UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login
    1. Home
    2. Vlad Nirky
    3. Posts
    Offline
    • Profile
    • Following 0
    • Followers 1
    • Topics 6
    • Posts 237
    • Groups 0

    Posts

    Recent Best Controversial
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @Luksus
      voLTE is always enabled for me (Xiaomi Redi Note 9 Pro 24.04 Stable (at the moment))
      No effect on VPN connections

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @jagdtigger
      I imagine it also depends on the VPN server and its configuration...
      This works for me.

      phablet@ubuntu-phablet:~$ cat /home/phablet/Documents/KeePass/phde.nmconnection 
      client
      remote '<my_server>.ddns.net' 1194
      cert '/home/phablet/.cert/nm-openvpn/phde-cert.pem'
      key '/home/phablet/.cert/nm-openvpn/phde-key.pem'
      ca '/home/phablet/.cert/nm-openvpn/phde-ca.pem'
      cipher AES-256-GCM
      auth SHA256
      ncp-disable
      dev tun
      proto udp
      remote-cert-tls server
      verify-x509-name rpi3_9b0ae2d9-f297-4706-ab24-8b9d63b3a51f name
      tls-crypt '/home/phablet/.cert/nm-openvpn/phde-tls-crypt.pem'
      tls-version-min '1.2'
      nobind
      auth-nocache
      script-security 2
      persist-key
      persist-tun
      user nm-openvpn
      group nm-openvpn
      route 192.168.128.0 255.255.254.0
      
      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @gpatel-fr @OtaDr @gpatel-fr

      Thanks for your help !

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @gpatel-fr
      Solved.
      Add this in nmconnection file before import.
      cipher AES-256-CBC
      cipher AES-256-GCM
      auth SHA256
      ncp-disable

      Critical lines in your Ubuntu Touch log
      WARNING: ‘auth’ is used inconsistently, local=‘auth SHA256’, remote=‘auth SHA1’
      phde/188.5.220.190:1210 Authenticate/Decrypt packet error: packet HMAC authentication failed
      The server uses SHA256 authentication
      The Ubuntu Touch client uses SHA1 authentication
      Result: the HMACs of the data packets do not match → rejection.

      Why does Fedora work?

      Fedora (OpenVPN 2.6.15 with AEAD/DCO) does not need separate “auth” because AES-256-GCM mode already includes authentication in the encryption.
      Ubuntu Touch, on the other hand, still forces an older mode (AES-256-CBC + SHA1 authentication).

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @OtaDr @gpatel-fr
      Openvpn is a cherry pick on my pihole rpi server...
      The first goal was to anonymize the DNS so i have installed pihole and unbound.
      The vpn is for rare take over from outdoor UT developpers to debug issue on my hardware.

      I thing there is some issue in the packet decryption.
      This issue don't seem to happen when i launch openvpn manually on the phone (to be confirmed) so i have something to look out there.

      The openvpn are not in the same version on the different parts

      [jll @ rpi3 - 07:44:11 ]  ~ 
      > openvpn --version
      OpenVPN 2.5.1 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Aug 25 2025
      library versions: OpenSSL 1.1.1w  11 Sep 2023, LZO 2.10
      Originally developed by James Yonan
      Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
      Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
      
      [jll @ fedora - 07:42:40 ]  ~ 
      > openvpn --version
      OpenVPN 2.6.15 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
      library versions: OpenSSL 3.2.6 30 Sep 2025, LZO 2.10
      DCO version: N/A
      Originally developed by James Yonan
      Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
      Compile time defines: enable_async_push=yes enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_dco=yes enable_dco_arg=yes enable_debug=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_pam_dlopen=no enable_pedantic=no enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=yes enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_wolfssl_options_h=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto with_sysroot=no
      
      phablet@ubuntu-phablet:~$ openvpn --version
      OpenVPN 2.6.14 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
      library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10
      DCO version: N/A
      Originally developed by James Yonan
      Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
      Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_dco=yes enable_dco_arg=yes enable_debug=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_unit_tests=no enable_werror=no enable_win32_dll=yes enable_wolfssl_options_h=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto with_sysroot=no
      
      
      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @gpatel-fr
      I think a have something interresting in the openvpn server log (as you expected)

      
      After phone connexion to VPN
      root@rpi3:/var/log# 
      cat openvpn.log 
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 TLS: Initial packet from [AF_INET]188.5.220.190:1210, sid=e5f0bc02 623c1eb2
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 VERIFY OK: depth=1, CN=Easy-RSA CA
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 VERIFY KU OK
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 Validating certificate extended key usage
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 VERIFY EKU OK
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 VERIFY OK: depth=0, CN=phde
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 peer info: IV_VER=2.6.14
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 peer info: IV_PLAT=linux
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 peer info: IV_TCPNL=1
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 peer info: IV_MTU=1600
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 peer info: IV_CIPHERS=AES-256-CBC
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 peer info: IV_PROTO=990
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 peer info: IV_LZO_STUB=1
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 peer info: IV_COMP_STUB=1
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 peer info: IV_COMP_STUBv2=1
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1557'
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: 188.5.220.190:1210 [phde] Peer Connection Initiated with [AF_INET]188.5.220.190:1210
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: MULTI: new connection by client 'phde' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: MULTI_sva: pool returned IPv4=10.238.198.2, IPv6=(Not enabled)
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/phde
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: MULTI: Learn: 10.238.198.3 -> phde/188.5.220.190:1210
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: MULTI: primary virtual IP for phde/188.5.220.190:1210: 10.238.198.3
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: SENT CONTROL [phde]: 'PUSH_REPLY,dhcp-option DNS 10.238.198.1,block-outside-dns,redirect-gateway def1,route-gateway 10.238.198.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.238.198.3 255.255.255.0,peer-id 0,cipher AES-256-CBC' (status=1)
      Oct 26 07:14:56 rpi3 ovpn-server[11385]: phde/188.5.220.190:1210 Authenticate/Decrypt packet error: packet HMAC authentication failed
      Oct 26 07:15:00 rpi3 ovpn-server[11385]: phde/188.5.220.190:1210 Authenticate/Decrypt packet error: packet HMAC authentication failed
      Oct 26 07:15:07 rpi3 ovpn-server[11385]: phde/188.5.220.190:1210 Authenticate/Decrypt packet error: packet HMAC authentication failed
      Oct 26 07:15:21 rpi3 ovpn-server[11385]: phde/188.5.220.190:1210 Authenticate/Decrypt packet error: packet HMAC authentication failed
      
      After PC connexion to VPN
      ///Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 TLS: Initial packet from [AF_INET]188.5.220.190:1898, sid=0bfa998b 8f16b815
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 VERIFY OK: depth=1, CN=Easy-RSA CA
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 VERIFY KU OK
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 Validating certificate extended key usage
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 VERIFY EKU OK
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 VERIFY OK: depth=0, CN=phde
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 peer info: IV_VER=2.6.15
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 peer info: IV_PLAT=linux
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 peer info: IV_TCPNL=1
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 peer info: IV_MTU=1600
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 peer info: IV_NCP=2
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 peer info: IV_PROTO=990
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 peer info: IV_LZO_STUB=1
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 peer info: IV_COMP_STUB=1
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 peer info: IV_COMP_STUBv2=1
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
      Oct 26 07:25:28 rpi3 ovpn-server[678]: 188.5.220.190:1898 [phde] Peer Connection Initiated with [AF_INET]188.5.220.190:1898
      Oct 26 07:25:28 rpi3 ovpn-server[678]: phde/188.5.220.190:1898 MULTI_sva: pool returned IPv4=10.238.198.2, IPv6=(Not enabled)
      Oct 26 07:25:28 rpi3 ovpn-server[678]: phde/188.5.220.190:1898 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/phde
      Oct 26 07:25:28 rpi3 ovpn-server[678]: phde/188.5.220.190:1898 MULTI: Learn: 10.238.198.3 -> phde/188.5.220.190:1898
      Oct 26 07:25:28 rpi3 ovpn-server[678]: phde/188.5.220.190:1898 MULTI: primary virtual IP for phde/188.5.220.190:1898: 10.238.198.3
      Oct 26 07:25:28 rpi3 ovpn-server[678]: phde/188.5.220.190:1898 Data Channel: using negotiated cipher 'AES-256-GCM'
      Oct 26 07:25:28 rpi3 ovpn-server[678]: phde/188.5.220.190:1898 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
      Oct 26 07:25:28 rpi3 ovpn-server[678]: phde/188.5.220.190:1898 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
      Oct 26 07:25:28 rpi3 ovpn-server[678]: phde/188.5.220.190:1898 SENT CONTROL [phde]: 'PUSH_REPLY,dhcp-option DNS 10.238.198.1,block-outside-dns,redirect-gateway def1,route-gateway 10.238.198.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.238.198.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
      Oct 26 07:25:29 rpi3 ovpn-server[678]: phde/188.5.220.190:1898 PUSH: Received control message: 'PUSH_REQUEST'
      
      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @gpatel-fr
      On the PC
      Connected through my wife phone

      [jll @ fedora - 06:42:15 ]  ~ 
      > ip a
      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
          link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
          inet 127.0.0.1/8 scope host lo
             valid_lft forever preferred_lft forever
          inet6 ::1/128 scope host noprefixroute 
             valid_lft forever preferred_lft forever
      2: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
          link/ether fe:aa:b6:35:ee:2d brd ff:ff:ff:ff:ff:ff permaddr 94:e6:f8:ed:7d:c6
          altname wlp0s20f3
          altname wlx94e6f7ed7dc6
          inet 192.168.43.91/24 brd 192.168.43.255 scope global dynamic noprefixroute wlo1
             valid_lft 3583sec preferred_lft 3583sec
          inet6 2a02:a020:3ca:ad84:2f98:edb3:fe4a:5d89/64 scope global dynamic noprefixroute 
             valid_lft 3583sec preferred_lft 3583sec
          inet6 fe80::fa56:6baf:9454:41db/64 scope link noprefixroute 
             valid_lft forever preferred_lft forever
      3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
          link/ether 7a:36:73:60:85:f6 brd ff:ff:ff:ff:ff:ff
          inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
             valid_lft forever preferred_lft forever
      6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
          link/none 
          inet 10.238.198.3/24 brd 10.238.198.255 scope global noprefixroute tun0
             valid_lft forever preferred_lft forever
          inet6 fe80::1ba:8201:6599:7bb8/64 scope link stable-privacy proto kernel_ll 
             valid_lft forever preferred_lft forever
      [jll @ fedora - 06:42:20 ]  ~ 
      > route -v
      Table de routage IP du noyau
      Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
      default         _gateway        0.0.0.0         UG    50     0        0 tun0
      default         _gateway        0.0.0.0         UG    600    0        0 wlo1
      10.238.198.0    0.0.0.0         255.255.255.0   U     50     0        0 tun0
      171.167-240-81. _gateway        255.255.255.255 UGH   50     0        0 wlo1
      172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
      192.168.43.0    0.0.0.0         255.255.255.0   U     600    0        0 wlo1
      _gateway        0.0.0.0         255.255.255.255 UH    50     0        0 wlo1
      [jll @ fedora - 06:49:12 ]  ~ 
      > ping 10.238.198.1
      PING 10.238.198.1 (10.238.198.1) 56(84) octets de données.
      64 octets de 10.238.198.1 : icmp_seq=1 ttl=64 temps=37.5 ms
      64 octets de 10.238.198.1 : icmp_seq=2 ttl=64 temps=48.1 ms
      ^C
      --- statistiques ping 10.238.198.1 ---
      2 paquets transmis, 2 reçus, 0% packet loss, time 1002ms
      rtt min/avg/max/mdev = 37.533/42.797/48.062/5.264 ms
      [jll @ fedora - 06:49:24 ]  ~ 
      > ping 10.238.198.2
      PING 10.238.198.2 (10.238.198.2) 56(84) octets de données.
      De 10.238.198.1 icmp_seq=2 Rediriger l'hôte(Nouveau sautsuivant : 10.238.198.2)
      De 10.238.198.1 icmp_seq=3 Rediriger l'hôte(Nouveau sautsuivant : 10.238.198.2)
      De 10.238.198.1 icmp_seq=4 Rediriger l'hôte(Nouveau sautsuivant : 10.238.198.2)
      ^C
      --- statistiques ping 10.238.198.2 ---
      4 paquets transmis, 0 reçus, +3 erreurs, 100% packet loss, time 3031ms
      
      [jll @ fedora - 06:44:05 ]  ~ 
      > ping 192.168.129.64
      PING 192.168.129.64 (192.168.129.64) 56(84) octets de données.
      64 octets de 192.168.129.64 : icmp_seq=1 ttl=254 temps=51.0 ms
      64 octets de 192.168.129.64 : icmp_seq=2 ttl=254 temps=49.7 ms
      64 octets de 192.168.129.64 : icmp_seq=3 ttl=254 temps=51.5 ms
      ^C
      --- statistiques ping 192.168.129.64 ---
      3 paquets transmis, 3 reçus, 0% packet loss, time 2003ms
      rtt min/avg/max/mdev = 49.699/50.727/51.526/0.763 ms
      
      
      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @gpatel-fr
      My first openvpn...
      It is usable (Ratchanan has connected my phone to debug some issues) and i use it to connect to my proxmox infra.

      [jll @ rpi3 - 06:33:20 ]  ~ 
      > cat /etc/openvpn/server.conf
      dev tun
      proto udp
      port 1194
      ca /etc/openvpn/easy-rsa/pki/ca.crt
      cert /etc/openvpn/easy-rsa/pki/issued/rpi3_9b0ae2d9-f297-4706-ab24-8a9d63b3b51f.crt
      key /etc/openvpn/easy-rsa/pki/private/rpi3_9b0ae2d9-f297-4706-ab24-8a9d63b3b51f.key
      dh none
      ecdh-curve prime256v1
      topology subnet
      server 10.238.198.0 255.255.255.0
      # Set your primary domain name server address for clients
      push "dhcp-option DNS 10.238.198.1"
      push "block-outside-dns"
      # Override the Client default gateway by using 0.0.0.0/1 and
      # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
      # overriding but not wiping out the original default gateway.
      push "redirect-gateway def1"
      client-to-client
      client-config-dir /etc/openvpn/ccd
      keepalive 15 120
      remote-cert-tls client
      tls-version-min 1.2
       tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
      cipher AES-256-CBC
      auth SHA256
      user openvpn
      group openvpn
      persist-key
      persist-tun
      crl-verify /etc/openvpn/crl.pem
      status /var/log/openvpn-status.log 20
      status-version 3
      syslog
      verb 3
      #DuplicateCNs allow access control on a less-granular, per user basis.
      #Remove # if you will manage access by user instead of device. 
      #duplicate-cn
      # Generated for use by PiVPN.io
      
      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @gpatel-fr
      I guess TLS key has to be feed at the begining of the connection (as it does in openvpn connection)

      With the NetworkManager

      phablet@ubuntu-phablet:~$ route -v
      Kernel IP routing table
      Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
      default         10.238.198.1    0.0.0.0         UG    50     0        0 tun0
      default         192.168.43.1    0.0.0.0         UG    600    0        0 wlan0
      10.238.198.0    0.0.0.0         255.255.255.0   U     50     0        0 tun0
      171.167-240-81. 192.168.43.1    255.255.255.255 UGH   50     0        0 wlan0
      147.69.137.0    0.0.0.0         255.255.255.192 U     0      0        0 rmnet_data0
      192.168.43.0    0.0.0.0         255.255.255.0   U     600    0        0 wlan0
      192.168.43.1    0.0.0.0         255.255.255.255 UH    50     0        0 wlan0
      192.168.128.0   0.0.0.0         255.255.254.0   U     50     0        0 tun0
      

      But i was not able to ping 192.168.129.161 (my PC)

      No NAT/MASQUERADE on the openvpn server?

      No idea, i have tried to had
      push "route 192.168.128.0 255.255.254.0"
      push "dhcp-option DNS 192.168.128.1"
      in server config but without result.(/etc/openvpn/server.conf)

      sudo systemctl status NetworkManager
      and
      sudo systemctl status openvpn
      gave me some clues (such as the TLS issue)

      I haven't had time yet to look at the various logs

      VPN on my PC works fine with the actual openvpn server but not the phone...

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @jagdtigger
      Here's what I've done so far.
      I imported the .ovpn file generated by my OpenVPN server into an Ubuntu 24.04 PC.
      I tested that the VPN was working properly on the PC.
      I exported this configuration using
      nmcli connection export "<vpn name="">" > myvpn.nmconnection
      I corrected the paths so that they point to /home/phablet/...
      I copied this file to my phone, then imported the connection
      nmcli connection import type openvpn file myvpn.ovpn
      I opened this configuration in the UT VPN settings to add the TLS key password
      I connected to my wife's phone's Wi-Fi and activated the VPN, which turned on.
      My IP was 10.238.198.3
      No way to ping a machine on my network even though the VPN is up (tun0 is in the result of ip a)
      I copied the ovpn file on the smartphone then I then tried to simplify (no longer going through NetworkManager) and used
      sudo openvpn --config /home/phablet/<vpn name>.ovpn --verb 4
      ip a gives tun0 present
      but no way to ping a machine on my network .
      I have added the route
      sudo ip route add 192.168.128.0/23 dev tun0.
      After that i have been able to ping my network from the phone.

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: How can I browse files from a computer?

      @mihael
      For my part (old school), I use Midnight Commander with one of the two panels in SSH on the PC.

      posted in General
      Vlad NirkyV
      Vlad Nirky
    • RE: How can I browse files from a computer?

      @mihael
      You can use ssh from the phone to the PC.

      posted in General
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @gpatel-en
      Thank you for these explanations. Interesting...
      I will look into it further.
      I will keep you informed.

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @gpatel-fr
      I must have expressed myself poorly.
      The tunnel created tun0 has an address of 10.238.198.3.
      By adding the route, I can access my 192.168.128.0/23 network.
      On my PC, NetworkManager does the job: it opens the connection, receives an IP for the VPN, and adds the route (this is configured by my user's .ovpn, which I imported).
      Under UT, there is no .ovpn import. Configuration via the NetworkManager interface does not work (or I cannot get it to work). I exported the NetworkManager configuration from my PC with nmcli connection export and re-imported it into UT via nmcli connection import.
      Roughly speaking, it should contain what is in the .ovpn file.
      I added the TLS key password.
      The connection is established, I have a tun0 created with an IP address of 10.238.198.x, but pinging my 192.168.128.x network does not work even if I add the route so that my access to 192.168.128.0/23 is via tun0.
      However, if I do the same thing by launching the VPN via OpenVPN using the .ovpn and adding the same route as before, the tun0 tunnel is created and I can ping the machines on my network.

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @gpatel-fr
      Tesing is uneasy because i can't connect via ssh on the phone and have to d all through terminal on the phone... 😢

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      @gpatel-fr
      Yes and the serveur config is working with my pc Fedora 42 and NetworkManager.
      The VPN serveur is not my routeur but a rpi 3 running openvpn.
      I have tried sudo openvpn --config /home/phablet/jll.ovpn --verb 4
      The vpn is up and tun0 created.
      but i can't ping my local network.
      I have had ping success when i added sudo ip route add 192.168.128.0/23 dev tun0
      It's look like (i'm not a network expert) the NM don't add the route for some reason on the phone (confinment or bug) and the NM on my PC does it.

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      It's progressing, I can connect via network manager now but I don't have an IP address in my local network...

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      Well, changing the file doesn't help.
      I'm now trying on the PC configured nmcli connection export jll > jll.nmconnection
      and on the phone sudo nmcli connection import type openvpn file jll.nmconnection
      So far, it's not working... 🤣

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: OpenVPN setup does not offer what i need for my vpn server....

      I must continue searching because, after restarting, the modified VPN configuration in /etc/netplan is no longer available.

      posted in Support
      Vlad NirkyV
      Vlad Nirky
    • RE: App security (new KeepassRX app)

      @RandomUser
      Yes, of course.
      That's already what I do with KeepassXC on my PC.
      My choice is to do it locally and not on the Bitwarden or Dashlane web servers.
      Most of them have MFA.
      I understand your concern about having a clear view of what the application can use.
      And Maciek's idea of blocking installation until we accept a change in the permissions granted seems excellent to me.

      posted in App Development
      Vlad NirkyV
      Vlad Nirky