From 25e680bf2d4391709cd45bc0b55f3a220885357f Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Tue, 20 Nov 2012 10:22:50 +0100 Subject: VPN+tethering is becoming a FAQ --- res/values/strings.xml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'res/values') diff --git a/res/values/strings.xml b/res/values/strings.xml index a0d1a4f0..7958aca9 100644 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -228,5 +228,7 @@ OpenVPN Log Import OpenVPN configuration Battery consumption - In my personal tests the main reason for high battery consumption of OpenVPN are the keepalive packets. Most OpenVPN servers have a configuration directive like \'keepalive 10 60\' which translates to a keepalive packet from client to server and server to client every ten seconds. <p> While these packets are small and do not use much traffic, they keep the mobile radio network busy and increase the energy consumption. <p> This keepalive setting cannot be changed on the client. Only the system administrator of the OpenVPN can change the setting. <p> Unfortunatly using a keepalive larger than 60 seconds with udp has problems with some NAT gateways which terminate the state for a connnection after a short timeout (60s in my tests). Using TCP with long keepalive timeout works but has the TCP over TCP problem. (See <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">Why TCP Over TCP Is A Bad Ide</a>) + In my personal tests the main reason for high battery consumption of OpenVPN are the keepalive packets. Most OpenVPN servers have a configuration directive like \'keepalive 10 60\' which translates to a keepalive packet from client to server and server to client every ten seconds. <p> While these packets are small and do not use much traffic, they keep the mobile radio network busy and increase the energy consumption. <p> This keepalive setting cannot be changed on the client. Only the system administrator of the OpenVPN can change the setting. <p> Unfortunately using a keepalive larger than 60 seconds with udp has problems with some NAT gateways which terminate the state for a connnection after a short timeout (60s in my tests). Using TCP with long keepalive timeout works but has the TCP over TCP problem. (See <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">Why TCP Over TCP Is A Bad Ide</a>) + The Android Tethering feature (over WiFi, USB or Bluetooth) and the VPNService API (used by this program) do not work together. For more details see the <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\">issue #34</a> + VPN and Tethering -- cgit v1.2.3 From c941b6b893f802192824bb91a265a849d0554bb5 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sat, 15 Dec 2012 20:57:17 +0100 Subject: Add english corrections from crowding for next version. --- res/values/strings.xml | 460 ++++++++++++++++++++++++------------------------- 1 file changed, 229 insertions(+), 231 deletions(-) mode change 100644 => 100755 res/values/strings.xml (limited to 'res/values') diff --git a/res/values/strings.xml b/res/values/strings.xml old mode 100644 new mode 100755 index 7958aca9..5dda7274 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -1,234 +1,232 @@ + - OpenVPN for Android - Server Address: - Server Port: - Location - folder can\'t be read! - Select - Cancel - No Data - LZO Compression - No Certificate - Client Certificate - Client Certificate Key - PKCS12 File - CA Certificate - Nothing selected - Source code and issue tracker available under http://code.google.com/p/ics-openvpn/ - The program uses the following components. See the source for full details on the licenses - About - About OpenVPN for Android - List of all configured VPNs - VPN Profiles - Type - PKCS12 Password - Select… - Nothing Selected - Use TLS Authentication - TLS Direction - Enter IPv6 Address/Netmask in CIDR Format (e.g. 2000:dd::23/64) - Enter IPv4 Address/Netmask in CIDR Format (e.g. 1.2.3.4/24) - IPv4 Address - IPv6 Address - Enter custom OpenVPN options. Use with great care. Also note that many of the tun related OpenVPN settings cannot be supported by design of the VPNSettings. If you think an important option is missing contact the author - Username - Password - For the static configuration the TLS Auth Keys will be used as static keys. - Configure the VPN - Add Profile - Enter a name identifying the new Profile - Duplicate Profile Name - Profile Name - No User certificate selected. - No error found - Error in Configuration - Cannot parse the IPv4 address - Cannot parse the custom routes - Leave empty to query on demand - OpenVPN Shortcut - Connect to VPN - Profile specified in shortcut not found - Random Host Prefix - Adds 6 random chars in front of hostname - Enable Custom Options - Specify custom options. Use with care! - Route rejected by Android - Disconnect - clear log - Cancel Confirmation - Disconnect the connected VPN/cancel the connection attempt? - Remove VPN - Checks whether the server uses a TLS Server Certificate - Except TLS Server - Checks the Remote Server Certificate CN against a string - Certificate Hostname Check - Enter the string against which the remote Server is checked. OpenVPN will use prefix matching. "Server" matches "Server-1" and "Server-2"\nLeave empty to check the CN against the server hostname. - Remote Hostname(CN) - Enables the TLS Key Authentication - TLS Auth File - Requests IP addresses, routes and timing options from the server. - No information is requested from the server. Settings need to be specified below. - Pull Settings - DNS - Override DNS Settings by Server - Use your own DNS Servers - searchDomain - DNS Server to be used. - DNS Server - Secondary DNS Server used if the normal DNS Server cannot be reached. - Backup DNS Server - Ignore pushed routes - Ignore routed pushed by the server. - Redirects all Traffic over the VPN - Use default Route - Enter custom routes. Only enter destination in CIDR format. "10.0.0.0/8 2002::/16" would direct the networks 10.0.0.0/8 and 2002::/16 over the VPN. - Custom Routes - Log verbosity level - Allows authenticated packets from any IP - Allow floating server - Custom Options - Edit VPN Settings - Remove the VPN Profile %s? - On some custom ICS images the permission on /dev/tun might be wrong, or the tun module might be missing completely. For CM9 images try the fix ownership option under general settings - Opening tun interface failed badly. - "Error: " - Clear - info - Show connection details - Last interface configuration from OpenVPN: - Local IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d - DNS Server: %s - DNS Domain: %s - Routes: %s - Routes IPv6: %s - Got interface information %1$s and %2$s, assuming second address is peer address of remote. Using /32 netmask for local IP. Mode given by OpenVPN is \"%3$s\". - Cannot make sense of %1$s and %2$s as IP route with CIDR netmask, using /32 as netmask. - Corrected route %1$s/%2$s to %3$s/%2$s - Cannot access the Android Keychain Certificates. (Can be caused by a firmware upgrade or by restoring a backup of the app/app settings). Please edit the VPN and reselect the certificate under basic settings to recreate the permission to access the certificate. - %1$s %2$s - Send log file - Send - ICS OpenVPN log file - Copied log entry to clip board - Tap Mode - Tap Mode is not possible with the non root VPN API. Therefore this application cannot provide tap support - Again? Are you kidding? No tap mode is really not supported and sending more mail asking if it will be supported will not help. - A third time? Actually one could write a a tap emulator based on tun that would add layer2 information on send and strip layer2 information on receive. But this tap emulator would have to implement also ARP and possible a DHCP client. I am not aware of anybody doing any work in this direction. Contact me if you want to start coding on this. - FAQ - Frequently asked questions and some advice - Copying log entries - To copy a single log entry press and and hold on the log entry. To copy/send the whole log use the Send Log option. Use the hardware menu button if not visible in the GUI. - Shortcut to start - You can place a shortcut to start OpenVPN on your desktop. Depending on your homescreen program you have to add a shortcut or a widget. - Your image does not support the VPNService API,sorry :( - Encryption - Enter encryption method - Enter the cipher key for OpenVPN. Leave empty to use default cipher - Authentication/Encryption - File Explorer - Inline File - Import - Error importing File - Could not import File from filesystem - [[Inline file data]] - Refusing to open tun device without IP information - Import Profile from ovpn file - Import - Could not read Profile to import - Error reading config file - add Profile - Trying to read file: %1$s - Could not find file %1$s mentioned in the imported config file - Importing config file from source %1$s - Your configuration had a few configuration options that could be parsed. These options were added as custom configuration options. The custom configuration is displayed below: - Done reading config file. - Do not bind to local address and port - No local binding - Import configuration file - Security considerations - "As OpenVPN is security sensitive a few notes about security are sensible. All data on the sdcard is inherently insecure. Every app can read it (for example this program requires no special sd card rights). The data of this application can only be read by the application itself. By using the import option for cacert/cert/key in the file dialog the data is stored in the VPN profile. The VPN profiles are only accessible by this application. (Do not forget to delete the copies on the sd card afterwards). Even though accessible only by this application the data is still unencrypted. By rooting the telephone or other exploits it may be possible to retrieve the data. Saved passwords are stored in plain text as well. For pkcs12 files it is highly recommended that you import them into the android keystore." - Import - Error showing certificate selection - Got an exception trying to show the Android 4.0+ certificate selection dialog. This should never happen as this a standard feature of Android 4.0+. Maybe your Android ROM support for certificate storage is broken - IPv4 - IPv6 - Waiting for state message… - imported profile - imported profile %d - Broken Images - <p>Official HTC images are known to have a strange routing problem causing traffic not to flow through the tunnel (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=18\">Issue 18</a> in the bug tracker.)</p><p>The official SONY images from Xperia arc S and Xperia Ray have been reported to be missing the VPNService completely from the image. Other Sony images may be affected as well. (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=29\">Issue 29</a> in the bug tracker.)</p><p>On custom build images the tun module might be missing or the rights of /dev/tun might be wrong. Some CM9 images need the fix ownership option under general settings.</p><p>Most important: If you have a broken image, report it to your vendor. The more people report the issue to the vendor the more likely you will get a fix.</p> - The username must not be empty. - PKCS12 File Encryption Key - Private Key Password - Password - file icon - TLS Authentication - Generated Config - General Settings - Tries to set the owner of /dev/tun to system. Some CM9 images need this to make the VPNService API work. Requires root. - Fix ownership of /dev/tun - Shows the generated OpenVPN Configuration File - Editing \"%s\" - Building configuration… - Turning this option on will force a reconnect if the network state is change (WIFI to/from mobile) - Reconnect on network change - Got certificate \'%s\' from Keystore - Network Status: %s - The CA cert is usually returned from the Android Keystore. Specify a separate certificate if you get certificate verification errors. - Select - No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail. - Shows the log window on connect. The log window can always be accessed from the notification status. - Show log window - Keep the notification displayed after the connection is established to show traffic statistics. - Show Traffic Statistics - Running on %1$s (%2$s) %3$s, Android API %4$d - Error signing with Android keystore key %1$s: %2$s - The VPN connection warning telling you that this app can intercept all traffic is imposed by the system to prevent abuse of the VPNService API.\nThe VPN connection notification (The key symbol) is also imposed by the Android system to signal an ongoing VPN connection. On some images this notification plays a sound.\nAndroid introduced these system dialogs for your own safety and made sure that they cannot be circumenvented. (On some images this unfortunely includes a notifciation sound) - Connection warning and notification sound - - English translation by Arne Schwabe<arne@rfc2549.org> - IP and DNS - Basic - Routing - Obscure OpenVPN Settings. Normally not needed. - Advanced - ICS Openvpn Config - No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers - Could not add DNS Server \"%1$s\", rejected by the system: %2$s - <p>Get a working config (tested on your computer or download from your provider/organisation)</p><p>If it is a single file no with no extra pem/pks12 files you can email the file yourself and open the attachment. If you have multiple files put them on your sd card.</p><p>Click on the email attachment/Use the folder icon in the vpn list to import the config file</p><p>If there are errors about missing files put the missing files on your sd card.</p><p>Click on the save symbol to add the imported VPN to your VPN list</p><p>Connect the VPN by clicking on the name of the VPN</p><p>If there are error or warnings in the log try to understand the warnings/error and try to fix them</p> - Quick Start - Try to load the tun.ko kernel module before trying to connect. Needs rooted devices. - Load tun module - Import PKCS12 from configuration into Android Keystore - Error getting proxy settings: %s - Using proxy %1$s %2$d - Use system proxy - Use the system wide configuration for HTTP/HTTPS proxies to connect. - You can <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">donate with PayPal</a> - OpenVPN will reconnect a VPN if it was active on system reboot/shutdown. Please read the Connection warning FAQ before using this option. - Reconnect on reboot - Ignore - Restart - Configuration changes are applied after restarting the VPN. (Re)start the VPN now? - Configuration changed - Could not determine last connected profile for editing - Duplicate notifications - If Android is under system memory (RAM) pressure, apps and service which are not needed at the moment are removed from active memory. This terminates an ongoing VPN connection. To ensure that the connection/OpenVPN survives the service runs with higher priority. To run with higher priority the application must display a notification. The key notification icon is imposed by the system as described in the previous FAQ entry. It does not count as app notification for purpose of running with higher priority. - No VPN profiles defined. - Use the <img src=\"ic_menu_add\"/> icon to add a new VPN - Use the <img src=\"ic_menu_archive\"/> icon to import an existing (.ovpn or .conf) profile from your sdcard. - Be sure to also check out the FAQ. There is a quick start guide. - Convert remote-tls format from OpenVPN 2.2 to 2.3 format - Routing/Interface Configuration - The Routing and interface configuration is not done via traditionell ifconfig/route command but by using the VPNService API. This results in a different routing configuration than on other OSes. The configuration only consists of the IP of the tunnel interface and the networks that should be routed over this interface. Especially no peer partner address or gateway address is needed. Special routes to reach the VPN Server (for example added when using redirect-gateway) are not needed either. The application will consequently ignore these settings when importing a configuration. The app ensures with the VPNService API that the connection to the server is not routed through the VPN tunnel. Since only specifing networks to be routed via tunnel is supported extra routes not pointing to the tunnel cannot be supported either. (e.g. route x.x.x.x y.y.y.y net_gateway). The show information button in the log windows show the current configuration of the VPNService network configuration. - Do not fallback to no VPN connection when OpenVPN is reconnecting. - Persistent tun - Translation - OpenVPN Log - Import OpenVPN configuration - Battery consumption - In my personal tests the main reason for high battery consumption of OpenVPN are the keepalive packets. Most OpenVPN servers have a configuration directive like \'keepalive 10 60\' which translates to a keepalive packet from client to server and server to client every ten seconds. <p> While these packets are small and do not use much traffic, they keep the mobile radio network busy and increase the energy consumption. <p> This keepalive setting cannot be changed on the client. Only the system administrator of the OpenVPN can change the setting. <p> Unfortunately using a keepalive larger than 60 seconds with udp has problems with some NAT gateways which terminate the state for a connnection after a short timeout (60s in my tests). Using TCP with long keepalive timeout works but has the TCP over TCP problem. (See <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">Why TCP Over TCP Is A Bad Ide</a>) - The Android Tethering feature (over WiFi, USB or Bluetooth) and the VPNService API (used by this program) do not work together. For more details see the <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\">issue #34</a> - VPN and Tethering + OpenVPN for Android + Server Address: + Server Port: + Location + Unable to read directory + Select + Cancel + No Data + LZO Compression + No Certificate + Client Certificate + Client Certificate Key + PKCS12 File + CA Certificate + You must select a certificate + Source code and issue tracker available at http://code.google.com/p/ics-openvpn/ + This program uses the following components; see the source code for full details on the licenses + About + About OpenVPN for Android + List of all configured VPNs + VPN Profiles + Type + PKCS12 Password + Select… + You must select a file + Use TLS Authentication + TLS Direction + Enter IPv6 Address/Netmask in CIDR Format (e.g. 2000:dd::23/64) + Enter IPv4 Address/Netmask in CIDR Format (e.g. 1.2.3.4/24) + IPv4 Address + IPv6 Address + Enter custom OpenVPN options. Use with caution. Also note that many of the tun related OpenVPN settings cannot be supported by design of the VPNSettings. If you think an important option is missing contact the author + Username + Password + For the static configuration the TLS Auth Keys will be used as static keys + Configure the VPN + Add Profile + Enter a name identifying the new Profile + Please enter a unique Profile Name + Profile Name + You must select a User certificate + No error found + Error in Configuration + Error parsing the IPv4 address + Error parsing the custom routes + (leave empty to query on demand) + OpenVPN Shortcut + Connect to VPN + Profile specified in shortcut not found + Random Host Prefix + Adds 6 random chars in front of hostname + Enable Custom Options + Specify custom options. Use with care! + Route rejected by Android + Disconnect + clear log + Cancel Confirmation + Disconnect the connected VPN/cancel the connection attempt? + Remove VPN + Checks whether the server uses a TLS Server Certificate + Except TLS Server + Checks the Remote Server Certificate CN against a string + Certificate Hostname Check + Enter the string against which the remote Server is checked. OpenVPN will use prefix matching. \"Server\" matches \"Server-1\" and \"Server-2\"\nLeave empty to check the CN against the server hostname. + Remote Hostname(CN) + Enables the TLS Key Authentication + TLS Auth File + Requests IP addresses, routes and timing options from the server. + No information is requested from the server. Settings need to be specified below. + Pull Settings + DNS + Override DNS Settings by Server + Use your own DNS Servers + searchDomain + DNS Server to be used. + DNS Server + Secondary DNS Server used if the normal DNS Server cannot be reached. + Backup DNS Server + Ignore pushed routes + Ignore routed pushed by the server. + Redirects all Traffic over the VPN + Use default Route + Enter custom routes. Only enter destination in CIDR format. \"10.0.0.0/8 2002::/16\" would direct the networks 10.0.0.0/8 and 2002::/16 over the VPN. + Custom Routes + Log verbosity level + Allows authenticated packets from any IP + Allow floating server + Custom Options + Edit VPN Settings + Remove the VPN Profile \'%s\'? + On some custom ICS images the permission on /dev/tun might be wrong, or the tun module might be missing completely. For CM9 images try the fix ownership option under general settings + Failed to open the tun interface + "Error: " + Clear + info + Show connection details + Last interface configuration from OpenVPN: + Local IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d + DNS Server: %s + DNS Domain: %s + Routes: %s + Routes IPv6: %s + Got interface information %1$s and %2$s, assuming second address is peer address of remote. Using /32 netmask for local IP. Mode given by OpenVPN is \"%3$s\". + Cannot make sense of %1$s and %2$s as IP route with CIDR netmask, using /32 as netmask. + Corrected route %1$s/%2$s to %3$s/%2$s + Cannot access the Android Keychain Certificates. This can be caused by a firmware upgrade or by restoring a backup of the app/app settings. Please edit the VPN and reselect the certificate under basic settings to recreate the permission to access the certificate. + %1$s %2$s + Send log file + Send + ICS OpenVPN log file + Copied log entry to clip board + Tap Mode + Tap Mode is not possible with the non root VPN API. Therefore this application cannot provide tap support + Again? Are you kidding? No, tap mode is really not supported and sending more mail asking if it will be supported will not help. + A third time? Actually, one could write a a tap emulator based on tun that would add layer2 information on send and strip layer2 information on receive. But this tap emulator would also have to implement ARP and possibly a DHCP client. I am not aware of anybody doing any work in this direction. Contact me if you want to start coding on this. + FAQ + Frequently asked questions and some advice + Copying log entries + To copy a single log entry press and and hold on the log entry. To copy/send the whole log use the Send Log option. Use the hardware menu button if not visible in the GUI. + Shortcut to start + You can place a shortcut to start OpenVPN on your desktop. Depending on your homescreen program you have to add a shortcut or a widget. + Your image does not support the VPNService API, sorry :( + Encryption + Enter encryption method + Enter the cipher key for OpenVPN. Leave empty to use default cipher + Authentication/Encryption + File Explorer + Inline File + Import + Error importing File + Could not import File from filesystem + [[Inline file data]] + Refusing to open tun device without IP information + Import Profile from ovpn file + Import + Could not read Profile to import + Error reading config file + add Profile + Trying to read file: %1$s + Could not find file %1$s mentioned in the imported config file + Importing config file from source %1$s + Your configuration had a few configuration options that could be parsed. These options were added as custom configuration options. The custom configuration is displayed below: + Done reading config file. + Do not bind to local address and port + No local binding + Import configuration file + Security considerations + "As OpenVPN is security sensitive a few notes about security are sensible. All data on the sdcard is inherently insecure. Every app can read it (for example this program requires no special sd card rights). The data of this application can only be read by the application itself. By using the import option for cacert/cert/key in the file dialog the data is stored in the VPN profile. The VPN profiles are only accessible by this application. (Do not forget to delete the copies on the sd card afterwards). Even though accessible only by this application the data is still unencrypted. By rooting the telephone or other exploits it may be possible to retrieve the data. Saved passwords are stored in plain text as well. For pkcs12 files it is highly recommended that you import them into the android keystore." + Import + Error showing certificate selection + Got an exception trying to show the Android 4.0+ certificate selection dialog. This should never happen as this a standard feature of Android 4.0+. Maybe your Android ROM support for certificate storage is broken + IPv4 + IPv6 + Waiting for state message… + imported profile + imported profile %d + Broken Images + <p>Official HTC images are known to have a strange routing problem causing traffic not to flow through the tunnel (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=18\">Issue 18</a> in the bug tracker.)</p><p>The official SONY images from Xperia arc S and Xperia Ray have been reported to be missing the VPNService completely from the image. Other Sony images may be affected as well. (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=29\">Issue 29</a> in the bug tracker.)</p><p>On custom build images the tun module might be missing or the rights of /dev/tun might be wrong. Some CM9 images need the fix ownership option under general settings.</p><p>Most important: If you have a broken image, report it to your vendor. The more people report the issue to the vendor the more likely you will get a fix.</p> + The username must not be empty. + PKCS12 File Encryption Key + Private Key Password + Password + file icon + TLS Authentication + Generated Config + General Settings + Tries to set the owner of /dev/tun to system. Some CM9 images need this to make the VPNService API work. Requires root. + Fix ownership of /dev/tun + Shows the generated OpenVPN Configuration File + Editing \"%s\" + Building configuration… + Turning this option on will force a reconnect if the network state is changed (e.g. WiFi to/from mobile) + Reconnect on network change + Got certificate \'%s\' from Keystore + Network Status: %s + The CA cert is usually returned from the Android Keystore. Specify a separate certificate if you get certificate verification errors. + Select + No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail. + Shows the log window on connect. The log window can always be accessed from the notification status. + Show log window + Keep the notification displayed after the connection is established to show traffic statistics. + Show Traffic Statistics + Running on %1$s (%2$s) %3$s, Android API %4$d + Error signing with Android keystore key %1$s: %2$s + The VPN connection warning telling you that this app can intercept all traffic is imposed by the system to prevent abuse of the VPNService API.\nThe VPN connection notification (The key symbol) is also imposed by the Android system to signal an ongoing VPN connection. On some images this notification plays a sound.\nAndroid introduced these system dialogs for your own safety and made sure that they cannot be circumenvented. (On some images this unfortunely includes a notifciation sound) + Connection warning and notification sound + English translation by Arne Schwabe<arne@rfc2549.org> + IP and DNS + Basic + Routing + Obscure OpenVPN Settings. Normally not needed. + Advanced + ICS Openvpn Config + No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers + Could not add DNS Server \"%1$s\", rejected by the system: %2$s + <p>Get a working config (tested on your computer or download from your provider/organisation)</p><p>If it is a single file no with no extra pem/pks12 files you can email the file yourself and open the attachment. If you have multiple files put them on your sd card.</p><p>Click on the email attachment/Use the folder icon in the vpn list to import the config file</p><p>If there are errors about missing files put the missing files on your sd card.</p><p>Click on the save symbol to add the imported VPN to your VPN list</p><p>Connect the VPN by clicking on the name of the VPN</p><p>If there are error or warnings in the log try to understand the warnings/error and try to fix them</p> + Quick Start + Try to load the tun.ko kernel module before trying to connect. Needs rooted devices. + Load tun module + Import PKCS12 from configuration into Android Keystore + Error getting proxy settings: %s + Using proxy %1$s %2$d + Use system proxy + Use the system wide configuration for HTTP/HTTPS proxies to connect. + You can <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">donate with PayPal</a> + OpenVPN will reconnect a VPN if it was active on system reboot/shutdown. Please read the Connection warning FAQ before using this option. + Reconnect on reboot + Ignore + Restart + Configuration changes are applied after restarting the VPN. (Re)start the VPN now? + Configuration changed + Could not determine last connected profile for editing + Duplicate notifications + If Android is under system memory (RAM) pressure, apps and service which are not needed at the moment are removed from active memory. This terminates an ongoing VPN connection. To ensure that the connection/OpenVPN survives the service runs with higher priority. To run with higher priority the application must display a notification. The key notification icon is imposed by the system as described in the previous FAQ entry. It does not count as app notification for purpose of running with higher priority. + No VPN profiles defined. + Use the <img src=\"ic_menu_add\"/> icon to add a new VPN + Use the <img src=\"ic_menu_archive\"/> icon to import an existing (.ovpn or .conf) profile from your sdcard. + Be sure to also check out the FAQ. There is a quick start guide. + Convert remote-tls format from OpenVPN 2.2 to 2.3 format + Routing/Interface Configuration + The Routing and interface configuration is not done via traditionell ifconfig/route command but by using the VPNService API. This results in a different routing configuration than on other OSes. The configuration only consists of the IP of the tunnel interface and the networks that should be routed over this interface. Especially no peer partner address or gateway address is needed. Special routes to reach the VPN Server (for example added when using redirect-gateway) are not needed either. The application will consequently ignore these settings when importing a configuration. The app ensures with the VPNService API that the connection to the server is not routed through the VPN tunnel. Since only specifing networks to be routed via tunnel is supported extra routes not pointing to the tunnel cannot be supported either. (e.g. route x.x.x.x y.y.y.y net_gateway). The show information button in the log windows show the current configuration of the VPNService network configuration. + Do not fallback to no VPN connection when OpenVPN is reconnecting. + Persistent tun + Translation + OpenVPN Log + Import OpenVPN configuration + Battery consumption + In my personal tests the main reason for high battery consumption of OpenVPN are the keepalive packets. Most OpenVPN servers have a configuration directive like \'keepalive 10 60\' which translates to a keepalive packet from client to server and server to client every ten seconds. <p> While these packets are small and do not use much traffic, they keep the mobile radio network busy and increase the energy consumption. <p> This keepalive setting cannot be changed on the client. Only the system administrator of the OpenVPN can change the setting. <p> Unfortunatly using a keepalive larger than 60 seconds with udp has problems with some NAT gateways which terminate the state for a connnection after a short timeout (60s in my tests). Using TCP with long keepalive timeout works but has the TCP over TCP problem. (See <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">Why TCP Over TCP Is A Bad Ide</a>) -- cgit v1.2.3 From 0634e5a662fe4f1fd4d478f13f89371f8d9b7fd8 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sat, 15 Dec 2012 21:13:41 +0100 Subject: These two strings got lost. --- res/values/strings.xml | 464 +++++++++++++++++++++++++------------------------ 1 file changed, 234 insertions(+), 230 deletions(-) (limited to 'res/values') diff --git a/res/values/strings.xml b/res/values/strings.xml index 5dda7274..74d05fb5 100755 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -1,232 +1,236 @@ - + - OpenVPN for Android - Server Address: - Server Port: - Location - Unable to read directory - Select - Cancel - No Data - LZO Compression - No Certificate - Client Certificate - Client Certificate Key - PKCS12 File - CA Certificate - You must select a certificate - Source code and issue tracker available at http://code.google.com/p/ics-openvpn/ - This program uses the following components; see the source code for full details on the licenses - About - About OpenVPN for Android - List of all configured VPNs - VPN Profiles - Type - PKCS12 Password - Select… - You must select a file - Use TLS Authentication - TLS Direction - Enter IPv6 Address/Netmask in CIDR Format (e.g. 2000:dd::23/64) - Enter IPv4 Address/Netmask in CIDR Format (e.g. 1.2.3.4/24) - IPv4 Address - IPv6 Address - Enter custom OpenVPN options. Use with caution. Also note that many of the tun related OpenVPN settings cannot be supported by design of the VPNSettings. If you think an important option is missing contact the author - Username - Password - For the static configuration the TLS Auth Keys will be used as static keys - Configure the VPN - Add Profile - Enter a name identifying the new Profile - Please enter a unique Profile Name - Profile Name - You must select a User certificate - No error found - Error in Configuration - Error parsing the IPv4 address - Error parsing the custom routes - (leave empty to query on demand) - OpenVPN Shortcut - Connect to VPN - Profile specified in shortcut not found - Random Host Prefix - Adds 6 random chars in front of hostname - Enable Custom Options - Specify custom options. Use with care! - Route rejected by Android - Disconnect - clear log - Cancel Confirmation - Disconnect the connected VPN/cancel the connection attempt? - Remove VPN - Checks whether the server uses a TLS Server Certificate - Except TLS Server - Checks the Remote Server Certificate CN against a string - Certificate Hostname Check - Enter the string against which the remote Server is checked. OpenVPN will use prefix matching. \"Server\" matches \"Server-1\" and \"Server-2\"\nLeave empty to check the CN against the server hostname. - Remote Hostname(CN) - Enables the TLS Key Authentication - TLS Auth File - Requests IP addresses, routes and timing options from the server. - No information is requested from the server. Settings need to be specified below. - Pull Settings - DNS - Override DNS Settings by Server - Use your own DNS Servers - searchDomain - DNS Server to be used. - DNS Server - Secondary DNS Server used if the normal DNS Server cannot be reached. - Backup DNS Server - Ignore pushed routes - Ignore routed pushed by the server. - Redirects all Traffic over the VPN - Use default Route - Enter custom routes. Only enter destination in CIDR format. \"10.0.0.0/8 2002::/16\" would direct the networks 10.0.0.0/8 and 2002::/16 over the VPN. - Custom Routes - Log verbosity level - Allows authenticated packets from any IP - Allow floating server - Custom Options - Edit VPN Settings - Remove the VPN Profile \'%s\'? - On some custom ICS images the permission on /dev/tun might be wrong, or the tun module might be missing completely. For CM9 images try the fix ownership option under general settings - Failed to open the tun interface - "Error: " - Clear - info - Show connection details - Last interface configuration from OpenVPN: - Local IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d - DNS Server: %s - DNS Domain: %s - Routes: %s - Routes IPv6: %s - Got interface information %1$s and %2$s, assuming second address is peer address of remote. Using /32 netmask for local IP. Mode given by OpenVPN is \"%3$s\". - Cannot make sense of %1$s and %2$s as IP route with CIDR netmask, using /32 as netmask. - Corrected route %1$s/%2$s to %3$s/%2$s - Cannot access the Android Keychain Certificates. This can be caused by a firmware upgrade or by restoring a backup of the app/app settings. Please edit the VPN and reselect the certificate under basic settings to recreate the permission to access the certificate. - %1$s %2$s - Send log file - Send - ICS OpenVPN log file - Copied log entry to clip board - Tap Mode - Tap Mode is not possible with the non root VPN API. Therefore this application cannot provide tap support - Again? Are you kidding? No, tap mode is really not supported and sending more mail asking if it will be supported will not help. - A third time? Actually, one could write a a tap emulator based on tun that would add layer2 information on send and strip layer2 information on receive. But this tap emulator would also have to implement ARP and possibly a DHCP client. I am not aware of anybody doing any work in this direction. Contact me if you want to start coding on this. - FAQ - Frequently asked questions and some advice - Copying log entries - To copy a single log entry press and and hold on the log entry. To copy/send the whole log use the Send Log option. Use the hardware menu button if not visible in the GUI. - Shortcut to start - You can place a shortcut to start OpenVPN on your desktop. Depending on your homescreen program you have to add a shortcut or a widget. - Your image does not support the VPNService API, sorry :( - Encryption - Enter encryption method - Enter the cipher key for OpenVPN. Leave empty to use default cipher - Authentication/Encryption - File Explorer - Inline File - Import - Error importing File - Could not import File from filesystem - [[Inline file data]] - Refusing to open tun device without IP information - Import Profile from ovpn file - Import - Could not read Profile to import - Error reading config file - add Profile - Trying to read file: %1$s - Could not find file %1$s mentioned in the imported config file - Importing config file from source %1$s - Your configuration had a few configuration options that could be parsed. These options were added as custom configuration options. The custom configuration is displayed below: - Done reading config file. - Do not bind to local address and port - No local binding - Import configuration file - Security considerations - "As OpenVPN is security sensitive a few notes about security are sensible. All data on the sdcard is inherently insecure. Every app can read it (for example this program requires no special sd card rights). The data of this application can only be read by the application itself. By using the import option for cacert/cert/key in the file dialog the data is stored in the VPN profile. The VPN profiles are only accessible by this application. (Do not forget to delete the copies on the sd card afterwards). Even though accessible only by this application the data is still unencrypted. By rooting the telephone or other exploits it may be possible to retrieve the data. Saved passwords are stored in plain text as well. For pkcs12 files it is highly recommended that you import them into the android keystore." - Import - Error showing certificate selection - Got an exception trying to show the Android 4.0+ certificate selection dialog. This should never happen as this a standard feature of Android 4.0+. Maybe your Android ROM support for certificate storage is broken - IPv4 - IPv6 - Waiting for state message… - imported profile - imported profile %d - Broken Images - <p>Official HTC images are known to have a strange routing problem causing traffic not to flow through the tunnel (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=18\">Issue 18</a> in the bug tracker.)</p><p>The official SONY images from Xperia arc S and Xperia Ray have been reported to be missing the VPNService completely from the image. Other Sony images may be affected as well. (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=29\">Issue 29</a> in the bug tracker.)</p><p>On custom build images the tun module might be missing or the rights of /dev/tun might be wrong. Some CM9 images need the fix ownership option under general settings.</p><p>Most important: If you have a broken image, report it to your vendor. The more people report the issue to the vendor the more likely you will get a fix.</p> - The username must not be empty. - PKCS12 File Encryption Key - Private Key Password - Password - file icon - TLS Authentication - Generated Config - General Settings - Tries to set the owner of /dev/tun to system. Some CM9 images need this to make the VPNService API work. Requires root. - Fix ownership of /dev/tun - Shows the generated OpenVPN Configuration File - Editing \"%s\" - Building configuration… - Turning this option on will force a reconnect if the network state is changed (e.g. WiFi to/from mobile) - Reconnect on network change - Got certificate \'%s\' from Keystore - Network Status: %s - The CA cert is usually returned from the Android Keystore. Specify a separate certificate if you get certificate verification errors. - Select - No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail. - Shows the log window on connect. The log window can always be accessed from the notification status. - Show log window - Keep the notification displayed after the connection is established to show traffic statistics. - Show Traffic Statistics - Running on %1$s (%2$s) %3$s, Android API %4$d - Error signing with Android keystore key %1$s: %2$s - The VPN connection warning telling you that this app can intercept all traffic is imposed by the system to prevent abuse of the VPNService API.\nThe VPN connection notification (The key symbol) is also imposed by the Android system to signal an ongoing VPN connection. On some images this notification plays a sound.\nAndroid introduced these system dialogs for your own safety and made sure that they cannot be circumenvented. (On some images this unfortunely includes a notifciation sound) - Connection warning and notification sound - English translation by Arne Schwabe<arne@rfc2549.org> - IP and DNS - Basic - Routing - Obscure OpenVPN Settings. Normally not needed. - Advanced - ICS Openvpn Config - No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers - Could not add DNS Server \"%1$s\", rejected by the system: %2$s - <p>Get a working config (tested on your computer or download from your provider/organisation)</p><p>If it is a single file no with no extra pem/pks12 files you can email the file yourself and open the attachment. If you have multiple files put them on your sd card.</p><p>Click on the email attachment/Use the folder icon in the vpn list to import the config file</p><p>If there are errors about missing files put the missing files on your sd card.</p><p>Click on the save symbol to add the imported VPN to your VPN list</p><p>Connect the VPN by clicking on the name of the VPN</p><p>If there are error or warnings in the log try to understand the warnings/error and try to fix them</p> - Quick Start - Try to load the tun.ko kernel module before trying to connect. Needs rooted devices. - Load tun module - Import PKCS12 from configuration into Android Keystore - Error getting proxy settings: %s - Using proxy %1$s %2$d - Use system proxy - Use the system wide configuration for HTTP/HTTPS proxies to connect. - You can <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">donate with PayPal</a> - OpenVPN will reconnect a VPN if it was active on system reboot/shutdown. Please read the Connection warning FAQ before using this option. - Reconnect on reboot - Ignore - Restart - Configuration changes are applied after restarting the VPN. (Re)start the VPN now? - Configuration changed - Could not determine last connected profile for editing - Duplicate notifications - If Android is under system memory (RAM) pressure, apps and service which are not needed at the moment are removed from active memory. This terminates an ongoing VPN connection. To ensure that the connection/OpenVPN survives the service runs with higher priority. To run with higher priority the application must display a notification. The key notification icon is imposed by the system as described in the previous FAQ entry. It does not count as app notification for purpose of running with higher priority. - No VPN profiles defined. - Use the <img src=\"ic_menu_add\"/> icon to add a new VPN - Use the <img src=\"ic_menu_archive\"/> icon to import an existing (.ovpn or .conf) profile from your sdcard. - Be sure to also check out the FAQ. There is a quick start guide. - Convert remote-tls format from OpenVPN 2.2 to 2.3 format - Routing/Interface Configuration - The Routing and interface configuration is not done via traditionell ifconfig/route command but by using the VPNService API. This results in a different routing configuration than on other OSes. The configuration only consists of the IP of the tunnel interface and the networks that should be routed over this interface. Especially no peer partner address or gateway address is needed. Special routes to reach the VPN Server (for example added when using redirect-gateway) are not needed either. The application will consequently ignore these settings when importing a configuration. The app ensures with the VPNService API that the connection to the server is not routed through the VPN tunnel. Since only specifing networks to be routed via tunnel is supported extra routes not pointing to the tunnel cannot be supported either. (e.g. route x.x.x.x y.y.y.y net_gateway). The show information button in the log windows show the current configuration of the VPNService network configuration. - Do not fallback to no VPN connection when OpenVPN is reconnecting. - Persistent tun - Translation - OpenVPN Log - Import OpenVPN configuration - Battery consumption - In my personal tests the main reason for high battery consumption of OpenVPN are the keepalive packets. Most OpenVPN servers have a configuration directive like \'keepalive 10 60\' which translates to a keepalive packet from client to server and server to client every ten seconds. <p> While these packets are small and do not use much traffic, they keep the mobile radio network busy and increase the energy consumption. <p> This keepalive setting cannot be changed on the client. Only the system administrator of the OpenVPN can change the setting. <p> Unfortunatly using a keepalive larger than 60 seconds with udp has problems with some NAT gateways which terminate the state for a connnection after a short timeout (60s in my tests). Using TCP with long keepalive timeout works but has the TCP over TCP problem. (See <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">Why TCP Over TCP Is A Bad Ide</a>) - + + OpenVPN for Android + Server Address: + Server Port: + Location + Unable to read directory + Select + Cancel + No Data + LZO Compression + No Certificate + Client Certificate + Client Certificate Key + PKCS12 File + CA Certificate + You must select a certificate + Source code and issue tracker available at http://code.google.com/p/ics-openvpn/ + This program uses the following components; see the source code for full details on the licenses + About + About OpenVPN for Android + List of all configured VPNs + VPN Profiles + Type + PKCS12 Password + Select… + You must select a file + Use TLS Authentication + TLS Direction + Enter IPv6 Address/Netmask in CIDR Format (e.g. 2000:dd::23/64) + Enter IPv4 Address/Netmask in CIDR Format (e.g. 1.2.3.4/24) + IPv4 Address + IPv6 Address + Enter custom OpenVPN options. Use with caution. Also note that many of the tun related OpenVPN settings cannot be supported by design of the VPNSettings. If you think an important option is missing contact the author + Username + Password + For the static configuration the TLS Auth Keys will be used as static keys + Configure the VPN + Add Profile + Enter a name identifying the new Profile + Please enter a unique Profile Name + Profile Name + You must select a User certificate + No error found + Error in Configuration + Error parsing the IPv4 address + Error parsing the custom routes + (leave empty to query on demand) + OpenVPN Shortcut + Connect to VPN + Profile specified in shortcut not found + Random Host Prefix + Adds 6 random chars in front of hostname + Enable Custom Options + Specify custom options. Use with care! + Route rejected by Android + Disconnect + clear log + Cancel Confirmation + Disconnect the connected VPN/cancel the connection attempt? + Remove VPN + Checks whether the server uses a TLS Server Certificate + Except TLS Server + Checks the Remote Server Certificate CN against a string + Certificate Hostname Check + Enter the string against which the remote Server is checked. OpenVPN will use prefix matching. \"Server\" matches \"Server-1\" and \"Server-2\"\nLeave empty to check the CN against the server hostname. + Remote Hostname(CN) + Enables the TLS Key Authentication + TLS Auth File + Requests IP addresses, routes and timing options from the server. + No information is requested from the server. Settings need to be specified below. + Pull Settings + DNS + Override DNS Settings by Server + Use your own DNS Servers + searchDomain + DNS Server to be used. + DNS Server + Secondary DNS Server used if the normal DNS Server cannot be reached. + Backup DNS Server + Ignore pushed routes + Ignore routed pushed by the server. + Redirects all Traffic over the VPN + Use default Route + Enter custom routes. Only enter destination in CIDR format. \"10.0.0.0/8 2002::/16\" would direct the networks 10.0.0.0/8 and 2002::/16 over the VPN. + Custom Routes + Log verbosity level + Allows authenticated packets from any IP + Allow floating server + Custom Options + Edit VPN Settings + Remove the VPN Profile \'%s\'? + On some custom ICS images the permission on /dev/tun might be wrong, or the tun module might be missing completely. For CM9 images try the fix ownership option under general settings + Failed to open the tun interface + "Error: " + Clear + info + Show connection details + Last interface configuration from OpenVPN: + Local IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d + DNS Server: %s + DNS Domain: %s + Routes: %s + Routes IPv6: %s + Got interface information %1$s and %2$s, assuming second address is peer address of remote. Using /32 netmask for local IP. Mode given by OpenVPN is \"%3$s\". + Cannot make sense of %1$s and %2$s as IP route with CIDR netmask, using /32 as netmask. + Corrected route %1$s/%2$s to %3$s/%2$s + Cannot access the Android Keychain Certificates. This can be caused by a firmware upgrade or by restoring a backup of the app/app settings. Please edit the VPN and reselect the certificate under basic settings to recreate the permission to access the certificate. + %1$s %2$s + Send log file + Send + ICS OpenVPN log file + Copied log entry to clip board + Tap Mode + Tap Mode is not possible with the non root VPN API. Therefore this application cannot provide tap support + Again? Are you kidding? No, tap mode is really not supported and sending more mail asking if it will be supported will not help. + A third time? Actually, one could write a a tap emulator based on tun that would add layer2 information on send and strip layer2 information on receive. But this tap emulator would also have to implement ARP and possibly a DHCP client. I am not aware of anybody doing any work in this direction. Contact me if you want to start coding on this. + FAQ + Frequently asked questions and some advice + Copying log entries + To copy a single log entry press and and hold on the log entry. To copy/send the whole log use the Send Log option. Use the hardware menu button if not visible in the GUI. + Shortcut to start + You can place a shortcut to start OpenVPN on your desktop. Depending on your homescreen program you have to add a shortcut or a widget. + Your image does not support the VPNService API, sorry :( + Encryption + Enter encryption method + Enter the cipher key for OpenVPN. Leave empty to use default cipher + Authentication/Encryption + File Explorer + Inline File + Import + Error importing File + Could not import File from filesystem + [[Inline file data]] + Refusing to open tun device without IP information + Import Profile from ovpn file + Import + Could not read Profile to import + Error reading config file + add Profile + Trying to read file: %1$s + Could not find file %1$s mentioned in the imported config file + Importing config file from source %1$s + Your configuration had a few configuration options that could be parsed. These options were added as custom configuration options. The custom configuration is displayed below: + Done reading config file. + Do not bind to local address and port + No local binding + Import configuration file + Security considerations + "As OpenVPN is security sensitive a few notes about security are sensible. All data on the sdcard is inherently insecure. Every app can read it (for example this program requires no special sd card rights). The data of this application can only be read by the application itself. By using the import option for cacert/cert/key in the file dialog the data is stored in the VPN profile. The VPN profiles are only accessible by this application. (Do not forget to delete the copies on the sd card afterwards). Even though accessible only by this application the data is still unencrypted. By rooting the telephone or other exploits it may be possible to retrieve the data. Saved passwords are stored in plain text as well. For pkcs12 files it is highly recommended that you import them into the android keystore." + Import + Error showing certificate selection + Got an exception trying to show the Android 4.0+ certificate selection dialog. This should never happen as this a standard feature of Android 4.0+. Maybe your Android ROM support for certificate storage is broken + IPv4 + IPv6 + Waiting for state message… + imported profile + imported profile %d + Broken Images + <p>Official HTC images are known to have a strange routing problem causing traffic not to flow through the tunnel (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=18\">Issue 18</a> in the bug tracker.)</p><p>The official SONY images from Xperia arc S and Xperia Ray have been reported to be missing the VPNService completely from the image. Other Sony images may be affected as well. (See also <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=29\">Issue 29</a> in the bug tracker.)</p><p>On custom build images the tun module might be missing or the rights of /dev/tun might be wrong. Some CM9 images need the fix ownership option under general settings.</p><p>Most important: If you have a broken image, report it to your vendor. The more people report the issue to the vendor the more likely you will get a fix.</p> + The username must not be empty. + PKCS12 File Encryption Key + Private Key Password + Password + file icon + TLS Authentication + Generated Config + General Settings + Tries to set the owner of /dev/tun to system. Some CM9 images need this to make the VPNService API work. Requires root. + Fix ownership of /dev/tun + Shows the generated OpenVPN Configuration File + Editing \"%s\" + Building configuration… + Turning this option on will force a reconnect if the network state is changed (e.g. WiFi to/from mobile) + Reconnect on network change + Got certificate \'%s\' from Keystore + Network Status: %s + The CA cert is usually returned from the Android Keystore. Specify a separate certificate if you get certificate verification errors. + Select + No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail. + Shows the log window on connect. The log window can always be accessed from the notification status. + Show log window + Keep the notification displayed after the connection is established to show traffic statistics. + Show Traffic Statistics + Running on %1$s (%2$s) %3$s, Android API %4$d + Error signing with Android keystore key %1$s: %2$s + The VPN connection warning telling you that this app can intercept all traffic is imposed by the system to prevent abuse of the VPNService API.\nThe VPN connection notification (The key symbol) is also imposed by the Android system to signal an ongoing VPN connection. On some images this notification plays a sound.\nAndroid introduced these system dialogs for your own safety and made sure that they cannot be circumenvented. (On some images this unfortunely includes a notifciation sound) + Connection warning and notification sound + English translation by Arne Schwabe<arne@rfc2549.org> + IP and DNS + Basic + Routing + Obscure OpenVPN Settings. Normally not needed. + Advanced + ICS Openvpn Config + No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers + Could not add DNS Server \"%1$s\", rejected by the system: %2$s + <p>Get a working config (tested on your computer or download from your provider/organisation)</p><p>If it is a single file no with no extra pem/pks12 files you can email the file yourself and open the attachment. If you have multiple files put them on your sd card.</p><p>Click on the email attachment/Use the folder icon in the vpn list to import the config file</p><p>If there are errors about missing files put the missing files on your sd card.</p><p>Click on the save symbol to add the imported VPN to your VPN list</p><p>Connect the VPN by clicking on the name of the VPN</p><p>If there are error or warnings in the log try to understand the warnings/error and try to fix them</p> + Quick Start + Try to load the tun.ko kernel module before trying to connect. Needs rooted devices. + Load tun module + Import PKCS12 from configuration into Android Keystore + Error getting proxy settings: %s + Using proxy %1$s %2$d + Use system proxy + Use the system wide configuration for HTTP/HTTPS proxies to connect. + You can <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">donate with PayPal</a> + OpenVPN will reconnect a VPN if it was active on system reboot/shutdown. Please read the Connection warning FAQ before using this option. + Reconnect on reboot + Ignore + Restart + Configuration changes are applied after restarting the VPN. (Re)start the VPN now? + Configuration changed + Could not determine last connected profile for editing + Duplicate notifications + If Android is under system memory (RAM) pressure, apps and service which are not needed at the moment are removed from active memory. This terminates an ongoing VPN connection. To ensure that the connection/OpenVPN survives the service runs with higher priority. To run with higher priority the application must display a notification. The key notification icon is imposed by the system as described in the previous FAQ entry. It does not count as app notification for purpose of running with higher priority. + No VPN profiles defined. + Use the <img src=\"ic_menu_add\"/> icon to add a new VPN + Use the <img src=\"ic_menu_archive\"/> icon to import an existing (.ovpn or .conf) profile from your sdcard. + Be sure to also check out the FAQ. There is a quick start guide. + Convert remote-tls format from OpenVPN 2.2 to 2.3 format + Routing/Interface Configuration + The Routing and interface configuration is not done via traditionell ifconfig/route command but by using the VPNService API. This results in a different routing configuration than on other OSes. The configuration only consists of the IP of the tunnel interface and the networks that should be routed over this interface. Especially no peer partner address or gateway address is needed. Special routes to reach the VPN Server (for example added when using redirect-gateway) are not needed either. The application will consequently ignore these settings when importing a configuration. The app ensures with the VPNService API that the connection to the server is not routed through the VPN tunnel. Since only specifing networks to be routed via tunnel is supported extra routes not pointing to the tunnel cannot be supported either. (e.g. route x.x.x.x y.y.y.y net_gateway). The show information button in the log windows show the current configuration of the VPNService network configuration. + Do not fallback to no VPN connection when OpenVPN is reconnecting. + Persistent tun + Translation + OpenVPN Log + Import OpenVPN configuration + Battery consumption + In my personal tests the main reason for high battery consumption of OpenVPN are the keepalive packets. Most OpenVPN servers have a configuration directive like \'keepalive 10 60\' which translates to a keepalive packet from client to server and server to client every ten seconds. <p> While these packets are small and do not use much traffic, they keep the mobile radio network busy and increase the energy consumption. <p> This keepalive setting cannot be changed on the client. Only the system administrator of the OpenVPN can change the setting. <p> Unfortunatly using a keepalive larger than 60 seconds with udp has problems with some NAT gateways which terminate the state for a connnection after a short timeout (60s in my tests). Using TCP with long keepalive timeout works but has the TCP over TCP problem. (See <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">Why TCP Over TCP Is A Bad Ide</a>) + The Android Tethering feature (over WiFi, USB or Bluetooth) and the VPNService API (used by this program) do not work together. For more details see the <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\">issue #34</a> + VPN and Tethering + + \ No newline at end of file -- cgit v1.2.3 From e6bad64bdfde2be997020f22d8e5a129173140f3 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sat, 15 Dec 2012 23:06:18 +0100 Subject: Let the user control the new connect-retry(-max) logic --- res/values/arrays.xml | 8 +++++++- res/values/strings.xml | 4 ++++ res/values/untranslatable.xml | 10 ++++++++-- 3 files changed, 19 insertions(+), 3 deletions(-) (limited to 'res/values') diff --git a/res/values/arrays.xml b/res/values/arrays.xml index b88e975e..4af8f90f 100644 --- a/res/values/arrays.xml +++ b/res/values/arrays.xml @@ -24,5 +24,11 @@ 4 5 - Debug logging - + + No reconnection retries + One reconnection retry + Five reconnection retries + Fifty reconnection retries + Unlimited reconnection retries + diff --git a/res/values/strings.xml b/res/values/strings.xml index 74d05fb5..ff0c592c 100755 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -232,5 +232,9 @@ In my personal tests the main reason for high battery consumption of OpenVPN are the keepalive packets. Most OpenVPN servers have a configuration directive like \'keepalive 10 60\' which translates to a keepalive packet from client to server and server to client every ten seconds. <p> While these packets are small and do not use much traffic, they keep the mobile radio network busy and increase the energy consumption. <p> This keepalive setting cannot be changed on the client. Only the system administrator of the OpenVPN can change the setting. <p> Unfortunatly using a keepalive larger than 60 seconds with udp has problems with some NAT gateways which terminate the state for a connnection after a short timeout (60s in my tests). Using TCP with long keepalive timeout works but has the TCP over TCP problem. (See <a href=\"http://sites.inka.de/bigred/devel/tcp-tcp.html\">Why TCP Over TCP Is A Bad Ide</a>) The Android Tethering feature (over WiFi, USB or Bluetooth) and the VPNService API (used by this program) do not work together. For more details see the <a href=\"http://code.google.com/p/ics-openvpn/issues/detail?id=34\">issue #34</a> VPN and Tethering + Connection retries + Reconnection settings + Number of seconds to wait between connection attempts. + Seconds between connections \ No newline at end of file diff --git a/res/values/untranslatable.xml b/res/values/untranslatable.xml index cb5bea14..d5a30a03 100644 --- a/res/values/untranslatable.xml +++ b/res/values/untranslatable.xml @@ -31,5 +31,11 @@ 4 5 - - + + 1 + 2 + 5 + 50 + -1 + + -- cgit v1.2.3 From 6ebfab4ffa0fb2d730bc864a24ee0c4b87fc6b88 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sat, 22 Dec 2012 23:26:18 +0100 Subject: Parse the tls-remote server string, fix import message (Closes Issue #124) --- res/values/strings.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'res/values') diff --git a/res/values/strings.xml b/res/values/strings.xml index ff0c592c..eea81d8b 100755 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -237,4 +237,4 @@ Number of seconds to wait between connection attempts. Seconds between connections - \ No newline at end of file + -- cgit v1.2.3 From 192410e3f1d5588712a85bbd7e9fd801dc5a0989 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 24 Dec 2012 07:47:50 +0100 Subject: Make send mini dump work with non Gmail Mail app, make google sending better placed --- res/values/strings.xml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'res/values') diff --git a/res/values/strings.xml b/res/values/strings.xml index eea81d8b..3613c7d1 100755 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -236,5 +236,8 @@ Reconnection settings Number of seconds to wait between connection attempts. Seconds between connections + OpenVPN crashed unexpectedly. Please consider using the send Minidump option in the main menu + Send Minidump to developer + Send debugging information about last crash to developer -- cgit v1.2.3 From 923426e5e617c0ca7d5f61798b409c455528a8a4 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 24 Dec 2012 14:27:15 +0100 Subject: Insert missing not --- res/values/strings.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'res/values') diff --git a/res/values/strings.xml b/res/values/strings.xml index 3613c7d1..762133c1 100755 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -143,7 +143,7 @@ Trying to read file: %1$s Could not find file %1$s mentioned in the imported config file Importing config file from source %1$s - Your configuration had a few configuration options that could be parsed. These options were added as custom configuration options. The custom configuration is displayed below: + Your configuration had a few configuration options that could not be parsed. These options were added as custom configuration options. The custom configuration is displayed below: Done reading config file. Do not bind to local address and port No local binding -- cgit v1.2.3 From 35fa159e6fedb4bf53a44e2b8d336f030b2fed15 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Tue, 25 Dec 2012 16:07:23 +0100 Subject: update translations --- res/values/strings.xml | 3 --- 1 file changed, 3 deletions(-) (limited to 'res/values') diff --git a/res/values/strings.xml b/res/values/strings.xml index 762133c1..ab629a00 100755 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -140,7 +140,6 @@ Could not read Profile to import Error reading config file add Profile - Trying to read file: %1$s Could not find file %1$s mentioned in the imported config file Importing config file from source %1$s Your configuration had a few configuration options that could not be parsed. These options were added as custom configuration options. The custom configuration is displayed below: @@ -182,8 +181,6 @@ No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail. Shows the log window on connect. The log window can always be accessed from the notification status. Show log window - Keep the notification displayed after the connection is established to show traffic statistics. - Show Traffic Statistics Running on %1$s (%2$s) %3$s, Android API %4$d Error signing with Android keystore key %1$s: %2$s The VPN connection warning telling you that this app can intercept all traffic is imposed by the system to prevent abuse of the VPNService API.\nThe VPN connection notification (The key symbol) is also imposed by the Android system to signal an ongoing VPN connection. On some images this notification plays a sound.\nAndroid introduced these system dialogs for your own safety and made sure that they cannot be circumenvented. (On some images this unfortunely includes a notifciation sound) -- cgit v1.2.3