The last month of my life I have spent countless hours trying to get this to work... no matter what I did I simply could not connect to my OpenVPN server unless I was on wifi, and even then I would often have problems. Now, I am trying not to get too excited just yet, because I had this working a few days ago and then all of the sudden it stopped working. I reflashed a backup I had made after I got it working the first time around, and it worked again for a minute or so, then stopped. I was so frustrated that I honestly missed out on a lot of life over the last few days, because I have been so preoccupied with researching ways to get this to work.
To be even more honest, I am not even sure exactly why it is working now, because I have tweaked so many settings to get it to work. However, with that said, the latest settings I have tweaked are:
- I installed the OpenVPN binary directly to my phone's /system partition. This is apparently an updated version of the binary, that knows how to handle certain error messages that the OpenVPN for Android app does not know what to do with. It also requires a rooted phone, of course, because we need to write to the read-only /system partition. Even then, I had to use a customized build because since updating to 4.4.4 (custom Arearom10), when the system is mounted as read-write (through ADB or the terminal emulator), the binary would still not install because the write access is limited to the user who requested it. Since each application on an Android system is running as it's own user, in it's own sandbox, the OpenVPN binary-installer available on the Play Store does not work.
- I was using UDP port 443 for my VPN, and have been for quite a while. This is because it (used to be anyway...) that this port was always open, no matter what network I was connected to. Things have changed, and now, for whatever reason, I could not even get a TCP connection to authenticate over port 443! (wtf?)
- So I changed the port of my server to a random port with no official usage, and then it connected via a TCP connection! Yay... sort of. TCP is slow. So then I switched the server back to UDP, and... it still worked!
- I also had to specify a TCP MTU payload of 1500 in the config file (which is generally the default anyway, so I don't know why that needed to be specified, but it does!)
- Hmm... what else... I have tried so many different configurations that I cannot even remember them all. But the settings I just outlined above are currently working on AT&T's 3G mobile network, so if you are struggling to get this to work this is what I would suggest:
1) Change the port number to something random. If it does not work, try another port. You should find one that works eventually, given that you...
2) Also specify to "override" the MTU payload to 1500 in your client.conf file.
3) Install the OpenVPN binary to /system/xbin/openvpn (You can try the official installer from the Play Store, if that does not work use the APK file referenced above.
4) Also install the "OpenVPN Settings" app from the Play Store... not sure why this is needed, but it is working and I am so sick of fucking around with everything, that I will deal with having dual 'vpn connected' notifications for the time being...
That should be all. Let me know if this works for you, I hope this helps someone. I will also post a much more detailed guild once I figure out exactly what solved the issue. By the way, it works fine without any of these insane tweaks over Verizon's network... (again... wtf?)
Long live hackers. The world would suck without them. Thank you to the dude who wrote that tweaked binary installer! You saved my Christmas.
Update: Oh yeah... I almost forgot to remind you, in case you have not been paying attention or simply don't know... Easy-Rsa was updated a while ago, and if you are not using version 3 yet, than you really ought to upgrade it, and also please remember to use a separate machine as your Certificate Authority, as opposed to generating and signing all of your server & client keys on the same server (or worse, VPS...). This is very important (if you care about security), because whoever owns your VPS server can likely obtain a root shell any time that they want to, thus giving them access to all of your keys, which breaks the encryption of the entire network!
Sunday, December 21, 2014
Friday, December 12, 2014
AreaRom10 is THE Ultimate ROM for the Moto E, PERIOD!
Yesterday I had to travel to Boston, and I woke up late. I had a
train to catch at 3:05, although I thought it left at 2:49 for some
reason, and I woke up at 2:30. I grabbed my briefcase and proceeded to
sprint to the train station, as the phrase "catching a train" took on
new meaning to me. I was in such a rush that I did not realize I left
all my USB cables at home. That sucks, because with the rooted stock
ROM, I have had problems with wifi tethering, and I needed a secure
internet connection for my computer while on the train. (I don't trust
public WiFi if I can help it!)
I spent most of the train ride trying to figure out why tethering has been such a pain to set up, and although I learned a lot about the way Android KitKat allows carriers to hijack DNS queries and makes it difficult to set up tethering, transparent proxy's, and many other things, I decided that I am totally sick of messing around with various settings and tweaking everything myself. So I decided to give installing a custom ROM another shot when I got home.
This time, I opted to go with AreaRom10 for the Moto E, from AndroidArea51. I've had good luck with these developers ROM's in the past, and it seems that every other ROM for this phone (including Cyanogenmod) that I have tried breaks mobile data functionality. That bug limits me to WiFi, which is simply unacceptable because there are many times when I need an internet connection on the road. The ROM is based on KitKat 4.4.4, yet features like App Ops still work flawlessly (see my previous posts for terminology explanations). I did not even have to mess around with the APN settings to connect to the mobile network (although I did have to adjust the MMS settings, I'll get to that later).
I am so happy that I made the decision to go back to AreaRom! After flashing Arearom10, I performed a factory reset through TWRP, as instructed by their website. I then rebooted the device. After the annoying boot-loader unlock warning disappeared (which I am replacing with something cooler right now), a pretty impressive looking boot animation appeared, resembling wispy smoke patterns in high definition (or something like that). It was immediately apparent to me that the Area51 developers spent a lot of time on this ROM, because everything from touch screen responsiveness, to the awesome theme was so much better than the stock ASOP.
I signed into my Google account, and all of my apps, contacts, and data were restored without any issues. The ROM runs smoother than the rooted stock with Xposed I was using, and most of the Motorola bloat was already removed, except for a few applications that may actually be useful at some point. Although a couple of dump apps like "Ebay" and "RocketPlayer" were included, this is not a problem, as I simply removed them via Titanium Backup. It also came pre-installed with the Xposed framwork and GravityBox, the ROM is totally deodexed, and everything just works!!! I installed XPrivacy, fine tuned the permissions, reset my encryption keys, and now I am back in business. I cannot believe how painless this ROM has been to set up, and I really wish that I had installed it weeks ago, as it would have saved me a lot of headache...
Transparent proxy functionality with Orbot is now completely working after installing a custom IPTables app, and besides the firewall rules, no further configuration was needed. Tethering works perfectly out of the box, and it seems that the ROM has even fixed the evil DNS hijacking that either Google or my carrier has implemented. The only things that I have not managed to get working yet is my LUKS partition, SSH port forwarding proxy, and I still cannot seem to connect to my OpenVPN server from my computer when tethering. I may need to create a TCP protocol VPN for this phone. I am assuming that AT&T blocks UDP streams or something, maybe in an effort to stop people from using Bittorent, because OpenVPN worked flawlessly when I was on Verizon's network. However, these are all minor issues that I will find workaround’s for in due time.
In conclusion, if you are a frustrated GSM Motorola E user, I would highly recommend that you unlock your boot-loader and install AreaRom right now. You will not be disappointed. I am actually quite shocked that AndroidArea51 does not get as much recognition as the other ROM's available on XDA (which are buggy, at least in my experience). These guys really know their sh*t, are devoted, and have literally saved my life on almost every Android device I've owned.
May the Source be with you! Thank you AndroidArea51!
I spent most of the train ride trying to figure out why tethering has been such a pain to set up, and although I learned a lot about the way Android KitKat allows carriers to hijack DNS queries and makes it difficult to set up tethering, transparent proxy's, and many other things, I decided that I am totally sick of messing around with various settings and tweaking everything myself. So I decided to give installing a custom ROM another shot when I got home.
This time, I opted to go with AreaRom10 for the Moto E, from AndroidArea51. I've had good luck with these developers ROM's in the past, and it seems that every other ROM for this phone (including Cyanogenmod) that I have tried breaks mobile data functionality. That bug limits me to WiFi, which is simply unacceptable because there are many times when I need an internet connection on the road. The ROM is based on KitKat 4.4.4, yet features like App Ops still work flawlessly (see my previous posts for terminology explanations). I did not even have to mess around with the APN settings to connect to the mobile network (although I did have to adjust the MMS settings, I'll get to that later).
I am so happy that I made the decision to go back to AreaRom! After flashing Arearom10, I performed a factory reset through TWRP, as instructed by their website. I then rebooted the device. After the annoying boot-loader unlock warning disappeared (which I am replacing with something cooler right now), a pretty impressive looking boot animation appeared, resembling wispy smoke patterns in high definition (or something like that). It was immediately apparent to me that the Area51 developers spent a lot of time on this ROM, because everything from touch screen responsiveness, to the awesome theme was so much better than the stock ASOP.
I signed into my Google account, and all of my apps, contacts, and data were restored without any issues. The ROM runs smoother than the rooted stock with Xposed I was using, and most of the Motorola bloat was already removed, except for a few applications that may actually be useful at some point. Although a couple of dump apps like "Ebay" and "RocketPlayer" were included, this is not a problem, as I simply removed them via Titanium Backup. It also came pre-installed with the Xposed framwork and GravityBox, the ROM is totally deodexed, and everything just works!!! I installed XPrivacy, fine tuned the permissions, reset my encryption keys, and now I am back in business. I cannot believe how painless this ROM has been to set up, and I really wish that I had installed it weeks ago, as it would have saved me a lot of headache...
Transparent proxy functionality with Orbot is now completely working after installing a custom IPTables app, and besides the firewall rules, no further configuration was needed. Tethering works perfectly out of the box, and it seems that the ROM has even fixed the evil DNS hijacking that either Google or my carrier has implemented. The only things that I have not managed to get working yet is my LUKS partition, SSH port forwarding proxy, and I still cannot seem to connect to my OpenVPN server from my computer when tethering. I may need to create a TCP protocol VPN for this phone. I am assuming that AT&T blocks UDP streams or something, maybe in an effort to stop people from using Bittorent, because OpenVPN worked flawlessly when I was on Verizon's network. However, these are all minor issues that I will find workaround’s for in due time.
In conclusion, if you are a frustrated GSM Motorola E user, I would highly recommend that you unlock your boot-loader and install AreaRom right now. You will not be disappointed. I am actually quite shocked that AndroidArea51 does not get as much recognition as the other ROM's available on XDA (which are buggy, at least in my experience). These guys really know their sh*t, are devoted, and have literally saved my life on almost every Android device I've owned.
May the Source be with you! Thank you AndroidArea51!
Subscribe to:
Posts (Atom)