-device 'dns0' works, -device 'tun0' default does not. about andiodine HOT 19 CLOSED

To clarify, the iodine c client calls open_tun() (in tun.c) and there can specificy the name of the tun device.

Andiodine gets the tun-device from the Android VPN Framework and just passes a file-descriptor into the actual iodine client code, thus it skips the open_tun() call.

I doubt that just the different naming plays any role in the end. Also I can confirm that it worked once for me™ on an android 4.2.2.

For the question about why the name 'dns0'. See in tun.c#L110, there is a loop trying dns0,dns1,....

from andiodine.

Thank you. Reading and experimenting further I see that the iodine binary, with no "-d" setting, will use "dns0" and NOT "tun0".
Why does andiodine use tun0? In the tun.c it appears that tun0 is used for darwin, and that different network config is loaded.

from andiodine.

In andiodine in IodineVpnService L 380 we call establish(). By this android will create 'tun0' (or whetever android likes as a name) for us.

from andiodine.

So why does android decide to use tun0 when it is called by vpn service, and dns0 when called by iodine binary? the naming seems to be the point of failure, at least in my environment.
tun0 = tunnel comes up, data is sent / received, but software using tunnel cannot see it.
dns0 = same, but browser etc works.

from andiodine.

Ive looked everywhere for a permission, ownership etc that was preventing a virtual device named 'tun0' from having the same function as one named 'dns0'. They appear identical, yet something prevents one from working and not the other.

from andiodine.

In case of iodine cmdline binary there is no Android involved but just Linux. There iodine requests the name 'dns0'.

From your error description I would guess something with the routing is not set up properly.
In case of iodine on cmdline it fires some "route add .. gateway .." commands to set up routing.
With andiodine we again rely on the Android VPN Framework. So something could be wrong here. Did you validate/compared the routing settings in both cases?

from andiodine.

Top is andiodine/ vpn setup,
bottom is from command line.

shell@android:/ $ ip route show
default via 192.168.2.1 dev wlan0
default via 192.168.2.1 dev wlan0 metric 233
10.0.0.0/27 dev tun0 proto kernel scope link src 10.0.0.4
192.168.2.0/24 dev wlan0 proto kernel scope link src 192.168.2.104 metric 233
192.168.2.1 dev wlan0 scope link
shell@android:/ $ ip route show
default via 192.168.2.1 dev wlan0
default via 192.168.2.1 dev wlan0 metric 233
10.0.0.0/27 dev dns0 proto kernel scope link src 10.0.0.2
192.168.2.0/24 dev wlan0 proto kernel scope link src 192.168.2.104 metric 233
192.168.2.1 dev wlan0 scope link

other places to look besides 'ip route show'?

from andiodine.

I think ip route show should contain all necessary info.

Both versions don't set the default gateway to 10.0.0.1 (the dns-tunnel endpoint).

Can you ping 10.1.0.1 (the dns-tunnel endpoint where iodined runs) in both cases?

Can you verify that for iodine commandline version, when you use the browser that it's really using the tunnel?

from andiodine.

Yes, i have optware installed and have used both 'tsocks' and another android tool to point traffic into the tunnel.
using the 'default route' setting in andiodine does not change the inability for clients to see the responses/traffic. the traffic still happens, just nobody at client side of tunnel can see it. I have verified that the tunnel still sets up properly with 'tcpdump' and other traffic monitoring ways.

from andiodine.

sorry, let me back up. 'tsocks' works with either 'tun0' or 'dns0'. So, youre right, the naming is not what is at fault.

from andiodine.

tsocks is intended for SOCKS tunnels. iodine is a layer 3 tunnel. So it should be unrelated.

from andiodine.

the iodined server has a socks proxy set up. see http://dnstun.com

from andiodine.

'tsocks' only works with elevated permissions. android apps don't have access to the tunnel due to some permissions issue...somewhere.

from andiodine.

I wasn't aware that you are using that service from dnstun.com, I haven't heard of it before. Therefore I was irritated by your mention of tsocks. Now things make more sense.
However, for debugging this makes it more complicated. I recommended that you first try to get things going using a iodined server under your control.

from andiodine.

having access to the server would definitely cut down on the guessing!

How do I ask the client to add a device name? "client_set_..?" I dont see it anywhere in client.c.

from andiodine.

In iodine.c https://github.com/yvesf/andiodine/blob/master/jni/iodine/src/iodine.c#L346
It passes either the device name from -d or NULL, if NULL then tun.c open_tun() starts probing dns0,dns1,etc..
Regarding the Android VPN Framework I'm not aware of any method to fix the device-name.

from andiodine.

i am working to add the option of forcing "dns0". Learning as I go. If I can get it working, it will appear as a fork.

Thank you for your responses! Much appreciated. I'm learning a lot from you and your project. :)

from andiodine.

Upon further study, this is really not an issue with andiodine but more an issue with connecting via socks to remote proxy over the tunnel.

Thanks for your interaction, much appreciated.

from andiodine.

Thanks for the update, you're welcome 😄

from andiodine.