[SOLVED] Help Connecting Android 4.1.1 to Untangle OpenVPN

[RoofTurbo]

First off, I love the show. Thanks to all the Hak5 production team.

I've been following allong the SSH episodes and have been successfully using Bitvise to tunnel my web browsing when on the road. When I saw episode 1405 I wanted to set up a OpenVPN server using Untangle as a VM. I followed allong Daren's guide and set the server up. Here are the specs of the setup:

Host Machine: Windows 7 Ultimate 64-bit

VirtualBox version 4.2.16

Untangle 9.41 x32

Tablet: Samsung Galazy Tab 2 7.0 GT-P3113

Android: 4.1.1 (Rooted stock ROM)

Router: Netgear WNR-3500L v1 running Tomato ver 1.28 by Shibby

I created a test server in Untangle VM and distributed the certificates to my tablet via scp. All the files (testuntangle-ca.crt, testuntangle-testtablet.crt, testuntangle-testtablet.key, testuntangle.conf, testuntangle.ovpn) are located in the internal SD card in a folder called "/untangle-vpn". The router is set to forward port 1194 to the Untangle VM (internal IP 192.168.1.51)

I've gotten to the point where I can connect the tablet to the Untangle server from an external IP (i.e. using my phone as a hotspot). The only thing is that whenever I check my IP address on the tablet (www.whatsmyip.org) I keep on getting the same IP that my cell phone carrier assigns me and not my home IP. I've tried rebooting all the listed devices to no avail. What am I missing.

Here is the testuntangle.ovpn file contents (all mentions of my home IP have been X'ed out):

#AUTOGENERATED BY UNTANGLE DO NOT MODIFY


# OpenVPN(v2.0) configuration script

client
proto udp
resolv-retry 20
keepalive 10 120
cipher AES-128-CBC
nobind
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 2
persist-key
persist-tun
verb 1
tls-exit
dev tun0
cert untangle-vpn/testuntangle-testtablet.crt
key untangle-vpn/testuntangle-testtablet.key
ca untangle-vpn/testuntangle-ca.crt
remote X.X.X.X 1194

Here is the log file from the OpenVPN app on my tablet:

10:09:55:690 -- EVENT: PROFILE_IMPORT_SUCCESS info='X.X.X.X [testuntangle]'
10:10:03:709 -- ----OpenVPN Start ----
10:10:03:710 -- EVENT: CORE_THREAT_ACTIVE
10:10:03:739 -- EVENT: RESOLVE
10:10:03:811 -- LZO-ASYM initswap=0 asym=0
10:10:03:811 -- Contacting X.X.X.X:1194 via UDP
10:10:03:812 -- EVENT:WAIT
10:10:10:818 -- Connecting to X.X.X.X:1194 (X.X.X.X) via UDPv4
10:10:10:362 -- EVENT: DISCONNECTED
10:10:10:376 -- EVENT: CORE_THREAD_INACTIVE
10:10:10:377 -- -----OpenVPN Stop -----
10:14:44:521 -- -----OpenVPN Start -----
10:14:44:521 -- EVENT:CORE_THREAD_ACTIVE
10:14:44:540 -- EVENT:RESOLVE
10:14:44:543 -- LZO-ASYM init swap=0 asym=0
10:14:44:544 -- Contacting X.X.X.X:1194 via UDP
10:14:44:545 -- EVENT:WAIT
10:14:44:551 -- Connecting to X.X.X.X:1194 (X.X.X.X) via UDPv4
10:14:46:656 -- EVENT: CONNECTING
10:14:46:672 -- Tunnel Options: V4.dev-type tun.link-mtu 1500.proto UDPv4.comp-lzo.cipher AES-128-CBC.auth SHA1.keysize 128.key-method2.tls-client
10:14:46:674 -- Peer info:
IV_VER=1.0
IV_PLAT=android
IV_NCP=1
IV_LZO=1

10:14:48:738 -- VERIFY OK: depth=0
cert version:3
serial number: 2A:AC:29:81
issuer name: CN=ca does not esist. C=US, ST=CA, L=SF, O=TestUntangle, OU=2ce38bec7228fce7, 0x2E=certificateAuthority
subject name: CN=ca does not esist. C=US, ST=CA, L=SF, O=TestUntangle, OU=2ce38bec7228fce7, 0x2E=certificateAuthority
issued on : 2013-07-12 -3:47:42
expires on : 2023-07-10 03:47:42
signed using: RSA+SH1
RSA key size: 1536 bits

10:14:49:851 -- SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
10:14:49:852 -- Session is ACTIVE
10:14:50:853 -- EVENT: GET_CONFIG
10:14:50:869 -- Sending PUSH_REQUEST to server...
10:14:51:042 -- OPTIONS:
0 [route] [172.16.0.1]
1 [route] [192.168.2.0] [255.255.255.0]
2 [route] [ping] [10]
3 [route] [ping-restart] [120]
4 [ifconfig] [172.16.0.9] [172.16.0.10]

10:14:51:043 -- LZO-ASYM init swap=0 asym=0
10:14:51:051 -- EVENT: ASSIGN_IP
10:14:51:099 -- TunPersist: saving tun context:
Session Name: X.X.X.X
MTU: 1500
REmote Address: X.X.X.X
Tunnel Addresses:
172.16.0.9/30
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4]
Add Routes:
172.16.0.1/32
192.168.2.0/24
Exclude Route:
DNS Servers:
Search Domains

10:14:51:100 -- Connected via tun
10:14:51:107 -- EVENT: CONNECTED info=X.X.X.X:1194 (X.X.X.X) via /UDPv4 on tun/172.16.0.9/' trans=TO_CONNECTED
10:18:57:009 -- UDP send error: send: invalid argument
10:18:57:032 -- EVENT: PAUSE trans=TO_DISCONNECTED
10:19:37:561 -- EVENT: DISCONNECTED
10:19:37:586 -- EVENT: CORE_THREAD_INACTIVE
10:19:37:594 -- ------OpenVPN Stop-----

Any help will be appreciated. Thank you in advance.

Edited July 19, 2013 by RoofTurbo

[RoofTurbo]

I went over to the Untangle Forums and posed my question there. They explained that I had to enable "Full Tunnel". To do this I clicked on the "Settings" button on the OpenVPN "rack", "Advance" Tab, click on the Document icon under the "Edit" column, and ticked the "Full Tunnel" option.

Now when I open up www.whatsmyip.org on the tablet it shows my home IP after OpenVPN app is connected to the Untangle server. I hope this helps anyone who may have forgoten this step too.