Connection error 101

[Exaxxion]

I have been having nothing but trouble with this application. I've been retracing my steps for the past few days and I can't figure out why this isn't working.

I downloaded the padherder_proxy application onto my computer. I configured my android phone's WiFi connection with the manual proxy, and installed the certificate from the local mitm.it page. I then removed the proxy configuration and configured the static IP/gateway and set my primary DNS to the IP listed in padherder_proxy. I ensure that PAD is completely closed.

I start up PAD, then I hit "Start" on the Title Screen. The following appears in the DNS Proxy Log tab: Request: [192.168.1.128:65129] (udp) / 'api-na-adrv2.padsv.gungho.jp.' (AAAA) Reply: [192.168.1.128:65129] (udp) / 'api-na-adrv2.padsv.gungho.jp.' (AAAA) / RRs: A Request: [192.168.1.128:59003] (udp) / 'api-na-adrv2.padsv.gungho.jp.' (A) Reply: [192.168.1.128:59003] (udp) / 'api-na-adrv2.padsv.gungho.jp.' (A) / RRs: A

I am then greeted by the following error and am unable to continue: Error A connection error has occurred. Error Code: 101 OK

[jgoldshlag]

Can you visit other web pages in your phone's browser? Do you have another DNS server listed on your phone? Does your computer have any sort of firewall or internet security product installed? If you go to a windows command prompt and type "netstat -p TCP" do you see anything with your computer's IP address followed by ":80" when you aren't running the proxy?

[Exaxxion]

I can reach other web pages in the phone browser with the proxy running and WiFi configured to use the proxy. I have neither a dedicated firewall nor any "internet security" type software. I recall adding a Windows Firewall exception for padherder_proxy on the first launch. To ensure the proxy is the only DNS, I set the proxy IP in both DNS 1 and DNS 2 (instead of just DNS 1). When I start up PAD I see the DNS request appear in padherder_proxy, and then the Error 101 appears.

I closed padherder_proxy and ran netstat -P TCP. I don't see any traffic matching that description.

[jgoldshlag]

Can you try turning off the windows firewall entirely? One issue might be that it doesn't start the port 80 proxy right away, so perhaps that is being blocked by the windows firewall.

[TheKat]

I'm having the same issues. I see successful DNS lookups in the "DNS Proxy Log" tab, but get "Error 101" in PAD.

I made sure to get a clone of the latest code and used that.

I tried turning off the Windows Firewall, but it did not help.

This did used to work on this system, but I hadn't used padherder_proxy for a few months.

[larzm42]

I am having the same issue reported here. The DNS Proxy tab contains entries but PAD has connection error.

[TheKat]

I got it to work.

I think the mistake was I initially imported the cert for "wifi".

I did it again, selecting "VPN and apps" and I think that's what made the difference.

[Exaxxion]

Sorry for the (very) delayed response. I have since factory reset my phone (as an update caused problems) and I'm trying the setup steps again.

This time, I can't get past the step to install the certificate. I select the Android option on mitm.it, and the file mitmproxy-ca-cert.pem is downloaded. The "Name the certificate" dialog appears, indicating that the file contains one CA certificate. I give the certificate a name, select "VPN and apps", then select Save. I enter the screen lock PIN I was forced to create, then get the following toast notification: The certificate is not installed.

I searched quite a bit but haven't found any reason why this would be occurring, or how to fix it.

[jgoldshlag]

I'm an iOS guy, so I can't really help you too much. What are the other possible choices for the VPN and apps choice?

[Exaxxion]

The other choice is Wifi, which TheKat mentioned didn't work for them.

[cobrabr]

I'm having similar problems on iOS. The proxy shows a bunch of "Got DNS request" messages and the occasional "Got HTTPS request, forwarding" message, but it never gets past that. I either get an 101 error or a popup with "An error has occurred" message and a "Retry" button within PAD.

I can navigate to other pages in the device with the proxy on, and netstat -p TCP doesn't show my IP address listening on port 80 even with the proxy is running.

[jgoldshlag]

The port 80 proxy doesn't start until after the DNS request, are you running netstat then?

If you run the .exe from a command prompt, do any errors get spit out?

[cobrabr]

You mean the DNS request that shows on the Proxy tab or the ones that show in the DNS Proxy Log tab? Like I said, the DNS seems to be working, since I can browse pages and whatnot while its running, but I can try running netstat while attempting to have PAD connect (or I can run TCPView from SysInternals to get a constantly-updating list of TCP endpoints), if it will help you diagnose the issue.

I don't see any errors running the .EXE from the command line, either.

The weird thing is that it worked a couple of times with a previoius version, but only on my iPad. I could never get it to work on my iPhone. Also, it seemed at the time that the wifi config mattered -- I could only get it to work if I set the configuration to DHCP. Normally, I use a static configuration on both my devices, but it would not work before setting it to automatic.

Would any screenshots and/or logs help in any way? I'd be happy to provide those as well.

[jgoldshlag]

Do you only have your PC listed as the DNS server on your phone? Do you have any need for a proxy on your network? Also, do you maybe have the option set to allow the phone to use cellular data if the wifi connection is bad? Maybe try airplane mode and then turn on wifi and see if that works?

[cobrabr]

Do you only have your PC listed as the DNS server on your phone?

Yes.

Do you have any need for a proxy on your network?

No. None of my devices have any proxy configured.

Also, do you maybe have the option set to allow the phone to use cellular data if the wifi connection is bad?

Yes, I believe I have that on.

Maybe try airplane mode and then turn on wifi and see if that works?

I'll give that a try today and I'll let you know. But on my iPad (where I have no cellular data) it still doesn't work. Still, it's worth a shot.

Thanks! :)

[cobrabr]

Tried turning on airplane mode and switching wifi on, but the results were the same as I described above. :(

[jgoldshlag]

Any chance you can provide a screenshot of your phone's wifi settings? Do you have anything at all strange set there? Does your PC have any "internet security" products installed?

[cobrabr]

Nothing really all that strange. I can post a screenshot tomorrow, sure.

No "internet security" things at all on PC other than Windows Firewall (which has an exception rule for padherder_proxy).

[cobrabr]

Sorry for the delay. Here's the screenshot (it's from my iPad):

[jgoldshlag]

I have no idea what the issue is then. Perhaps try turning off Windows Firewall entirely?

[cobrabr]

I've tried running it with the Firewall off, but the same thing happens,,,

Is there some way of getting debug logs or something similar from the proxy?

[cobrabr]

After trying a bunch of stuff, I made it work -- no idea what, exactly, because all I did was re-do the initial config 3 or 4 times.

It might have something to do with my PADHerder password... it was a big, password manager-generated password, and I changed it to something shorter and easy to type (I was trying to see if the problem was on my PC or my device, so I tried it on another PC, to no avail). After leaving the short password in and retrying a couple of times (and getting one or two 101 errors), it finally went through.

[StefanSquared]

I've been getting this error since a few months ago with every padherder syncing app I've tried. I used the PADListener app on my android device before and it worked perfectly. After a PAD update it only worked on rooted android and then after another update it stopped working altogether. I've also tried some other PC based syncing methods to no avail. I tried this program, I downloaded the CA from mitm.it but I didn't get a "Name this certificate" dialogue, just three checkboxes allowing the certificate to read something about email, developers and I forgot the third one. I checked all three then if I tap the android download button again it says certificate already installed (although I can't find it under Trusted user credentials in android security options). I then setup the DNS and when I start pad I get error 101/104 and the same thing as Exaxxion in the logs. All of these people getting error 101 aren't doing anything wrong, the problem lies in how data is requested by the app so developer, please look into that cus not being able to track evo mats sucks. All suggestions are welcome. Thanks in advance.

[cobrabr]

FYI, this is still an issue. I haven't been able to sync with PADHerder at all since my last post. Even reconfiguring everything from scratch doesn't work anymore.

[Exaxxion]

I've been terribly busy so I apologize for the long silence. In my particular case, I think I've narrowed down the problem to a malfunctioning certificate store. I suspect that a new phone would resolve the problem.

[delthas]

I had the same issue on my phone and I tried to fix it and it worked.

I think the problem is due to the fact that the certificate is added as user-trusted certificate (or isn't added at all? on my phone it looks like it wasn't added, and adding it manually as a user-trusted cert didn't make it work either). So the solution is to add it as a system-trusted certificate to make sure Android validates the certificate sent during the TLS handshake with the mitm proxy.

Here's what I did:

• Extract the certificate bytes of the mitm proxy used by padherder_proxy using Wireshark to a file (in my case cert.der since it's in the DER format at this point).
• Convert it to a PEM certificate using openssl: openssl x509 -inform der -in cert.der -out certificate.pem
• Extract the hash from the PEM certificate using openssl: openssl x509 -inform PEM -subject_hash_old -in certificate.pem | head -1. This returned 0094bf25.
• Create an Android-compatible certificate using openssl and the hash I got from the previous command: openssl x509 -inform PEM -text -in certificate.pem -out /dev/null >> 0094bf25.0. Just replace all the "0094bf25" with your own hash if you got a different hash, just make sure to keep the ".0" at the end. This will generate a file named 0094bf25.0.

OR

• You can download the 0094bf25.0 file here. I'm not sure if the certificate file is the same for all padherder_proxy instances but maybe it is so you can take this file.

​ ​ ​ Then:

• Copy the file named 0094bf25.0 to my phone.
• Grab a root shell to my phone (I used adb root then adb shell from my computer to which my phone was USB connected).
• From the shell, I typed the following commands:
• mount -o remount,rw /system to able to make changes to /system
• cp /sdcard/0094bf25.0 /system/etc/security/cacerts/ to copy the certificate to the place used by Android to store all the certificates. Of course you have to change the path to your certificate if you didn't put it in your /sdcard.
• cd /system/etc/security/cacerts/
• chmod 644 0094bf25.0 to give the right permissions to the newly added certificate
• ls -lA to list all files in the folder and check that the certificate file is there with the right permissions. For example I saw the line -rw-r--r-- 1 root root u:object_r:system_file:s0 3895 2017-03-28 03:43 0094bf25.0.
• reboot to make Android reload its root certificates. At that point your phone reboots and your shell gets disconnected.

On reboot I just started PAD and it worked fine. (I had the right DNS server set in my Wifi settings of course else it wouldn't have worked).

Hope it works for you too! If it doesn't, and you're not sure how to extract the certificate from the handshake, ask me.

[atomic04]

hello,

I have the same error 101 in PAD if I run using the proxy

on iOS 10.3, same error on iPad (no cellular) as iPhone certificate is installed windows firewall is turned off

the DNS proxy log shows request and reply to api-eu-ios.padsv.gungho.jp

the status gives Got DNS Request

then the game gives error 101

tried multiple reinstalls, reboots but no success

anyone has any tips, not sure what I can do, could this be a problem with EU version?

[cobrabr]

Since updating to iOS 10, this issue stopped happening for me.

[puraw2]

For new iOS, try going to Settings->General->About->Certificate Trust Settings to ensure that the PortSwigger CA certificate is enabled. (Imported from Safari at :443 as a setup step.) You can disable again after you sync.

[tobin3rd]

Hi, new to this an have been trying an endless amount of times to get the beyond the "Error 101" when setting up DNS... thus far I've gotten absolutely nowhere and I'm at this point ready to quit. can any instruct me on what I could be doing wrong and what I should be doing to actually get this process working correctly?

[jgoldshlag]

A couple things:

Are you really using BootP? I'm pretty sure that isn't really used anymore, not sure it would matter though.

Try turning off ipv6. I don't have it on my iPhone, so I am unsure how to turn it off, you might need to mess with your router settings or just blank out that section on your phone.

I assume you followed all the directions about installing the certificate (visting mitm.it, etc)?