Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Guides, HOWTOs etc on how to setup Cryptostorm on PCs, smartphones, tablets and routers.
User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tealc » Fri Mar 28, 2014 12:53 am

Note from df: the configs here are likely outdated. the most current ones are always on cryptostorm's github
{direct link: cryptostorm.org/android}
UPDATED: 04/03/2016
*** Everything is working, download new conf's files ***

This tutorial will work out-of-the-box by following the steps below, but you can complement it with this earlier howto if necessary (all credit to @Graze for doing the original post.)

1) Install the "OpenVPN for Android" application from Arne Schwabe (source here and here):
Devs self compiled copies: link (**** LINK FIXED - 20150209 Graze ****)
Fdroid: link
Google Play Store: link
This method will only work with OpenVPN version 0.6.45 or bigger.

2) Download and send to your smartphone the OpenVPN config file with the server you want, for the purpose of this tutorial we will use "USCentral-mishigami.ovpn" from github.com

SIDE NOTE: If you change the name "USCentral-mishigami.ovpn" to "whatever.ovpn" the "Profile Name" in the OpenVPN application will acquire that name

3) Open OpenVPN and click "Folder" icon from the right side corner of the screen, this is your "Import Configuration File", just navigate with the file explorer to the directory where you have "USCentral-mishigami.ovpn" and click "Select". The "Import Log" will tell you that it was successfully imported. IMPORTANT: Click the "Disk" button from the bottom right screen side or it will not save in the app.

4) Open OpenVPN app and if you do not see the "USCentral-mishigami" connection just go to "Settings" and then go back to "Profiles".
4.1) Select the "USCentral-mishigami" and it will ask you for a Username/Password, so this is the most tricky part:
4.2) You'll want to take your token and (on your phone) put it in here and calculate the SHA512 hash.
4.3) Take that SHA512 and use it as your Username (NOT password!!!)... Paste it in there. (If you have problems pasting on your device for whatever reason, I ended up picking up a free app called EZ Copy&Paste, which allowed me to shove my SHA512 in there and I am suddenly wondering how I lived without it... Anyway....)
4.4) Enter a password. Can be anything. Cannot be left blank (it complains about that later if you do...)

And that's it, you're good to go! This OpenVPN config file will work with ALL rooted & NON rooted smartphones Android 4.2 and up.

Hope this makes Android lovers like me, a little bit more happy :lol: :lol:
Last edited by Tealc on Thu Jul 30, 2015 10:58 pm, edited 24 times in total.

User avatar

Graze
Posts: 247
Joined: Mon Dec 17, 2012 2:37 am
Contact:

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Graze » Fri Mar 28, 2014 4:07 am

Thanks so much for this - going to try it out now :)
------------------------
My avatar is pretty much what I look like. ;) <-- ...actually true, says pj
WebMonkey, Foilhat, cstorm evangelnomitron.
Twitter: @grazestorm.
For any time sensitive help requests, best to email the fine bots in support@cryptostorm.is or via Bitmessage at BM-NBjJaLNBwWiwZeQF5BMLYqarawbgycwJ ;)

User avatar

cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby cryptostorm_support » Fri Mar 28, 2014 10:01 am

That's awesome. Definitely going to give that a shot on my phone
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

acid1c
Posts: 49
Joined: Sat Aug 31, 2013 5:42 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby acid1c » Tue Apr 01, 2014 7:16 am

I would suggest using Fdroid or the devs self compiled copies of Openvpn for android https://plai.de/android/

Also he has an xposed module to auto accept to avoid that check box and ok confirmation. :)

@Tealc if you mean developing a CS android app, I would be for it. :D
Bitmessage me with Questions, Help, or ChitChat :) - BM-2cV5BzWc9P7vufQREE8Be4U64GBgRJ3GnT
" Those who do not move, do not notice their chains." -Rosa Luxemburg

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Wed Apr 02, 2014 1:51 am

acid1c wrote:I would suggest using Fdroid or the devs self compiled copies of Openvpn for android https://plai.de/android/

Also he has an xposed module to auto accept to avoid that check box and ok confirmation. :)

@Tealc if you mean developing a CS android app, I would be for it. :D


Hi there, and thank you for your reply :lol: :-D So I'm using AFwall+ just like the tutorial you posted :D It's just great.

It's been 3 months that I've used Titanium BackUP Pro to remove all the Play Store ties, I really don't like all the snooping around of 99.9% of the apps :shifty:

In this OpenVPN matter, I've also went with your "xposed module" and now, no more annoying pop-ups saying something about security, I'm going to install the "Android Revolution HD 61.1" for my HTC ONE and with that I'm going to try and cut the maximum on Google Services, let's see what happens?!

For the Cryptostorm VPN app I really think that this would be a plus, since it would make everything much easier, nevertheless we are actually very fortunate since at least we got it working, there are some iOS users that can't say the same thing (maybe you should change to android?)

User avatar

Jarmer
Posts: 15
Joined: Sat Aug 17, 2013 9:10 pm

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Jarmer » Wed Apr 02, 2014 8:28 pm

SWEET! So happy to have this! I'm going to go buy an additional token for my phone... RIGHT NOW. Can't even wait for the reduced pricing anymore, I want this on my phone and laptop simultaneously right now!

I used afwall+ in the past, but it did not work at all for mobile data. It worked fine for blocking stuff through wifi, but did zero nothing nada for mobile data. If I set it to route everything through the vpn connection, will that fix this issue, even when the vpn is connected over mobile data connection?

And I for one would LOVE an android app. Would definietly give CS users a little easier way to connect and might even convince them to buy more tokens $$$$

Thanks everyone for making this updated thread.
Last edited by Jarmer on Wed Apr 02, 2014 8:37 pm, edited 1 time in total.

User avatar

Graze
Posts: 247
Joined: Mon Dec 17, 2012 2:37 am
Contact:

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Graze » Fri Apr 04, 2014 5:05 am

Jarmer wrote:Hey, just a quick note to site admin/mods: you might want to update this page:
https://cryptostorm.is/connect.html

down a little it has a link for connecting via android that is set to go to android.cryptostorm.org and then redirects to the old locked android topic. Can you please update that to point to here instead?


Done... :)

... and huge thanks for noticing and taking the time to point it out, by the way. That's the sort of stuff that would frustrate many a new user.
------------------------
My avatar is pretty much what I look like. ;) <-- ...actually true, says pj
WebMonkey, Foilhat, cstorm evangelnomitron.
Twitter: @grazestorm.
For any time sensitive help requests, best to email the fine bots in support@cryptostorm.is or via Bitmessage at BM-NBjJaLNBwWiwZeQF5BMLYqarawbgycwJ ;)

User avatar

Jarmer
Posts: 15
Joined: Sat Aug 17, 2013 9:10 pm

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Jarmer » Fri Apr 04, 2014 7:14 pm

Sure thing, glad I could help.

And Tealc, wohoo!! it works!! Running on the Montreal node right now, and when I connect it gives me the message about the protected socket, and then a warning about saving passwords (lol since the pw doesn't even do anything anyway) and then that's it! So it appears whatever you did with the config worked, and now I'm running fine.

I do have a couple general questions about messages I've seen in the log, I don't *think* they are issues, I just don't know what they mean and was hoping you could help me out.

There are two attached screenshots of the log. On the "deletingroutes" screenshot, I get those messages about deleting the routes when I disconnect and reconnect, is that normal?

On the other, about the ipv4/ipv6 protocol, I woke up this morning and the VPN was disconnected and frozen/hung at the "resolving host names" status, and I had to quit and restart the app to fix it, and it had the messages about the protocol underneath. Any ideas on this one? I'm taking a wild guess and think that maybe it's due to low cell network signal? My bedroom has really low service, so if the cell connection was unstable/dropped off or something like that would it do that?

Again, thanks SO MUCH for this thread and all the help with people like me!!
Attachments
Screenshot_2014-04-04-07-28-11.png
determineprotocol
Screenshot_2014-04-03-19-16-41.png
deletingroutes

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Fri Apr 04, 2014 11:31 pm

Jarmer wrote:On the "deletingroutes" screenshot, I get those messages about deleting the routes when I disconnect and reconnect, is that normal?

Yeah the "deleting routes" error is common with this configuration since android doesn't support deleting the default routes. But if you check, that only happens when you disconnect and reconnect, but by default every time you disconnect the VPN android will input the default android routes, that's what he is trying to erase not the routes from cryptostorm, but the main purpose here is that the routes got replace, I actually don't care if they didn't get deleted. (Did that make sense? It's actually not very easy to explain this, since english isn't my mother language)

Jarmer wrote:On the other, about the ipv4/ipv6 protocol, I woke up this morning and the VPN was disconnected and frozen/hung at the "resolving host names" status


So that means that maybe you didn't have internet access ALL the time, and the OpenVPN time-out, you can solve this by adding "ping 10" to the Custom Options in the profile that you want to change, there is already a thread here that talks about this, I don't add it by default since MANY android devices disconnect from the internet when the screen is off (if not the battery will last only 6 hours?).

Please don't touch the IPV6 option :wtf:

User avatar

Jarmer
Posts: 15
Joined: Sat Aug 17, 2013 9:10 pm

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Jarmer » Sat Apr 05, 2014 12:40 am

Sounds good on the routes, I gotcha, I thought it wasn't an error so that's good to hear an explanation.

And yeah, I'd guess internet dropped out a couple times overnight where the connection is spotty in the bedroom, so then the VPN couldn't reconnect. I'll keep my eye on this, but I don't think I want to add the ping thing since it's working fine right now as long as I don't have a super spotty connection. Mine doesn't look like it's disconnecting at all when the screen's off. It also doesn't look like it's using much battery. Loving this connection so far!!!

Thanks Tealc for the explanations! Also............ I'M GOING TO TOUCH ALLLLLLL THE IPV6 OPTIONS MWUAHAHAHAHHAHAHA

User avatar

marzametal
Posts: 501
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby marzametal » Wed Jun 11, 2014 6:41 pm

Anyone tried this out on Android 4.4.3 yet? I manage to connect, but after a couple of minutes I get booted off. I have attached a log file...

log.txt
Include a successful connection, first drop and a 2nd retry...
(9.84 KiB) Downloaded 1285 times

User avatar

marzametal
Posts: 501
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby marzametal » Fri Jun 13, 2014 5:48 am

Looks like I jumped the gun here...
4.4.3 is kicking up a lot of fuss from what I read in relation to OpenVPN, both on code.google.com pages and various OpenVPN forums/comment feeds. Even some app developers on Google Play have been burned by the very company some of them work side by side with. It doesn't look like Google gives a toss for OpenVPN compatibility. I wanted to keep 4.4.3, so I set up my phone to dual boot and made the 2nd ROM a 4.4.2, which loves OpenVPN for Android... sorry for the posts!

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby vpnDarknet » Fri Jun 13, 2014 6:53 am

openvpn seems to be working fine for me on 4.4.3, on a Nexus 4.
I'd like to load Cyanogenmod, but I'm hooked on Google apps... I'm going to have to cut the apron strings, maybe a project for the weekend
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me

User avatar

marzametal
Posts: 501
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby marzametal » Fri Jun 13, 2014 9:47 am

vpnDarknet wrote:openvpn seems to be working fine for me on 4.4.3, on a Nexus 4.


What a showoff... lmao :crazy:
I am using a Galaxy S2.

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby vpnDarknet » Fri Jun 13, 2014 10:14 am

haha you can bet I'm doing something wrong, and has more (dns) holes than a pair of fish net stockings :D
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Sat Jun 14, 2014 2:24 pm

vpnDarknet wrote:haha you can bet I'm doing something wrong, and has more (dns) holes than a pair of fish net stockings :D


What do you mean?

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Sat Jun 14, 2014 2:26 pm

marzametal wrote:Looks like I jumped the gun here...
4.4.3 is kicking up a lot of fuss from what I read in relation to OpenVPN, both on code.google.com pages and various OpenVPN forums/comment feeds. Even some app developers on Google Play have been burned by the very company some of them work side by side with. It doesn't look like Google gives a toss for OpenVPN compatibility. I wanted to keep 4.4.3, so I set up my phone to dual boot and made the 2nd ROM a 4.4.2, which loves OpenVPN for Android... sorry for the posts!


Yeah this is true.... but yesterday Arne Schwabe send out a new version of OpenVPN (for rooted phones) that apparently fix this problem?!? I can't check this out since I'm running "ARHD71.1 ROM" and it comes it OpenVPN support

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby vpnDarknet » Mon Jun 16, 2014 3:06 pm

Tealc wrote:
vpnDarknet wrote:haha you can bet I'm doing something wrong, and has more (dns) holes than a pair of fish net stockings :D


What do you mean?


That however I seem to set up my Android phone I have DNS leaks.

Think I need to look into firewall settings, ditch the OFW, and install Cyanogenmod
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me


Guest

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Guest » Mon Jun 16, 2014 8:00 pm

May I jump into this discussion?
I see your problems with Android here and let me tell you it is basically THE topic that kept me most busy when it comes to OpenVPN. I spent days racking my brain and I tried everything in my (and others) book to get a perfect solution. tl;dr: There is none. Even hacking around the system files doesn't help much and as long as you don't rewrite some Android parts from scratch it's easier to use what the awesome open source community gave us already.
Following my suggestion both gives you a perfectly fine working OpenVPN experience plus a "as safe as it gets with Android" environment on your phone.

One warning though: I won't go into much detail why I suggest the following as it would tage ages to explain.

But let me get to the facts:
  1. Don't use any Android version after 4.2.2! tbh: Use EXACTLY 4.2.2 and nothing else! This also applies to Cyanogenmod! Use CM version 10.1.3 Stable as it is Android 4.2.2. Why you might ask? Because the versions after that have ways to circumvent leak protections like AFWall+ and other nasty stuff concerning available and preferred Crypto parameters. Also the way DNS is handled literally fucks up any reasonable attempt to prevent DNS-Leaks properly on the long run.
  2. Use Arne Schwabes OpenVPN for Android. Grab it on F-Droid. I heard other clients might work as well but Arne does it right. So no experiments.
  3. Use AFWall+ (grab it on F-Droid), activate IPv6 support (to block it!), activate VPN support and the block everything on every network but OpenVPN and VPN-Services. Also activate VPN at "all applications". There you go: Leakblock made easy. (Thx to acid1c)
  4. Install XPosed Framework and install XPrivacy.
  5. And lets be honest here: If you are really serious about not leaking your identity and data to the outside --> DON'T INSTALL GAPPS! PERIOD! If you want PlayStore Apps use Android in a VM and export the APKs or download via APK Downloader. If that's "too uncomfortable" then well... Buy an iPhone, clear your mind from any concerns about privacy and security and enjoy your comfortable stay at the walled garden. ;)


Guest

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Guest » Mon Jun 16, 2014 9:03 pm

You can also grab the OpenVPN apk directly at: http://plai.de/android/

It also has betas if you are of the adventureous type.

{ Standard warnings apply with caution being required when installing apks from unknown sources - cryptostorm_support }

User avatar

marzametal
Posts: 501
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby marzametal » Wed Jun 18, 2014 5:52 am

Cheers, took your advice and went back to a 4.2.2 ROM. I really dig it to be honest. It's cool! I even find OpenVPN connects much quicker, woo hoo!
Tell ya' what... I was blown away when I first saw XPrivacy kick in, thought to myself wtf is this?! Strength beyond strength! I also love the fake mods it can provide in regards to User Agent.
I have made use of some APK Downloader sites since it was mentioned in your post. Thoroughly useful and thanks once again, DesuGuest lmao...

In regards to Also activate VPN at "all applications". On its face, it's worth activating to force everything through the VPN. My thought on this is, rather block access than allow access? For example, in the firewall log, crap pops up left right and center. I'd rather see things being blocked than allowing it through the VPN for the sole reason it is a secure path. I'm not saying take this as gospel, but would like your opinion if possible.


Guest

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Guest » Thu Jun 19, 2014 1:45 am

late Android 4.3 and early 4.4 builds had the DNS leak issue, which has since been resolved. And could have been fixed anyway with proper firewall rules :)


Guest

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Guest » Fri Jun 20, 2014 9:31 am

Step (5

relise it's a damn phone, and you shouldn't trust it farther then you can throw it.

insecure pripriotary baseband firmware has unrestricted access to the phones memory.

you could hand code, line by line, the perfect unpenitrable OS for you phone, and it wouldn't make a god dam bit of difference- because the easily hackable (using <1.4k$ usd equipment) baseband will turn over complete control of your phone to anyone with the knowlege and equipment to do so.

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Tue Jun 24, 2014 12:37 am

XPrivacy mod.... simply the best thank you Guest

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby vpnDarknet » Tue Jun 24, 2014 2:06 pm

Tealc wrote:XPrivacy mod.... simply the best thank you Guest

I've been using Android from the release of the N1, and this is the first app I've paid for!
I really appreciate the many lock down options focused to individual apps.

Let's see if I get cold sweats breaking going cold turkey on GAPPS, thanks for the recomendation much appreciated.

Oh, and the additional modules are sweet, lots more functionality.
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me

User avatar

marzametal
Posts: 501
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby marzametal » Wed Jun 25, 2014 5:19 am

vpnDarknet wrote:
Tealc wrote:XPrivacy mod.... simply the best thank you Guest
Let's see if I get cold sweats breaking going cold turkey on GAPPS, thanks for the recomendation much appreciated.

Same... haven't had GAPPS installed for 3 days now (whether it be full, core or bare-bone)... been abusing the apkleecher website a bit... mind you after I set apps up previously, I'd backup and uninstall them as a precaution. Now, nothing! Although, I did notice when I had the CPU info selected to load on my screen, that com.google.android.gapps popped up once. So I am left wondering...


Guest

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Guest » Wed Jun 25, 2014 8:17 pm

Guest wrote:{ Standard warnings apply with caution being required when installing apks from unknown sources - cryptostorm_support }


Sorry for my late reply. I was really busy and still am.

This shows how considerate our friends at CryptoStorm are! Good thinking but I can give an all-clear signal on this source: It's provided by the maker himself, Arne Schwabe.
I grabbed the link from his own google-code page so it should be more than fine.

Proof: https://code.google.com/p/ics-openvpn/
At the bottom under footnotes you find "If you cannot or do not want to use the Play Store you can download the apk files directly."

Glad I was able help some folks out with that even though the whole post was very rushed. ;)

PS: I forgot another great XPosed Module --> Auto VPN Dialog Confirm. It helps you get rid of the annoying "do you trust this VPN?" dialog. With this you can create a 100% automatic VPN environment if you also tell Arne Schwabes OpenVPN that it should connect at startup and on network change.


Guest

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Guest » Wed Jun 25, 2014 8:39 pm

marzametal wrote:In regards to Also activate VPN at "all applications". On its face, it's worth activating to force everything through the VPN. My thought on this is, rather block access than allow access? For example, in the firewall log, crap pops up left right and center. I'd rather see things being blocked than allowing it through the VPN for the sole reason it is a secure path. I'm not saying take this as gospel, but would like your opinion if possible.


Well... This heavily depends on how you handle security on your phone. I use AFWall+ as a simple leakblock that I set up and "forget". I very rarely open it up; mostly when a new version got released to check on new options.
I like to manage all my security at one place and this is the XPrivacy module. I can block internet access there as well and do this actively. My default settings are to block everything by default (even the red system permissions) and then allow individual permissions as they are actually needed for the app to work. (emphasis on "actually"! Not what it requests! :lol: )
But that is just how I do things.

You could very well do a different approach in managing different things at different places. You could also use AFWall+ as a second line of defense for the very unpleasant case that XPrivacy for some reason fails to block internet access. So yes: Your approach is very reasonable. Just be careful with the system services. There may be cases where you want to block some of those but this should only be done by people who very well know what the individual system services do.

As to your gapps incident... There still are (and always will be) some resources with google in their name if you use an android based rom but gapps should not be there. The only explanation I have is that some app requested access to it not knowing that it doesn't reside on your phone.

But anyways: Always glad to see that people actually care and get rid of GAPPs and the Google Services Framework! You really rarely (or never) need those as you can grab your Apps anyways. With it all security efforts are pretty useless in my opinion.

User avatar

kelltech
Posts: 31
Joined: Mon Mar 24, 2014 11:49 pm

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby kelltech » Sat Jun 28, 2014 3:26 am

So this is for rooted devices? How about non rooted? My new tablet isn't rooted yet. I used to be able to connect on this tablet but since buying a new token I can't connect any more. I started from the beginning and still get "Auth failed" every time. I even reinstalled the OpenVPN app. Any suggestions?

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby vpnDarknet » Sat Jul 05, 2014 8:17 am

kelltech wrote:So this is for rooted devices?


I've just updated OpenVPN via F-Droid, and it states:

OpenVPN without root
with the VPNService in Android 4.0+ it is possible to create a VPN that doesn't need root access


I haven't tested it as yet though
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Sun Jul 06, 2014 1:14 am

Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.

And BTW, it works with non rooted phones, but I've found out that some "branded" android versions doesn't allow OpenVPN to make their magic, for example with my non-rooted HTC M8 (also in my M7 :-D ) I've got it working in a heart beat, with my wife's non rooted Samsung Galaxy S5 no such luck, at first the app crashed, them after several re-install I got to the import config file part and it crashed, but got to add the conf to the profiles page (??) but wen I try to connect it just doesn't work saying something about "... severe damage to your device" I've already sent a but report to the man in charge of producing this amazing app, let's see what he have to say :-D

User avatar

kelltech
Posts: 31
Joined: Mon Mar 24, 2014 11:49 pm

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby kelltech » Tue Jul 08, 2014 10:30 pm

Tealc wrote:Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.


Thank you Tealc, very much appreciated. Will the new confs be in the same place when they're ready?

User avatar

marzametal
Posts: 501
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby marzametal » Thu Jul 10, 2014 5:32 am

Has anyone noticed a new entry in the OpenVPN for Android log?
When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".
It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Thu Jul 10, 2014 11:52 pm

kelltech wrote:
Tealc wrote:Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.


Thank you Tealc, very much appreciated. Will the new confs be in the same place when they're ready?



So everything updated... this time there are all the "exit nodes" available, if you find some kind of error let me know.

BTW to everyone that's going to check the config file BEFORE using, YES I've removed the hostname of the "exit node" and left only the IP, I actually don't know why, but I've got a bunch of errors with the hostname in place. If you do not want this, just change it back to the hostname :P

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Thu Jul 10, 2014 11:56 pm

marzametal wrote:Has anyone noticed a new entry in the OpenVPN for Android log?
When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".
It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...


Which beta version are you running? Because, the OLD Android OVPN config's where for the 0.6.11 stable,this ones will only work with 0.6.17 stable or bigger :-D

User avatar

kelltech
Posts: 31
Joined: Mon Mar 24, 2014 11:49 pm

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby kelltech » Fri Jul 11, 2014 2:14 am

Tealc wrote:So everything updated... this time there are all the "exit nodes" available, if you find some kind of error let me know.


Works perfectly, a million thanks!! :clap:

User avatar

marzametal
Posts: 501
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby marzametal » Fri Jul 11, 2014 6:59 am

Tealc wrote:
marzametal wrote:Has anyone noticed a new entry in the OpenVPN for Android log?
When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".
It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...


Which beta version are you running? Because, the OLD Android OVPN config's where for the 0.6.11 stable,this ones will only work with 0.6.17 stable or bigger :-D


Yeah, I was on 0.6.15 when I saw the Google Breakpad stuff pop up... so jumped to 0.6.17, been about a week or so since the upgrade.
Ahhh, I see the step I missed. It wasn't enough to just upgrade to 0.6.17. I have to also upgrade the config file too... small request, can you add a little line at the beginning of the first post to indicate when it was last updated, instead of relying solely on the update dates inside it?

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Sat Jul 12, 2014 12:09 am

marzametal wrote:...
... small request, can you add a little line at the beginning of the first post to indicate when it was last updated, instead of relying solely on the update dates inside it?


Do you mean this?
1234.jpg


It's been here since day one :-D

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Sun Jul 27, 2014 3:30 am

Updated conf's with patch for correcting tls error

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Tue Aug 19, 2014 12:24 am

Main topic updated.

Outdated exit nodes removed, added other links for the OpenVPN for Android app for the ones that don't like the Play Store :-D

User avatar

Jarmer
Posts: 15
Joined: Sat Aug 17, 2013 9:10 pm

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Jarmer » Fri Sep 19, 2014 11:02 pm

Recently I upgraded to a 4.4.4 ROM and am currently using the standard configs posted in the op. Things at first work great then I start getting the attached error messages over and over again. I'm using a token I purchased in April for one year so I know its not that, and it connects fine to begin with. Just after a while it starts disconnecting and erroring out with the auth failure messages. Any ideas here? I saw some comments above that 4.4.2+ have issues with openvpn, that still the case now?

Screenshot_2014-09-19-13-50-29.png

User avatar

marzametal
Posts: 501
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby marzametal » Sat Sep 20, 2014 10:30 am

OpenVPN works fine on 4.4.4, provided you are using the latest OpenVPN for Android build... The latest stable is .6.17, although I just noticed there is a beta (up to you). You can download it from here Full List of OpenVPN for Android releases

May I ask what ROM you are using? I am using SlimSaber 4.4.4

The errors also might have to do with the recent disruptions on the UNSAE exit node. I had to resort to Onyx and haven't looked back. Do you get the errors on other cluster choices?

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: 4 easy steps to connect your Android with OpenVPN

Postby Tealc » Mon Sep 22, 2014 2:53 am

Jarmer wrote:Recently I upgraded to a 4.4.4 ROM and am currently using the standard configs posted in the op. Things at first work great then I start getting the attached error messages over and over again. I'm using a token I purchased in April for one year so I know its not that, and it connects fine to begin with. Just after a while it starts disconnecting and erroring out with the auth failure messages. Any ideas here? I saw some comments above that 4.4.2+ have issues with openvpn, that still the case now?


What's your OpenVPN version? You should only use the 0.6.17 or up, anything older will give several bizarre errors.
All versions of Android now work fine, no problems even with 4.4.2 :-D

Which exit node are you using? This auth error get's reproduced in others exit nodes?


VirtuosicVagabond
Posts: 9
Joined: Tue Dec 30, 2014 11:48 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby VirtuosicVagabond » Mon Mar 09, 2015 9:14 pm

How about the Cryptofree.ovpn file?

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tealc » Tue Mar 10, 2015 1:06 am

VirtuosicVagabond wrote:How about the Cryptofree.ovpn file?


"Your request is my command" :-D

Check my Owncloud, it's there :-)


VirtuosicVagabond
Posts: 9
Joined: Tue Dec 30, 2014 11:48 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby VirtuosicVagabond » Tue Mar 10, 2015 3:40 pm

Tealc wrote:
VirtuosicVagabond wrote:How about the Cryptofree.ovpn file?


"Your request is my command" :-D

Check my Owncloud, it's there :-)

*tips hat*

Any chance that you know the full Cryptofree token?
It doesn't let me copy it. It starts with "4a8....etc"

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tealc » Tue Mar 10, 2015 7:57 pm

VirtuosicVagabond wrote:
Tealc wrote:
VirtuosicVagabond wrote:How about the Cryptofree.ovpn file?


"Your request is my command" :-D

Check my Owncloud, it's there :-)

*tips hat*

Any chance that you know the full Cryptofree token?
It doesn't let me copy it. It starts with "4a8....etc"


According to this viewtopic.php?f=58&t=6528 it doesn't matter what you put in.

When it asks for a user/password, type "snowden" "rocks!" (actually it doesn't matter what you type, but type something)


VirtuosicVagabond
Posts: 9
Joined: Tue Dec 30, 2014 11:48 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby VirtuosicVagabond » Tue Mar 10, 2015 9:54 pm

So what's the difference between the .ovpn file you posted and the .conf file posted in that other thread?

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tealc » Wed Mar 11, 2015 11:09 pm

VirtuosicVagabond wrote:So what's the difference between the .ovpn file you posted and the .conf file posted in that other thread?


If you open with a text editor both of them you will see that there are a LOT a differences, the main configuration parameters in my ovpn file are the same has the recommended by Staff from the 1.4 version.

Actually the main differences are:

1) I don't use FQDN to try to connect to the server (be warned that this isn't recommended by Staff), the main purpose of putting only the naked IP is that many devices, and it doesn't matter what version of Android you're running, have some problems trying to figure out the FQDN and tend to leak the real IP address to 3rd party for the dns resolve of the FQDN.
It's been documented here in the forum that you can fix the dns resolve problem of sending the real ip address before connecting to CS with ipblock or AFwall+ or something like this, but has you can figure we would need a lot more work to do that, it's simple and easier to put the naked IP, just sayinging :-D.
Just a small remark, if you use a naked IP, if that server is down or something there will be no dynamic balancing of your connection to another server and that could be a potential security risk?!

2) Since the beginning of my involvement in CS the "main ovpn file" used with RAW linux connections wasn't really accepted in a lot of the configuration parameters by the default ovpn android app, I know that since then the parameters have change and the normal 1.4 conf CS ovpn file can be imported to the ovpn android app without critical errors, but still with some.

You know, this comes down to your choice, my config files for android are here for everyone see and test, there are no hidden parameters (is that even possible?) and they are hassle free, they just work out-of-the-box (or owncloud :-D )

Stay awesome,

Tealc


VirtuosicVagabond
Posts: 9
Joined: Tue Dec 30, 2014 11:48 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby VirtuosicVagabond » Mon Mar 16, 2015 10:44 am

So I couldn't really get either option to hold a decent connection. Don't think I successfully loaded a single thing while connected.
Oh well.


FrostyLV

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby FrostyLV » Wed Aug 05, 2015 8:13 am

I'm having trouble connecting, I get an error message asking me to download a certificate.

User avatar

parityboy
Site Admin
Posts: 1092
Joined: Wed Feb 05, 2014 3:47 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby parityboy » Thu Aug 06, 2015 11:16 pm

@FrostyLV

See my signature for the separate certificate files - "post-Heartbleed". Clients seem to have trouble loading the in-line certificate in the configuration file.


kittenrocketTEMP

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby kittenrocketTEMP » Tue Sep 01, 2015 11:49 am

anyone had any routing issues using android cyanogenmod? works great on my ph but my custom tablet dont worky


abadonna
Posts: 2
Joined: Sat Sep 26, 2015 2:33 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby abadonna » Sun Sep 27, 2015 3:00 am

Well, I have problems with running it on my mobile phones... I have tried on Nexus4 (CM 11-stable) and OnePlus One (CM 12.1-Nightly). On both phones I have the same behaviour:
OpenVPN connects, authenticates, connection is established. And few seconds later:

2015-09-27 05:40:40 MANAGEMENT: >STATE:1443296440,CONNECTED,SUCCESS,10.33.24.120,103.254.153.243
2015-09-27 05:41:01 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
2015-09-27 05:41:06 MANAGEMENT: CMD 'signal SIGINT'
2015-09-27 05:41:06 SIGTERM received, sending exit notification to peer
2015-09-27 05:41:07 MANAGEMENT: Client disconnected
2015-09-27 05:41:07 NOTE: --mute triggered...
2015-09-27 05:41:07 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-09-27 05:41:07 TCP/UDP: Closing socket

The full log is here: https://cryptobin.org/r1z5j6p4
Decrypt password: mylog

Help! SOS!



abadonna
Posts: 2
Joined: Sat Sep 26, 2015 2:33 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby abadonna » Fri Oct 02, 2015 2:11 pm

@parityboy, sorry for a delay (I've been off-line for last few days).
Not really... Both are CyanogenMod... Maybe you could suggest what else might I try?

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tealc » Sat Oct 03, 2015 12:28 am

It apears this is a know bug with Android 5.0+ and more specifically with the One Plus:

https://github.com/schwabe/ics-openvpn/issues/393

I was told in DM with Arne that is going to address this issue in the next version of the program, he didn't have a ETA, but he told me that it was soon.

User avatar

JTD121
Posts: 28
Joined: Sun Oct 11, 2015 7:28 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby JTD121 » Mon Oct 12, 2015 11:37 pm

Curious; why don't we use the official OVPN app? I read through part of the thread, but saw no mention of it, other than to use the app from Arne Schwabe
---------------------------------------------------------------------------------------------------
You derive personal satisfaction from the continued existence of the near perfect day-night cycles of the hyper cube.....

► Show Spoiler


Phugiyama

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Phugiyama » Sat Oct 17, 2015 5:21 am

Sorry for the noob request for help.

Having problems logging in with OpenVPN. I'm using OpenVPN Connect 1.1.16 (Core 3.0.3) on Android 4.4.2.

I get the error:

OpenVPN core error : option_error:
sorry, 'fragment' directive is not supported, nor is connecting to a server that uses 'fragment' directive

What does this mean?

How to resolve?

Thanks.

User avatar

Tokumei Nanashi
Posts: 3
Joined: Sat Oct 17, 2015 3:50 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tokumei Nanashi » Sat Oct 17, 2015 3:59 pm

abadonna wrote:Well, I have problems with running it on my mobile phones... I have tried on Nexus4 (CM 11-stable) and OnePlus One (CM 12.1-Nightly). On both phones I have the same behaviour:
OpenVPN connects, authenticates, connection is established. And few seconds later:

2015-09-27 05:40:40 MANAGEMENT: >STATE:1443296440,CONNECTED,SUCCESS,10.33.24.120,103.254.153.243
2015-09-27 05:41:01 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
2015-09-27 05:41:06 MANAGEMENT: CMD 'signal SIGINT'
2015-09-27 05:41:06 SIGTERM received, sending exit notification to peer
2015-09-27 05:41:07 MANAGEMENT: Client disconnected
2015-09-27 05:41:07 NOTE: --mute triggered...
2015-09-27 05:41:07 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-09-27 05:41:07 TCP/UDP: Closing socket


I'm having a similar issue on an HTC J Butterfly running Android 4.1.1 It's vendor modified version I'm sure, not pure stock Android, but attempting to connect with OpenVPN as per this tutorial seems to connect successfully, then disconnects, then reconnects, then disconnects, etc etc.

Even when the device is in a connected state, it doesn't receive any data. It seems to send, but nothing comes back. I've tried with both Singapore and Cryptofree and both give the same result.

I don't know if this'd be the same problem with OpenVPN or something completely different, but not being able to Cryptostorm on my phone is, like, bumming me out dude :P

User avatar

Fermi
Site Admin
Posts: 218
Joined: Tue Jun 17, 2014 11:42 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Fermi » Sat Oct 17, 2015 4:37 pm

Hi,

When having:
2015-09-27 05:41:01 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented

in the logfile, try commenting the following directive in the .ovpn file:
mssfix 1400


Regards,

/Fermi

User avatar

Tokumei Nanashi
Posts: 3
Joined: Sat Oct 17, 2015 3:50 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tokumei Nanashi » Sun Oct 18, 2015 9:53 pm

Fermi wrote:Hi,

When having:
2015-09-27 05:41:01 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented

in the logfile, try commenting the following directive in the .ovpn file:
mssfix 1400


Regards,

/Fermi


I checked the .ovpn file for Singapore I got from Tealc's OwnCloud, and I can't find a "mssfix 1400" line to comment out.

This is what it looks like when I open it in a text editor:

# Enables connection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold
setenv IV_GUI_VER "de.blinkt.openvpn 0.6.17"
machine-readable-output
client
verb 4
connect-retry-max 5
connect-retry 5
resolv-retry 60
dev tun
remote 103.254.153.243 443 udp
auth-user-pass
auth-retry nointeract
<ca>
-----BEGIN CERTIFICATE-----
*cert gobbledygook here*
-----END CERTIFICATE-----
</ca>
comp-lzo
redirect-private unblock-local
route 0.0.0.0 0.0.0.0 vpn_gateway
nobind
cipher AES-256-CBC
auth SHA512
float
persist-tun
preresolve
management-query-proxy
key-method 2
down-pre
ns-cert-type server
explicit-exit-notify 3
fragment 1400
mute 1
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
replay-window 128 30
resolv-retry 17
hand-window 37


I see a "fragment 1400", should that be commented out?

User avatar

Fermi
Site Admin
Posts: 218
Joined: Tue Jun 17, 2014 11:42 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Fermi » Mon Oct 19, 2015 12:00 am

Hi,

my bad.
Please try with fragment 1400 commented out.

Regards,

/Fermi

User avatar

Tokumei Nanashi
Posts: 3
Joined: Sat Oct 17, 2015 3:50 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tokumei Nanashi » Mon Oct 19, 2015 8:23 am

Fermi wrote:Hi,

my bad.
Please try with fragment 1400 commented out.

Regards,

/Fermi


I can confirm that this works. Thanks!


phugiyama

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby phugiyama » Tue Oct 20, 2015 8:03 am

Well, I've read this whole thread and tried various things, but can't get neither OpenVPN for Android or OpenVPN Connect to work on 4.4.2

I can connect but I can't receive data.

I'm about to pull the plug on this trial.

BTW, I'm trying from China.

Any ideas?



Filius
Posts: 1
Joined: Thu Nov 26, 2015 1:35 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Filius » Thu Nov 26, 2015 1:40 am

Tealc, do you have a mirror for the config files? The server seems to be down.

Thanks for your work!

User avatar

jlg
Posts: 92
Joined: Mon May 05, 2014 2:44 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby jlg » Thu Nov 26, 2015 6:27 am

Here is a copy of germany_cantus.ovpn for Android I have stored on my Google Drive.

I hope it helps some others.

https://drive.google.com/file/d/0BwjaRP ... sp=sharing

User avatar

jlg
Posts: 92
Joined: Mon May 05, 2014 2:44 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby jlg » Fri Nov 27, 2015 1:57 pm

Tealc's owncloud at the top of this page is currently down/offline. He needs to physically get to the server to get it back up and is currently on vacation. This will be fixed within a week or so.

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tealc » Sat Dec 12, 2015 9:15 pm

jlg wrote:Tealc's owncloud at the top of this page is currently down/offline. He needs to physically get to the server to get it back up and is currently on vacation. This will be fixed within a week or so.


It's working just fine now! Thank you @jlg


col883

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby col883 » Fri Feb 26, 2016 4:45 pm

[Help] I cannot seem to get Cryptofree Android working. Tried Tealc's cryptofree.but no internet.for me strange, It says connection "success" but I got no data coming "in" on network monitor. Data going out seems ok. So cant even browse. Arnes OpenVPn says "WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'"
I am on Lollipop 5.1, rooted. Any advice please? what am I doing wrong? I would like to get this free one able to working on my android before I next step buy token for non-free.

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tealc » Fri Feb 26, 2016 8:22 pm

Can you post here the complete log of the openvpn connection status?
Just print screen the "bitch", the link mtu has nothing to do with it :-)
Btw do you have any kind of those "Internet Protection Suite" like "Panda Antivirus PRO"?

Tealc


col883 wrote:[Help] I cannot seem to get Cryptofree Android working. Tried Tealc's cryptofree.but no internet.for me strange, It says connection "success" but I got no data coming "in" on network monitor. Data going out seems ok. So cant even browse. Arnes OpenVPn says "WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'"
I am on Lollipop 5.1, rooted. Any advice please? what am I doing wrong? I would like to get this free one able to working on my android before I next step buy token for non-free.


wpaschukat
Posts: 15
Joined: Sun Mar 22, 2015 3:25 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby wpaschukat » Sat Feb 27, 2016 3:18 am

Hey,

same problem here, Lollipop, not rooted. And no, no Panda or any other bs installed.

Gracias.

Verbose log:

2016-02-26 23:11:42 official build 0.6.47 running on samsung SM-G920F (universal7420), Android 5.1.1 (LMY47X) API 22, ABI arm64-v8a, (samsung/zerofltexx/zeroflte:5.1.1/LMY47X/G920FXXU3COI9:user/release-keys)
2016-02-26 23:11:42 Building configuration…
2016-02-26 23:11:42 started Socket Thread
2016-02-26 23:11:42 Current Parameter Settings:
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 182 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 OpenVPN 2.4-icsopenvpn [git:icsopenvpn-c75f06c933a596fb] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Feb 10 2016
2016-02-26 23:11:42 library versions: OpenSSL 1.0.2f 28 Jan 2016, LZO 2.09
2016-02-26 23:11:42 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2016-02-26 23:11:42 MANAGEMENT: CMD 'hold release'
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 3 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 LZO compression initializing
2016-02-26 23:11:42 Control Channel MTU parms [ L:1606 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 2 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 TCP/UDP: Preserving recently used remote address: [AF_INET]130.180.201.117:443
2016-02-26 23:11:42 Socket Buffers: R=[229376->229376] S=[229376->229376]
2016-02-26 23:11:42 MANAGEMENT: CMD 'state on'
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 UDP link local: (not bound)
2016-02-26 23:11:42 UDP link remote: [AF_INET]130.180.201.117:443
2016-02-26 23:11:42 MANAGEMENT: >STATE:1456524702,WAIT,,,,,,
2016-02-26 23:11:42 Network Status: CONNECTED to WIFI "home.fast"
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 TLS: Initial packet from [AF_INET]130.180.201.117:443, sid=d71e1efb 78a7c407
2016-02-26 23:11:42 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2016-02-26 23:11:42 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite / cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 2 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'
2016-02-26 23:11:42 WARNING: 'mtu-dynamic' is present in local config but missing in remote config, local='mtu-dynamic'
2016-02-26 23:11:42 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-26 23:11:42 NOTE: --mute triggered...
2016-02-26 23:11:42 4 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:42 [server] Peer Connection Initiated with [AF_INET]130.180.201.117:443
2016-02-26 23:11:44 MANAGEMENT: >STATE:1456524704,GET_CONFIG,,,,,,
2016-02-26 23:11:44 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2016-02-26 23:11:44 NOTE: --mute triggered...
2016-02-26 23:11:44 7 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:44 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo HWADDR=00:00:00:00:00:00
2016-02-26 23:11:44 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-02-26 23:11:44 MANAGEMENT: >STATE:1456524704,ASSIGN_IP,,10.33.90.106,,,,
2016-02-26 23:11:44 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2016-02-26 23:11:44 NOTE: --mute triggered...
2016-02-26 23:11:44 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:44 MANAGEMENT: >STATE:1456524704,ADD_ROUTES,,,,,,
2016-02-26 23:11:44 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2016-02-26 23:11:44 NOTE: --mute triggered...
2016-02-26 23:11:44 Opening tun interface:
2016-02-26 23:11:44 Ignoring multicast route: 224.0.0.0/3
2016-02-26 23:11:44 Local IPv4: 10.33.90.106/16 IPv6: null MTU: 1500
2016-02-26 23:11:44 DNS Server: 31.24.34.50, Domain: null
2016-02-26 23:11:44 Routes: 0.0.0.0/0, 10.33.0.0/16
2016-02-26 23:11:44 Routes excluded: 192.168.1.17/24
2016-02-26 23:11:44 VpnService routes installed: 0.0.0.0/1, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/24, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3
2016-02-26 23:11:44 Disallowed VPN apps:
2016-02-26 23:11:44 3 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-26 23:11:44 Initialization Sequence Completed
2016-02-26 23:11:44 MANAGEMENT: >STATE:1456524704,CONNECTED,SUCCESS,10.33.90.106,130.180.201.117,443,,


col888

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby col888 » Sun Feb 28, 2016 7:45 am

hi Tealc
Thanks for replying. i don't use any antivirus at all. i remember on my old phone the android cryptofree worked but i haven't been able to get it work for ages anymore. i tried the cryptofree ovpn from your git and Tealc's ovpn and always same says connection success but not data coming in. just network monitor shows data going out. no panda installed .
here is copy of log. I tried remove all personal info. you might want to recheck if i did:
log from Arnes OpenVPn :

Code: Select all

2016-02-28 12:27:57 Building configuration…
2016-02-28 12:27:58 MANAGEMENT: CMD 'signal SIGINT'
2016-02-28 12:27:58 SIGTERM received, sending exit notification to peer
2016-02-28 12:27:58 MANAGEMENT: Client disconnected
2016-02-28 12:27:58 NOTE: --mute triggered...
2016-02-28 12:27:58 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:27:58 TCP/UDP: Closing socket
2016-02-28 12:27:58 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.
2016-02-28 12:27:58 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.
2016-02-28 12:27:58 Closing TUN/TAP interface
2016-02-28 12:27:58 SIGTERM[soft,management-exit] received, process exiting
2016-02-28 12:27:58 MANAGEMENT: >STATE:1456633678,EXITING,management-exit,,,,,
2016-02-28 12:27:59 started Socket Thread
2016-02-28 12:27:59 Current Parameter Settings:
2016-02-28 12:27:59 NOTE: --mute triggered...
2016-02-28 12:27:59 182 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:27:59 OpenVPN 2.4-icsopenvpn [git:icsopenvpn-c75f06c933a596fb] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Feb 10 2016
2016-02-28 12:27:59 library versions: OpenSSL 1.0.2f  28 Jan 2016, LZO 2.09
2016-02-28 12:27:59 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2016-02-28 12:27:59 Network Status: CONNECTED LTE to MOBILE live.xxxxxmyproviderinforemovedxx.com
2016-02-28 12:27:59 MANAGEMENT: CMD 'hold release'
2016-02-28 12:27:59 NOTE: --mute triggered...
2016-02-28 12:27:59 4 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:27:59 MANAGEMENT: >STATE:1456633679,RESOLVE,,,,,,
2016-02-28 12:27:59 MANAGEMENT: CMD 'proxy NONE'
2016-02-28 12:28:00 LZO compression initializing
2016-02-28 12:28:00 Control Channel MTU parms [ L:1606 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2016-02-28 12:28:00 NOTE: --mute triggered...
2016-02-28 12:28:00 2 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:00 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2016-02-28 12:28:00 NOTE: --mute triggered...
2016-02-28 12:28:00 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:00 TCP/UDP: Preserving recently used remote address: [AF_INET]212.129.10.40:443
2016-02-28 12:28:00 Socket Buffers: R=[212992->212992] S=[212992->212992]
2016-02-28 12:28:00 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2016-02-28 12:28:00 UDP link local: (not bound)
2016-02-28 12:28:00 UDP link remote: [AF_INET]212.129.10.40:443
2016-02-28 12:28:00 MANAGEMENT: >STATE:1456633680,WAIT,,,,,,
2016-02-28 12:28:01 NOTE: --mute triggered...
2016-02-28 12:28:01 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:01 TLS: Initial packet from [AF_INET]212.129.10.40:443, sid=4d027da4 e7da5b21
2016-02-28 12:28:01 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2016-02-28 12:28:07 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
2016-02-28 12:28:07 NOTE: --mute triggered...
2016-02-28 12:28:11 2 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:11 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'
2016-02-28 12:28:11 WARNING: 'mtu-dynamic' is present in local config but missing in remote config, local='mtu-dynamic'
2016-02-28 12:28:11 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-28 12:28:11 NOTE: --mute triggered...
2016-02-28 12:28:11 4 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:11 [server] Peer Connection Initiated with [AF_INET]212.129.10.40:443
2016-02-28 12:28:12 MANAGEMENT: >STATE:1456633692,GET_CONFIG,,,,,,
2016-02-28 12:28:12 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2016-02-28 12:28:14 NOTE: --mute triggered...
2016-02-28 12:28:14 7 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:14 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo HWADDR=00:00:00:00:00:00
2016-02-28 12:28:14 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-02-28 12:28:14 MANAGEMENT: >STATE:1456633694,ASSIGN_IP,,10.55.0.8,,,,
2016-02-28 12:28:14 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2016-02-28 12:28:14 NOTE: --mute triggered...
2016-02-28 12:28:14 1 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:14 MANAGEMENT: >STATE:1456633694,ADD_ROUTES,,,,,,
2016-02-28 12:28:14 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2016-02-28 12:28:14 NOTE: --mute triggered...
2016-02-28 12:28:14 Opening tun interface:
2016-02-28 12:28:14 Local IPv4: 10.55.0.8/16 IPv6: null MTU: 1500
2016-02-28 12:28:14 DNS Server: 195.154.61.33, Domain: null
2016-02-28 12:28:14 Routes: 0.0.0.0/0, 10.55.0.0/16
2016-02-28 12:28:14 Routes excluded: 
2016-02-28 12:28:14 VpnService routes installed: 0.0.0.0/0
2016-02-28 12:28:14 Disallowed VPN apps:
2016-02-28 12:28:14 3 variation(s) on previous 1 message(s) suppressed by --mute
2016-02-28 12:28:14 Initialization Sequence Completed
2016-02-28 12:28:14 MANAGEMENT: >STATE:1456633694,CONNECTED,SUCCESS,10.55.0.8,212.129.10.40,443,,


 ! Message from: parityboy
Edited for clarity

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tealc » Sun Feb 28, 2016 6:33 pm

NEWS UPDATE

Hi there everyone, it seams that Android 5.0.1+ has problems with setting up routes that are pushed by the OpenVPN app, currently no OpenVPN app works, no matter what conf file or version of it you use.

I've already contacted Arne Schwabe and I'm waiting for some news about this problem.

Actually if we google the words "Android 5.1.1 OpenVPN" everyone can see that this is a well spoken subject.

Stay tuned on this topic (use "Notify me when a reply is posted") for more info

EDIT 01/03/2016: It appears that the problem isn't reproduce by everyone, and it currently afects mostly people with non-rooted devices, in my wife non-rooted Sony Z3 it doesn't work, in mine rooted it does work.
Tealc


Return to “guides, HOWTOs & tutorials”

Who is online

Users browsing this forum: No registered users and 4 guests

cron

Login