Lollipop - Route rejected by Android - bad address

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
giaur500
OpenVpn Newbie
Posts: 9
Joined: Tue Dec 30, 2014 7:14 am

Lollipop - Route rejected by Android - bad address

Post by giaur500 » Tue Dec 30, 2014 7:26 am

Hi,

I'm on CM12 (Lollipop 5.0.2). I tried OpenVpn Connect and OpenVPN for Android apps. Both seems to be ok (they can establish connection). However, I noticed, that there is no routing set. I found this in OpenVPN for Android log:

Code: Select all

Route rejected by Android10.8.0.16/24 Bad address
OpenVPN connect doesn't throw this message, but problem is the same. My phone is not visible inside VPN network (via ip 10.8.0.16) my phone can't see any address from vpn network. Both server and clients configuration are valid. If I use the same config on my PC or on Android 4.4, all ok. This problem exists on Lollipop only. Possibly CM12 bug? Do you know any workaround?
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Lollipop - Route rejected by Android - bad address

Post by Traffic » Tue Dec 30, 2014 2:45 pm

10.8.0.16/24 is a Bad address !

A shot in the dark ..
  • You may require either 10.8.0.0/24 or 10.8.0.16/32 .. but it could also be 10.8.16.0/24 ?
Check your configs for routing errors ..
Top
giaur500
OpenVpn Newbie
Posts: 9
Joined: Tue Dec 30, 2014 7:14 am

Re: Lollipop - Route rejected by Android - bad address

Post by giaur500 » Wed Dec 31, 2014 8:02 am

My config (.ovpn), used to import:

Code: Select all

dev tun
client
remote <server ip>
proto udp
port 1194
nobind
ca ca.crt
cert client_android.crt
key client_android.key
comp-lzo
verb 3
Server configuration (open vpn on Linux) - server.conf:

Code: Select all

port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
topology subnet
client-config-dir ccd
So there is 10.8.0.0 255.255.255.0 on server. 10.8.0.16 is ip assigned by server for client connected. Also, I don't have any problems on KitKat, the same hardware and the same config (tested).
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Lollipop - Route rejected by Android - bad address

Post by Traffic » Thu Jan 01, 2015 2:47 pm

Please post your complete client log at --verb 4
Top
giaur500
OpenVpn Newbie
Posts: 9
Joined: Tue Dec 30, 2014 7:14 am

Re: Lollipop - Route rejected by Android - bad address

Post by giaur500 » Thu Jan 01, 2015 6:58 pm

Code: Select all


2015-01-01 19:48:52 Running on A0001 (MSM8974) oneplus, Android API 21, version 0.6.26, official build
2015-01-01 19:48:52 Building configuration…
2015-01-01 19:48:55 started Socket Thread
2015-01-01 19:48:55 Current Parameter Settings:
2015-01-01 19:48:55   config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2015-01-01 19:48:55   mode = 0
2015-01-01 19:48:55   show_ciphers = DISABLED
2015-01-01 19:48:55   show_digests = DISABLED
2015-01-01 19:48:55   show_engines = DISABLED
2015-01-01 19:48:55   genkey = DISABLED
2015-01-01 19:48:55   key_pass_file = '[UNDEF]'
2015-01-01 19:48:55   show_tls_ciphers = DISABLED
2015-01-01 19:48:55   connect_retry_max = 5
2015-01-01 19:48:55 Connection profiles [0]:
2015-01-01 19:48:55   proto = udp
2015-01-01 19:48:55   local = '[UNDEF]'
2015-01-01 19:48:55   local_port = '[UNDEF]'
2015-01-01 19:48:55   remote = xxxxxxxx
2015-01-01 19:48:55   remote_port = '1194'
2015-01-01 19:48:55   remote_float = DISABLED
2015-01-01 19:48:55   bind_defined = DISABLED
2015-01-01 19:48:55   bind_local = DISABLED
2015-01-01 19:48:55   bind_ipv6_only = DISABLED
2015-01-01 19:48:55   connect_retry_seconds = 5
2015-01-01 19:48:55   connect_timeout = 10
2015-01-01 19:48:55   socks_proxy_server = '[UNDEF]'
2015-01-01 19:48:55   socks_proxy_port = '[UNDEF]'
2015-01-01 19:48:55   socks_proxy_retry = DISABLED
2015-01-01 19:48:55   tun_mtu = 1500
2015-01-01 19:48:55   tun_mtu_defined = ENABLED
2015-01-01 19:48:55   link_mtu = 1500
2015-01-01 19:48:55   link_mtu_defined = DISABLED
2015-01-01 19:48:55   tun_mtu_extra = 0
2015-01-01 19:48:55   tun_mtu_extra_defined = DISABLED
2015-01-01 19:48:55   mtu_discover_type = -1
2015-01-01 19:48:55   fragment = 0
2015-01-01 19:48:55   mssfix = 1450
2015-01-01 19:48:55   explicit_exit_notification = 0
2015-01-01 19:48:55 Connection profiles END
2015-01-01 19:48:55   remote_random = DISABLED
2015-01-01 19:48:55   ipchange = '[UNDEF]'
2015-01-01 19:48:55   dev = 'tun'
2015-01-01 19:48:55   dev_type = '[UNDEF]'
2015-01-01 19:48:55   dev_node = '[UNDEF]'
2015-01-01 19:48:55   lladdr = '[UNDEF]'
2015-01-01 19:48:55   topology = 1
2015-01-01 19:48:55   tun_ipv6 = DISABLED
2015-01-01 19:48:55   ifconfig_local = '[UNDEF]'
2015-01-01 19:48:55   ifconfig_remote_netmask = '[UNDEF]'
2015-01-01 19:48:55   ifconfig_noexec = DISABLED
2015-01-01 19:48:55   ifconfig_nowarn = ENABLED
2015-01-01 19:48:55   ifconfig_ipv6_local = '[UNDEF]'
2015-01-01 19:48:55   ifconfig_ipv6_netbits = 0
2015-01-01 19:48:55   ifconfig_ipv6_remote = '[UNDEF]'
2015-01-01 19:48:55   shaper = 0
2015-01-01 19:48:55   mtu_test = 0
2015-01-01 19:48:55   mlock = DISABLED
2015-01-01 19:48:55   keepalive_ping = 0
2015-01-01 19:48:55   keepalive_timeout = 0
2015-01-01 19:48:55   inactivity_timeout = 0
2015-01-01 19:48:55   ping_send_timeout = 0
2015-01-01 19:48:55   ping_rec_timeout = 0
2015-01-01 19:48:55   ping_rec_timeout_action = 0
2015-01-01 19:48:55   ping_timer_remote = DISABLED
2015-01-01 19:48:55   remap_sigusr1 = 0
2015-01-01 19:48:55   persist_tun = DISABLED
2015-01-01 19:48:55   persist_local_ip = DISABLED
2015-01-01 19:48:55   persist_remote_ip = DISABLED
2015-01-01 19:48:55   persist_key = DISABLED
2015-01-01 19:48:55   passtos = DISABLED
2015-01-01 19:48:55   resolve_retry_seconds = 60
2015-01-01 19:48:55   resolve_in_advance = DISABLED
2015-01-01 19:48:55   username = '[UNDEF]'
2015-01-01 19:48:55   groupname = '[UNDEF]'
2015-01-01 19:48:55   chroot_dir = '[UNDEF]'
2015-01-01 19:48:55   cd_dir = '[UNDEF]'
2015-01-01 19:48:55   writepid = '[UNDEF]'
2015-01-01 19:48:55   up_script = '[UNDEF]'
2015-01-01 19:48:55   down_script = '[UNDEF]'
2015-01-01 19:48:55   down_pre = DISABLED
2015-01-01 19:48:55   up_restart = DISABLED
2015-01-01 19:48:55   up_delay = DISABLED
2015-01-01 19:48:55   daemon = DISABLED
2015-01-01 19:48:55   inetd = 0
2015-01-01 19:48:55   log = DISABLED
2015-01-01 19:48:55   suppress_timestamps = DISABLED
2015-01-01 19:48:55   machine_readable_output = ENABLED
2015-01-01 19:48:55   nice = 0
2015-01-01 19:48:55   verbosity = 4
2015-01-01 19:48:55   mute = 0
2015-01-01 19:48:55   gremlin = 0
2015-01-01 19:48:55 Network Status: CONNECTED  to WIFI "TP-LINK_41D444"
2015-01-01 19:48:55   status_file = '[UNDEF]'
2015-01-01 19:48:55   status_file_version = 1
2015-01-01 19:48:55   status_file_update_freq = 60
2015-01-01 19:48:55   occ = ENABLED
2015-01-01 19:48:55   rcvbuf = 65536
2015-01-01 19:48:55   sndbuf = 65536
2015-01-01 19:48:55   sockflags = 0
2015-01-01 19:48:55   fast_io = DISABLED
2015-01-01 19:48:55   comp.alg = 2
2015-01-01 19:48:55   comp.flags = 1
2015-01-01 19:48:55   route_script = '[UNDEF]'
2015-01-01 19:48:55   route_default_gateway = '[UNDEF]'
2015-01-01 19:48:55   route_default_metric = 0
2015-01-01 19:48:55   route_noexec = DISABLED
2015-01-01 19:48:55   route_delay = 0
2015-01-01 19:48:55   route_delay_window = 30
2015-01-01 19:48:55   route_delay_defined = DISABLED
2015-01-01 19:48:55   route_nopull = DISABLED
2015-01-01 19:48:55   route_gateway_via_dhcp = DISABLED
2015-01-01 19:48:55   allow_pull_fqdn = DISABLED
2015-01-01 19:48:55   management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2015-01-01 19:48:55   management_port = 'unix'
2015-01-01 19:48:55   management_user_pass = '[UNDEF]'
2015-01-01 19:48:55   management_log_history_cache = 250
2015-01-01 19:48:55   management_echo_buffer_size = 100
2015-01-01 19:48:55   management_write_peer_info_file = '[UNDEF]'
2015-01-01 19:48:55   management_client_user = '[UNDEF]'
2015-01-01 19:48:55   management_client_group = '[UNDEF]'
2015-01-01 19:48:55   management_flags = 4390
2015-01-01 19:48:55   shared_secret_file = '[UNDEF]'
2015-01-01 19:48:55   key_direction = 0
2015-01-01 19:48:55   ciphername_defined = ENABLED
2015-01-01 19:48:55   ciphername = 'BF-CBC'
2015-01-01 19:48:55   authname_defined = ENABLED
2015-01-01 19:48:55   authname = 'SHA1'
2015-01-01 19:48:55   prng_hash = 'SHA1'
2015-01-01 19:48:55   prng_nonce_secret_len = 16
2015-01-01 19:48:55   keysize = 0
2015-01-01 19:48:55   engine = DISABLED
2015-01-01 19:48:55   replay = ENABLED
2015-01-01 19:48:55   mute_replay_warnings = DISABLED
2015-01-01 19:48:55   replay_window = 64
2015-01-01 19:48:55   replay_time = 15
2015-01-01 19:48:55   packet_id_file = '[UNDEF]'
2015-01-01 19:48:55   use_iv = ENABLED
2015-01-01 19:48:55   test_crypto = DISABLED
2015-01-01 19:48:55   tls_server = DISABLED
2015-01-01 19:48:55   tls_client = ENABLED
2015-01-01 19:48:55   key_method = 2
2015-01-01 19:48:55   ca_file = '[[INLINE]]'
2015-01-01 19:48:55   ca_path = '[UNDEF]'
2015-01-01 19:48:55   dh_file = '[UNDEF]'
2015-01-01 19:48:55   cert_file = '[[INLINE]]'
2015-01-01 19:48:55   priv_key_file = '[[INLINE]]'
2015-01-01 19:48:55   pkcs12_file = '[UNDEF]'
2015-01-01 19:48:55   cipher_list = '[UNDEF]'
2015-01-01 19:48:55   tls_verify = '[UNDEF]'
2015-01-01 19:48:55   tls_export_cert = '[UNDEF]'
2015-01-01 19:48:55   verify_x509_type = 0
2015-01-01 19:48:55   verify_x509_name = '[UNDEF]'
2015-01-01 19:48:55   crl_file = '[UNDEF]'
2015-01-01 19:48:55   ns_cert_type = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_ku[i] = 0
2015-01-01 19:48:55   remote_cert_eku = '[UNDEF]'
2015-01-01 19:48:55   ssl_flags = 0
2015-01-01 19:48:55   tls_timeout = 2
2015-01-01 19:48:55   renegotiate_bytes = 0
2015-01-01 19:48:55   renegotiate_packets = 0
2015-01-01 19:48:55   renegotiate_seconds = 3600
2015-01-01 19:48:55   handshake_window = 60
2015-01-01 19:48:55   transition_window = 3600
2015-01-01 19:48:55   single_session = DISABLED
2015-01-01 19:48:55   push_peer_info = DISABLED
2015-01-01 19:48:55   tls_exit = DISABLED
2015-01-01 19:48:55   tls_auth_file = '[UNDEF]'
2015-01-01 19:48:55   client = ENABLED
2015-01-01 19:48:55   pull = ENABLED
2015-01-01 19:48:55   auth_user_pass_file = '[UNDEF]'
2015-01-01 19:48:55 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_625-af9eb9424047f9f5] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Dec 15 2014
2015-01-01 19:48:55 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.07
2015-01-01 19:48:55 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2015-01-01 19:48:55 MANAGEMENT: CMD 'hold release'
2015-01-01 19:48:55 MANAGEMENT: CMD 'proxy NONE'
2015-01-01 19:48:55 MANAGEMENT: CMD 'bytecount 2'
2015-01-01 19:48:55 MANAGEMENT: CMD 'state on'
2015-01-01 19:48:56 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2015-01-01 19:48:56 LZO compression initializing
2015-01-01 19:48:56 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2015-01-01 19:48:56 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2015-01-01 19:48:56 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2015-01-01 19:48:56 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2015-01-01 19:48:56 Local Options hash (VER=V4): '41690919'
2015-01-01 19:48:56 Expected Remote Options hash (VER=V4): '530fdded'
2015-01-01 19:48:56 TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxx
2015-01-01 19:48:56 Socket Buffers: R=[163840->131072] S=[163840->131072]
2015-01-01 19:48:56 Protecting socket fd 4
2015-01-01 19:48:56 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-01-01 19:48:56 UDP link local: (not bound)
2015-01-01 19:48:56 UDP link remote: [AF_INET]xxxxxxxx:1194
2015-01-01 19:48:56 MANAGEMENT: >STATE:1420138136,WAIT,,,
2015-01-01 19:48:56 MANAGEMENT: >STATE:1420138136,AUTH,,,
2015-01-01 19:48:56 TLS: Initial packet from [AF_INET]xxxxxxx:1194, sid=7fd2aeb6 30a78a02
2015-01-01 19:48:56 VERIFY OK: depth=1, C=PL, ST=PL, L=Bialystok, O=Fort-Funston, OU=MM, CN=MM, name=MM, emailAddress=xxxxx@xxxxxx
2015-01-01 19:48:56 VERIFY OK: depth=0, C=PL, ST=PL, L=Bialystok, O=Fort-Funston, OU=MM, CN=server, name=MM, emailAddress=xxx@xxxxx
2015-01-01 19:48:56 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2015-01-01 19:48:56 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-01-01 19:48:56 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2015-01-01 19:48:56 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-01-01 19:48:56 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2015-01-01 19:48:56 [server] Peer Connection Initiated with [AF_INET]xxxxxxxxx:1194
2015-01-01 19:48:57 MANAGEMENT: >STATE:1420138137,GET_CONFIG,,,
2015-01-01 19:48:58 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2015-01-01 19:48:58 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.16 255.255.255.0'
2015-01-01 19:48:58 OPTIONS IMPORT: timers and/or timeouts modified
2015-01-01 19:48:58 OPTIONS IMPORT: --ifconfig/up options modified
2015-01-01 19:48:58 OPTIONS IMPORT: route-related options modified
2015-01-01 19:48:58 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2015-01-01 19:48:58 MANAGEMENT: >STATE:1420138138,ASSIGN_IP,,10.8.0.16,
2015-01-01 19:48:58 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2015-01-01 19:48:58 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2015-01-01 19:48:58 Opening tun interface:
2015-01-01 19:48:58 Route rejected by Android10.8.0.16/24 Bad address
2015-01-01 19:48:58 Local IPv4: 10.8.0.16/24 IPv6: null MTU: 1500
2015-01-01 19:48:58 DNS Server: , Domain: null
2015-01-01 19:48:58 Routes: 10.8.0.16/24 
2015-01-01 19:48:58 Routes excluded: 192.168.0.101/24 
2015-01-01 19:48:58 VpnService routes installed: 10.8.0.16/24 
2015-01-01 19:48:58 Disallowed VPN apps: 
2015-01-01 19:48:58 No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers. Please also note that Android will keep using your proxy settings specified for your mobile/Wi-Fi connection when no DNS servers are set.
2015-01-01 19:48:58 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2015-01-01 19:48:58 Initialization Sequence Completed
2015-01-01 19:48:58 MANAGEMENT: >STATE:1420138138,CONNECTED,SUCCESS,10.8.0.16,xxxxxxx
Full log, I only removed some sensitive data.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Lollipop - Route rejected by Android - bad address

Post by Traffic » Fri Jan 02, 2015 12:27 pm

giaur500 wrote:2015-01-01 19:48:58 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.16 255.255.255.0'
The pushed data is correct.
giaur500 wrote:2015-01-01 19:48:58 Opening tun interface:
2015-01-01 19:48:58 Route rejected by Android10.8.0.16/24 Bad address
this is a bad address but i have no idea why it is there ?
giaur500 wrote:2015-01-01 19:48:58 Local IPv4: 10.8.0.16/24 IPv6: null MTU: 1500
2015-01-01 19:48:58 DNS Server: , Domain: null
2015-01-01 19:48:58 Routes: 10.8.0.16/24
2015-01-01 19:48:58 Routes excluded: 192.168.0.101/24
2015-01-01 19:48:58 VpnService routes installed: 10.8.0.16/24
This makes no sense ?

Please post details of the route table with the VPN connected.

Also, please check you have posted the correct configs.
Top
giaur500
OpenVpn Newbie
Posts: 9
Joined: Tue Dec 30, 2014 7:14 am

Re: Lollipop - Route rejected by Android - bad address

Post by giaur500 » Fri Jan 02, 2015 3:13 pm

First, I'm sure configs are valid. I did some tests:

- KitKat 4.4.2 (tablet), routing table:

Code: Select all

root@baffin:/mnt/internal_sd # ip route                                                                                                                                            
default via 192.168.0.1 dev wlan0 
default via 192.168.0.1 dev wlan0  metric 304 
10.8.0.0/24 dev tun0  proto kernel  scope link  src 10.8.0.16 
192.168.0.0/24 dev wlan0  scope link 
192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.102 
192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.102  metric 304 
192.168.0.1 dev wlan0  scope link
- Lollipop 5.0.2 (CM12), routing table:

Code: Select all

root@A0001:/mnt/shell/emulated/0 # ip route
10.8.0.0/24 dev tun0  proto kernel  scope link  src 10.8.0.16 
192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.101
- On my PC (Debian Linux), routing table (there is 10.8.0.8 ip assigned via ipp on server):

Code: Select all

root@debian:~# ip route
default via 192.168.0.1 dev wlan0  proto static  metric 1024 
10.8.0.0/24 dev tun0  proto kernel  scope link  src 10.8.0.8 
<my external ip - removed> via 192.168.0.1 dev wlan0  proto static  metric 10 
192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.105
Both PC and KitKat works and visible inside VPN network. But if I connect on Lollipop, nothing works and 10.8.0.16 is not accesible. Actually, routing seems be the same both KitKat and Lollipop and PC and seems to be valid. Do you have any ideas?

Of course, KitKat and Lollipop was not connected simultaneously (they use the same certificates and gets the sam IP from server, pc uses different certificates)
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Lollipop - Route rejected by Android - bad address

Post by Traffic » Sat Jan 03, 2015 12:04 pm

giaur500 wrote:2015-01-01 19:48:55 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_625-af9eb9424047f9f5] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Dec 15 2014
2015-01-01 19:48:55 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.07
Unfortunately, ics-openvpn is a port of openvpn for android:
https://code.google.com/p/ics-openvpn/

Try reporting it to those guys and see if you can get help.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Lollipop - Route rejected by Android - bad address

Post by Traffic » Sat Jan 03, 2015 1:35 pm

You could try using --topology net30 .. perhaps there is a bug related to --topology subnet ?
Top
giaur500
OpenVpn Newbie
Posts: 9
Joined: Tue Dec 30, 2014 7:14 am

Re: Lollipop - Route rejected by Android - bad address

Post by giaur500 » Sat Jan 03, 2015 2:16 pm

Code: Select all

You could try using --topology net30 .. perhaps there is a bug related to --topology subnet ?
I don't really understand difference, should I only change on server:

Code: Select all

topology subnet
to:

Code: Select all

topology net30
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Lollipop - Route rejected by Android - bad address

Post by Traffic » Sat Jan 03, 2015 3:49 pm

giaur500 wrote:I don't really understand difference, should I only change on server:
When a server is correctly configured it will automatically push topology to the client .. so yes only your server needs to be changed.
Top
papayo
OpenVpn Newbie
Posts: 1
Joined: Sun Jan 04, 2015 11:02 am

Re: Lollipop - Route rejected by Android - bad address

Post by papayo » Sun Jan 04, 2015 11:10 am

I have exactly the same issue. I did a clean installation of CM12 (full wipe) on my phone. A previously (CM11) working ovpn profile is not working on CM12.
OpenVPN connects OK, but traffic is not routed through VPN nor I can ping any machine inside the VPN.
If I restore the full CM11 nandroid backup, the same ovpn profile works flawlessly: traffic is routed through VPN and I can ping machines inside the VPN
Top
emacsomancer
OpenVpn Newbie
Posts: 1
Joined: Mon Jan 05, 2015 7:40 am

Re: Lollipop - Route rejected by Android - bad address

Post by emacsomancer » Mon Jan 05, 2015 6:22 pm

I'm also having exactly the same problem. I can connect to my home VPN with my Linux machines and with Android devices running Kitkat, but when I try to connect on a device running Lollipop I have the same experience as OP.

I had no "topology" line in my server-side .conf file, but I tried adding

Code: Select all

topology net30
and rebooting based on the discussion here, but that made no difference - I still experience exactly the problem.

Has anyone made any headway on this?
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Lollipop - Route rejected by Android - bad address

Post by Traffic » Wed Jan 07, 2015 12:36 am

A properly configured server will automatically push --topology to the client.

net30 is the default topology for openvpn.
subnet is an optional topology
See --topology in The Manual v23x

My suggestion to try a different topology was just a hunch .. not a solution by any means.
Top
giaur500
OpenVpn Newbie
Posts: 9
Joined: Tue Dec 30, 2014 7:14 am

Re: Lollipop - Route rejected by Android - bad address

Post by giaur500 » Wed Jan 07, 2015 6:56 am

Maybe CM12 bug?
Top
vidit10
OpenVpn Newbie
Posts: 1
Joined: Wed Jan 21, 2015 11:17 pm

Re: Lollipop - Route rejected by Android - bad address

Post by vidit10 » Wed Jan 21, 2015 11:17 pm

I might have found the solution.

Disable IPv6 from your APN. It fixed the problem for me.
Top
giaur500
OpenVpn Newbie
Posts: 9
Joined: Tue Dec 30, 2014 7:14 am

Re: Lollipop - Route rejected by Android - bad address

Post by giaur500 » Fri Jan 23, 2015 7:06 am

Assumed you are talking about network data apn, what about wifi?
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Lollipop - Route rejected by Android - bad address

Post by Traffic » Sat Jan 24, 2015 7:03 pm

emacsomancer wrote:I had no "topology" line in my server-side .conf file, but I tried adding
Code:
topology net30
could you please post your client log with --topology net30 set in the server config.

Set your client config to --verb 4 .. thanks.
Top
giaur500
OpenVpn Newbie
Posts: 9
Joined: Tue Dec 30, 2014 7:14 am

Re: Lollipop - Route rejected by Android - bad address

Post by giaur500 » Sun Jan 25, 2015 9:49 am

My server.conf:

Code: Select all

port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
topology subnet
client-config-dir ccd
I tried to set topology net30, but after this my server is not even visible on my LAN network, I can't access it by local IP address that is assigned by my router. So I can't test, net30 breaks something and I'm not sure what is it.

P.S: this site: https://code.google.com/p/ics-openvpn/ seems to be dead, so I see no sesne to post any bug reports there. Regarding to ipv6 - I have it already disabled for mobile apns. I don't see any way to disable ipv6 globally on CM12, because it comes without sysctl.conf support.
Top
calcprogrammer1
OpenVpn Newbie
Posts: 2
Joined: Fri Sep 21, 2012 12:13 am

Re: Lollipop - Route rejected by Android - bad address

Post by calcprogrammer1 » Fri Jan 30, 2015 4:36 pm

I'm having the same issue. I use a tap-based OpenVPN on my Note 3. I use it via a Debian jessie chroot, so I have a script that runs "service openvpn start" on boot. This worked fine in CM11 but in CM12 it is not. The tap0 interface is connected but nothing is being routed to it.
Top
Post Reply

Return to “OpenVPN Connect (Android)”