget to remount /system as readonly, by either rebooting, or:
Code:
mount -o remount,ro /dev/block/mmcblk0p22 /system
And that should be that! Any questions, just shout!
Kudos to:
http://sshrootat.blogspot.com/2011/06/compiling-tunko-for-android-openvpn.html
Did you test it and it's working?
Because the kernel source on htcdev.com is only for the CDMA version i thought, isn't it?
Has this been tested on the new 2.3.4 kernel? tun is included as default as far as i am aware
I posted this in another thread on aug 28th with no replies.
"On the htcdev site the evo 3d kernel source they have listed is:
HTC EVO 3D-CRC-2.6.35
not sure what the "crc" stands for but my Rogers gsm evo 3d is kernel 2.6.35.13
does that mean it is the right one or am I too hopefull?"
that kernel has been there for a while cdma or gsm or cross compatible?
htc0101 said:
I posted this in another thread on aug 28th with no replies.
"On the htcdev site the evo 3d kernel source they have listed is:
HTC EVO 3D-CRC-2.6.35
not sure what the "crc" stands for but my Rogers gsm evo 3d is kernel 2.6.35.13
does that mean it is the right one or am I too hopefull?"
that kernel has been there for a while cdma or gsm or cross compatible?
Click to expand...
Click to collapse
yes, CRC is the 2.3.3 source and as far as I am aware, totally cross compatable (gsm/cdma)... HTC are farr to slow when it comes to source
not sure what it stands for tbh but the 2.3.3 kernel did not have the built in tun module, if you attempt to insmod a tun module on the 2.3.4 kernel it will reject it as the symbols declared are already defined in the zImage.. good old HTC!
OK, so to answer the questions- i'm not sure if the CRC source itself is cross compatible between GSM and CDMA- i would initially assume not due to whatever wireless device modules are contained within, although Leedroid is suggesting otherwise, and i'd probably take his word on it than mine
The tun module is irrelevant however in any case, as im not compiling an entire kernel, just the one module which is not baseband dependant (ie. it *is* GSM/CDMA cross compatible).
Aside from this, the android version (ie. 2.3.3 or 2.3.4 etc) is also fairly irrelevant, on the basis that you compile for the kernel rather than the OS version (it's still roughly the same underlying OS anyway); particularly as there's no major differences that affect tunnelling between the two revisions that i'm aware of- i can however confirm that the source code was for 2.6.35.10 - which i believe is the original/updated CDMA kernel. However, you would need to recompile the module for it to work on any kernel other than *2.6.35.13*, as modprobe will reject it otherwise due to it being compiled for that specific version.
If you happen to need it for another kernel version and don't fancy compiling it yourself, drop me a note and i'll see what i can do. FYI- I'll need it in the format of "2.6.35.13-gdb5464d". Maybe i'll write a n00bs guide sometime...
Second from lastly; you can probably hexedit the version number to one of your choosing! As long as it matches the string length; ie. full kernel number = 18 characters incuding dots; it will work
And lastly, yes it does work, i'm using it now to connect to my home VPN Stock rooted GSM (UK) 3VO, running 2.3.4, and the kernel it was compiled for (2.6.35.13-gdb5464d)
LeeDroid said:
if you attempt to insmod a tun module on the 2.3.4 kernel it will reject it as the symbols declared are already defined in the zImage.. good old HTC!
Click to expand...
Click to collapse
Strange... i haven't seen any such issues here? That's with the HTC stock kernel? CDMA?
dalgibbard said:
Strange... i haven't seen any such issues here? That's with the HTC stock kernel? CDMA?
Click to expand...
Click to collapse
I had initially made the assumption that HTC would have configured the Evo kernel as they did the sensation, turns out this is not the case, sensation 2.6.35.13 includes tun, howerver the EVO kernel does not... Hmm, wonder what they were thinking?...
My reference to 2.3.3 & 2.3.4 was not directed at the kernel but used as a point of reference for the supplied kernels (in noob terms)
Sent from my s-off HTC sensation running LeeDrOiD Sensational
Well htcdev just released the new MR kernel for the 3d......
Sent from my HTC EVO 3D X515m using xda premium
Thanks for the feedback although I'd be inclined to disagree, mainly on the basis that the CONFIG_TUN option in /proc/config.gz isn't set?
I would say though that i've switched to your ROM (which is pretty great!), and a quick 'find /system -name "*tun*"' doesn't yield any results, so its not modulised- and 'zcat /proc/config.gz | grep "CONFIG_TUN" throws back "# CONFIG_TUN is not set"
That and openVPN doesn't seem to be working yet
I am curious about compiling my own modules (would like to try a few other modules out). Which HTC source do you use for a phone running 2.6.35.10-gbc1cf83, I've tried both crc and mr with no luck I am using the compiler in the NDK to compile. I can build the module but it will not load or I get "init_module './tun.ko' failed (Exec format error)" sounds like maybe the compiler is not working correctly. I would like to use the "codesourcery" compiler but I can not seem to find it.
TIA
Jason
Sorry for the delay Jason, been out of the country for a while I struggled to remember whereabouts on their website it was... So try this instead: http://fingaz.info/armeabi.tar.bz2
jayray1- I'm running the same kernel and was experiencing the same error when trying to install the tun.ko I had just compiled. If you check dmesg after performing the insmod it may give you some insight into why its not loading. In my case it was because I had neglected to include '.10-' in the EXTRAVERSION var of the Makefile for the kernel source, so the magic number of the module was not matching the kernel version.
Your Makefile should contain the following to compile modules for 2.6.35.10-g93c03bf.
Code:
VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 35
EXTRAVERSION = .10-g93c03bf
Also if you're curious, I compiled tun.ko with shooter-2.6.35_mr, though I don't really understand what the difference between MR and CRC kernel source is.
I've attached the tun.ko that I compiled since I couldn't find one elsewhere on the internetz.
Samsung Galaxy S2 - Lightning rom 6.1 - OpenVPN - BusyBox
On my mobile device (Samsung Galaxy S2+Ligthting rom 6.1 - Gingerbread 2.3.4) I can start OpenVPN and I have ip (10.8.0.10) from remote/home server (Debian Squeeze) but I can't connect on my remote/home lan devices (router, pc, etc.); I used tun.zip
The same OpenVPN files work well on Windows and Linux, I can connect all lan hardware !
[email protected]:/home/gabriele# ssh XXX.XXX.XXX.XXX
The authenticity of host 'XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'XXX.XXX.XXX.XXX' (RSA) to the list of known hosts.
QuickSSHD for Android
[email protected]'s password:
# mount -o remount,rw /dev/block/mmcblk0p22 /system
# cd /system/lib/modules
cd: can't cd to /system/lib/modules
# mkdir modules
# ln -s . `uname -r`
# cp /sdcard/tun.ko /system/lib/modules/
# mkdir /system/xbin/bb
# ln -s /system/bin/ifconfig /system/xbin/bb/ifconfig
# /system/xbin/openvpn --config /sdcard/openvpn/client.ovpn
Sat Dec 31 15:08:54 2011 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb 2 2010
Sat Dec 31 15:08:54 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Dec 31 15:08:54 2011 WARNING: file '/sdcard/openvpn/keyone.key' is group or others accessible
Sat Dec 31 15:08:54 2011 LZO compression initialized
Sat Dec 31 15:08:54 2011 Control Channel MTU parms
Sat Dec 31 15:08:54 2011 Data Channel MTU parms
Sat Dec 31 15:08:54 2011 Local Options hash (VER=V4):
Sat Dec 31 15:08:54 2011 Expected Remote Options hash (VER=V4):
Sat Dec 31 15:08:54 2011 Socket Buffers: R=[110592->131072] S=[110592->131072]
Sat Dec 31 15:08:54 2011 UDPv4 link local: [undef]
Sat Dec 31 15:08:54 2011 UDPv4 link remote:
Sat Dec 31 15:08:54 2011 TLS: Initial packet from
Sat Dec 31 15:08:56 2011 VERIFY OK: depth=1, /C=IT/ST=
Sat Dec 31 15:08:56 2011 VERIFY OK: nsCertType=SERVER
Sat Dec 31 15:08:56 2011 VERIFY OK: depth=0, /C=IT/ST=
Sat Dec 31 15:08:58 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 31 15:08:58 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 31 15:08:58 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 31 15:08:58 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 31 15:08:58 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 , 1024 bit RSA
Sat Dec 31 15:08:58 2011 [server01] Peer Connection Initiated with
Sat Dec 31 15:09:00 2011 SENT CONTROL [server01]: 'PUSH_REQUEST' (status=1)
Sat Dec 31 15:09:00 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 10.8.0.1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
Sat Dec 31 15:09:00 2011 OPTIONS IMPORT: timers and/or timeouts modified
Sat Dec 31 15:09:00 2011 OPTIONS IMPORT: --ifconfig/up options modified
Sat Dec 31 15:09:00 2011 OPTIONS IMPORT: route options modified
Sat Dec 31 15:09:00 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Dec 31 15:09:00 2011 ROUTE default_gateway=
Sat Dec 31 15:09:00 2011 TUN/TAP device tun1 opened
Sat Dec 31 15:09:00 2011 TUN/TAP TX queue length set to 100
Sat Dec 31 15:09:00 2011 /system/xbin/bb/ifconfig tun1 10.8.0.10 pointopoint 10.8.0.9 mtu 1500
Sat Dec 31 15:09:00 2011 /system/xbin/bb/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.8.0.9
Sat Dec 31 15:09:00 2011 ERROR: Linux route add command failed: could not execute external program
Sat Dec 31 15:09:00 2011 /system/xbin/bb/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.9
Sat Dec 31 15:09:00 2011 ERROR: Linux route add command failed: could not execute external program
Sat Dec 31 15:09:00 2011 Initialization Sequence Completed
I don't know what file I need to modify on my mobile device, I know Debian Gnu Linux and on this o.s. it is easy solve problem !
GbMax78
Well described issue! I can see the issue too- you see where you've done the "ln -s" for ifconfig? You need to do the same again, but swap "ifconfig" for "route", as openvpn is failing to locate it.
ln -s /system/bin/route /system/xbin/bb/route
That is of course assuming that route is actually in /system/bin/
Samsung Galaxy S2 - Lightning rom 6.1 - OpenVPN - BusyBox [SOLVED]
dalgibbard said:
ln -s /system/bin/route /system/xbin/bb/route
Click to expand...
Click to collapse
QuickSSHD for Android
[email protected]'s password:
# ls
# cd ..
# ls
dropbear home lib shared_prefs
# ln -s /system/bin/route /system/xbin/bb/route
ln: /system/xbin/bb/route: Read-only file system
# mount -o remount,rw /dev/block/mmcblk0p22 /system
# ln -s /system/bin/route /system/xbin/bb/route
# mount -o remount,ro /dev/block/mmcblk0p22 /system
# /system/xbin/openvpn --config /sdcard/openvpn/client.ovpn
Sun Jan 1 16:12:38 2012 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb 2 2010
Sun Jan 1 16:12:38 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jan 1 16:12:38 2012 WARNING: file '/sdcard/openvpn/keyone01.key' is group or others accessible
Sun Jan 1 16:12:38 2012 LZO compression initialized
Sun Jan 1 16:12:38 2012 Control Channel MTU parms [ X:XXXX X:XXX XX:XX XX:X XX:X XX:X ]
Sun Jan 1 16:12:39 2012 Data Channel MTU parms [ X:XXXX X:XXXX XX:XX XX:XXX XX:0 EL:0 AF:3/1 ]
Sun Jan 1 16:12:39 2012 Local Options hash (VER=V4): 'XXXXXXXX'
Sun Jan 1 16:12:39 2012 Expected Remote Options hash (VER=V4): 'XXXXXXXX'
Sun Jan 1 16:12:39 2012 Socket Buffers: R=[110592->131072] S=[110592->131072]
Sun Jan 1 16:12:39 2012 UDPv4 link local: [undef]
Sun Jan 1 16:12:39 2012 UDPv4 link remote: XX.XXX.XX.XX:1194
Sun Jan 1 16:12:39 2012 TLS: Initial packet from XX.XXX.XX.XX:1194, sid=XXXXXXXXXXXXXXXXXX
Sun Jan 1 16:12:40 2012 VERIFY OK: depth=1, /C=IT/ST=XX/L=XXXXXXXXXX/O=XXXXXX/OU=XXXXXX/CN=server01/name=XXXXXXXX/[email protected]
Sun Jan 1 16:12:40 2012 VERIFY OK: nsCertType=SERVER
Sun Jan 1 16:12:40 2012 VERIFY OK: depth=0, /C=XX/ST=XX/L=XXXXXXXXXX/O=XXXXXX/OU=XXXXXX/CN=server01/name=XXXXXXXX/[email protected]
Sun Jan 1 16:12:42 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 1 16:12:42 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 1 16:12:42 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 1 16:12:42 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 1 16:12:42 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 XXX-RSA-AES256-SHA, 1024 bit RSA
Sun Jan 1 16:12:42 2012 [server01] Peer Connection Initiated with XX.XXX.XX.XX:1194
Sun Jan 1 16:12:44 2012 SENT CONTROL [server01]: 'PUSH_REQUEST' (status=1)
Sun Jan 1 16:12:45 2012 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 10.8.0.1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Jan 1 16:12:45 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan 1 16:12:45 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan 1 16:12:45 2012 OPTIONS IMPORT: route options modified
Sun Jan 1 16:12:45 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan 1 16:12:45 2012 ROUTE default_gateway=XXX.XX.XXX.X
Sun Jan 1 16:12:45 2012 TUN/TAP device tun0 opened
Sun Jan 1 16:12:45 2012 TUN/TAP TX queue length set to 100
Sun Jan 1 16:12:45 2012 /system/xbin/bb/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Sun Jan 1 16:12:45 2012 /system/xbin/bb/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.8.0.5
Sun Jan 1 16:12:45 2012 /system/xbin/bb/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.5
Sun Jan 1 16:12:45 2012 Initialization Sequence Completed
Fantastic !!! Wonderful !!! THANK YOU VERY MUCH !
Happy new year !!!
GbMax78
No problem, glad it worked.
One last thing- "keyone01.key" should only be root readable, that's why your getting an error about it for group perms.you can fix that by doing:
chmod 600 /path/to/keyone01.key
Not essential, but fairly wise from a security point of view, and it'll fix that error
Samsung Galaxy S2 - Lightning rom 6.1 - OpenVPN - BusyBox [SOLVED]
dalgibbard said:
No problem, glad it worked.
Click to expand...
Click to collapse
You solved a big problem, I know Debian Gnu Linux, I use Zenwalk and Slackware but Android it isn't the same...
dalgibbard said:
One last thing- "keyone01.key" should only be root readable, that's why your getting an error about it for group perms.
Click to expand...
Click to collapse
I don't understand what are Android perms and when I start the phone I don't know if I am root or normal user !
There is message "WARNING: file '/sdcard/openvpn/keyone.key' is group or others accessible" because all users can access this file ? Now keyone01.key is 777 ? But if I make keyone01.key root readable only I have problems if I start the phone as normal user ?
dalgibbard said:
you can fix that by doing:
chmod 600 /path/to/keyone01.key
Click to expand...
Click to collapse
Ok when I have one minute I do that !
dalgibbard said:
Not essential, but fairly wise from a security point of view, and it'll fix that error
Click to expand...
Click to collapse
I would like to understand perms on Android, on Linux if you change files perms for root only, normal user can't use them but if there is one user, root, this is the reason to change perms for root only !
GbMax78
Sorry, regarding that whole permissions thing, ignore it-even as root you can't change the perms of the file (namely the owner) as it had to keep the sdcard_rw group in order for you to list the file... Probably still worth chmodding it to 600 though, you just can't change the owner to root, meaning that error won't go away it's not a problem though really, more an observation.
The idea was that openvpn is run as root (standard users can't access the tun module) and therefore in order to protect your secret key (which normally you should as it gives anyone with access to the file, access to you network...), the key should be owned by the person who runs the app (in this case "root") and the permissions changed to only allow them access. It in the same manner as Linux/UNIX permissions anyway
For reference for anyone that doesn't know, the chmod is broken down into three elements-the first digit is for the "owner", the next is for the "group", and the last is for everyone else. The numbers are added up from the following dependant on which perms are required:
4= read
2= write
1= execute
So 600 means to give read and write access without execute to the file owner. The zeros elsewhere mean to give those users/groups nothing.
Hope that helps!
PS for the Linux geeks on here reading this, there is a fourth value too for sticky bit etc, but I won't cover that here
Any chance of getting a tun.ko module compiled for kernel 2.6.35.13-g84f8edd (EVO 3D CDMA running stock kernel and Fresh Evo 3d 4.1.0)?
I tried the tun.ko in this thread and I get an exec error when I try insmod which I believe usually indicates a kernel/compile mismatch.
Thanks!
Hi all,
I'm trying to get OpenVPN running on my Galaxy S2. I installed the OpenVPN Installer and OpenVPN Settings from Market (OpenVPN 2.1.1), and I am starting with an OpenVPN config file that I know works (it's a working config that I use on my XUbuntu system):
client
dev tun
proto udp
remote somehost.somedomain.com 1194
ifconfig 192.168.21.10 255.255.255.0
redirect-gateway def1
nobind
ca ca.crt
cert my.crt
key my.key
verb 3
mute 10
The first thing is that the "ifconfig" doesn't seem to be accepted:
Options error: Unrecognized option or missing parameter(s) in config.ovpn:5: ifconfig (2.1.1)
If I comment this out, I get:
Fri Dec 30 21:32:07 2011 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
However, I ALSO do not see any "ifconfig" calls in the openvpn log this way, which makes me thing that OpenVPN isn't actually setting up the tunnel, which probably explains the later errors (see below).
If I add a "route-gateway 192.168.21.5", (that's the def gateway that my Xubuntu system ends up with when i start this VPN connection) I get:
Fri Dec 30 21:34:27 2011 /system/xbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 192.168.21.5
route: SIOCADDRT: No such process
Fri Dec 30 21:34:27 2011 ERROR: Linux route add command failed: external program exited with error status: 1
Fri Dec 30 21:34:27 2011 /system/xbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 192.168.21.5
route: SIOCADDRT: No such process
Fri Dec 30 21:34:27 2011 ERROR: Linux route add command failed: external program exited with error status: 1
On my Xubuntu system I don't actually need to add any "route-gateway", as I think the OpenVPN version there (2.2.0) understands the "redirect-gateway" directive, while I don't think that OpenVPN 2.1.1 understands that yet.
Can anybody recommend correct settings so I can make this work?
Regards
[edit] Oh, nice. I flashed an insecure ROM to my phone, then used the "openvpn-static.bz2" binary from this location (copied to /system/xbin/openvpn), and now it works.
Hello guys this is my first HOW to so please be a lil bit patient.
Questions and comments are welcomed of course!
Because I sent my SGS 2 for repair I took my older blackberry from my box with old garbage and tried to think about internet connection.
BB doesn't have wifi hotspot or something like this so how can we dial up internet connection from android?
Here we go.
Some stuff which must be installed before procedure:
1) ROOTed device
2) Busybox installed
3) Linux in loop device - maybe this is not needed but I am lazy ass and this was the fastest solution.
Procedure:
First of all we need to determine what is your bluetooth address (blackberry in my case).
For this one you have two options.
1) Determine it on your PC (I don't have windows so I will describe linux method only)
Turn bluetooth on your PC on.
Turn bluetooth on your cellphone and enable device discovery (device needs to be visible!!)
Open terminal and write:
Code:
hcitool scan
You will get something like this: " f4:0b:93:08:a0:16 "
Write it down you will need it for later use.
2) How to determin a bluetooth address on android
Because standart busybox and asus rom don't have hcitool we will need to use it from Linux environment (from loop device).
So if you haven't installed linux distro in loop file do it! It's up to you which one you preffere. I made following steps in ubuntu 12.04.
After installing ubuntu to the loop device start it and write from command line:
Code:
sudo apt-get update && sudo apt-get install bluetooth
Ok now we have tools for bluetooth installed.
Now turn on bluetooth on your android, turn on bluetooth on cellphone (discovery enabled).
chroot into your linux in loop and write:
Code:
hcitool scan
Write down your address like in the example above.
Now we need to determine which number of channel is dialup networking
This command is included in android terminal with busybox so you don't have to write it in the loop linux distro.
So write in the terminal like SU:
Code:
sdptool browse f4:0b:93:08:a0:16 <--- here is YOUR address of bluetooth cellphone
You will get something like this:
Code:
Browsing F4:0B:93:08:A0:16 ...
Service Name: Dialup Networking
Service RecHandle: 0x10000
Service Class ID List:
"Dialup Networking" (0x1103)
"Generic Networking" (0x1201)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 1
Profile Descriptor List:
"Dialup Networking" (0x1103)
Version: 0x0100
Service Name: Voice gateway
Service RecHandle: 0x10001
Service Class ID List:
"Headset Audio Gateway" (0x1112)
"Generic Audio" (0x1203)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 2
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100
Profile Descriptor List:
"Headset" (0x1108)
Version: 0x0100
Service Name: Hands-free
Service RecHandle: 0x10002
Service Class ID List:
"Handsfree Audio Gateway" (0x111f)
"Generic Audio" (0x1203)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 3
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100
Profile Descriptor List:
"Handsfree" (0x111e)
Version: 0x0105
Service Name: Advanced Audio
Service Provider: BlackBerry
Service RecHandle: 0x10003
Service Class ID List:
"Audio Source" (0x110a)
Protocol Descriptor List:
"L2CAP" (0x0100)
PSM: 25
"AVDTP" (0x0019)
uint16: 0x102
Profile Descriptor List:
"Advanced Audio" (0x110d)
Version: 0x0102
Service Name: AVRCP Remote Control
Service Provider: BlackBerry
Service RecHandle: 0x10004
Service Class ID List:
"AV Remote" (0x110e)
Protocol Descriptor List:
"L2CAP" (0x0100)
PSM: 23
"AVCTP" (0x0017)
uint16: 0x102
Profile Descriptor List:
"AV Remote" (0x110e)
Version: 0x0103
Service Name: AVRCP Remote Control Target
Service Provider: BlackBerry
Service RecHandle: 0x10005
Service Class ID List:
"AV Remote Target" (0x110c)
Protocol Descriptor List:
"L2CAP" (0x0100)
PSM: 23
"AVCTP" (0x0017)
uint16: 0x102
Profile Descriptor List:
"AV Remote" (0x110e)
Version: 0x0103
Service Name: SIM Access
Service RecHandle: 0x10006
Service Class ID List:
"SIM Access" (0x112d)
"Generic Telephony" (0x1204)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 4
Profile Descriptor List:
"SIM Access" (0x112d)
Version: 0x0102
Service Name: Phonebook Access PSE
Service RecHandle: 0x10007
Service Class ID List:
"Phonebook Access - PSE" (0x112f)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 5
"OBEX" (0x0008)
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100
Profile Descriptor List:
"Phonebook Access" (0x1130)
Version: 0x0100
#
In the example above we need to find dialup networking (you can grep it of course but the name can be a little different).
When you locate in your output this sevice (once again Dialup networking), look for channel.
In my case channel is 1.
Code:
Service Name: Dialup Networking
Service RecHandle: 0x10000
Service Class ID List:
"Dialup Networking" (0x1103)
"Generic Networking" (0x1201)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 1
Write the channel number down.
Now you have your address and we won't need linux distro anymore (in this case )
Now run android terminal and write:
Code:
su
mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
This will remount system for read and write.
Now download latest package of berry from this address:
https://bitbucket.org/tcolar/berry4all/downloads
and save it unpacked to somewhere on sdcard.
These configurations file are for blackberry but with some modifications it can work for another cellphones !!!!!!!!!
We will use configuration files in the folder config.
I am from Czech republic and I use T-Mobile.
It unfortunately means that I didn't have right dial configuration file in the config folder. So I took tmobile and tmobile-bb-chat and rename it to tmobilecz and tmobilecz-chat. After that I created folder on the sdcard called chatscripts and moved tmobilecz-chat there.
File tmobilecz needs to be moved to the /etc/ppp/peers.
So here is how to do that from android terminal:
Code:
su
cp /sdcard/download/berry/config/tmobile /etc/ppp/peers/tmobilecz
mkdir /sdcard/chatscripts && cp /sdcard/download/berry/config/tmobile-bb-chat /sdcard/chatscripts/tmobilecz-chat
Here is output of my configs:
Code:
/ $ su
# cat /etc/ppp/peers/tmobilecz
# was tested as working by Me
#460800
115200
/dev/rfcomm1
## No detach = PPP dialing stays in foreground
nodetach
#noipdefault
defaultroute
#nomultilink
#ipcp-restart 7
#ipcp-accept-local
#ipcp-accept-remote
#lcp-echo-interval 0
#lcp-echo-failure 99
#nopcomp
#noaccomp
#noauth
nomagic
#noccp
#crtscts
#pap-timeout 20
#pap-restart 20
#lcp-restart 10
#novj
user "gprs"
password "gprs"
usepeerdns
#debug debug debug
# does not exist in all pppd versions (osx)
#replacedefaultroute
connect "/system/bin/chat -f /sdcard/chatscripts/tmobilecz-chat"
and chat file:
Code:
/ $ cat /sdcard/chatscripts/tmobilecz-chat
TIMEOUT 10
ABORT 'BUSY'
ABORT 'NO ANSWER'
ABORT 'ERROR'
ABORT "NO DIALTONE"
ABORT VOICE
ABORT RINGING
SAY 'Starting GPRS connect script\n'
'' 'BBT_OS'
'' 'ATZ'
OK 'AT+CGDCONT=1,"IP","internet.t-mobile.cz"'
ABORT 'NO CARRIER'
SAY 'Dialing...\n'
OK 'ATD*99#'
CONNECT
~p
/ $
Now we have configs on the place last thing is that we need initiate dun connection between android and phone.
You can imagine it like a tunnel for dialing, so it needs to be established before dialing (pppd daemon).
Now we will use our determined bluetooth address and chanel with rfcomm command.
Android terminal like SU:
Code:
su
rfcomm bind /dev/rfcomm1 f4:0b:93:08:a0:16 1
rfcomm is utility for creating connecting, bind option will create device under /dev/rfcomm1, after bind is bluetooth address and at the end is 1 this is number of channel.
THIS COMMAND NEEDS TO BE RUN AFTER EACH REBOOT when you want to dial internet from your phone.
During this commnd you can receive request for pairing, do it of course.
After this command run as root pppd daemon with your config file, in my case named tmobilecz:
Code:
su
pppd call tmobilecz
If you have nodetach option in the peers config file like me, dial process stays in the foreground. You can close it by ctrl+c or closing terminal window.
After pppd you should receive ip address by the phone and connectio to the internet!!
WOALA!
If it is not working or you want to check what is going on during dialing install application ALOGCAT from market and filter messages with pppd only.
If you have difficulties write it down and I will try to help you.
After this setup everytime when you want connect to the internet through phone you have to write this in terminal (i created script for myself but it's up to you)
EXAMPLE:
android terminal:
Code:
su
rfcomm bind /dev/rfcomm1 f4:0b:93:08:a0:16 1
pppd file /etc/ppp/peers/tmobilecz
That's all!
When I have a time I will better format and color this post.
Now I have to cut my grass in the garden sorry
placeholder for future use
deadlocked007 said:
You do know you could've just used pdanet tablet
Sent from my PG86100 using XDA
Click to expand...
Click to collapse
Code:
This software allows you to get FULL Internet on an Android tablet if you have an Android phone.
I don't have android phone so answer is no it can't be used.
Dear all,
I installed Unbuntu Touch on my Nexus 4 yesterday (18.09.2013, with the build 20130917.1). It is working more or less, as expected :silly:
One of the problem I am facing is that the ssh server is not working. I could install (and --reinstall) it without problem (apt-get install openssh-server ssh), but if I check with "ps -ef|grep ssh") I only see the ssh-agent and the connection from another computer is not working.
Any idea?
Best regards,
Pierre
[email protected]:/# apt-get install --reinstall openssh-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 0 B/231 kB of archives.
After this operation, 0 B of additional disk space will be used.
(Reading database ... 38659 files and directories currently installed.)
Preparing to replace openssh-server 1:6.2p2-6 (using .../openssh-server_1%3a6.2p2-6_armhf.deb) ...
Unpacking replacement openssh-server ...
Processing triggers for ureadahead ...
Processing triggers for ufw ...
WARN: / is world writable!
WARN: / is group writable!
Setting up openssh-server (1:6.2p2-6) ...
[email protected]:/#
[email protected]:~$ ssh [email protected]
ssh: connect to host 192.168.1.69 port 22: No route to host
[email protected]:/home/phablet/Downloads# ps -ef | grep ssh
phablet 739 711 0 09:11 ? 00:00:00 ssh-agent
I just noticed that I have the same problem...
If I had time I would look at it, too, but right now I have other things to do...
To98 said:
I just noticed that I have the same problem...
If I had time I would look at it, too, but right now I have other things to do...
Click to expand...
Click to collapse
Same problem here. ssh to another device is possible, but no acces to phablet.
Same In GNex
try
sudo service ssh start
(if you are root or not you must use sudo)
but it does not automatically start when reboot
Still not wokring
[email protected]:/# service ssh start
ssh start/running, process 5890
[email protected]:~$ ssh [email protected]
ssh: connect to host 192.168.1.69 port 22: No route to host
[email protected]:~$ ps -ef|grep 5890
vmalep 12613 12544 0 13:00 pts/4 00:00:00 grep --color=auto 5890
chaoskernel said:
try
sudo service ssh start
(if you are root or not you must use sudo)
but it does not automatically start when reboot
Click to expand...
Click to collapse
thank you! installed version 57 and used
sudo service ssh start
work fine!