Droidwall blockt OpenVPN

  • 2 Antworten
  • Neuster Beitrag
rokkdroid

rokkdroid

Neues Mitglied
Threadstarter
Moin,

Auf meinem SGS2 läuft OpenVPN mit einem Tunnel zu meinem Router wunderbar im WiFi-Modus.
Bei einem Wechsel ins mobile Netz blockt Droidwall anscheinend den Port für das UDP.
Deaktiviere ich Droidwall, baut sich der Tunnel auch im mobilen Netzmodus auf.

Wie muss ich meine 'White List' ändern, damit OpenVPN durchkommt?
Oder liegt das Problem woanders?

Hier die .log des Android Klienten:

Code:
Mon Apr  9 20:15:46 2012 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb  2 2010
Mon Apr  9 20:15:46 2012 MANAGEMENT: TCP Socket listening on 127.0.0.1:14714
Mon Apr  9 20:15:46 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Apr  9 20:15:46 2012 WARNING: file 'client.key' is group or others accessible
Mon Apr  9 20:15:46 2012 WARNING: file 'ta.key' is group or others accessible
Mon Apr  9 20:15:46 2012 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon Apr  9 20:15:46 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr  9 20:15:46 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr  9 20:15:46 2012 LZO compression initialized
Mon Apr  9 20:15:46 2012 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Apr  9 20:15:48 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Apr  9 20:15:48 2012 Local Options hash (VER=V4): '272f1b58'
Mon Apr  9 20:15:48 2012 Expected Remote Options hash (VER=V4): 'a2e63101'
Mon Apr  9 20:15:48 2012 Socket Buffers: R=[110592->131072] S=[110592->131072]
Mon Apr  9 20:15:48 2012 UDPv4 link local: [undef]
Mon Apr  9 20:15:48 2012 UDPv4 link remote: xx.xxx.xxx.xxx:1194
Mon Apr  9 20:15:48 2012 MANAGEMENT: Client connected from 127.0.0.1:14714
Mon Apr  9 20:15:48 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
Mon Apr  9 20:15:48 2012 MANAGEMENT: CMD 'state'
Mon Apr  9 20:15:48 2012 MANAGEMENT: CMD 'state on'
Mon Apr  9 20:15:48 2012 MANAGEMENT: CMD 'bytecount 0'
Mon Apr  9 20:15:50 2012 [B]write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)[/B]
Mon Apr  9 20:15:53 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
Mon Apr  9 20:15:55 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
Mon Apr  9 20:15:58 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
Mon Apr  9 20:16:00 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
Mon Apr  9 20:16:02 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
Mon Apr  9 20:16:04 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
Mon Apr  9 20:16:06 2012 write UDPv4 [ECONNREFUSED]: Operation not permitted (code=1)
Mon Apr  9 20:16:06 2012 MANAGEMENT: CMD 'signal SIGTERM'
Mon Apr  9 20:16:06 2012 TCP/UDP: Closing socket
Mon Apr  9 20:16:06 2012 SIGTERM[hard,] received, process exiting
Mon Apr  9 20:16:06 2012 MANAGEMENT: >STATE:1333995366,EXITING,SIGTERM,,
Bei deaktivierter Firewall im Android sieht die .log so aus:

Code:
Mon Apr  9 22:14:55 2012 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb  2 2010
Mon Apr  9 22:14:55 2012 MANAGEMENT: TCP Socket listening on 127.0.0.1:24655
Mon Apr  9 22:14:55 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Apr  9 22:14:55 2012 WARNING: file 'client.key' is group or others accessible
Mon Apr  9 22:14:55 2012 WARNING: file 'ta.key' is group or others accessible
Mon Apr  9 22:14:55 2012 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon Apr  9 22:14:55 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr  9 22:14:55 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr  9 22:14:55 2012 LZO compression initialized
Mon Apr  9 22:14:55 2012 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Apr  9 22:14:56 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Apr  9 22:14:56 2012 Local Options hash (VER=V4): '272f1b58'
Mon Apr  9 22:14:56 2012 Expected Remote Options hash (VER=V4): 'a2e63101'
Mon Apr  9 22:14:56 2012 Socket Buffers: R=[110592->131072] S=[110592->131072]
Mon Apr  9 22:14:56 2012 UDPv4 link local: [undef]
Mon Apr  9 22:14:56 2012 UDPv4 link remote: xx.xxx.xxx.xxx:1194
Mon Apr  9 22:14:56 2012 MANAGEMENT: Client connected from 127.0.0.1:24655
Mon Apr  9 22:14:56 2012 MANAGEMENT: CMD 'state'
Mon Apr  9 22:14:56 2012 MANAGEMENT: CMD 'state on'
Mon Apr  9 22:14:56 2012 MANAGEMENT: CMD 'bytecount 0'
Mon Apr  9 22:14:56 2012 MANAGEMENT: >STATE:1334002496,AUTH,,,
Mon Apr  9 22:14:56 2012 TLS: Initial packet from xx.xxx.xxx.xxx:1194, sid=287fa518 c36d4f58
Mon Apr  9 22:14:56 2012 MANAGEMENT: CMD 'bytecount 0'
Mon Apr  9 22:14:57 2012 VERIFY OK: depth=1, /C=DE/ST=HH/L=H/O=OpenVPN/OU=changeme/CN=WB/name=changeme/emailAddress=xxx
Mon Apr  9 22:14:57 2012 VERIFY OK: nsCertType=SERVER
Mon Apr  9 22:14:57 2012 VERIFY OK: depth=0, /C=DE/ST=HH/L=H/O=WBO/OU=changeme/CN=server/name=changeme/emailAddress=xxx
Mon Apr  9 22:14:58 2012 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Apr  9 22:14:58 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr  9 22:14:58 2012 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Apr  9 22:14:58 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr  9 22:14:58 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Apr  9 22:14:58 2012 [server] Peer Connection Initiated with 87.174.218.193:1194
Mon Apr  9 22:14:59 2012 MANAGEMENT: >STATE:1334002499,GET_CONFIG,,,
Mon Apr  9 22:14:59 2012 MANAGEMENT: CMD 'bytecount 0'
Mon Apr  9 22:15:00 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Apr  9 22:15:00 2012 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,dhcp-option DNS 192.168.0.100,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
Mon Apr  9 22:15:00 2012 OPTIONS IMPORT: timers and/or timeouts modified
Mon Apr  9 22:15:00 2012 OPTIONS IMPORT: --ifconfig/up options modified
Mon Apr  9 22:15:00 2012 OPTIONS IMPORT: route options modified
Mon Apr  9 22:15:00 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Apr  9 22:15:00 2012 ROUTE default_gateway=10.168.250.1
Mon Apr  9 22:15:00 2012 TUN/TAP device tun0 opened
Mon Apr  9 22:15:00 2012 TUN/TAP TX queue length set to 100
Mon Apr  9 22:15:00 2012 MANAGEMENT: >STATE:1334002500,ASSIGN_IP,,10.8.0.6,
Mon Apr  9 22:15:00 2012 /system/xbin/bb/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Mon Apr  9 22:15:00 2012 MANAGEMENT: >STATE:1334002500,ADD_ROUTES,,,
Mon Apr  9 22:15:00 2012 /system/xbin/bb/route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.8.0.5
Mon Apr  9 22:15:00 2012 /system/xbin/bb/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Mon Apr  9 22:15:00 2012 Initialization Sequence Completed
Mon Apr  9 22:15:00 2012 MANAGEMENT: >STATE:1334002500,CONNECTED,SUCCESS,10.8.0.6,xx.xxx.xxx.xxx
Mon Apr  9 22:15:00 2012 MANAGEMENT: CMD 'bytecount 0'
Mon Apr  9 22:15:00 2012 MANAGEMENT: CMD 'bytecount 0'
Mon Apr  9 22:15:00 2012 MANAGEMENT: CMD 'bytecount 3'
Mon Apr  9 22:15:30 2012 MANAGEMENT: CMD 'signal SIGTERM'
Mon Apr  9 22:15:30 2012 TCP/UDP: Closing socket
Mon Apr  9 22:15:30 2012 /system/xbin/bb/route del -net 10.8.0.1 netmask 255.255.255.255
Mon Apr  9 22:15:30 2012 /system/xbin/bb/route del -net 192.168.0.0 netmask 255.255.255.0
Mon Apr  9 22:15:30 2012 Closing TUN/TAP interface
Mon Apr  9 22:15:30 2012 /system/xbin/bb/ifconfig tun0 0.0.0.0
Mon Apr  9 22:15:30 2012 SIGTERM[hard,] received, process exiting
Mon Apr  9 22:15:30 2012 MANAGEMENT: >STATE:1334002530,EXITING,SIGTERM,,

Gruß
rokk
 
Zuletzt bearbeitet:
A

android sgs2

Gast
Hast du das schon mit der Menütaste versucht? :lol:
 
rokkdroid

rokkdroid

Neues Mitglied
Threadstarter
android sgs2 schrieb:
Hast du das schon mit der Menütaste versucht? :lol:
Wie man Droidwall bedient weiß ich, aber danke.

Nach Aktivierung der Root Apps für 3G in der White list funktioniert es.
 
Oben Unten