Page 1 of 2

HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Fri Mar 28, 2014 12:53 am
by Tealc
Note from df: the configs here are likely outdated. the most current ones are always on cryptostorm's github
{direct link: cryptostorm.org/android}
UPDATED: 04/03/2016
*** Everything is working, download new conf's files ***

This tutorial will work out-of-the-box by following the steps below, but you can complement it with this earlier howto if necessary (all credit to @Graze for doing the original post.)

1) Install the "OpenVPN for Android" application from Arne Schwabe (source here and here):
Devs self compiled copies: link (**** LINK FIXED - 20150209 Graze ****)
Fdroid: link
Google Play Store: link
This method will only work with OpenVPN version 0.6.45 or bigger.

2) Download and send to your smartphone the OpenVPN config file with the server you want, for the purpose of this tutorial we will use "USCentral-mishigami.ovpn" from github.com

SIDE NOTE: If you change the name "USCentral-mishigami.ovpn" to "whatever.ovpn" the "Profile Name" in the OpenVPN application will acquire that name

3) Open OpenVPN and click "Folder" icon from the right side corner of the screen, this is your "Import Configuration File", just navigate with the file explorer to the directory where you have "USCentral-mishigami.ovpn" and click "Select". The "Import Log" will tell you that it was successfully imported. IMPORTANT: Click the "Disk" button from the bottom right screen side or it will not save in the app.

4) Open OpenVPN app and if you do not see the "USCentral-mishigami" connection just go to "Settings" and then go back to "Profiles".
4.1) Select the "USCentral-mishigami" and it will ask you for a Username/Password, so this is the most tricky part:
4.2) You'll want to take your token and (on your phone) put it in here and calculate the SHA512 hash.
4.3) Take that SHA512 and use it as your Username (NOT password!!!)... Paste it in there. (If you have problems pasting on your device for whatever reason, I ended up picking up a free app called EZ Copy&Paste, which allowed me to shove my SHA512 in there and I am suddenly wondering how I lived without it... Anyway....)
4.4) Enter a password. Can be anything. Cannot be left blank (it complains about that later if you do...)

And that's it, you're good to go! This OpenVPN config file will work with ALL rooted & NON rooted smartphones Android 4.2 and up.

Hope this makes Android lovers like me, a little bit more happy :lol: :lol:

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Mar 28, 2014 4:07 am
by Graze
Thanks so much for this - going to try it out now :)

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Mar 28, 2014 10:01 am
by cryptostorm_support
That's awesome. Definitely going to give that a shot on my phone

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Tue Apr 01, 2014 7:16 am
by acid1c
I would suggest using Fdroid or the devs self compiled copies of Openvpn for android https://plai.de/android/

Also he has an xposed module to auto accept to avoid that check box and ok confirmation. :)

@Tealc if you mean developing a CS android app, I would be for it. :D

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Wed Apr 02, 2014 1:51 am
by Tealc
acid1c wrote:I would suggest using Fdroid or the devs self compiled copies of Openvpn for android https://plai.de/android/

Also he has an xposed module to auto accept to avoid that check box and ok confirmation. :)

@Tealc if you mean developing a CS android app, I would be for it. :D


Hi there, and thank you for your reply :lol: :-D So I'm using AFwall+ just like the tutorial you posted :D It's just great.

It's been 3 months that I've used Titanium BackUP Pro to remove all the Play Store ties, I really don't like all the snooping around of 99.9% of the apps :shifty:

In this OpenVPN matter, I've also went with your "xposed module" and now, no more annoying pop-ups saying something about security, I'm going to install the "Android Revolution HD 61.1" for my HTC ONE and with that I'm going to try and cut the maximum on Google Services, let's see what happens?!

For the Cryptostorm VPN app I really think that this would be a plus, since it would make everything much easier, nevertheless we are actually very fortunate since at least we got it working, there are some iOS users that can't say the same thing (maybe you should change to android?)

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Wed Apr 02, 2014 8:28 pm
by Jarmer
SWEET! So happy to have this! I'm going to go buy an additional token for my phone... RIGHT NOW. Can't even wait for the reduced pricing anymore, I want this on my phone and laptop simultaneously right now!

I used afwall+ in the past, but it did not work at all for mobile data. It worked fine for blocking stuff through wifi, but did zero nothing nada for mobile data. If I set it to route everything through the vpn connection, will that fix this issue, even when the vpn is connected over mobile data connection?

And I for one would LOVE an android app. Would definietly give CS users a little easier way to connect and might even convince them to buy more tokens $$$$

Thanks everyone for making this updated thread.

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Apr 04, 2014 5:05 am
by Graze
Jarmer wrote:Hey, just a quick note to site admin/mods: you might want to update this page:
https://cryptostorm.is/connect.html

down a little it has a link for connecting via android that is set to go to android.cryptostorm.org and then redirects to the old locked android topic. Can you please update that to point to here instead?


Done... :)

... and huge thanks for noticing and taking the time to point it out, by the way. That's the sort of stuff that would frustrate many a new user.

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Apr 04, 2014 7:14 pm
by Jarmer
Sure thing, glad I could help.

And Tealc, wohoo!! it works!! Running on the Montreal node right now, and when I connect it gives me the message about the protected socket, and then a warning about saving passwords (lol since the pw doesn't even do anything anyway) and then that's it! So it appears whatever you did with the config worked, and now I'm running fine.

I do have a couple general questions about messages I've seen in the log, I don't *think* they are issues, I just don't know what they mean and was hoping you could help me out.

There are two attached screenshots of the log. On the "deletingroutes" screenshot, I get those messages about deleting the routes when I disconnect and reconnect, is that normal?

On the other, about the ipv4/ipv6 protocol, I woke up this morning and the VPN was disconnected and frozen/hung at the "resolving host names" status, and I had to quit and restart the app to fix it, and it had the messages about the protocol underneath. Any ideas on this one? I'm taking a wild guess and think that maybe it's due to low cell network signal? My bedroom has really low service, so if the cell connection was unstable/dropped off or something like that would it do that?

Again, thanks SO MUCH for this thread and all the help with people like me!!

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Apr 04, 2014 11:31 pm
by Tealc
Jarmer wrote:On the "deletingroutes" screenshot, I get those messages about deleting the routes when I disconnect and reconnect, is that normal?

Yeah the "deleting routes" error is common with this configuration since android doesn't support deleting the default routes. But if you check, that only happens when you disconnect and reconnect, but by default every time you disconnect the VPN android will input the default android routes, that's what he is trying to erase not the routes from cryptostorm, but the main purpose here is that the routes got replace, I actually don't care if they didn't get deleted. (Did that make sense? It's actually not very easy to explain this, since english isn't my mother language)

Jarmer wrote:On the other, about the ipv4/ipv6 protocol, I woke up this morning and the VPN was disconnected and frozen/hung at the "resolving host names" status


So that means that maybe you didn't have internet access ALL the time, and the OpenVPN time-out, you can solve this by adding "ping 10" to the Custom Options in the profile that you want to change, there is already a thread here that talks about this, I don't add it by default since MANY android devices disconnect from the internet when the screen is off (if not the battery will last only 6 hours?).

Please don't touch the IPV6 option :wtf:

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Sat Apr 05, 2014 12:40 am
by Jarmer
Sounds good on the routes, I gotcha, I thought it wasn't an error so that's good to hear an explanation.

And yeah, I'd guess internet dropped out a couple times overnight where the connection is spotty in the bedroom, so then the VPN couldn't reconnect. I'll keep my eye on this, but I don't think I want to add the ping thing since it's working fine right now as long as I don't have a super spotty connection. Mine doesn't look like it's disconnecting at all when the screen's off. It also doesn't look like it's using much battery. Loving this connection so far!!!

Thanks Tealc for the explanations! Also............ I'M GOING TO TOUCH ALLLLLLL THE IPV6 OPTIONS MWUAHAHAHAHHAHAHA

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Wed Jun 11, 2014 6:41 pm
by marzametal
Anyone tried this out on Android 4.4.3 yet? I manage to connect, but after a couple of minutes I get booted off. I have attached a log file...

log.txt
Include a successful connection, first drop and a 2nd retry...
(9.84 KiB) Downloaded 1287 times

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Jun 13, 2014 5:48 am
by marzametal
Looks like I jumped the gun here...
4.4.3 is kicking up a lot of fuss from what I read in relation to OpenVPN, both on code.google.com pages and various OpenVPN forums/comment feeds. Even some app developers on Google Play have been burned by the very company some of them work side by side with. It doesn't look like Google gives a toss for OpenVPN compatibility. I wanted to keep 4.4.3, so I set up my phone to dual boot and made the 2nd ROM a 4.4.2, which loves OpenVPN for Android... sorry for the posts!

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Jun 13, 2014 6:53 am
by vpnDarknet
openvpn seems to be working fine for me on 4.4.3, on a Nexus 4.
I'd like to load Cyanogenmod, but I'm hooked on Google apps... I'm going to have to cut the apron strings, maybe a project for the weekend

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Jun 13, 2014 9:47 am
by marzametal
vpnDarknet wrote:openvpn seems to be working fine for me on 4.4.3, on a Nexus 4.


What a showoff... lmao :crazy:
I am using a Galaxy S2.

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Jun 13, 2014 10:14 am
by vpnDarknet
haha you can bet I'm doing something wrong, and has more (dns) holes than a pair of fish net stockings :D

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Sat Jun 14, 2014 2:24 pm
by Tealc
vpnDarknet wrote:haha you can bet I'm doing something wrong, and has more (dns) holes than a pair of fish net stockings :D


What do you mean?

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Sat Jun 14, 2014 2:26 pm
by Tealc
marzametal wrote:Looks like I jumped the gun here...
4.4.3 is kicking up a lot of fuss from what I read in relation to OpenVPN, both on code.google.com pages and various OpenVPN forums/comment feeds. Even some app developers on Google Play have been burned by the very company some of them work side by side with. It doesn't look like Google gives a toss for OpenVPN compatibility. I wanted to keep 4.4.3, so I set up my phone to dual boot and made the 2nd ROM a 4.4.2, which loves OpenVPN for Android... sorry for the posts!


Yeah this is true.... but yesterday Arne Schwabe send out a new version of OpenVPN (for rooted phones) that apparently fix this problem?!? I can't check this out since I'm running "ARHD71.1 ROM" and it comes it OpenVPN support

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Mon Jun 16, 2014 3:06 pm
by vpnDarknet
Tealc wrote:
vpnDarknet wrote:haha you can bet I'm doing something wrong, and has more (dns) holes than a pair of fish net stockings :D


What do you mean?


That however I seem to set up my Android phone I have DNS leaks.

Think I need to look into firewall settings, ditch the OFW, and install Cyanogenmod

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Mon Jun 16, 2014 8:00 pm
by Guest
May I jump into this discussion?
I see your problems with Android here and let me tell you it is basically THE topic that kept me most busy when it comes to OpenVPN. I spent days racking my brain and I tried everything in my (and others) book to get a perfect solution. tl;dr: There is none. Even hacking around the system files doesn't help much and as long as you don't rewrite some Android parts from scratch it's easier to use what the awesome open source community gave us already.
Following my suggestion both gives you a perfectly fine working OpenVPN experience plus a "as safe as it gets with Android" environment on your phone.

One warning though: I won't go into much detail why I suggest the following as it would tage ages to explain.

But let me get to the facts:
  1. Don't use any Android version after 4.2.2! tbh: Use EXACTLY 4.2.2 and nothing else! This also applies to Cyanogenmod! Use CM version 10.1.3 Stable as it is Android 4.2.2. Why you might ask? Because the versions after that have ways to circumvent leak protections like AFWall+ and other nasty stuff concerning available and preferred Crypto parameters. Also the way DNS is handled literally fucks up any reasonable attempt to prevent DNS-Leaks properly on the long run.
  2. Use Arne Schwabes OpenVPN for Android. Grab it on F-Droid. I heard other clients might work as well but Arne does it right. So no experiments.
  3. Use AFWall+ (grab it on F-Droid), activate IPv6 support (to block it!), activate VPN support and the block everything on every network but OpenVPN and VPN-Services. Also activate VPN at "all applications". There you go: Leakblock made easy. (Thx to acid1c)
  4. Install XPosed Framework and install XPrivacy.
  5. And lets be honest here: If you are really serious about not leaking your identity and data to the outside --> DON'T INSTALL GAPPS! PERIOD! If you want PlayStore Apps use Android in a VM and export the APKs or download via APK Downloader. If that's "too uncomfortable" then well... Buy an iPhone, clear your mind from any concerns about privacy and security and enjoy your comfortable stay at the walled garden. ;)

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Mon Jun 16, 2014 9:03 pm
by Guest
You can also grab the OpenVPN apk directly at: http://plai.de/android/

It also has betas if you are of the adventureous type.

{ Standard warnings apply with caution being required when installing apks from unknown sources - cryptostorm_support }

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Wed Jun 18, 2014 5:52 am
by marzametal
Cheers, took your advice and went back to a 4.2.2 ROM. I really dig it to be honest. It's cool! I even find OpenVPN connects much quicker, woo hoo!
Tell ya' what... I was blown away when I first saw XPrivacy kick in, thought to myself wtf is this?! Strength beyond strength! I also love the fake mods it can provide in regards to User Agent.
I have made use of some APK Downloader sites since it was mentioned in your post. Thoroughly useful and thanks once again, DesuGuest lmao...

In regards to Also activate VPN at "all applications". On its face, it's worth activating to force everything through the VPN. My thought on this is, rather block access than allow access? For example, in the firewall log, crap pops up left right and center. I'd rather see things being blocked than allowing it through the VPN for the sole reason it is a secure path. I'm not saying take this as gospel, but would like your opinion if possible.

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Thu Jun 19, 2014 1:45 am
by Guest
late Android 4.3 and early 4.4 builds had the DNS leak issue, which has since been resolved. And could have been fixed anyway with proper firewall rules :)

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Jun 20, 2014 9:31 am
by Guest
Step (5

relise it's a damn phone, and you shouldn't trust it farther then you can throw it.

insecure pripriotary baseband firmware has unrestricted access to the phones memory.

you could hand code, line by line, the perfect unpenitrable OS for you phone, and it wouldn't make a god dam bit of difference- because the easily hackable (using <1.4k$ usd equipment) baseband will turn over complete control of your phone to anyone with the knowlege and equipment to do so.

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Tue Jun 24, 2014 12:37 am
by Tealc
XPrivacy mod.... simply the best thank you Guest

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Tue Jun 24, 2014 2:06 pm
by vpnDarknet
Tealc wrote:XPrivacy mod.... simply the best thank you Guest

I've been using Android from the release of the N1, and this is the first app I've paid for!
I really appreciate the many lock down options focused to individual apps.

Let's see if I get cold sweats breaking going cold turkey on GAPPS, thanks for the recomendation much appreciated.

Oh, and the additional modules are sweet, lots more functionality.

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Wed Jun 25, 2014 5:19 am
by marzametal
vpnDarknet wrote:
Tealc wrote:XPrivacy mod.... simply the best thank you Guest
Let's see if I get cold sweats breaking going cold turkey on GAPPS, thanks for the recomendation much appreciated.

Same... haven't had GAPPS installed for 3 days now (whether it be full, core or bare-bone)... been abusing the apkleecher website a bit... mind you after I set apps up previously, I'd backup and uninstall them as a precaution. Now, nothing! Although, I did notice when I had the CPU info selected to load on my screen, that com.google.android.gapps popped up once. So I am left wondering...

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Wed Jun 25, 2014 8:17 pm
by Guest
Guest wrote:{ Standard warnings apply with caution being required when installing apks from unknown sources - cryptostorm_support }


Sorry for my late reply. I was really busy and still am.

This shows how considerate our friends at CryptoStorm are! Good thinking but I can give an all-clear signal on this source: It's provided by the maker himself, Arne Schwabe.
I grabbed the link from his own google-code page so it should be more than fine.

Proof: https://code.google.com/p/ics-openvpn/
At the bottom under footnotes you find "If you cannot or do not want to use the Play Store you can download the apk files directly."

Glad I was able help some folks out with that even though the whole post was very rushed. ;)

PS: I forgot another great XPosed Module --> Auto VPN Dialog Confirm. It helps you get rid of the annoying "do you trust this VPN?" dialog. With this you can create a 100% automatic VPN environment if you also tell Arne Schwabes OpenVPN that it should connect at startup and on network change.

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Wed Jun 25, 2014 8:39 pm
by Guest
marzametal wrote:In regards to Also activate VPN at "all applications". On its face, it's worth activating to force everything through the VPN. My thought on this is, rather block access than allow access? For example, in the firewall log, crap pops up left right and center. I'd rather see things being blocked than allowing it through the VPN for the sole reason it is a secure path. I'm not saying take this as gospel, but would like your opinion if possible.


Well... This heavily depends on how you handle security on your phone. I use AFWall+ as a simple leakblock that I set up and "forget". I very rarely open it up; mostly when a new version got released to check on new options.
I like to manage all my security at one place and this is the XPrivacy module. I can block internet access there as well and do this actively. My default settings are to block everything by default (even the red system permissions) and then allow individual permissions as they are actually needed for the app to work. (emphasis on "actually"! Not what it requests! :lol: )
But that is just how I do things.

You could very well do a different approach in managing different things at different places. You could also use AFWall+ as a second line of defense for the very unpleasant case that XPrivacy for some reason fails to block internet access. So yes: Your approach is very reasonable. Just be careful with the system services. There may be cases where you want to block some of those but this should only be done by people who very well know what the individual system services do.

As to your gapps incident... There still are (and always will be) some resources with google in their name if you use an android based rom but gapps should not be there. The only explanation I have is that some app requested access to it not knowing that it doesn't reside on your phone.

But anyways: Always glad to see that people actually care and get rid of GAPPs and the Google Services Framework! You really rarely (or never) need those as you can grab your Apps anyways. With it all security efforts are pretty useless in my opinion.

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Sat Jun 28, 2014 3:26 am
by kelltech
So this is for rooted devices? How about non rooted? My new tablet isn't rooted yet. I used to be able to connect on this tablet but since buying a new token I can't connect any more. I started from the beginning and still get "Auth failed" every time. I even reinstalled the OpenVPN app. Any suggestions?

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Sat Jul 05, 2014 8:17 am
by vpnDarknet
kelltech wrote:So this is for rooted devices?


I've just updated OpenVPN via F-Droid, and it states:

OpenVPN without root
with the VPNService in Android 4.0+ it is possible to create a VPN that doesn't need root access


I haven't tested it as yet though

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Sun Jul 06, 2014 1:14 am
by Tealc
Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.

And BTW, it works with non rooted phones, but I've found out that some "branded" android versions doesn't allow OpenVPN to make their magic, for example with my non-rooted HTC M8 (also in my M7 :-D ) I've got it working in a heart beat, with my wife's non rooted Samsung Galaxy S5 no such luck, at first the app crashed, them after several re-install I got to the import config file part and it crashed, but got to add the conf to the profiles page (??) but wen I try to connect it just doesn't work saying something about "... severe damage to your device" I've already sent a but report to the man in charge of producing this amazing app, let's see what he have to say :-D

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Tue Jul 08, 2014 10:30 pm
by kelltech
Tealc wrote:Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.


Thank you Tealc, very much appreciated. Will the new confs be in the same place when they're ready?

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Thu Jul 10, 2014 5:32 am
by marzametal
Has anyone noticed a new entry in the OpenVPN for Android log?
When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".
It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Thu Jul 10, 2014 11:52 pm
by Tealc
kelltech wrote:
Tealc wrote:Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.


Thank you Tealc, very much appreciated. Will the new confs be in the same place when they're ready?



So everything updated... this time there are all the "exit nodes" available, if you find some kind of error let me know.

BTW to everyone that's going to check the config file BEFORE using, YES I've removed the hostname of the "exit node" and left only the IP, I actually don't know why, but I've got a bunch of errors with the hostname in place. If you do not want this, just change it back to the hostname :P

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Thu Jul 10, 2014 11:56 pm
by Tealc
marzametal wrote:Has anyone noticed a new entry in the OpenVPN for Android log?
When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".
It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...


Which beta version are you running? Because, the OLD Android OVPN config's where for the 0.6.11 stable,this ones will only work with 0.6.17 stable or bigger :-D

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Jul 11, 2014 2:14 am
by kelltech
Tealc wrote:So everything updated... this time there are all the "exit nodes" available, if you find some kind of error let me know.


Works perfectly, a million thanks!! :clap:

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Jul 11, 2014 6:59 am
by marzametal
Tealc wrote:
marzametal wrote:Has anyone noticed a new entry in the OpenVPN for Android log?
When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".
It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...


Which beta version are you running? Because, the OLD Android OVPN config's where for the 0.6.11 stable,this ones will only work with 0.6.17 stable or bigger :-D


Yeah, I was on 0.6.15 when I saw the Google Breakpad stuff pop up... so jumped to 0.6.17, been about a week or so since the upgrade.
Ahhh, I see the step I missed. It wasn't enough to just upgrade to 0.6.17. I have to also upgrade the config file too... small request, can you add a little line at the beginning of the first post to indicate when it was last updated, instead of relying solely on the update dates inside it?

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Sat Jul 12, 2014 12:09 am
by Tealc
marzametal wrote:...
... small request, can you add a little line at the beginning of the first post to indicate when it was last updated, instead of relying solely on the update dates inside it?


Do you mean this?
1234.jpg


It's been here since day one :-D

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Sun Jul 27, 2014 3:30 am
by Tealc
Updated conf's with patch for correcting tls error

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Tue Aug 19, 2014 12:24 am
by Tealc
Main topic updated.

Outdated exit nodes removed, added other links for the OpenVPN for Android app for the ones that don't like the Play Store :-D

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Fri Sep 19, 2014 11:02 pm
by Jarmer
Recently I upgraded to a 4.4.4 ROM and am currently using the standard configs posted in the op. Things at first work great then I start getting the attached error messages over and over again. I'm using a token I purchased in April for one year so I know its not that, and it connects fine to begin with. Just after a while it starts disconnecting and erroring out with the auth failure messages. Any ideas here? I saw some comments above that 4.4.2+ have issues with openvpn, that still the case now?

Screenshot_2014-09-19-13-50-29.png

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Sat Sep 20, 2014 10:30 am
by marzametal
OpenVPN works fine on 4.4.4, provided you are using the latest OpenVPN for Android build... The latest stable is .6.17, although I just noticed there is a beta (up to you). You can download it from here Full List of OpenVPN for Android releases

May I ask what ROM you are using? I am using SlimSaber 4.4.4

The errors also might have to do with the recent disruptions on the UNSAE exit node. I had to resort to Onyx and haven't looked back. Do you get the errors on other cluster choices?

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Posted: Mon Sep 22, 2014 2:53 am
by Tealc
Jarmer wrote:Recently I upgraded to a 4.4.4 ROM and am currently using the standard configs posted in the op. Things at first work great then I start getting the attached error messages over and over again. I'm using a token I purchased in April for one year so I know its not that, and it connects fine to begin with. Just after a while it starts disconnecting and erroring out with the auth failure messages. Any ideas here? I saw some comments above that 4.4.2+ have issues with openvpn, that still the case now?


What's your OpenVPN version? You should only use the 0.6.17 or up, anything older will give several bizarre errors.
All versions of Android now work fine, no problems even with 4.4.2 :-D

Which exit node are you using? This auth error get's reproduced in others exit nodes?

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Mon Mar 09, 2015 9:14 pm
by VirtuosicVagabond
How about the Cryptofree.ovpn file?

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Tue Mar 10, 2015 1:06 am
by Tealc
VirtuosicVagabond wrote:How about the Cryptofree.ovpn file?


"Your request is my command" :-D

Check my Owncloud, it's there :-)

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Tue Mar 10, 2015 3:40 pm
by VirtuosicVagabond
Tealc wrote:
VirtuosicVagabond wrote:How about the Cryptofree.ovpn file?


"Your request is my command" :-D

Check my Owncloud, it's there :-)

*tips hat*

Any chance that you know the full Cryptofree token?
It doesn't let me copy it. It starts with "4a8....etc"

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Tue Mar 10, 2015 7:57 pm
by Tealc
VirtuosicVagabond wrote:
Tealc wrote:
VirtuosicVagabond wrote:How about the Cryptofree.ovpn file?


"Your request is my command" :-D

Check my Owncloud, it's there :-)

*tips hat*

Any chance that you know the full Cryptofree token?
It doesn't let me copy it. It starts with "4a8....etc"


According to this viewtopic.php?f=58&t=6528 it doesn't matter what you put in.

When it asks for a user/password, type "snowden" "rocks!" (actually it doesn't matter what you type, but type something)

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Tue Mar 10, 2015 9:54 pm
by VirtuosicVagabond
So what's the difference between the .ovpn file you posted and the .conf file posted in that other thread?

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Wed Mar 11, 2015 11:09 pm
by Tealc
VirtuosicVagabond wrote:So what's the difference between the .ovpn file you posted and the .conf file posted in that other thread?


If you open with a text editor both of them you will see that there are a LOT a differences, the main configuration parameters in my ovpn file are the same has the recommended by Staff from the 1.4 version.

Actually the main differences are:

1) I don't use FQDN to try to connect to the server (be warned that this isn't recommended by Staff), the main purpose of putting only the naked IP is that many devices, and it doesn't matter what version of Android you're running, have some problems trying to figure out the FQDN and tend to leak the real IP address to 3rd party for the dns resolve of the FQDN.
It's been documented here in the forum that you can fix the dns resolve problem of sending the real ip address before connecting to CS with ipblock or AFwall+ or something like this, but has you can figure we would need a lot more work to do that, it's simple and easier to put the naked IP, just sayinging :-D.
Just a small remark, if you use a naked IP, if that server is down or something there will be no dynamic balancing of your connection to another server and that could be a potential security risk?!

2) Since the beginning of my involvement in CS the "main ovpn file" used with RAW linux connections wasn't really accepted in a lot of the configuration parameters by the default ovpn android app, I know that since then the parameters have change and the normal 1.4 conf CS ovpn file can be imported to the ovpn android app without critical errors, but still with some.

You know, this comes down to your choice, my config files for android are here for everyone see and test, there are no hidden parameters (is that even possible?) and they are hassle free, they just work out-of-the-box (or owncloud :-D )

Stay awesome,

Tealc

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Mon Mar 16, 2015 10:44 am
by VirtuosicVagabond
So I couldn't really get either option to hold a decent connection. Don't think I successfully loaded a single thing while connected.
Oh well.

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Wed Aug 05, 2015 8:13 am
by FrostyLV
I'm having trouble connecting, I get an error message asking me to download a certificate.

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Thu Aug 06, 2015 11:16 pm
by parityboy
@FrostyLV

See my signature for the separate certificate files - "post-Heartbleed". Clients seem to have trouble loading the in-line certificate in the configuration file.

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Tue Sep 01, 2015 11:49 am
by kittenrocketTEMP
anyone had any routing issues using android cyanogenmod? works great on my ph but my custom tablet dont worky

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Sun Sep 27, 2015 3:00 am
by abadonna
Well, I have problems with running it on my mobile phones... I have tried on Nexus4 (CM 11-stable) and OnePlus One (CM 12.1-Nightly). On both phones I have the same behaviour:
OpenVPN connects, authenticates, connection is established. And few seconds later:

2015-09-27 05:40:40 MANAGEMENT: >STATE:1443296440,CONNECTED,SUCCESS,10.33.24.120,103.254.153.243
2015-09-27 05:41:01 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
2015-09-27 05:41:06 MANAGEMENT: CMD 'signal SIGINT'
2015-09-27 05:41:06 SIGTERM received, sending exit notification to peer
2015-09-27 05:41:07 MANAGEMENT: Client disconnected
2015-09-27 05:41:07 NOTE: --mute triggered...
2015-09-27 05:41:07 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-09-27 05:41:07 TCP/UDP: Closing socket

The full log is here: https://cryptobin.org/r1z5j6p4
Decrypt password: mylog

Help! SOS!

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Mon Sep 28, 2015 3:42 pm
by parityboy
@abadonna

Do you have a vanilla Android device you can use as a "control" during testing?

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Fri Oct 02, 2015 2:11 pm
by abadonna
@parityboy, sorry for a delay (I've been off-line for last few days).
Not really... Both are CyanogenMod... Maybe you could suggest what else might I try?

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Sat Oct 03, 2015 12:28 am
by Tealc
It apears this is a know bug with Android 5.0+ and more specifically with the One Plus:

https://github.com/schwabe/ics-openvpn/issues/393

I was told in DM with Arne that is going to address this issue in the next version of the program, he didn't have a ETA, but he told me that it was soon.

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Mon Oct 12, 2015 11:37 pm
by JTD121
Curious; why don't we use the official OVPN app? I read through part of the thread, but saw no mention of it, other than to use the app from Arne Schwabe

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Sat Oct 17, 2015 5:21 am
by Phugiyama
Sorry for the noob request for help.

Having problems logging in with OpenVPN. I'm using OpenVPN Connect 1.1.16 (Core 3.0.3) on Android 4.4.2.

I get the error:

OpenVPN core error : option_error:
sorry, 'fragment' directive is not supported, nor is connecting to a server that uses 'fragment' directive

What does this mean?

How to resolve?

Thanks.

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Sat Oct 17, 2015 3:59 pm
by Tokumei Nanashi
abadonna wrote:Well, I have problems with running it on my mobile phones... I have tried on Nexus4 (CM 11-stable) and OnePlus One (CM 12.1-Nightly). On both phones I have the same behaviour:
OpenVPN connects, authenticates, connection is established. And few seconds later:

2015-09-27 05:40:40 MANAGEMENT: >STATE:1443296440,CONNECTED,SUCCESS,10.33.24.120,103.254.153.243
2015-09-27 05:41:01 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
2015-09-27 05:41:06 MANAGEMENT: CMD 'signal SIGINT'
2015-09-27 05:41:06 SIGTERM received, sending exit notification to peer
2015-09-27 05:41:07 MANAGEMENT: Client disconnected
2015-09-27 05:41:07 NOTE: --mute triggered...
2015-09-27 05:41:07 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-09-27 05:41:07 TCP/UDP: Closing socket


I'm having a similar issue on an HTC J Butterfly running Android 4.1.1 It's vendor modified version I'm sure, not pure stock Android, but attempting to connect with OpenVPN as per this tutorial seems to connect successfully, then disconnects, then reconnects, then disconnects, etc etc.

Even when the device is in a connected state, it doesn't receive any data. It seems to send, but nothing comes back. I've tried with both Singapore and Cryptofree and both give the same result.

I don't know if this'd be the same problem with OpenVPN or something completely different, but not being able to Cryptostorm on my phone is, like, bumming me out dude :P

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Sat Oct 17, 2015 4:37 pm
by Fermi
Hi,

When having:
2015-09-27 05:41:01 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented

in the logfile, try commenting the following directive in the .ovpn file:
mssfix 1400


Regards,

/Fermi

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Sun Oct 18, 2015 9:53 pm
by Tokumei Nanashi
Fermi wrote:Hi,

When having:
2015-09-27 05:41:01 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented

in the logfile, try commenting the following directive in the .ovpn file:
mssfix 1400


Regards,

/Fermi


I checked the .ovpn file for Singapore I got from Tealc's OwnCloud, and I can't find a "mssfix 1400" line to comment out.

This is what it looks like when I open it in a text editor:

# Enables connection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold
setenv IV_GUI_VER "de.blinkt.openvpn 0.6.17"
machine-readable-output
client
verb 4
connect-retry-max 5
connect-retry 5
resolv-retry 60
dev tun
remote 103.254.153.243 443 udp
auth-user-pass
auth-retry nointeract
<ca>
-----BEGIN CERTIFICATE-----
*cert gobbledygook here*
-----END CERTIFICATE-----
</ca>
comp-lzo
redirect-private unblock-local
route 0.0.0.0 0.0.0.0 vpn_gateway
nobind
cipher AES-256-CBC
auth SHA512
float
persist-tun
preresolve
management-query-proxy
key-method 2
down-pre
ns-cert-type server
explicit-exit-notify 3
fragment 1400
mute 1
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
replay-window 128 30
resolv-retry 17
hand-window 37


I see a "fragment 1400", should that be commented out?

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Mon Oct 19, 2015 12:00 am
by Fermi
Hi,

my bad.
Please try with fragment 1400 commented out.

Regards,

/Fermi

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Mon Oct 19, 2015 8:23 am
by Tokumei Nanashi
Fermi wrote:Hi,

my bad.
Please try with fragment 1400 commented out.

Regards,

/Fermi


I can confirm that this works. Thanks!

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Tue Oct 20, 2015 8:03 am
by phugiyama
Well, I've read this whole thread and tried various things, but can't get neither OpenVPN for Android or OpenVPN Connect to work on 4.4.2

I can connect but I can't receive data.

I'm about to pull the plug on this trial.

BTW, I'm trying from China.

Any ideas?

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Wed Oct 21, 2015 9:48 pm
by parityboy
@phugiyama

Can you post logs of what the OpenVPN client(s) are doing?

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Thu Nov 26, 2015 1:40 am
by Filius
Tealc, do you have a mirror for the config files? The server seems to be down.

Thanks for your work!

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Thu Nov 26, 2015 6:27 am
by jlg
Here is a copy of germany_cantus.ovpn for Android I have stored on my Google Drive.

I hope it helps some others.

https://drive.google.com/file/d/0BwjaRP ... sp=sharing

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Fri Nov 27, 2015 1:57 pm
by jlg
Tealc's owncloud at the top of this page is currently down/offline. He needs to physically get to the server to get it back up and is currently on vacation. This will be fixed within a week or so.

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Sat Dec 12, 2015 9:15 pm
by Tealc
jlg wrote:Tealc's owncloud at the top of this page is currently down/offline. He needs to physically get to the server to get it back up and is currently on vacation. This will be fixed within a week or so.


It's working just fine now! Thank you @jlg

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Fri Feb 26, 2016 4:45 pm
by col883
[Help] I cannot seem to get Cryptofree Android working. Tried Tealc's cryptofree.but no internet.for me strange, It says connection "success" but I got no data coming "in" on network monitor. Data going out seems ok. So cant even browse. Arnes OpenVPn says "WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'"
I am on Lollipop 5.1, rooted. Any advice please? what am I doing wrong? I would like to get this free one able to working on my android before I next step buy token for non-free.

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Fri Feb 26, 2016 8:22 pm
by Tealc
Can you post here the complete log of the openvpn connection status?
Just print screen the "bitch", the link mtu has nothing to do with it :-)
Btw do you have any kind of those "Internet Protection Suite" like "Panda Antivirus PRO"?

Tealc


col883 wrote:[Help] I cannot seem to get Cryptofree Android working. Tried Tealc's cryptofree.but no internet.for me strange, It says connection "success" but I got no data coming "in" on network monitor. Data going out seems ok. So cant even browse. Arnes OpenVPn says "WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'"
I am on Lollipop 5.1, rooted. Any advice please? what am I doing wrong? I would like to get this free one able to working on my android before I next step buy token for non-free.

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Sat Feb 27, 2016 3:18 am
by wpaschukat
Hey,

same problem here, Lollipop, not rooted. And no, no Panda or any other bs installed.

Gracias.

Verbose log:

2016-02-26 23:11:42 official build 0.6.47 running on samsung SM-G920F (universal7420), Android 5.1.1 (LMY47X) API 22, ABI arm64-v8a, (samsung/zerofltexx/zeroflte:5.1.1/LMY47X/G920FXXU3COI9:user/release-keys)
2016-02-26 23:11:42 Building configuration…
2016-02-26 23:11:42 started Socket Thread
2016-02-26 23:11:42 Current Parameter Settings:
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 182 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 OpenVPN 2.4-icsopenvpn [git:icsopenvpn-c75f06c933a596fb] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Feb 10 2016
2016-02-26 23:11:42 library versions: OpenSSL 1.0.2f 28 Jan 2016, LZO 2.09
2016-02-26 23:11:42 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2016-02-26 23:11:42 MANAGEMENT: CMD 'hold release'
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 3 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 LZO compression initializing
2016-02-26 23:11:42 Control Channel MTU parms [ L:1606 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 2 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 TCP/UDP: Preserving recently used remote address: [AF_INET]130.180.201.117:443
2016-02-26 23:11:42 Socket Buffers: R=[229376->229376] S=[229376->229376]
2016-02-26 23:11:42 MANAGEMENT: CMD 'state on'
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 UDP link local: (not bound)
2016-02-26 23:11:42 UDP link remote: [AF_INET]130.180.201.117:443
2016-02-26 23:11:42 MANAGEMENT: >STATE:1456524702,WAIT,,,,,,
2016-02-26 23:11:42 Network Status: CONNECTED to WIFI "home.fast"
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 TLS: Initial packet from [AF_INET]130.180.201.117:443, sid=d71e1efb 78a7c407
2016-02-26 23:11:42 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2016-02-26 23:11:42 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite / cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 2 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'
2016-02-26 23:11:42 WARNING: 'mtu-dynamic' is present in local config but missing in remote config, local='mtu-dynamic'
2016-02-26 23:11:42 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 4 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 [server] Peer Connection Initiated with [AF_INET]130.180.201.117:443
2016-02-26 23:11:44 MANAGEMENT: >STATE:1456524704,GET_CONFIG,,,,,,
2016-02-26 23:11:44 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2016-02-26 23:11:44 NOTE: --mute triggered...
2016-02-26 23:11:44 7 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:44 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo HWADDR=00:00:00:00:00:00
2016-02-26 23:11:44 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-02-26 23:11:44 MANAGEMENT: >STATE:1456524704,ASSIGN_IP,,10.33.90.106,,,,
2016-02-26 23:11:44 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2016-02-26 23:11:44 NOTE: --mute triggered...
2016-02-26 23:11:44 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:44 MANAGEMENT: >STATE:1456524704,ADD_ROUTES,,,,,,
2016-02-26 23:11:44 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2016-02-26 23:11:44 NOTE: --mute triggered...
2016-02-26 23:11:44 Opening tun interface:
2016-02-26 23:11:44 Ignoring multicast route: 224.0.0.0/3
2016-02-26 23:11:44 Local IPv4: 10.33.90.106/16 IPv6: null MTU: 1500
2016-02-26 23:11:44 DNS Server: 31.24.34.50, Domain: null
2016-02-26 23:11:44 Routes: 0.0.0.0/0, 10.33.0.0/16
2016-02-26 23:11:44 Routes excluded: 192.168.1.17/24
2016-02-26 23:11:44 VpnService routes installed: 0.0.0.0/1, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/24, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3
2016-02-26 23:11:44 Disallowed VPN apps:
2016-02-26 23:11:44 3 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:44 Initialization Sequence Completed
2016-02-26 23:11:44 MANAGEMENT: >STATE:1456524704,CONNECTED,SUCCESS,10.33.90.106,130.180.201.117,443,,

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Sun Feb 28, 2016 7:45 am
by col888
hi Tealc
Thanks for replying. i don't use any antivirus at all. i remember on my old phone the android cryptofree worked but i haven't been able to get it work for ages anymore. i tried the cryptofree ovpn from your git and Tealc's ovpn and always same says connection success but not data coming in. just network monitor shows data going out. no panda installed .
here is copy of log. I tried remove all personal info. you might want to recheck if i did:
log from Arnes OpenVPn :

Code: Select all

2016-02-28 12:27:57 Building configuration…
2016-02-28 12:27:58 MANAGEMENT: CMD 'signal SIGINT'
2016-02-28 12:27:58 SIGTERM received, sending exit notification to peer
2016-02-28 12:27:58 MANAGEMENT: Client disconnected
2016-02-28 12:27:58 NOTE: --mute triggered...
2016-02-28 12:27:58 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:27:58 TCP/UDP: Closing socket
2016-02-28 12:27:58 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.
2016-02-28 12:27:58 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.
2016-02-28 12:27:58 Closing TUN/TAP interface
2016-02-28 12:27:58 SIGTERM[soft,management-exit] received, process exiting
2016-02-28 12:27:58 MANAGEMENT: >STATE:1456633678,EXITING,management-exit,,,,,
2016-02-28 12:27:59 started Socket Thread
2016-02-28 12:27:59 Current Parameter Settings:
2016-02-28 12:27:59 NOTE: --mute triggered...
2016-02-28 12:27:59 182 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:27:59 OpenVPN 2.4-icsopenvpn [git:icsopenvpn-c75f06c933a596fb] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Feb 10 2016
2016-02-28 12:27:59 library versions: OpenSSL 1.0.2f  28 Jan 2016, LZO 2.09
2016-02-28 12:27:59 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2016-02-28 12:27:59 Network Status: CONNECTED LTE to MOBILE live.xxxxxmyproviderinforemovedxx.com
2016-02-28 12:27:59 MANAGEMENT: CMD 'hold release'
2016-02-28 12:27:59 NOTE: --mute triggered...
2016-02-28 12:27:59 4 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:27:59 MANAGEMENT: >STATE:1456633679,RESOLVE,,,,,,
2016-02-28 12:27:59 MANAGEMENT: CMD 'proxy NONE'
2016-02-28 12:28:00 LZO compression initializing
2016-02-28 12:28:00 Control Channel MTU parms [ L:1606 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2016-02-28 12:28:00 NOTE: --mute triggered...
2016-02-28 12:28:00 2 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:00 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2016-02-28 12:28:00 NOTE: --mute triggered...
2016-02-28 12:28:00 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:00 TCP/UDP: Preserving recently used remote address: [AF_INET]212.129.10.40:443
2016-02-28 12:28:00 Socket Buffers: R=[212992->212992] S=[212992->212992]
2016-02-28 12:28:00 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2016-02-28 12:28:00 UDP link local: (not bound)
2016-02-28 12:28:00 UDP link remote: [AF_INET]212.129.10.40:443
2016-02-28 12:28:00 MANAGEMENT: >STATE:1456633680,WAIT,,,,,,
2016-02-28 12:28:01 NOTE: --mute triggered...
2016-02-28 12:28:01 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:01 TLS: Initial packet from [AF_INET]212.129.10.40:443, sid=4d027da4 e7da5b21
2016-02-28 12:28:01 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2016-02-28 12:28:07 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
2016-02-28 12:28:07 NOTE: --mute triggered...
2016-02-28 12:28:11 2 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:11 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'
2016-02-28 12:28:11 WARNING: 'mtu-dynamic' is present in local config but missing in remote config, local='mtu-dynamic'
2016-02-28 12:28:11 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-28 12:28:11 NOTE: --mute triggered...
2016-02-28 12:28:11 4 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:11 [server] Peer Connection Initiated with [AF_INET]212.129.10.40:443
2016-02-28 12:28:12 MANAGEMENT: >STATE:1456633692,GET_CONFIG,,,,,,
2016-02-28 12:28:12 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2016-02-28 12:28:14 NOTE: --mute triggered...
2016-02-28 12:28:14 7 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:14 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo HWADDR=00:00:00:00:00:00
2016-02-28 12:28:14 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-02-28 12:28:14 MANAGEMENT: >STATE:1456633694,ASSIGN_IP,,10.55.0.8,,,,
2016-02-28 12:28:14 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2016-02-28 12:28:14 NOTE: --mute triggered...
2016-02-28 12:28:14 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:14 MANAGEMENT: >STATE:1456633694,ADD_ROUTES,,,,,,
2016-02-28 12:28:14 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2016-02-28 12:28:14 NOTE: --mute triggered...
2016-02-28 12:28:14 Opening tun interface:
2016-02-28 12:28:14 Local IPv4: 10.55.0.8/16 IPv6: null MTU: 1500
2016-02-28 12:28:14 DNS Server: 195.154.61.33, Domain: null
2016-02-28 12:28:14 Routes: 0.0.0.0/0, 10.55.0.0/16
2016-02-28 12:28:14 Routes excluded: 
2016-02-28 12:28:14 VpnService routes installed: 0.0.0.0/0
2016-02-28 12:28:14 Disallowed VPN apps:
2016-02-28 12:28:14 3 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:14 Initialization Sequence Completed
2016-02-28 12:28:14 MANAGEMENT: >STATE:1456633694,CONNECTED,SUCCESS,10.55.0.8,212.129.10.40,443,,


 ! Message from: parityboy
Edited for clarity

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Posted: Sun Feb 28, 2016 6:33 pm
by Tealc
NEWS UPDATE

Hi there everyone, it seams that Android 5.0.1+ has problems with setting up routes that are pushed by the OpenVPN app, currently no OpenVPN app works, no matter what conf file or version of it you use.

I've already contacted Arne Schwabe and I'm waiting for some news about this problem.

Actually if we google the words "Android 5.1.1 OpenVPN" everyone can see that this is a well spoken subject.

Stay tuned on this topic (use "Notify me when a reply is posted") for more info

EDIT 01/03/2016: It appears that the problem isn't reproduce by everyone, and it currently afects mostly people with non-rooted devices, in my wife non-rooted Sony Z3 it doesn't work, in mine rooted it does work.
Tealc