summaryrefslogtreecommitdiff
path: root/main
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2015-04-21 15:13:23 +0200
committerArne Schwabe <arne@rfc2549.org>2015-04-21 15:13:23 +0200
commit58fcc7a0b426b780a998dcfaf061035001a0ba0a (patch)
tree9509b636918a79385192cb56144990d51a8bf6e3 /main
parent0ae6d7a0d5f02c536183d65ba1fafbcd790dcd6e (diff)
Log stupid bug of Samsung telephones to ignore DNS servers outside the VPN range...
Diffstat (limited to 'main')
-rw-r--r--main/src/main/java/de/blinkt/openvpn/core/CIDRIP.java1
-rw-r--r--main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java29
-rw-r--r--main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java1
-rwxr-xr-xmain/src/main/res/values/strings.xml2
4 files changed, 27 insertions, 6 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/core/CIDRIP.java b/main/src/main/java/de/blinkt/openvpn/core/CIDRIP.java
index e525abd5..94ed8a0b 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/CIDRIP.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/CIDRIP.java
@@ -54,6 +54,7 @@ class CIDRIP {
} else {
return false;
}
+
}
static long getInt(String ipaddr) {
diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
index 81dea416..113142b7 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
@@ -498,8 +498,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
VpnStatus.logInfo(R.string.last_openvpn_tun_config);
- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && mProfile.mAllowLocalLAN)
- {
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && mProfile.mAllowLocalLAN) {
allowAllAFFamilies(builder);
}
@@ -573,6 +572,26 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
}
}
+ if ("samsung".equals(Build.BRAND) && Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && mDnslist != null && mDnslist.size() >= 1) {
+ // Check if the first DNS Server is in the VPN range
+ try {
+ ipAddress dnsServer = new ipAddress(new CIDRIP(mDnslist.get(0), 32), true);
+ boolean dnsIncluded=false;
+ for (ipAddress net : positiveIPv4Routes) {
+ if (net.containsNet(dnsServer)) {
+ dnsIncluded = true;
+ }
+ }
+ if (!dnsIncluded) {
+ String samsungwarning = String.format("Warning Samsung Android 5.0+ devices ignore DNS servers outside the VPN range. To enable DNS add a custom route to your DNS Server (%s) or change to a DNS inside your VPN range", mDnslist.get(0));
+ VpnStatus.logWarning(samsungwarning);
+ }
+ } catch (Exception e) {
+ VpnStatus.logError("Error parsing DNS Server IP: " + mDnslist.get(0));
+ }
+ }
+
+
if (mDomain != null)
builder.addSearchDomain(mDomain);
@@ -613,7 +632,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
try {
//Debug.stopMethodTracing();
ParcelFileDescriptor tun = builder.establish();
- if (tun==null)
+ if (tun == null)
throw new NullPointerException("Android establish() method returned null (Really broken network configuration?)");
return tun;
} catch (Exception e) {
@@ -664,11 +683,11 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
intf.startsWith("tun") || intf.startsWith("rmnet"))
continue;
- if (ipAddr==null || netMask == null) {
+ if (ipAddr == null || netMask == null) {
VpnStatus.logError("Local routes are broken?! (Report to author) " + TextUtils.join("|", localRoutes));
continue;
}
-
+
if (ipAddr.equals(mLocalIP.mIp))
continue;
diff --git a/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java b/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java
index 91a683b8..5c881f77 100644
--- a/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java
+++ b/main/src/main/java/de/blinkt/openvpn/fragments/FaqFragment.java
@@ -155,6 +155,7 @@ public class FaqFragment extends Fragment {
new FAQEntry(Build.VERSION_CODES.LOLLIPOP, -1, R.string.ab_not_route_to_vpn_title, R.string.ab_not_route_to_vpn),
new FAQEntry(Build.VERSION_CODES.ICE_CREAM_SANDWICH, -1, R.string.tap_mode, R.string.tap_faq3),
+ // DNS weirdness in Samsung 5.0: https://plus.google.com/117315704597472009168/posts/g78bZLWmqgD
};
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index 7eb1c66c..9312a402 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -377,7 +377,7 @@
<string name="ab_persist_tun_title">Persist tun mode</string>
<string name="version_and_later">%s and later</string>
<string name="tls_cipher_alert_title">Connections fails with SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure</string>
- <string name="tls_cipher_alert">Newer OpenVPN for Android versions (0.6.29/March 2015) use a more secure default for the allowed cipher suites (tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\"). Unfortunately, omitting the less secure cipher suites and export cipher suites, especially the omission of cipher suites that do not support Perfect Forward Secrecy (Diffie-Hellman) causes some problems. This usually caused by an well-intentioned but poorly executed attempts to strengthen TLS security by setting tls-cipher on the server.\nTo solve this problem the problem, set the tls-cipher settings on the server to reasonable default like tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\". To work around the problem on the client add the custom option tls-cipher DEFAULT on the Android client.</string>
+ <string name="tls_cipher_alert">Newer OpenVPN for Android versions (0.6.29/March 2015) use a more secure default for the allowed cipher suites (tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\"). Unfortunately, omitting the less secure cipher suites and export cipher suites, especially the omission of cipher suites that do not support Perfect Forward Secrecy (Diffie-Hellman) causes some problems. This usually caused by an well-intentioned but poorly executed attempts to strengthen TLS security by setting tls-cipher on the server or some embedded OSes with stripped down SSL (e.g. MikroTik).\nTo solve this problem the problem, set the tls-cipher settings on the server to reasonable default like tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\". To work around the problem on the client add the custom option tls-cipher DEFAULT on the Android client.</string>
<string name="message_no_user_edit">This profile has been added from an external app (%s) and has been marked as not user editable.</string>
<string name="crl_file">Certificate Revocation List</string>