OK, so since getting the 3VO, there's been a small void in my heart whereby i couldn't connect to my home server via OpenVPN on the stock ROM with root...
So i've compiled the required module, and tested it as working.
The loose process, for those who are interested was:
Code:
* Download the HTC EVO 3D kernel source from HTCDev
* Download the Android SDK
* Download an ARM compiler (i used http://www.codesourcery.com/sgpp/lite/arm/portal/release1293)
* Extract all of the archives into seperate dirs.
* Grab a copy of the /proc/config.gz off my handset and drop uncompessed into the HTC source folder
* export ARCH as ARM, and CROSS_COMPILER as the /bin dir of the ARM compiler
* Jump into the HTC source, and run a make menuconfig:
** remove the "kineto" network adapter (it causes make issues...)
** in General> Localversion, set the kernel localversion (ie. -gdb5464d in this case)
** Exit and save changes
* Add CONFIG_TUN=m to 'Makefile'
* Edit the line echo "+" to echo "" in scripts/setlocalversion
* run: make modules SUBDIR=drivers/net
* You should now find "tun.ko" in drivers/net :)
NOTE: Only tested on 2.6.35.13-gdb5464d
Unfortunately, i don't have the time to put it into a flashable zip, so here's some basic instructions.
Pre-Requisites:
A. You have already setup an OpenVPN Server, and know it works
B. You have already downloaded and installed the OpenVPN Application to your handset (install to default locations)
C. You have the required configuration file and client certificate on your device (this example uses '/sdcard/openvpn' as the openvpn config directory.)
Process:
1. Download the tun.zip file below, and unzip it.
2. Place the 'tun.ko' file onto your SD card.
3. Open up a terminal emulator, or better yet, SSH to your phone with something like QuickSSHD (makes life easier, but not essential.)
4. Remount the /system partition as read/write:
Code:
mount -o remount,rw /dev/block/mmcblk0p22 /system
5. Create a symlink of the modules directory:
Code:
cd /system/lib/modules
ln -s . `uname -r`
6. Copy the module into the system modules directory
Code:
cp /sdcard/tun.ko /system/lib/modules/
7. Create a symlink for iptables, as the OpenVPN app seems to not work with the defaults for that...
Code:
mkdir /system/xbin/bb
ln -s /system/bin/ifconfig /system/xbin/bb/ifconfig
8. And now test!
Code:
/system/xbin/openvpn --config /sdcard/openvpn/openvpn.conf
9. Once you're happy that all is well, don't forget to remount /system as readonly, by either rebooting, or:
Code:
mount -o remount,ro /dev/block/mmcblk0p22 /system
And that should be that! Any questions, just shout!
Kudos to:
http://sshrootat.blogspot.com/2011/06/compiling-tunko-for-android-openvpn.html
Did you test it and it's working?
Because the kernel source on htcdev.com is only for the CDMA version i thought, isn't it?
Has this been tested on the new 2.3.4 kernel? tun is included as default as far as i am aware
I posted this in another thread on aug 28th with no replies.
"On the htcdev site the evo 3d kernel source they have listed is:
HTC EVO 3D-CRC-2.6.35
not sure what the "crc" stands for but my Rogers gsm evo 3d is kernel 2.6.35.13
does that mean it is the right one or am I too hopefull?"
that kernel has been there for a while cdma or gsm or cross compatible?
htc0101 said:
I posted this in another thread on aug 28th with no replies.
"On the htcdev site the evo 3d kernel source they have listed is:
HTC EVO 3D-CRC-2.6.35
not sure what the "crc" stands for but my Rogers gsm evo 3d is kernel 2.6.35.13
does that mean it is the right one or am I too hopefull?"
that kernel has been there for a while cdma or gsm or cross compatible?
Click to expand...
Click to collapse
yes, CRC is the 2.3.3 source and as far as I am aware, totally cross compatable (gsm/cdma)... HTC are farr to slow when it comes to source
not sure what it stands for tbh but the 2.3.3 kernel did not have the built in tun module, if you attempt to insmod a tun module on the 2.3.4 kernel it will reject it as the symbols declared are already defined in the zImage.. good old HTC!
OK, so to answer the questions- i'm not sure if the CRC source itself is cross compatible between GSM and CDMA- i would initially assume not due to whatever wireless device modules are contained within, although Leedroid is suggesting otherwise, and i'd probably take his word on it than mine
The tun module is irrelevant however in any case, as im not compiling an entire kernel, just the one module which is not baseband dependant (ie. it *is* GSM/CDMA cross compatible).
Aside from this, the android version (ie. 2.3.3 or 2.3.4 etc) is also fairly irrelevant, on the basis that you compile for the kernel rather than the OS version (it's still roughly the same underlying OS anyway); particularly as there's no major differences that affect tunnelling between the two revisions that i'm aware of- i can however confirm that the source code was for 2.6.35.10 - which i believe is the original/updated CDMA kernel. However, you would need to recompile the module for it to work on any kernel other than *2.6.35.13*, as modprobe will reject it otherwise due to it being compiled for that specific version.
If you happen to need it for another kernel version and don't fancy compiling it yourself, drop me a note and i'll see what i can do. FYI- I'll need it in the format of "2.6.35.13-gdb5464d". Maybe i'll write a n00bs guide sometime...
Second from lastly; you can probably hexedit the version number to one of your choosing! As long as it matches the string length; ie. full kernel number = 18 characters incuding dots; it will work
And lastly, yes it does work, i'm using it now to connect to my home VPN Stock rooted GSM (UK) 3VO, running 2.3.4, and the kernel it was compiled for (2.6.35.13-gdb5464d)
LeeDroid said:
if you attempt to insmod a tun module on the 2.3.4 kernel it will reject it as the symbols declared are already defined in the zImage.. good old HTC!
Click to expand...
Click to collapse
Strange... i haven't seen any such issues here? That's with the HTC stock kernel? CDMA?
dalgibbard said:
Strange... i haven't seen any such issues here? That's with the HTC stock kernel? CDMA?
Click to expand...
Click to collapse
I had initially made the assumption that HTC would have configured the Evo kernel as they did the sensation, turns out this is not the case, sensation 2.6.35.13 includes tun, howerver the EVO kernel does not... Hmm, wonder what they were thinking?...
My reference to 2.3.3 & 2.3.4 was not directed at the kernel but used as a point of reference for the supplied kernels (in noob terms)
Sent from my s-off HTC sensation running LeeDrOiD Sensational
Well htcdev just released the new MR kernel for the 3d......
Sent from my HTC EVO 3D X515m using xda premium
Thanks for the feedback although I'd be inclined to disagree, mainly on the basis that the CONFIG_TUN option in /proc/config.gz isn't set?
I would say though that i've switched to your ROM (which is pretty great!), and a quick 'find /system -name "*tun*"' doesn't yield any results, so its not modulised- and 'zcat /proc/config.gz | grep "CONFIG_TUN" throws back "# CONFIG_TUN is not set"
That and openVPN doesn't seem to be working yet
I am curious about compiling my own modules (would like to try a few other modules out). Which HTC source do you use for a phone running 2.6.35.10-gbc1cf83, I've tried both crc and mr with no luck I am using the compiler in the NDK to compile. I can build the module but it will not load or I get "init_module './tun.ko' failed (Exec format error)" sounds like maybe the compiler is not working correctly. I would like to use the "codesourcery" compiler but I can not seem to find it.
TIA
Jason
Sorry for the delay Jason, been out of the country for a while I struggled to remember whereabouts on their website it was... So try this instead: http://fingaz.info/armeabi.tar.bz2
jayray1- I'm running the same kernel and was experiencing the same error when trying to install the tun.ko I had just compiled. If you check dmesg after performing the insmod it may give you some insight into why its not loading. In my case it was because I had neglected to include '.10-' in the EXTRAVERSION var of the Makefile for the kernel source, so the magic number of the module was not matching the kernel version.
Your Makefile should contain the following to compile modules for 2.6.35.10-g93c03bf.
Code:
VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 35
EXTRAVERSION = .10-g93c03bf
Also if you're curious, I compiled tun.ko with shooter-2.6.35_mr, though I don't really understand what the difference between MR and CRC kernel source is.
I've attached the tun.ko that I compiled since I couldn't find one elsewhere on the internetz.
Samsung Galaxy S2 - Lightning rom 6.1 - OpenVPN - BusyBox
On my mobile device (Samsung Galaxy S2+Ligthting rom 6.1 - Gingerbread 2.3.4) I can start OpenVPN and I have ip (10.8.0.10) from remote/home server (Debian Squeeze) but I can't connect on my remote/home lan devices (router, pc, etc.); I used tun.zip
The same OpenVPN files work well on Windows and Linux, I can connect all lan hardware !
[email protected]:/home/gabriele# ssh XXX.XXX.XXX.XXX
The authenticity of host 'XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'XXX.XXX.XXX.XXX' (RSA) to the list of known hosts.
QuickSSHD for Android
[email protected]'s password:
# mount -o remount,rw /dev/block/mmcblk0p22 /system
# cd /system/lib/modules
cd: can't cd to /system/lib/modules
# mkdir modules
# ln -s . `uname -r`
# cp /sdcard/tun.ko /system/lib/modules/
# mkdir /system/xbin/bb
# ln -s /system/bin/ifconfig /system/xbin/bb/ifconfig
# /system/xbin/openvpn --config /sdcard/openvpn/client.ovpn
Sat Dec 31 15:08:54 2011 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb 2 2010
Sat Dec 31 15:08:54 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Dec 31 15:08:54 2011 WARNING: file '/sdcard/openvpn/keyone.key' is group or others accessible
Sat Dec 31 15:08:54 2011 LZO compression initialized
Sat Dec 31 15:08:54 2011 Control Channel MTU parms
Sat Dec 31 15:08:54 2011 Data Channel MTU parms
Sat Dec 31 15:08:54 2011 Local Options hash (VER=V4):
Sat Dec 31 15:08:54 2011 Expected Remote Options hash (VER=V4):
Sat Dec 31 15:08:54 2011 Socket Buffers: R=[110592->131072] S=[110592->131072]
Sat Dec 31 15:08:54 2011 UDPv4 link local: [undef]
Sat Dec 31 15:08:54 2011 UDPv4 link remote:
Sat Dec 31 15:08:54 2011 TLS: Initial packet from
Sat Dec 31 15:08:56 2011 VERIFY OK: depth=1, /C=IT/ST=
Sat Dec 31 15:08:56 2011 VERIFY OK: nsCertType=SERVER
Sat Dec 31 15:08:56 2011 VERIFY OK: depth=0, /C=IT/ST=
Sat Dec 31 15:08:58 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 31 15:08:58 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 31 15:08:58 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 31 15:08:58 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 31 15:08:58 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 , 1024 bit RSA
Sat Dec 31 15:08:58 2011 [server01] Peer Connection Initiated with
Sat Dec 31 15:09:00 2011 SENT CONTROL [server01]: 'PUSH_REQUEST' (status=1)
Sat Dec 31 15:09:00 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 10.8.0.1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
Sat Dec 31 15:09:00 2011 OPTIONS IMPORT: timers and/or timeouts modified
Sat Dec 31 15:09:00 2011 OPTIONS IMPORT: --ifconfig/up options modified
Sat Dec 31 15:09:00 2011 OPTIONS IMPORT: route options modified
Sat Dec 31 15:09:00 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Dec 31 15:09:00 2011 ROUTE default_gateway=
Sat Dec 31 15:09:00 2011 TUN/TAP device tun1 opened
Sat Dec 31 15:09:00 2011 TUN/TAP TX queue length set to 100
Sat Dec 31 15:09:00 2011 /system/xbin/bb/ifconfig tun1 10.8.0.10 pointopoint 10.8.0.9 mtu 1500
Sat Dec 31 15:09:00 2011 /system/xbin/bb/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.8.0.9
Sat Dec 31 15:09:00 2011 ERROR: Linux route add command failed: could not execute external program
Sat Dec 31 15:09:00 2011 /system/xbin/bb/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.9
Sat Dec 31 15:09:00 2011 ERROR: Linux route add command failed: could not execute external program
Sat Dec 31 15:09:00 2011 Initialization Sequence Completed
I don't know what file I need to modify on my mobile device, I know Debian Gnu Linux and on this o.s. it is easy solve problem !
GbMax78
Well described issue! I can see the issue too- you see where you've done the "ln -s" for ifconfig? You need to do the same again, but swap "ifconfig" for "route", as openvpn is failing to locate it.
ln -s /system/bin/route /system/xbin/bb/route
That is of course assuming that route is actually in /system/bin/
Samsung Galaxy S2 - Lightning rom 6.1 - OpenVPN - BusyBox [SOLVED]
dalgibbard said:
ln -s /system/bin/route /system/xbin/bb/route
Click to expand...
Click to collapse
QuickSSHD for Android
[email protected]'s password:
# ls
# cd ..
# ls
dropbear home lib shared_prefs
# ln -s /system/bin/route /system/xbin/bb/route
ln: /system/xbin/bb/route: Read-only file system
# mount -o remount,rw /dev/block/mmcblk0p22 /system
# ln -s /system/bin/route /system/xbin/bb/route
# mount -o remount,ro /dev/block/mmcblk0p22 /system
# /system/xbin/openvpn --config /sdcard/openvpn/client.ovpn
Sun Jan 1 16:12:38 2012 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb 2 2010
Sun Jan 1 16:12:38 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jan 1 16:12:38 2012 WARNING: file '/sdcard/openvpn/keyone01.key' is group or others accessible
Sun Jan 1 16:12:38 2012 LZO compression initialized
Sun Jan 1 16:12:38 2012 Control Channel MTU parms [ X:XXXX X:XXX XX:XX XX:X XX:X XX:X ]
Sun Jan 1 16:12:39 2012 Data Channel MTU parms [ X:XXXX X:XXXX XX:XX XX:XXX XX:0 EL:0 AF:3/1 ]
Sun Jan 1 16:12:39 2012 Local Options hash (VER=V4): 'XXXXXXXX'
Sun Jan 1 16:12:39 2012 Expected Remote Options hash (VER=V4): 'XXXXXXXX'
Sun Jan 1 16:12:39 2012 Socket Buffers: R=[110592->131072] S=[110592->131072]
Sun Jan 1 16:12:39 2012 UDPv4 link local: [undef]
Sun Jan 1 16:12:39 2012 UDPv4 link remote: XX.XXX.XX.XX:1194
Sun Jan 1 16:12:39 2012 TLS: Initial packet from XX.XXX.XX.XX:1194, sid=XXXXXXXXXXXXXXXXXX
Sun Jan 1 16:12:40 2012 VERIFY OK: depth=1, /C=IT/ST=XX/L=XXXXXXXXXX/O=XXXXXX/OU=XXXXXX/CN=server01/name=XXXXXXXX/[email protected]
Sun Jan 1 16:12:40 2012 VERIFY OK: nsCertType=SERVER
Sun Jan 1 16:12:40 2012 VERIFY OK: depth=0, /C=XX/ST=XX/L=XXXXXXXXXX/O=XXXXXX/OU=XXXXXX/CN=server01/name=XXXXXXXX/[email protected]
Sun Jan 1 16:12:42 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 1 16:12:42 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 1 16:12:42 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 1 16:12:42 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 1 16:12:42 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 XXX-RSA-AES256-SHA, 1024 bit RSA
Sun Jan 1 16:12:42 2012 [server01] Peer Connection Initiated with XX.XXX.XX.XX:1194
Sun Jan 1 16:12:44 2012 SENT CONTROL [server01]: 'PUSH_REQUEST' (status=1)
Sun Jan 1 16:12:45 2012 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 10.8.0.1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Jan 1 16:12:45 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan 1 16:12:45 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan 1 16:12:45 2012 OPTIONS IMPORT: route options modified
Sun Jan 1 16:12:45 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan 1 16:12:45 2012 ROUTE default_gateway=XXX.XX.XXX.X
Sun Jan 1 16:12:45 2012 TUN/TAP device tun0 opened
Sun Jan 1 16:12:45 2012 TUN/TAP TX queue length set to 100
Sun Jan 1 16:12:45 2012 /system/xbin/bb/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Sun Jan 1 16:12:45 2012 /system/xbin/bb/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.8.0.5
Sun Jan 1 16:12:45 2012 /system/xbin/bb/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.5
Sun Jan 1 16:12:45 2012 Initialization Sequence Completed
Fantastic !!! Wonderful !!! THANK YOU VERY MUCH !
Happy new year !!!
GbMax78
No problem, glad it worked.
One last thing- "keyone01.key" should only be root readable, that's why your getting an error about it for group perms.you can fix that by doing:
chmod 600 /path/to/keyone01.key
Not essential, but fairly wise from a security point of view, and it'll fix that error
Samsung Galaxy S2 - Lightning rom 6.1 - OpenVPN - BusyBox [SOLVED]
dalgibbard said:
No problem, glad it worked.
Click to expand...
Click to collapse
You solved a big problem, I know Debian Gnu Linux, I use Zenwalk and Slackware but Android it isn't the same...
dalgibbard said:
One last thing- "keyone01.key" should only be root readable, that's why your getting an error about it for group perms.
Click to expand...
Click to collapse
I don't understand what are Android perms and when I start the phone I don't know if I am root or normal user !
There is message "WARNING: file '/sdcard/openvpn/keyone.key' is group or others accessible" because all users can access this file ? Now keyone01.key is 777 ? But if I make keyone01.key root readable only I have problems if I start the phone as normal user ?
dalgibbard said:
you can fix that by doing:
chmod 600 /path/to/keyone01.key
Click to expand...
Click to collapse
Ok when I have one minute I do that !
dalgibbard said:
Not essential, but fairly wise from a security point of view, and it'll fix that error
Click to expand...
Click to collapse
I would like to understand perms on Android, on Linux if you change files perms for root only, normal user can't use them but if there is one user, root, this is the reason to change perms for root only !
GbMax78
Sorry, regarding that whole permissions thing, ignore it-even as root you can't change the perms of the file (namely the owner) as it had to keep the sdcard_rw group in order for you to list the file... Probably still worth chmodding it to 600 though, you just can't change the owner to root, meaning that error won't go away it's not a problem though really, more an observation.
The idea was that openvpn is run as root (standard users can't access the tun module) and therefore in order to protect your secret key (which normally you should as it gives anyone with access to the file, access to you network...), the key should be owned by the person who runs the app (in this case "root") and the permissions changed to only allow them access. It in the same manner as Linux/UNIX permissions anyway
For reference for anyone that doesn't know, the chmod is broken down into three elements-the first digit is for the "owner", the next is for the "group", and the last is for everyone else. The numbers are added up from the following dependant on which perms are required:
4= read
2= write
1= execute
So 600 means to give read and write access without execute to the file owner. The zeros elsewhere mean to give those users/groups nothing.
Hope that helps!
PS for the Linux geeks on here reading this, there is a fourth value too for sticky bit etc, but I won't cover that here
Any chance of getting a tun.ko module compiled for kernel 2.6.35.13-g84f8edd (EVO 3D CDMA running stock kernel and Fresh Evo 3d 4.1.0)?
I tried the tun.ko in this thread and I get an exec error when I try insmod which I believe usually indicates a kernel/compile mismatch.
Thanks!