Hello Gert, On 05/18/2016 at 07:03 PM Gert Doering wrote: > Hi, > > On Wed, May 18, 2016 at 06:48:28PM +0200, Jürgen Schmidt wrote: >>> Everything else is passed as "custom setting" to the openvpn binary >>> run "under the hood" - and for ports >= 1024 (unprivileged), it "should" >>> work fine. >> >> But it didn't - I checked it and I could see the errors (drops) in >> iptables.log ... . Exactly same behavior as with "original" binary. > > Which hints at "something in whatever version of Android is running > on your device" is to blame... > > Hard to say how to pinpoint that. Maybe run "netstat -an" to see the > port binding while openvpn (either 2.3.4 / root or the Android app) > is running? If that binding is right, but the packets are still going > out with the wrong port, it's clearly "the system".
I think I got it now! The problem most probably is the fact, that I missed, that I didn't got a public IP by the open WLAN provider I tested with, but a private 10.0.0.0/8 address which got "NAT"ed (the IP address I could see in the log was a real public net address). Obviously the lports aren't kept through NAT. Additionally, I tested with another open WLAN, which provides public IPs - it's been working as expected. Sorry for the noise, thanks and kind regards, Juergen. ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
