andiodine
andiodine copied to clipboard
yvesf
ip6tables error messsage
I've tried the 1.2rc1 build that you posted today. I can see the correct messages from the native-iodine code however it fails when trying to configure some ip6tables rules. btw: openvpn works without problems. phone is a nexus 5 with rooted stock rom. iodined was started with -m 1280
D/NATIVE (11195): Native Library iodine-client loaded
E/iodine (11195): Topdomain from vm: xx.com
E/iodine (11195): Topdomain from vm: xx.com
W/InputMethodManagerService( 776): Window already focused, ignoring focus gain of: com.android.internal.view.IInputMethodClient$Stub$Proxy@43484af8 attribute=null, token = android.os.BinderProxy@43023cb0
I/Iodine (11195): Opened IPv4 UDP socket
I/Iodine (11195): Autodetecting DNS query type (use -T to override)
I/Iodine (11195): .
D/VPN_SERVICE(11195): Send: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECT (has extras) }
D/MAIN (11195): Got intent: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECT flg=0x10 (has extras) }
D/FRAGMENT_STATUS(11195): Got intent: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECT flg=0x10 (has extras) }
I/Iodine (11195):
I/Iodine (11195): Using DNS type NULL queries
I/Iodine (11195): Version ok, both using protocol v 0x00000502. You are user #0
I/Iodine (11195): Server tunnel IP is 10.9.0.1
I/Iodine (11195): Skipping raw mode
I/Iodine (11195): Using EDNS0 extension
I/Iodine (11195): Retrying upstream codec test...
I/Iodine (11195): Switching upstream to codec Base128
I/Iodine (11195): Server switched upstream to codec Base128
I/Iodine (11195): No alternative downstream codec available, using default (Raw)
I/Iodine (11195): Switching to lazy mode for low-latency
I/Iodine (11195): Server switched to lazy mode
I/Iodine (11195): Autoprobing max downstream fragment size... (skip with -m fragsize)
I/Iodine (11195): 768 ok..
I/Iodine (11195): 1152 ok..
I/Iodine (11195): .
I/Iodine (11195): .
I/Iodine (11195): .
I/Iodine (11195): 1344 not ok..
I/Iodine (11195): .
I/Iodine (11195): .
I/Iodine (11195): .
I/Iodine (11195): 1248 not ok..
I/Iodine (11195): .
I/Iodine (11195): .
I/Iodine (11195): .
I/Iodine (11195): 1200 not ok..
I/Iodine (11195): 1176 ok..
I/Iodine (11195): 1188 ok..
I/Iodine (11195): will use 1188-2=1186
I/Iodine (11195): Setting downstream fragment size to max 1186...
I/Iodine (11195): Handshake successful, leave native code
D/VPN_SERVICE(11195): Handshake successful
D/VPN_SERVICE(11195): Send: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECTED (has extras) }
D/VPN_SERVICE(11195): Build tunnel for configuration: ip=10.9.0.2 netbits=24 mtu=1280
D/VPN_SERVICE(11195): Set default route
D/VPN_SERVICE(11195): Build tunnel interface
D/Vpn ( 776): setting state=CONNECTING, reason=establish
D/VpnJni ( 776): Address added on tun0: 10.9.0.2/24
D/FRAGMENT_STATUS(11195): Got intent: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECTED flg=0x10 (has extras) }
I/ip6tables( 180): ip6tables v1.4.11.1: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
I/ip6tables( 180): Perhaps ip6tables or your kernel needs to be upgraded.
I/ip6tables( 180): ip6tables terminated by exit(3)
E/Netd ( 180): exec() res=0, status=768 for /system/bin/ip6tables -t nat -A st_nat_POSTROUTING -o tun0 -m mark --mark 61 -j MASQUERADE
I/Vpn ( 776): Established by org.xapek.andiodine on tun0
D/Vpn ( 776): setting state=AUTHENTICATING, reason=establish
D/VPN_SERVICE(11195): Send: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECTED (has extras) }
D/VPN_SERVICE(11195): Tunnel active
I/Iodine (11195): Run client_tunnel_cb
D/FRAGMENT_STATUS(11195): Got intent: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECTED flg=0x10 (has extras) }
D/ConnectivityService( 776): handleInetConditionHoldEnd: net=1, condition=100, published condition=100
D/VPN_SERVICE(11195): Send: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_DISCONNECT (has extras) }
D/FRAGMENT_STATUS(11195): Got intent: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_DISCONNECT flg=0x10 (has extras) }
W/Netd ( 180): No subsystem found in netlink event
W/Netd ( 180): No subsystem found in netlink event
E/NetlinkEvent( 180): Unknown ifindex 34 in RTM_DELADDR
D/NetlinkEvent( 180): Unexpected netlink message. type=0x11
I/ip6tables( 180): ip6tables v1.4.11.1: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
I/ip6tables( 180): Perhaps ip6tables or your kernel needs to be upgraded.
I/ip6tables( 180): ip6tables terminated by exit(3)
E/Netd ( 180): exec() res=0, status=768 for /system/bin/ip6tables -t nat -D st_nat_POSTROUTING -o tun0 -m mark --mark 61 -j MASQUERADE
D/Vpn ( 776): setting state=DISCONNECTED, reason=interfaceRemoved
D/VPN_SERVICE(11195): Send: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_IDLE }
D/VPN_SERVICE(11195): VPN Thread exit
Hi, thanks for reporting this problem. However, right now I don't have any clue whats the reason for this problem. It could be that your android build is broken, but thats just guessing. I can only ask you to play a bit with the configuration (mtu,fragment size,reboot the phone etc). When I find time I'll look into openvpn for android to see what different there. Kind regards, Yves
which openvpn client did you tried? Was it this one: https://code.google.com/p/ics-openvpn/ ?
The iptables errors are not fatal: https://android.googlesource.com/platform/system/netd/+/android-4.4.4_r2/SecondaryTableController.cpp#413
Hi, i used the "OpenVPN für Android 0.6.17" app from arne schwabe. It seems that openvpn does not try to activate ipv6 for the tunnel. As you can see from the logcat the iodine vpn link is closed after the second ip6tables error message. I will try to use different settings. could you post a resent apk build? bjoern
Doesn't iodine only support ipv4?
This is a piece of software that lets you tunnel IPv4 data through a DNS server
http://code.kryo.se/iodine/README.html
Doesn't iodine only support ipv4?
That is correct. Android, however, configures ipv6 iptables anyway. I don't think it's possible to disable this stepit through the VPN Framework API.