Jump to content
Not connected, Your IP: 18.116.85.108
InactiveUser

[How-To] [OBSOLETE] AirVPN through stunnel on Android

Recommended Posts




ATTENTION: This tutorial is out of date, incomplete and deprecated.

 

A new and improved version of this tutorial can be found here: https://airvpn.org/topic/24349-how-to-airvpn-via-sslstunnel-on-android-678/

 

 

This thread is only kept online for historical reference.

 

 

 

 

 



Goal and obstacles

We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. On Android, a few obstacles have to be worked around:

a. there is no AirVPN Eddie client for Android.
Solution: We will use OpenVPN and stunnel directly.
b. there is no stunnel app in any Android appstore.
Solution: we will download the stunnel Android binary (provided by the stunnel project itself) and run it from the commandline.
c. Android does not allow us to execute any programs from the sdcard.
Solution: we will move stunnel to a special location (owned by the Terminal app), which will allow the Terminal app to execute stunnel.
d. stunnel wants to write to /tmp/, but there's no /tmp/ on Android.
Solution: we will modify the .ssl config file to change the pidfile location to a writable directory.





Software Requirements
  • Android 4.0 or newer (device does not have to be rooted)
  • stunnel compiled for Android (FOSS), via project website
  • OpenVPN for Android (FOSS), via F-Droid or Play Store
  • Jack Palevich's Terminal Emulator for Android (FOSS), via F-Droid or Play Store
  • a separate computer to download/edit the necessary config files and binaries (entirely optional, but easier than doing everything on the Android device itself)





Setup instructions

1. Generate config files with AirVPN's config generator
  • choose Linux
  • pick one single server of your choice. I will use Nunki for this tutorial!
  • for Connection Mode, choose SSL Tunnel, port 443 (visible after enabling Advanced Mode)
  • enable Resolved hosts in .ovpn file
  • leave all the other settings at their default values
  • download and unzip the generated zip file
  • this should result in an AirVPN folder, containing three files

2. Open the ssl config file (AirVPN_GB-Manchester_Nunki_SSL-443.ssl) in a text editor.

Find the line:

pid = /tmp/stunnel4.pid

Change it to:

pid = /data/data/jackpal.androidterm/app_HOME/stunnel4.pid

Save and close the file.

 

3. In a text editor, create a new file with the following contents:

#!/system/bin/shcd /data/data/jackpal.androidterm/app_HOME./stunnel AirVPN_GB-Manchester_Nunki_SSL-443.ssl

Save it to a file named nunki (no file extension).
Put the file into the AirVPN folder, next to our other config files.


4. Download and unzip stunnel for Android from the stunnel website (stunnel-X.XX-android.zip)

Put the stunnel file (only the file, not the folder) into the AirVPN folder.


5. Make sure your AirVPN folder now contains the following files:

AirVPN_GB-Manchester_Nunki_SSL-443.ovpnAirVPN_GB-Manchester_Nunki_SSL-443.sslnunkistunnelstunnel.crt

6. Copy the whole AirVPN folder to your Android's SD card.

The path should be:

/sdcard/AirVPN/

7. Install OpenVPN for Android via F-Droid or Play Store and import the .ovpn config file located at

/sdcard/AirVPN/AirVPN_GB-Manchester_Nunki_SSL-443.ovpn

Don't try to connect just yet.


8. Install Terminal Emulator for Android, via F-Droid or Play Store


9. Open Terminal Emulator and successively run the following commands:

cd

The simple cd command should take you to the app's home directory (/data/data/jackpal.androidterm/app_HOME).
This is where we need to put our config files and the stunnel binary. Let's move them over by running:

mv /sdcard/AirVPN/* .

It's important to type every character correctly (commandline is case sensitive); the "*" is a wildcard expanding to all files in the AirVPN folder, and the "." is a placeholder for the current directory /data/data/jackpal.androidterm/app_HOME. Typing commands on Android is a big pain, so I try to keep them as short as possible!

Finally, we need to modify permissions for the binary and the script, allowing us to execute them:

chmod 555 stunnel nunki

We should be ready to go!





Usage instructions

I. Open Terminal Emulator and run the following two commands:
 
cd
./nunki

A log message should appear: Configuration successful
Great! Keep the Terminal app running, but use the Home button to get out.

II. Open OpenVPN for Android and connect to the profile AirVPN_GB_Manchester_Nunki_SSL-443
Unless something went wrong, you should get Initialization Sequence Completed - great!
I recommend performing the usual leak tests and perhaps diving into OpenVPN's profile settings before relying on your configuration to work as you expect it to.


III. To disconnect:

  • Disconnect VPN in OpenVPN
  • open Terminal Emulator, press VOLUME_DOWN + C to kill stunnel
  • press the X button to close the terminal session

IV. If stunnel isn't shutdown properly, you may see an error if you try to run stunnel again:
 

[!] Error binding service [openvpn] to 127.0.0.1:1413[!] bind: Address already in use (98)[ ] Closing service [openvpn][ ] Service [openvpn] closed

This means stunnel is still running in the background. You can kill it by running:
 

killall stunnel






Footnotes

I successfully followed my own tutorial using:
CyanogenMod 12.1 nightly (≈ Android 5.1)stunnel 5.23OpenVPN for Android 0.6.35 (F-Droid)Terminal Emulator 1.0.70 (F-Droid)

Testers welcome, especially if you're using different Android and software versions.

Credits:


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Thank you very much for this. I've been wanting to find some way of bypassing OpenVPN blocks on Android for a while.  EDIT: Everything seems to have worked, I'm posting this through the SSL tunnel right now.

Share this post


Link to post

Hi, after ./nunki I got

 

 

/system/bin/sh: nunki: not found
 

Ideas? nunki has 555 permission

 

And it's ridiculous slow: 0.3 Mbps

Share this post


Link to post

@Zaroad:

 

before running "./nunki", did you run "cd" to jump into Terminals home directory? That's where all the stunnel files should be.

After running "cd", the command "pwd" (print working directory) should output this path: /data/data/jackpal.androidterm/app_HOME

nunki and all the other stunnel-related files shoud be in there, you can check with the "ls" command.

 

Speed issue: I've noticed slow speeds as well, not as terrible as yours, but a very noticeable decrease. Try a server closest to you, but I think there might be something else going on: stunnel does not tax my phone's CPU much at all. Considering that you can easily get 50Mbit/s stunnel+OpenVPN throughput on an AC68 router, there must be some optimization problem with stunnel's Android build.

I'll try to look into it on Sunday.


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

On my 75mbps line at home, I was able to achieve 1.6-2.0MB/s (12-20mbps~). I can rarely get above this speed when using raw OpenVPN on TCP.

 

I have the Google Nexus 6 on Android 5.1.1.

Share this post


Link to post

Gents, 

 

I've installed all programs and copied over all files as the instruction above.

 

However, I am using the Samsung Galaxy S6 (Edge) which does not have an SD card slot.

Would it be possible to alter the command line in the terminal emulator in some way to make this work?

 

I've made a folder called /sdcard/AirVPN to try a workaround, to no avail.

 

 

Share this post


Link to post

Hi maxiel, I tried my instructions on a phone that doesn't have an SD card slot, and I didn't have to modify any instructions.

An SD card is not required; Android usually maps the /sdcard/ directory to the main directory of the internal storage if there's no sdcard slot.

I'm not an Android expert, so I don't know if all Android versions and devices work that way.

In any case, when transferring the AirVPN folder to your device, you're free to choose any writable location on your device - it does not have to be /sdcard/.

 

(analog to step 6)

  • Copy the AirVPN folder to your Android device, to a location of your choice.
  • Figure out the exact path name of that location, perhaps by browsing to it in a file manager. Make note of that path and modify step 9 accordingly:

(analog to step 9)
 

cd
mv /some/other/Android/path/AirVPN/* .

all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Hi. I'm stuck on step #9. When I enter "mv /sdcard/AirVPN/* .", I get the following:

 

u0_a234@angler:/ $ cd
u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $
mv /sdcard/AirVPN/* .
mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ovpn': Operation not permitted
mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ssl': Operation not permitted
mv: chown '/sdcard/AirVPN/Pollux.': Operation not permitted
mv: chown '/sdcard/AirVPN/stunnel.': Operation not permitted
mv: chown '/sdcard/AirVPN/stunnel.crt': Operation not permitted
1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $
chmod 555 stunnel Pollux
chmod: stunnel: No such file or directory
chmod: Pollux: No such file or directory
1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $
mv /sdcard/AirVPN/* .
mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ovpn': Operation not permitted
mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ssl': Operation not permitted
mv: chown '/sdcard/AirVPN/Pollux.': Operation not permitted
mv: chown '/sdcard/AirVPN/stunnel.': Operation not permitted
mv: chown '/sdcard/AirVPN/stunnel.crt': Operation not permitted
1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $
chmod 555 stunnel Pollux
chmod: stunnel: No such file or directory
chmod: Pollux: No such file or directory
1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $

 

It seems the files are not moved to the app_HOME.

Any suggestions?

Share this post


Link to post

Hi. I'm stuck on step #9. When I enter "mv /sdcard/AirVPN/* .", I get the following:

 

u0_a234@angler:/ $ cd

u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $

mv /sdcard/AirVPN/* .

mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ovpn': Operation not permitted

mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ssl': Operation not permitted

mv: chown '/sdcard/AirVPN/Pollux.': Operation not permitted

mv: chown '/sdcard/AirVPN/stunnel.': Operation not permitted

mv: chown '/sdcard/AirVPN/stunnel.crt': Operation not permitted

1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $

chmod 555 stunnel Pollux

chmod: stunnel: No such file or directory

chmod: Pollux: No such file or directory

1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $

mv /sdcard/AirVPN/* .

mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ovpn': Operation not permitted

mv: chown '/sdcard/AirVPN/AirVPN_US-Jacksonville-Florida_Pollux_SSL-443.ssl': Operation not permitted

mv: chown '/sdcard/AirVPN/Pollux.': Operation not permitted

mv: chown '/sdcard/AirVPN/stunnel.': Operation not permitted

mv: chown '/sdcard/AirVPN/stunnel.crt': Operation not permitted

1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $

chmod 555 stunnel Pollux

chmod: stunnel: No such file or directory

chmod: Pollux: No such file or directory

1|u0_a234@angler:/data/user/0/jackpal.androidterm/app_HOME $

 

It seems the files are not moved to the app_HOME.

Any suggestions?

 

I had the same problem, try copy instead "cp /sdcard/AirVPN/* .".

 

Also if you edited your text files on Windows make sure that your

text editor can save files with unix EOL, otherwise you'll get

"no such file or directory" when you run ./nunki.

Share this post


Link to post

Good observations by nemoAnon, thank you!

 

Unrelated addition: For those that find it inconvenient to get the stunnel binary from the project's website (and manually keep it up to date!), I can recommend Termux. It's a nice alternative terminal emulator that allows you to install additional packages from their repositories with the apt package manager. Stunnel is among the available packages.

 

To some extent you're trading security for convenience as you won't be getting the stunnel binary directly from the stunnel project, but from the Termux repos.

 

I haven't actually tried using Termux yet, but I don't see any reason why it wouldn't work for our purpose. I might post new instructions if anyone needs help adapting them to Termux. Or maybe another friendly soul helps out


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Nice well-written guide.  Didn't work for me though as written.  I'm on rooted 4.4.2 on a Galaxy Note 10.1.  For the sake of simplicity, I used server nunki so I could follow your example without too much messing around.
 
Upon entering command:

chmod 555 stunnel nunki

I got the response:

Unable to chmod stunnel: Operation not permitted

I can confirm I have the required files in the specified folder.

 

Any ideas why I'm unable to change the permissions?  Any tips greatly appreciated.

Share this post


Link to post

Instead of stunnel it is much more convenient to use TLS/SSL Tunnel. To import certificate from the phone it is possible to install Simple HTTP Server. And to import certificates to "Custom Cert Store" just copy the link from the browser which points to the stunnel.crt (I just renamed this file for convenience)

 

The order of actions is the following: 

  1. Install TLS/SSL Tunnel
  2. Install Simple HTTP Server
  3. Copy folder with extracted xxx.ovpn and stunnel.crt to the phone
  4. In Simple HTTP Server
    1. Start it. It will show the link to the local content of the phone
    2. Open in the browser on your phone folder where you copied folder with xxx.ovpn and stunnel.crt 
    3. Long tap on stunnel.crt and copy the link to clipboard
  5. In TLS/SSL Tunnel:
    1. Import stunnel.crt (or xxx.crt if you renamed it) Screenshot
      1. In upper right corner choose "Manage Certificates"
      2. Press the button "IMPORT CERTIFICATE"
      3. Paste the link from clipboard and press "LOAD"
      4. Give any name for certificate you like i.e. stunnel
    2. Create connection Screenshot
      1. Choose "New" in the right upper corner
      2. Give any name you like in the field "Name"
      3. In the field "Connect to" type IP address and port from xxx.ssl from the same folder where you took xxx.ovpn and stunnel.crt. It is after string "connect = xxx.xxx.xxx.xxx:443"
      4. In the field local port type 1413
      5. In the field Root-Certificate choose "Custom Cert Store"
      6. Check all 3 boxes (first is already checked)
      7. Press "SAVE" button
    3. Now use it
      1. Click on connection name
      2. Press the button "START TUNNEL" Screenshot
      3. You will have green light if it tries to establish connection Screenshot
      4. You check log in upper right corner "Show connection Info". If it is successful in the end you will see long list of lines with hexadecimal numbers with Signature Algorithm Screenshot
    4. Delete "Simple HTTP Server"
    5. Go to OpenVPN
      1. import the xxx.ovpn config file
      2. Connect
    6. Use established secure internet connection

To close internet connection you need:

  1. In OpenVPN: Disconnect with button "Disconnect" 
  2. In Tunnel: press the button "STOP ALL TUNNELS"

Share this post


Link to post

 

Instead of stunnel it is much more convenient to use TLS/SSL Tunnel. To import certificate from the phone it is possible to install Simple HTTP Server. And to import certificates to "Custom Cert Store" just copy the link from the browser which points to the stunnel.crt (I just renamed this file for convenience)

 

The order of actions is the following: 

  1. Install TLS/SSL Tunnel
  2. Install Simple HTTP Server
  3. Copy folder with extracted xxx.ovpn and stunnel.crt to the phone
  4. In Simple HTTP Server
    1. Start it. It will show the link to the local content of the phone
    2. Open in the browser on your phone folder where you copied folder with xxx.ovpn and stunnel.crt 
    3. Long tap on stunnel.crt and copy the link to clipboard
  5. In TLS/SSL Tunnel:
    1. Import stunnel.crt (or xxx.crt if you renamed it) Screenshot
      1. In upper right corner choose "Manage Certificates"
      2. Press the button "IMPORT CERTIFICATE"
      3. Paste the link from clipboard and press "LOAD"
      4. Give any name for certificate you like i.e. stunnel
    2. Create connection Screenshot
      1. Choose "New" in the right upper corner
      2. Give any name you like in the field "Name"
      3. In the field "Connect to" type IP address and port from xxx.ssl from the same folder where you took xxx.ovpn and stunnel.crt. It is after string "connect = xxx.xxx.xxx.xxx:443"
      4. In the field local port type 1413
      5. In the field Root-Certificate choose "Custom Cert Store"
      6. Check all 3 boxes (first is already checked)
      7. Press "SAVE" button
    3. Now use it
      1. Click on connection name
      2. Press the button "START TUNNEL" Screenshot
      3. You will have green light if it tries to establish connection Screenshot
      4. You check log in upper right corner "Show connection Info". If it is successful in the end you will see long list of lines with hexadecimal numbers with Signature Algorithm Screenshot
    4. Delete "Simple HTTP Server"
    5. Go to OpenVPN
      1. import the xxx.ovpn config file
      2. Connect
    6. Use established secure internet connection

To close internet connection you need:

  1. In OpenVPN: Disconnect with button "Disconnect" 
  2. In Tunnel: press the button "STOP ALL TUNNELS"

 

Thank you for this! Works beautifully

Screenshots don't work unfortunately, but it's not that hard to figure out! 

Share this post


Link to post

Instead of stunnel it is much more convenient to use TLS/SSL Tunnel. To import certificate from the phone it is possible to install Simple HTTP Server. And to import certificates to "Custom Cert Store" just copy the link from the browser which points to the stunnel.crt (I just renamed this file for convenience)

 

Thanks for this tutorial! I created a (german) youtube video based on your instructions. I also linked to your posting. I hope thats fine for you.

Share this post


Link to post

I followed the first guide and it seems everything worked fine, except, that the profile doesn't show up in OpenVPN for Android after running ./antares (I used the antares server). Did I miss something?

Share this post


Link to post

I followed the first guide and it seems everything worked fine, except, that the profile doesn't show up in OpenVPN for Android after running ./antares (I used the antares server). Did I miss something?

 

You have to add the .ovpn in OpenVPN for Android after running ./antares

 

Make sure it's the .ovpn for SSL 443 from the other files you generated in the config generator.

Share this post


Link to post

 

I followed the first guide and it seems everything worked fine, except, that the profile doesn't show up in OpenVPN for Android after running ./antares (I used the antares server). Did I miss something?

 

You have to add the .ovpn in OpenVPN for Android after running ./antares

 

Make sure it's the .ovpn for SSL 443 from the other files you generated in the config generator.

Thanks, I had the feeling I should do that.

However, I cannot connect for some reason. Here's my log from OpenVPN for Android:

 

 

2017-03-26 14:32:03 F-Droid built and signed version 0.6.63 running on OnePlus ONEPLUS A3000 (QC_Reference_Phone), Android 7.0 (NRD90M) API 24, ABI arm64-v8a, (OnePlus/OnePlus3/OnePlus3:7.0/NRD90M/01122125:user/release-keys)

2017-03-26 14:32:03 Building configuration…

2017-03-26 14:32:03 started Socket Thread

2017-03-26 14:32:03 Network Status: CONNECTED to WIFI "ChinaNet-DQQu"

2017-03-26 14:32:03 Current Parameter Settings:

2017-03-26 14:32:03 config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'

2017-03-26 14:32:03 mode = 0

2017-03-26 14:32:03 show_ciphers = DISABLED

2017-03-26 14:32:03 show_digests = DISABLED

2017-03-26 14:32:03 show_engines = DISABLED

2017-03-26 14:32:03 genkey = DISABLED

2017-03-26 14:32:03 key_pass_file = '[uNDEF]'

2017-03-26 14:32:03 show_tls_ciphers = DISABLED

2017-03-26 14:32:03 connect_retry_max = 0

2017-03-26 14:32:03 Connection profiles [0]:

2017-03-26 14:32:03 proto = tcp-client

2017-03-26 14:32:03 local = '[uNDEF]'

2017-03-26 14:32:03 local_port = '[uNDEF]'

2017-03-26 14:32:03 remote = '127.0.0.1'

2017-03-26 14:32:03 remote_port = '1413'

2017-03-26 14:32:03 remote_float = DISABLED

2017-03-26 14:32:03 bind_defined = DISABLED

2017-03-26 14:32:03 bind_local = DISABLED

2017-03-26 14:32:03 bind_ipv6_only = DISABLED

2017-03-26 14:32:03 connect_retry_seconds = 2

2017-03-26 14:32:03 connect_timeout = 120

2017-03-26 14:32:03 socks_proxy_server = '[uNDEF]'

2017-03-26 14:32:03 socks_proxy_port = '[uNDEF]'

2017-03-26 14:32:03 tun_mtu = 1500

2017-03-26 14:32:03 tun_mtu_defined = ENABLED

2017-03-26 14:32:03 link_mtu = 1500

2017-03-26 14:32:03 link_mtu_defined = DISABLED

2017-03-26 14:32:03 tun_mtu_extra = 0

2017-03-26 14:32:03 tun_mtu_extra_defined = DISABLED

2017-03-26 14:32:03 mtu_discover_type = -1

2017-03-26 14:32:03 fragment = 0

2017-03-26 14:32:03 mssfix = 1450

2017-03-26 14:32:03 explicit_exit_notification = 0

2017-03-26 14:32:03 Connection profiles END

2017-03-26 14:32:03 remote_random = DISABLED

2017-03-26 14:32:03 ipchange = '[uNDEF]'

2017-03-26 14:32:03 dev = 'tun'

2017-03-26 14:32:03 dev_type = '[uNDEF]'

2017-03-26 14:32:03 dev_node = '[uNDEF]'

2017-03-26 14:32:03 lladdr = '[uNDEF]'

2017-03-26 14:32:03 topology = 1

2017-03-26 14:32:03 ifconfig_local = '[uNDEF]'

2017-03-26 14:32:03 ifconfig_remote_netmask = '[uNDEF]'

2017-03-26 14:32:03 ifconfig_noexec = DISABLED

2017-03-26 14:32:03 ifconfig_nowarn = ENABLED

2017-03-26 14:32:03 ifconfig_ipv6_local = '[uNDEF]'

2017-03-26 14:32:03 ifconfig_ipv6_netbits = 0

2017-03-26 14:32:03 ifconfig_ipv6_remote = '[uNDEF]'

2017-03-26 14:32:03 shaper = 0

2017-03-26 14:32:03 mtu_test = 0

2017-03-26 14:32:03 mlock = DISABLED

2017-03-26 14:32:03 keepalive_ping = 0

2017-03-26 14:32:03 keepalive_timeout = 0

2017-03-26 14:32:03 inactivity_timeout = 0

2017-03-26 14:32:03 ping_send_timeout = 0

2017-03-26 14:32:03 ping_rec_timeout = 0

2017-03-26 14:32:03 ping_rec_timeout_action = 0

2017-03-26 14:32:03 ping_timer_remote = DISABLED

2017-03-26 14:32:03 remap_sigusr1 = 0

2017-03-26 14:32:03 persist_tun = ENABLED

2017-03-26 14:32:03 persist_local_ip = DISABLED

2017-03-26 14:32:03 persist_remote_ip = DISABLED

2017-03-26 14:32:03 persist_key = DISABLED

2017-03-26 14:32:03 passtos = DISABLED

2017-03-26 14:32:03 resolve_retry_seconds = 1000000000

2017-03-26 14:32:03 resolve_in_advance = ENABLED

2017-03-26 14:32:03 username = '[uNDEF]'

2017-03-26 14:32:03 groupname = '[uNDEF]'

2017-03-26 14:32:03 chroot_dir = '[uNDEF]'

2017-03-26 14:32:03 cd_dir = '[uNDEF]'

2017-03-26 14:32:03 writepid = '[uNDEF]'

2017-03-26 14:32:03 up_script = '[uNDEF]'

2017-03-26 14:32:03 down_script = '[uNDEF]'

2017-03-26 14:32:03 down_pre = DISABLED

2017-03-26 14:32:03 up_restart = DISABLED

2017-03-26 14:32:03 up_delay = DISABLED

2017-03-26 14:32:03 daemon = DISABLED

2017-03-26 14:32:03 inetd = 0

2017-03-26 14:32:03 log = DISABLED

2017-03-26 14:32:03 suppress_timestamps = DISABLED

2017-03-26 14:32:03 machine_readable_output = ENABLED

2017-03-26 14:32:03 nice = 0

2017-03-26 14:32:03 verbosity = 4

2017-03-26 14:32:03 mute = 0

2017-03-26 14:32:03 gremlin = 0

2017-03-26 14:32:03 status_file = '[uNDEF]'

2017-03-26 14:32:03 status_file_version = 1

2017-03-26 14:32:03 status_file_update_freq = 60

2017-03-26 14:32:03 occ = ENABLED

2017-03-26 14:32:03 rcvbuf = 0

2017-03-26 14:32:03 sndbuf = 0

2017-03-26 14:32:03 sockflags = 0

2017-03-26 14:32:03 fast_io = DISABLED

2017-03-26 14:32:03 comp.alg = 2

2017-03-26 14:32:03 comp.flags = 1

2017-03-26 14:32:03 route_script = '[uNDEF]'

2017-03-26 14:32:03 route_default_gateway = '[uNDEF]'

2017-03-26 14:32:03 route_default_metric = 0

2017-03-26 14:32:03 route_noexec = DISABLED

2017-03-26 14:32:03 route_delay = 0

2017-03-26 14:32:03 route_delay_window = 30

2017-03-26 14:32:03 route_delay_defined = DISABLED

2017-03-26 14:32:03 route_nopull = DISABLED

2017-03-26 14:32:03 route_gateway_via_dhcp = DISABLED

2017-03-26 14:32:03 allow_pull_fqdn = DISABLED

2017-03-26 14:32:03 route 103.254.153.100/255.255.255.255/net_gateway/default (not set)

2017-03-26 14:32:03 management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'

2017-03-26 14:32:03 management_port = 'unix'

2017-03-26 14:32:03 management_user_pass = '[uNDEF]'

2017-03-26 14:32:03 management_log_history_cache = 250

2017-03-26 14:32:03 management_echo_buffer_size = 100

2017-03-26 14:32:03 management_write_peer_info_file = '[uNDEF]'

2017-03-26 14:32:03 management_client_user = '[uNDEF]'

2017-03-26 14:32:03 management_client_group = '[uNDEF]'

2017-03-26 14:32:03 management_flags = 4390

2017-03-26 14:32:03 shared_secret_file = '[uNDEF]'

2017-03-26 14:32:03 key_direction = 2

2017-03-26 14:32:03 ciphername = 'AES-256-CBC'

2017-03-26 14:32:03 ncp_enabled = ENABLED

2017-03-26 14:32:03 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'

2017-03-26 14:32:03 authname = 'SHA1'

2017-03-26 14:32:03 prng_hash = 'SHA1'

2017-03-26 14:32:03 prng_nonce_secret_len = 16

2017-03-26 14:32:03 keysize = 0

2017-03-26 14:32:03 engine = DISABLED

2017-03-26 14:32:03 replay = ENABLED

2017-03-26 14:32:03 mute_replay_warnings = DISABLED

2017-03-26 14:32:03 replay_window = 64

2017-03-26 14:32:03 replay_time = 15

2017-03-26 14:32:03 packet_id_file = '[uNDEF]'

2017-03-26 14:32:03 use_iv = ENABLED

2017-03-26 14:32:03 test_crypto = DISABLED

2017-03-26 14:32:03 tls_server = DISABLED

2017-03-26 14:32:03 tls_client = ENABLED

2017-03-26 14:32:03 key_method = 2

2017-03-26 14:32:03 ca_file = '[[iNLINE]]'

2017-03-26 14:32:03 ca_path = '[uNDEF]'

2017-03-26 14:32:03 dh_file = '[uNDEF]'

2017-03-26 14:32:03 cert_file = '[[iNLINE]]'

2017-03-26 14:32:03 extra_certs_file = '[uNDEF]'

2017-03-26 14:32:03 priv_key_file = '[[iNLINE]]'

2017-03-26 14:32:03 pkcs12_file = '[uNDEF]'

2017-03-26 14:32:03 cipher_list = '[uNDEF]'

2017-03-26 14:32:03 tls_verify = '[uNDEF]'

2017-03-26 14:32:03 tls_export_cert = '[uNDEF]'

2017-03-26 14:32:03 verify_x509_type = 0

2017-03-26 14:32:03 verify_x509_name = '[uNDEF]'

2017-03-26 14:32:03 crl_file = '[uNDEF]'

2017-03-26 14:32:03 ns_cert_type = 0

2017-03-26 14:32:03 remote_cert_ku = 160

2017-03-26 14:32:03 remote_cert_ku = 136

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_ku = 0

2017-03-26 14:32:03 remote_cert_eku = 'TLS Web Server Authentication'

2017-03-26 14:32:03 ssl_flags = 0

2017-03-26 14:32:03 tls_timeout = 2

2017-03-26 14:32:03 renegotiate_bytes = -1

2017-03-26 14:32:03 renegotiate_packets = 0

2017-03-26 14:32:03 renegotiate_seconds = 3600

2017-03-26 14:32:03 handshake_window = 60

2017-03-26 14:32:03 transition_window = 3600

2017-03-26 14:32:03 single_session = DISABLED

2017-03-26 14:32:03 push_peer_info = DISABLED

2017-03-26 14:32:03 tls_exit = DISABLED

2017-03-26 14:32:03 tls_auth_file = '[[iNLINE]]'

2017-03-26 14:32:03 tls_crypt_file = '[uNDEF]'

2017-03-26 14:32:03 client = ENABLED

2017-03-26 14:32:03 pull = ENABLED

2017-03-26 14:32:03 auth_user_pass_file = '[uNDEF]'

2017-03-26 14:32:03 OpenVPN 2.5-icsopenvpn [git:HEAD-53e588afe9fe4500] android-21-arm64-v8a [sSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 30 2016

2017-03-26 14:32:03 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09

2017-03-26 14:32:03 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket

2017-03-26 14:32:03 MANAGEMENT: CMD 'hold release'

2017-03-26 14:32:03 MANAGEMENT: CMD 'proxy NONE'

2017-03-26 14:32:03 MANAGEMENT: CMD 'bytecount 2'

2017-03-26 14:32:03 MANAGEMENT: CMD 'state on'

2017-03-26 14:32:04 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2017-03-26 14:32:04 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2017-03-26 14:32:04 LZO compression initializing

2017-03-26 14:32:04 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]

2017-03-26 14:32:04 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]

2017-03-26 14:32:04 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'

2017-03-26 14:32:04 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'

2017-03-26 14:32:04 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1413

2017-03-26 14:32:04 Socket Buffers: R=[1048576->1048576] S=[524288->524288]

2017-03-26 14:32:04 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 [nonblock]

2017-03-26 14:32:04 MANAGEMENT: >STATE:1490509924,TCP_CONNECT,,,,,,

2017-03-26 14:32:04 TCP connection established with [AF_INET]127.0.0.1:1413

2017-03-26 14:32:04 TCP_CLIENT link local: (not bound)

2017-03-26 14:32:04 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1413

2017-03-26 14:32:04 MANAGEMENT: >STATE:1490509924,WAIT,,,,,,

2017-03-26 14:32:06 MANAGEMENT: >STATE:1490509926,AUTH,,,,,,

2017-03-26 14:32:06 TLS: Initial packet from [AF_INET]127.0.0.1:1413, sid=00b9636f 1413fccd

2017-03-26 14:32:06 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org

2017-03-26 14:32:06 Validating certificate key usage

2017-03-26 14:32:06 ++ Certificate has key usage 00a0, expects 00a0

2017-03-26 14:32:06 VERIFY KU OK

2017-03-26 14:32:06 Validating certificate extended key usage

2017-03-26 14:32:06 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2017-03-26 14:32:06 VERIFY EKU OK

2017-03-26 14:32:06 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Antares, emailAddress=info@airvpn.org

2017-03-26 14:32:07 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

2017-03-26 14:32:07 [Antares] Peer Connection Initiated with [AF_INET]127.0.0.1:1413

2017-03-26 14:32:09 MANAGEMENT: >STATE:1490509929,GET_CONFIG,,,,,,

2017-03-26 14:32:09 SENT CONTROL [Antares]: 'PUSH_REQUEST' (status=1)

2017-03-26 14:32:09 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.50.0.1,comp-lzo no,route-gateway 10.50.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.50.0.86 255.255.0.0,peer-id 0,cipher AES-256-GCM'

2017-03-26 14:32:09 OPTIONS IMPORT: timers and/or timeouts modified

2017-03-26 14:32:09 OPTIONS IMPORT: compression parms modified

2017-03-26 14:32:09 OPTIONS IMPORT: --ifconfig/up options modified

2017-03-26 14:32:09 OPTIONS IMPORT: route options modified

2017-03-26 14:32:09 OPTIONS IMPORT: route-related options modified

2017-03-26 14:32:09 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2017-03-26 14:32:09 OPTIONS IMPORT: peer-id set

2017-03-26 14:32:09 OPTIONS IMPORT: adjusting link_mtu to 1627

2017-03-26 14:32:09 OPTIONS IMPORT: data channel crypto options modified

2017-03-26 14:32:09 Data Channel MTU parms [ L:1555 D:1450 EF:55 EB:406 ET:0 EL:3 ]

2017-03-26 14:32:09 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

2017-03-26 14:32:09 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

2017-03-26 14:32:09 GDG: SIOCGIFHWADDR(lo) failed

2017-03-26 14:32:09 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo

2017-03-26 14:32:09 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

2017-03-26 14:32:09 MANAGEMENT: >STATE:1490509929,ASSIGN_IP,,10.50.0.86,,,,

2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'

2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'ROUTE' ok'

2017-03-26 14:32:09 MANAGEMENT: >STATE:1490509929,ADD_ROUTES,,,,,,

2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'ROUTE' ok'

2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'

2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'

2017-03-26 14:32:09 Opening tun interface:

2017-03-26 14:32:09 Ignoring multicast route: 224.0.0.0/3

2017-03-26 14:32:09 Local IPv4: 10.50.0.86/16 IPv6: null MTU: 1500

2017-03-26 14:32:09 DNS Server: 10.50.0.1, Domain: null

2017-03-26 14:32:09 Routes: 0.0.0.0/0, 10.50.0.0/16

2017-03-26 14:32:09 Routes excluded: 103.254.153.100/32, 192.168.1.2/24

2017-03-26 14:32:09 VpnService routes installed: 0.0.0.0/2, 64.0.0.0/3, 96.0.0.0/6, 100.0.0.0/7, 102.0.0.0/8, 103.0.0.0/9, 103.128.0.0/10, 103.192.0.0/11, 103.224.0.0/12, 103.240.0.0/13, 103.248.0.0/14, 103.252.0.0/15, 103.254.0.0/17, 103.254.128.0/20, 103.254.144.0/21, 103.254.152.0/24, 103.254.153.0/26, 103.254.153.64/27, 103.254.153.96/30, 103.254.153.101/32, 103.254.153.102/31, 103.254.153.104/29, 103.254.153.112/28, 103.254.153.128/25, 103.254.154.0/23, 103.254.156.0/22, 103.254.160.0/19, 103.254.192.0/18, 103.255.0.0/16, 104.0.0.0/5, 112.0.0.0/4, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/24, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3

2017-03-26 14:32:09 Disallowed VPN apps:

2017-03-26 14:32:09 MANAGEMENT: CMD 'needok 'OPENTUN' ok'

2017-03-26 14:32:09 Initialization Sequence Completed

2017-03-26 14:32:09 MANAGEMENT: >STATE:1490509929,CONNECTED,SUCCESS,10.50.0.86,127.0.0.1,1413,127.0.0.1,49659

2017-03-26 14:32:09 Connection reset, restarting [-1]

2017-03-26 14:32:09 TCP/UDP: Closing socket

2017-03-26 14:32:09 SIGUSR1[soft,connection-reset] received, process restarting

2017-03-26 14:32:09 MANAGEMENT: >STATE:1490509929,RECONNECTING,connection-reset,,,,,

2017-03-26 14:32:11 MANAGEMENT: CMD 'hold release'

2017-03-26 14:32:11 MANAGEMENT: CMD 'proxy NONE'

2017-03-26 14:32:11 MANAGEMENT: CMD 'bytecount 2'

2017-03-26 14:32:11 MANAGEMENT: CMD 'state on'

2017-03-26 14:32:12 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2017-03-26 14:32:12 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2017-03-26 14:32:12 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]

2017-03-26 14:32:12 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]

2017-03-26 14:32:12 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client'

2017-03-26 14:32:12 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server'

2017-03-26 14:32:12 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1413

2017-03-26 14:32:12 Socket Buffers: R=[1048576->1048576] S=[524288->524288]

2017-03-26 14:32:12 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 [nonblock]

2017-03-26 14:32:12 MANAGEMENT: >STATE:1490509932,TCP_CONNECT,,,,,,

2017-03-26 14:32:12 TCP connection established with [AF_INET]127.0.0.1:1413

2017-03-26 14:32:12 TCP_CLIENT link local: (not bound)

2017-03-26 14:32:12 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1413

2017-03-26 14:32:12 MANAGEMENT: >STATE:1490509932,WAIT,,,,,,

2017-03-26 14:32:13 MANAGEMENT: >STATE:1490509933,AUTH,,,,,,

2017-03-26 14:32:13 TLS: Initial packet from [AF_INET]127.0.0.1:1413, sid=77da9476 d0fccd60

2017-03-26 14:32:13 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org

2017-03-26 14:32:13 Validating certificate key usage

2017-03-26 14:32:13 ++ Certificate has key usage 00a0, expects 00a0

2017-03-26 14:32:13 VERIFY KU OK

2017-03-26 14:32:13 Validating certificate extended key usage

2017-03-26 14:32:13 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2017-03-26 14:32:13 VERIFY EKU OK

2017-03-26 14:32:13 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Antares, emailAddress=info@airvpn.org

2017-03-26 14:32:14 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1552', remote='link-mtu 1560'

2017-03-26 14:32:14 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-256-CBC'

2017-03-26 14:32:14 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'

2017-03-26 14:32:14 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

2017-03-26 14:32:14 [Antares] Peer Connection Initiated with [AF_INET]127.0.0.1:1413

2017-03-26 14:32:15 MANAGEMENT: >STATE:1490509935,GET_CONFIG,,,,,,

2017-03-26 14:32:15 SENT CONTROL [Antares]: 'PUSH_REQUEST' (status=1)

2017-03-26 14:32:15 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.50.0.1,comp-lzo no,route-gateway 10.50.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.50.0.86 255.255.0.0,peer-id 0,cipher AES-256-GCM'

2017-03-26 14:32:15 OPTIONS IMPORT: timers and/or timeouts modified

2017-03-26 14:32:15 OPTIONS IMPORT: compression parms modified

2017-03-26 14:32:15 OPTIONS IMPORT: --ifconfig/up options modified

2017-03-26 14:32:15 OPTIONS IMPORT: route options modified

2017-03-26 14:32:15 OPTIONS IMPORT: route-related options modified

2017-03-26 14:32:15 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2017-03-26 14:32:15 OPTIONS IMPORT: peer-id set

2017-03-26 14:32:15 OPTIONS IMPORT: adjusting link_mtu to 1627

2017-03-26 14:32:15 OPTIONS IMPORT: data channel crypto options modified

2017-03-26 14:32:15 Data Channel MTU parms [ L:1555 D:1450 EF:55 EB:406 ET:0 EL:3 ]

2017-03-26 14:32:15 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

2017-03-26 14:32:15 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

2017-03-26 14:32:15 GDG: SIOCGIFHWADDR(lo) failed

2017-03-26 14:32:15 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo

2017-03-26 14:32:15 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

2017-03-26 14:32:15 MANAGEMENT: >STATE:1490509935,ASSIGN_IP,,10.50.0.86,,,,

2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'

2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'ROUTE' ok'

2017-03-26 14:32:15 MANAGEMENT: >STATE:1490509935,ADD_ROUTES,,,,,,

2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'ROUTE' ok'

2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'

2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'

2017-03-26 14:32:15 Opening tun interface:

2017-03-26 14:32:15 Ignoring multicast route: 224.0.0.0/3

2017-03-26 14:32:15 Local IPv4: 10.50.0.86/16 IPv6: null MTU: 1500

2017-03-26 14:32:15 DNS Server: 10.50.0.1, Domain: null

2017-03-26 14:32:15 Routes: 0.0.0.0/0, 10.50.0.0/16

2017-03-26 14:32:15 Routes excluded: 103.254.153.100/32, 192.168.1.2/24

2017-03-26 14:32:15 VpnService routes installed: 0.0.0.0/2, 64.0.0.0/3, 96.0.0.0/6, 100.0.0.0/7, 102.0.0.0/8, 103.0.0.0/9, 103.128.0.0/10, 103.192.0.0/11, 103.224.0.0/12, 103.240.0.0/13, 103.248.0.0/14, 103.252.0.0/15, 103.254.0.0/17, 103.254.128.0/20, 103.254.144.0/21, 103.254.152.0/24, 103.254.153.0/26, 103.254.153.64/27, 103.254.153.96/30, 103.254.153.101/32, 103.254.153.102/31, 103.254.153.104/29, 103.254.153.112/28, 103.254.153.128/25, 103.254.154.0/23, 103.254.156.0/22, 103.254.160.0/19, 103.254.192.0/18, 103.255.0.0/16, 104.0.0.0/5, 112.0.0.0/4, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/24, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3

2017-03-26 14:32:15 Disallowed VPN apps:

2017-03-26 14:32:15 MANAGEMENT: CMD 'needok 'OPENTUN' ok'

2017-03-26 14:32:15 Initialization Sequence Completed

2017-03-26 14:32:15 MANAGEMENT: >STATE:1490509935,CONNECTED,SUCCESS,10.50.0.86,127.0.0.1,1413,127.0.0.1,49662

2017-03-26 14:32:15 write TCP_CLIENT []: Connection reset by peer (code=104)

2017-03-26 14:32:15 Connection reset, restarting [0]

2017-03-26 14:32:15 TCP/UDP: Closing socket

2017-03-26 14:32:15 SIGUSR1[soft,connection-reset] received, process restarting

2017-03-26 14:32:15 MANAGEMENT: >STATE:1490509935,RECONNECTING,connection-reset,,,,,

2017-03-26 14:32:17 MANAGEMENT: CMD 'hold release'

2017-03-26 14:32:17 MANAGEMENT: CMD 'proxy NONE'

2017-03-26 14:32:17 MANAGEMENT: CMD 'bytecount 2'

2017-03-26 14:32:17 MANAGEMENT: CMD 'state on'

2017-03-26 14:32:18 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2017-03-26 14:32:18 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2017-03-26 14:32:18 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]

2017-03-26 14:32:18 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]

2017-03-26 14:32:18 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client'

2017-03-26 14:32:18 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server'

2017-03-26 14:32:18 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1413

2017-03-26 14:32:18 Socket Buffers: R=[1048576->1048576] S=[524288->524288]

2017-03-26 14:32:18 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 [nonblock]

2017-03-26 14:32:18 MANAGEMENT: >STATE:1490509938,TCP_CONNECT,,,,,,

2017-03-26 14:32:18 TCP connection established with [AF_INET]127.0.0.1:1413

2017-03-26 14:32:18 TCP_CLIENT link local: (not bound)

2017-03-26 14:32:18 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1413

2017-03-26 14:32:18 MANAGEMENT: >STATE:1490509938,WAIT,,,,,,

2017-03-26 14:32:19 MANAGEMENT: >STATE:1490509939,AUTH,,,,,,

2017-03-26 14:32:19 TLS: Initial packet from [AF_INET]127.0.0.1:1413, sid=21617909 4e185854

2017-03-26 14:32:19 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org

2017-03-26 14:32:19 Validating certificate key usage

2017-03-26 14:32:19 ++ Certificate has key usage 00a0, expects 00a0

2017-03-26 14:32:19 VERIFY KU OK

2017-03-26 14:32:19 Validating certificate extended key usage

2017-03-26 14:32:19 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2017-03-26 14:32:19 VERIFY EKU OK

2017-03-26 14:32:19 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Antares, emailAddress=info@airvpn.org

2017-03-26 14:32:21 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1552', remote='link-mtu 1560'

2017-03-26 14:32:21 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-256-CBC'

2017-03-26 14:32:21 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'

2017-03-26 14:32:21 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

2017-03-26 14:32:21 [Antares] Peer Connection Initiated with [AF_INET]127.0.0.1:1413

2017-03-26 14:32:22 MANAGEMENT: >STATE:1490509942,GET_CONFIG,,,,,,

2017-03-26 14:32:22 SENT CONTROL [Antares]: 'PUSH_REQUEST' (status=1)

2017-03-26 14:32:22 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.50.0.1,comp-lzo no,route-gateway 10.50.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.50.0.86 255.255.0.0,peer-id 0,cipher AES-256-GCM'

2017-03-26 14:32:22 OPTIONS IMPORT: timers and/or timeouts modified

2017-03-26 14:32:22 OPTIONS IMPORT: compression parms modified

2017-03-26 14:32:22 OPTIONS IMPORT: --ifconfig/up options modified

2017-03-26 14:32:22 OPTIONS IMPORT: route options modified

2017-03-26 14:32:22 OPTIONS IMPORT: route-related options modified

2017-03-26 14:32:22 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2017-03-26 14:32:22 OPTIONS IMPORT: peer-id set

2017-03-26 14:32:22 OPTIONS IMPORT: adjusting link_mtu to 1627

2017-03-26 14:32:22 OPTIONS IMPORT: data channel crypto options modified

2017-03-26 14:32:22 Data Channel MTU parms [ L:1555 D:1450 EF:55 EB:406 ET:0 EL:3 ]

2017-03-26 14:32:22 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

2017-03-26 14:32:22 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

2017-03-26 14:32:22 GDG: SIOCGIFHWADDR(lo) failed

2017-03-26 14:32:22 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo

2017-03-26 14:32:22 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

2017-03-26 14:32:22 MANAGEMENT: >STATE:1490509942,ASSIGN_IP,,10.50.0.86,,,,

2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'

2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'ROUTE' ok'

2017-03-26 14:32:22 MANAGEMENT: >STATE:1490509942,ADD_ROUTES,,,,,,

2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'ROUTE' ok'

2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'

2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'

2017-03-26 14:32:22 Opening tun interface:

2017-03-26 14:32:22 Ignoring multicast route: 224.0.0.0/3

2017-03-26 14:32:22 Local IPv4: 10.50.0.86/16 IPv6: null MTU: 1500

2017-03-26 14:32:22 DNS Server: 10.50.0.1, Domain: null

2017-03-26 14:32:22 Routes: 0.0.0.0/0, 10.50.0.0/16

2017-03-26 14:32:22 Routes excluded: 103.254.153.100/32, 192.168.1.2/24

2017-03-26 14:32:22 VpnService routes installed: 0.0.0.0/2, 64.0.0.0/3, 96.0.0.0/6, 100.0.0.0/7, 102.0.0.0/8, 103.0.0.0/9, 103.128.0.0/10, 103.192.0.0/11, 103.224.0.0/12, 103.240.0.0/13, 103.248.0.0/14, 103.252.0.0/15, 103.254.0.0/17, 103.254.128.0/20, 103.254.144.0/21, 103.254.152.0/24, 103.254.153.0/26, 103.254.153.64/27, 103.254.153.96/30, 103.254.153.101/32, 103.254.153.102/31, 103.254.153.104/29, 103.254.153.112/28, 103.254.153.128/25, 103.254.154.0/23, 103.254.156.0/22, 103.254.160.0/19, 103.254.192.0/18, 103.255.0.0/16, 104.0.0.0/5, 112.0.0.0/4, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/24, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3

2017-03-26 14:32:22 Disallowed VPN apps:

2017-03-26 14:32:22 MANAGEMENT: CMD 'needok 'OPENTUN' ok'

2017-03-26 14:32:22 Initialization Sequence Completed

2017-03-26 14:32:22 MANAGEMENT: >STATE:1490509942,CONNECTED,SUCCESS,10.50.0.86,127.0.0.1,1413,127.0.0.1,49666

2017-03-26 14:32:22 write TCP_CLIENT []: Connection reset by peer (code=104)

2017-03-26 14:32:22 Connection reset, restarting [0]

2017-03-26 14:32:22 TCP/UDP: Closing socket

2017-03-26 14:32:22 SIGUSR1[soft,connection-reset] received, process restarting

2017-03-26 14:32:22 MANAGEMENT: >STATE:1490509942,RECONNECTING,connection-reset,,,,,

2017-03-26 14:32:24 MANAGEMENT: CMD 'hold release'

2017-03-26 14:32:24 MANAGEMENT: CMD 'proxy NONE'

2017-03-26 14:32:24 MANAGEMENT: CMD 'bytecount 2'

2017-03-26 14:32:24 MANAGEMENT: CMD 'state on'

2017-03-26 14:32:25 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2017-03-26 14:32:25 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2017-03-26 14:32:25 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]

2017-03-26 14:32:25 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]

2017-03-26 14:32:25 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client'

2017-03-26 14:32:25 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server'

2017-03-26 14:32:25 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1413

2017-03-26 14:32:25 Socket Buffers: R=[1048576->1048576] S=[524288->524288]

2017-03-26 14:32:25 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 [nonblock]

2017-03-26 14:32:25 MANAGEMENT: >STATE:1490509945,TCP_CONNECT,,,,,,

2017-03-26 14:32:25 TCP connection established with [AF_INET]127.0.0.1:1413

2017-03-26 14:32:25 TCP_CLIENT link local: (not bound)

2017-03-26 14:32:25 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1413

2017-03-26 14:32:25 MANAGEMENT: >STATE:1490509945,WAIT,,,,,,

2017-03-26 14:32:25 MANAGEMENT: CMD 'signal SIGINT'

2017-03-26 14:32:25 TCP/UDP: Closing socket

2017-03-26 14:32:25 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.

2017-03-26 14:32:25 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.

2017-03-26 14:32:25 Closing TUN/TAP interface

2017-03-26 14:32:26 SIGINT[hard,] received, process exiting

2017-03-26 14:32:26 MANAGEMENT: >STATE:1490509946,EXITING,SIGINT,,,,,

 

 

Any idea?
 
I also tried to second guide, but receive an error in OpenVPN Connect saying "Unknown Open VPN event occured: Transport error cn '127.0.0.1: NETWORK_RECV_ERROR. Unfortunately I don't know how to copy the log from that app.

Share this post


Link to post

And my log from Terminal Emulator (somehow I couldn't create a second spoiler above):

 

 

OnePlus3:/ $ cd
OnePlus3:/data/user/0/jackpal.androidterm/app_HOME $
./antares
2017.03.26 14:28:26 LOG5[ui]: stunnel 5.40 on arm-unknown-linux-androideabi platform
2017.03.26 14:28:26 LOG5[ui]: Compiled/running with OpenSSL 1.0.2k 26 Jan 2017
2017.03.26 14:28:26 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2017.03.26 14:28:26 LOG5[ui]: Reading configuration from file /data/data/jackpal.androidterm/app_HOME/AirVPN_SG-Singapore_Antares_SSL-443.ssl
2017.03.26 14:28:26 LOG5[ui]: UTF-8 byte order mark not detected
2017.03.26 14:28:26 LOG5[ui]: FIPS mode disabled
2017.03.26 14:28:26 LOG6[ui]: Initializing service [openvpn]2017.03.26 14:28:26 LOG5[ui]: Configuration successful
2017.03.26 14:29:26 LOG6[cron]: Executing cron jobs
2017.03.26 14:29:26 LOG6[cron]: Cron jobs completed in 0 seconds
2017.03.26 14:32:04 LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:49659
2017.03.26 14:32:04 LOG6[0]: s_connect: connecting 103.254.153.100:443
2017.03.26 14:32:05 LOG5[0]: s_connect: connected 103.254.153.100:443
2017.03.26 14:32:05 LOG5[0]: Service [openvpn] connected remote server from 192.168.1.2:47010
2017.03.26 14:32:05 LOG6[0]: SNI: sending servername: 103.254.153.100
2017.03.26 14:32:05 LOG6[0]: Peer certificate required
2017.03.26 14:32:05 LOG6[0]: CERT: Locally installed certificate matched
2017.03.26 14:32:05 LOG5[0]: Certificate accepted at depth=0: C=IT, ST=Italy, L=Perugia, O=AirVPN, OU=stunnel, CN=stunnel.airvpn.org, emailAddress=info@airvpn.org
2017.03.26 14:32:05 LOG6[0]: Client certificate not requested
2017.03.26 14:32:05 LOG6[0]: TLS connected: new session negotiated
2017.03.26 14:32:05 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2017.03.26 14:32:09 LOG3[0]: socket fd: Software caused connection abort (103)
2017.03.26 14:32:09 LOG6[0]: writesocket: Socket is closed
2017.03.26 14:32:09 LOG3[0]: TLS fd: Software caused connection abort (103)
2017.03.26 14:32:09 LOG6[0]: SSL_shutdown: Socket is closed
2017.03.26 14:32:09 LOG6[0]: TLS closed (SSL_read)
2017.03.26 14:32:09 LOG5[0]: Connection closed: 3718 byte(s) sent to TLS, 3708 byte(s) sent to socket
2017.03.26 14:32:12 LOG5[1]: Service [openvpn] accepted connection from 127.0.0.1:49662
2017.03.26 14:32:12 LOG6[1]: s_connect: connecting 103.254.153.100:443
2017.03.26 14:32:12 LOG5[1]: s_connect: connected 103.254.153.100:443
2017.03.26 14:32:12 LOG5[1]: Service [openvpn] connected remote server from 192.168.1.2:47013
2017.03.26 14:32:12 LOG6[1]: SNI: sending servername: 103.254.153.100
2017.03.26 14:32:12 LOG6[1]: Peer certificate required
2017.03.26 14:32:13 LOG6[1]: TLS connected: previous session reused
2017.03.26 14:32:15 LOG3[1]: TLS fd: Software caused connection abort (103)
2017.03.26 14:32:15 LOG6[1]: TLS socket closed (SSL_read)
2017.03.26 14:32:15 LOG5[1]: Connection closed: 3631 byte(s) sent to TLS, 3656 byte(s) sent to socket
2017.03.26 14:32:18 LOG5[2]: Service [openvpn] accepted connection from 127.0.0.1:49666
2017.03.26 14:32:18 LOG6[2]: s_connect: connecting 103.254.153.100:443
2017.03.26 14:32:18 LOG5[2]: s_connect: connected 103.254.153.100:443
2017.03.26 14:32:18 LOG5[2]: Service [openvpn] connected remote server from 192.168.1.2:47017
2017.03.26 14:32:18 LOG6[2]: SNI: sending servername: 103.254.153.100
2017.03.26 14:32:18 LOG6[2]: Peer certificate required
2017.03.26 14:32:18 LOG6[2]: TLS connected: previous session reused
2017.03.26 14:32:22 LOG3[2]: socket fd: Software caused connection abort (103)
2017.03.26 14:32:22 LOG6[2]: writesocket: Socket is closed
2017.03.26 14:32:22 LOG3[2]: TLS fd: Software caused connection abort (103)
2017.03.26 14:32:22 LOG6[2]: SSL_shutdown: Socket is closed
2017.03.26 14:32:22 LOG6[2]: TLS closed (SSL_read)
2017.03.26 14:32:22 LOG5[2]: Connection closed: 3631 byte(s) sent to TLS, 3656 byte(s) sent to socket
2017.03.26 14:32:25 LOG5[3]: Service [openvpn] accepted connection from 127.0.0.1:49669
2017.03.26 14:32:25 LOG6[3]: s_connect: connecting 103.254.153.100:443
2017.03.26 14:32:26 LOG5[3]: s_connect: connected 103.254.153.100:443
2017.03.26 14:32:26 LOG5[3]: Service [openvpn] connected remote server from 192.168.1.2:47020
2017.03.26 14:32:26 LOG6[3]: SNI: sending servername: 103.254.153.100
2017.03.26 14:32:26 LOG6[3]: Peer certificate required
2017.03.26 14:32:26 LOG6[3]: TLS connected: previous session reused
2017.03.26 14:32:26 LOG6[3]: Read socket closed (read hangup)
2017.03.26 14:32:26 LOG6[3]: SSL_shutdown successfully sent close_notify alert
2017.03.26 14:32:26 LOG3[3]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
2017.03.26 14:32:26 LOG5[3]: Connection closed: 44 byte(s) sent to TLS, 0 byte(s) sent to socket
2017.03.26 14:34:59 LOG5[4]: Service [openvpn] accepted connection from 127.0.0.1:49682
2017.03.26 14:34:59 LOG6[4]: s_connect: connecting 103.254.153.100:443
2017.03.26 14:34:59 LOG5[4]: s_connect: connected 103.254.153.100:443
2017.03.26 14:34:59 LOG5[4]: Service [openvpn] connected remote server from 192.168.1.2:47033
2017.03.26 14:34:59 LOG6[4]: SNI: sending servername: 103.254.153.100
2017.03.26 14:34:59 LOG6[4]: Peer certificate required
2017.03.26 14:34:59 LOG6[4]: TLS connected: previous session reused
2017.03.26 14:34:59 LOG6[4]: Read socket closed (read hangup)
2017.03.26 14:34:59 LOG6[4]: SSL_shutdown successfully sent close_notify alert
2017.03.26 14:34:59 LOG3[4]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
2017.03.26 14:34:59 LOG5[4]: Connection closed: 132 byte(s) sent to TLS, 0 byte(s) sent to socket
 

Share this post


Link to post

The second guide never really worked for me. it would always work once, but requires resetting every time i lost connection. Stick to the first guide.

 

Did you add terminal emulator to the configs exclusion list? Essentially if you don't do that it will sever the SSL connection every time you attempt a connection. Excluding it allows the Terminal Emulator's connection to run via the naked ISP, since that is the app which will in essence be tunneling your encrypted data.

Share this post


Link to post

Did you add terminal emulator to the configs exclusion list?

Not that I knew. Which config are you talking of? Could you please explain how I can do that?

 

Also, supposed it was working, then I would have to run "./servername" in the emulator every time I want to use the VPN, right (like after rebooting my phone)?

Share this post


Link to post

My session via OpenVPN for Android ends after about a minute or so. I have to either manually reconnect or turn the screen off for a short time and on again, which is too annoying to deal with every minute. Is there a way to fix that? First I thought it might have to do with the server, but I tried four different ones, all the same no matter what time of the day. I am not using any google services though, since I'm using the Chinese version OnePlus 3, might that be the problem?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...