Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

not start whith blank password in tls file ta.key #80

Closed
GoogleCodeExporter opened this issue Mar 19, 2015 · 7 comments
Closed

not start whith blank password in tls file ta.key #80

GoogleCodeExporter opened this issue Mar 19, 2015 · 7 comments
Labels
Bug

Comments

@GoogleCodeExporter
Copy link 

What steps will reproduce the problem?
1. configure openvpn
2.
3.

What is the expected output? What do you see instead?
P:Passphrase  file '/mnt/sdcard/key/ta.key' is too small (must have at least 8 
characters)

What mobile phone are you using?
huaiwei U8860

Which Android Version and stock ROM or aftermarket like cyanogenmod?
4.03

Please provide any additional information below.
On linux work good whith blank password in tls.

Original issue reported on code.google.com by [email protected] on 28 Aug 2012 at 1:15
@GoogleCodeExporter
Copy link
Author 

can you show me the configuration you have imported? Or the generated 
configuration? Also note that tls authentifcation is NOT tls key.

Original comment by [email protected] on 28 Aug 2012 at 1:26

  • Changed state: NeedMoreInformation

@GoogleCodeExporter
Copy link
Author 

# Enables connection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold

# Log window is better readable this way
suppress-timestamps
client
verb 5
connect-retry-max 5
resolv-retry 5
dev tun
remote gate  1194 tcp-client
pkcs12 /mnt/sdcard/key/gs.pfx
tls-auth /mnt/sdcard/key/ta.key
key-direction 1
route-ipv6 ::/0
route 0.0.0.0 0.0.0.0
tls-remote gate
remote-cert-tls server
# Custom configuration options
# You are on your on own here :)
dh /mnt/sdcard/key/dh1024.pem pem

Original comment by [email protected] on 28 Aug 2012 at 1:37

@GoogleCodeExporter
Copy link
Author 

Your configuration seems to be okay. Can you check that the ta.key file is 
actually correct? From the error messages it sounds that the file is empty.

Original comment by [email protected] on 28 Aug 2012 at 1:52

@GoogleCodeExporter
Copy link
Author 

Yes, file corrupt while copyng.
i fix it,
now i have another error:


Opening tun interface failed badly

Error: Cannot create interface


on my  android a do not root access

Original comment by [email protected] on 28 Aug 2012 at 2:42

@GoogleCodeExporter
Copy link
Author 

Can you show me a log file?

Original comment by [email protected] on 28 Aug 2012 at 2:46

@GoogleCodeExporter
Copy link
Author 

Running on U8860 (U8860) Huawei, Android API 15
Building configuration…
Network Status: CONNECTED  to WIFI 
P:Current Parameter Settings:
P:  config = '/data/data/de.blinkt.openvpn/cache/android.conf'
P:  mode = 0
P:  show_ciphers = DISABLED
P:  show_digests = DISABLED
P:  show_engines = DISABLED
P:  genkey = DISABLED
P:  key_pass_file = '[UNDEF]'
P:  show_tls_ciphers = DISABLED
P:Connection profiles [default]:
P:  proto = tcp-client
P:  local = '[UNDEF]'
P:  local_port = 0
P:  remote = 'gate'
P:  remote_port = 1194
P:  remote_float = DISABLED
P:  bind_defined = DISABLED
P:  bind_local = DISABLED
P:  connect_retry_seconds = 5
P:  connect_timeout = 10
P:  connect_retry_max = 5
P:  socks_proxy_server = '[UNDEF]'
P:  socks_proxy_port = 0
P:  socks_proxy_retry = DISABLED
P:  tun_mtu = 1500
P:  tun_mtu_defined = ENABLED
P:  link_mtu = 1500
P:  link_mtu_defined = DISABLED
P:  tun_mtu_extra = 0
P:  tun_mtu_extra_defined = DISABLED
P:  mtu_discover_type = -1
P:  fragment = 0
P:  mssfix = 1450
P:  explicit_exit_notification = 0
P:Connection profiles END
P:  remote_random = DISABLED
P:  ipchange = '[UNDEF]'
P:  dev = 'tun'
P:  dev_type = '[UNDEF]'
P:  dev_node = '[UNDEF]'
P:  lladdr = '[UNDEF]'
P:  topology = 1
P:  tun_ipv6 = DISABLED
P:  ifconfig_local = '[UNDEF]'
P:  ifconfig_remote_netmask = '[UNDEF]'
P:  ifconfig_noexec = DISABLED
P:  ifconfig_nowarn = DISABLED
P:  ifconfig_ipv6_local = '[UNDEF]'
P:  ifconfig_ipv6_netbits = 0
P:  ifconfig_ipv6_remote = '[UNDEF]'
P:  shaper = 0
P:  mtu_test = 0
P:  mlock = DISABLED
P:  keepalive_ping = 0
P:  keepalive_timeout = 0
P:  inactivity_timeout = 0
P:  ping_send_timeout = 0
P:  ping_rec_timeout = 0
P:  ping_rec_timeout_action = 0
P:  ping_timer_remote = DISABLED
P:  remap_sigusr1 = 0
P:  persist_tun = DISABLED
P:  persist_local_ip = DISABLED
P:  persist_remote_ip = DISABLED
P:  persist_key = DISABLED
P:  resolve_retry_seconds = 5
P:  username = '[UNDEF]'
P:  groupname = '[UNDEF]'
P:  chroot_dir = '[UNDEF]'
P:  cd_dir = '[UNDEF]'
P:  writepid = '[UNDEF]'
P:  up_script = '[UNDEF]'
P:  down_script = '[UNDEF]'
P:  down_pre = DISABLED
P:  up_restart = DISABLED
P:  up_delay = DISABLED
P:  daemon = DISABLED
P:  inetd = 0
P:  log = DISABLED
P:  suppress_timestamps = ENABLED
P:  nice = 0
P:  verbosity = 5
P:  mute = 0
P:  gremlin = 0
P:  status_file = '[UNDEF]'
P:  status_file_version = 1
P:  status_file_update_freq = 60
P:  occ = ENABLED
P:  rcvbuf = 65536
P:  sndbuf = 65536
P:  sockflags = 0
P:  fast_io = DISABLED
P:  lzo = 0
P:  route_script = '[UNDEF]'
P:  route_default_gateway = '[UNDEF]'
P:  route_default_metric = 0
P:  route_noexec = DISABLED
P:  route_delay = 0
P:  route_delay_window = 30
P:  route_delay_defined = DISABLED
P:  route_nopull = DISABLED
P:  route_gateway_via_dhcp = DISABLED
P:  max_routes = 100
P:  allow_pull_fqdn = DISABLED
P:  route 0.0.0.0/0.0.0.0/nil/nil
P:  management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
P:  management_port = 0
P:  management_user_pass = '[UNDEF]'
P:  management_log_history_cache = 250
P:  management_echo_buffer_size = 100
P:  management_write_peer_info_file = '[UNDEF]'
P:  management_client_user = '[UNDEF]'
P:  management_client_group = '[UNDEF]'
P:  management_flags = 294
P:  shared_secret_file = '[UNDEF]'
P:  key_direction = 2
P:  ciphername_defined = ENABLED
P:  ciphername = 'BF-CBC'
P:  authname_defined = ENABLED
P:  authname = 'SHA1'
P:  prng_hash = 'SHA1'
P:  prng_nonce_secret_len = 16
P:  keysize = 0
P:  engine = DISABLED
P:  replay = ENABLED
P:  mute_replay_warnings = DISABLED
P:  replay_window = 64
P:  replay_time = 15
P:  packet_id_file = '[UNDEF]'
P:  use_iv = ENABLED
P:  test_crypto = DISABLED
P:  tls_server = DISABLED
P:  tls_client = ENABLED
P:  key_method = 2
P:  ca_file = '/mnt/sdcard/key/ca.crt'
P:  ca_path = '[UNDEF]'
P:  dh_file = '/mnt/sdcard/key/dh1024.pem'
P:  cert_file = '/mnt/sdcard/key/gs.crt'
P:  priv_key_file = '/mnt/sdcard/key/gs.key'
P:  pkcs12_file = '[UNDEF]'
P:  cipher_list = '[UNDEF]'
P:  tls_verify = '[UNDEF]'
P:  tls_export_cert = '[UNDEF]'
P:  tls_remote = 'gate'
P:  crl_file = '[UNDEF]'
P:  ns_cert_type = 0
P:  remote_cert_ku[i] = 160
P:  remote_cert_ku[i] = 136
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_eku = 'TLS Web Server Authentication'
P:  ssl_flags = 0
P:  tls_timeout = 2
P:  renegotiate_bytes = 0
P:  renegotiate_packets = 0
P:  renegotiate_seconds = 3600
P:  handshake_window = 60
P:  transition_window = 3600
P:  single_session = DISABLED
P:  push_peer_info = DISABLED
P:  tls_exit = DISABLED
P:  tls_auth_file = '/mnt/sdcard/key/ta.key'
P:  client = ENABLED
P:  pull = ENABLED
P:  auth_user_pass_file = '[UNDEF]'
P:OpenVPN 2.3_alpha3 arm-linux-androideabi [SSL (OpenSSL)] [LZO] [EPOLL] [MH] 
[PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Aug  2 2012
P:MANAGEMENT: Connected to management server at 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:WARNING: Make sure you understand the semantics of --tls-remote before using 
it (see the man page).
P:WARNING: file '/mnt/sdcard/key/gs.key' is group or others accessible
P:WARNING: file '/mnt/sdcard/key/ta.key' is group or others accessible
P:Control Channel Authentication: using '/mnt/sdcard/key/ta.key' as a OpenVPN 
static key file
P:Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' 
for HMAC authentication
P:Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' 
for HMAC authentication
P:Control Channel MTU parms [ L:1543 D:168 EF:68 EB:0 ET:0 EL:0 ]
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:Socket Buffers: R=[1048576->131072] S=[524288->131072]
P:MANAGEMENT: >STATE:1346224015,RESOLVE,,,
P:Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto 
TCPv4_CLIENT,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 
2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 
1500,proto TCPv4_SERVER,keydir 0,cipher BF-CBC,auth SHA1,keysize 
128,tls-auth,key-method 2,tls-server'
P:Local Options hash (VER=V4): 'd8421bb0'
P:Expected Remote Options hash (VER=V4): 'c413e92e'
P:Attempting to establish TCP connection with [AF_INET]192.168.100.156:1194 
[nonblock]
P:MANAGEMENT: >STATE:1346224015,TCP_CONNECT,,,
P:TCP connection established with [AF_INET]192.168.100.156:1194
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET]192.168.100.156:1194
P:MANAGEMENT: >STATE:1346224016,WAIT,,,
P:WRMANAGEMENT: >STATE:1346224016,AUTH,,,
P:TLS: Initial packet from [AF_INET]192.168.100.156:1194, sid=c3ff0ef1 5fe6f235
P:WWWRRRRRWWRWRWRRWWRWRWRRWWRWRWRRWWRWRWRVERIFY OK: depth=1, C=RU, ST=NW, 
L=xxx, O=xxx, CN=xxx CA, emailAddress=xxx@xxx
P:Validating certificate key usage
P:++ Certificate has key usage  00a0, expects 00a0
P:VERIFY KU OK
P:Validating certificate extended key usage
P:++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web 
Server Authentication
P:VERIFY EKU OK
P:VERIFY X509NAME OK: C=xxx, ST=NW, L=xxx, O=xxx, CN=gate, emailAddress=xxx@xxx
P:VERIFY OK: depth=0, C=xxx, ST=NW, L=xxx, O=xxx, CN=gate, emailAddress=xxx@xxx
P:RWWRWRRWWRRWWWWWRWRRRWWWRWRWRRWWRWRWRRWWRWRWRWRRWWRWRRRRRRRWWRWRWRRWWRWRWRWRWW
WWRRRRRRData Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
P:Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC 
authentication
P:Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
P:Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC 
authentication
P:WWControl Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
P:[gate] Peer Connection Initiated with [AF_INET]192.168.100.156:1194
P:MANAGEMENT: >STATE:1346224017,GET_CONFIG,,,
P:SENT CONTROL [gate]: 'PUSH_REQUEST' (status=1)
P:WRRRRPUSH: Received control message: 'PUSH_REPLY,route 192.168.88.0 
255.255.252.0,topology net30,ping 10,ping-restart 120,dhcp-option DNS 
192.168.100.195,route 192.168.0.0 255.255.0.0,route 10.0.0.0 255.0.0.0,route 
172.16.0.0 255.240.0.0,route remote_host 255.255.255.255 net_gateway,ifconfig 
192.168.88.21 192.168.88.22'
P:OPTIONS IMPORT: timers and/or timeouts modified
P:OPTIONS IMPORT: --ifconfig/up options modified
P:OPTIONS IMPORT: route options modified
P:OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
P:ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=10:c6:1f:a6:92:58
P:ROUTE6: default_gateway=UNDEF
P:OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option 
and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 
options
P:OpenVPN ROUTE: failed to parse/resolve route for host/network: ::/0
P:do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
P:MANAGEMENT: >STATE:1346224019,ASSIGN_IP,,192.168.88.21,
P:MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
P:MANAGEMENT: >STATE:1346224019,ADD_ROUTES,,,
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
P:MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
Opening tun interface failed badly.
Error: Cannot create interface
On some custom ICS images the permission on /dev/tun might be wrong, or the tun 
module might be missing completely. For CM9 images try the fix ownership option 
under general settings
P:MANAGEMENT: CMD 'needok 'OPENTUN' cancel'
P:MANAGEMENT: Client disconnected
P:ERROR: Cannot open TUN
P:Exiting due to fatal error
MGMT:Got unrecognized command>FATAL:ERROR: Cannot open TUN

Original comment by [email protected] on 29 Aug 2012 at 7:15

@GoogleCodeExporter
Copy link
Author 

I think this is similar to the problme the Huawei Tablet has. It ships with a 
tun module but does not load the tun module on boot.  I fear your only option 
is to root the device and use load tun option under general settings.

Original comment by [email protected] on 29 Aug 2012 at 10:39

  • Changed state: Invalid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter