Unable to connect to AirVPN via SSL/stunnel on Android 8

buthowcome

Hi,

I just got AirVPN in order to circumvent the high level of VPN-censorship in my country. I want to connect via stunnel and tls-crypt to avoid deep packet inspection that is done so that I can use my VPN freely. I am having issues connecting to AirVPN via stunnel on Android. I have followed all the steps in the how-to guide and watched the guide video, but I am still unable to connect. I am not getting the "configuration successful" message in Termux like it shows in the guide video. Not very experienced so Im sure I've made some kind of a mistake somewhere, would be very grateful for any help.

Here is the Termux logs:

Welcome to Termux!

Wiki: https://wiki.termux.com
Community forum: https://termux.com/community
IRC channel: #termux on freenode
Gitter chat: https://gitter.im/termux/termux
Mailing list: termux+subscribe@groups.io

Search packages: pkg search
Install a package: pkg install
Upgrade packages: pkg upgrade
Learn more: pkg help
$ pkg upgrade
Hit:1 https://termux.net stable InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
$ pkg install stunnel
Hit:1 https://termux.net stable InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
Reading package lists... Done
Building dependency tree
Reading state information... Done
stunnel is already the newest version (5.47).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
$ cd storage/shared/AirVPN
$ ls
2018-06-29 04:02:04 official.txt
AirVPN_NL-Alblasserdam_Alshat_SSL-443.ovpn
AirVPN_NL-Alblasserdam_Alshat_SSL-443.ssl
stunnel.crt
$ stunnel AirVPN_NL-Alblasserdam_Alshat_SSL-443.ssl
[ ] Clients allowed=500
[.] stunnel 5.47 on aarch64-unknown-linux-android platform
[.] Compiled/running with OpenSSL 1.0.2o 27 Mar 2018
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI
[ ] errno: (*__errno())
[.] Reading configuration from file /storage/emulated/0/AirVPN/AirVPN_NL-Alblasserdam_Alshat_SSL-443.ssl
[.] UTF-8 byte order mark not detected
[ ] No PRNG seeding was required
[ ] Initializing service [openvpn]
[ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
[ ] TLS options: 0x03000004 (+0x00000000, -0x00000000)
[ ] No certificate or private key specified
[:] Service [openvpn] needs authentication to prevent MITM attacks
[.] Configuration successful
[ ] Binding service [openvpn]
[ ] Listening file descriptor created (FD=6)
[ ] Setting accept socket options (FD=6)
[ ] Option SO_REUSEADDR set on accept socket
[.] Binding service [openvpn] to 127.0.0.1:1413: Address already in use (98)
[!] Binding service [openvpn] failed
[ ] Deallocating section defaults
[ ] Unbinding service [openvpn]
[ ] Service [openvpn] closed
[ ] Deallocating section [openvpn]
$ stunnel AirVPN_NL-Alblasserdam_Alshat_SSL-443.ssl
[ ] Clients allowed=500
[.] stunnel 5.47 on aarch64-unknown-linux-android platform
[.] Compiled/running with OpenSSL 1.0.2o 27 Mar 2018
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI
[ ] errno: (*__errno())
[.] Reading configuration from file /storage/emulated/0/AirVPN/AirVPN_NL-Alblasserdam_Alshat_SSL-443.ssl
[.] UTF-8 byte order mark not detected
[ ] No PRNG seeding was required
[ ] Initializing service [openvpn]
[ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
[ ] TLS options: 0x03000004 (+0x00000000, -0x00000000)
[ ] No certificate or private key specified
[.] Configuration successful
[ ] Binding service [openvpn]
[ ] Listening file descriptor created (FD=6)
[ ] Setting accept socket options (FD=6)
[ ] Option SO_REUSEADDR set on accept socket
[.] Binding service [openvpn] to 127.0.0.1:1413: Address already in use (98)
[!] Binding service [openvpn] failed
[ ] Deallocating section defaults
[ ] Unbinding service [openvpn]
[ ] Service [openvpn] closed
[ ] Deallocating section [openvpn]
$

Here is OpenVPN for Android logs:

2018-06-29 04:20:12 official build 0.7.5 running on samsung SM-G965F (universal9810), Android 8.0.0 (R16NW) API 26, ABI arm64-v8a, (samsung/star2ltexx/star2lte:8.0.0/R16NW/G965FXXU1BRE6:user/release-keys)
2018-06-29 04:20:12 Building configuration…
2018-06-29 04:20:12 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START):
2018-06-29 04:20:12 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START):
2018-06-29 04:20:12 started Socket Thread
2018-06-29 04:20:12 Network Status: CONNECTED to WIFI "Al-Qalam +"
2018-06-29 04:20:12 Debug state info: CONNECTED to WIFI "Al-Qalam +", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-06-29 04:20:12 Debug state info: CONNECTED to WIFI "Al-Qalam +", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-06-29 04:20:12 Current Parameter Settings:
2018-06-29 04:20:12 config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2018-06-29 04:20:12 mode = 0
2018-06-29 04:20:12 show_ciphers = DISABLED
2018-06-29 04:20:12 show_digests = DISABLED
2018-06-29 04:20:12 show_engines = DISABLED
2018-06-29 04:20:12 genkey = DISABLED
2018-06-29 04:20:12 key_pass_file = '[uNDEF]'
2018-06-29 04:20:12 show_tls_ciphers = DISABLED
2018-06-29 04:20:12 connect_retry_max = 0
2018-06-29 04:20:12 Connection profiles [0]:
2018-06-29 04:20:12 proto = tcp-client
2018-06-29 04:20:12 local = '[uNDEF]'
2018-06-29 04:20:12 local_port = '[uNDEF]'
2018-06-29 04:20:12 remote = '127.0.0.1'
2018-06-29 04:20:12 remote_port = '1413'
2018-06-29 04:20:12 remote_float = DISABLED
2018-06-29 04:20:12 bind_defined = DISABLED
2018-06-29 04:20:12 bind_local = DISABLED
2018-06-29 04:20:12 bind_ipv6_only = DISABLED
2018-06-29 04:20:12 connect_retry_seconds = 2
2018-06-29 04:20:12 connect_timeout = 120
2018-06-29 04:20:12 socks_proxy_server = '[uNDEF]'
2018-06-29 04:20:12 socks_proxy_port = '[uNDEF]'
2018-06-29 04:20:12 tun_mtu = 1500
2018-06-29 04:20:12 tun_mtu_defined = ENABLED
2018-06-29 04:20:12 link_mtu = 1500
2018-06-29 04:20:12 link_mtu_defined = DISABLED
2018-06-29 04:20:12 tun_mtu_extra = 0
2018-06-29 04:20:12 tun_mtu_extra_defined = DISABLED
2018-06-29 04:20:12 mtu_discover_type = -1
2018-06-29 04:20:12 fragment = 0
2018-06-29 04:20:12 mssfix = 1450
2018-06-29 04:20:12 explicit_exit_notification = 0
2018-06-29 04:20:12 Connection profiles END
2018-06-29 04:20:12 remote_random = DISABLED
2018-06-29 04:20:12 ipchange = '[uNDEF]'
2018-06-29 04:20:12 dev = 'tun'
2018-06-29 04:20:12 dev_type = '[uNDEF]'
2018-06-29 04:20:12 dev_node = '[uNDEF]'
2018-06-29 04:20:12 lladdr = '[uNDEF]'
2018-06-29 04:20:12 topology = 1
2018-06-29 04:20:12 ifconfig_local = '[uNDEF]'
2018-06-29 04:20:12 ifconfig_remote_netmask = '[uNDEF]'
2018-06-29 04:20:12 ifconfig_noexec = DISABLED
2018-06-29 04:20:12 ifconfig_nowarn = ENABLED
2018-06-29 04:20:12 ifconfig_ipv6_local = '[uNDEF]'
2018-06-29 04:20:12 ifconfig_ipv6_netbits = 0
2018-06-29 04:20:12 ifconfig_ipv6_remote = '[uNDEF]'
2018-06-29 04:20:12 shaper = 0
2018-06-29 04:20:12 mtu_test = 0
2018-06-29 04:20:12 mlock = DISABLED
2018-06-29 04:20:12 keepalive_ping = 0
2018-06-29 04:20:12 keepalive_timeout = 0
2018-06-29 04:20:12 inactivity_timeout = 0
2018-06-29 04:20:12 ping_send_timeout = 0
2018-06-29 04:20:12 ping_rec_timeout = 0
2018-06-29 04:20:12 ping_rec_timeout_action = 0
2018-06-29 04:20:12 ping_timer_remote = DISABLED
2018-06-29 04:20:12 remap_sigusr1 = 0
2018-06-29 04:20:12 persist_tun = ENABLED
2018-06-29 04:20:12 persist_local_ip = DISABLED
2018-06-29 04:20:12 persist_remote_ip = DISABLED
2018-06-29 04:20:12 persist_key = DISABLED
2018-06-29 04:20:12 Waiting 0s seconds between connection attempt
2018-06-29 04:20:12 passtos = DISABLED
2018-06-29 04:20:12 resolve_retry_seconds = 1000000000
2018-06-29 04:20:12 resolve_in_advance = ENABLED
2018-06-29 04:20:12 username = '[uNDEF]'
2018-06-29 04:20:12 groupname = '[uNDEF]'
2018-06-29 04:20:12 chroot_dir = '[uNDEF]'
2018-06-29 04:20:12 cd_dir = '[uNDEF]'
2018-06-29 04:20:12 writepid = '[uNDEF]'
2018-06-29 04:20:12 up_script = '[uNDEF]'
2018-06-29 04:20:12 down_script = '[uNDEF]'
2018-06-29 04:20:12 down_pre = DISABLED
2018-06-29 04:20:12 up_restart = DISABLED
2018-06-29 04:20:12 up_delay = DISABLED
2018-06-29 04:20:12 daemon = DISABLED
2018-06-29 04:20:12 inetd = 0
2018-06-29 04:20:12 log = DISABLED
2018-06-29 04:20:12 suppress_timestamps = DISABLED
2018-06-29 04:20:12 machine_readable_output = ENABLED
2018-06-29 04:20:12 nice = 0
2018-06-29 04:20:12 verbosity = 4
2018-06-29 04:20:12 mute = 0
2018-06-29 04:20:12 gremlin = 0
2018-06-29 04:20:12 status_file = '[uNDEF]'
2018-06-29 04:20:12 status_file_version = 1
2018-06-29 04:20:12 status_file_update_freq = 60
2018-06-29 04:20:12 occ = ENABLED
2018-06-29 04:20:12 rcvbuf = 0
2018-06-29 04:20:12 sndbuf = 0
2018-06-29 04:20:12 sockflags = 0
2018-06-29 04:20:12 fast_io = DISABLED
2018-06-29 04:20:12 comp.alg = 2
2018-06-29 04:20:12 comp.flags = 1
2018-06-29 04:20:12 route_script = '[uNDEF]'
2018-06-29 04:20:12 route_default_gateway = '[uNDEF]'
2018-06-29 04:20:12 route_default_metric = 0
2018-06-29 04:20:12 route_noexec = DISABLED
2018-06-29 04:20:12 route_delay = 0
2018-06-29 04:20:12 route_delay_window = 30
2018-06-29 04:20:12 route_delay_defined = DISABLED
2018-06-29 04:20:12 route_nopull = DISABLED
2018-06-29 04:20:12 route_gateway_via_dhcp = DISABLED
2018-06-29 04:20:12 allow_pull_fqdn = DISABLED
2018-06-29 04:20:12 route 0.0.0.0/0.0.0.0/vpn_gateway/default (not set)
2018-06-29 04:20:12 management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2018-06-29 04:20:12 management_port = 'unix'
2018-06-29 04:20:12 management_user_pass = '[uNDEF]'
2018-06-29 04:20:12 management_log_history_cache = 250
2018-06-29 04:20:12 management_echo_buffer_size = 100
2018-06-29 04:20:12 management_write_peer_info_file = '[uNDEF]'
2018-06-29 04:20:12 management_client_user = '[uNDEF]'
2018-06-29 04:20:12 management_client_group = '[uNDEF]'
2018-06-29 04:20:12 management_flags = 4390
2018-06-29 04:20:12 shared_secret_file = '[uNDEF]'
2018-06-29 04:20:12 key_direction = not set
2018-06-29 04:20:12 ciphername = 'AES-256-CBC'
2018-06-29 04:20:12 ncp_enabled = ENABLED
2018-06-29 04:20:12 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2018-06-29 04:20:12 authname = 'sha512'
2018-06-29 04:20:12 prng_hash = 'SHA1'
2018-06-29 04:20:12 prng_nonce_secret_len = 16
2018-06-29 04:20:12 keysize = 0
2018-06-29 04:20:12 engine = DISABLED
2018-06-29 04:20:12 replay = ENABLED
2018-06-29 04:20:12 mute_replay_warnings = DISABLED
2018-06-29 04:20:12 replay_window = 64
2018-06-29 04:20:12 replay_time = 15
2018-06-29 04:20:12 packet_id_file = '[uNDEF]'
2018-06-29 04:20:12 test_crypto = DISABLED
2018-06-29 04:20:12 tls_server = DISABLED
2018-06-29 04:20:12 tls_client = ENABLED
2018-06-29 04:20:12 key_method = 2
2018-06-29 04:20:12 ca_file = '[[iNLINE]]'
2018-06-29 04:20:12 ca_path = '[uNDEF]'
2018-06-29 04:20:12 dh_file = '[uNDEF]'
2018-06-29 04:20:12 cert_file = '[[iNLINE]]'
2018-06-29 04:20:12 extra_certs_file = '[uNDEF]'
2018-06-29 04:20:12 priv_key_file = '[[iNLINE]]'
2018-06-29 04:20:12 pkcs12_file = '[uNDEF]'
2018-06-29 04:20:12 cipher_list = '[uNDEF]'
2018-06-29 04:20:12 tls_cert_profile = '[uNDEF]'
2018-06-29 04:20:12 tls_verify = '[uNDEF]'
2018-06-29 04:20:12 tls_export_cert = '[uNDEF]'
2018-06-29 04:20:12 verify_x509_type = 0
2018-06-29 04:20:12 verify_x509_name = '[uNDEF]'
2018-06-29 04:20:12 crl_file = '[uNDEF]'
2018-06-29 04:20:12 ns_cert_type = 0
2018-06-29 04:20:12 remote_cert_ku = 65535
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_ku = 0
2018-06-29 04:20:12 remote_cert_eku = 'TLS Web Server Authentication'
2018-06-29 04:20:12 ssl_flags = 0
2018-06-29 04:20:12 tls_timeout = 2
2018-06-29 04:20:12 renegotiate_bytes = -1
2018-06-29 04:20:12 renegotiate_packets = 0
2018-06-29 04:20:12 renegotiate_seconds = 3600
2018-06-29 04:20:12 handshake_window = 60
2018-06-29 04:20:12 transition_window = 3600
2018-06-29 04:20:12 single_session = DISABLED
2018-06-29 04:20:12 push_peer_info = ENABLED
2018-06-29 04:20:12 tls_exit = DISABLED
2018-06-29 04:20:12 tls_auth_file = '[uNDEF]'
2018-06-29 04:20:12 tls_crypt_file = '[[iNLINE]]'
2018-06-29 04:20:12 client = ENABLED
2018-06-29 04:20:12 pull = ENABLED
2018-06-29 04:20:12 auth_user_pass_file = '[uNDEF]'
2018-06-29 04:20:12 OpenVPN 2.5-icsopenvpn [git:v2.4_rc2-301-g14adf04a] arm64-v8a [sSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 3 2018
2018-06-29 04:20:12 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
2018-06-29 04:20:12 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2018-06-29 04:20:12 MANAGEMENT: CMD 'version 2'
2018-06-29 04:20:12 MANAGEMENT: CMD 'hold release'
2018-06-29 04:20:12 MANAGEMENT: CMD 'proxy NONE'
2018-06-29 04:20:12 MANAGEMENT: CMD 'bytecount 2'
2018-06-29 04:20:12 MANAGEMENT: CMD 'state on'
2018-06-29 04:20:13 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-06-29 04:20:13 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2018-06-29 04:20:13 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-06-29 04:20:13 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2018-06-29 04:20:13 LZO compression initializing
2018-06-29 04:20:13 Control Channel MTU parms [ L:1624 D:1154 EF:96 EB:0 ET:0 EL:3 ]
2018-06-29 04:20:13 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
2018-06-29 04:20:13 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2018-06-29 04:20:13 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
2018-06-29 04:20:13 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1413
2018-06-29 04:20:13 Socket Buffers: R=[1048576->1048576] S=[1048576->1048576]
2018-06-29 04:20:13 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 [nonblock]
2018-06-29 04:20:13 New OpenVPN Status (TCP_CONNECT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2018-06-29 04:20:13 New OpenVPN Status (TCP_CONNECT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2018-06-29 04:20:13 MANAGEMENT: >STATE:1530231613,TCP_CONNECT,,,,,,
2018-06-29 04:20:13 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2018-06-29 04:20:13 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2018-06-29 04:20:13 TCP connection established with [AF_INET]127.0.0.1:1413
2018-06-29 04:20:13 TCP_CLIENT link local: (not bound)
2018-06-29 04:20:13 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1413
2018-06-29 04:20:13 MANAGEMENT: >STATE:1530231613,WAIT,,,,,,

It gets stuck on "Waiting for server reply."

Here is the contents of the .ssl file:

# --------------------------------------------------------
# Air VPN | https://airvpn.org | Thursday 28th of June 2018 11:52:21 PM
# STunnel Client Configuration
# AirVPN_NL-Alblasserdam_Alshat_SSL-443
# --------------------------------------------------------

foreground = yes
pid = /data/data/com.termux/files/home/stunnel4.pid
client = yes
debug = 6

[openvpn]
accept = 127.0.0.1:1413
connect = 213.152.161.8:443
TIMEOUTclose = 0
verify = 3
CAfile = stunnel.crt

Could anyone please advise on how to go about fixing this? I've tried using other serves but all have the same issue.

Thank you!

Sign In

Unable to connect to AirVPN via SSL/stunnel on Android 8

Recommended Posts

buthowcome 0

Share this post

Link to post

Join the conversation

Home

Community