Page 1 of 2
Lollipop - Route rejected by Android - bad address
Posted: Tue Dec 30, 2014 7:26 am
by giaur500
Hi,
I'm on CM12 (Lollipop 5.0.2). I tried OpenVpn Connect and OpenVPN for Android apps. Both seems to be ok (they can establish connection). However, I noticed, that there is no routing set. I found this in OpenVPN for Android log:
Code: Select all
Route rejected by Android10.8.0.16/24 Bad address
OpenVPN connect doesn't throw this message, but problem is the same. My phone is not visible inside VPN network (via ip 10.8.0.16) my phone can't see any address from vpn network. Both server and clients configuration are valid. If I use the same config on my PC or on Android 4.4, all ok. This problem exists on Lollipop only. Possibly CM12 bug? Do you know any workaround?
Re: Lollipop - Route rejected by Android - bad address
Posted: Tue Dec 30, 2014 2:45 pm
by Traffic
10.8.0.16/24
is a Bad address !
A shot in the dark ..
- You may require either 10.8.0.0/24 or 10.8.0.16/32 .. but it could also be 10.8.16.0/24 ?
Check your configs for routing errors ..
Re: Lollipop - Route rejected by Android - bad address
Posted: Wed Dec 31, 2014 8:02 am
by giaur500
My config (.ovpn), used to import:
Code: Select all
dev tun
client
remote <server ip>
proto udp
port 1194
nobind
ca ca.crt
cert client_android.crt
key client_android.key
comp-lzo
verb 3
Server configuration (open vpn on Linux) - server.conf:
Code: Select all
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
topology subnet
client-config-dir ccd
So there is 10.8.0.0 255.255.255.0 on server. 10.8.0.16 is ip assigned by server for client connected. Also, I don't have any problems on KitKat, the same hardware and the same config (tested).
Re: Lollipop - Route rejected by Android - bad address
Posted: Thu Jan 01, 2015 2:47 pm
by Traffic
Please post your complete client log at --verb 4
Re: Lollipop - Route rejected by Android - bad address
Posted: Thu Jan 01, 2015 6:58 pm
by giaur500
Code: Select all
2015-01-01 19:48:52 Running on A0001 (MSM8974) oneplus, Android API 21, version 0.6.26, official build
2015-01-01 19:48:52 Building configuration…
2015-01-01 19:48:55 started Socket Thread
2015-01-01 19:48:55 Current Parameter Settings:
2015-01-01 19:48:55 config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2015-01-01 19:48:55 mode = 0
2015-01-01 19:48:55 show_ciphers = DISABLED
2015-01-01 19:48:55 show_digests = DISABLED
2015-01-01 19:48:55 show_engines = DISABLED
2015-01-01 19:48:55 genkey = DISABLED
2015-01-01 19:48:55 key_pass_file = '[UNDEF]'
2015-01-01 19:48:55 show_tls_ciphers = DISABLED
2015-01-01 19:48:55 connect_retry_max = 5
2015-01-01 19:48:55 Connection profiles [0]:
2015-01-01 19:48:55 proto = udp
2015-01-01 19:48:55 local = '[UNDEF]'
2015-01-01 19:48:55 local_port = '[UNDEF]'
2015-01-01 19:48:55 remote = xxxxxxxx
2015-01-01 19:48:55 remote_port = '1194'
2015-01-01 19:48:55 remote_float = DISABLED
2015-01-01 19:48:55 bind_defined = DISABLED
2015-01-01 19:48:55 bind_local = DISABLED
2015-01-01 19:48:55 bind_ipv6_only = DISABLED
2015-01-01 19:48:55 connect_retry_seconds = 5
2015-01-01 19:48:55 connect_timeout = 10
2015-01-01 19:48:55 socks_proxy_server = '[UNDEF]'
2015-01-01 19:48:55 socks_proxy_port = '[UNDEF]'
2015-01-01 19:48:55 socks_proxy_retry = DISABLED
2015-01-01 19:48:55 tun_mtu = 1500
2015-01-01 19:48:55 tun_mtu_defined = ENABLED
2015-01-01 19:48:55 link_mtu = 1500
2015-01-01 19:48:55 link_mtu_defined = DISABLED
2015-01-01 19:48:55 tun_mtu_extra = 0
2015-01-01 19:48:55 tun_mtu_extra_defined = DISABLED
2015-01-01 19:48:55 mtu_discover_type = -1
2015-01-01 19:48:55 fragment = 0
2015-01-01 19:48:55 mssfix = 1450
2015-01-01 19:48:55 explicit_exit_notification = 0
2015-01-01 19:48:55 Connection profiles END
2015-01-01 19:48:55 remote_random = DISABLED
2015-01-01 19:48:55 ipchange = '[UNDEF]'
2015-01-01 19:48:55 dev = 'tun'
2015-01-01 19:48:55 dev_type = '[UNDEF]'
2015-01-01 19:48:55 dev_node = '[UNDEF]'
2015-01-01 19:48:55 lladdr = '[UNDEF]'
2015-01-01 19:48:55 topology = 1
2015-01-01 19:48:55 tun_ipv6 = DISABLED
2015-01-01 19:48:55 ifconfig_local = '[UNDEF]'
2015-01-01 19:48:55 ifconfig_remote_netmask = '[UNDEF]'
2015-01-01 19:48:55 ifconfig_noexec = DISABLED
2015-01-01 19:48:55 ifconfig_nowarn = ENABLED
2015-01-01 19:48:55 ifconfig_ipv6_local = '[UNDEF]'
2015-01-01 19:48:55 ifconfig_ipv6_netbits = 0
2015-01-01 19:48:55 ifconfig_ipv6_remote = '[UNDEF]'
2015-01-01 19:48:55 shaper = 0
2015-01-01 19:48:55 mtu_test = 0
2015-01-01 19:48:55 mlock = DISABLED
2015-01-01 19:48:55 keepalive_ping = 0
2015-01-01 19:48:55 keepalive_timeout = 0
2015-01-01 19:48:55 inactivity_timeout = 0
2015-01-01 19:48:55 ping_send_timeout = 0
2015-01-01 19:48:55 ping_rec_timeout = 0
2015-01-01 19:48:55 ping_rec_timeout_action = 0
2015-01-01 19:48:55 ping_timer_remote = DISABLED
2015-01-01 19:48:55 remap_sigusr1 = 0
2015-01-01 19:48:55 persist_tun = DISABLED
2015-01-01 19:48:55 persist_local_ip = DISABLED
2015-01-01 19:48:55 persist_remote_ip = DISABLED
2015-01-01 19:48:55 persist_key = DISABLED
2015-01-01 19:48:55 passtos = DISABLED
2015-01-01 19:48:55 resolve_retry_seconds = 60
2015-01-01 19:48:55 resolve_in_advance = DISABLED
2015-01-01 19:48:55 username = '[UNDEF]'
2015-01-01 19:48:55 groupname = '[UNDEF]'
2015-01-01 19:48:55 chroot_dir = '[UNDEF]'
2015-01-01 19:48:55 cd_dir = '[UNDEF]'
2015-01-01 19:48:55 writepid = '[UNDEF]'
2015-01-01 19:48:55 up_script = '[UNDEF]'
2015-01-01 19:48:55 down_script = '[UNDEF]'
2015-01-01 19:48:55 down_pre = DISABLED
2015-01-01 19:48:55 up_restart = DISABLED
2015-01-01 19:48:55 up_delay = DISABLED
2015-01-01 19:48:55 daemon = DISABLED
2015-01-01 19:48:55 inetd = 0
2015-01-01 19:48:55 log = DISABLED
2015-01-01 19:48:55 suppress_timestamps = DISABLED
2015-01-01 19:48:55 machine_readable_output = ENABLED
2015-01-01 19:48:55 nice = 0
2015-01-01 19:48:55 verbosity = 4
2015-01-01 19:48:55 mute = 0
2015-01-01 19:48:55 gremlin = 0
2015-01-01 19:48:55 Network Status: CONNECTED to WIFI "TP-LINK_41D444"
2015-01-01 19:48:55 status_file = '[UNDEF]'
2015-01-01 19:48:55 status_file_version = 1
2015-01-01 19:48:55 status_file_update_freq = 60
2015-01-01 19:48:55 occ = ENABLED
2015-01-01 19:48:55 rcvbuf = 65536
2015-01-01 19:48:55 sndbuf = 65536
2015-01-01 19:48:55 sockflags = 0
2015-01-01 19:48:55 fast_io = DISABLED
2015-01-01 19:48:55 comp.alg = 2
2015-01-01 19:48:55 comp.flags = 1
2015-01-01 19:48:55 route_script = '[UNDEF]'
2015-01-01 19:48:55 route_default_gateway = '[UNDEF]'
2015-01-01 19:48:55 route_default_metric = 0
2015-01-01 19:48:55 route_noexec = DISABLED
2015-01-01 19:48:55 route_delay = 0
2015-01-01 19:48:55 route_delay_window = 30
2015-01-01 19:48:55 route_delay_defined = DISABLED
2015-01-01 19:48:55 route_nopull = DISABLED
2015-01-01 19:48:55 route_gateway_via_dhcp = DISABLED
2015-01-01 19:48:55 allow_pull_fqdn = DISABLED
2015-01-01 19:48:55 management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2015-01-01 19:48:55 management_port = 'unix'
2015-01-01 19:48:55 management_user_pass = '[UNDEF]'
2015-01-01 19:48:55 management_log_history_cache = 250
2015-01-01 19:48:55 management_echo_buffer_size = 100
2015-01-01 19:48:55 management_write_peer_info_file = '[UNDEF]'
2015-01-01 19:48:55 management_client_user = '[UNDEF]'
2015-01-01 19:48:55 management_client_group = '[UNDEF]'
2015-01-01 19:48:55 management_flags = 4390
2015-01-01 19:48:55 shared_secret_file = '[UNDEF]'
2015-01-01 19:48:55 key_direction = 0
2015-01-01 19:48:55 ciphername_defined = ENABLED
2015-01-01 19:48:55 ciphername = 'BF-CBC'
2015-01-01 19:48:55 authname_defined = ENABLED
2015-01-01 19:48:55 authname = 'SHA1'
2015-01-01 19:48:55 prng_hash = 'SHA1'
2015-01-01 19:48:55 prng_nonce_secret_len = 16
2015-01-01 19:48:55 keysize = 0
2015-01-01 19:48:55 engine = DISABLED
2015-01-01 19:48:55 replay = ENABLED
2015-01-01 19:48:55 mute_replay_warnings = DISABLED
2015-01-01 19:48:55 replay_window = 64
2015-01-01 19:48:55 replay_time = 15
2015-01-01 19:48:55 packet_id_file = '[UNDEF]'
2015-01-01 19:48:55 use_iv = ENABLED
2015-01-01 19:48:55 test_crypto = DISABLED
2015-01-01 19:48:55 tls_server = DISABLED
2015-01-01 19:48:55 tls_client = ENABLED
2015-01-01 19:48:55 key_method = 2
2015-01-01 19:48:55 ca_file = '[[INLINE]]'
2015-01-01 19:48:55 ca_path = '[UNDEF]'
2015-01-01 19:48:55 dh_file = '[UNDEF]'
2015-01-01 19:48:55 cert_file = '[[INLINE]]'
2015-01-01 19:48:55 priv_key_file = '[[INLINE]]'
2015-01-01 19:48:55 pkcs12_file = '[UNDEF]'
2015-01-01 19:48:55 cipher_list = '[UNDEF]'
2015-01-01 19:48:55 tls_verify = '[UNDEF]'
2015-01-01 19:48:55 tls_export_cert = '[UNDEF]'
2015-01-01 19:48:55 verify_x509_type = 0
2015-01-01 19:48:55 verify_x509_name = '[UNDEF]'
2015-01-01 19:48:55 crl_file = '[UNDEF]'
2015-01-01 19:48:55 ns_cert_type = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_ku[i] = 0
2015-01-01 19:48:55 remote_cert_eku = '[UNDEF]'
2015-01-01 19:48:55 ssl_flags = 0
2015-01-01 19:48:55 tls_timeout = 2
2015-01-01 19:48:55 renegotiate_bytes = 0
2015-01-01 19:48:55 renegotiate_packets = 0
2015-01-01 19:48:55 renegotiate_seconds = 3600
2015-01-01 19:48:55 handshake_window = 60
2015-01-01 19:48:55 transition_window = 3600
2015-01-01 19:48:55 single_session = DISABLED
2015-01-01 19:48:55 push_peer_info = DISABLED
2015-01-01 19:48:55 tls_exit = DISABLED
2015-01-01 19:48:55 tls_auth_file = '[UNDEF]'
2015-01-01 19:48:55 client = ENABLED
2015-01-01 19:48:55 pull = ENABLED
2015-01-01 19:48:55 auth_user_pass_file = '[UNDEF]'
2015-01-01 19:48:55 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_625-af9eb9424047f9f5] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Dec 15 2014
2015-01-01 19:48:55 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.07
2015-01-01 19:48:55 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2015-01-01 19:48:55 MANAGEMENT: CMD 'hold release'
2015-01-01 19:48:55 MANAGEMENT: CMD 'proxy NONE'
2015-01-01 19:48:55 MANAGEMENT: CMD 'bytecount 2'
2015-01-01 19:48:55 MANAGEMENT: CMD 'state on'
2015-01-01 19:48:56 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2015-01-01 19:48:56 LZO compression initializing
2015-01-01 19:48:56 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2015-01-01 19:48:56 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2015-01-01 19:48:56 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2015-01-01 19:48:56 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2015-01-01 19:48:56 Local Options hash (VER=V4): '41690919'
2015-01-01 19:48:56 Expected Remote Options hash (VER=V4): '530fdded'
2015-01-01 19:48:56 TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxx
2015-01-01 19:48:56 Socket Buffers: R=[163840->131072] S=[163840->131072]
2015-01-01 19:48:56 Protecting socket fd 4
2015-01-01 19:48:56 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-01-01 19:48:56 UDP link local: (not bound)
2015-01-01 19:48:56 UDP link remote: [AF_INET]xxxxxxxx:1194
2015-01-01 19:48:56 MANAGEMENT: >STATE:1420138136,WAIT,,,
2015-01-01 19:48:56 MANAGEMENT: >STATE:1420138136,AUTH,,,
2015-01-01 19:48:56 TLS: Initial packet from [AF_INET]xxxxxxx:1194, sid=7fd2aeb6 30a78a02
2015-01-01 19:48:56 VERIFY OK: depth=1, C=PL, ST=PL, L=Bialystok, O=Fort-Funston, OU=MM, CN=MM, name=MM, emailAddress=xxxxx@xxxxxx
2015-01-01 19:48:56 VERIFY OK: depth=0, C=PL, ST=PL, L=Bialystok, O=Fort-Funston, OU=MM, CN=server, name=MM, emailAddress=xxx@xxxxx
2015-01-01 19:48:56 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2015-01-01 19:48:56 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-01-01 19:48:56 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2015-01-01 19:48:56 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-01-01 19:48:56 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2015-01-01 19:48:56 [server] Peer Connection Initiated with [AF_INET]xxxxxxxxx:1194
2015-01-01 19:48:57 MANAGEMENT: >STATE:1420138137,GET_CONFIG,,,
2015-01-01 19:48:58 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2015-01-01 19:48:58 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.16 255.255.255.0'
2015-01-01 19:48:58 OPTIONS IMPORT: timers and/or timeouts modified
2015-01-01 19:48:58 OPTIONS IMPORT: --ifconfig/up options modified
2015-01-01 19:48:58 OPTIONS IMPORT: route-related options modified
2015-01-01 19:48:58 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2015-01-01 19:48:58 MANAGEMENT: >STATE:1420138138,ASSIGN_IP,,10.8.0.16,
2015-01-01 19:48:58 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2015-01-01 19:48:58 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2015-01-01 19:48:58 Opening tun interface:
2015-01-01 19:48:58 Route rejected by Android10.8.0.16/24 Bad address
2015-01-01 19:48:58 Local IPv4: 10.8.0.16/24 IPv6: null MTU: 1500
2015-01-01 19:48:58 DNS Server: , Domain: null
2015-01-01 19:48:58 Routes: 10.8.0.16/24
2015-01-01 19:48:58 Routes excluded: 192.168.0.101/24
2015-01-01 19:48:58 VpnService routes installed: 10.8.0.16/24
2015-01-01 19:48:58 Disallowed VPN apps:
2015-01-01 19:48:58 No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers. Please also note that Android will keep using your proxy settings specified for your mobile/Wi-Fi connection when no DNS servers are set.
2015-01-01 19:48:58 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2015-01-01 19:48:58 Initialization Sequence Completed
2015-01-01 19:48:58 MANAGEMENT: >STATE:1420138138,CONNECTED,SUCCESS,10.8.0.16,xxxxxxx
Full log, I only removed some sensitive data.
Re: Lollipop - Route rejected by Android - bad address
Posted: Fri Jan 02, 2015 12:27 pm
by Traffic
giaur500 wrote:2015-01-01 19:48:58 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.16 255.255.255.0'
The pushed data is correct.
giaur500 wrote:2015-01-01 19:48:58 Opening tun interface:
2015-01-01 19:48:58 Route rejected by Android10.8.0.16/24 Bad address
this is a bad address but i have no idea why it is there ?
giaur500 wrote:2015-01-01 19:48:58 Local IPv4: 10.8.0.16/24 IPv6: null MTU: 1500
2015-01-01 19:48:58 DNS Server: , Domain: null
2015-01-01 19:48:58 Routes: 10.8.0.16/24
2015-01-01 19:48:58 Routes excluded: 192.168.0.101/24
2015-01-01 19:48:58 VpnService routes installed: 10.8.0.16/24
This makes no sense ?
Please post details of the route table with the VPN connected.
Also, please check you have posted the correct configs.
Re: Lollipop - Route rejected by Android - bad address
Posted: Fri Jan 02, 2015 3:13 pm
by giaur500
First, I'm sure configs are valid. I did some tests:
- KitKat 4.4.2 (tablet), routing table:
Code: Select all
root@baffin:/mnt/internal_sd # ip route
default via 192.168.0.1 dev wlan0
default via 192.168.0.1 dev wlan0 metric 304
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.16
192.168.0.0/24 dev wlan0 scope link
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.102
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.102 metric 304
192.168.0.1 dev wlan0 scope link
- Lollipop 5.0.2 (CM12), routing table:
Code: Select all
root@A0001:/mnt/shell/emulated/0 # ip route
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.16
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.101
- On my PC (Debian Linux), routing table (there is 10.8.0.8 ip assigned via ipp on server):
Code: Select all
root@debian:~# ip route
default via 192.168.0.1 dev wlan0 proto static metric 1024
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.8
<my external ip - removed> via 192.168.0.1 dev wlan0 proto static metric 10
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.105
Both PC and KitKat works and visible inside VPN network. But if I connect on Lollipop, nothing works and 10.8.0.16 is not accesible. Actually, routing seems be the same both KitKat and Lollipop and PC and seems to be valid. Do you have any ideas?
Of course, KitKat and Lollipop was not connected simultaneously (they use the same certificates and gets the sam IP from server, pc uses different certificates)
Re: Lollipop - Route rejected by Android - bad address
Posted: Sat Jan 03, 2015 12:04 pm
by Traffic
giaur500 wrote:2015-01-01 19:48:55 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_625-af9eb9424047f9f5] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Dec 15 2014
2015-01-01 19:48:55 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.07
Unfortunately, ics-openvpn is a port of openvpn for android:
https://code.google.com/p/ics-openvpn/
Try reporting it to those guys and see if you can get help.
Re: Lollipop - Route rejected by Android - bad address
Posted: Sat Jan 03, 2015 1:35 pm
by Traffic
You could try using --topology net30 .. perhaps there is a bug related to --topology subnet ?
Re: Lollipop - Route rejected by Android - bad address
Posted: Sat Jan 03, 2015 2:16 pm
by giaur500
Code: Select all
You could try using --topology net30 .. perhaps there is a bug related to --topology subnet ?
I don't really understand difference, should I only change on server:
to:
Re: Lollipop - Route rejected by Android - bad address
Posted: Sat Jan 03, 2015 3:49 pm
by Traffic
giaur500 wrote:I don't really understand difference, should I only change on server:
When a server is correctly configured it will automatically push topology to the client .. so yes only your server needs to be changed.
Re: Lollipop - Route rejected by Android - bad address
Posted: Sun Jan 04, 2015 11:10 am
by papayo
I have exactly the same issue. I did a clean installation of CM12 (full wipe) on my phone. A previously (CM11) working ovpn profile is not working on CM12.
OpenVPN connects OK, but traffic is not routed through VPN nor I can ping any machine inside the VPN.
If I restore the full CM11 nandroid backup, the same ovpn profile works flawlessly: traffic is routed through VPN and I can ping machines inside the VPN
Re: Lollipop - Route rejected by Android - bad address
Posted: Mon Jan 05, 2015 6:22 pm
by emacsomancer
I'm also having exactly the same problem. I can connect to my home VPN with my Linux machines and with Android devices running Kitkat, but when I try to connect on a device running Lollipop I have the same experience as OP.
I had no "topology" line in my server-side .conf file, but I tried adding
and rebooting based on the discussion here, but that made no difference - I still experience exactly the problem.
Has anyone made any headway on this?
Re: Lollipop - Route rejected by Android - bad address
Posted: Wed Jan 07, 2015 12:36 am
by Traffic
A properly configured server will automatically push --
topology to the client.
net30 is the default topology for openvpn.
subnet is an optional topology
See
--topology in
The Manual v23x
My
suggestion to try a different topology was just a
hunch ..
not a solution by any means.
Re: Lollipop - Route rejected by Android - bad address
Posted: Wed Jan 07, 2015 6:56 am
by giaur500
Maybe CM12 bug?
Re: Lollipop - Route rejected by Android - bad address
Posted: Wed Jan 21, 2015 11:17 pm
by vidit10
I might have found the solution.
Disable IPv6 from your APN. It fixed the problem for me.
Re: Lollipop - Route rejected by Android - bad address
Posted: Fri Jan 23, 2015 7:06 am
by giaur500
Assumed you are talking about network data apn, what about wifi?
Re: Lollipop - Route rejected by Android - bad address
Posted: Sat Jan 24, 2015 7:03 pm
by Traffic
emacsomancer wrote:I had no "topology" line in my server-side .conf file, but I tried adding
Code:
topology net30
could you please post your client log with
--topology net30 set in the server config.
Set your client config to
--verb 4 .. thanks.
Re: Lollipop - Route rejected by Android - bad address
Posted: Sun Jan 25, 2015 9:49 am
by giaur500
My server.conf:
Code: Select all
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
topology subnet
client-config-dir ccd
I tried to set topology net30, but after this my server is not even visible on my LAN network, I can't access it by local IP address that is assigned by my router. So I can't test, net30 breaks something and I'm not sure what is it.
P.S: this site:
https://code.google.com/p/ics-openvpn/ seems to be dead, so I see no sesne to post any bug reports there. Regarding to ipv6 - I have it already disabled for mobile apns. I don't see any way to disable ipv6 globally on CM12, because it comes without sysctl.conf support.
Re: Lollipop - Route rejected by Android - bad address
Posted: Fri Jan 30, 2015 4:36 pm
by calcprogrammer1
I'm having the same issue. I use a tap-based OpenVPN on my Note 3. I use it via a Debian jessie chroot, so I have a script that runs "service openvpn start" on boot. This worked fine in CM11 but in CM12 it is not. The tap0 interface is connected but nothing is being routed to it.