From 5b95785060adace6b48a69d560051261233d954d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Sat, 6 Feb 2016 13:00:53 +0100 Subject: Update ics-openvpn --- app/src/main/res/values/colours.xml | 2 +- app/src/main/res/values/dimens.xml | 2 +- app/src/main/res/values/refs.xml | 14 +++++------ app/src/main/res/values/strings-icsopenvpn.xml | 35 +++++++++++++++++++------- app/src/main/res/values/styles.xml | 16 +++--------- 5 files changed, 38 insertions(+), 31 deletions(-) (limited to 'app/src/main/res/values') diff --git a/app/src/main/res/values/colours.xml b/app/src/main/res/values/colours.xml index f27167f3..d06bc233 100644 --- a/app/src/main/res/values/colours.xml +++ b/app/src/main/res/values/colours.xml @@ -1,6 +1,6 @@ diff --git a/app/src/main/res/values/dimens.xml b/app/src/main/res/values/dimens.xml index 727f5a78..f8fafecd 100644 --- a/app/src/main/res/values/dimens.xml +++ b/app/src/main/res/values/dimens.xml @@ -1,6 +1,6 @@ diff --git a/app/src/main/res/values/refs.xml b/app/src/main/res/values/refs.xml index 6abfb609..dce39385 100644 --- a/app/src/main/res/values/refs.xml +++ b/app/src/main/res/values/refs.xml @@ -1,14 +1,14 @@ - @android:drawable/ic_menu_close_clear_cancel - @android:drawable/ic_menu_share - @android:drawable/ic_menu_save - @android:drawable/ic_menu_view - @android:drawable/ic_menu_delete - @android:drawable/ic_menu_edit + @android:drawable/ic_menu_close_clear_cancel + @android:drawable/ic_menu_share + @android:drawable/ic_menu_save + @android:drawable/ic_menu_view + @android:drawable/ic_menu_delete + @android:drawable/ic_menu_edit diff --git a/app/src/main/res/values/strings-icsopenvpn.xml b/app/src/main/res/values/strings-icsopenvpn.xml index dec656fc..aa65a14d 100755 --- a/app/src/main/res/values/strings-icsopenvpn.xml +++ b/app/src/main/res/values/strings-icsopenvpn.xml @@ -1,5 +1,5 @@ @@ -18,7 +18,7 @@ PKCS12 File CA Certificate You must select a certificate - Source code and issue tracker available at https://github.com/schwabe/ics-openvpn + Source code and issue tracker available at https://github.com/schwabe/ics-openvpn/ This program uses the following components; see the source code for full details on the licenses About Profiles @@ -157,7 +157,7 @@ imported profile imported profile %d Broken Images - <p>Official HTC images are known to have a strange routing problem causing traffic not to flow through the tunnel (See also <a href="http://code.google.com/p/ics-openvpn/issues/detail?id=18">Issue 18</a> in the bug tracker.)</p><p>Older official SONY images from Xperia Arc S and Xperia Ray have been reported to be missing the VPNService completely from the image. (See also <a href="http://code.google.com/p/ics-openvpn/issues/detail?id=29">Issue 29</a> in the bug tracker.)</p><p>On custom build images the tun module might be missing or the rights of /dev/tun might be wrong. Some CM9 images need the "Fix ownership" option under "Device specific hacks" enabled.</p><p>Most importantly: If your device has a broken Android image, report it to your vendor. The more people who report an issue to the vendor, the more likely they are to fix it.</p> + <p>Official HTC images are known to have a strange routing problem causing traffic not to flow through the tunnel (See also <a href="https://github.com/schwabe/ics-openvpn/issues/18">Issue 18</a> in the bug tracker.)</p><p>Older official SONY images from Xperia Arc S and Xperia Ray have been reported to be missing the VPNService completely from the image. (See also <a href="https://github.com/schwabe/ics-openvpn/issues/29">Issue 29</a> in the bug tracker.)</p><p>On custom build images the tun module might be missing or the rights of /dev/tun might be wrong. Some CM9 images need the "Fix ownership" option under "Device specific hacks" enabled.</p><p>Most importantly: If your device has a broken Android image, report it to your vendor. The more people who report an issue to the vendor, the more likely they are to fix it.</p> PKCS12 File Encryption Key Private Key Password Password @@ -178,7 +178,7 @@ No CA Certificate returned while reading from Android keystore. Authentication will probably fail. Shows the log window on connect. The log window can always be accessed from the notification status. Show log window - Running on %1$s (%2$s) %3$s, Android API %4$d + %10$s %9$s running on %3$s %1$s (%2$s), Android %6$s (%7$s) API %4$d, ABI %5$s, (%8$s) Error signing with Android keystore key %1$s: %2$s The VPN connection warning telling you that this app can intercept all traffic is imposed by the system to prevent abuse of the VPNService API.\nThe VPN connection notification (The key symbol) is also imposed by the Android system to signal an ongoing VPN connection. On some images this notification plays a sound.\nAndroid introduced these system dialogs for your own safety and made sure that they cannot be circumvented. (On some images this unfortunately includes a notification sound) Connection warning and notification sound @@ -192,7 +192,7 @@ No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers. Please also note that Android will keep using your proxy settings specified for your mobile/Wi-Fi connection when no DNS servers are set. Could not add DNS Server \"%1$s\", rejected by the system: %2$s Could not configure IP Address \"%1$s\", rejected by the system: %2$s - <p>Get a working config (tested on your computer or download from your provider/organisation)</p><p>If it is a single file with no extra pem/pks12 files you can email the file yourself and open the attachment. If you have multiple files put them on your sd card.</p><p>Click on the email attachment/Use the folder icon in the vpn list to import the config file</p><p>If there are errors about missing files put the missing files on your sd card.</p><p>Click on the save symbol to add the imported VPN to your VPN list</p><p>Connect the VPN by clicking on the name of the VPN</p><p>If there are error or warnings in the log try to understand the warnings/error and try to fix them</p> + <p>Get a working config (tested on your computer or download from your provider/organisation)</p><p>If it is a single file with no extra pem/pkcs12 files you can email the file yourself and open the attachment. If you have multiple files put them on your sd card.</p><p>Click on the email attachment/Use the folder icon in the vpn list to import the config file</p><p>If there are errors about missing files put the missing files on your sd card.</p><p>Click on the save symbol to add the imported VPN to your VPN list</p><p>Connect the VPN by clicking on the name of the VPN</p><p>If there are error or warnings in the log try to understand the warnings/error and try to fix them</p> Quick Start Try to load the tun.ko kernel module before trying to connect. Needs rooted devices. Load tun module @@ -223,7 +223,7 @@ Import OpenVPN configuration Battery consumption In my personal tests the main reason for high battery consumption of OpenVPN are the keepalive packets. Most OpenVPN servers have a configuration directive like \'keepalive 10 60\' which causes the client and server to exchange keepalive packets every ten seconds. <p> While these packets are small and do not use much traffic, they keep the mobile radio network busy and increase the energy consumption. (See also <a href="http://developer.android.com/training/efficient-downloads/efficient-network-access.html#RadioStateMachine">The Radio State Machine | Android Developers</a>) <p> This keepalive setting cannot be changed on the client. Only the system administrator of the OpenVPN can change the setting. <p> Unfortunately using a keepalive larger than 60 seconds with UDP can cause some NAT gateways to drop the connection due to an inactivity timeout. Using TCP with a long keep alive timeout works, but tunneling TCP over TCP performs extremely poorly on connections with high packet loss. (See <a href="http://sites.inka.de/bigred/devel/tcp-tcp.html">Why TCP Over TCP Is A Bad Idea</a>) - The Android Tethering feature (over WiFi, USB or Bluetooth) and the VPNService API (used by this program) do not work together. For more details see the <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\">issue #34</a> + The Android Tethering feature (over WiFi, USB or Bluetooth) and the VPNService API (used by this program) do not work together. For more details see the <a href=\"https://github.com/schwabe/ics-openvpn/issues/34\">issue #34</a> VPN and Tethering Connection retries Reconnection settings @@ -258,7 +258,6 @@ Encryption cipher Packet authentication Enter packet authentication method - Running on %1$s (%2$s) %3$s, Android API %4$d, version %5$s, %6$s built by %s debug build official build @@ -377,10 +376,28 @@ Persist tun mode %s and later Connections fails with SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure - Newer OpenVPN for Android versions (0.6.29/March 2015) use a more secure default for the allowed cipher suites (tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\"). Unfortunately, omitting the less secure cipher suites and export cipher suites, especially the omission of cipher suites that do not support Perfect Forward Secrecy (Diffie-Hellman) causes some problems. This usually caused by an well-intentioned but poorly executed attempts to strengthen TLS security by setting tls-cipher on the server or some embedded OSes with stripped down SSL (e.g. MikroTik).\nTo solve this problem the problem, set the tls-cipher settings on the server to reasonable default like tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\". To work around the problem on the client add the custom option tls-cipher DEFAULT on the Android client. + Newer OpenVPN for Android versions (0.6.29/March 2015) use a more secure default for the allowed cipher suites (tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\"). Unfortunately, omitting the less secure cipher suites and export cipher suites, especially the omission of cipher suites that do not support Perfect Forward Secrecy (Diffie-Hellman) causes some problems. This usually caused by an well-intentioned but poorly executed attempt to strengthen TLS security by setting tls-cipher on the server or some embedded OSes with stripped down SSL (e.g. MikroTik).\nTo solve this problem the problem, set the tls-cipher settings on the server to reasonable default like tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\". To work around the problem on the client add the custom option tls-cipher DEFAULT on the Android client. This profile has been added from an external app (%s) and has been marked as not user editable. Certificate Revocation List Restarting OpenVPN Service (App crashed probably crashed or killed for memory pressure) Importing the config yielded an error, cannot save it - + Search + (Last dump is %1$d:%2$dh old (%3$s)) + Clear log on new connection + Connect Timeout + No allowed app added. Adding ourselves (%s) to have at least one app in the allowed app list to not allow all apps + OpenVPN for Android can try to discover the missing file(s) on the sdcard automatically. Tap this message start the permission request. + Protocol + Enabled + Preferred native ABI precedence of this device (%1$s) and ABI reported by native libraries (%2$s) mismatch + %d months left + %d days left + %d hours left + VPN permission revoked by OS (e.g. other VPN program started), stopping VPN + Push Peer info + Send extra information to the server, e.g. SSL version and Android version + Need %1$s + Please enter the password for profile %1$s + Use inline data + Export configuration file diff --git a/app/src/main/res/values/styles.xml b/app/src/main/res/values/styles.xml index 94970c88..13d5e0b1 100644 --- a/app/src/main/res/values/styles.xml +++ b/app/src/main/res/values/styles.xml @@ -1,24 +1,14 @@ - - - - - +