1. Möchtest Du unser Team im Android OS-Bereich unterstützen? Details dazu findest du hier!
  2. Nimm jetzt an unserem Uhans - 3. ADVENT - Gewinnspiel teil - Alle Informationen findest Du hier!

Droidwall blockt OpenVPN

Dieses Thema im Forum "Android Allgemein" wurde erstellt von rokkdroid, 09.04.2012.

  1. rokkdroid, 09.04.2012 #1
    rokkdroid

    rokkdroid Threadstarter Junior Mitglied

    Beiträge:
    33
    Erhaltene Danke:
    0
    Registriert seit:
    11.10.2011
    Moin,

    Auf meinem SGS2 läuft OpenVPN mit einem Tunnel zu meinem Router wunderbar im WiFi-Modus.
    Bei einem Wechsel ins mobile Netz blockt Droidwall anscheinend den Port für das UDP.
    Deaktiviere ich Droidwall, baut sich der Tunnel auch im mobilen Netzmodus auf.

    Wie muss ich meine 'White List' ändern, damit OpenVPN durchkommt?
    Oder liegt das Problem woanders?

    Hier die .log des Android Klienten:

    Code:
    Mon Apr  9 20:15:46 2012 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb  2 2010
    Mon Apr  9 20:15:46 2012 MANAGEMENT: TCP Socket listening on 127.0.0.1:14714
    Mon Apr  9 20:15:46 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Mon Apr  9 20:15:46 2012 WARNING: file 'client.key' is group or others accessible
    Mon Apr  9 20:15:46 2012 WARNING: file 'ta.key' is group or others accessible
    Mon Apr  9 20:15:46 2012 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
    Mon Apr  9 20:15:46 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Apr  9 20:15:46 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Apr  9 20:15:46 2012 LZO compression initialized
    Mon Apr  9 20:15:46 2012 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Mon Apr  9 20:15:48 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
    Mon Apr  9 20:15:48 2012 Local Options hash (VER=V4): '272f1b58'
    Mon Apr  9 20:15:48 2012 Expected Remote Options hash (VER=V4): 'a2e63101'
    Mon Apr  9 20:15:48 2012 Socket Buffers: R=[110592->131072] S=[110592->131072]
    Mon Apr  9 20:15:48 2012 UDPv4 link local: [undef]
    Mon Apr  9 20:15:48 2012 UDPv4 link remote: xx.xxx.xxx.xxx:1194
    Mon Apr  9 20:15:48 2012 MANAGEMENT: Client connected from 127.0.0.1:14714
    Mon Apr  9 20:15:48 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
    Mon Apr  9 20:15:48 2012 MANAGEMENT: CMD 'state'
    Mon Apr  9 20:15:48 2012 MANAGEMENT: CMD 'state on'
    Mon Apr  9 20:15:48 2012 MANAGEMENT: CMD 'bytecount 0'
    Mon Apr  9 20:15:50 2012 [B]write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)[/B]
    Mon Apr  9 20:15:53 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
    Mon Apr  9 20:15:55 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
    Mon Apr  9 20:15:58 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
    Mon Apr  9 20:16:00 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
    Mon Apr  9 20:16:02 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
    Mon Apr  9 20:16:04 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
    Mon Apr  9 20:16:06 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
    Mon Apr  9 20:16:06 2012 MANAGEMENT: CMD 'signal SIGTERM'
    Mon Apr  9 20:16:06 2012 TCP/UDP: Closing socket
    Mon Apr  9 20:16:06 2012 SIGTERM[hard,] received, process exiting
    Mon Apr  9 20:16:06 2012 MANAGEMENT: >STATE:1333995366,EXITING,SIGTERM,,
    Bei deaktivierter Firewall im Android sieht die .log so aus:

    Code:
    Mon Apr  9 22:14:55 2012 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb  2 2010
    Mon Apr  9 22:14:55 2012 MANAGEMENT: TCP Socket listening on 127.0.0.1:24655
    Mon Apr  9 22:14:55 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Mon Apr  9 22:14:55 2012 WARNING: file 'client.key' is group or others accessible
    Mon Apr  9 22:14:55 2012 WARNING: file 'ta.key' is group or others accessible
    Mon Apr  9 22:14:55 2012 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
    Mon Apr  9 22:14:55 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Apr  9 22:14:55 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Apr  9 22:14:55 2012 LZO compression initialized
    Mon Apr  9 22:14:55 2012 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Mon Apr  9 22:14:56 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
    Mon Apr  9 22:14:56 2012 Local Options hash (VER=V4): '272f1b58'
    Mon Apr  9 22:14:56 2012 Expected Remote Options hash (VER=V4): 'a2e63101'
    Mon Apr  9 22:14:56 2012 Socket Buffers: R=[110592->131072] S=[110592->131072]
    Mon Apr  9 22:14:56 2012 UDPv4 link local: [undef]
    Mon Apr  9 22:14:56 2012 UDPv4 link remote: xx.xxx.xxx.xxx:1194
    Mon Apr  9 22:14:56 2012 MANAGEMENT: Client connected from 127.0.0.1:24655
    Mon Apr  9 22:14:56 2012 MANAGEMENT: CMD 'state'
    Mon Apr  9 22:14:56 2012 MANAGEMENT: CMD 'state on'
    Mon Apr  9 22:14:56 2012 MANAGEMENT: CMD 'bytecount 0'
    Mon Apr  9 22:14:56 2012 MANAGEMENT: >STATE:1334002496,AUTH,,,
    Mon Apr  9 22:14:56 2012 TLS: Initial packet from xx.xxx.xxx.xxx:1194, sid=287fa518 c36d4f58
    Mon Apr  9 22:14:56 2012 MANAGEMENT: CMD 'bytecount 0'
    Mon Apr  9 22:14:57 2012 VERIFY OK: depth=1, /C=DE/ST=HH/L=H/O=OpenVPN/OU=changeme/CN=WB/name=changeme/emailAddress=xxx
    Mon Apr  9 22:14:57 2012 VERIFY OK: nsCertType=SERVER
    Mon Apr  9 22:14:57 2012 VERIFY OK: depth=0, /C=DE/ST=HH/L=H/O=WBO/OU=changeme/CN=server/name=changeme/emailAddress=xxx
    Mon Apr  9 22:14:58 2012 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Mon Apr  9 22:14:58 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Apr  9 22:14:58 2012 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Mon Apr  9 22:14:58 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Apr  9 22:14:58 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Mon Apr  9 22:14:58 2012 [server] Peer Connection Initiated with 87.174.218.193:1194
    Mon Apr  9 22:14:59 2012 MANAGEMENT: >STATE:1334002499,GET_CONFIG,,,
    Mon Apr  9 22:14:59 2012 MANAGEMENT: CMD 'bytecount 0'
    Mon Apr  9 22:15:00 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    Mon Apr  9 22:15:00 2012 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,dhcp-option DNS 192.168.0.100,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
    Mon Apr  9 22:15:00 2012 OPTIONS IMPORT: timers and/or timeouts modified
    Mon Apr  9 22:15:00 2012 OPTIONS IMPORT: --ifconfig/up options modified
    Mon Apr  9 22:15:00 2012 OPTIONS IMPORT: route options modified
    Mon Apr  9 22:15:00 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Mon Apr  9 22:15:00 2012 ROUTE default_gateway=10.168.250.1
    Mon Apr  9 22:15:00 2012 TUN/TAP device tun0 opened
    Mon Apr  9 22:15:00 2012 TUN/TAP TX queue length set to 100
    Mon Apr  9 22:15:00 2012 MANAGEMENT: >STATE:1334002500,ASSIGN_IP,,10.8.0.6,
    Mon Apr  9 22:15:00 2012 /system/xbin/bb/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
    Mon Apr  9 22:15:00 2012 MANAGEMENT: >STATE:1334002500,ADD_ROUTES,,,
    Mon Apr  9 22:15:00 2012 /system/xbin/bb/route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.8.0.5
    Mon Apr  9 22:15:00 2012 /system/xbin/bb/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
    Mon Apr  9 22:15:00 2012 Initialization Sequence Completed
    Mon Apr  9 22:15:00 2012 MANAGEMENT: >STATE:1334002500,CONNECTED,SUCCESS,10.8.0.6,xx.xxx.xxx.xxx
    Mon Apr  9 22:15:00 2012 MANAGEMENT: CMD 'bytecount 0'
    Mon Apr  9 22:15:00 2012 MANAGEMENT: CMD 'bytecount 0'
    Mon Apr  9 22:15:00 2012 MANAGEMENT: CMD 'bytecount 3'
    Mon Apr  9 22:15:30 2012 MANAGEMENT: CMD 'signal SIGTERM'
    Mon Apr  9 22:15:30 2012 TCP/UDP: Closing socket
    Mon Apr  9 22:15:30 2012 /system/xbin/bb/route del -net 10.8.0.1 netmask 255.255.255.255
    Mon Apr  9 22:15:30 2012 /system/xbin/bb/route del -net 192.168.0.0 netmask 255.255.255.0
    Mon Apr  9 22:15:30 2012 Closing TUN/TAP interface
    Mon Apr  9 22:15:30 2012 /system/xbin/bb/ifconfig tun0 0.0.0.0
    Mon Apr  9 22:15:30 2012 SIGTERM[hard,] received, process exiting
    Mon Apr  9 22:15:30 2012 MANAGEMENT: >STATE:1334002530,EXITING,SIGTERM,,

    Gruß
    rokk
     
    Zuletzt bearbeitet: 09.04.2012
  2. android sgs2, 09.04.2012 #2
    android sgs2

    android sgs2 Gast

    Hast du das schon mit der Menütaste versucht? :lol:
     
  3. rokkdroid, 09.04.2012 #3
    rokkdroid

    rokkdroid Threadstarter Junior Mitglied

    Beiträge:
    33
    Erhaltene Danke:
    0
    Registriert seit:
    11.10.2011
    Wie man Droidwall bedient weiß ich, aber danke.

    Nach Aktivierung der Root Apps für 3G in der White list funktioniert es.
     

Diese Seite empfehlen

Besucher kamen mit folgenden Begriffen auf unsere Seite:

  1. write udp operation not permitted (code=1)