InactiveUser 188 Posted ... ATTENTION: This tutorial is out of date, incomplete and deprecated. A new and improved version of this tutorial can be found here: https://airvpn.org/topic/24349-how-to-airvpn-via-sslstunnel-on-android-678/ This thread is only kept online for historical reference. Goal and obstaclesWe want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. On Android, a few obstacles have to be worked around:a. there is no AirVPN Eddie client for Android.Solution: We will use OpenVPN and stunnel directly.b. there is no stunnel app in any Android appstore.Solution: we will download the stunnel Android binary (provided by the stunnel project itself) and run it from the commandline.c. Android does not allow us to execute any programs from the sdcard.Solution: we will move stunnel to a special location (owned by the Terminal app), which will allow the Terminal app to execute stunnel.d. stunnel wants to write to /tmp/, but there's no /tmp/ on Android.Solution: we will modify the .ssl config file to change the pidfile location to a writable directory.Software RequirementsAndroid 4.0 or newer (device does not have to be rooted)stunnel compiled for Android (FOSS), via project websiteOpenVPN for Android (FOSS), via F-Droid or Play StoreJack Palevich's Terminal Emulator for Android (FOSS), via F-Droid or Play Storea separate computer to download/edit the necessary config files and binaries (entirely optional, but easier than doing everything on the Android device itself)Setup instructions1. Generate config files with AirVPN's config generatorchoose Linuxpick one single server of your choice. I will use Nunki for this tutorial!for Connection Mode, choose SSL Tunnel, port 443 (visible after enabling Advanced Mode)enable Resolved hosts in .ovpn fileleave all the other settings at their default valuesdownload and unzip the generated zip filethis should result in an AirVPN folder, containing three files2. Open the ssl config file (AirVPN_GB-Manchester_Nunki_SSL-443.ssl) in a text editor.Find the line: pid = /tmp/stunnel4.pidChange it to: pid = /data/data/jackpal.androidterm/app_HOME/stunnel4.pidSave and close the file. 3. In a text editor, create a new file with the following contents: #!/system/bin/shcd /data/data/jackpal.androidterm/app_HOME./stunnel AirVPN_GB-Manchester_Nunki_SSL-443.sslSave it to a file named nunki (no file extension).Put the file into the AirVPN folder, next to our other config files.4. Download and unzip stunnel for Android from the stunnel website (stunnel-X.XX-android.zip)Put the stunnel file (only the file, not the folder) into the AirVPN folder.5. Make sure your AirVPN folder now contains the following files: AirVPN_GB-Manchester_Nunki_SSL-443.ovpnAirVPN_GB-Manchester_Nunki_SSL-443.sslnunkistunnelstunnel.crt6. Copy the whole AirVPN folder to your Android's SD card.The path should be: /sdcard/AirVPN/7. Install OpenVPN for Android via F-Droid or Play Store and import the .ovpn config file located at /sdcard/AirVPN/AirVPN_GB-Manchester_Nunki_SSL-443.ovpnDon't try to connect just yet.8. Install Terminal Emulator for Android, via F-Droid or Play Store9. Open Terminal Emulator and successively run the following commands: cdThe simple cd command should take you to the app's home directory (/data/data/jackpal.androidterm/app_HOME).This is where we need to put our config files and the stunnel binary. Let's move them over by running: mv /sdcard/AirVPN/* .It's important to type every character correctly (commandline is case sensitive); the "*" is a wildcard expanding to all files in the AirVPN folder, and the "." is a placeholder for the current directory /data/data/jackpal.androidterm/app_HOME. Typing commands on Android is a big pain, so I try to keep them as short as possible!Finally, we need to modify permissions for the binary and the script, allowing us to execute them: chmod 555 stunnel nunkiWe should be ready to go!Usage instructionsI. Open Terminal Emulator and run the following two commands: cd ./nunkiA log message should appear: Configuration successfulGreat! Keep the Terminal app running, but use the Home button to get out.II. Open OpenVPN for Android and connect to the profile AirVPN_GB_Manchester_Nunki_SSL-443Unless something went wrong, you should get Initialization Sequence Completed - great!I recommend performing the usual leak tests and perhaps diving into OpenVPN's profile settings before relying on your configuration to work as you expect it to.III. To disconnect:Disconnect VPN in OpenVPNopen Terminal Emulator, press VOLUME_DOWN + C to kill stunnelpress the X button to close the terminal sessionIV. If stunnel isn't shutdown properly, you may see an error if you try to run stunnel again: [!] Error binding service [openvpn] to 127.0.0.1:1413[!] bind: Address already in use (98)[ ] Closing service [openvpn][ ] Service [openvpn] closedThis means stunnel is still running in the background. You can kill it by running: killall stunnelFootnotesI successfully followed my own tutorial using: CyanogenMod 12.1 nightly (≈ Android 5.1)stunnel 5.23OpenVPN for Android 0.6.35 (F-Droid)Terminal Emulator 1.0.70 (F-Droid)Testers welcome, especially if you're using different Android and software versions.Credits:Kevin Boone for the clever binary execution workaround. 9 rainmakerraw, skink68, eyes878 and 6 others reacted to this Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
eyes878 43 Posted ... Thank you very much for this. I've been wanting to find some way of bypassing OpenVPN blocks on Android for a while. EDIT: Everything seems to have worked, I'm posting this through the SSL tunnel right now. Quote Share this post Link to post
Zaroad 26 Posted ... Hi, after ./nunki I got /system/bin/sh: nunki: not found Ideas? nunki has 555 permission And it's ridiculous slow: 0.3 Mbps 1 hugomueller reacted to this Quote Share this post Link to post
InactiveUser 188 Posted ... @Zaroad: before running "./nunki", did you run "cd" to jump into Terminals home directory? That's where all the stunnel files should be.After running "cd", the command "pwd" (print working directory) should output this path: /data/data/jackpal.androidterm/app_HOMEnunki and all the other stunnel-related files shoud be in there, you can check with the "ls" command. Speed issue: I've noticed slow speeds as well, not as terrible as yours, but a very noticeable decrease. Try a server closest to you, but I think there might be something else going on: stunnel does not tax my phone's CPU much at all. Considering that you can easily get 50Mbit/s stunnel+OpenVPN throughput on an AC68 router, there must be some optimization problem with stunnel's Android build.I'll try to look into it on Sunday. Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
eyes878 43 Posted ... On my 75mbps line at home, I was able to achieve 1.6-2.0MB/s (12-20mbps~). I can rarely get above this speed when using raw OpenVPN on TCP. I have the Google Nexus 6 on Android 5.1.1. Quote Share this post Link to post
maxiel 1 Posted ... Gents, I've installed all programs and copied over all files as the instruction above. However, I am using the Samsung Galaxy S6 (Edge) which does not have an SD card slot.Would it be possible to alter the command line in the terminal emulator in some way to make this work? I've made a folder called /sdcard/AirVPN to try a workaround, to no avail. Quote Share this post Link to post
InactiveUser 188 Posted ... Hi maxiel, I tried my instructions on a phone that doesn't have an SD card slot, and I didn't have to modify any instructions.An SD card is not required; Android usually maps the /sdcard/ directory to the main directory of the internal storage if there's no sdcard slot.I'm not an Android expert, so I don't know if all Android versions and devices work that way.In any case, when transferring the AirVPN folder to your device, you're free to choose any writable location on your device - it does not have to be /sdcard/. (analog to step 6)Copy the AirVPN folder to your Android device, to a location of your choice.Figure out the exact path name of that location, perhaps by browsing to it in a file manager. Make note of that path and modify step 9 accordingly:(analog to step 9) cd mv /some/other/Android/path/AirVPN/* . Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
cm0s 118 Posted ... some other notes on droid from Arceon's threadhttps://airvpn.org/topic/19859-android-601-openvpn-for-android-vpn-api-permission-dialog-cancelled/hope this helps cheerz Quote Share this post Link to post
Spyker 2 Posted ... Hi. I'm stuck on step #9. When I enter "mv /sdcard/AirVPN/* .", I get the following: u0_a234@angler:/ $ cdu0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $mv /sdcard/AirVPN/* .mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ovpn': Operation not permittedmv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ssl': Operation not permittedmv: chown '/sdcard/AirVPN/Pollux.': Operation not permittedmv: chown '/sdcard/AirVPN/stunnel.': Operation not permittedmv: chown '/sdcard/AirVPN/stunnel.crt': Operation not permitted1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $chmod 555 stunnel Polluxchmod: stunnel: No such file or directorychmod: Pollux: No such file or directory1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $mv /sdcard/AirVPN/* .mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ovpn': Operation not permittedmv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ssl': Operation not permittedmv: chown '/sdcard/AirVPN/Pollux.': Operation not permittedmv: chown '/sdcard/AirVPN/stunnel.': Operation not permittedmv: chown '/sdcard/AirVPN/stunnel.crt': Operation not permitted1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $chmod 555 stunnel Polluxchmod: stunnel: No such file or directorychmod: Pollux: No such file or directory1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $ It seems the files are not moved to the app_HOME.Any suggestions? Quote Share this post Link to post
nemoAnon 3 Posted ... Hi. I'm stuck on step #9. When I enter "mv /sdcard/AirVPN/* .", I get the following: u0_a234@angler:/ $ cdu0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $mv /sdcard/AirVPN/* .mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ovpn': Operation not permittedmv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ssl': Operation not permittedmv: chown '/sdcard/AirVPN/Pollux.': Operation not permittedmv: chown '/sdcard/AirVPN/stunnel.': Operation not permittedmv: chown '/sdcard/AirVPN/stunnel.crt': Operation not permitted1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $chmod 555 stunnel Polluxchmod: stunnel: No such file or directorychmod: Pollux: No such file or directory1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $mv /sdcard/AirVPN/* .mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ovpn': Operation not permittedmv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ssl': Operation not permittedmv: chown '/sdcard/AirVPN/Pollux.': Operation not permittedmv: chown '/sdcard/AirVPN/stunnel.': Operation not permittedmv: chown '/sdcard/AirVPN/stunnel.crt': Operation not permitted1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $chmod 555 stunnel Polluxchmod: stunnel: No such file or directorychmod: Pollux: No such file or directory1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $ It seems the files are not moved to the app_HOME.Any suggestions? I had the same problem, try copy instead "cp /sdcard/AirVPN/* .". Also if you edited your text files on Windows make sure that yourtext editor can save files with unix EOL, otherwise you'll get"no such file or directory" when you run ./nunki. 3 skink68, InactiveUser and nemo33 reacted to this Quote Share this post Link to post
InactiveUser 188 Posted ... Good observations by nemoAnon, thank you! Unrelated addition: For those that find it inconvenient to get the stunnel binary from the project's website (and manually keep it up to date!), I can recommend Termux. It's a nice alternative terminal emulator that allows you to install additional packages from their repositories with the apt package manager. Stunnel is among the available packages. To some extent you're trading security for convenience as you won't be getting the stunnel binary directly from the stunnel project, but from the Termux repos. I haven't actually tried using Termux yet, but I don't see any reason why it wouldn't work for our purpose. I might post new instructions if anyone needs help adapting them to Termux. Or maybe another friendly soul helps out Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
sleightofthenavigator 0 Posted ... Nice well-written guide. Didn't work for me though as written. I'm on rooted 4.4.2 on a Galaxy Note 10.1. For the sake of simplicity, I used server nunki so I could follow your example without too much messing around. Upon entering command: chmod 555 stunnel nunki I got the response: Unable to chmod stunnel: Operation not permitted I can confirm I have the required files in the specified folder. Any ideas why I'm unable to change the permissions? Any tips greatly appreciated. Quote Share this post Link to post
zhang888 1066 Posted ... Try replacingchmod 555 stunnelwithchmod +x stunnel Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
sleightofthenavigator 0 Posted ... Try replacingchmod 555 stunnelwithchmod +x stunnel Thanks for the suggestion, but sadly when I try this I get: Bad mode Quote Share this post Link to post
sprositut 7 Posted ... Instead of stunnel it is much more convenient to use TLS/SSL Tunnel. To import certificate from the phone it is possible to install Simple HTTP Server. And to import certificates to "Custom Cert Store" just copy the link from the browser which points to the stunnel.crt (I just renamed this file for convenience) The order of actions is the following: Install TLS/SSL Tunnel Install Simple HTTP Server Copy folder with extracted xxx.ovpn and stunnel.crt to the phone In Simple HTTP Server Start it. It will show the link to the local content of the phone Open in the browser on your phone folder where you copied folder with xxx.ovpn and stunnel.crt Long tap on stunnel.crt and copy the link to clipboard In TLS/SSL Tunnel: Import stunnel.crt (or xxx.crt if you renamed it) Screenshot In upper right corner choose "Manage Certificates" Press the button "IMPORT CERTIFICATE" Paste the link from clipboard and press "LOAD" Give any name for certificate you like i.e. stunnel Create connection Screenshot Choose "New" in the right upper corner Give any name you like in the field "Name" In the field "Connect to" type IP address and port from xxx.ssl from the same folder where you took xxx.ovpn and stunnel.crt. It is after string "connect = xxx.xxx.xxx.xxx:443" In the field local port type 1413 In the field Root-Certificate choose "Custom Cert Store" Check all 3 boxes (first is already checked) Press "SAVE" button Now use it Click on connection name Press the button "START TUNNEL" Screenshot You will have green light if it tries to establish connection Screenshot You check log in upper right corner "Show connection Info". If it is successful in the end you will see long list of lines with hexadecimal numbers with Signature Algorithm Screenshot Delete "Simple HTTP Server" Go to OpenVPN import the xxx.ovpn config file Connect Use established secure internet connection To close internet connection you need:In OpenVPN: Disconnect with button "Disconnect" In Tunnel: press the button "STOP ALL TUNNELS" 7 nemo33, BlueLadder, antpile11 and 4 others reacted to this Quote Share this post Link to post
nizammufid 0 Posted ... it say no root but need the permission how ? Quote Share this post Link to post
InEvX 1 Posted ... Instead of stunnel it is much more convenient to use TLS/SSL Tunnel. To import certificate from the phone it is possible to install Simple HTTP Server. And to import certificates to "Custom Cert Store" just copy the link from the browser which points to the stunnel.crt (I just renamed this file for convenience) The order of actions is the following: Install TLS/SSL Tunnel Install Simple HTTP Server Copy folder with extracted xxx.ovpn and stunnel.crt to the phone In Simple HTTP Server Start it. It will show the link to the local content of the phone Open in the browser on your phone folder where you copied folder with xxx.ovpn and stunnel.crt Long tap on stunnel.crt and copy the link to clipboard In TLS/SSL Tunnel: Import stunnel.crt (or xxx.crt if you renamed it) Screenshot In upper right corner choose "Manage Certificates" Press the button "IMPORT CERTIFICATE" Paste the link from clipboard and press "LOAD" Give any name for certificate you like i.e. stunnel Create connection Screenshot Choose "New" in the right upper corner Give any name you like in the field "Name" In the field "Connect to" type IP address and port from xxx.ssl from the same folder where you took xxx.ovpn and stunnel.crt. It is after string "connect = xxx.xxx.xxx.xxx:443" In the field local port type 1413 In the field Root-Certificate choose "Custom Cert Store" Check all 3 boxes (first is already checked) Press "SAVE" button Now use it Click on connection name Press the button "START TUNNEL" Screenshot You will have green light if it tries to establish connection Screenshot You check log in upper right corner "Show connection Info". If it is successful in the end you will see long list of lines with hexadecimal numbers with Signature Algorithm Screenshot Delete "Simple HTTP Server" Go to OpenVPN import the xxx.ovpn config file Connect Use established secure internet connection To close internet connection you need:In OpenVPN: Disconnect with button "Disconnect" In Tunnel: press the button "STOP ALL TUNNELS" Thank you for this! Works beautifully Screenshots don't work unfortunately, but it's not that hard to figure out! Quote Share this post Link to post
usefulvid 18 Posted ... Instead of stunnel it is much more convenient to use TLS/SSL Tunnel. To import certificate from the phone it is possible to install Simple HTTP Server. And to import certificates to "Custom Cert Store" just copy the link from the browser which points to the stunnel.crt (I just renamed this file for convenience) Thanks for this tutorial! I created a (german) youtube video based on your instructions. I also linked to your posting. I hope thats fine for you. Quote Share this post Link to post
pyq 1 Posted ... I followed the first guide and it seems everything worked fine, except, that the profile doesn't show up in OpenVPN for Android after running ./antares (I used the antares server). Did I miss something? Quote Share this post Link to post
greenclaydog 6 Posted ... I followed the first guide and it seems everything worked fine, except, that the profile doesn't show up in OpenVPN for Android after running ./antares (I used the antares server). Did I miss something? You have to add the .ovpn in OpenVPN for Android after running ./antares Make sure it's the .ovpn for SSL 443 from the other files you generated in the config generator. Quote Share this post Link to post
pyq 1 Posted ... I followed the first guide and it seems everything worked fine, except, that the profile doesn't show up in OpenVPN for Android after running ./antares (I used the antares server). Did I miss something? You have to add the .ovpn in OpenVPN for Android after running ./antares Make sure it's the .ovpn for SSL 443 from the other files you generated in the config generator.Thanks, I had the feeling I should do that.However, I cannot connect for some reason. Here's my log from OpenVPN for Android: 2017-03-26 14:32:03 F-Droid built and signed version 0.6.63 running on OnePlus ONEPLUS A3000 (QC_Reference_Phone), Android 7.0 (NRD90M) API 24, ABI arm64-v8a, (OnePlus/OnePlus3/OnePlus3:7.0/NRD90M/01122125:user/release-keys)2017-03-26 14:32:03 Building configuration…2017-03-26 14:32:03 started Socket Thread2017-03-26 14:32:03 Network Status: CONNECTED to WIFI "ChinaNet-DQQu"2017-03-26 14:32:03 Current Parameter Settings:2017-03-26 14:32:03 config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'2017-03-26 14:32:03 mode = 02017-03-26 14:32:03 show_ciphers = DISABLED2017-03-26 14:32:03 show_digests = DISABLED2017-03-26 14:32:03 show_engines = DISABLED2017-03-26 14:32:03 genkey = DISABLED2017-03-26 14:32:03 key_pass_file = '[uNDEF]'2017-03-26 14:32:03 show_tls_ciphers = DISABLED2017-03-26 14:32:03 connect_retry_max = 02017-03-26 14:32:03 Connection profiles [0]:2017-03-26 14:32:03 proto = tcp-client2017-03-26 14:32:03 local = '[uNDEF]'2017-03-26 14:32:03 local_port = '[uNDEF]'2017-03-26 14:32:03 remote = '127.0.0.1'2017-03-26 14:32:03 remote_port = '1413'2017-03-26 14:32:03 remote_float = DISABLED2017-03-26 14:32:03 bind_defined = DISABLED2017-03-26 14:32:03 bind_local = DISABLED2017-03-26 14:32:03 bind_ipv6_only = DISABLED2017-03-26 14:32:03 connect_retry_seconds = 22017-03-26 14:32:03 connect_timeout = 1202017-03-26 14:32:03 socks_proxy_server = '[uNDEF]'2017-03-26 14:32:03 socks_proxy_port = '[uNDEF]'2017-03-26 14:32:03 tun_mtu = 15002017-03-26 14:32:03 tun_mtu_defined = ENABLED2017-03-26 14:32:03 link_mtu = 15002017-03-26 14:32:03 link_mtu_defined = DISABLED2017-03-26 14:32:03 tun_mtu_extra = 02017-03-26 14:32:03 tun_mtu_extra_defined = DISABLED2017-03-26 14:32:03 mtu_discover_type = -12017-03-26 14:32:03 fragment = 02017-03-26 14:32:03 mssfix = 14502017-03-26 14:32:03 explicit_exit_notification = 02017-03-26 14:32:03 Connection profiles END2017-03-26 14:32:03 remote_random = DISABLED2017-03-26 14:32:03 ipchange = '[uNDEF]'2017-03-26 14:32:03 dev = 'tun'2017-03-26 14:32:03 dev_type = '[uNDEF]'2017-03-26 14:32:03 dev_node = '[uNDEF]'2017-03-26 14:32:03 lladdr = '[uNDEF]'2017-03-26 14:32:03 topology = 12017-03-26 14:32:03 ifconfig_local = '[uNDEF]'2017-03-26 14:32:03 ifconfig_remote_netmask = '[uNDEF]'2017-03-26 14:32:03 ifconfig_noexec = DISABLED2017-03-26 14:32:03 ifconfig_nowarn = ENABLED2017-03-26 14:32:03 ifconfig_ipv6_local = '[uNDEF]'2017-03-26 14:32:03 ifconfig_ipv6_netbits = 02017-03-26 14:32:03 ifconfig_ipv6_remote = '[uNDEF]'2017-03-26 14:32:03 shaper = 02017-03-26 14:32:03 mtu_test = 02017-03-26 14:32:03 mlock = DISABLED2017-03-26 14:32:03 keepalive_ping = 02017-03-26 14:32:03 keepalive_timeout = 02017-03-26 14:32:03 inactivity_timeout = 02017-03-26 14:32:03 ping_send_timeout = 02017-03-26 14:32:03 ping_rec_timeout = 02017-03-26 14:32:03 ping_rec_timeout_action = 02017-03-26 14:32:03 ping_timer_remote = DISABLED2017-03-26 14:32:03 remap_sigusr1 = 02017-03-26 14:32:03 persist_tun = ENABLED2017-03-26 14:32:03 persist_local_ip = DISABLED2017-03-26 14:32:03 persist_remote_ip = DISABLED2017-03-26 14:32:03 persist_key = DISABLED2017-03-26 14:32:03 passtos = DISABLED2017-03-26 14:32:03 resolve_retry_seconds = 10000000002017-03-26 14:32:03 resolve_in_advance = ENABLED2017-03-26 14:32:03 username = '[uNDEF]'2017-03-26 14:32:03 groupname = '[uNDEF]'2017-03-26 14:32:03 chroot_dir = '[uNDEF]'2017-03-26 14:32:03 cd_dir = '[uNDEF]'2017-03-26 14:32:03 writepid = '[uNDEF]'2017-03-26 14:32:03 up_script = '[uNDEF]'2017-03-26 14:32:03 down_script = '[uNDEF]'2017-03-26 14:32:03 down_pre = DISABLED2017-03-26 14:32:03 up_restart = DISABLED2017-03-26 14:32:03 up_delay = DISABLED2017-03-26 14:32:03 daemon = DISABLED2017-03-26 14:32:03 inetd = 02017-03-26 14:32:03 log = DISABLED2017-03-26 14:32:03 suppress_timestamps = DISABLED2017-03-26 14:32:03 machine_readable_output = ENABLED2017-03-26 14:32:03 nice = 02017-03-26 14:32:03 verbosity = 42017-03-26 14:32:03 mute = 02017-03-26 14:32:03 gremlin = 02017-03-26 14:32:03 status_file = '[uNDEF]'2017-03-26 14:32:03 status_file_version = 12017-03-26 14:32:03 status_file_update_freq = 602017-03-26 14:32:03 occ = ENABLED2017-03-26 14:32:03 rcvbuf = 02017-03-26 14:32:03 sndbuf = 02017-03-26 14:32:03 sockflags = 02017-03-26 14:32:03 fast_io = DISABLED2017-03-26 14:32:03 comp.alg = 22017-03-26 14:32:03 comp.flags = 12017-03-26 14:32:03 route_script = '[uNDEF]'2017-03-26 14:32:03 route_default_gateway = '[uNDEF]'2017-03-26 14:32:03 route_default_metric = 02017-03-26 14:32:03 route_noexec = DISABLED2017-03-26 14:32:03 route_delay = 02017-03-26 14:32:03 route_delay_window = 302017-03-26 14:32:03 route_delay_defined = DISABLED2017-03-26 14:32:03 route_nopull = DISABLED2017-03-26 14:32:03 route_gateway_via_dhcp = DISABLED2017-03-26 14:32:03 allow_pull_fqdn = DISABLED2017-03-26 14:32:03 route 103.254.153.100/255.255.255.255/net_gateway/default (not set)2017-03-26 14:32:03 management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'2017-03-26 14:32:03 management_port = 'unix'2017-03-26 14:32:03 management_user_pass = '[uNDEF]'2017-03-26 14:32:03 management_log_history_cache = 2502017-03-26 14:32:03 management_echo_buffer_size = 1002017-03-26 14:32:03 management_write_peer_info_file = '[uNDEF]'2017-03-26 14:32:03 management_client_user = '[uNDEF]'2017-03-26 14:32:03 management_client_group = '[uNDEF]'2017-03-26 14:32:03 management_flags = 43902017-03-26 14:32:03 shared_secret_file = '[uNDEF]'2017-03-26 14:32:03 key_direction = 22017-03-26 14:32:03 ciphername = 'AES-256-CBC'2017-03-26 14:32:03 ncp_enabled = ENABLED2017-03-26 14:32:03 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'2017-03-26 14:32:03 authname = 'SHA1'2017-03-26 14:32:03 prng_hash = 'SHA1'2017-03-26 14:32:03 prng_nonce_secret_len = 162017-03-26 14:32:03 keysize = 02017-03-26 14:32:03 engine = DISABLED2017-03-26 14:32:03 replay = ENABLED2017-03-26 14:32:03 mute_replay_warnings = DISABLED2017-03-26 14:32:03 replay_window = 642017-03-26 14:32:03 replay_time = 152017-03-26 14:32:03 packet_id_file = '[uNDEF]'2017-03-26 14:32:03 use_iv = ENABLED2017-03-26 14:32:03 test_crypto = DISABLED2017-03-26 14:32:03 tls_server = DISABLED2017-03-26 14:32:03 tls_client = ENABLED2017-03-26 14:32:03 key_method = 22017-03-26 14:32:03 ca_file = '[[iNLINE]]'2017-03-26 14:32:03 ca_path = '[uNDEF]'2017-03-26 14:32:03 dh_file = '[uNDEF]'2017-03-26 14:32:03 cert_file = '[[iNLINE]]'2017-03-26 14:32:03 extra_certs_file = '[uNDEF]'2017-03-26 14:32:03 priv_key_file = '[[iNLINE]]'2017-03-26 14:32:03 pkcs12_file = '[uNDEF]'2017-03-26 14:32:03 cipher_list = '[uNDEF]'2017-03-26 14:32:03 tls_verify = '[uNDEF]'2017-03-26 14:32:03 tls_export_cert = '[uNDEF]'2017-03-26 14:32:03 verify_x509_type = 02017-03-26 14:32:03 verify_x509_name = '[uNDEF]'2017-03-26 14:32:03 crl_file = '[uNDEF]'2017-03-26 14:32:03 ns_cert_type = 02017-03-26 14:32:03 remote_cert_ku = 1602017-03-26 14:32:03 remote_cert_ku = 1362017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_ku = 02017-03-26 14:32:03 remote_cert_eku = 'TLS Web Server Authentication'2017-03-26 14:32:03 ssl_flags = 02017-03-26 14:32:03 tls_timeout = 22017-03-26 14:32:03 renegotiate_bytes = -12017-03-26 14:32:03 renegotiate_packets = 02017-03-26 14:32:03 renegotiate_seconds = 36002017-03-26 14:32:03 handshake_window = 602017-03-26 14:32:03 transition_window = 36002017-03-26 14:32:03 single_session = DISABLED2017-03-26 14:32:03 push_peer_info = DISABLED2017-03-26 14:32:03 tls_exit = DISABLED2017-03-26 14:32:03 tls_auth_file = '[[iNLINE]]'2017-03-26 14:32:03 tls_crypt_file = '[uNDEF]'2017-03-26 14:32:03 client = ENABLED2017-03-26 14:32:03 pull = ENABLED2017-03-26 14:32:03 auth_user_pass_file = '[uNDEF]'2017-03-26 14:32:03 OpenVPN 2.5-icsopenvpn [git:HEAD-53e588afe9fe4500] android-21-arm64-v8a [sSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 30 20162017-03-26 14:32:03 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.092017-03-26 14:32:03 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket2017-03-26 14:32:03 MANAGEMENT: CMD 'hold release'2017-03-26 14:32:03 MANAGEMENT: CMD 'proxy NONE'2017-03-26 14:32:03 MANAGEMENT: CMD 'bytecount 2'2017-03-26 14:32:03 MANAGEMENT: CMD 'state on'2017-03-26 14:32:04 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2017-03-26 14:32:04 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2017-03-26 14:32:04 LZO compression initializing2017-03-26 14:32:04 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]2017-03-26 14:32:04 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]2017-03-26 14:32:04 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'2017-03-26 14:32:04 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'2017-03-26 14:32:04 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:14132017-03-26 14:32:04 Socket Buffers: R=[1048576->1048576] S=[524288->524288]2017-03-26 14:32:04 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 [nonblock]2017-03-26 14:32:04 MANAGEMENT: >STATE:1490509924,TCP_CONNECT,,,,,,2017-03-26 14:32:04 TCP connection established with [AF_INET]127.0.0.1:14132017-03-26 14:32:04 TCP_CLIENT link local: (not bound)2017-03-26 14:32:04 TCP_CLIENT link remote: [AF_INET]127.0.0.1:14132017-03-26 14:32:04 MANAGEMENT: >STATE:1490509924,WAIT,,,,,,2017-03-26 14:32:06 MANAGEMENT: >STATE:1490509926,AUTH,,,,,,2017-03-26 14:32:06 TLS: Initial packet from [AF_INET]127.0.0.1:1413, sid=00b9636f 1413fccd2017-03-26 14:32:06 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org2017-03-26 14:32:06 Validating certificate key usage2017-03-26 14:32:06 ++ Certificate has key usage 00a0, expects 00a02017-03-26 14:32:06 VERIFY KU OK2017-03-26 14:32:06 Validating certificate extended key usage2017-03-26 14:32:06 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication2017-03-26 14:32:06 VERIFY EKU OK2017-03-26 14:32:06 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Antares, emailAddress=info@airvpn.org2017-03-26 14:32:07 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA2017-03-26 14:32:07 [Antares] Peer Connection Initiated with [AF_INET]127.0.0.1:14132017-03-26 14:32:09 MANAGEMENT: >STATE:1490509929,GET_CONFIG,,,,,,2017-03-26 14:32:09 SENT CONTROL [Antares]: 'PUSH_REQUEST' (status=1)2017-03-26 14:32:09 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.50.0.1,comp-lzo no,route-gateway 10.50.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.50.0.86 255.255.0.0,peer-id 0,cipher AES-256-GCM'2017-03-26 14:32:09 OPTIONS IMPORT: timers and/or timeouts modified2017-03-26 14:32:09 OPTIONS IMPORT: compression parms modified2017-03-26 14:32:09 OPTIONS IMPORT: --ifconfig/up options modified2017-03-26 14:32:09 OPTIONS IMPORT: route options modified2017-03-26 14:32:09 OPTIONS IMPORT: route-related options modified2017-03-26 14:32:09 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified2017-03-26 14:32:09 OPTIONS IMPORT: peer-id set2017-03-26 14:32:09 OPTIONS IMPORT: adjusting link_mtu to 16272017-03-26 14:32:09 OPTIONS IMPORT: data channel crypto options modified2017-03-26 14:32:09 Data Channel MTU parms [ L:1555 D:1450 EF:55 EB:406 ET:0 EL:3 ]2017-03-26 14:32:09 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key2017-03-26 14:32:09 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key2017-03-26 14:32:09 GDG: SIOCGIFHWADDR(lo) failed2017-03-26 14:32:09 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo2017-03-26 14:32:09 do_ifconfig, tt->did_ifconfig_ipv6_setup=02017-03-26 14:32:09 MANAGEMENT: >STATE:1490509929,ASSIGN_IP,,10.50.0.86,,,,2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'ROUTE' ok'2017-03-26 14:32:09 MANAGEMENT: >STATE:1490509929,ADD_ROUTES,,,,,,2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'ROUTE' ok'2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'2017-03-26 14:32:09 Opening tun interface:2017-03-26 14:32:09 Ignoring multicast route: 224.0.0.0/32017-03-26 14:32:09 Local IPv4: 10.50.0.86/16 IPv6: null MTU: 15002017-03-26 14:32:09 DNS Server: 10.50.0.1, Domain: null2017-03-26 14:32:09 Routes: 0.0.0.0/0, 10.50.0.0/162017-03-26 14:32:09 Routes excluded: 103.254.153.100/32, 192.168.1.2/242017-03-26 14:32:09 VpnService routes installed: 0.0.0.0/2, 64.0.0.0/3, 96.0.0.0/6, 100.0.0.0/7, 102.0.0.0/8, 103.0.0.0/9, 103.128.0.0/10, 103.192.0.0/11, 103.224.0.0/12, 103.240.0.0/13, 103.248.0.0/14, 103.252.0.0/15, 103.254.0.0/17, 103.254.128.0/20, 103.254.144.0/21, 103.254.152.0/24, 103.254.153.0/26, 103.254.153.64/27, 103.254.153.96/30, 103.254.153.101/32, 103.254.153.102/31, 103.254.153.104/29, 103.254.153.112/28, 103.254.153.128/25, 103.254.154.0/23, 103.254.156.0/22, 103.254.160.0/19, 103.254.192.0/18, 103.255.0.0/16, 104.0.0.0/5, 112.0.0.0/4, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/24, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/32017-03-26 14:32:09 Disallowed VPN apps:2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'OPENTUN' ok'2017-03-26 14:32:09 Initialization Sequence Completed2017-03-26 14:32:09 MANAGEMENT: >STATE:1490509929,CONNECTED,SUCCESS,10.50.0.86,127.0.0.1,1413,127.0.0.1,496592017-03-26 14:32:09 Connection reset, restarting [-1]2017-03-26 14:32:09 TCP/UDP: Closing socket2017-03-26 14:32:09 SIGUSR1[soft,connection-reset] received, process restarting2017-03-26 14:32:09 MANAGEMENT: >STATE:1490509929,RECONNECTING,connection-reset,,,,,2017-03-26 14:32:11 MANAGEMENT: CMD 'hold release'2017-03-26 14:32:11 MANAGEMENT: CMD 'proxy NONE'2017-03-26 14:32:11 MANAGEMENT: CMD 'bytecount 2'2017-03-26 14:32:11 MANAGEMENT: CMD 'state on'2017-03-26 14:32:12 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2017-03-26 14:32:12 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2017-03-26 14:32:12 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]2017-03-26 14:32:12 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]2017-03-26 14:32:12 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client'2017-03-26 14:32:12 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server'2017-03-26 14:32:12 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:14132017-03-26 14:32:12 Socket Buffers: R=[1048576->1048576] S=[524288->524288]2017-03-26 14:32:12 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 [nonblock]2017-03-26 14:32:12 MANAGEMENT: >STATE:1490509932,TCP_CONNECT,,,,,,2017-03-26 14:32:12 TCP connection established with [AF_INET]127.0.0.1:14132017-03-26 14:32:12 TCP_CLIENT link local: (not bound)2017-03-26 14:32:12 TCP_CLIENT link remote: [AF_INET]127.0.0.1:14132017-03-26 14:32:12 MANAGEMENT: >STATE:1490509932,WAIT,,,,,,2017-03-26 14:32:13 MANAGEMENT: >STATE:1490509933,AUTH,,,,,,2017-03-26 14:32:13 TLS: Initial packet from [AF_INET]127.0.0.1:1413, sid=77da9476 d0fccd602017-03-26 14:32:13 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org2017-03-26 14:32:13 Validating certificate key usage2017-03-26 14:32:13 ++ Certificate has key usage 00a0, expects 00a02017-03-26 14:32:13 VERIFY KU OK2017-03-26 14:32:13 Validating certificate extended key usage2017-03-26 14:32:13 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication2017-03-26 14:32:13 VERIFY EKU OK2017-03-26 14:32:13 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Antares, emailAddress=info@airvpn.org2017-03-26 14:32:14 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1552', remote='link-mtu 1560'2017-03-26 14:32:14 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-256-CBC'2017-03-26 14:32:14 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'2017-03-26 14:32:14 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA2017-03-26 14:32:14 [Antares] Peer Connection Initiated with [AF_INET]127.0.0.1:14132017-03-26 14:32:15 MANAGEMENT: >STATE:1490509935,GET_CONFIG,,,,,,2017-03-26 14:32:15 SENT CONTROL [Antares]: 'PUSH_REQUEST' (status=1)2017-03-26 14:32:15 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.50.0.1,comp-lzo no,route-gateway 10.50.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.50.0.86 255.255.0.0,peer-id 0,cipher AES-256-GCM'2017-03-26 14:32:15 OPTIONS IMPORT: timers and/or timeouts modified2017-03-26 14:32:15 OPTIONS IMPORT: compression parms modified2017-03-26 14:32:15 OPTIONS IMPORT: --ifconfig/up options modified2017-03-26 14:32:15 OPTIONS IMPORT: route options modified2017-03-26 14:32:15 OPTIONS IMPORT: route-related options modified2017-03-26 14:32:15 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified2017-03-26 14:32:15 OPTIONS IMPORT: peer-id set2017-03-26 14:32:15 OPTIONS IMPORT: adjusting link_mtu to 16272017-03-26 14:32:15 OPTIONS IMPORT: data channel crypto options modified2017-03-26 14:32:15 Data Channel MTU parms [ L:1555 D:1450 EF:55 EB:406 ET:0 EL:3 ]2017-03-26 14:32:15 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key2017-03-26 14:32:15 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key2017-03-26 14:32:15 GDG: SIOCGIFHWADDR(lo) failed2017-03-26 14:32:15 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo2017-03-26 14:32:15 do_ifconfig, tt->did_ifconfig_ipv6_setup=02017-03-26 14:32:15 MANAGEMENT: >STATE:1490509935,ASSIGN_IP,,10.50.0.86,,,,2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'ROUTE' ok'2017-03-26 14:32:15 MANAGEMENT: >STATE:1490509935,ADD_ROUTES,,,,,,2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'ROUTE' ok'2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'2017-03-26 14:32:15 Opening tun interface:2017-03-26 14:32:15 Ignoring multicast route: 224.0.0.0/32017-03-26 14:32:15 Local IPv4: 10.50.0.86/16 IPv6: null MTU: 15002017-03-26 14:32:15 DNS Server: 10.50.0.1, Domain: null2017-03-26 14:32:15 Routes: 0.0.0.0/0, 10.50.0.0/162017-03-26 14:32:15 Routes excluded: 103.254.153.100/32, 192.168.1.2/242017-03-26 14:32:15 VpnService routes installed: 0.0.0.0/2, 64.0.0.0/3, 96.0.0.0/6, 100.0.0.0/7, 102.0.0.0/8, 103.0.0.0/9, 103.128.0.0/10, 103.192.0.0/11, 103.224.0.0/12, 103.240.0.0/13, 103.248.0.0/14, 103.252.0.0/15, 103.254.0.0/17, 103.254.128.0/20, 103.254.144.0/21, 103.254.152.0/24, 103.254.153.0/26, 103.254.153.64/27, 103.254.153.96/30, 103.254.153.101/32, 103.254.153.102/31, 103.254.153.104/29, 103.254.153.112/28, 103.254.153.128/25, 103.254.154.0/23, 103.254.156.0/22, 103.254.160.0/19, 103.254.192.0/18, 103.255.0.0/16, 104.0.0.0/5, 112.0.0.0/4, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/24, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/32017-03-26 14:32:15 Disallowed VPN apps:2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'OPENTUN' ok'2017-03-26 14:32:15 Initialization Sequence Completed2017-03-26 14:32:15 MANAGEMENT: >STATE:1490509935,CONNECTED,SUCCESS,10.50.0.86,127.0.0.1,1413,127.0.0.1,496622017-03-26 14:32:15 write TCP_CLIENT []: Connection reset by peer (code=104)2017-03-26 14:32:15 Connection reset, restarting [0]2017-03-26 14:32:15 TCP/UDP: Closing socket2017-03-26 14:32:15 SIGUSR1[soft,connection-reset] received, process restarting2017-03-26 14:32:15 MANAGEMENT: >STATE:1490509935,RECONNECTING,connection-reset,,,,,2017-03-26 14:32:17 MANAGEMENT: CMD 'hold release'2017-03-26 14:32:17 MANAGEMENT: CMD 'proxy NONE'2017-03-26 14:32:17 MANAGEMENT: CMD 'bytecount 2'2017-03-26 14:32:17 MANAGEMENT: CMD 'state on'2017-03-26 14:32:18 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2017-03-26 14:32:18 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2017-03-26 14:32:18 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]2017-03-26 14:32:18 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]2017-03-26 14:32:18 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client'2017-03-26 14:32:18 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server'2017-03-26 14:32:18 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:14132017-03-26 14:32:18 Socket Buffers: R=[1048576->1048576] S=[524288->524288]2017-03-26 14:32:18 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 [nonblock]2017-03-26 14:32:18 MANAGEMENT: >STATE:1490509938,TCP_CONNECT,,,,,,2017-03-26 14:32:18 TCP connection established with [AF_INET]127.0.0.1:14132017-03-26 14:32:18 TCP_CLIENT link local: (not bound)2017-03-26 14:32:18 TCP_CLIENT link remote: [AF_INET]127.0.0.1:14132017-03-26 14:32:18 MANAGEMENT: >STATE:1490509938,WAIT,,,,,,2017-03-26 14:32:19 MANAGEMENT: >STATE:1490509939,AUTH,,,,,,2017-03-26 14:32:19 TLS: Initial packet from [AF_INET]127.0.0.1:1413, sid=21617909 4e1858542017-03-26 14:32:19 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org2017-03-26 14:32:19 Validating certificate key usage2017-03-26 14:32:19 ++ Certificate has key usage 00a0, expects 00a02017-03-26 14:32:19 VERIFY KU OK2017-03-26 14:32:19 Validating certificate extended key usage2017-03-26 14:32:19 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication2017-03-26 14:32:19 VERIFY EKU OK2017-03-26 14:32:19 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Antares, emailAddress=info@airvpn.org2017-03-26 14:32:21 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1552', remote='link-mtu 1560'2017-03-26 14:32:21 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-256-CBC'2017-03-26 14:32:21 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'2017-03-26 14:32:21 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA2017-03-26 14:32:21 [Antares] Peer Connection Initiated with [AF_INET]127.0.0.1:14132017-03-26 14:32:22 MANAGEMENT: >STATE:1490509942,GET_CONFIG,,,,,,2017-03-26 14:32:22 SENT CONTROL [Antares]: 'PUSH_REQUEST' (status=1)2017-03-26 14:32:22 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.50.0.1,comp-lzo no,route-gateway 10.50.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.50.0.86 255.255.0.0,peer-id 0,cipher AES-256-GCM'2017-03-26 14:32:22 OPTIONS IMPORT: timers and/or timeouts modified2017-03-26 14:32:22 OPTIONS IMPORT: compression parms modified2017-03-26 14:32:22 OPTIONS IMPORT: --ifconfig/up options modified2017-03-26 14:32:22 OPTIONS IMPORT: route options modified2017-03-26 14:32:22 OPTIONS IMPORT: route-related options modified2017-03-26 14:32:22 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified2017-03-26 14:32:22 OPTIONS IMPORT: peer-id set2017-03-26 14:32:22 OPTIONS IMPORT: adjusting link_mtu to 16272017-03-26 14:32:22 OPTIONS IMPORT: data channel crypto options modified2017-03-26 14:32:22 Data Channel MTU parms [ L:1555 D:1450 EF:55 EB:406 ET:0 EL:3 ]2017-03-26 14:32:22 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key2017-03-26 14:32:22 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key2017-03-26 14:32:22 GDG: SIOCGIFHWADDR(lo) failed2017-03-26 14:32:22 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo2017-03-26 14:32:22 do_ifconfig, tt->did_ifconfig_ipv6_setup=02017-03-26 14:32:22 MANAGEMENT: >STATE:1490509942,ASSIGN_IP,,10.50.0.86,,,,2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'ROUTE' ok'2017-03-26 14:32:22 MANAGEMENT: >STATE:1490509942,ADD_ROUTES,,,,,,2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'ROUTE' ok'2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'2017-03-26 14:32:22 Opening tun interface:2017-03-26 14:32:22 Ignoring multicast route: 224.0.0.0/32017-03-26 14:32:22 Local IPv4: 10.50.0.86/16 IPv6: null MTU: 15002017-03-26 14:32:22 DNS Server: 10.50.0.1, Domain: null2017-03-26 14:32:22 Routes: 0.0.0.0/0, 10.50.0.0/162017-03-26 14:32:22 Routes excluded: 103.254.153.100/32, 192.168.1.2/242017-03-26 14:32:22 VpnService routes installed: 0.0.0.0/2, 64.0.0.0/3, 96.0.0.0/6, 100.0.0.0/7, 102.0.0.0/8, 103.0.0.0/9, 103.128.0.0/10, 103.192.0.0/11, 103.224.0.0/12, 103.240.0.0/13, 103.248.0.0/14, 103.252.0.0/15, 103.254.0.0/17, 103.254.128.0/20, 103.254.144.0/21, 103.254.152.0/24, 103.254.153.0/26, 103.254.153.64/27, 103.254.153.96/30, 103.254.153.101/32, 103.254.153.102/31, 103.254.153.104/29, 103.254.153.112/28, 103.254.153.128/25, 103.254.154.0/23, 103.254.156.0/22, 103.254.160.0/19, 103.254.192.0/18, 103.255.0.0/16, 104.0.0.0/5, 112.0.0.0/4, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/24, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/32017-03-26 14:32:22 Disallowed VPN apps:2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'OPENTUN' ok'2017-03-26 14:32:22 Initialization Sequence Completed2017-03-26 14:32:22 MANAGEMENT: >STATE:1490509942,CONNECTED,SUCCESS,10.50.0.86,127.0.0.1,1413,127.0.0.1,496662017-03-26 14:32:22 write TCP_CLIENT []: Connection reset by peer (code=104)2017-03-26 14:32:22 Connection reset, restarting [0]2017-03-26 14:32:22 TCP/UDP: Closing socket2017-03-26 14:32:22 SIGUSR1[soft,connection-reset] received, process restarting2017-03-26 14:32:22 MANAGEMENT: >STATE:1490509942,RECONNECTING,connection-reset,,,,,2017-03-26 14:32:24 MANAGEMENT: CMD 'hold release'2017-03-26 14:32:24 MANAGEMENT: CMD 'proxy NONE'2017-03-26 14:32:24 MANAGEMENT: CMD 'bytecount 2'2017-03-26 14:32:24 MANAGEMENT: CMD 'state on'2017-03-26 14:32:25 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2017-03-26 14:32:25 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2017-03-26 14:32:25 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]2017-03-26 14:32:25 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]2017-03-26 14:32:25 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client'2017-03-26 14:32:25 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server'2017-03-26 14:32:25 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:14132017-03-26 14:32:25 Socket Buffers: R=[1048576->1048576] S=[524288->524288]2017-03-26 14:32:25 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 [nonblock]2017-03-26 14:32:25 MANAGEMENT: >STATE:1490509945,TCP_CONNECT,,,,,,2017-03-26 14:32:25 TCP connection established with [AF_INET]127.0.0.1:14132017-03-26 14:32:25 TCP_CLIENT link local: (not bound)2017-03-26 14:32:25 TCP_CLIENT link remote: [AF_INET]127.0.0.1:14132017-03-26 14:32:25 MANAGEMENT: >STATE:1490509945,WAIT,,,,,,2017-03-26 14:32:25 MANAGEMENT: CMD 'signal SIGINT'2017-03-26 14:32:25 TCP/UDP: Closing socket2017-03-26 14:32:25 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.2017-03-26 14:32:25 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.2017-03-26 14:32:25 Closing TUN/TAP interface2017-03-26 14:32:26 SIGINT[hard,] received, process exiting2017-03-26 14:32:26 MANAGEMENT: >STATE:1490509946,EXITING,SIGINT,,,,, Any idea? I also tried to second guide, but receive an error in OpenVPN Connect saying "Unknown Open VPN event occured: Transport error cn '127.0.0.1: NETWORK_RECV_ERROR. Unfortunately I don't know how to copy the log from that app. Quote Share this post Link to post
pyq 1 Posted ... And my log from Terminal Emulator (somehow I couldn't create a second spoiler above): OnePlus3:/ $ cdOnePlus3:/data/user/0/jackpal.androidterm/app_HOME $./antares2017.03.26 14:28:26 LOG5[ui]: stunnel 5.40 on arm-unknown-linux-androideabi platform2017.03.26 14:28:26 LOG5[ui]: Compiled/running with OpenSSL 1.0.2k 26 Jan 20172017.03.26 14:28:26 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI2017.03.26 14:28:26 LOG5[ui]: Reading configuration from file /data/data/jackpal.androidterm/app_HOME/AirVPN_SG-Singapore_Antares_SSL-443.ssl2017.03.26 14:28:26 LOG5[ui]: UTF-8 byte order mark not detected2017.03.26 14:28:26 LOG5[ui]: FIPS mode disabled2017.03.26 14:28:26 LOG6[ui]: Initializing service [openvpn]2017.03.26 14:28:26 LOG5[ui]: Configuration successful2017.03.26 14:29:26 LOG6[cron]: Executing cron jobs2017.03.26 14:29:26 LOG6[cron]: Cron jobs completed in 0 seconds2017.03.26 14:32:04 LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:496592017.03.26 14:32:04 LOG6[0]: s_connect: connecting 103.254.153.100:4432017.03.26 14:32:05 LOG5[0]: s_connect: connected 103.254.153.100:4432017.03.26 14:32:05 LOG5[0]: Service [openvpn] connected remote server from 192.168.1.2:470102017.03.26 14:32:05 LOG6[0]: SNI: sending servername: 103.254.153.1002017.03.26 14:32:05 LOG6[0]: Peer certificate required2017.03.26 14:32:05 LOG6[0]: CERT: Locally installed certificate matched2017.03.26 14:32:05 LOG5[0]: Certificate accepted at depth=0: C=IT, ST=Italy, L=Perugia, O=AirVPN, OU=stunnel, CN=stunnel.airvpn.org, emailAddress=info@airvpn.org2017.03.26 14:32:05 LOG6[0]: Client certificate not requested2017.03.26 14:32:05 LOG6[0]: TLS connected: new session negotiated2017.03.26 14:32:05 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)2017.03.26 14:32:09 LOG3[0]: socket fd: Software caused connection abort (103)2017.03.26 14:32:09 LOG6[0]: writesocket: Socket is closed2017.03.26 14:32:09 LOG3[0]: TLS fd: Software caused connection abort (103)2017.03.26 14:32:09 LOG6[0]: SSL_shutdown: Socket is closed2017.03.26 14:32:09 LOG6[0]: TLS closed (SSL_read)2017.03.26 14:32:09 LOG5[0]: Connection closed: 3718 byte(s) sent to TLS, 3708 byte(s) sent to socket2017.03.26 14:32:12 LOG5[1]: Service [openvpn] accepted connection from 127.0.0.1:496622017.03.26 14:32:12 LOG6[1]: s_connect: connecting 103.254.153.100:4432017.03.26 14:32:12 LOG5[1]: s_connect: connected 103.254.153.100:4432017.03.26 14:32:12 LOG5[1]: Service [openvpn] connected remote server from 192.168.1.2:470132017.03.26 14:32:12 LOG6[1]: SNI: sending servername: 103.254.153.1002017.03.26 14:32:12 LOG6[1]: Peer certificate required2017.03.26 14:32:13 LOG6[1]: TLS connected: previous session reused2017.03.26 14:32:15 LOG3[1]: TLS fd: Software caused connection abort (103)2017.03.26 14:32:15 LOG6[1]: TLS socket closed (SSL_read)2017.03.26 14:32:15 LOG5[1]: Connection closed: 3631 byte(s) sent to TLS, 3656 byte(s) sent to socket2017.03.26 14:32:18 LOG5[2]: Service [openvpn] accepted connection from 127.0.0.1:496662017.03.26 14:32:18 LOG6[2]: s_connect: connecting 103.254.153.100:4432017.03.26 14:32:18 LOG5[2]: s_connect: connected 103.254.153.100:4432017.03.26 14:32:18 LOG5[2]: Service [openvpn] connected remote server from 192.168.1.2:470172017.03.26 14:32:18 LOG6[2]: SNI: sending servername: 103.254.153.1002017.03.26 14:32:18 LOG6[2]: Peer certificate required2017.03.26 14:32:18 LOG6[2]: TLS connected: previous session reused2017.03.26 14:32:22 LOG3[2]: socket fd: Software caused connection abort (103)2017.03.26 14:32:22 LOG6[2]: writesocket: Socket is closed2017.03.26 14:32:22 LOG3[2]: TLS fd: Software caused connection abort (103)2017.03.26 14:32:22 LOG6[2]: SSL_shutdown: Socket is closed2017.03.26 14:32:22 LOG6[2]: TLS closed (SSL_read)2017.03.26 14:32:22 LOG5[2]: Connection closed: 3631 byte(s) sent to TLS, 3656 byte(s) sent to socket2017.03.26 14:32:25 LOG5[3]: Service [openvpn] accepted connection from 127.0.0.1:496692017.03.26 14:32:25 LOG6[3]: s_connect: connecting 103.254.153.100:4432017.03.26 14:32:26 LOG5[3]: s_connect: connected 103.254.153.100:4432017.03.26 14:32:26 LOG5[3]: Service [openvpn] connected remote server from 192.168.1.2:470202017.03.26 14:32:26 LOG6[3]: SNI: sending servername: 103.254.153.1002017.03.26 14:32:26 LOG6[3]: Peer certificate required2017.03.26 14:32:26 LOG6[3]: TLS connected: previous session reused2017.03.26 14:32:26 LOG6[3]: Read socket closed (read hangup)2017.03.26 14:32:26 LOG6[3]: SSL_shutdown successfully sent close_notify alert2017.03.26 14:32:26 LOG3[3]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing2017.03.26 14:32:26 LOG5[3]: Connection closed: 44 byte(s) sent to TLS, 0 byte(s) sent to socket2017.03.26 14:34:59 LOG5[4]: Service [openvpn] accepted connection from 127.0.0.1:496822017.03.26 14:34:59 LOG6[4]: s_connect: connecting 103.254.153.100:4432017.03.26 14:34:59 LOG5[4]: s_connect: connected 103.254.153.100:4432017.03.26 14:34:59 LOG5[4]: Service [openvpn] connected remote server from 192.168.1.2:470332017.03.26 14:34:59 LOG6[4]: SNI: sending servername: 103.254.153.1002017.03.26 14:34:59 LOG6[4]: Peer certificate required2017.03.26 14:34:59 LOG6[4]: TLS connected: previous session reused2017.03.26 14:34:59 LOG6[4]: Read socket closed (read hangup)2017.03.26 14:34:59 LOG6[4]: SSL_shutdown successfully sent close_notify alert2017.03.26 14:34:59 LOG3[4]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing2017.03.26 14:34:59 LOG5[4]: Connection closed: 132 byte(s) sent to TLS, 0 byte(s) sent to socket Quote Share this post Link to post
greenclaydog 6 Posted ... The second guide never really worked for me. it would always work once, but requires resetting every time i lost connection. Stick to the first guide. Did you add terminal emulator to the configs exclusion list? Essentially if you don't do that it will sever the SSL connection every time you attempt a connection. Excluding it allows the Terminal Emulator's connection to run via the naked ISP, since that is the app which will in essence be tunneling your encrypted data. 1 philairvpn reacted to this Quote Share this post Link to post
pyq 1 Posted ... Did you add terminal emulator to the configs exclusion list?Not that I knew. Which config are you talking of? Could you please explain how I can do that? Also, supposed it was working, then I would have to run "./servername" in the emulator every time I want to use the VPN, right (like after rebooting my phone)? Quote Share this post Link to post
pyq 1 Posted ... My session via OpenVPN for Android ends after about a minute or so. I have to either manually reconnect or turn the screen off for a short time and on again, which is too annoying to deal with every minute. Is there a way to fix that? First I thought it might have to do with the server, but I tried four different ones, all the same no matter what time of the day. I am not using any google services though, since I'm using the Chinese version OnePlus 3, might that be the problem? Quote Share this post Link to post