Giters

schwabe / ics-openvpn

OpenVPN for Android

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

UDP []: Operation not permitted if app is not unrestricted (battery)

Zocker1999NET opened this issue · comments

commented

General information

  1. Android Version: 13
  2. Custom ROM: LineageOS with microG
  3. Device: Fairphone 4
  4. Version of the app (version number/play store version/self-built): 0.7.49, F-Droid

Description of the issue

TL;DR: #472 (comment)

OpenVPN for Android was not able to connect to the OpenVPN server of my university after an upgrade of LineageOS with microG (from 20-20230908-microG-FP4 to 20-20231008-microG-FP4). The issue was similar to the one in the referenced issue. So I did the following steps to (try to) mitigate it:

  • App info: kill the app
  • retry VPN -> fails again
  • kill app again
  • App info -> App battery usage: set to “unrestricted” (was “optimized” before, which worked without any issue)
  • retry VPN -> now works 🎉
  • (reproducing for logs) kill app again
  • App battery usage: set back to ”optimized”
  • retry VPN -> now works as well 🤔

This happened for me in work mode. As I couldn’t reproduce the issue, I didn’t tried in “non-work” mode.

Proposed Workaround

It took some time for me to debug this issue. To mitigate this for others in the future as well, maybe introduce a single-time warning for this specific issue that changing the App battery usage could help.

(If there is already one in general, I would still add a second one for when this issue arises. Mostly because it worked for me for the past 8 months with at least 8 similar upgrades without any issue.)

Maybe this is an issue of AOSP as the app was registered & allowed as a VPN service with always-on enabled. However, I’m not that into Android APIs to evaluate that.

Log (if applicable)

(couldn’t reproduce the issue)

Configuration file

config file 
# Config for OpenVPN 2.x
# Enables connection to GUI
management /data/user/10/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold

setenv IV_GUI_VER "de.blinkt.openvpn 0.7.49" 
setenv IV_SSO openurl,webauth,crtext
setenv IV_PLAT_VER "33 13 arm64-v8a Fairphone FP4 FP4"
setenv IV_HWADDR <censored>
tls-cert-profile preferred
machine-readable-output
allow-recursive-routing
ifconfig-nowarn
client
verb 4
connect-retry 3 300
resolv-retry 60
dev tun
remote 2a00:1398:0:4::7:6 1194 udp
remote 141.52.226.101 1194 udp
remote 2a00:1398:0:4::7:8 443 tcp-client
remote 141.52.226.103 443 tcp-client
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
MIIFmDCCA4CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJERTEq
MCgGA1UECgwhS2FybHNydWhlIEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MSIwIAYD
VQQDDBlLSVQgU0NDIEluZnJhc3RydWN0dXJlIENBMB4XDTIyMDQyNzEyMTQxOFoX
DTQyMDQyMjEyMTQxOFowXTELMAkGA1UEBhMCREUxKjAoBgNVBAoMIUthcmxzcnVo
ZSBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEiMCAGA1UEAwwZS0lUIFNDQyBJbmZy
YXN0cnVjdHVyZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANhZ
pGNUERpGZQ8QjpiYCxWFOwkobOlhNHIBBJI4ppJSuztHbr1zEZs/ckBcDJZYekGU
hVZRJTuSSgOr33hCDE3W91wgTr9DPGj0pYpoCQNq7302vqBiZG+0B4YwlBkdQOSA
NbbAQi93uiNJB3yWEWBuyOi6KCkcDHGbxUMN2zlYItAZnNbAQXhCBO0ZOu850SZW
BW3R0whU1oBxmjHJX++KSd6BctaUF51/+YhUkdrvHS/2BltR7v6WkZWLHeVLhma9
vYLvkUpGFO7j2AfySZkP2K9mg1iivVE0DGD7uF4zmE6qveWjk0u0mN4vLIIXD/dn
7Xf5ik+xJquiboAFotKiKtryq8Ikzwe7BRcbuPzxOsflvRlXlbWZ+vGnsSCw49E/
Ia72UrdHYlRwzQRhwxaWAEECqpKgosohc/AnVEHX+i18W+RKt4uu6/qt39CTQBT4
Dr7HCPY6HedWheVyNfGZ+9lgJ2WcgPzooBLggsxeLXEfAQF5g0MYP0MNuQQfC7RD
QB6HYbYhFkXurgCH2XlTM9p67bLQAVvsSITZMOlqUIsZLJ7gOgb7+5MnUBsOaVuY
evInvAm3z3FFh3n+lezBzOIPfBjlswK/EWdqwy9J11sCosZeZ6MTL9xo5Bka0OPS
/Jcs7SXqZBRz3I7SDymken07Br9QtknaVuZxmgLVAgMBAAGjYzBhMB0GA1UdDgQW
BBScMDUcAodWILAMIiD6TsfvJmDH5jAfBgNVHSMEGDAWgBScMDUcAodWILAMIiD6
TsfvJmDH5jAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG
9w0BAQsFAAOCAgEAEUSGASZU4izzTtn4fcyGJQIuyEbv/8zCxztK7kvFQX8eD4Cu
/sd7qofYbUqzSv1rdAPu2zPbjCVabsr5dH3iCiMWvzYGc7laJ9w7xUgZZYzYnP/T
8qG8f3BmQkCE8c8zRvqef+zNYAkhoaXfozEzKz9uNIei2IHFh/uwJWiZ6f3gAhfK
9ia6kn5SJYktKlFB8mlCcIy8TS27XmwaVBCGGEH9o+0+DlpxYX3Tq+YSbWd/H1tI
chc75clSE1zLumPxx+sYpX5Su+NGbhzfA1yO6TTbOBK1tdnFoGTDEnFbgRcVURoI
9pqWvRKScIoRW1QpvPHd5NCgOTFCUbOZzvMTNwQaenuGdy7D+oVDUSp2gzl7rZD5
a07QxuJguE9UaVqWmDhDP9hVD4k4/hVnPO9jCWWz8RXt+M+x5CF/qPPH0SsWj4YQ
VH/QbiPlMXci8rOVTeq56ACZYVPVbXuzlsg58xPX0ZpsRI03+fEAVFg/mlbvDHOb
AcFWnI7PwnIy61Flfozzy7cr/9o0Gr3KEhDskrD3S3H820R8Dbkju+7HjXwQi30p
7ErafTDABmJ8ECWlQ5y/yM7GQ01pdfvpgwZ8rU3pZdJDvWe60nhYCw2TakTIyoCF
OYaApi8ZPkXP4KB2mJdRi1eCh+In7z2bzqad5+z/e6kG/IEX2iB+/IbLj1w=
-----END CERTIFICATE-----
</ca>
route-ipv6 ::/0
route 0.0.0.0 0.0.0.0 vpn_gateway
nobind
verify-x509-name ovpn.scc.kit.edu name
persist-tun
# persist-tun also enables pre resolving to avoid DNS resolve problem
preresolve
# Use system proxy setting
management-query-proxy
# Custom configuration options
# You are on your on own here :)
# These options found in the config file do not map to config settings:
server-poll-timeout 5 
tls-version-min 1.3

(original source is here)

PS

Thanks for making this app ❤️. It helps me to implement my “always-VPN lifestyle”.