simple config with static key: wrong ifconfig line

Question

simple config with static key: wrong ifconfig line

jbarth-ubhd opened this issue 7 months ago · comments

jbarth-ubhd commented 7 months ago

General information

Android Version
Fire OS 7.3.2.8
Android Vendor/Custom ROM
Amazon
Device
Amazon Fire HD 10, 11th generation
Version of the app (version number/play store version/self-built)
latest from f-droid, as of 2023-oct-29: v0.7.49-0-ga...

Description of the issue

Tried simple config with pre-shared static key.

Requires line ifconfig 10.8.0.2 10.8.0.1, but this gets changed to ifconfig 10.8.0.2 255.255.255.255 when importing my openvpn config.

After establishing connection:
ifconfig on "terminal emulator app" says: tun0 10.8.0.2 P-t-P 10.8.0.2, and connections to 10.8.0.1 do not work.

Managed to change this by editing the ip adress tab and removing the ip address and adding custom option with correct ifconfig line.

Astonishingly ifconfig on "terminal emulator app" still says tun0 10.8.0.2 P-t-P 10.8.0.2 but connections to 10.8.0.1 work now.

Additionally had some issues with modifying the configuration: the "generated configuration" lagged a bit behind — needed to exit config editing and re-enter to see changes.

Log (if applicable)

n/a

Configuration file

client:

remote xxxx.yyyy.de
cipher AES-256-CBC
dev tun
ifconfig 10.8.0.2 10.8.0.1
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

#
# 2048 bit OpenVPN static key
#
<secret>
-----BEGIN OpenVPN Static key V1-----
((some hex stuff))
-----END OpenVPN Static key V1-----
</secret>

Arne Schwabe · Answer 1 · Mon Oct 30 2023 20:16:57 GMT+0800 (China Standard Time)

This is correct. Android does not use the gateway IP, so treating this is a IP/32 is correct on Android.

As a side note, the --secret mode is scheduled to be removed in OpenVPN 2.7/2.8

jbarth-ubhd · Answer 2 · Mon Oct 30 2023 20:19:04 GMT+0800 (China Standard Time)

Thanks. Will switch to peer-fingerprint.