Root OpenVPN/TUN (TDM, please check)

[MrB206]

Anyone else using a VPN and encountering issues when trying to use the OpenVPN protocol?

I use Private Internet Access and they just released an app, but I'm encoutering an error where 'tun' isn't being properly established.

The error in question is:

[HIGH]
04-07 09:27:13.661 E/VpnJni (507): Cannot allocate TUN: Bad file number
04-07 09:27:13.661 D/PIA (12210): Failed to open the tun interface
04-07 09:27:13.661 D/PIA (12210): Error: Cannot create interface
04-07 09:27:13.661 D/PIA (12210): On some custom ICS images the permission on /dev/tun might be wrong, or the tun module might be missing completely. For CM9 images try the fix ownership option under general settings
04-07 09:27:13.661 D/PIA (12210): P:ERROR: Cannot open TUN[/HIGH]

Here's the thing...my research shows this is related to OpenVPN and/or busybox, of which, I've updated my Busybox AND installed OpenVPN. The PIA note about /dev/tun only confuses the matter more, since I don't have a tun folder under 'dev'.

TDM/anyone... ideas? FWIW, I'm using Pacman Rom, so 4.2.2/CM10/AOKP42.

 

[tdm]

Probably don't have tun enabled. I'll check tomorrow.

 

[MrB206]

See that the thing.. How do enable/disable it? I've never seen that option, but I guess I never looked in dev settings.

 

[tdm]

See that the thing.. How do enable/disable it? I've never seen that option, but I guess I never looked in dev settings.

I mean in the kernel config...

 

[Yoinx]

See that the thing.. How do enable/disable it? I've never seen that option, but I guess I never looked in dev settings.

It probably needs to be configured to compile as a kernel module. I believe that's what TDM's talking about... is that it was never configured to be compiled. Thus, it doesn't currently exist on any of the current roms.

 

[tdm]

The kernel has tun support but it's built in, not a module.

 

[MrB206]

Odd. Wonder why it's not working?

 

[tdm]

Permissions?

 

[MrB206]

Point me in the direction and I'll try it. Not sure how to fix permissions on a kernel.

 

[Yoinx]

Anyone else using a VPN and encountering issues when trying to use the OpenVPN protocol?

I use Private Internet Access and they just released an app, but I'm encoutering an error where 'tun' isn't being properly established.

The error in question is:

[HIGH]
04-07 09:27:13.661 E/VpnJni (507): Cannot allocate TUN: Bad file number
04-07 09:27:13.661 D/PIA (12210): Failed to open the tun interface
04-07 09:27:13.661 D/PIA (12210): Error: Cannot create interface
04-07 09:27:13.661 D/PIA (12210): On some custom ICS images the permission on /dev/tun might be wrong, or the tun module might be missing completely. For CM9 images try the fix ownership option under general settings
04-07 09:27:13.661 D/PIA (12210): P:ERROR: Cannot open TUN[/HIGH]

Here's the thing...my research shows this is related to OpenVPN and/or busybox, of which, I've updated my Busybox AND installed OpenVPN. The PIA note about /dev/tun only confuses the matter more, since I don't have a tun folder under 'dev'.

TDM/anyone... ideas? FWIW, I'm using Pacman Rom, so 4.2.2/CM10/AOKP42.

Wait... you don't have /dev/tun ?

I'm running TDM's PACman Rom... and I have /dev/tun

shell@android:/dev # ls -l tun
ls -l tun
crw-r----- vpn vpn 10, 200 1970-01-25 18:40 tun

Maybe it's something on your end? /dev/tun shouldn't be a directory...

*edit*

You don't know of a source that offers free trial openvpn accounts do you? Using a free pptp account at vpnbook worked fine through the rom's VPN settings. Connected fine, let it it 15-20 secs then disconnected it... since I don't much trust free services from Romania >.>

I/Vpn ( 507): Switched from [Legacy VPN] to [Legacy VPN]

D/Vpn ( 507): setting state=IDLE, reason=prepare

D/Vpn ( 507): setting state=CONNECTING, reason=startLegacyVpn

V/LegacyVpnRunner( 507): Waiting

V/LegacyVpnRunner( 507): Executing

D/Vpn ( 507): setting state=CONNECTING, reason=execute

D/mtpd (18522): Waiting for control socket

D/WiFiText( 4252): RSSI changed

D/mtpd (18522): Received 20 arguments

I/mtpd (18522): Using protocol pptp

I/mtpd (18522): Connecting to euro1.vpnbook.com port 1723 via wlan0

D/WifiService( 507): setWifiEnabled: true pid=17620, uid=1000

D/BluetoothAdapter(17620): 1092622960: getState() : mService = null. Returning STATE_OFF

I/mtpd (18522): Connection established (socket = 11)

D/mtpd (18522): Sending SCCRQ

D/mtpd (18522): Received SCCRP -> Sending OCRQ (local = 60717)

I/mtpd (18522): Tunnel established

D/mtpd (18522): Received OCRQ (remote = 32859)

I/mtpd (18522): Session established

I/mtpd (18522): Creating PPPoX socket

I/mtpd (18522): Starting pppd (pppox = 12)

I/mtpd (18522): Pppd started (pid = 18525)

I/pppd (18525): Using PPPoX (socket = 12)

D/pppd (18525): using channel 1

I/pppd (18525): Using interface ppp0

I/pppd (18525): Connect: ppp0 <-->

I/pppd (18525): MPPE 128-bit stateless compression enabled

I/pppd (18525): local IP address 172.16.36.183

I/pppd (18525): remote IP address 172.16.36.1

I/pppd (18525): primary DNS address 195.60.76.114

I/pppd (18525): secondary DNS address 8.8.8.8

D/VpnJni ( 507): Route added on ppp0: 0.0.0.0/0

I/LegacyVpnRunner( 507): Connected!

D/Vpn ( 507): setting state=CONNECTED, reason=execute

D/Vpn ( 507): setting state=DISCONNECTED, reason=babysit

W/Netd ( 184): No subsystem found in netlink event

D/NetlinkEvent( 184): Unexpected netlink message. type=0x11

D/Vpn ( 507): setting state=DISCONNECTED, reason=exit

I/Vpn ( 507): Switched from [Legacy VPN] to [Legacy VPN]

D/Vpn ( 507): setting state=IDLE, reason=prepare

 

[MrB206]

Yea I have no problem with pptp connections, but the openvpn protocol won't work.

Yea, looked again... No tun. I'm going to see if the open vpn installer fixes it.

 

[Yoinx]

Actually, I noticed that site also gives you free openvpn connections... so I installed openvpn for android, and tried to manually configure it (they don't really give all the info you need and their config doesnt import...)

but, it looks like it's *trying* to connect and my config is just wrong.

Running on VS920 4G (vs920) Verizon, Android API 17, version 0.5.36a, official build
Building configuration&#8230;
started Socket Thread
Network Status: CONNECTED to WIFI "BoomShakalaka"
P:Initializing Google Breakpad!
P:OpenVPN 2.3.1+dspatch3 android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 1 2013
Protecting socket fd 4
P:UDP link local (bound): [AF_INET][undef]:1194
P:UDP link remote: [AF_INET]93.115.84.198:53
P:TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
P:TLS Error: TLS handshake failed
P:SIGUSR1[soft,tls-error] received, process restarting
Protecting socket fd 4
P:UDP link local (bound): [AF_INET][undef]:1194
P:UDP link remote: [AF_INET]93.115.84.198:53
P:TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
P:TLS Error: TLS handshake failed
P:SIGUSR1[soft,tls-error] received, process restarting

 

[MrB206]

K, so I found tun... It's named 1970 tun. Maybe that's the problem?

 

[Yoinx]

K, so I found tun... It's named 1970 tun. Maybe that's the problem?

If all of those are actually named like that... I would assume you should be having more problems than just tun. Try adbing in, adb shell, cd /dev, ls and see if tun is listed by the name tun. Whatever app you're using might be prefixing the file name with the creation date.


Also, you may want to drop your site's app and try the openvpn for android app. Here's a guide to configure it: https://www.privateinternetaccess.c...iguration-on-android-instead-of-pptp-ipsec/p1

 

[MrB206]

I first tried the open vpn app, but pia just released that app, so I tried it, which is where the logcat came from. I use both on my transformer, so I know it's my Spec.

So I reflashed the rom and the issue remains. I'm out of ideas.

 

[tdm]

It seems the tun device is named /dev/tun for some reason. I think it's traditionally been /dev/net/tun.

If you can drive adb and a command line, you might try this:

mkdir /dev/net
ln -s /dev/tun /dev/net/tun

 

[MrB206]

It seems the tun device is named /dev/tun for some reason. I think it's traditionally been /dev/net/tun.

If you can drive adb and a command line, you might try this:

mkdir /dev/net
ln -s /dev/tun /dev/net/tun

Is there a way to do it from the device? I can't ever get adb working on my pc

 

[tdm]

Is there a way to do it from the device? I can't ever get adb working on my pc

Sure just use a terminal. If it works I can whip up a script to put on the device or maybe submit a patch.

 

[MrB206]

Damn ... Same issue and the logcat shows the same error.

 

[Yoinx]

Finally got openvpn community installed/configured on my local network.

Works fine connecting to it using the openvpn protocol.

I/OpenVPN-ControlShell( 3359): starting
D/OpenVPN-ControlShell( 3359): trying to attach to already running daemons
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): attach(): using management port at 10452
E/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): attaching to OpenVPN daemon: failed to connect to /127.0.0.1 (port 10452): connect failed: ECONNREFUSED (Connection refused)
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): attach(): using management port at 10452
E/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): attaching to OpenVPN daemon: failed to connect to /127.0.0.1 (port 10452): connect failed: ECONNREFUSED (Connection refused)
W/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]( 3359): start(): choosing random port for management interface: 44849
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon( 3359): invoking external process: /system/bin/su
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon( 3359): invoking command line: /system/xbin/openvpn --cd '/sdcard/openvpn' --config 'phone-test.ovpn' --script-security 1 --management 127.0.0.1 44849 --management-query-passwords --verb 3
D/OpenVPN-ControlShell( 3359): onStart: null
D/OpenVPNDaemonEnabler( 3359): Received OpenVPN daemon state changed from Unknown to Startup
D/OpenVPNDaemonEnabler( 3359): Received OpenVPN daemon state changed from Unknown to Disabled
D/su ( 5225): su invoked.
D/OpenVPN-Settings( 3359): Connected to OpenVpnService
D/su ( 5228): db allowed
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Apr 3 2013
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 MANAGEMENT: TCP Socket listening on 127.0.0.1:44849
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): started
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): attach(): using management port at 44849
V/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): Successfully attached to OpenVPN monitor port
V/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): Socket IO established
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 WARNING: file '/sdcard/openvpn/phone-test.key' is group or others accessible
D/OpenVPNDaemonEnabler( 3359): Received OpenVPN daemon state changed from Unknown to Enabled
D/OpenVPNDaemonEnabler( 3359): Received OpenVPN network state changed from Unknown to Connecting
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 LZO compression initialized
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 Socket Buffers: R=[110592->131072] S=[110592->131072]
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 Local Options hash (VER=V4): '41690919'
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 Expected Remote Options hash (VER=V4): '530fdded'
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 UDPv4 link local: [undef]
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 UDPv4 link remote: 192.168.1.6:1194
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 MANAGEMENT: Client connected from 127.0.0.1:44849
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 MANAGEMENT: CMD 'state'
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
V/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): onState("1365512462,WAIT,,,")
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 MANAGEMENT: CMD 'state on'
D/OpenVPN-Settings-getprop( 3359): invoking external process: /system/bin/sh
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-daemon-stdout( 3359): Tue Apr 9 09:01:02 2013 MANAGEMENT: CMD 'bytecount 0'
D/OpenVPN-Settings-getprop( 3359): invoking command line: getprop net.dnschange
D/OpenVPN-Settings-getprop-stdout( 3359): 11
I/OpenVPN-Settings-getprop-stdout( 3359): terminated
I/OpenVPN-Settings-getprop-stderr( 3359): terminated
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): =============> 0 == 11 resetting dns, leaving dns alone
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): SUCCESS: real-time state notification set to ON
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/phone-test.ovpn]-mgmt( 3359): SUCCESS: bytecount interval changed
D/OpenVPNDaemonEnabler( 3359): Received OpenVPN network state changed from Connecting to Wait

If your service is providing you with a ca,csr,key, and ovpn file by any chance... try using

OpenVPN Installer to ensure it's installed correctly

OpenVPN Settings

In the settings app you just tell it the folder where you placed your keys/config files (/sdcard/openvpn) then you can just tap to turn openvpn on and tap to connect your vpn.

Like I said, worked fine locally so I still can't believe it's a ROM issue.

 

[MrB206]

Way ahead of ya, man. I used the installed the check app BEFORE I even tried the PIA app, because i tried the OpenVPN app he made with the crt certs and it wasn't working.

Oddly, the 'settings' app will let me connect. So the standalone apps don't work, but this one does. Very odd.

 

[Yoinx]

The openvpn app isn't using tun either (at least not directly). It's using the openvpn binary in xbin.

I'd blame the other apps for how they're attempting to connect rather than the rom.


Either way, at least it's kinda working for you now.

 

[MrB206]

Oh I agree. At this point, I think the apps are to blame.

So that makes me wonder... is using the binary directly, rather than tun, any less secure? It's certainly faster.