colucci-web.it

Hi,

I am using the Android VPN Pro Google ApI-release 1.01.17 (23010117) connecting to OpenVPN server version 2.5.7.

I am connecting using TAP/Bridge -- *THANK-YOU* for making this feature available on Android - I wall pulling my hair out trying to get a TUN connection to work

I can successfully connect from my Android phone *AND* a variety of other devices (Windows 10, Macs) all using the same server config and ovpn file / local config on each device. As far as I can tell I have access to all resources on my local network via the VPN connection.

For example: On my Windows 10 machine connecting using OpenVPN GUI v11.29.0.0 once connected the machine is successfully recognized by my iTunes server (I'm using the windows Airplay receiver called AirFoil Satellite https://rogueamoeba.com/airfoil/satellite/). Then I can stream music over the VPN connection to my Windows machine from my iTunes server.

But when I connect with Android VPN Pro with the same OpenVPN server and opvn file, using the android version of the AirFoil Satellite software, my iTunes server never sees the Android phone, so I can't connect to it and stream from iTunes to my phone. I've confirmed that if my Android phone is on my local network everything works. I've also tried a number of other Android "Airplay" receivers with the same result (e.g. Air-ReceiverLite and AirBubble).

Reading around it looks like there are some "gotcha's" related to protocols that use multicasting to announce themselves not working over TUN VPN connections, but I'm using TAP. These are protocols like Bonjour (used by Airplay), and ZeroConf.

Any suggestions as to what needs to be changed so my use case will work with Android?

LMK if you need additional details and I'll do my best to provide them.

Hello,

multicast packets are supported by the TAP emulator, but unfortunately some devices do not send these packets through the VPN.
In some cases the problem can be solved by adding a specific route.
In your case you can try to follow these steps:

• edit the VPN profile

• tap on IPv4 routes

• tap on + button

• set the Destination to 224.0.0.251/32 and tap on OK button

• save the changes

Thanks for the quick reply.

Adding that route did make one of the Airplay Receivers appear in iTunes, but unfortunately, I couldn't connect. iTunes gave me an error when trying to connect (with no helpful error message )

Are there any other routes I might need to add that other Airplay Reciever Android apps might use to announce themselves or actually use to send the audio?

Many thanks

You're welcome.
I'm sorry but I couldn't find any documentation explaining how the protocol works so I don't know how to help you.

Hi,

I have done some digging into the airplay (formally airtunes) protocol. You can read about it here: https://nto.github.io/AirPlay#servicedi ... layservice

As noted in my original post my scenario does work on windows 10 using the official openvpn client... same software iTunes on a Mac connects to Airfoil Satellite on the windows machine connected over VPN TAP using the Airplay protocol - both for discovery and streaming.

Does this give you any clues to help me connect Airfoil Satellite on Android over Openvpn Pro TAP connection to the same Mac running iTunes?

(Note as far as I can tell in all other respects the Open
VPN Pro TAP connection is working for SMB file sharing and CalDav and CardDav syncs etc.)

Thanks for any help you can give.

Hello,

unfortunately this information does not help.
Perhaps you can try to capture VPN packets with a tool like tcpdump and check the differences between Windows and Android VPN...

OK I'll try TCPdump. Can you recommend an Android App (there are ~10 that come up when you search tcpdump)?

I think it's better if you use the tcpdump on the server side, because the tcpdump requires root privileges and so on Android you have to root the device

Ok so I run tcpdump on the server side monitoring the tap2 interface created by the openvpn server (in my case tap2 along with all the othe interfaces are joined via bridge br0).

Any other parameters / filters you'd suggest so the dump isn't too overwhelming?

I assume the sequence should be for each of Windows and Android
1) Open VPN connection using VPN client
2) start tcpdump on tap2 interface
3) start airplay speaker server on the client device so it announces itself
4) stop tcpdump

When connected from windows do you also want a tcpdump of the music streaming to the airplay speaker as well as the "announcement"?

Thanks for your help on this

I think you can use this command: tcpdump -npi tap2 host x.x.x.x (x.x.x.x it's the address assigned to VPN client)

Yes, on Windows you can take even 1 or 2 seconds of streaming.

If you prefer you can send the results to android@colucci-web.it