Skip to content
This repository has been archived by the owner on Sep 3, 2024. It is now read-only.

ip6tables error messsage #10

Open
bjoern-r opened this issue Aug 17, 2014 · 6 comments
Open

ip6tables error messsage #10

bjoern-r opened this issue Aug 17, 2014 · 6 comments

Comments

@bjoern-r
Copy link

I've tried the 1.2rc1 build that you posted today.
I can see the correct messages from the native-iodine code however it fails when trying to configure some ip6tables rules.
btw: openvpn works without problems.
phone is a nexus 5 with rooted stock rom.
iodined was started with -m 1280

D/NATIVE  (11195): Native Library iodine-client loaded
E/iodine  (11195): Topdomain from vm: xx.com
E/iodine  (11195): Topdomain from vm: xx.com
W/InputMethodManagerService(  776): Window already focused, ignoring focus gain of: com.android.internal.view.IInputMethodClient$Stub$Proxy@43484af8 attribute=null, token = android.os.BinderProxy@43023cb0
I/Iodine  (11195): Opened IPv4 UDP socket
I/Iodine  (11195): Autodetecting DNS query type (use -T to override)
I/Iodine  (11195): .
D/VPN_SERVICE(11195): Send: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECT (has extras) }
D/MAIN    (11195): Got intent: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECT flg=0x10 (has extras) }
D/FRAGMENT_STATUS(11195): Got intent: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECT flg=0x10 (has extras) }
I/Iodine  (11195):
I/Iodine  (11195): Using DNS type NULL queries
I/Iodine  (11195): Version ok, both using protocol v 0x00000502. You are user #0
I/Iodine  (11195): Server tunnel IP is 10.9.0.1
I/Iodine  (11195): Skipping raw mode
I/Iodine  (11195): Using EDNS0 extension
I/Iodine  (11195): Retrying upstream codec test...
I/Iodine  (11195): Switching upstream to codec Base128
I/Iodine  (11195): Server switched upstream to codec Base128
I/Iodine  (11195): No alternative downstream codec available, using default (Raw)
I/Iodine  (11195): Switching to lazy mode for low-latency
I/Iodine  (11195): Server switched to lazy mode
I/Iodine  (11195): Autoprobing max downstream fragment size... (skip with -m fragsize)
I/Iodine  (11195): 768 ok..
I/Iodine  (11195): 1152 ok..
I/Iodine  (11195): .
I/Iodine  (11195): .
I/Iodine  (11195): .
I/Iodine  (11195): 1344 not ok..
I/Iodine  (11195): .
I/Iodine  (11195): .
I/Iodine  (11195): .
I/Iodine  (11195): 1248 not ok..
I/Iodine  (11195): .
I/Iodine  (11195): .
I/Iodine  (11195): .
I/Iodine  (11195): 1200 not ok..
I/Iodine  (11195): 1176 ok..
I/Iodine  (11195): 1188 ok..
I/Iodine  (11195): will use 1188-2=1186
I/Iodine  (11195): Setting downstream fragment size to max 1186...
I/Iodine  (11195): Handshake successful, leave native code
D/VPN_SERVICE(11195): Handshake successful
D/VPN_SERVICE(11195): Send: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECTED (has extras) }
D/VPN_SERVICE(11195): Build tunnel for configuration: ip=10.9.0.2 netbits=24 mtu=1280
D/VPN_SERVICE(11195): Set default route
D/VPN_SERVICE(11195): Build tunnel interface
D/Vpn     (  776): setting state=CONNECTING, reason=establish
D/VpnJni  (  776): Address added on tun0: 10.9.0.2/24
D/FRAGMENT_STATUS(11195): Got intent: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECTED flg=0x10 (has extras) }
I/ip6tables(  180): ip6tables v1.4.11.1: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
I/ip6tables(  180): Perhaps ip6tables or your kernel needs to be upgraded.
I/ip6tables(  180): ip6tables terminated by exit(3)
E/Netd    (  180): exec() res=0, status=768 for /system/bin/ip6tables -t nat -A st_nat_POSTROUTING -o tun0 -m mark --mark 61 -j MASQUERADE
I/Vpn     (  776): Established by org.xapek.andiodine on tun0
D/Vpn     (  776): setting state=AUTHENTICATING, reason=establish
D/VPN_SERVICE(11195): Send: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECTED (has extras) }
D/VPN_SERVICE(11195): Tunnel active
I/Iodine  (11195): Run client_tunnel_cb
D/FRAGMENT_STATUS(11195): Got intent: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_CONNECTED flg=0x10 (has extras) }
D/ConnectivityService(  776): handleInetConditionHoldEnd: net=1, condition=100, published condition=100
D/VPN_SERVICE(11195): Send: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_DISCONNECT (has extras) }
D/FRAGMENT_STATUS(11195): Got intent: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_DISCONNECT flg=0x10 (has extras) }
W/Netd    (  180): No subsystem found in netlink event
W/Netd    (  180): No subsystem found in netlink event
E/NetlinkEvent(  180): Unknown ifindex 34 in RTM_DELADDR
D/NetlinkEvent(  180): Unexpected netlink message. type=0x11
I/ip6tables(  180): ip6tables v1.4.11.1: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
I/ip6tables(  180): Perhaps ip6tables or your kernel needs to be upgraded.
I/ip6tables(  180): ip6tables terminated by exit(3)
E/Netd    (  180): exec() res=0, status=768 for /system/bin/ip6tables -t nat -D st_nat_POSTROUTING -o tun0 -m mark --mark 61 -j MASQUERADE
D/Vpn     (  776): setting state=DISCONNECTED, reason=interfaceRemoved
D/VPN_SERVICE(11195): Send: Intent { act=org.xapek.andiodine.IodineVpnService.STATUS_IDLE }
D/VPN_SERVICE(11195): VPN Thread exit
@yvesf
Copy link
Owner

yvesf commented Aug 17, 2014

Hi, thanks for reporting this problem. However, right now I don't have
any clue whats the reason for this problem.
It could be that your android build is broken, but thats just guessing.
I can only ask you to play a bit with the configuration (mtu,fragment
size,reboot the phone etc).
When I find time I'll look into openvpn for android to see what different there.
Kind regards, Yves

@yvesf
Copy link
Owner

yvesf commented Aug 17, 2014

which openvpn client did you tried?
Was it this one: https://code.google.com/p/ics-openvpn/ ?

@yvesf
Copy link
Owner

yvesf commented Aug 17, 2014

The iptables errors are not fatal:
https://android.googlesource.com/platform/system/netd/+/android-4.4.4_r2/SecondaryTableController.cpp#413

@bjoern-r
Copy link
Author

Hi,
i used the "OpenVPN für Android 0.6.17" app from arne schwabe. It seems that openvpn does not try to activate ipv6 for the tunnel.
As you can see from the logcat the iodine vpn link is closed after the second ip6tables error message.
I will try to use different settings. could you post a resent apk build?
bjoern

@samdroid-apps
Copy link

Doesn't iodine only support ipv4?

This is a piece of software that lets you tunnel IPv4 data through a DNS
server

http://code.kryo.se/iodine/README.html

@yvesf
Copy link
Owner

yvesf commented Oct 11, 2014

Doesn't iodine only support ipv4?

That is correct. Android, however, configures ipv6 iptables anyway. I don't think it's possible to disable this stepit through the VPN Framework API.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yvesf @bjoern-r @samdroid-apps