Problem With Android Configuration

Andrea Squeri andrea.squeri at gmail.com
Wed Mar 25 11:15:23 CET 2015 

Hi, First sorry for my bad English.  
I made a vpn wtih tinc for link my home and my two office. In Addition I want to configure my android device to link with my vpn.
The topology of the net is this:

cubox(a linux machine in my home with vpn address 192.168.0.20)
groppalbero (a linux machine in my second office with vpn address 192.168.0.40)
imac(a mac machine in my first office with vpn address 192.168.0.50)
nexus5(my android device with vpn address 192.168.0.80)

I have configurate all machine and now they all works except the android device.
On this I use “Tinc Gui” app for configure it. When I start the tinc daemon it connect to the configured host and the tun0 interface in created and configured, but i can ping with any hosts
and any host can ping my android device. the result of ping IS NOT a network unavailable response. In fact it block un operation and from the tinc gui log I can see that the packet are received by my android device.
I suspect that can be a problem for the route but I can’t understand which the problem is.

For information paste the configuration from cubic and android device:

CUBOX :
--------------------------------------------------------------------------------------------------------
andre at cubox vpnalma]$ cat tinc.conf
# Sample tinc configuration file

# This is a comment.
# Spaces and tabs are eliminated.
# The = sign isn't strictly necessary any longer, though you may want
# to leave it in as it improves readability :)
# Variable names are treated case insensitive.

# The name of this tinc host. Required.
Name = cubox

# The internet host to connect with.
# Comment these out to make yourself a listen-only connection
# You must use the name of another tinc host.
# May be used multiple times for redundance.
#ConnectTo = vaio
#ConnectTo = groppalbero
#ConnectTo = imac
#ConnectTo = servermarcy

# The tap device tinc will use.
# Default is /dev/tap0 for ethertap or FreeBSD,
# /dev/tun0 for Solaris and OpenBSD,
# and /dev/net/tun for Linux tun/tap device.
Device = /dev/net/tun
[andre at cubox vpnalma]$ cat tinc-up
#!/bin/sh
# This file sets up the tap device.
# It gives you the freedom to do anything you want with it.
# Use the correct name for the tap device:
# The environment variable $INTERFACE is set to the right name
# on most platforms, but if it doesn't work try to set it manually.

# Give it the right ip and netmask. Remember, the subnet of the
# tap device must be larger than that of the individual Subnets
# as defined in the host configuration file!
ifconfig $INTERFACE 192.168.0.20 netmask 255.255.255.0
#ip link set $INTERFACE up
#ip addr add  192.168.0.20/32 dev $INTERFACE
#ip route add 192.168.0.0/24 dev $INTERFACE
[andre at cubox vpnalma]$ cat hosts/cubox
#iample host configuration file
# This file was generated by host beta.

# The real IP address of this tinc host. Can be used by other tinc hosts.
Address = 10.0.0.7
Address = almaliberty.duckdns.org
# Portnumber for incoming connections. Default is 655.
Port = 655

# Subnet on the virtual private network that is local for this host.
Subnet = 192.168.0.20/32
————————————————————————————————————————————————————
The network is so configurated:
——————————————————————————————————————————————————————————————————————————————

[andre at cubox vpnalma]$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.7  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::d263:b4ff:fe00:6a6b  prefixlen 64  scopeid 0x20<link>
        ether d0:63:b4:00:6a:6b  txqueuelen 1000  (Ethernet)
        RX packets 63975281  bytes 142504956 (135.9 MiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 35826176  bytes 2648965717 (2.4 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 167609  bytes 76370891 (72.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 167609  bytes 76370891 (72.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vpnalma: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 192.168.0.20  netmask 255.255.255.0  destination 192.168.0.20
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 8876  bytes 1765584 (1.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5939  bytes 2394177 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[andre at cubox vpnalma]$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         router.asus.com 0.0.0.0         UG    1024   0        0 eth0
10.0.0.0        *               255.255.255.0   U     0      0        0 eth0
router.asus.com *               255.255.255.255 UH    1024   0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 vpnalma
[andre at cubox vpnalma]$


——————————————————————————————————————————————————————————————————

ON THE ANDROIDE DEVICE SIDE I HAVE THIS CONFG:


u0_a167 at hammerhead:/ $ su
root at hammerhead:/ # cd sdcard/tinc/vpnalma
at tinc.conf                                              <
# Sample tinc configuration file
# This is a comment.
# Spaces and tabs are eliminated.
# The = sign isn't strictly necessary any longer, though you may want
# to leave it in as it improves readability :)
# Variable names are treated case insensitive.
# The name of this tinc host. Required.
Name = nexus5
# The internet host to connect with.
# Comment these out to make yourself a listen-only connection
# You must use the name of another tinc host.
# May be used multiple times for redundance.
ConnectTo = cubox
ConnectTo = groppalbero
ConnectTo = imac
# The tap device tinc will use.
# Default is /dev/tap0 for ethertap or FreeBSD,
# /dev/tun0 for Solaris and OpenBSD,
# and /dev/net/tun for Linux tun/tap device.
#Mode = switch
Device = /dev/tun
#DeviceType = tap
#Interface = tap0
#echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/rp_filter
ScriptsInterpreter = /system/bin/sh
root at hammerhead:/sdcard/tinc/vpnalma # cat tinc-up
#!/bin/sh
# This file sets up the tap device.
# It gives you the freedom to do anything you want with it.
# Use the correct name for the tap device:
# The environment variable $INTERFACE is set to the right name
# on most platforms, but if it doesn't work try to set it manually.
# Give it the right ip and netmask. Remember, the subnet of the
# tap device must be larger than that of the individual Subnets
# as defined in the host configuration file!
ifconfig $INTERFACE 192.168.0.80 netmask 255.255.255.0
#echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/rp_filter
#ip link set $INTERFACE up
#ip addr add  192.168.0.80/24 (http://192.168.0.80/24) dev $INTERFACE
#ip route add 192.168.0.0/24 (http://192.168.0.0/24) dev $INTERFACE
root at hammerhead:/sdcard/tinc/vpnalma # hosts/nexus5
sh: hosts/nexus5: can't execute: Permission denied
at hosts/nexus5                                           <
# Sample host configuration file
# The real IP address of this tinc host. Can be used by other tinc hosts.
# Portnumber for incoming connections. Default is 655.
#Port = 655
# Subnet on the virtual private network that is local for this host.
Subnet = 192.168.0.80/32 (http://192.168.0.80/32)
-----BEGIN RSA PUBLIC KEY-----

-----END RSA PUBLIC KEY-----
root at hammerhead:/sdcard/tinc/vpnalma # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 (http://127.0.0.1/8) scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: rmnet0: <UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/[530]
    inet 10.183.70.124/29 (http://10.183.70.124/29) scope global rmnet0
    inet6 fe80::7561:c093:ea26:5781/64 scope link
       valid_lft forever preferred_lft forever
3: rmnet1: <> mtu 2000 qdisc noop state DOWN qlen 1000
    link/[530]
4: rmnet2: <> mtu 2000 qdisc noop state DOWN qlen 1000
    link/[530]
5: rmnet3: <> mtu 2000 qdisc noop state DOWN qlen 1000
    link/[530]
6: rmnet4: <> mtu 2000 qdisc noop state DOWN qlen 1000
    link/[530]
7: rmnet5: <> mtu 2000 qdisc noop state DOWN qlen 1000
    link/[530]
8: rmnet6: <> mtu 2000 qdisc noop state DOWN qlen 1000
    link/[530]
9: rmnet7: <> mtu 2000 qdisc noop state DOWN qlen 1000
    link/[530]
10: rev_rmnet0: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
    link/ether a2:f5:64:5f:9d:05 brd ff:ff:ff:ff:ff:ff
11: rev_rmnet1: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
    link/ether ea:f8:93:71:83:a1 brd ff:ff:ff:ff:ff:ff
12: rev_rmnet2: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
    link/ether 2a:84:3a:f5:3b:f0 brd ff:ff:ff:ff:ff:ff
13: rev_rmnet3: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
    link/ether 4a:d5:f8:77:cb:80 brd ff:ff:ff:ff:ff:ff
14: rev_rmnet4: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
    link/ether 16:db:e7:e3:f4:39 brd ff:ff:ff:ff:ff:ff
15: rev_rmnet5: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
    link/ether 46:3a:94:70:f0:5f brd ff:ff:ff:ff:ff:ff
16: rev_rmnet6: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
    link/ether 62:2c:a9:03:e9:4d brd ff:ff:ff:ff:ff:ff
17: rev_rmnet7: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
    link/ether f6:8e:08:a1:aa:10 brd ff:ff:ff:ff:ff:ff
18: rev_rmnet8: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000
    link/ether 72:92:60:5c:e6:7c brd ff:ff:ff:ff:ff:ff
19: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
    link/sit 0.0.0.0 brd 0.0.0.0
20: p2p0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 8e:3a:e3:18:bb:55 brd ff:ff:ff:ff:ff:ff
21: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 8c:3a:e3:18:bb:55 brd ff:ff:ff:ff:ff:ff
23: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/none
    inet 192.168.0.80/24 (http://192.168.0.80/24) scope global tun0

root at hammerhead:/sdcard/tinc/vpnalma # ip route
10.183.70.120/29 (http://10.183.70.120/29) dev rmnet0  proto kernel  scope link  src 10.183.70.124
10.206.56.132 via 10.183.70.125 dev rmnet0  src 10.183.70.124
10.207.43.46 via 10.183.70.125 dev rmnet0  src 10.183.70.124
192.168.0.0/24 (http://192.168.0.0/24) dev tun0  proto kernel  scope link  src 192.168.0.80

root at hammerhead:/sdcard/tinc/vpnalma # ping 192.168.0.20
PING 192.168.0.20 (192.168.0.20) 56(84) bytes of data.
^C
--- 192.168.0.20 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9003ms
1|root at hammerhead:/sdcard/tinc/vpnalma #
————————————————————————————————————————————————————————————————————————————————
From the tinc gui log that I can’t copy and paste , I see that the device in connected to cubic but i can’t ping with it.

--  
Andrea Squeri
Inviato con Sparrow (http://www.sparrowmailapp.com/?sig)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150325/8443916d/attachment-0001.html>

More information about the tinc mailing list