Jump to content
Not connected, Your IP: 3.142.195.61
AirVPN
InactiveUser

[How-To] [OBSOLETE] AirVPN through stunnel on Android

By InactiveUser, ... in General & Suggestions

Recommended Posts

klonzanit    0

klonzanit
Posted ...

Please help me.

Hi. Help to adjust to me airvpn.
 I have linux unbutu 17.04
I have no openvpn, there is only Point-to-Point
 Tuneling Protokol (PPTP)
I speak Russian, on English I don't understand. Write please the step-by-step instruction.
I transferred dialogue in the translator.

Share this post

Link to post

philairvpn    1

philairvpn
Posted ...

Did you add terminal emulator to the configs exclusion list? Essentially if you don't do that it will sever the SSL connection every time you attempt a connection. Excluding it allows the Terminal Emulator's connection to run via the naked ISP, since that is the app which will in essence be tunneling your encrypted data.

 

Thanks! To anyone having problems, I was skeptical but I can confirm this actually resolved my issue.

 

Not that I knew. Which config are you talking of? Could you please explain how I can do that?

 

Within OpenVPN for Android, under the profiles tab, edit the profile (click the pencil to the right of it) -> Allowed Apps tab, scroll down to Terminal Emulator and check the box.

Share this post

Link to post

kulboza    0

kulboza
Posted ...

 

Goal and obstacles

 

We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. On Android, a few obstacles have to be worked around:

 

a. there is no AirVPN Eddie client for Android.

Solution: We will use OpenVPN and stunnel directly.

b. there is no stunnel app in any Android appstore.

Solution: we will download the stunnel Android binary (provided by the stunnel project itself) and run it from the commandline.

c. Android does not allow us to execute any programs from the sdcard.

Solution: we will move stunnel to a special location (owned by the Terminal app), which will allow the Terminal app to execute stunnel.

d. stunnel wants to write to /tmp/, but there's no /tmp/ on Android.

Solution: we will modify the .ssl config file to change the pidfile location to a writable directory.

 

 

 

Software Requirements

  • Android 4.0 or newer (device does not have to be rooted)
  • stunnel compiled for Android (FOSS), via project website
  • OpenVPN for Android (FOSS), via F-Droid or Play Store
  • Jack Palevich's Terminal Emulator for Android (FOSS), via F-Droid or Play Store
  • a separate computer to download/edit the necessary config files and binaries (entirely optional, but easier than doing everything on the Android device itself)

 

 

Setup instructions

 

1. Generate config files with AirVPN's config generator

  • choose Linux
  • pick one single server of your choice. I will use Nunki for this tutorial!
  • for Connection Mode, choose SSL Tunnel, port 443 (visible after enabling Advanced Mode)
  • enable Resolved hosts in .ovpn file
  • leave all the other settings at their default values
  • download and unzip the generated zip file
  • this should result in an AirVPN folder, containing three files

 

2. Open the ssl config file (AirVPN_GB-Manchester_Nunki_SSL-443.ssl) in a text editor.

 

Find the line:

pid = /tmp/stunnel4.pid

Change it to:

pid = /data/data/jackpal.androidterm/app_HOME/stunnel4.pid

Save and close the file.

 

 

3. In a text editor, create a new file with the following contents:

#!/system/bin/sh
cd /data/data/jackpal.androidterm/app_HOME
./stunnel AirVPN_GB-Manchester_Nunki_SSL-443.ssl

Save it to a file named nunki (no file extension).

Put the file into the AirVPN folder, next to our other config files.

 

 

4. Download and unzip stunnel for Android from the stunnel website (stunnel-X.XX-android.zip)

 

Put the stunnel file (only the file, not the folder) into the AirVPN folder.

 

 

5. Make sure your AirVPN folder now contains the following files:

AirVPN_GB-Manchester_Nunki_SSL-443.ovpn
AirVPN_GB-Manchester_Nunki_SSL-443.ssl
nunki
stunnel
stunnel.crt

 

6. Copy the whole AirVPN folder to your Android's SD card.

 

The path should be:

/sdcard/AirVPN/

 

7. Install OpenVPN for Android via F-Droid or Play Store and import the .ovpn config file located at

/sdcard/AirVPN/AirVPN_GB-Manchester_Nunki_SSL-443.ovpn

Don't try to connect just yet.

 

 

8. Install Terminal Emulator for Android, via F-Droid or Play Store

 

 

9. Open Terminal Emulator and successively run the following commands:

cd

The simple cd command should take you to the app's home directory (/data/data/jackpal.androidterm/app_HOME).

This is where we need to put our config files and the stunnel binary. Let's move them over by running:

mv /sdcard/AirVPN/* .

It's important to type every character correctly (commandline is case sensitive); the "*" is a wildcard expanding to all files in the AirVPN folder, and the "." is a placeholder for the current directory /data/data/jackpal.androidterm/app_HOME. Typing commands on Android is a big pain, so I try to keep them as short as possible!

 

Finally, we need to modify permissions for the binary and the script, allowing us to execute them:

chmod 555 stunnel nunki

 

We should be ready to go!

 

 

 

Usage instructions

 

I. Open Terminal Emulator and run the following two commands:

 

cd

./nunki

A log message should appear: Configuration successful

Great! Keep the Terminal app running, but use the Home button to get out.

 

II. Open OpenVPN for Android and connect to the profile AirVPN_GB_Manchester_Nunki_SSL-443

Unless something went wrong, you should get Initialization Sequence Completed - great!

I recommend performing the usual leak tests and perhaps diving into OpenVPN's profile settings before relying on your configuration to work as you expect it to.

 

 

III. To disconnect:

  • Disconnect VPN in OpenVPN
  • open Terminal Emulator, press VOLUME_DOWN + C to kill stunnel
  • press the X button to close the terminal session

 

IV. If stunnel isn't shutdown properly, you may see an error if you try to run stunnel again:

 

[!] Error binding service [openvpn] to 127.0.0.1:1413
[!] bind: Address already in use (98)
[ ] Closing service [openvpn]
[ ] Service [openvpn] closed

 

This means stunnel is still running in the background. You can kill it by running:

 

killall stunnel

 

 

 

 

Footnotes

 

I successfully followed my own tutorial using:

CyanogenMod 12.1 nightly (≈ Android 5.1)
stunnel 5.23
OpenVPN for Android 0.6.35 (F-Droid)
Terminal Emulator 1.0.70 (F-Droid)

Testers welcome, especially if you're using different Android and software versions.

 

Credits:

 

i make all the steps but this  step "./nunki " did not work 

Screen shot : https://drive.google.com/open?id=0BxLl0pieiia6aEdZLV9vUm9scUk

Share this post

Link to post

hugomueller    13

hugomueller
Posted ...

I could establish a stunnel connection on android (light is green) but if if I start open vpn and try to connect I get:

NETWORK EOF ERROR

 

See attache files:

 

Happens with openvpn for android and openvpn connect.

Share this post

Link to post

InactiveUser    188

InactiveUser
Posted ...

I could establish a stunnel connection on android (light is green) but if if I start open vpn and try to connect I get:

NETWORK EOF ERROR

 

See attache files:

attachicon.gif2017-12-04 19_43_58.png

 

Happens with openvpn for android and openvpn connect.

 

Are you on Android 7.0 or newer? It looks like Android 7.0 introduced some changes that make it impossible to use OpenVPN through stunnel. Unfortunately, this tutorial is obsolete unless a solution is found.

 

Related bug reports:

https://www.stunnel.org/pipermail/stunnel-users/2017-October/005845.html

https://github.com/schwabe/ics-openvpn/issues/740

https://productforums.google.com/forum/#!topic/nexus/8SybHHQoEDg

all of my content is released under CC-BY-SA 2.0

Share this post

Link to post

DarkSpace-Harbinger    11

DarkSpace-Harbinger
Posted ...

 

I could establish a stunnel connection on android (light is green) but if if I start open vpn and try to connect I get:

NETWORK EOF ERROR

 

See attache files:

attachicon.gif2017-12-04 19_43_58.png

 

Happens with openvpn for android and openvpn connect.

 

Are you on Android 7.0 or newer? It looks like Android 7.0 introduced some changes that make it impossible to use OpenVPN through stunnel. Unfortunately, this tutorial is obsolete unless a solution is found.

 

Related bug reports:

https://www.stunnel.org/pipermail/stunnel-users/2017-October/005845.html

https://github.com/schwabe/ics-openvpn/issues/740

https://productforums.google.com/forum/#!topic/nexus/8SybHHQoEDg

 

 

I must be out of the loop. I've been using Stunnel and OpenVPN on my Google Pixel with no issues, and it released with Nougat pre-installed.

 

The only thing you need to do is exclude Terminal Emulator from the VPN tunnel using OpenVPN for Android.

 

The problem is, when you don't do this it tries to route Stunnel through OpenVPN, and OpenVPN is trying to route through Stunnel. By excluding Termninal Emulator you allow Stunnel to remain unrouted by OpenVPN, and OpenVPN can make it's connection with Stunnel properly.

hugomueller and InactiveUser reacted to this

Share this post

Link to post

hugomueller    13

hugomueller
Posted ...

I must be out of the loop. I've been using Stunnel and OpenVPN on my Google Pixel with no issues, and it released with Nougat pre-installed.

 

The only thing you need to do is exclude Terminal Emulator from the VPN tunnel using OpenVPN for Android.

 

The problem is, when you don't do this it tries to route Stunnel through OpenVPN, and OpenVPN is trying to route through Stunnel. By excluding Termninal Emulator you allow Stunnel to remain unrouted by OpenVPN, and OpenVPN can make it's connection with Stunnel properly.

 

This did the trick! Thanks a lot! I was not using terminal emulator but the SSL/TLS Tunnel app. I had to put it on the exclusion list and it worked!

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...