[Q] CM11/OpenVPN Not Routing Connections Over VPN Correctly - Moto E Q&A, Help & Troubleshooting

I just noticed that my moto E (running CM11) is not correctly routing my traffic to my openvpn server. I noticed when I was looking at the current connections on my OpenWRT router that I could see the VPN's local IP address, and the remote connection:
IPV4 TCP 10.9.0.20:56657 157.166.xx.xx:80
Where 10.9.0.20 is my local VPN address, the other represents any remote address I connect to.
I could see all this in Luci's connection graphs, which means that OpenVPN is not sending my traffic over the tunnel at all, despite the reports from sites like ipleak.net and similar sites that tell me I have no leak . But if I can see the connections from my router, that means that when I connect over mobile data, my carrier can likely see all of my traffic. This is not what I want, I am having a hard time fixing it. Also, how is it even possible that my router is detecting the IP of my tun interface??
I tried two different OpenVPN frontends, tweaking the firewall on the phone (afwall+) and also playing around with the 'redirect-gateway' directives. I am not sure if this a DNS leak or total disobiedience on Android's part of my routing rules. The fact that I can see these connections from the router makes me think that the traffic is not even being encrypted before it's sent over the internet. My firewall rules are set so that every app is supposed to route over the VPN. These are my configurations:
Server Config:
mode server
tls-server
local x.x.x.x
port 35777
proto udp
dev tun0
ca /etc/openvpnca.crt
cert /etc/openvpn/randomcn.crt
key /etc/openvpn/randomcn.key
dh /etc/openvpn/dh.pem
topology p2p
server 10.8.0.0 255.255.255.0
;topology subnet
ifconfig-pool-persist ipp.txt
client-config-dir clients
;client-to-client
keepalive 7 80
tls-auth /etc/openvpn/ta.key 0
cipher AES-128-CBC
comp-lzo
max-clients 3
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
In my client directory, I have these settings. On my PC I do not have this IP leak problem despite the settings being the same:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
I have dnscrypt running with unbound on the server, serving the clients. This configuration works on my PC, but it seems no matter what I do I still can see the vpn local IP and all of my remote connections with Luci on openwrt.
I have tried using both OpenVPN connect, Openvpn for Android, and I am currently trying to use the ICS binary as well. Can anyone help me solve this problem? My goal is to tunnel all my phones traffic over the VPN and prevent IP or DNS leaks.

Related

DNS Problems After Bell 2.3.4 Update

So when I was using 2.2.2 my WIFI connection was working flawlessly with DHCP setting my wireless settings.
I flashed 2.3.4 using NFHimself's Gobstopper without any errors, did a factory reset afterwards and I get an internet connection over mobile with no problems, however on my home WIFI network w/ DHCP (on which 2.2.2 worked fine), it cannot resolve addresses past my router (can browse to the router config fine). Now if I set a static IP and the DNS servers manually, it works over WIFI, however when the WIFI radio turns back on from sleeping it gets stuck at obtaining an IP address.
So I tried leaving it with DHCP giving me an IP address, and then using Set DNS to use google's DNS servers instead of my router's IP, and it seems to work in all situations, however it leaves me unable to browse my LAN (even when one dns domain is left as my local domain server).
I installed Network Monitor II to watch my wireless settings for the three setups:
For just using DHCP, the DNS servers are both set to my router's IP
For static settings, the DNS servers are whatever i set them however i cannot browse my LAN when one is left as my router's IP
For DHCP w/ a custom DNS, it is the same as using static settings
Not sure whether to think this is a problem with the update, or a problem with my router (however no settings were changed before or after the update on it). Anyone have any ideas?
Router: Linksys WRT54GL running DD-WRT
I read somewhere that having the "Filter WAN NAT Redirection" setting enabled in DD-WRT causes this sort of behavior on some mobiles, it is not enabled.
Only thing I could find that I thought it might be is Android Bug Issue 10315 (to which I cannot post a link as I lack sufficient posts... so far), but am still unsure
I should also note that I have two routers (both identical), but only one deals with the DHCP and DNS, the other is more just a wireless AP. Thus, all of my lan is on 192.168.1.*, including both routers ( x.x.x.1 and x.x.x.2 ). uDHCPd is my DNS server on my router, but I might try dnsmasq in the next couple days.
Jiraffe said:
So when I was using 2.2.2 my WIFI connection was working flawlessly with DHCP setting my wireless settings.
I flashed 2.3.4 using NFHimself's Gobstopper without any errors, did a factory reset afterwards and I get an internet connection over mobile with no problems, however on my home WIFI network w/ DHCP (on which 2.2.2 worked fine), it cannot resolve addresses past my router (can browse to the router config fine). Now if I set a static IP and the DNS servers manually, it works over WIFI, however when the WIFI radio turns back on from sleeping it gets stuck at obtaining an IP address.
So I tried leaving it with DHCP giving me an IP address, and then using Set DNS to use google's DNS servers instead of my router's IP, and it seems to work in all situations, however it leaves me unable to browse my LAN (even when one dns domain is left as my local domain server).
I installed Network Monitor II to watch my wireless settings for the three setups:
For just using DHCP, the DNS servers are both set to my router's IP
For static settings, the DNS servers are whatever i set them however i cannot browse my LAN when one is left as my router's IP
For DHCP w/ a custom DNS, it is the same as using static settings
Not sure whether to think this is a problem with the update, or a problem with my router (however no settings were changed before or after the update on it). Anyone have any ideas?
Router: Linksys WRT54GL running DD-WRT
I read somewhere that having the "Filter WAN NAT Redirection" setting enabled in DD-WRT causes this sort of behavior on some mobiles, it is not enabled.
Only thing I could find that I thought it might be is Android Bug Issue 10315 (to which I cannot post a link as I lack sufficient posts... so far), but am still unsure
I should also note that I have two routers (both identical), but only one deals with the DHCP and DNS, the other is more just a wireless AP. Thus, all of my lan is on 192.168.1.*, including both routers ( x.x.x.1 and x.x.x.2 ). uDHCPd is my DNS server on my router, but I might try dnsmasq in the next couple days.
Click to expand...
Click to collapse
I did flash NFHimself's ROM without any issues. My wireless LAN was working fine. Did not noticed any issue on my side. Try with another Wireless router without all the setup you've done. Pretty sure the issue is with your routers.
I don't understand why you are not able to reach you LAN with google's DNS configured...? Do you have some sort of DNS entry specific to your LAN configured into your router?
the problem seemed to solve itself when i switched my router's DNS server daemon from UDHCPD to dnsmasq.
And I couldn't reach my lan when i had both dns servers forced to google's servers as google's servers don't know how to route to addresses inside my lan. But that's not a bug, that is how it is supposed to work.
Good !
Sent from my MB860 using xda premium

Openvpn connected but not tunneling over VPN

Hi,
I followed several guides on connecting my Galaxy Ace with an Openvpn Server.
I finally managed to connect to a Openvpn server using Certificates with the latest Cyanogen Mod for the Galaxy Ace.
For the Connection I used OpenVPN Settings App from the Market.
The thing is that the connection is established and I see in the config, that VPN is connected. It displays the message:" Connected to 134.x.x.x as 192.168.200.100"
But unfortunately nothing is tunneled over this VPN connection. If I for example check my external IP on the Galaxy device, it still shows me my G3 Provider IP. But I expect to see the IP of my Home Internet Provider. Furthermore no connections to devices on the local Network of the VPN Server can be made.
That means, that despite the VPN Dialog showing me that I am connected to the Open VPN server, no connection is tunneled over that device.
The Guides I used to setup the VPN Connection are from here:
freetz.org/wiki/packages/openvpn
and
riseup.net/en/openvpn-android
If I connect with the same settings from an windows PC to the Server, The connection is established and tunneling just fine.
Anyone knows what I am doing wrong?

[Q] Android unable to connect to my Wi-Fi network - Windows can

I am in university halls of residence. I have setup a Wi-Fi hotspot in my room using a generic router by connecting from the ethernet out port in the wall to a ethernet LAN port and disabling DHCP on the router.
This works perfectly for my Windows 7 laptop. It connects to the router and then to the uni internet without issues. However, although my Samsung Galaxy S3 (International i9300) can detect the network, if I just try to connect to the network as I would any other it gets stuck when obtaining an IP address. After messing around with it for a bit i found that I could get the phone to connect by going into the advanced settings and choosing "static" instead of "DCHP". I don't know what I was really meant to enter for IP Address, gateway, subnet, DNS 1 and DNS 2.
The router has the IP of 192.168.1.1 when i connect it directly to my laptop via ethernet so I tried that as the gateway, I set the IP address to something like 192.168.1.14 (So that it was similar but different), I set the subnet to 255.255.255.0 and the DNS servers I used google's (8.8.8.8 and 8.8.4.4). This got me connected to the router but there doesn't appear to be any internet connection.
I therefore thought that I had entered wrong information for the network (I was only guessing after all). Therefore I went into ipconfig in Windows and copied the default gateway and DNS servers and used a similar IP address (Last number different). I had the same issue.
Does anyone have any suggestions?
I only want Wi-Fi in my room for mobile.

Bluetooth PAN DNS Hostname to pull from DHCP rather than the android creating its own

Hey guys,
So I have a bluetooth pan on a raspberry pi which gives an ip and Internet connection to an android, in this case the S6 edge. I am given an ip address, however I can't communicate with other devices on the network. I do receive Internet though. It seems the android is assigning itself a dns hostname, which separates itself from the rest of the network. I could be wrong, but when laptops connect to the same pan network, they are given the dhcp information from the router and they can communicate over the network with the ip's being given to them from the bluetooth access point.
The laptops have a hostname of TP-link_D5DE and the android has android_9xxxxxx
Can the android adopt dhcp hostname info via Bluetooth pan? Can I change this name? Is it possible without root if so?
I understand there was somewhat of an issue with dhcp "hooks" back in the day where the bluetooth controller couldn't retrieve this information but I read that on a forum which was a few years old and also read it was fixed on newer versions of android.
I plan on have an app with a webview client call on this IP resource as you would in a web browser. Is it possible to have this app issue a dns name?
Thanks!

Trying to understand the source of WiFi DNS

All,
I am aware of the various apps for changing DNS server settings - that is not the question. I would like someone to explain how the default values are being set.
My home wireless access point supports three SSIDs and I have SSID_1 bridged to my router. Within the router, I have defined 1.1.1.1 and 208.67.222.222 as my DNS servers. When my phone (Pixe3 3XL) is connected to SSID_1, however, it shows the DNS servers as being 8.8.8.8 and 64.6.64.6. (FYI - I just rebooted my router in case that might have an impact, but ti didn't.)
However, when my phone connects to SSID_2, which is not bridged to the router, the DNS shows up as 10.255.224.1, which is the gateway address.
Oddly, my desktop PC, which gets it IP via DHCP (the address is reserved) and was configured for automatic CNS, also showed the DNS servers as being 8.8.8.8 and 64.6.64.6.
I logged into my cable modem, but there are no user adjustable settings there.
So, from whence come these DNS IP addresses?

Categories

Resources