Connection failure

[GoogleCodeExporter]

What steps will reproduce the problem?

1. I imported my vpn setting using the File Exporter utility
2. I cheched if everything was correctly imported, especially the path to the 
certificates
3. I setup my access password (I have no username so I leave it blank)
4. I tried to connect to the VPN server

What is the expected output? What do you see instead?

I do not know what is the expected output. I presume I should be connected to 
the VPN.

I see instead the message 'Waiting for state message' and nothing else happens. 
No connection is achieved.

What version of the product are you using? On what operating system?

I am using OpenVPN for Android version 0.5.6, Android 4.0.3 with kernel 3.0.15 
on a Samsung Galaxy S2 GT-I9100

Please provide any additional information below.

1) Pull Settings is on. Here is the generated config:

# Enables conection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-hold

# /tmp does not exist on Android
tmp-dir /data/data/de./blinkt.openvpn/cache

# Log windows is better readable this way
suppress-timestamps
client
verb 4
connect-retry-max 5
resol-retry 5
dev tun
remote 200.20.150.210 1194 udp
auth-user-pass
management-query-passwords
ca "/sdcard/openvpn/cert.crt"
key "/sdcard/openvpn/mycert.key"
cert "/sdcard/openvpn/mycert.crt"
comp-lzo
cipher BF-CBC

# Custom configuration options
# You are on your own here :)
# These options were found in the config file do not map to config settings:
persist-key
persist-tun

2) And here is my original config (which I use to connect with OpenVPN in 
Windows 7):

client
pull
dev tun
proto udp
remote 200.20.150.210 1194
ca "cert.crt"
key "mycert.key"
cert "mycert.crt"
persist-key
persist-tun
cipher BF-CBC
comp-lzo
verb 4

3) And here is the log after trying to connect with OpenVPN for Android:

Building configration...
P:Current Parameter Settings:
P:  config = '/data/data/de.blinkt.openvpn/cache/android.conf'
P:  mode = 0
P:  show_ciphers = DISABLED
P:  show_digests = DISABLED
P:  show_engines = DISABLED
P:  genkey = DISABLED
P:  key_pass_file = '[UNDEF]'
P:  show_tls_ciphers = DISABLED
P:Connection profiles [default]:
P:  proto = udp
P:  local = '[UNDEF]'
P:  local_port = 1194
P:  remote = '200.20.150.210'
P:  remote_port = 1194
P:  remote_float = DISABLED
P:  bind_defined = DISABLED
P:  bind_local = ENABLED
P:  connect_retry_seconds = 5
P:  connect_timeout = 10
P:  connect_retry_max = 5
P:  socks_proxy_server = '[UNDEF]'
P:  socks_proxy_port = 0
P:  socks_proxy_retry = DISABLED
P:  tun_mtu = 1500
P:  tun_mtu_defined = ENABLED
P:  link_mtu = 1500
P:  link_mtu_defined = DISABLED
P:  tun_mtu_extra = 0
P:  tun_mtu_extra_defined = DISABLED
P:  mtu_discover_type = -1
P:  fragment = 0
P:  mssfix = 1450
P:  explicit_exit_notification = 0
P:Connection profiles END
P:  remote_random = DISABLED
P:  ipchange = '[UNDEF]'
P:  dev = 'tun'
P:  dev_type = '[UNDEF]'
P:  dev_node = '[UNDEF]'
P:  lladdr = '[UNDEF]'
P:  topology = 1
P:  tun_ipv6 = DISABLED
P:  ifconfig_local = '[UNDEF]'
P:  ifconfig_remote_netmask = '[UNDEF]'
P:  ifconfig_noexec = DISABLED
P:  ifconfig_nowarn = DISABLED
P:  ifconfig_ipv6_local = '[UNDEF]'
P:  ifconfig_ipv6_netbits = 0
P:  ifconfig_ipv6_remote = '[UNDEF]'
P:  shaper = 0
P:  mtu_test = 0
P:  mlock = DISABLED
P:  keepalive_ping = 0
P:  keepalive_timeout = 0
P:  inactivity_timeout = 0
P:  ping_send_timeout = 0
P:  ping_rec_timeout = 0
P:  ping_rec_timeout_action = 0
P:  ping_timer_remote = DISABLED
P:  remap_sigusr1 = 0
P:  persist_tun = ENABLED
P:  persist_local_ip = DISABLED
P:  persist_remote_ip = DISABLED
P:  persist_key = ENABLED
P:  resolve_retry_seconds = 5
P:  username = '[UNDEF]'
P:  groupname = '[UNDEF]'
P:  chroot_dir = '[UNDEF]'
P:  cd_dir = '[UNDEF]'
P:  writepid = '[UNDEF]'
P:  up_script = '[UNDEF]'
P:  down_script = '[UNDEF]'
P:  down_pre = DISABLED
P:  up_restart = DISABLED
P:  up_delay = DISABLED
P:  daemon = DISABLED
P:  inetd = 0
P:  log = DISABLED
P:  suppress_timestamps = ENABLED
P:  nice = 0
P:  verbosity = 4
P:  mute = 0
P:  gremlin = 0
P:  status_file = '[UNDEF]'
P:  status_file_version = 1
P:  status_file_update_freq = 60
P:  occ = ENABLED
P:  rcvbuf = 65536
P:  sndbuf = 65536
P:  sockflags = 0
P:  fast_io = DISABLED
P:  lzo = 7
P:  route_script = '[UNDEF]'
P:  route_default_gateway = '[UNDEF]'
P:  route_default_metric = 0
P:  route_noexec = DISABLED
P:  route_delay = 0
P:  route_delay_window = 30
P:  route_delay_defined = DISABLED
P:  route_nopull = DISABLED
P:  route_gateway_via_dhcp = DISABLED
P:  max_routes = 100
P:  allow_pull_fqdn = DISABLED
P:  management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
P:  management_port = 0
P:  management_user_pass = '[UNDEF]'
P:  management_log_history_cache = 250
P:  management_echo_buffer_size = 100
P:  management_write_peer_info_file = '[UNDEF]'
P:  management_client_user = '[UNDEF]'
P:  management_client_group = '[UNDEF]'
P:  management_flags = 262
P:  shared_secret_file = '[UNDEF]'
P:  key_direction = 0
P:  ciphername_defined = ENABLED
P:  ciphername = 'BF-CBC'
P:  authname_defined = ENABLED
P:  authname = 'SHA1'
P:  prng_hash = 'SHA1'
P:  prng_nonce_secret_len = 16
P:  keysize = 0
P:  engine = DISABLED
P:  replay = ENABLED
P:  mute_replay_warnings = DISABLED
P:  replay_window = 64
P:  replay_time = 15
P:  packet_id_file = '[UNDEF]'
P:  use_iv = ENABLED
P:  test_crypto = DISABLED
P:  tls_server = DISABLED
P:  tls_client = ENABLED
P:  key_method = 2
P:  ca_file = '/sdcard/openvpn/oncert.crt'
P:  ca_path = '[UNDEF]'
P:  dh_file = '[UNDEF]'
P:  cert_file = '/sdcard/openvpn/mycert.crt'
P:  priv_key_file = '/sdcard/openvpn/mycert.key'
P:  pkcs12_file = '[UNDEF]'
P:  cipher_list = '[UNDEF]'
P:  tls_verify = '[UNDEF]'
P:  tls_export_cert = '[UNDEF]'
P:  tls_remote = '[UNDEF]'
P:  crl_file = '[UNDEF]'
P:  ns_cert_type = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_eku = '[UNDEF]'
P:  ssl_flags = 0
P:  tls_timeout = 2
P:  renegotiate_bytes = 0
P:  renegotiate_packets = 0
P:  renegotiate_seconds = 3600
P:  handshake_window = 60
P:  transition_window = 3600
P:  single_session = DISABLED
P:  push_peer_info = DISABLED
P:  tls_exit = DISABLED
P:  tls_auth_file = '[UNDEF]'
P:  client = ENABLED
P:  pull = ENABLED
P:  auth_user_pass_file = 'stdin'
P:OpenVPN 2.3_alpha1 arm-linux-androideabi [SSL (OpenSSL)] [LZO] [EPOLL] [MH] 
[PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on May 21 2012
P:MANAGEMENT: unix domain socket listening on 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
P:Need hold release from management interface, waiting...
P:MANAGEMENT: Client connected from 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:MANAGEMENT: CMD 'username 'Auth' ""'
P:MANAGEMENT: CMD 'password [...]'

Original issue reported on code.google.com by fvr...@gmail.com on 23 May 2012 at 9:16

• Merged into: No console input with certificate authentication #23

[GoogleCodeExporter]

Your original configuration has no user/password authentication. The importer 
should have not set the authentication method to any user password method. The 
openvpn import should also have imported the certifactes as inline files or the 
did the importer display errors?  (You should be able to make a screenshot with 
ICS by pressing voldown + power simultaneous).

Original comment by arne@rfc2549.org on 23 May 2012 at 10:12

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

That is right. The importer did not set an authentication method, I did it 
manually. I also set manually the path to the certificates (screenshot 
attached). The importer did not report any errors. The certificates were the 
same that I previously used with another OpenVPN application in Gingerbread 
(which worked fine). Please, note there is a typo in the name of one of the 
certificates (it is 'oncert.crt' and not 'cert.crt' as I wrote).

Original comment by fvr...@gmail.com on 23 May 2012 at 10:47

• Added labels: ****
• Removed labels: ****

Attachments:

• Screenshot_2012-05-23-19-36-34.png

[GoogleCodeExporter]

Here's another screenshot

Original comment by fvr...@gmail.com on 23 May 2012 at 10:53

• Added labels: ****
• Removed labels: ****

Attachments:

• Screenshot_2012-05-23-19-52-09.png

[GoogleCodeExporter]

Can you please select only certificates and see what the log is? I am guessing 
that you have an encrypted keyfile.

Original comment by arne@rfc2549.org on 24 May 2012 at 7:56

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Ok, I did it. Here are the new config file and the final part of the connection 
log. Note that when using OpenVPN in Windows 7 or Linux I have to introduce a 
password to connect.

Original comment by fvr...@gmail.com on 24 May 2012 at 4:39

• Added labels: ****
• Removed labels: ****

Attachments:

• Screenshot_2012-05-24-08-35-48.png
• Screenshot_2012-05-24-08-34-46.png

[GoogleCodeExporter]

Yeah. This is what I expected. You input a password to connect but the password 
is not a user/password password but a passphrase to decrypt the private key 
file.

Original comment by arne@rfc2549.org on 24 May 2012 at 4:46

• Changed state: Duplicate
• Added labels: ****
• Removed labels: ****