diff options
author | Arne Schwabe <arne@rfc2549.org> | 2015-04-21 15:13:23 +0200 |
---|---|---|
committer | Arne Schwabe <arne@rfc2549.org> | 2015-04-21 15:13:23 +0200 |
commit | 58fcc7a0b426b780a998dcfaf061035001a0ba0a (patch) | |
tree | 9509b636918a79385192cb56144990d51a8bf6e3 /main/src | |
parent | 0ae6d7a0d5f02c536183d65ba1fafbcd790dcd6e (diff) |
Log stupid bug of Samsung telephones to ignore DNS servers outside the VPN range...
Diffstat (limited to 'main/src')
4 files changed, 27 insertions, 6 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/core/CIDRIP.java b/main/src/main/java/de/blinkt/openvpn/core/CIDRIP.java index e525abd5..94ed8a0b 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/CIDRIP.java +++ b/main/src/main/java/de/blinkt/openvpn/core/CIDRIP.java @@ -54,6 +54,7 @@ class CIDRIP { } else { return false; } + } static long getInt(String ipaddr) { diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index 81dea416..113142b7 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -498,8 +498,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac VpnStatus.logInfo(R.string.last_openvpn_tun_config); - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && mProfile.mAllowLocalLAN) - { + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && mProfile.mAllowLocalLAN) { allowAllAFFamilies(builder); } @@ -573,6 +572,26 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } } + if ("samsung".equals(Build.BRAND) && Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && mDnslist != null && mDnslist.size() >= 1) { + // Check if the first DNS Server is in the VPN range + try { + ipAddress dnsServer = new ipAddress(new CIDRIP(mDnslist.get(0), 32), true); + boolean dnsIncluded=false; + for (ipAddress net : positiveIPv4Routes) { + if (net.containsNet(dnsServer)) { + dnsIncluded = true; + } + } + if (!dnsIncluded) { + String samsungwarning = String.format("Warning Samsung Android 5.0+ devices ignore DNS servers outside the VPN range. To enable DNS add a custom route to your DNS Server (%s) or change to a DNS inside your VPN range", mDnslist.get(0)); + VpnStatus.logWarning(samsungwarning); + } + } catch (Exception e) { + VpnStatus.logError("Error parsing DNS Server IP: " + mDnslist.get(0)); + } + } + + if (mDomain != null) builder.addSearchDomain(mDomain); @@ -613,7 +632,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac try { //Debug.stopMethodTracing(); ParcelFileDescriptor tun = builder.establish(); - if (tun==null) + if (tun == null) throw new NullPointerException("Android establish() method returned null (Really broken network configuration?)"); return tun; } catch (Exception e) { @@ -664,11 +683,11 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac intf.startsWith("tun") || intf.startsWith("rmnet")) continue; - if (ipAddr==null || netMask == null) { + if (ipAddr == null || netMask == null) { VpnStatus.logError("Local routes are broken?! (Report to author) " + TextUtils.join("|", localRoutes)); continue; } - + if (ipAddr.equals(mLocalIP.mIp)) continue; diff --git a/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java b/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java index 91a683b8..5c881f77 100644 --- a/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java +++ b/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java @@ -155,6 +155,7 @@ public class FaqFragment extends Fragment { new FAQEntry(Build.VERSION_CODES.LOLLIPOP, -1, R.string.ab_not_route_to_vpn_title, R.string.ab_not_route_to_vpn), new FAQEntry(Build.VERSION_CODES.ICE_CREAM_SANDWICH, -1, R.string.tap_mode, R.string.tap_faq3), + // DNS weirdness in Samsung 5.0: https://plus.google.com/117315704597472009168/posts/g78bZLWmqgD }; diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml index 7eb1c66c..9312a402 100755 --- a/main/src/main/res/values/strings.xml +++ b/main/src/main/res/values/strings.xml @@ -377,7 +377,7 @@ <string name="ab_persist_tun_title">Persist tun mode</string> <string name="version_and_later">%s and later</string> <string name="tls_cipher_alert_title">Connections fails with SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure</string> - <string name="tls_cipher_alert">Newer OpenVPN for Android versions (0.6.29/March 2015) use a more secure default for the allowed cipher suites (tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\"). Unfortunately, omitting the less secure cipher suites and export cipher suites, especially the omission of cipher suites that do not support Perfect Forward Secrecy (Diffie-Hellman) causes some problems. This usually caused by an well-intentioned but poorly executed attempts to strengthen TLS security by setting tls-cipher on the server.\nTo solve this problem the problem, set the tls-cipher settings on the server to reasonable default like tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\". To work around the problem on the client add the custom option tls-cipher DEFAULT on the Android client.</string> + <string name="tls_cipher_alert">Newer OpenVPN for Android versions (0.6.29/March 2015) use a more secure default for the allowed cipher suites (tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\"). Unfortunately, omitting the less secure cipher suites and export cipher suites, especially the omission of cipher suites that do not support Perfect Forward Secrecy (Diffie-Hellman) causes some problems. This usually caused by an well-intentioned but poorly executed attempts to strengthen TLS security by setting tls-cipher on the server or some embedded OSes with stripped down SSL (e.g. MikroTik).\nTo solve this problem the problem, set the tls-cipher settings on the server to reasonable default like tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\". To work around the problem on the client add the custom option tls-cipher DEFAULT on the Android client.</string> <string name="message_no_user_edit">This profile has been added from an external app (%s) and has been marked as not user editable.</string> <string name="crl_file">Certificate Revocation List</string> |