Not adding routes on Kitkat 4.4.2

[stalks]

I have non-root stock Samsung Note 3. I just upgraded to Kitkat 4.4.2 using the official firmware released the other day.

Since the upgrade OpenVPN Connect no longer generates the routes required.

I have been using the some .ovpn file for 2 years, and the pfSense firewall I connect to has also been untouched. I also have a Samsung Galaxy S2 which runs ICS and works fine with OpenVPN Connect.

The log files produce no errors, they show that the routes are requested (redirect-gateway def1, etc.) but nothing appears in "ip routes" like it should do after its connected.

Note, OpenVPN for Android, the other app on the play store *has the same problem*.

I think some further work for Kitkat, or perhaps even this Samsung ROM (god I hope not) is required.

[whipped]

Just to say I'm havibg the exact same problem. Note 3, recently upgraded to 4.4.2

Regards

Kev

[99AirBalloons]

I'm not seeing any issues on my Nexus 5 on 4.4.2, so it may well be Samsung specific I'm afraid.

[mikeyb]

I have the same problem having just bought a Nexus 7 (2013).
Its on 4.4.2 stock.
I get a connection, the log seems to show routes are added but I cant get to any of them.
Very disappointed.
I've read elsewhere its a 4.4.2 bug.
Hoping someone can suggest a fix.

[JohnnySSH]

I have similar issue with HTC One and Android 4.4.

Though my phone is rooted with OpenVPN for Android app I don't see any data going upstream, so most likely route had not been added.

In addition though to all of this using OpenVPN Connect I get the error:

Code: Select all

Transport Error: socket_protect error (UDP)

My config was working fine for versions 4.2 and 4.3 of Android. I also tested with TCP and disabled the ta.key but same issue....

A fix would be great!

[need4spd]

I have 2 note 3 phones. One of them i installed the kitkat update and it no longer has vpn working on the kitkat phone.

Same vpn network and all. Sometimes it will kind of work if i connect to a wifi internet then use vpn.
But if i use cellular data and try vpn no can do. Oftentimes if i recall it will connect but nothing will transmit.

kitkat sucks for note 3

[iunlock]

Note 3 (Recently updated to KitKat 4.4.2)

I am getting these error messages:

Error Message1: "Problem creating TUN interface: Possibly the tun.ko kernel module is not loaded in your Android Kernel"

Error Message2: "Error creating the tun interface: cannot acquire tun interface socket"

I changed the APN protocol to IPv4/IPv6 and APN roaming protocol to IPv4/IPv6 as well as this is the only way that it seems to stay connected to VPN, ONLY for a little while until it disconnects with the error message to immediately follow. However, I'm not quite sure about the APN protocol also being on IPv6? DNS leak? Yes...I've checked several times.

When updating to Kitkat 4.4.2, because it updated the BL, we're stuck...too bad we can't downgrade to 4.3 again. At least not yet right?

Someone please find a fix...

[iunlock]

Update!!!
New OpenVPN Update fixed the connection issue on kitkat!!!

I'm on a Note 3.

[MiniK]

I have the same problem I think.

I recently installed Kikat and downloaded OpenVPN Connect from play store.

Open VPN Connect succesfully connect to my server but no packets are exchanged. I Cant access the internet.

No errors in the open vpn logs. So I think their is a problem in routes...

My windows clients connect perfectly to the same server.

I use to connect to this server with jelly bean without problems.

I have open vpn connect 1.1.14 build 56 android 4.4.3 with cyanogen 11.20140607 (NIGHTLY)

[polojl]

oh! happens to me as well! I have a motorola razrhd

[polojl]

hi .. did you know of any solution?

[MiniK]

Hi
developper of Open Vpn for android gave me an answer and a solution

Problem is related to cyanogen 11

you can check it there :
https://plus.google.com/117413645169201 ... apTDzVP4DQ

[ddeluca1]

I don't know if this will apply to everyone.
I had the same routing problems and I found that the "Access Point Names" in my T-Mobile Galaxy S5 was set to use IPv6 protocol only.
It was forcing IPv4 through IPv6 and as a result the IPv4 gateway was being overridden by the IPv6 network.
My servers gateway was being replaced by T-Mobile's gateway almost immediately.
This can be found in Settings, Network Connections, More networks, Mobile networks, Access Point Names.


Name : T-Mobile US LTE
APN : fast-mobile.com
Proxy : Not set
Port : Not set
Username : Not set
Password : Not set
Server : Not set
MMSC : http://mms.msg.eng.t-mobile.com/mms/wapenc
Multimedia message proxy : Not set
Multimedia message port : Not set
MMC : 310
MNC : 260
Authentication type : None
APN type : default,mms,supl
APN protocol : IPv4
APN roaming protocol : IPv6
Turn APN on/off : APN turned on
Bearer: Unspecified
Mobile virtual network operator type : None
Mobile virtual network operator value : Not set


Since you can't edit the stock APN, I added an APN, duplicated the values from the stock one.
I used a different "name" and changed the "APN protocol" to "IPv4".
I tried "IPv4/IPv6" but the GW overwrite still happened.


Name : T-Mobile US LTE IPv4
APN : fast-mobile.com
Proxy : Not set
Port : Not set
Username : Not set
Password : Not set
Server : Not set
MMSC : http://mms.msg.eng.t-mobile.com/mms/wapenc
Multimedia message proxy : Not set
Multimedia message port : Not set
MMC : 310
MNC : 260
Authentication type : None
APN type : default,mms,supl
APN protocol : IPv4
APN roaming protocol : IPv4
Turn APN on/off : APN turned on
Bearer: Unspecified
Mobile virtual network operator type : None
Mobile virtual network operator value : Not set

I am looking into enabling IPv6 to see if that will correct the overwrite as well.
Unfortunately the guides are a little fuzzy on IPv6 setups.

[Lupine]

Seems like this is still an issue?

I've been testing various things on my Samsung Galaxy S5 with Android 4.4.4 and I am not see the necessary routes added. Server config works just fine with an Fedora laptop, but the phone does not get the necessary routes.

[PinzNneedlz]

I too am having this same issue. I was using my rooted Motorola Droid Razor w/ Ice Cream Sandwich and everything was fine. Never a connection issues except the issues that i was having with such an out dated phone and the radio going bad. But then I decided to abandon the droid razor and take the plunge in purchasing a new LG G3 phone which came with 4.4.2 kitkat on it. My provider is Verizon and has been Verizon between the 2 phones. After creating new certificates and keys and starting from scratch for the new phone using the Official OpenVPN app just like the droid razor had, I'm now not able to maintain a connection with the server that I use on my Asus Router Merlin build. This is very frustrating!!! Certainly not a Verizon issue. Spoke with a few techs there and they do not prohibit VPN connections and they do allow IPv4/IPv6 traffic through their APN. Explains why I never had any issues with the droid razor. If this is, and sounds like it is, a problem with the phones OS, when will we see a fix for this issue?!?!!? The update channel log states that it added a feature disabling seamless tunnel for devices running API level 19 that use kitkat. Does this mean that if the API level is something other than 19 then we are all screwed or what? Or am I totally way off here? This is upsetting. Any advice, comments, or questions are welcomed. I use OpenVPN for my connections back to the server for safe and secure IP camera viewing remotely. Its my life line as I refuse to use anything less!!

[bird333]

Do you guys think this problem may be related to the SElinux security?

[CrazyVirus]

Do you guys think this problem may be related to the SElinux security?

I don't think so. I have the same problem here and have to use an annoying trick: add route to host manually each time connecting to VPN server. This may help while we have to wait for bug fixed from OpenVPN author.

[jcarerra]

... using OpenVPN Connect I get the error:

Code: Select all

Transport Error: socket_protect error (UDP)

As do I on a Samsung Tab4 with 4.4.2 and using OpenVPN Connect 1.1.14.build 56.
Being a newbie to VPN'ing, I have no clue how to fix this, but really need to get VPN working on the tablet.

It is so hard to test because you change something, drive to a foreign public hotspot, try it, find it doesn't work, drive home, apply some new thing "Joe" on the web said, drive again.....you get the idea. It is a slow, frustrating time consuming loop.

Has there been any feedback from Google that they are fixing it in android--and how does it get pushed into existing versions that have the bug--or how do we make them work?

[skelmy]

I had this problem when I rooted my Android TV box running Open VPN what the problem is, is in Android 4.4.2 google have taken out the tun.ko but the kernel module is still there to run it just not the file.

What you need to do is run this https://play.google.com/store/apps/deta ... ller&hl=en and it will install the tun.ko file and load it through the kernel.

The only downfall is, if the internet goes down or the router needs resetting, this will crash Android also if you want to switch to another server or another VPN totally then this will crash it and lastly if you want to even turn it will crash it.

But it does work.............

People saying it is a Cyanogen Mod Problem are wrong. This is across the board all Google Android 4.4.2 devices have this issue because it does not have the file but the module in the kernel is still there as its based on the linux kernel.

This to me says that google did NOT want people to use a VPN............ I WONDER why that is?

It can be put right as well but I don't intend to update from Cyanogen Mod 10.2.1 as that is the listed most stable, 11 is listed officially as cm-11-20141112 but this will have the same problem as listed here at a guess.

The Cyanogen Mod 12 may have fixed this issue and the onboard PPTP settings of any device only hides your IP address it does NOT encrypt your line you need to use Open VPN for that..........

There is your answer.