Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: Arnaud on December 30, 2016, 09:11:23 AM
-
Hello,
I installed the contrib smeserver-openvpn-routed and I made the configuration to run it with OpenVPN-Connect for Android.
It looks like that it is running: I got the VPN connection and the logs of the SME look good.
But the logs of Android aren't so good: every 5 sec. comes following
TUN write error: write_some: Invalid argument
Into the www the most topics reporting a TUN error by OpenVPN are in relation with the compression, like this one: http://superuser.com/questions/1066321/openvpn-bad-lzo-decompression-header-byte-69 (http://superuser.com/questions/1066321/openvpn-bad-lzo-decompression-header-byte-69). Unfortunately, Android doesn't tell me the number of the error, therefore it is possibly the wrong direction.
The openvpn.conf of the SME is:
port 1195
proto udp
dev tunvpn0
user openvpn
group openvpn
chroot /etc/openvpn/routed
persist-key
persist-tun
# Certificates config
dh pub/dh.pem
ca pub/cacert.pem
cert pub/cert.pem
key priv/key.pem
tls-server
tls-auth priv/takey.pem 0
crl-verify pub/cacrl.pem
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so login
server 192.168.29.0 255.255.255.0
topology subnet
up /etc/openvpn/routed/bin/up
script-security 2
# Options
keepalive 40 180
push "dhcp-option DOMAIN domain.tld"
push "dhcp-option DNS 192.168.1.5"
push "dhcp-option WINS 192.168.1.5"
mtu-test
mssfix
cipher AES-256-CBC
passtos
comp-lzo adaptive
push "comp-lzo adaptive"
nice 5
push "redirect-gateway def1"
management 127.0.0.1 11195 management-pass.txt
client-config-dir ccd
status-version 2
status bridge-status.txt
suppress-timestamps
verb 3
The .ovpn for Android is:
#rport 1194
#proto udp
dev tun
nobind
# Uncomment the following line if your system
# support passtos (not supported on Windows)
# passtos
remote domain.tld 1195 udp
tls-client
tls-auth takey.pem 1
ns-cert-type server
auth-user-pass
# Replace user.p12 with the certificate
# bundle in PKCS12 format
#pkcs12 user.p12
# You can replace the pkcs12
# directive with the old ones
#ca cacert.pem
#cert user.pem
#key user-key.pem
mtu-test
cipher AES-256-CBC
comp-lzo
#comp-lzo yes
pull
#push "comp-lzo yes"
<ca>
-----BEGIN CERTIFICATE-----
MIIFK.............
</ca>
I tried to disabled the compression, on SME as well as on Android. The VPN connection was still working but it didn't help avoiding the logs.
OpenVPN-Conenct has an own preference parameter for Compression: "No", "Full" or "Downlink only" but this didn't help too.
=> what can I do? How do you have solved it?
Thanks.
Bye
Arnaud
-
Arnaud - I will check my own settings this week (once i am back to work !) and post them for you to look at.
B. Rgds
John
-
Hi John,
first of all I wish you and all the others an happy new year. :smile: Thanks for your reply.
In between I get new information:
- after exactly 70 messages into the logs for each reconnection, no supplementary message is generated. No idea why. Auto-solved by server-client or just stopping logging the issue?
- the app "OpenVPN for Android" (available by F-Droid too) doesn't show this problem and the logs are clean for the same conf of the server (=sme).
But I wasn't able to get the app running by an import of the .ovpn conf file => do the conf of the client by hand based on the .pkcs12 file, rename the file "takey.pem" through "ta.key", set the same cipher as used by the SME:
# db configuration setprop openvpn-routed Cipher AES-256-CBC
# signal-event openvpn-bridge-routed and be happy!
The other important advantage of this app is the possibility to select which app of the phone runs over the VPN and which app goes the normal way to the internet.
So for me the need is fulfilled in this way.
Bye
Arnaud