My android phone connect to VPN then immediately disconnects, I tried most of VPNs on Google Play Store but it's not working. OpenVPN connects barely and disconnects in less than 1 minute, my network is good and I can connect VPN on my laptop with my network. 01:06:43.695 -- EVENT: CONNECTED info='ir443391@nl.ovadd.com:800 (134.19.177.20) via /UDPv4 on tun/10.11.3.202/ gw=[10.11.3.201/]' trans=TO_CONNECTED 01:08:09.304 -- EVENT: DISCONNECTED trans=TO_DISCONNECTED 01:08:09.321 -- EVENT: CORE_THREAD_INACTIVE 01:08:09.322 -- Tunnel bytes per CPU second: 0 01:08:09.323 -- ----- OpenVPN Stop ----- –

I have set up a server with OpenVPN and Squid, by making my computer connect to the server's OpenVPN (TUN interface UDP connection), we are in the same LAN network, and Squid on this server allows my computer to surf the internet by its proxy function, simply by setting computer's Chrome proxy to 10.200.0.1:3128. I have set up my Android phone with the OpenVPN client, it can connect to the server too (Although I can not ping Android IP - 10.200.0.2 from the server side, which is weird to me). However, I see no Android app has the same proxy setting as what is in the computer's Chrome. All my HTTP traffic still goes through the WLAN interface rather than the TUN interface. I am not sure if the OpenVPN Android client's proxy setting can help. I tried it, but the OpenVPN client prompted an error message: > option_error: can not connect via TCP-based proxy because no tcp server entries exist in profile. Does it mean I should use a TCP OpenVPN connection to fix this error? or should I find another way to redirect the HTTP traffic through VPN channel?

I have a config file that works in windows, but when I try to use this file in the OpenVpn Android application, I get an error that says that it is not possible to parse the files ca.crt, cer.crt, cer.key and ta.key. I have the config file and all the other files in the same folder. My config files is this: ca ca.crt cer cer.crt key cer.key tls-auth ta.key 1 I have alse too to embedded the files in the config file, how it is explained in the documentation: https://openvpn.net/faq/i-am-having-trouble-importing-my-ovpn-file/ But I still get the same error. How I have set the certificates in the config file to can import it in the OpenVpn Android application? Thanks.

Can we make a Vpn server run on Android. Can applications do this? If yes, which protocols are supported and is this a good idea to use such apps? If not, what are some issues that we may face?

I wanted to install OpenVPN server on rooted Android and found a solution on StackExchange . I rooted my phone, installed Linux Deploy, installed Ubuntu in it and compiled latest OpenVPN server and EasyRSA. When I start OpenVPN server on my phone and I can connect to it with a client, but I can't ping anything but myself. Below is my server configuration (same configuration works fine if I set it up on real Ubuntu server): # server 10.10.1.0 255.255.255.0 # push "redirect-gateway def1 bypass-dhcp" # topology subnet # push "topology subnet" # push "dhcp-option DNS 84.200.69.80" # push "dhcp-option DNS 84.200.70.40" # duplicate-cn # data-ciphers-fallback 'AES-256-CBC' # keepalive 10 120 # persist-key # persist-tun # explicit-exit-notify 1 # log-append /var/log/openvpn.log # verb 3 I haven't installed iptables or ufw so that's not a problem. My router LAN ip address is 192.168.2.1 and my telephone ip address is 192.168.2.28 (wlan0). My OpenVPN server is on 10.10.1.1 (tun0) address and my OpenVPN client gets 10.10.1.2. **On the StackExchange link I posted, guy said that Android ignores main table at all, so we should create custom rules and insert routes.** Without adding any routes to server, I can't even ping 10.10.1.1 from my client, but when I add sudo ip route add 10.10.1.0/24 dev tun0 table 5000 ping started working for 10.10.1.1 and 192.168.2.28 and that's it, I can't get to 192.168.2.1 or any further. I tried adding sudo ip route add 192.168.2.0/24 dev wlan0 table 5000 but nothing changes. I even tried sudo ip route add default dev wlan0 table 5000, but when I add that, I can't even connect from my client to my server any more. Anyone have any idea how can I fix this?

I am working on an Android Java application that performs a vulnerability scan of the network where the mobile device is. Since I cannot install any type of vulnerability scan tool on Android I would like to send the vulnerability scan packets from a back-end server (running open-vas) to my android device and then make the android device forward them to the destination hosts inside his network. The easiest way to do that would be to create a VPN Server on the android device, but I don't think it's possible with the VpnService APIs. From what I have found it looks like someone managed to forward traffic with VPN Service: Android VpnService - How to forward intercepted internet traffic . Another idea was to create a sort of packet wrapping: I can wrap the original packet coming from the back-end server inside a standard TCP packet, send it to the android device, unwrap it and forward it to the host inside the device's network. Although I don't know if this would really work in my case for 2 main reasons: 1. I will probably receive RAW packets from the server (since vulnerability scanners forges specific RAW packets for vulnerability testing) and Java does not have any support for manipulating packets 2. Even if I am able to unwrap the packet I will still have a RAW packet to send and from what I have seen Java does not have any support for RAW sockets for security reasons. So do you guys have an idea if there is a way to create a VPN Server on Android to do this remote vulnerability scan? Thanks! PS Maybe rooting the device will give some more alternatives but I am reserving this as last chance.

I use OpenVPN Connect. When VPN connection is active Google Play can show pages, pictures, video, but does not download the application: "pending...". To begin download I need to disable VPN, then it works. Tell me how to research a problem and make GPlay work over VPN?

The goal =================== I do want to connect to some services (e.g. file server, IP camera etc) in my home network from my mobile phone by using VPN. I use Tomato Version 1.28 (shibby) on my Netgear WNR3500L v2 Router and I set up an OpenVPN server following the instructions here . The Problem ============== I then try to connect my OPO with Cyanogenmod 11.0 based on Android 4.4.4 by using the OpenVPN client. The handshake seems to work okay but then I receive the following error message on my phone in the OpenVPM app: [...] 2014-09-25 21:09:07 MANAGEMENT: CMD 'needok 'ROUTE' ok' 2014-09-25 21:09:07 Local IP address unset but adding route?! This broken! Please contact author with log 2014-09-25 21:09:07 Open tun network interface: 2014-09-25 21:09:07 Refusing to open tun device without IP information 2014-09-25 21:09:07 MANAGEMENT: CMD 'needok 'OPENTUN' cancel' 2014-09-25 21:09:07 MANAGEMENT: Client disconnected 2014-09-25 21:09:07 ERROR: Cannot open TUN The server log says: Sep 25 21:28:29 unknown daemon.notice openvpn: carl/11.22.33.44:7066 TLS: new session incoming connection from [AF_INET]11.22.33.44:7066 Sep 25 21:28:30 unknown daemon.notice openvpn: carl/11.22.33.44:7066 VERIFY OK: depth=1, C=AU, ST=ACity, L=ACity, O=Private, OU=changeme, CN=ACity.mooo.com, name=changeme, emailAddress=admin@example.org Sep 25 21:28:30 unknown daemon.notice openvpn: carl/11.22.33.44:7066 VERIFY OK: depth=0, C=AU, ST=ACity, L=ACity, O=Private, OU=changeme, CN=carl, name=carl, emailAddress=admin@example.org Sep 25 21:28:30 unknown daemon.notice openvpn: carl/11.22.33.44:7066 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sep 25 21:28:30 unknown daemon.notice openvpn: carl/11.22.33.44:7066 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sep 25 21:28:30 unknown daemon.notice openvpn: carl/11.22.33.44:7066 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sep 25 21:28:30 unknown daemon.notice openvpn: carl/11.22.33.44:7066 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sep 25 21:28:30 unknown daemon.notice openvpn: carl/11.22.33.44:7066 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1 Sep 25 21:28:30 unknown daemon.notice openvpn: carl/11.22.33.44:7066 TLS: tls_multi_process: untrusted session promoted to semi-trusted Sep 25 21:28:30 unknown daemon.notice openvpn: carl/11.22.33.44:7066 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sep 25 21:28:32 unknown daemon.notice openvpn: carl/11.22.33.44:7066 PUSH: Received control message: 'PUSH_REQUEST' Sep 25 21:28:32 unknown daemon.notice openvpn: carl/11.22.33.44:7066 send_push_reply(): safe_cap=940 Sep 25 21:28:32 unknown daemon.notice openvpn: carl/11.22.33.44:7066 SENT CONTROL [carl]: 'PUSH_REPLY,dhcp-option DNS 192.168.0.1,route-gateway 192.168.0.1,redirect-gateway def1,route-gateway dhcp,ping 15,ping-restart 60' (status=1) Question ============ What does this error message mean Local IP address unset but adding route?! What setting am i missing? Why can't I connect to my home network via VPN?

OpenVPN 2.5.3 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 I installed OpenVPN on the latest OpenWrt 21.02.1 The client config and server conf files both have these lines at the top: user nobody group nogroup dev tun .. .. I installed the OpenVPN for Android app on my Android phone. When entering the client config file... am I supposed to comment out or delete the first two lines since there is no user called: nobody and no group called nogroup in my Android. At least I didn't see anything in /etc/group and `/etc/passwd in Android OS. I see in the OpenVPN manual that the --user option lets you: *"Change the user ID of the OpenVPN process to user after initialization, dropping privileges in the process. This option is useful to protect the system in the event that some hostile party was able to gain control of an OpenVPN session."* I can connect from the Android client to OpenVPN server by commenting out those two lines but is there a way to obtain the benefit of running as user "nobody" and group "nogroup", or some such unpriviledged user, when connecting to OpenVPN server on OpenWrt from an Android phone? From a Terminal to my phones Android OS if I do ls -l I can see user and group of all files is: u0_a252 so should I make a user an group of u0_a252 on the server running OpenVPN and then use that as the user and group in you are dropping root privileges on the client with --user and/or --group the client and server config files? My phone is not rooted so I guess running as user u0_a252 will be the same thing as running OpenVPN unprivileged? Lastly do I NEED to define a user AND a group or is one or the other enough? The OpenVPN manual is a bit ambiguous on this point because it also states: *"[if] you are dropping root privileges on the client with --user and/or --group.."* Cheers, Flex

Obfuscation is known to bypass restrictive firewalls and DPI of some ISPs. I am wondering why this hasn't been implemented officially in the client, given that its open source. This has been done for some mac and windows clients (and perhaps android clients which are mostly close sourced). After a bit of digging, I came across a scramble/xor patch here: https://github.com/clayface/openvpn_xorpatch/blob/master/openvpn_xor.patch . Is there a way to add scramble support for Open VPN client, either by simple decompiling and recompiling or building the client from scratch? There is another client: VPN Client Pro , which has scramble support but requires a subscription, ideally was looking for a free option to simply to this patch in order to connect to obfuscated servers.

I have an AWS Client VPN that I use successfully in my laptop. Nonetheless I've not been able to configure it on my Android phone. The issue is, I think, that this VPN uses federated authentication (with Microsoft's Active Directory), and the OpenVPN Android client doesn't know how to use it. From my laptop, using the AWS VPN Client it opens a web browser that authenticates against Microsoft each time that I connect to the VPN, but on Android this browser window is not being opened. Does anybody know how to set this up? This is what my AWS VPN client file looks like:

client
dev tun
proto udp
remote hello.cvpn-endpoint-REDACTED.clientvpn.us-west-2.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3

-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----


auth-user-pass
auth-federate
auth-retry interact
auth-nocache
reneg-sec 0

Notice that: - My endpoint says hello as I found out the OpenVPN app doesn't honour remote-random-hostname to prepend the random string to the url (used to bypass DNS caching), so I had to add a random string manually. - The config file says auth-user-pass but I don't have a username and password for the VPN, besides the one from Active Directory, which I've already tried with no luck.

I want to route a specific IP address from hotspot (wlan0) to Mobile Data (rmnet_data1) interface on Android 11, bypassing VPN. I use my phone as a hotspot and also with the help of an app called "VPN Hotspot" I share the VPN with my PC. I want to exclude a specific IP address from VPN. I have tried the route option in "OpenVPN for Android" client and it doesn't seem to work properly. I think it might because of "Always On" enabled. Can I achieve this with ip route command?

So, we are part of a company that provides VPN services to retailers. One of our clients doesn't want to have their employees open up the VPN and login every time they turn the device (an Android tablet) on. This involves opening up OpenVPN, putting in credentials and clicking the Connect button. Is this possible natively, without rooting - opening up an app and putting in credentials automatically - or do I absolutely need an external app? If so, which app is the most recommended in this case?

I have setup the openvpn server and client. The client could connect to the server. Then, the server will aways disconnect the client after around two hours(refer to the log of server). And to my surprise, the client shows the connection still on. But I can't send any data from client to server at that time. Here is the config of server(part):

duplicate-cn
keepalive 10 120
nice 3
verb 0
mute 10
reneg-sec 0

Here is the log of server:

Feb  1 07:59:32 OpenVPN server: peer xxx.xxx.xxx.xxx (client) connected - local IP: 10.8.0.2
Feb  1 09:33:34 OpenVPN server: peer xxx.xxx.xxx.xxx (client) disconnected, sent: 55 KB, received: 56 KB
Feb  2 07:59:08 OpenVPN server: peer xxx.xxx.xxx.xxx (client) connected - local IP: 10.8.0.2
Feb  2 09:34:56 OpenVPN server: peer xxx.xxx.xxx.xxx (client) disconnected, sent: 56 KB, received: 57 KB
Feb  3 07:58:12 OpenVPN server: peer xxx.xxx.xxx.xxx (client) connected - local IP: 10.8.0.2
Feb  3 09:58:20 OpenVPN server: peer xxx.xxx.xxx.xxx (client) disconnected, sent: 70 KB, received: 71 KB

Here is the config of client(part):

client
dev tun
proto udp
remote xxx.xxx.net 2222
resolv-retry infinite
nobind
persist-key
persist-tun
auth SHA1
cipher BF-CBC
comp-lzo adaptive
nice 0
verb 3
mute 10

Here is the log of clinet:

2021-2-3 7:58	VPN profile [client] is connecting to [xxx.xxx.net]. (protocol[OpenVPN], IP[10.8.0.2], interface[tun0])
2021-2-2 7:59	VPN profile [clinet] is connecting to [xxx.xxx.net]. (protocol[OpenVPN], IP[10.8.0.2], interface[tun0])
2021-2-1 7:59	VPN profile [clinet] is connecting to [xxx.xxx.net]. (protocol[OpenVPN], IP[10.8.0.2], interface[tun0])

I've tried web search and installed one VPN hotspot app (be.mygod.vpnhotspot) from google play, but could not find in it settings for VPN server ip. The task in to connect to my OpenVPN server and provide transparent ip spoofing for devices connected to my phone by WiFi and/or USB. Is there such app (preferably opensource)? I understand root is required. Is there a way to make phone connect to some WiFi-spot and be via that app WiFi spot with VPN? If not, then get internet from WiFi and make its spot for USB tethering.

I have downloaded a VPN configuration file in .rar format but i can't extract it in my SD card. I tried Andro Zip and WinRar app for this purpose but still I can't do it. It only opens the files and not extracting it.

client dev tap proto udp remote ADDRESS PORT auth-user-pass ca cert-chain.pem remote-cert-tls server route 0.0.0.0 0.0.0.0 resolv-retry infinite nobind persist-key persist-tun verb 3 route-delay 3 redirect-gateway def1 I have the above OpenVPN configuration file and I want to connect from my SGS2. Can you help me?

I'm using the Always-on VPN feature of Android to ensure a VPN connection. Whether I'm using OpenVPN or Strongswan as a client I always have connection issues on Android if the network node changes. Either I have to wait for a random time (1min - 30min) until it works by itself or I have to reconnect manually. Strongswan is worse than OpenVPN because it literally happens every single time the node changes. Sometimes the client even reconnects by itself, as I can see on the elapsed time being reset, but I still have to reconnect manually afterwards to use the network. This is really annoying but I have no idea how to troubleshoot this problem. I tried searching CatLog for VPN entries but I didn't found any warnings or errors. How could I troubleshoot issues like that?

Google Play works fine as application browser, but fails to install any app when OpenVPN is active. The same problem repeats on 3 phones from different vendors. How to investigate?

First: this question is not a duplicate of: 1. This question : I don't want to use SOCKS, and I am not asking about Lollipop. 2. This question : No answer, and different use case 3. This question : I don't have time to develop my own application. My goal: to find a way to force all internet traffic (including cellular ie LTE) into my OpenVPN server, except for apps on a whitelist. Whitelisted apps either connect to a second VPN or SOCKS proxy (option preferred), or not be connected to a tunnel at all (a "normal" connection). For example, try out the ProtonVPN application (which, by the way, I recommend). There is an option to whitelist apps from the VPN. This is what I want, but for my own server. Root is definitely not preferred, but if it's the only option, then I guess I'll accept it. Multiple profiles are also not preferred, but if it allows some apps to be over VPN and others not, then I will also accept that (but I would like system apps to be blocked in that case). Thank you.