Android 4 OpenVPN App tun_builder_error (topology net30)

Question

I've running an OpenVPN server on my server and I want to connect several devices (smartphone, notebooks, desktop computers, tablets...). I have no problem connecting notebooks with Linux or Mac OS X or my Windows 8 tablet. So that work's pretty well.

But when I want to connect my Nexus 5 with Android 4.4.2, the OpenVPN app gives me the following error:

12:53:32.106 -- EVENT: TUN Error: tun_builder_error: ifconfig addresses are not in the same /30 subnet (topology net30)

Here is my client.conf.:

client
dev tun
proto udp
remote xx.xx.xx.xx 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun

ca ca.crt
cert Nexus5.crt
key Nexus5.key

ns-cert-type server

comp-lzo
verb 3
pull

And the corresponding server.conf:

script-security 2
port 1194
proto udp
dev tun

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
client-config-dir ccd

push "redirect-gateway def1"

push "dhcp-option DNS 208.67.220.220"
up ./up-script.sh
down ./down-script.sh

client-to-client
keepalive 10 120

comp-lzo

user nobody
group nogroup

persist-key
persist-tun

status openvpn-status.log
log         openvpn.log
verb 3

The ccd/Nexus5 file:

ifconfig-push 10.8.0.11 255.255.255.0

I use the same client.conf for every client (adapted certificates of course). It work's on every device, except the Nexus 5. After research I read that it might help adding

push "topology subnet"

to the server.conf. But then no client can connect anymore, so that doesn't help. Can you spot any error in my config files or anything?

Here is the log from the Nexus 5 OpenVPN app:

12.53.30.522 -- ---- OpenVPN Start ----
12.53.30.523 -- EVENT: CORE_THREAD_ACTIVE
12.53.30.531 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [user] [nobody]
7 [group] [nogroup]
8 [persist-key]
9 [persist-tun]
15 [verb 3]
16 [pull]

12:53:30:531 -- EVENT: RESOLVE
12:53:30.534 -- LZO-ASYM init swap=0 asym=0
12:53:30.534 -- Contacting xx.xx.xx.xx:1194 via UDP
12:53:30.535 -- EVENT: WAIT
12:53:30.537 -- Connecting to xx.xx.xx.xx:1194 via UDPv4
12:53:30.572 -- EVENT: CONNECTING
12:53:30.575 -- Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
12:53:30.775 -- Peer Info:
IV_GUI_VER=net.oopenvpn.connect.android
1.1.13-53
IV_VER=3.0
IV_PLAT=android
IV_NCP=1
IV_LZO=1

12:53:30.779 -- VERIFY OK: depth=1
..
12:53:30.780 -- VERIFY OK: depth=0
..
12:53:31.121 -- SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
12:53:31.122 -- Session is ACTIVE
12:53:31.123 -- EVENT: GET_CONFIG
12:53:31.130 -- Sending PUSH_REQUEST to server...
12:53:31.165 -- OPTIONS:
0 [route] [10.8.0.0] [255.255.255.0]
1 [redirect-gateway] [def1]
2 [dhcp-option] [DNS] [208.67.220.220]
3 [route] [10.8.0.0] [255.255.255.0]
4 [topology] [net30]
5 [ping] [10]
6 [ping-restart] [120]
7 [ifconfig] [10.8.0.11] [255.255.255.0]

12:53:31.166 -- LZO-ASYM init swap=0 asym=0
12:53:31.167 -- EVENT: ASSIGN_IP
12:53:31.177 -- TUN Error: tun_builder_error: ifconfig addresses are not on the same /30 subnet (topology 30)
12:53:31.181 -- EVENT: TUN_SETUP_FAILED
info='tun_builder_error: ifconfig addresses are not on the same /30 subnet (topology 30)'
12:53:31.188 -- EVENT: DISCONNECTED
12:53:31.198 -- EVENT: CORE_THREAD_INACTIVE
12:53:31.199 -- Tunnel bytes per CPU second: 0
12:53:31.200 -- ---- OpenVPN Stop ----

Thank you!

Answer 1

Problem solved:

I configured the client-client routes like this:

ifconfig-push 10.8.0.11 255.255.255.0

The log in the OpenVPN for Android app said that there does not have to be a subnet mask, but a second (different) IP address. Configuring the VPN, the documentation is always good.

It says

Each pair of ifconfig-push addresses represent the virtual client and server IP endpoints. They must be taken from successive /30 subnets in order to be compatible with Windows clients and the TAP-Windows driver.

So now it looks like this:

ifconfig-push 10.8.0.13 10.8.0.14

Furthermore, the documentation includes a table with example of IP address pairs. After changing this, it is working again. I don't know why Android has a problem with it and not the other client on OS X, Linux and Windows. But all that counts is that it is working again.

Answer 2

Here is described the solution to force "subnet" mode instead of "net30": https://forums.openvpn.net/viewtopic.php?t=23585

If you add push "topology subnet" to the client ccd it works with the OpenVPN Connect app.

This solved issue for me. Android 8.1 OpenVPN Connect 3.0.5