Recent comments on posts in the blog:


Hello, Maybe you can help me. I installed the OpenVPN on my tab (Samsung tab4 with Android lollipop) and the connection is OK. I see that there is a connection, I can even ping the tab from my VPNserver (router). The thing is now, not all traffic is flowing through the tunnel. I started a couple of applications and the registered data use is not increasing that much. Also some applications won't work because they only work in my own LAN. So my conclusion the tunnel is not used for several applications.

Questions: 1. How can I check if an application is using the tunnel or nog. 2. How can I config that all applications are using the tunnel. 3. Maybe something else I have to do ??

Thanks in advance.



Comment by JD
Android app

How about WiGLE Wifi Wardriving as a Free app for seeing local channel use?

In the UK, there's one generation of BT Home Hub which uses only three channels... and you can't colour a map with three colours so if there are too many in an area, welcome to WiFi interference hell.

Comment by MJ Ray
the least congested wifi channel

"Once your devices are set to the right country, you should scan the local environment to pick the least congested wifi channel."

But beware -- the least congested channel may be unused for a reason. In my office I can see the usual mess of overlapping wifi's but nobody uses 5/6/7.

And if you try you soon find out why -- something nearby emits huge amounts of noise at those frequencies and those channels just don't work at that location.

(Makes the "auto select" feature of many AP's useless).

Comment by John Hughes
Re: comment 3

Is there a possibility to getting it work with tap interface? The current openvpn binary doesn't work with Android Lollipop :(

I'm using it on Lollipop and I was able to set it up with a graphical app, not a command-line one.

Comment by francois
comment 3
Is there a possibility to getting it work with tap interface? The current openvpn binary doesn't work with Android Lollipop :(
Comment by przemas
etckeeper as audit helper

turn off daily auto-commits turn off auto-commits before package installs

I'd actually not do that. etckeeper's daily autocommit feature once helped me tracing an intruder in a system that got hijacked by a botnet. Although this shouldn't happen in the first place, it was quite helpful that etckeeper kept a hint on when some important files were changed.

Comment by Natureshadow
OpenVPN for Android vs. OpenVPN Connect, Profile File

I've used your OpenVPN posts as a starting point for my own openvpn experiments.

Is there a reason why you chose the Android App OpenVPN for Android over OpenVPN Connect?

I couldn't find much on the differences in the documentation/FAQ of those projects. I've ended up using 'OpenVPN Connect' since it is claimed that it is the 'official' OpenVPN app - and because it is installed/rated by more users.

Do you know some advantages of one over the other?

Regarding the settings on the Android device - I generally dislike the idea of having to navigate complex configuration dialogs in an android app. Fortunately 'OpenVPN Connect' supports importing the settings, keys and certificate from a single .ovpn profile file ('OpenVPN for Android' supports this, too, it seems). With that you can even include the certificates and keys inline.

Your example settings translated to .ovpn syntax should look like:

dev tun
proto udp
remote 1194
resolv-retry infinite
remote-cert-tls server
cipher AES-256-CBC
auth SHA384

key-direction 1
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----

I've tested it with 'OpenVPN Connect' on Android 5 and it works as expected.

Comment by Georg Sauthoff

I should also mention that IPv6 dual-stack works well over OpenVPN for Android on 5.0 and above (it's broken on 4.4).

(Side-note: IPv6 dual-stack also works well with the strongSwan IKEv2 app.)

Comment by Jeremy
Interesting approach

You might note that Planet Debian allows you to collapse authors? That was my solution to really not wanting to read particular individuals.

Your approach seems good too though :)

Comment by Steve Kemp
comment 1
I've used yahoo pipes to filter unwanted "noise" from feeds via regex with great success. Very easy to craft stuff like this on the fly.
Comment by Jim