Android OpenVPN & Jelly Bean

Last night my Galaxy Nexus finally got the Jelly Bean update pushed to it via Over-The-Air – I’m not sure why it’s taken until now to get it, but ICS has been working fine so I never bothered to build Android from source again.

It was slightly disturbing that the update came down over 3G data, whilst I have a fair bit of cap, a lot of NZders are on pretty low cellphone datacaps and the update is around 160MB.

The upgrade was pretty seamless, however it broke my Openvpn for Android setup, preventing me from connecting to any of my servers or email. According to the application, there is a known issue that when the OS updates, you need to re-establish the trust relationship with the Android keystore, which you can do by editing the VPN and re-selecting the certificate and selecting “allow”.

Unfortunately, that didn’t work for me, it would keep repeating the error and refusing to run.  There wasn’t much useful in adb logcat either:

I/ActivityManager(  303): Displayed de.blinkt.openvpn/.MainActivity: +213ms
I/ActivityManager(  303): START {act=android.intent.action.MAIN cmp=de.blinkt.openvpn/.LaunchVPN (has extras) u=0} from pid 4071
I/ActivityManager(  303): START {flg=0x20000 cmp=de.blinkt.openvpn/.LogWindow u=0} from pid 4071
I/keystore(  130): uid: 1000 action: t -> 1 state: 1 -> 1 retry: 4
I/keystore(  130): uid: 1000 action: x -> 1 state: 1 -> 1 retry: 4
V/OpenSSL-keystore( 4071): keystore_bind_fn
V/OpenSSL-keystore( 4071): keystore_engine_setup
V/OpenSSL-keystore( 4071): keystore_loadkey(0x5c30c3d0, "1000_USRPKEY_mobile-jethro", 0x0, 0x0)
I/keystore(  130): uid: 10067 action: b -> 7 state: 1 -> 1 retry: 4
W/keystore_client( 4071): Error from keystore: 7
V/OpenSSL-keystore( 4071): Cannot get public key for 1000_USRPKEY_mobile-jethro

I had a read and came across this bug report in Android, suggesting that the names of some certificates could be a problem.

My certificate was mobile-jethro.p12, so I named it to mobile.p12 and imported it again – which resolved the problem! Bit of a nasty character handling bug it seems….

2 thoughts on “Android OpenVPN & Jelly Bean

  1. Tim H

    Hey I’m in Sydney at the moment. If you can lookup Googles address here for me and I’ll go stand outside their offices and shout at them a bit.



    1. Jethro Carr Post author

      They used to (still do?) have a shiny office down on the waterfront, it’s worth a wander past. Take the monorail! ;-)


Leave a Reply