1. You want that $100.00 in your pocket or an Amazon Fire TV don't you? Well here's the deal. With our new updated look we are in desperate need of an updated logo. The 'old' one has certainly served us well, but it's time. Find all the details here: bit.ly/1q0k6Wa
  2. DroidForums.net is currently undergoing a major software upgrade. If you are experiencing any problems logging in please: Contact Us

Got OpenVPN Running on 2.1!!!

Discussion in 'Android Hacks and Help' started by prochobo, Dec 23, 2009.

  1. prochobo
    Offline

    prochobo New Member

    Joined:
    Dec 19, 2009
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    0
    Got OpenVPN Running on 2.1!!! (How-To)

    Finally got it figured out :icon_ banana::icon_ banana::icon_ banana:! Must have busybox installed if you want to use cp (and possibly ln). All commands below assume you have root access.

    First, get TunnelDroid from the market place. Then, copy your client OpenVPN files to the openvpn directory on your SD card. This includes your client cert, client key, server ca.crt, and client .ovpn config file.

    Now this is where you've gotta do some work. The Droid does not have the tun.ko module needed to create the VPN tunnel. Get it from here (just download the tun.ko):

    get-a-robot-vpnc - Project Hosting on Google Code

    Then remount your file system to r/w and copy the tun.ko module to your /system/lib/modules directory

    Code:
    su
    mount -o remount,rw /dev/block/mtdblock4 /system 
    cp /sdcard/tun.ko /system/lib/modules/tun.ko
    Then grab the OpenVPN binaries from here (zipped, at the bottom of the list):
    Browse TunnelDroid Files on SourceForge.net

    Now follow these instructions:

    Code:
    Step 1 - Take back and secure externally - optional, but always a good idea.
    
    Step 2 - Make a backup of the original files, you never know...
    > adb shell remount
    > adb shell
    # cd /system/lib
    # cp libcrypto.so libcrypto-orig.so
    # cp libssl.so libssl-orig.so
    # exit
    
    Step 3 - Perform the following text commands at a command prompt
    From the unzipped fries download find all the files (should be 5 in total) and do
    > adb shell remount
    > adb push libcrypto.so /system/lib/
    > adb push liblzo.so /system/lib/
    > adb push libssl.so /system/lib/
    > adb push openvpn /system/bin/
    
    Then reboot the phone
    
    Make sure you have a kernel with the tun device installed and loaded.
    You can either use the sdk and use adb, or you can use "cp" from a terminal on your phone.

    One addition to the procedure directly above is that I had to change the permissions on the openvpn binary:

    Code:
    chmod 755 /system/bin/openvpn
    Then, load the tun.ko module:

    Code:
    insmod /system/lib/modules/tun.ko
    Now, in this version of TunnelDroid at the time of this post, it looks to /system/xbin for the "ifconfig" and "route" binaries. Since the Droid doesn't have these binaries in the /system/xbin folder, you can make sym links:

    Code:
    cd /system/xbin
    ln -s /system/bin/ifconfig ifconfig
    ln -s /system/bin/route route
    Now you should be able to open TunnelDroid, see your .ovpn client config file, and connect!!!

    Works over wifi and 3G.

    [​IMG]
    Last edited: Dec 23, 2009
  2. mudtoe
    Offline

    mudtoe New Member

    Joined:
    Dec 21, 2009
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    Wow, that's great! I'm using PPTP right now, and it kind of stinks. I'm going to have to upgrade to 2.1 from 2.0.1 first though. One question, is there some way to backup the entire phone (i.e. take an image backup) before trying all this, so that if I brick it, I have a way back?

    mudtoe
  3. hughesjr
    Offline

    hughesjr New Member

    Joined:
    Dec 11, 2009
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    0
    The openvpn procedure here also works on android 2.0.1 as well, so you are not forced to upgrade.
  4. mudtoe
    Offline

    mudtoe New Member

    Joined:
    Dec 21, 2009
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    I'm going through the procedure now, but I wanted to find out if I have to use a routed connection versus a bridged one because the device created was called "tun". Also, if that's the case, is the version of OpenVPN that goes with this one of the older ones where you have to use all those alias subnets in order to get a routed VPN?

    mudtoe


    Edit: Looks like the version is 2.1 rc15, which has the topology routing feature in it, so no messing with extra subnets :) . I got the software installed on the phone and I ran a test where I just keyed in "openvpn --mktun --dev tap0" and that worked as well (response was that tap0 device was created and opened), so it appears that the tun.so driver also can do an ethernet bridging VPN as well as a routed VPN ("openvpn --mktun --dev tun0" worked too). That's good as I use a bridged VPN to connect my laptop to my home office network, and I had originally thought that the driver would only allow a routed VPN device to be created. I haven't created a full config file yet or done the work to create a new set of encryption keys for the droid, but that's on the list for today.
    Last edited: Jan 4, 2010
  5. mudtoe
    Offline

    mudtoe New Member

    Joined:
    Dec 21, 2009
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    I was able to get a tap connection active, but I can't ping or transfer any data across it. I'm not sure what's wrong, as I didn't change the server side at all, and I used a .ovpn configuration file from my laptop as the model for the droid, and just took out the windows specific stuff. I'm curious if the people who have this working have it working in bridging mode (tap) or tunnel mode (tun)?

    I'm starting the process of creating a tunnel mode connection on my OpenVPN server so that I can try that.

    mudtoe
  6. mudtoe
    Offline

    mudtoe New Member

    Joined:
    Dec 21, 2009
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    Update: It looks like the issue is that the ifconfig command doesn't work from within openvpn on the droid, either in tap or tun mode. I checked and the symlink is set in /system/xbin. The tap or tun device always ends up with an invalid IP address which consists of the correct subnet with a 255 suffix (e.g. should be 192.168.5.10 and ends up 192.168.5.255). If I manually create the tap or tun device first via "openvpn --mktun -dev tap5", followed by manually keying "ifconfig tap5 192.168.5.10 netmask 255.255.255.0" in a rooted terminal session, and then setting "ifconfig-noexec" in the openvpn config file I can get it to work in either tap or tun mode. I have no idea why ifconfig directive inside openvpn isn't working right.
  7. LillieBennett
    Offline

    LillieBennett New Member

    Joined:
    Apr 22, 2010
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    0
    VPN PPTP encrypted

    The native setting in Droid will connect but the tunnel won't work. I'm trying openvpn to see if it will connect to a plain vanilla pptp encrypted windows vpn server.

    This is probably very stupid but where does one get the client config files ("Then, copy your client OpenVPN files to the openvpn directory on your SD card. This includes your client cert, client key, server ca.crt, and client .ovpn config file.")?

    Hopefully, I'll be able to figure out how to edit them:)
  8. gavron
    Offline

    gavron New Member

    Joined:
    Jan 29, 2010
    Messages:
    555
    Likes Received:
    0
    Trophy Points:
    0
    SG6.0 vpn works with PPTP out of the box.

    E
  9. adrynalyne
    Offline

    adrynalyne Premium Member Premium Member Developer

    Joined:
    Dec 21, 2009
    Messages:
    2,896
    Likes Received:
    4
    Trophy Points:
    0
    my rom has tun.ko built in natively :D
  10. Chris.Nelson
    Offline

    Chris.Nelson New Member

    Joined:
    Dec 29, 2009
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Clifton Park, NY
    I know I've got my stoopid hat on today but how do I get a console window to enter the cp, etc. commands?
  11. Chris.Nelson
    Offline

    Chris.Nelson New Member

    Joined:
    Dec 29, 2009
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Clifton Park, NY
    OK. I got my stoopid hat off and got a console app. When I try to insmod tun.ko, I get an "Exec format error." I'm guess it was build for a different phone? I have an original Motorola Droid with Android 2.2. Is there a tun.ko for that?
  12. Artimis
    Offline

    Artimis New Member

    Joined:
    Dec 11, 2009
    Messages:
    206
    Likes Received:
    0
    Trophy Points:
    0
    tun.ko for the stock kernel (2.2) can be obtained from here: http://www.saturnwiki.net/droid_tun_driver/2.6.32.9/tun.ko


    If you are not running a the stock kernel, you will need a tun module compiled for that kernel from the kernel dev unless they have built tit into the kernel already which a lot do (and in which case, you don't need to call insmod).
  13. Chris.Nelson
    Offline

    Chris.Nelson New Member

    Joined:
    Dec 29, 2009
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Clifton Park, NY
    As far as I can tell, I have a stock kernel. I unlocked and rooted my phone but didn't replace the kernel (did I? It's been a while.).

    `uname -a` says "Linux localhost 2.6.32.9-g874c292 #1 PREMPT Thu Jul 22 18:48:25 PDT 2010 arm71 GNU/Linux". I've tried tun.ko and tun_alt.ko from saturnwiki with the same results. And I don't understand why Linux on my phone is so finicky when I can often load kernel modules from different builds of the same kernel version on my desktop.
  14. Artimis
    Offline

    Artimis New Member

    Joined:
    Dec 11, 2009
    Messages:
    206
    Likes Received:
    0
    Trophy Points:
    0
    Hmmm....the only things I can think of to help troubleshoot are:

    1) are permissions for tun.ko correct?
    2) Did you su first?
    3) what happens when you try "modprobe tun"?
  15. Chris.Nelson
    Offline

    Chris.Nelson New Member

    Joined:
    Dec 29, 2009
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Clifton Park, NY
    (First, I note that this thread is abut 2.1 and I'm running 2.2 so that may be part of my problem.)

    I never set them explicitly. I don't know what they should be. I just checked and it's set to 075.

    But the error I'm getting is "Exec format error" which suggests to me that insmod can read the module fine but that the module isn't right somehow.

    Yes.

    "No such file or directory"
  16. Chris.Nelson
    Offline

    Chris.Nelson New Member

    Joined:
    Dec 29, 2009
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Clifton Park, NY
Search tags for this page
android openvpn package files download
,
dowlod libssl.so for android 2.1
,
insmod tun.ko exec format error
,

openvpn android 2.1

,
openvpn client for android 2.1
,
openvpn config files how to get vpn provider galaxy s3
,
openvpn connect android 2.1
,
openvpn connect motorola droid x2
,
openvpn for android 2.1
,
ovpn android 2.1
,
ovpn045.ovpn
,
ovpn045.ovpn android
,
ovpn045.ovpn for android
,
premium hack .ovpn
,
su -c chmod 555 /system/bin/openvpn