Did someone successfully installed OpenVPN on a (rooted) Z1 compact?
Are there any TUN modification necessary or does it run out of the box with the OpenVPN installer in Google Play?
XDATestMaster2001 said:
Did someone successfully installed OpenVPN on a (rooted) Z1 compact?
Are there any TUN modification necessary or does it run out of the box with the OpenVPN installer in Google Play?
Click to expand...
Click to collapse
I wasn't able to get it running but it's possible I did something wrong, as it works fine on my tablet z
Also if you're running your own vpn server I'd recommend switching to SoftEther VPN as it supports the built in android l2tp/ipsec vpn and is also much easier to set up
Thank you for your reply.
Currently I have only an OpenVPN server at home (and franky, I'm quite happy with it) :cyclops:
By now I have my z1 compact and rooted it with still locked bootloader.
The OpenVPN installer from the store does not work, because it cannot mount /system/xbin as r/w.
I have the binary on my old phone, copied it to the new phone and moved it to the /system/xbin directory with RootExplorer.
Of course I had to mount the /system/xbin as r/w with Root Explorer and make the file executable.
The VPN tunnel is up and works fine, except DNS resolution to my home DNS server. Obviously the phone does not even try to use the DNS server. I guess the home DNS server is not added to the DNS server list in the operating system. Bad luck )
Quick follow-up:
I switched to the app "OpenVPN for Android" instead of "OpenVPN Installer" / "OpenVPN Settings" and now everything is working really good.
It hasn't been necessary to be rooted for VPN since ics I believe.
ARBEIT ANGST KONSUMTERROR
Just to directly answer the question though... Yes OpenVPN support is enabled on the Sony stock kernel. I extracted the defconfig of the stock sony kernel and I can see
Code:
CONFIG_TUN=y
Related
Hi
Didn't find any good solution on forum, so I am asking you guys if anybody have had successfully connected to corporate network using some kind of substitute of Cisco VPN client? I tried few solutions with tun.ko and vpnc widget but right after I typed my credentials my phone just rebooted, like every time
I hoped that after I flash to JJ's hibrid ROM maybe something will change, but it didn't.
Before that I had stock ICS installed from SE PC companion and the same reboot thing was occurring.
I have had tested this on GB but it doesn't have advanced routing and through GMS (because my operator have the same IP class as my private net) I was not able to route my traffic towards private network. vpnc worked fine but only on WiFi.
Cisco Anny Connect is not an option because it supports only SSL VPN.
Have you tried DroidVPN?
Sent from my LT15i using XDA
no.. but will give it a go
ed:
After granting su, gues what.. reboots :/
maybe other ideas?
sunekosuri said:
no.. but will give it a go
ed:
After granting su, gues what.. reboots :/
maybe other ideas?
Click to expand...
Click to collapse
I worked it in both ICS and GB, it worked perfectly!
Did you configure it?
Sent from my LT15i using XDA
yes, i configured it properly, all things were configured, maybe it's just because i use JJ's hybrid rom.. I don't know ;(
No JJ Rom shouldn't be a problem, but i think ICS may be the culprit as am using DroidVPN from GB
Sent from my LT15i using XDA
ohh shame.. why it is so hard to implement IPsec in unixbased os? ios have it, why android could not
I suggest to use some soft as follw:
Better Terminal Emulator Pro
VPN Connections
BusyBox 1.19.3
You can use BetterTerminalEmulatorPro to run vpnc script in command line mode.
It can output debug info.
# ./vpnc ./vpnc.config --script ./vpnc-script --debug 99
To which VPN software are you referring?
I have installed Terminal Emulator and I have BusyBox version mentioned by you.
Could you please be more specific in what should I do to run this up?
sunekosuri said:
ohh shame.. why it is so hard to implement IPsec in unixbased os? ios have it, why android could not
Click to expand...
Click to collapse
Well could you say how you implemented in iOS coz I have an iPad 3?
It is natively supported and if you have successfully connected from Mac OS X, then for sure it would work on iOS device.
If you are successfully using VPN in Mac OS X with a L2TP/IPSec configuration and you are using Password, RSA SecurID, or CRYPTOCard User Authentication methods, and Shared Secret key for Machine Authentication, then the same VPN configuration should work in iOS. In addition, if you are using a Shared Secret key or Certificate for Machine Authentication, it should work as well.
Click to expand...
Click to collapse
For proper configuration please refer to this link http://support.apple.com/kb/HT1424
Does anybody here use OpenVPN with CM9? What OpenVPN settings and/or kernel are you using with success? I've tried it with the stock CM9 kernel, but no good. It connects and everything indicates it should be working, but nothing gets through.
Hi,
I'm trying to configure it at the moment with my Nexus One using the new 7.2 CM, but I didn't fully succeed for the moment. I can connect, ping the lan machines, ping everything on the web through the vpn, but I couldn't surf or use any web services. Server is on a Win7 x64 pc, I suspect a server bad configuration (first try).
Android 2.3.7
kernel 2.6.37.6-cyanogenmod-g0799e00
last openvpn server version
I tried with the openvpn software supplied with CM, but it seems better and faster with OpenVpn Installer + OpenVpn Settings android packages. Plus it provides ovpn client logs, DNS settings, auto reconnect, .conf/ovpn files and a simplified certificates system.
Hope this helps...
I used the openvpn installer and openvpn settings apps, but couldn't get it to work. I'm still investigating. It's strange because I've tried using different roms and kernels already.
Sent from my Galaxy Nexus using XDA
Short Version:
Got an OpenVPN server on my NAS. GN connects & works fine; remote resources are reachable. I now want to know how I can route all traffic through the tunnel. (Is this possible?)
Long Version:
For those times when I'm traveling (domestically and internationally) and/or using a questionable Internet connection, I'd like to secure the connection.
I've got a [stock] rooted GN running Jelly Bean with BusyBox installed. My NAS has two built-in VPN solutions one of which being OpenVPN so I got that setup which created an .ovpn file containing the following configuration:
Code:
dev tun
tls-client
remote YOUR_SERVER_IP 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
proto udp
script-security 2
ca ca.crt
comp-lzo
reneg-sec 0
auth-user-pass
After installing OpenVPN Installer & OpenVPN Settings, I had to manually symlink busybox, ifconfig, and route from /system/bin to /system/xbin in order for OpenVPN to run properly.
Code:
#Note: In an attempt to be thorough, and for any Googlers or forum searchers (+1)...
#First I had to mount /system as read/write via:
mount -o -rw,remount /system
#Then create the symlinks via:
ln -s /system/bin/busybox /system/xbin/busybox
ln -s /system/bin/ifconfig /system/xbin/ifconfig
ln -s /system/bin/route /system/xbin/route
#Then remount /system as read-only via:
mount -o ro,remount /system
Once all of the above was setup, I initiated the connection, successfully authenticated, and was able to reach remote resources without issue.
What I would like to do at this point is get it setup so that I can have a second profile that routes all traffic through the VPN. I assume its a client-side configuration change but I really don't know at this juncture.
Many thanks!
Doesn't CyanogenMod ROM have native OpenVPN support? I think the OpenVPN client on CM has an option to route all traffic through the VPN. I think for what you want to do you should need a custom ROM or kernel that supports iptables.
iptables is a system file that allows the system to redirect network traffic usually for apps like tethering, firewalls, and proxies.
Sent from my Galaxy Nexus using Tapatalk 2
Thanks for taking the time to reply KemikalElite.
I've got BusyBox 1.20.2 installed and I do have an iptables binary (v1.4.11.1). With solutions like Hotspot Shield VPN that don't require root yet supports encryption for all traffic, I figured root + OpenVPN + BusyBox + iptables would be sufficient.
My initial assumption was that I would need to make some changes to my OpenVPN configuration to encrypt & route all traffic through the tunnel. But maybe I've been thinking about this all wrong and its less about OpenVPN and more about running a custom script once connected to route everything through the tunnel; and vice versa when I disconnect to restore the original configuration.
Perhaps I should be scouring OpenVPN forums?
Phylum said:
Thanks for taking the time to reply KemikalElite.
I've got BusyBox 1.20.2 installed and I do have an iptables binary (v1.4.11.1). With solutions like Hotspot Shield VPN that don't require root yet supports encryption for all traffic, I figured root + OpenVPN + BusyBox + iptables would be sufficient.
My initial assumption was that I would need to make some changes to my OpenVPN configuration to encrypt & route all traffic through the tunnel. But maybe I've been thinking about this all wrong and its less about OpenVPN and more about running a custom script once connected to route everything through the tunnel; and vice versa when I disconnect to restore the original configuration.
Perhaps I should be scouring OpenVPN forums?
Click to expand...
Click to collapse
You have the tun module as well right?
code.google.com/p/android-openvpn-settings/issues/list
Check through some of those issues. Something did say that the DNS servers may need to be manually set.
OpenVPN is so complex because of the config options. I find it easier to use native PPTP connections since there's no config only authentication and it routes all traffic automatically.
Sent from my Galaxy Nexus using Tapatalk 2
You need to enter "redirect-gateway" into your ovpn config file.... Just remove the # in the your config
Thanks for the reply ZiCoN!
I should have mentioned this sooner - terribly sorry for omitting this.
Once I got the VPN connected, I did the old 'what is my ip' to verify the route. It was still using the provider's network, but I could reach my NAS and other remote devices in the 192.168.x.x range - so the VPN itself was working. After reading the mini explanation in the config file I enabled 'redirect-gateway' and after reconnecting I could no longer access the Internet. I checked the OpenVPN Manual I added 'def1' after the 'redirect-gateway' statement, reconnected but still no go: I can no longer access the Internet. Remote resources are still accessible in both scenarios.
KemikalElite said:
You have the tun module as well right?
code.google.com/p/android-openvpn-settings/issues/list
Check through some of those issues. Something did say that the DNS servers may need to be manually set.
OpenVPN is so complex because of the config options. I find it easier to use native PPTP connections since there's no config only authentication and it routes all traffic automatically.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
I somehow missed this when drafting my last reply. I think you're right about it being a DNS problem. I made a change to the config file (adding a few lines for 'dhcp-option DNS x.x.x.x') and within OpenVPN used the 'Fix DNS' button.
Thanks all for your time, thoughts, opinions and instructions!
Phylum said:
Thanks for the reply ZiCoN!
I should have mentioned this sooner - terribly sorry for omitting this.
Once I got the VPN connected, I did the old 'what is my ip' to verify the route. It was still using the provider's network, but I could reach my NAS and other remote devices in the 192.168.x.x range - so the VPN itself was working. After reading the mini explanation in the config file I enabled 'redirect-gateway' and after reconnecting I could no longer access the Internet. I checked the OpenVPN Manual I added 'def1' after the 'redirect-gateway' statement, reconnected but still no go: I can no longer access the Internet. Remote resources are still accessible in both scenarios.
Click to expand...
Click to collapse
You probably need to allow traffic to route back along the vpn film the internet. On your gateway, route vpn addresses to the VPN server and make sure forwarding is enabled on the vpn server.
Questions go in Q&A
Read forum rules and stickies before posting
Thread moved
FNM
Install openvpn and then place your edited client vpn config files and certificate files on the storage of FireTV similar to the raspberry pi method in the thread below:
h**p xbmchub.com/forums/threads/24769-How-to-set-up-your-VPN-on-raspberry-pi-using-Brain-Hornsby-Openvpn-for-XBMC
Thanks for anyone that may know more than me that could maybe get this to work...
Hmm would be nice if that worked. Did u get a chance to try it?
Sent from my Nexus 5 using XDA Free mobile app
tdfsu said:
h**p xbmchub.com/forums/threads/24769-How-to-set-up-your-VPN-on-raspberry-pi-using-Brain-Hornsby-Openvpn-for-XBMC
Click to expand...
Click to collapse
I'm working on something like this just now. Here's the thing: in my logs for the simplest openvpn app to install (not straight openvpn, it turns out, as there's a windowing issue there that makes it difficult / impossible to navigate through setup, even with a keyboard and Droidmote) once I have a config, I get errors in logcat informing me
"Your image does not support the VPNService API, sorry "
There is a manually installable openvpn binary that I've looked at a bit but not yet configured. It is going to require adding a binary to /system/xbin directly, as the installer (at least on my phone) does not understand where /system/xbin really lives and issues a remount command to a nonexistent partition.
If you're running dd-wrt or similar configurable firewall, another option is to get an account with a provider who is set up to let you do a firewall to firewall connection, and then route either all of your traffic or the traffic from your firetv through that firewall-to-firewall connection.
I have a Private Internet Access vpn account.
Installed openvpn on FireTV--
http play.google.com/store/apps/details?id=de.schaeuffelhut.android.openvpn.installer&hl=en
Installed busybox on FireTV--
http play.google.com/store/apps/details?id=stericson.busybox&hl=en
I created a pass.txt file with my PIA username on the first line and password on the second line, nothing else, then saved the file as a text file (pass.txt).
Download the following to PC--
http privateinternetaccess.com/openvpn/openvpn.zip
Extracted the zip file.
Edited the location specific .ovpn file (see below), changing the 'remote', 'ca', 'crl' and 'auth' lines to the following--
client
dev tun
proto udp
remote us-florida.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /storage/sdcard0/openvpn/ca.crt
tls-client
remote-cert-tls server
auth-user-pass /storage/sdcard0/openvpn/pass.txt
comp-lzo
verb 1
reneg-sec 0
crl-verify /storage/sdcard0/openvpn/crl.pem
Then, save the USFlorida.ovpn file.
Upload ca.crt, crl.pem, pass.txt, and .ovpn file to FireTV to /storage/sdcard0/openvpn/
Open terminal on FireTV. I use jackpal's terminal app below, but you can also use adb.
http play.google.com/store/apps/details?id=jackpal.androidterm
In terminal, type the following--
su
openvpn cd /storage/sdcard0/openvpn/USFlorida.ovpn
But I get several errors. Anyway, that's where I'm at. Maybe someone else more knowledgeable than me can figure it out. Sorry about the links, my low post-count will not allow me to post url's.
Also, you can sideload the following app to verify your external ip address, and it works great with the FireTV remote--
http play.google.com/store/apps/details?id=igit.WhatIsMyIp
The approach you've taken is where I'd be headed next on the client side.
One thing you might want to try is to do the same setup a less locked-down device and confirm that the config files work as expected there.
There's also a good discussion of the hardware approach (setting up a tunnel from your edge to a VPN provider) in the other VPN thread, http://forum.xda-developers.com/showthread.php?t=2797005
also, private internet access will sell a preconfigured router for this purpose!
I looked through all 4 pages of posts as well as the working apps list and thus far I have not found anyone who has gotten a proxy to work. Has anyone been able to use a VPN on the firetv? What about with xbmc on the firetv?
Thanks :good:
mcsephoenix said:
I looked through all 4 pages of posts as well as the working apps list and thus far I have not found anyone who has gotten a proxy to work. Has anyone been able to use a VPN on the firetv? What about with xbmc on the firetv?
Thanks :good:
Click to expand...
Click to collapse
can you list the VPN apps you have used? so im not repeating any
The only VPN I own is PIA which does not work. The rest I am just reading about. I did see a thread where droidvpn might work with tun.ko but I am trying to find out more about this method.
mcsephoenix said:
The only VPN I own is PIA which does not work. The rest I am just reading about. I did see a thread where droidvpn might work with tun.ko but I am trying to find out more about this method.
Click to expand...
Click to collapse
I'm making pretty good progress with PIA - I'm down to an issue with SSL verification. The core problem with newer guides is that the software assumes a device running Android 4.2 has access to the Google VPN API, which the FireTV does not.
I'm using the tools outlined in this guide
https://strongvpn.com/setup_android_open.shtml
which include an openvpn binary installer which I was surpised to see did work on the FTV (it didn't work on a cm11 device.)
I've added the Tun installer to the mix, so the process for me has been:
- have ADB available and working
- have a wifi keyboard available and working
- have Droidmote client able to access the system - there are times when it's super helpful to be able to yank down a menu
Setup and test openVPN - and get a known working config - on another device.
Root the FTV
Install Busybox (actually did that long ago)
Install "OpenVPN Installer" - this will get you the openvpn binary; you can confirm you have it by running openvpn in adb - if the openvpn binary isn't in your path, it'll error out otherwise it'll give you all the openvpn options.
Install the tun.ko installer from droidvpn
Install the "Open VPN Settings" app - this was very important for me, as with more recent openvpn installers, I was not able to import / export config files.
Import a working openvpn config file into openVPN settings (default path is /sdcard/openvpn/
Attempt to connect, fail, long press on the failing connection in order to
- enable logging
- make config changes on the fly
I currently have the PIA cert inline in my openvpn config and am pointing the config to their CRL file.
Most of the config seems to work; the remaining issue is in the TLS handshakes.
There are two rounds of verification, depth 0 and depth 1 - and one is failing. I forget which one just now.
Editing and testing the ovpn config in a gui and then reexporting us super helpful - looking over the guide at
https://www.privateinternetaccess.c...iguration-on-android-instead-of-pptp-ipsec/p1
gives a good walkthrough on the basics.
The openvpn binary installed for use on the ftv does not support all the options that the config generated there supports, though, which is why looking at the logs and editing the configs on the fly is so helpful.
mcsephoenix said:
The only VPN I own is PIA which does not work. The rest I am just reading about. I did see a thread where droidvpn might work with tun.ko but I am trying to find out more about this method.
Click to expand...
Click to collapse
Use Hola, it requires a mouse
http://forum.xda-developers.com/fire-tv/help/mlb-blackout-restriction-dns-unblock-t2825086
Post #9