Open VPN on Android

burn913
Posts: 71
Joined: Sun Mar 09, 2014 12:02 pm

Open VPN on Android

Postby burn913 » Sun Mar 09, 2014 12:17 pm

I am very new at both Amahi and Linux/Fedora in general. While I understand many of the general ideas behind working with my brand spanking new Amahi home server, I don't know many of the basics and specifics such as simple commands.

Recently I installed Fedora 19 and Amahi to my old computer using the Amahi guides for a 32 bit system. So far, I have successfully added an external hard drive using the wiki and forums and google, and have set up DLNA using the wiki and forums and google too. As such a noobie, they were both a bit difficult, but they seem to be working great now and I love this. The last thing that I want to do is set up a VPN so that I can access my server from outside my home network.

It seems that I have successfully set up my HDA for VPN access, installed the OpenVPN app, port forwarded, etc, yet am having trouble understanding how to set this up on my Android 4.4 phone. I have reviewed the wiki for VPNAndroid, but as such a noob, I don't even know how to download the 3 described files to a specific directory, let alone use my "favorite editor." My only "Linux based OS" is my Fedora 19/Amahi server, where I can only use command line when at the terminal. I feel like I'm missing something really basic here. Are these files something that I can download and edit from a Windows (8.1) machine and then import into my OpenVPN app on my Android device?

Thank you for any advice/direction on this. Any help is greatly appreciated I tried really hard not to have to resort to posting on this forum my noob problems, but I am just flummoxed on this one.

User avatar
bigfoot65
Project Manager
Posts: 11648
Joined: Mon May 25, 2009 4:31 pm

Re: Open VPN on Android

Postby bigfoot65 » Sun Mar 09, 2014 3:53 pm

Recommend you use this Android app. It's free and works quite well with OpenVPN without having to root your phone.
https://play.google.com/store/apps/deta ... nvpn&hl=en

I use it all the time without issue.
ßîgƒσστ65
Applications Manager

burn913
Posts: 71
Joined: Sun Mar 09, 2014 12:02 pm

Re: Open VPN on Android

Postby burn913 » Mon Mar 10, 2014 12:10 pm

Thanks bigfoot. It turns out that my router my not properly be forwarding my port 1194. I have contacted the manufacturer for help (the router is only a week old).

In the meantime, I downloaded that app, and am hoping the setup won't be too difficult. Do you know of any resources that will help explain how to configure the Android app for my Amahi server?

Thanks again.

User avatar
bigfoot65
Project Manager
Posts: 11648
Joined: Mon May 25, 2009 4:31 pm

Re: Open VPN on Android

Postby bigfoot65 » Mon Mar 10, 2014 12:34 pm

Not much to configure. Just need to add in the server credentials, add the 2 certificates and 1 key file.

If you need assistance, I would be happy to help you through it. I can set it up in about 2-3 minutes as I have done it so many times on my devices LOL
ßîgƒσστ65
Applications Manager

burn913
Posts: 71
Joined: Sun Mar 09, 2014 12:02 pm

Re: Open VPN on Android

Postby burn913 » Mon Mar 10, 2014 2:52 pm

Thanks, yes I think I need assistance. Despite my doubt, I now believe I have forwarded the 1194 port correctly. For server credentials, I assume you mean my server IP address that I see on my Amahi control panel. As for the certificates and key file, I have no idea where to get these. Thank you for your help, it is much appreciated!

User avatar
bigfoot65
Project Manager
Posts: 11648
Joined: Mon May 25, 2009 4:31 pm

Re: Open VPN on Android

Postby bigfoot65 » Mon Mar 10, 2014 3:22 pm

The certs and key are in the wiki. Not sure what page but they are there.

EDIT: They can be found on this page.
https://wiki.amahi.org/index.php/VPNAndroid
ßîgƒσστ65
Applications Manager

burn913
Posts: 71
Joined: Sun Mar 09, 2014 12:02 pm

Re: Open VPN on Android

Postby burn913 » Mon Mar 10, 2014 4:45 pm

Thanks again. Unfortunately, even after downloading the certificates and key successfully (I think), the app still doesn't want to connect. I've provided the log file here, if it's of any use. I've redacted my IP address. Any advice?

It looks like the problem happens here:

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
TCP/UDP: Closing socket
SIGUSR1[soft,tls-error] received, process restarting
2014-03-10 19:35:00 Running on HTCONE (unknown) htc, Android API 19, version 0.6.10, official build
2014-03-10 19:35:00 Building configuration…
2014-03-10 19:35:02 started Socket Thread
2014-03-10 19:35:02 P:Initializing Google Breakpad!
2014-03-10 19:35:02 Current Parameter Settings:
2014-03-10 19:35:02 config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2014-03-10 19:35:02 mode = 0
2014-03-10 19:35:02 show_ciphers = DISABLED
2014-03-10 19:35:02 show_digests = DISABLED
2014-03-10 19:35:02 show_engines = DISABLED
2014-03-10 19:35:02 genkey = DISABLED
2014-03-10 19:35:02 key_pass_file = '[UNDEF]'
2014-03-10 19:35:02 show_tls_ciphers = DISABLED
2014-03-10 19:35:02 connect_retry_max = 5
2014-03-10 19:35:02 Connection profiles [0]:
2014-03-10 19:35:02 proto = udp
2014-03-10 19:35:02 local = '[UNDEF]'
2014-03-10 19:35:02 local_port = '1194'
2014-03-10 19:35:02 remote = 'xx.xxx.xxx.xxx'
2014-03-10 19:35:02 remote_port = '1194'
2014-03-10 19:35:02 remote_float = DISABLED
2014-03-10 19:35:02 bind_defined = DISABLED
2014-03-10 19:35:02 bind_local = ENABLED
2014-03-10 19:35:02 bind_ipv6_only = DISABLED
2014-03-10 19:35:02 connect_retry_seconds = 5
2014-03-10 19:35:02 connect_timeout = 10
2014-03-10 19:35:02 socks_proxy_server = '[UNDEF]'
2014-03-10 19:35:02 socks_proxy_port = '[UNDEF]'
2014-03-10 19:35:02 socks_proxy_retry = DISABLED
2014-03-10 19:35:02 tun_mtu = 1500
2014-03-10 19:35:02 tun_mtu_defined = ENABLED
2014-03-10 19:35:02 link_mtu = 1500
2014-03-10 19:35:02 link_mtu_defined = DISABLED
2014-03-10 19:35:02 tun_mtu_extra = 0
2014-03-10 19:35:02 tun_mtu_extra_defined = DISABLED
2014-03-10 19:35:02 mtu_discover_type = -1
2014-03-10 19:35:02 fragment = 0
2014-03-10 19:35:02 mssfix = 1450
2014-03-10 19:35:02 explicit_exit_notification = 0
2014-03-10 19:35:02 Connection profiles END
2014-03-10 19:35:02 remote_random = DISABLED
2014-03-10 19:35:02 ipchange = '[UNDEF]'
2014-03-10 19:35:02 dev = 'tun'
2014-03-10 19:35:02 dev_type = '[UNDEF]'
2014-03-10 19:35:02 dev_node = '[UNDEF]'
2014-03-10 19:35:02 lladdr = '[UNDEF]'
2014-03-10 19:35:02 topology = 1
2014-03-10 19:35:02 tun_ipv6 = DISABLED
2014-03-10 19:35:02 ifconfig_local = '[UNDEF]'
2014-03-10 19:35:02 ifconfig_remote_netmask = '[UNDEF]'
2014-03-10 19:35:02 ifconfig_noexec = DISABLED
2014-03-10 19:35:02 ifconfig_nowarn = DISABLED
2014-03-10 19:35:02 ifconfig_ipv6_local = '[UNDEF]'
2014-03-10 19:35:02 ifconfig_ipv6_netbits = 0
2014-03-10 19:35:02 ifconfig_ipv6_remote = '[UNDEF]'
2014-03-10 19:35:02 shaper = 0
2014-03-10 19:35:02 mtu_test = 0
2014-03-10 19:35:02 mlock = DISABLED
2014-03-10 19:35:02 keepalive_ping = 0
2014-03-10 19:35:02 keepalive_timeout = 0
2014-03-10 19:35:02 inactivity_timeout = 0
2014-03-10 19:35:02 ping_send_timeout = 0
2014-03-10 19:35:02 ping_rec_timeout = 0
2014-03-10 19:35:02 ping_rec_timeout_action = 0
2014-03-10 19:35:02 ping_timer_remote = DISABLED
2014-03-10 19:35:02 remap_sigusr1 = 0
2014-03-10 19:35:02 persist_tun = DISABLED
2014-03-10 19:35:02 persist_local_ip = DISABLED
2014-03-10 19:35:02 persist_remote_ip = DISABLED
2014-03-10 19:35:02 persist_key = DISABLED
2014-03-10 19:35:02 passtos = DISABLED
2014-03-10 19:35:02 resolve_retry_seconds = 60
2014-03-10 19:35:02 resolve_in_advance = DISABLED
2014-03-10 19:35:02 username = '[UNDEF]'
2014-03-10 19:35:02 groupname = '[UNDEF]'
2014-03-10 19:35:02 chroot_dir = '[UNDEF]'
2014-03-10 19:35:02 cd_dir = '[UNDEF]'
2014-03-10 19:35:02 writepid = '[UNDEF]'
2014-03-10 19:35:02 up_script = '[UNDEF]'
2014-03-10 19:35:02 down_script = '[UNDEF]'
2014-03-10 19:35:02 down_pre = DISABLED
2014-03-10 19:35:02 up_restart = DISABLED
2014-03-10 19:35:02 up_delay = DISABLED
2014-03-10 19:35:02 daemon = DISABLED
2014-03-10 19:35:02 inetd = 0
2014-03-10 19:35:02 log = DISABLED
2014-03-10 19:35:02 suppress_timestamps = DISABLED
2014-03-10 19:35:02 machine_readable_output = ENABLED
2014-03-10 19:35:02 nice = 0
2014-03-10 19:35:02 verbosity = 4
2014-03-10 19:35:02 mute = 0
2014-03-10 19:35:02 gremlin = 0
2014-03-10 19:35:02 status_file = '[UNDEF]'
2014-03-10 19:35:02 status_file_version = 1
2014-03-10 19:35:02 status_file_update_freq = 60
2014-03-10 19:35:02 occ = ENABLED
2014-03-10 19:35:02 rcvbuf = 65536
2014-03-10 19:35:02 sndbuf = 65536
2014-03-10 19:35:02 sockflags = 0
2014-03-10 19:35:02 fast_io = DISABLED
2014-03-10 19:35:02 comp.alg = 2
2014-03-10 19:35:02 comp.flags = 1
2014-03-10 19:35:02 route_script = '[UNDEF]'
2014-03-10 19:35:02 route_default_gateway = '[UNDEF]'
2014-03-10 19:35:02 route_default_metric = 0
2014-03-10 19:35:02 route_noexec = DISABLED
2014-03-10 19:35:02 route_delay = 0
2014-03-10 19:35:02 route_delay_window = 30
2014-03-10 19:35:02 route_delay_defined = DISABLED
2014-03-10 19:35:02 route_nopull = DISABLED
2014-03-10 19:35:02 route_gateway_via_dhcp = DISABLED
2014-03-10 19:35:02 allow_pull_fqdn = DISABLED
2014-03-10 19:35:02 route 0.0.0.0/0.0.0.0/vpn_gateway/nil
2014-03-10 19:35:02 management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2014-03-10 19:35:02 management_port = 'unix'
2014-03-10 19:35:02 management_user_pass = '[UNDEF]'
2014-03-10 19:35:02 management_log_history_cache = 250
2014-03-10 19:35:02 management_echo_buffer_size = 100
2014-03-10 19:35:02 Network Status: CONNECTED LTE to mobile n.ispsn
2014-03-10 19:35:02 management_write_peer_info_file = '[UNDEF]'
2014-03-10 19:35:02 management_client_user = '[UNDEF]'
2014-03-10 19:35:02 management_client_group = '[UNDEF]'
2014-03-10 19:35:02 management_flags = 4390
2014-03-10 19:35:02 shared_secret_file = '[UNDEF]'
2014-03-10 19:35:02 key_direction = 0
2014-03-10 19:35:02 ciphername_defined = ENABLED
2014-03-10 19:35:02 ciphername = 'BF-CBC'
2014-03-10 19:35:02 authname_defined = ENABLED
2014-03-10 19:35:02 authname = 'SHA1'
2014-03-10 19:35:02 prng_hash = 'SHA1'
2014-03-10 19:35:02 prng_nonce_secret_len = 16
2014-03-10 19:35:02 keysize = 0
2014-03-10 19:35:02 engine = DISABLED
2014-03-10 19:35:02 replay = ENABLED
2014-03-10 19:35:02 mute_replay_warnings = DISABLED
2014-03-10 19:35:02 replay_window = 64
2014-03-10 19:35:02 replay_time = 15
2014-03-10 19:35:02 packet_id_file = '[UNDEF]'
2014-03-10 19:35:02 use_iv = ENABLED
2014-03-10 19:35:02 test_crypto = DISABLED
2014-03-10 19:35:02 tls_server = DISABLED
2014-03-10 19:35:02 tls_client = ENABLED
2014-03-10 19:35:02 key_method = 2
2014-03-10 19:35:02 ca_file = '[[INLINE]]'
2014-03-10 19:35:02 ca_path = '[UNDEF]'
2014-03-10 19:35:02 dh_file = '[UNDEF]'
2014-03-10 19:35:02 cert_file = '[[INLINE]]'
2014-03-10 19:35:02 priv_key_file = '[[INLINE]]'
2014-03-10 19:35:02 pkcs12_file = '[UNDEF]'
2014-03-10 19:35:02 cipher_list = '[UNDEF]'
2014-03-10 19:35:02 tls_verify = '[UNDEF]'
2014-03-10 19:35:02 tls_export_cert = '[UNDEF]'
2014-03-10 19:35:02 verify_x509_type = 0
2014-03-10 19:35:02 verify_x509_name = '[UNDEF]'
2014-03-10 19:35:02 crl_file = '[UNDEF]'
2014-03-10 19:35:02 ns_cert_type = 0
2014-03-10 19:35:02 remote_cert_ku = 160
2014-03-10 19:35:02 remote_cert_ku = 136
2014-03-10 19:35:02 remote_cert_ku = 0
2014-03-10 19:35:02 remote_cert_ku = 0
2014-03-10 19:35:02 remote_cert_ku = 0
2014-03-10 19:35:02 remote_cert_ku = 0
2014-03-10 19:35:02 remote_cert_ku = 0
2014-03-10 19:35:02 remote_cert_ku = 0
2014-03-10 19:35:02 remote_cert_ku = 0
2014-03-10 19:35:02 remote_cert_ku = 0
2014-03-10 19:35:02 remote_cert_ku[i] = 0
2014-03-10 19:35:02 remote_cert_ku[i] = 0
2014-03-10 19:35:02 remote_cert_ku[i] = 0
2014-03-10 19:35:02 remote_cert_ku[i] = 0
2014-03-10 19:35:02 remote_cert_ku[i] = 0
2014-03-10 19:35:02 remote_cert_ku[i] = 0
2014-03-10 19:35:02 remote_cert_eku = 'TLS Web Server Authentication'
2014-03-10 19:35:02 ssl_flags = 0
2014-03-10 19:35:02 tls_timeout = 2
2014-03-10 19:35:02 renegotiate_bytes = 0
2014-03-10 19:35:02 renegotiate_packets = 0
2014-03-10 19:35:02 renegotiate_seconds = 3600
2014-03-10 19:35:02 handshake_window = 60
2014-03-10 19:35:02 transition_window = 3600
2014-03-10 19:35:02 single_session = DISABLED
2014-03-10 19:35:02 push_peer_info = DISABLED
2014-03-10 19:35:02 tls_exit = DISABLED
2014-03-10 19:35:02 tls_auth_file = '[UNDEF]'
2014-03-10 19:35:02 client = ENABLED
2014-03-10 19:35:02 pull = ENABLED
2014-03-10 19:35:02 auth_user_pass_file = '[UNDEF]'
2014-03-10 19:35:02 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_70-078981e61dfdf105] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Mar 2 2014
2014-03-10 19:35:02 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2014-03-10 19:35:02 MANAGEMENT: CMD 'hold release'
2014-03-10 19:35:02 MANAGEMENT: CMD 'proxy NONE'
2014-03-10 19:35:02 MANAGEMENT: CMD 'bytecount 2'
2014-03-10 19:35:02 MANAGEMENT: CMD 'state on'
2014-03-10 19:35:03 LZO compression initializing
2014-03-10 19:35:03 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2014-03-10 19:35:03 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2014-03-10 19:35:03 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2014-03-10 19:35:03 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2014-03-10 19:35:03 Local Options hash (VER=V4): '41690919'
2014-03-10 19:35:03 Expected Remote Options hash (VER=V4): '530fdded'
2014-03-10 19:35:03 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xxx.xxx:1194
2014-03-10 19:35:03 Socket Buffers: R=[163840->131072] S=[163840->131072]
2014-03-10 19:35:03 Protecting socket fd 4
2014-03-10 19:35:03 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-03-10 19:35:03 UDP link local (bound): [AF_INET][undef]:1194
2014-03-10 19:35:03 UDP link remote: [AF_INET]xx.xxx.xxx.xxx:1194
2014-03-10 19:35:03 MANAGEMENT: >STATE:1394494503,WAIT,,,
2014-03-10 19:35:03 MANAGEMENT: >STATE:1394494503,AUTH,,,
2014-03-10 19:35:03 TLS: Initial packet from [AF_INET]xx.xxx.xxx.xxx:1194, sid=c498f882 63d1a0e4
2014-03-10 19:35:04 VERIFY OK: depth=1, C=US, ST=CA, L=SanJose, O=HomeHDA, OU=VPN, CN=yourhda.com, emailAddress=info@homehda.com
2014-03-10 19:35:04 Validating certificate key usage
2014-03-10 19:35:04 ++ Certificate has key usage 00a0, expects 00a0
2014-03-10 19:35:04 VERIFY KU OK
2014-03-10 19:35:04 Validating certificate extended key usage
2014-03-10 19:35:04 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2014-03-10 19:35:04 VERIFY EKU OK
2014-03-10 19:35:04 VERIFY OK: depth=0, C=US, ST=CA, L=SanJose, O=HomeHDA, OU=VPN, CN=server, emailAddress=info@homehda.com
2014-03-10 19:36:04 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2014-03-10 19:36:04 TLS Error: TLS handshake failed
2014-03-10 19:36:04 TCP/UDP: Closing socket
2014-03-10 19:36:04 SIGUSR1[soft,tls-error] received, process restarting
2014-03-10 19:36:04 MANAGEMENT: >STATE:1394494564,RECONNECTING,tls-error,,
2014-03-10 19:36:04 MANAGEMENT: CMD 'hold release'
2014-03-10 19:36:04 MANAGEMENT: CMD 'bytecount 2'
2014-03-10 19:36:04 MANAGEMENT: CMD 'state on'
2014-03-10 19:36:04 MANAGEMENT: CMD 'proxy NONE'
2014-03-10 19:36:05 LZO compression initializing
2014-03-10 19:36:05 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2014-03-10 19:36:05 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2014-03-10 19:36:05 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2014-03-10 19:36:05 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2014-03-10 19:36:05 Local Options hash (VER=V4): '41690919'
2014-03-10 19:36:05 Expected Remote Options hash (VER=V4): '530fdded'
2014-03-10 19:36:05 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xxx.xxx:1194
2014-03-10 19:36:05 Socket Buffers: R=[163840->131072] S=[163840->131072]
2014-03-10 19:36:05 Protecting socket fd 4
2014-03-10 19:36:05 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-03-10 19:36:05 UDP link local (bound): [AF_INET][undef]:1194
2014-03-10 19:36:05 UDP link remote: [AF_INET]xx.xxx.xxx.xxx:1194
2014-03-10 19:36:05 MANAGEMENT: >STATE:1394494565,WAIT,,,
2014-03-10 19:36:05 MANAGEMENT: >STATE:1394494565,AUTH,,,
2014-03-10 19:36:05 TLS: Initial packet from [AF_INET]xx.xxx.xxx.xxx:1194, sid=ecffaf9c a2b9a50d
2014-03-10 19:36:06 VERIFY OK: depth=1, C=US, ST=CA, L=SanJose, O=HomeHDA, OU=VPN, CN=yourhda.com, emailAddress=info@homehda.com
2014-03-10 19:36:06 Validating certificate key usage
2014-03-10 19:36:06 ++ Certificate has key usage 00a0, expects 00a0
2014-03-10 19:36:06 VERIFY KU OK
2014-03-10 19:36:06 Validating certificate extended key usage
2014-03-10 19:36:06 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2014-03-10 19:36:06 VERIFY EKU OK
2014-03-10 19:36:06 VERIFY OK: depth=0, C=US, ST=CA, L=SanJose, O=HomeHDA, OU=VPN, CN=server, emailAddress=info@homehda.com

User avatar
bigfoot65
Project Manager
Posts: 11648
Joined: Mon May 25, 2009 4:31 pm

Re: Open VPN on Android

Postby bigfoot65 » Mon Mar 10, 2014 4:53 pm

Did you select the mode with certificates and password? Also the server name is your Amahi dynamic DNS name which is user.yourhda.com.
ßîgƒσστ65
Applications Manager

burn913
Posts: 71
Joined: Sun Mar 09, 2014 12:02 pm

Re: Open VPN on Android

Postby burn913 » Mon Mar 10, 2014 7:19 pm

Bigfoot, thanks again. Now it says that my VPN is connected but I still can't browse my share folders or see my DLNA. Any ideas?

[ Post made via Android ] Image

User avatar
bigfoot65
Project Manager
Posts: 11648
Joined: Mon May 25, 2009 4:31 pm

Re: Open VPN on Android

Postby bigfoot65 » Tue Mar 11, 2014 5:14 am

When you access things through VPN, you will most likely need to use the fully qualified domain name, i.e. \\hda.amahi.net or whatver your domain name is set to.

As for the DLNA, you have to install a DLNA client on your android device. Some work well while others don't. Not sure if there was one listed in the wiki. I can't remember what I am using. I will post it once I get access to my phone. It's locked up when I am at work.
ßîgƒσστ65
Applications Manager

Who is online

Users browsing this forum: No registered users and 2 guests