maemo.org - Talk - VPN over cellular

maemo.org - Talk (https://talk.maemo.org/index.php)

- Maemo 5 / Fremantle (https://talk.maemo.org/forumdisplay.php?f=40)

- - VPN over cellular (https://talk.maemo.org/showthread.php?t=97198)

VPN over cellular

Hello!

Has anyone managed to set up VPN over cellular?

I have PIA working with openvpn plugin over WiFi but when I try to connect over 2G or 3G websites don't load and other apps also get no connection.

Any hints?

Re: VPN over cellular

Perfectly working VPN over 3G here.

I regularly connect from my N900 over 3G with OpenVPN to my router at home and no real issue...

Check maybe if your mobile provider isn't blocking some ports used by OpenVPN (1194 is the default, if not changed). Maybe try to use ports less probably blocked (80 or 443 for instance). Try another mobile provider just to see if the problem is your current provider.

Re: VPN over cellular

The gprs0 interface has mtu at 1464.

Inside the openvpn client config you have to add the line:

mssfix 1400

(i think to recall that the exact max value for an udp connection is 1424 but i have to check... )

Re: VPN over cellular

Without changing anything openvpn applet gives me:

1470914793,CONNECTING,,,
1470914793,RESOLVE,,,
1470914793,WAIT,,,
1470914794,AUTH,,,
1470914797,GET_CONFIG,,,
1470914799,ASSIGN_IP,,10.107.1.10,
1470914799,ADD_ROUTES,,,
1470914799,CONNECTED,SUCCESS,10.107.1.10,192.40.95 .9

But there is no working connection.

My wife has an android also with the same carier and vpn rpvider and is using openvpn and... it works.

After adding mssfix 14000 to config file still no luck.

Re: VPN over cellular

What do you mean by "not working"?

Try a ping on a domain : ping google.com
Try a ping on an ip (maybe dns is not working) : ping 8.8.8.8
Check what you have in /etc/resolv.conf

What are the routes on your N900 : try command "route"

From what I understand you are assigned the ip 10.107.1.10 and your gateway is 192.40.95.9 ... the route command could help to understand better what is happening.

I don't have experience with any VPN provider as I always configured myself my VPN servers, but using the commands mentioned above can help to determine where is the problem and what exactly isn't working.

Re: VPN over cellular

I am using NordVPN and used to use IPredator.
Both work over cellular with the standard config files they provide for OpenVPN.
I didn't use the applet but started OpenVPN from the console.

openvpn --config providedfiled.conf

I can upload one of the working conffiles if you want to compare.
Note that my mobile provider is not too restrictive using ports,
but as port 443(SSL) is used, the provider shouldn't be able to differentiate it from normal mobile browsing.

Re: VPN over cellular

Here it is:

Code:

Nokia-N900:~# route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.148.195.203  *               255.255.255.255 UH    0      0        0 gprs0

10.137.1.5      *               255.255.255.255 UH    0      0        0 tun0

46.165.210.1    10.148.195.203  255.255.255.255 UGH   0      0        0 gprs0

10.137.1.1      10.137.1.5      255.255.255.255 UGH   0      0        0 tun0

default         10.137.1.5      128.0.0.0       UG    0      0        0 tun0

128.0.0.0       10.137.1.5      128.0.0.0       UG    0      0        0 tun0

default         10.148.195.203  0.0.0.0         UG    0      0        0 gprs0

default         *

Ping google.com gives nothing - the command gives no output even after long waiting time. ping 8.8.8.8 gives output - I could not stop it so I had to close the terminal.

Etc/resolve.conf:

Code:

nameserver 127.0.0.1

but there is also:
etc/openvpn/maemo-update-resolveconf

Code:

#!/bin/bash

#

# Parses DHCP options from openvpn to update resolv.conf

# To use set as 'up' and 'down' script in your openvpn *.conf:

# up /etc/openvpn/maemo-update-resolvconf

# plugin /opt/openvpn/lib/openvpn/openvpn-down-root.so "script_type=down /etc/openvpn/maemo-update-resolvconf"

# Customized version for Maemo (lacks resolvconf)

# 02.08.2009 andrea@borgia.bo.it

#

# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>

# and Chris Hanson

# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.

# 05/2006 chlauber@bnc.ch

#

# Example envs set from openvpn:

# foreign_option_1='dhcp-option DNS 193.43.27.132'

# foreign_option_2='dhcp-option DNS 193.43.27.133'

# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

#



case $script_type in



up)

    for optionname in ${!foreign_option_*} ; do

        option="${!optionname}"

        echo $option

        part1=$(echo "$option" | cut -d " " -f 1)

        if [ "$part1" == "dhcp-option" ] ; then

            part2=$(echo "$option" | cut -d " " -f 2)

            part3=$(echo "$option" | cut -d " " -f 3)

            if [ "$part2" == "DNS" ] ; then

                IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"

            fi

            if [ "$part2" == "DOMAIN" ] ; then

                IF_DNS_SEARCH="$part3"

            fi

        fi

    done

    R=""

    if [ "$IF_DNS_SEARCH" ] ; then

        R="${R}search $IF_DNS_SEARCH\n"

    fi

    for NS in $IF_DNS_NAMESERVERS ; do

        R="${R}nameserver $NS\n"

    done

    if [ ! -f /etc/resolv.conf.prevpn ] ; then

        mv /etc/resolv.conf /etc/resolv.conf.prevpn

    fi

    echo -e "$R" > /etc/resolv.conf

    ;;



down)

    if [ -f /etc/resolv.conf.prevpn ] ; then

        mv /etc/resolv.conf.prevpn /etc/resolv.conf

    fi

    ;;



esac

and also:
etc/openvpn/update-resolve-conf

Code:

#!/bin/bash

# 

# Parses DHCP options from openvpn to update resolv.conf

# To use set as 'up' and 'down' script in your openvpn *.conf:

# up /etc/openvpn/update-resolv-conf

# down /etc/openvpn/update-resolv-conf

#

# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk> 

# and Chris Hanson

# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 

#

# 05/2006 chlauber@bnc.ch

# 

# Example envs set from openvpn:

# foreign_option_1='dhcp-option DNS 193.43.27.132'

# foreign_option_2='dhcp-option DNS 193.43.27.133'

# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'



[ -x /sbin/resolvconf ] || exit 0



case $script_type in



up)

        for optionname in ${!foreign_option_*} ; do

                option="${!optionname}"

                echo $option

                part1=$(echo "$option" | cut -d " " -f 1)

                if [ "$part1" == "dhcp-option" ] ; then

                        part2=$(echo "$option" | cut -d " " -f 2)

                        part3=$(echo "$option" | cut -d " " -f 3)

                        if [ "$part2" == "DNS" ] ; then

                                IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"

                        fi

                        if [ "$part2" == "DOMAIN" ] ; then

                                IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"

                        fi

                fi

        done

        R=""

        for SS in $IF_DNS_SEARCH ; do

                R="${R}search $SS

"

        done

        for NS in $IF_DNS_NAMESERVERS ; do

                R="${R}nameserver $NS

"

        done

        echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"

        ;;

down)

        /sbin/resolvconf -d "${dev}.inet"

        ;;

esac

Re: VPN over cellular

and here is a config file germany.openvpn

Code:

client

dev tun

proto udp

remote germany.privateinternetaccess.com 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

tls-client

remote-cert-tls server

auth-user-pass pass.txt

comp-lzo

verb 1

reneg-sec 0

crl-verify crl.pem

Re: VPN over cellular

Quote:

Originally Posted by fw190 (Post 1512302)

Without changing anything openvpn applet gives me:

After adding mssfix 14000 to config file still no luck.

Please pay attention at the number: 1400 NOT 14000
This is required for any openvpn connection on the N900.

Re: VPN over cellular

Yes I did put the corect number into germany.openvpn - in my previous post I just made a typo.