Arkael

HTC Tattoo / Openvpn

2 posts in this topic

Hi,

Hi,

I've recently installed OpenVPN on my HTC Tattoo phone, all certificates are ok , and i can connect to my server, log files seems to be ok.

My problem is thats i simply cannot ping or browse the server network from the phone... cannot ping VPN IP or local network IP.. nothing at all.

so i decided to configure client on a Windows computer, all is ok, no problem at all... with same configuration and same certificates...

Anyone had same issue? What do you think i should check?

server config:

port 1194

proto udp

dev tun

ca /mnt/C/sys/etc/ca.crt

cert /mnt/C/sys/etc/server.crt

key /mnt/C/sys/etc/server.key  # This file should be kept secret

dh /mnt/C/sys/etc/dh1024.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 192.168.3.0 255.255.255.0"

tls-auth /mnt/C/sys/etc/ta.key 0

max-clients 2

user nobody

group nobody

persist-key

persist-tun

log-append  /var/log/messages

verb 4
and the client
client

dev tun

proto udp

remote XXXXXXX.dyndns.org 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client.crt

key client.key

tls-auth ta.key 1

comp-lzo

verb 3

0

Share this post


Link to post
Share on other sites

Well,

I have it working for a while now, so I have checked my client config file (that works) with the file you have and I have the following differences.

client // yep got this

dev tun // yep got this

dev-node /dev/tun // I have this one and you dont

proto udp // I have proto tcp, so I have never tried it with UDP. dont know how functional this is.

remote XXXXXXX.dyndns.org 1194 // yeah. got this but with port 443

resolv-retry infinite // yeah, got this one.

nobind // ditto

persist-key // ditto

persist-tun // and again

ca ca.crt // for these I actaully have the absolute location eg. /sdcard/certs/ca.crt

cert client.crt // and so on......

key client.key // and again, absolute path.

tls-auth ta.key 1 // I have this commented out with a ;

comp-lzo // yep got this

verb 3 // and this one.

Additional options that I have set and that work are:

reneg-sec 0 // this allows the server to decide whe to re-negotiate keys

//I also have the "auth" crypt cypher set

tls-remote <value> // I have this set.

suggest you run busyboxy in your phone and run the openvpn from the command line, so you can see the log. hope this helps in some way.

I have this running on HTC Hero (2.1 HeroSense Rom).

-RandyL

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2016. MoDaCo uses IntelliTxt technology.