37 replies to this topic

[pbando]

Hi,

I managed to complie the tun.ko kernel module which can be used for openvpn software. I used the San Frans kernel from ZTE site.

it works with 2.1 Eclair ONLY, I would need the 2.2 kernel source to be able to compile it to Froyo.

Compilation was according to this guide:
http://android.modac...r-for-htc-hero/


Usage (phone should be rooted):
1) Copy the tun.ko to /system/lib/modules/ using Root Explorer or by adb + R+W remounting (http://android.modac.../322750/system/)

2) use "OpenVPN Installer" to install the openvpn binary:
- Appbrain link: http://www.appbrain....envpn.installer
- start OpenVPN installer
- select /system/xbin for target loaction of openVPN binary
- select /system/xbin/bb for location of ifconfig and route commands. None of the other locations was working for me. (The location of ifconfig and route is crutial    because busybox should be used otherwise the ifconfig and route commands pushed by server will fail with "invalid argument". /system/xbin does not work for some reason even if /system/xbin/bb is a simlink to it).
- after installation you can remove the OpenVPN installer, the binary openvpn from /system/xbin will not be removed during uninstallation

3) Create openvpn folder on SDCARD and put the configuration there (configfile.ovpn, certificates etc)

4) install openVPN Setting from AppBrain: http://www.appbrain....android.openvpn.
   Launch openVPN Settings and go to Advanced menu
   - Load tun kernel module: yes
   - TUN module settings:
   - Load module using: insmod
   - Path to tun module: /system/lib/modules/tun.ko
   - path to configurations:  /sdcard/openvpn
   - path to openvpn binary: /system/xbin/openvpn
   - Fix HTC Routes: no
   - Show ads: yes/no
  
5) at this point the program will read the /sdcard/openvpn/ and you should see the profile, maybe restart of "OpenVPN Settings" is needed
6) you can longpress on the .opvn config to set extra DNS parameter, I did not chnage those.


Issues:
- OpenVPN settings starts automatically on boot. Use some startup disabler.  
- FROYO users: in Paul's 2.2 ROM the /system/xbin/bb symlink does not exist and the /system/xbin does not contain the busybox links. So if in your ROM the /system/xbin/bb/ directory does not exist you have to create it and add the necessery symlinks:

    adb shell mkdir /system/xbin/bb
    adb shell ln -s /system/bin/busybox /system/xbin/bb/ifconfig
    adb shell ln -s /system/bin/busybox /system/xbin/bb/route




I've also complied CIFS/SAMBA module, that aslo works using the standard mount -t cifs... command. Put it to the /system/lib/modules/ and load it with "insmod /system/lib/modules/cifs.ko". Note: CIFS is not required for OpenVPN.
(sudo mount -t cifs //netbiosname/sharename /media/sharename -o username=winusername,password=winpassword)

Note: I'm not an expert of OpenVPN so I just compiled the module and it just works for me.

Attached Files

•  tun_eclair_2.1.zip   65.57K   107 downloads
•  tun_froyo_2.2.zip   78.69K   314 downloads

Edited by pbando, 10 January 2011 - 01:33 PM.

[goatee]

Nice work! Were there any issues using the (slightly dodgy) ZTE kernel?

[pbando]

goatee, on Nov 11 2010, 15:56, said:

Nice work! Were there any issues using the (slightly dodgy) ZTE kernel?

No, I'm not an expert of kernel compilation, but the comilation guide was working perfectly.

Edited by pbando, 11 November 2010 - 02:58 PM.

[goatee]

pbando, on Nov 11 2010, 14:58, said:

No, I'm not an expert of kernel compilation, but the comilation guide was working perfectly.

Good to know - I don't have need of VPN now, but when on public wi-fi networks, I'd use it, as I don't know if you can tunnel as I do with my laptop.

[mrflibbles]

Great work. This topic should be pinned.

It's fantastic timing, I've had my blade for a few weeks but only wanted VPN today and this is just what I was looking for.

I can confirm that it works on the UK Orange San Francisco using MCR r4

Anyone know if OpenVPN can work with Cisco VPN? Or do you need to use VPNC?

http://code.google.c...t-a-robot-vpnc/

Edited by mrflibbles, 12 November 2010 - 10:03 AM.

[pbando]

mrflibbles, on Nov 12 2010, 11:03, said:

Great work. This topic should be pinned.

It's fantastic timing, I've had my blade for a few weeks but only wanted VPN today and this is just what I was looking for.

I can confirm that it works on the UK Orange San Francisco using MCR r4

Anyone know if OpenVPN can work with Cisco VPN? Or do you need to use VPNC?

http://code.google.c...t-a-robot-vpnc/

As I know OpenVPN is a different protocol from Cisco VPN.

Please report here if "get-a-robot-vpnc" works, I have troubles to connect to my company's vpn, on Desire it works (vpnc). As I understood get-a-robot-vpnc uses tun.ko as well.

[mrflibbles]

pbando, on Nov 12 2010, 13:06, said:

Please report here if "get-a-robot-vpnc" works

It connects to our Cisco VPN at work.

NOTE : If you are using the HTC_IME keyboard beware that it can insert spaces after "." characters if you're not careful.

pbando, on Nov 12 2010, 13:06, said:

As I understood get-a-robot-vpnc uses tun.ko as well.

It does.

Thanks again for building it for us Blade users.

Edited by mrflibbles, 12 November 2010 - 02:41 PM.

[Magnets]

Installed tun.ko and openVPN installer/settings, but openvpn settings gives a force close when I enable my client.ovpn

### Client configuration file for OpenVPN

# Specify that this is a client
client

# Bridge device setting
dev tap

# Host name and port for the server (default port is 1194)
# note: replace with the correct values your server set up
remote <removed> 443

# Client does not need to bind to a specific local port
nobind


# Keep trying to resolve the host name of OpenVPN server.
## The windows GUI seems to dislike the following rule. 
##You may need to comment it out.
resolv-retry infinite

# Preserve state across restarts
persist-key
persist-tun

# SSL/TLS parameters - files created previously
ca ca.crt
cert client.crt
key client.key

# Since we specified the tls-auth for server, we need it for the client
# note: 0 = server, 1 = client
tls-auth ta.key 1

# Specify same cipher as server
cipher BF-CBC

# Use compression
comp-lzo

# Log verbosity (to help if there are problems)
verb 3

Any ideas?

[Magnets]

11-25 20:08:35.276: ERROR/AndroidRuntime(5242): Uncaught handler: thread OpenVPN-DaemonMonitor[/sdcard/openvpn/client.ovpn]-daemon-stdin exiting due to uncaught exception
11-25 20:08:35.286: ERROR/AndroidRuntime(5242):	 at de.schaeuffelhut.android.openvpn.util.Shell.joinLoggers(Shell.java:139)
11-25 20:08:35.286: ERROR/AndroidRuntime(5242):	 at de.schaeuffelhut.android.openvpn.service.DaemonMonitor$1.onCmdTerminated(DaemonMonitor.java:160)
11-25 20:08:35.286: ERROR/AndroidRuntime(5242):	 at de.schaeuffelhut.android.openvpn.util.Shell.run(Shell.java:116)

[buneech]

Magnets, on Nov 25 2010, 19:47, said:

Installed tun.ko and openVPN installer/settings, but openvpn settings gives a force close when I enable my client.ovpn

### Client configuration file for OpenVPN

# Specify that this is a client
client

# Bridge device setting
dev tap

# Host name and port for the server (default port is 1194)
# note: replace with the correct values your server set up
remote <removed> 443

# Client does not need to bind to a specific local port
nobind
# Keep trying to resolve the host name of OpenVPN server.
## The windows GUI seems to dislike the following rule. 
##You may need to comment it out.
resolv-retry infinite

# Preserve state across restarts
persist-key
persist-tun

# SSL/TLS parameters - files created previously
ca ca.crt
cert client.crt
key client.key

# Since we specified the tls-auth for server, we need it for the client
# note: 0 = server, 1 = client
tls-auth ta.key 1

# Specify same cipher as server
cipher BF-CBC

# Use compression
comp-lzo

# Log verbosity (to help if there are problems)
verb 3

Any ideas?

Does that config work on a computer?
Because i just installed, and i use openvpn at work to connect to my home network everyday. Just connected using the other config from my blade, and it worked instantly.

[pbando]

You should use TUN device and not TAP. TAP is not supported and wont be.


# Bridge device setting
dev tap


so it should be
dev tun

But note that the same should be on the server side. If server requires TAP then no luck.

http://openvpn.net/i...nd-routing.html
http://openvpn.net/i...figuration.html

Edited by pbando, 26 November 2010 - 02:02 PM.

[buneech]

pbando, on Nov 26 2010, 14:58, said:

You should use TUN device and not TAP. TAP is not supported and wont be.

Seriously? I use a TAP device, and it works just fine.

[pbando]

buneech, on Nov 26 2010, 15:12, said:

Seriously? I use a TAP device, and it works just fine.

Ok just searched some topic and seems TAP is working as well with this module, but maybe this is not really correct in the config: persist-tun

Anyway try to make it working from a linux/windows machine first, it is much easier to debug there, and use the same config on blade.

Im using R4 2.1 Eclair. I assume it does not work on froyo (different kernel).

Edited by pbando, 26 November 2010 - 02:30 PM.

[Magnets]

I created a new config using gnome network-manager applet and tested in a virtual machine it so I know it works (exported the settings).
Do I need to give full paths to the configs? I presume they only need to be relative the the directory specified in the settings (/sdcard/openvpn)

client
remote <> 443
ca ca.crt
cert client.crt
key client.key
cipher BF-CBC
comp-lzo yes
dev tap
proto udp
tls-auth ta.key 1
nobind
auth-nocache
script-security 2
persist-key
persist-tun

I tried trimming down to the bare essentials, still force closes.

client
remote <> 443
ca ca.crt
cert client.crt
key client.key
cipher BF-CBC
comp-lzo yes
dev tap
proto udp
tls-auth ta.key 1
nobind

Forgot to add, I am using the stock rom at the moment. Since there are no error messages to be found it looks like I need to install another ROM to get this working.

Edited by Magnets, 26 November 2010 - 02:45 PM.

[buneech]

pbando, on Nov 26 2010, 15:25, said:

Ok just searched some topic and seems TAP is working as well with this module, but maybe this is not really correct in the config: persist-tun

persist-tun works in my case.

Magnets, on Nov 26 2010, 15:36, said:

I created a new config using gnome network-manager applet and tested in a virtual machine it so I know it works (exported the settings).
Do I need to give full paths to the configs? I presume they only need to be relative the the directory specified in the settings (/sdcard/openvpn)

Forgot to add, I am using the stock rom at the moment. Since there are no error messages to be found it looks like I need to install another ROM to get this working.

Here are my config files:
Server:

daemon
server-bridge
proto udp
port 1195
dev tap21
comp-lzo adaptive
keepalive 15 60
verb 3
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status

Client:

client
dev tap

ifconfig 192.168.x.x 255.255.255.0

ca ca.crt
cert client2.crt
key client2.key

proto udp
remote <host> 1195
keepalive 10 60
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 3
float

I use MoDaCo r4 2.1 ROM.

[pbando]

I dont know why it fails, but you need busybox, because the ifconfig and route commands in the stock ROM are not OK.
If you execute e.g ifconfig the stock rom will not result anything, while the busybox ifconfig does (like in your linux). Of course you can install busybox as well. Check wteher you have busybox in /system/xbin. /system/xbin/bb symlink must exist too.

Edited by pbando, 27 November 2010 - 09:15 AM.

[kalusu]

3) Create openvpn folder on SDCARD and put the configuration there (configfile.ovpn, certificates etc)


where can i find these files?

[ASze]

kalusu, on Dec 17 2010, 19:49, said:

3) Create openvpn folder on SDCARD and put the configuration there (configfile.ovpn, certificates etc)
where can i find these files?

You should create/generate those, depending on your OpenVPN server settings.

[gefo]

Did anyone have success with openvpn and froyo? I think another tun.ko is needed - or a fitting kernel source to build it.
(using Pauls alpha 5 atm)

[wbaw]

gefo, on Jan 3 2011, 13:17, said:

Did anyone have success with openvpn and froyo? I think another tun.ko is needed - or a fitting kernel source to build it.
(using Pauls alpha 5 atm)

2.2 has vpn support built in