Bug 428569 - VPN connection not work
Summary: VPN connection not work
Status: CONFIRMED
Alias: None
Product: kdeconnect
Classification: Applications
Component: android-application (show other bugs)
Version: unspecified
Platform: Android Android 9.x
: NOR normal with 20 votes (vote)
Target Milestone: ---
Assignee: Albert Vaca
URL: https://f-droid.org/de/packages/org.k...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-01 16:12 UTC by micet2004-github
Modified: 2021-09-19 10:50 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description micet2004-github 2020-11-01 16:12:19 UTC
Version: 1.15.0
https://f-droid.org/de/packages/org.kde.kdeconnect_tp/

STEPS TO REPRODUCE
1. Have a Mobile connection (no WLan connection)
2. Start a VPN  (e.g. Wireguard)
3. Try to connect to a computer

OBSERVED RESULT
Conection not work

EXPECTED RESULT
Connection work

SOFTWARE/OS VERSIONS
Android: lineage OS 16
Comment 1 Martin Zbořil 2020-11-28 15:11:41 UTC
Hello, I am having (almost) same 'issue' with openvpn, but I don't think vpn in question is relevant - what is relevant is network topology effectively disabling local discovery.

android client of kdeconnect seems not using it's list of custom device IPs more than once it is added, if it would have used that list instead of relying solely on local discovery via broadcast, the issue would not have existed.

I would love to use the kdeconnect, but I believe that I need vpn more.
Comment 2 Michal Kec (MiK) 2021-05-22 15:58:27 UTC
I can confirm the bug with OpenVPN and recent Plasma 5.21.

Although I can ping all devices in my LAN, or access TCP ports/services, KDEConnect is unable to discover the devices. 

I event tried to add the IP address of the computer manually, but no luck. https://userbase.kde.org/KDEConnect#Running_KDE_Connect_over_OpenVPN


Operating System: KDE neon 5.21
KDE Plasma Version: 5.21.5
KDE Frameworks Version: 5.82.0
Qt Version: 5.15.2
Kernel Version: 5.8.0-53-generic
OS Type: 64-bit
Graphics Platform: X11
Comment 3 ak 2021-09-19 10:50:08 UTC
Looking over at Wireshark, it appears that the identity UDP packet has grown to be around 1700-1850 bytes, ie a Jumbo Frame.

The reason is that the identity packet lists all of the device's capabilities, which have grown to be a lot. 

When in a local LAN (according to Wireshark) the router/phone fragments the packet into two and sends it correctly to the computer. However, OpenVPN not having this capability sends half of the packet, which gets ignored by the computer.

Perhaps the proper solution would be to rework the protocol to fix the packet size, but that may require modification of all the clients that implement the protocol.

However, there is a botch available.

The default upper limit of UDP packets in most interfaces is 1500 bytes. OpenVPN has a fragment option that would split the identity packet, but it's not supported in Android. Another option is to use the tun-mtu-extra option, which will resize the internal buffer of OpenVPN to be able to accept larger packets, with whatever issue that may cause.

Adding the following two lines in the client/server configs of OpenVPN fixes the issue by allowing the packet through.
tun-mtu sets the max packet size to be 1500 (if it's not already) and tun-mtu-extra allows OpenVPN to accept packets up to 500 bytes larger (so up to 2000).

tun-mtu 1500
tun-mtu-extra 500

It would be nice to edit the KDE Connect readme at least for the time being with the above option.
https://userbase.kde.org/KDEConnect#Running_KDE_Connect_over_OpenVPN

Software:
Phone: KDE Connect 1.17 (also tried 1.13), Android 10, Official OpenVPN client (unofficial also has this issue)
Computer: kdeconnect 21.08.1-1, OpenVPN 2.5.3