SecureFishNet

Rating: 
4.85366
Your rating: None Average: 4.9 (41 votes)

SecureFishNet is OpenVPN client manager for
Sailfish. You can manage openvpn connection with it. It requires
Openvpn and that will be downloaded from repository. (If not you can
do it with “pkcon install openvpn”).

You need normal openvpn configuration file.

This package contains daemon and securefishnet-gui.

PushUpMenu:

- “flush”. In case of something broke routing and network does not work.

This reverses every change this program made to routing. If network still does not work after this, reboot is your friend.

 

IPv6 does not work.

 

 

 

Application versions: 
AttachmentSizeDate
File securefishnet-1.5-3.armv7hl.rpm78.1 KB26/08/2015 - 13:12
File securefishnet-1.5-4.armv7hl.rpm77.79 KB26/08/2015 - 20:14
File securefishnet-1.6-2.armv7hl.rpm111.93 KB22/10/2015 - 16:57
File securefishnet-1.6-2.i486.rpm120.59 KB22/10/2015 - 17:35
File securefishnet-1.6-3.armv7hl.rpm112.33 KB28/10/2015 - 17:26
File securefishnet-1.6-3.i486.rpm120.95 KB28/10/2015 - 18:21
File securefishnet-1.6-4.armv7hl.rpm112.34 KB11/11/2015 - 13:10
File securefishnet-1.6-4.i486.rpm120.94 KB11/11/2015 - 13:10
File securefishnet-1.6-5.armv7hl.rpm112.38 KB16/11/2015 - 09:42
File securefishnet-1.6-5.i486.rpm120.93 KB16/11/2015 - 09:42
File securefishnet-1.9-2.armv7hl.rpm139.88 KB10/04/2016 - 20:56
File securefishnet-1.9-2.i486.rpm151.24 KB10/04/2016 - 20:56
File securefishnet-1.9-5.armv7hl.rpm140.77 KB12/05/2016 - 15:02
File securefishnet-1.9-5.i486.rpm151.47 KB12/05/2016 - 15:02
File securefishnet-2.0-5.i486.rpm150.52 KB20/09/2016 - 16:11
File securefishnet-2.0-5.armv7hl.rpm138.31 KB20/09/2016 - 16:11
File securefishnet-2.0-7.armv7hl.rpm139.05 KB20/10/2016 - 14:01
File securefishnet-2.0-7.i486.rpm151.95 KB20/10/2016 - 14:01
File securefishnet-2.1-2.armv7hl.rpm139.59 KB30/08/2017 - 17:03
File securefishnet-2.1-2.i486.rpm151.33 KB30/08/2017 - 17:03
File securefishnet-2.1-4.armv7hl.rpm144.66 KB17/06/2018 - 12:35
File securefishnet-2.1-4.i486.rpm156.96 KB17/06/2018 - 12:35
File securefishnet-2.1-5.armv7hl.rpm144.81 KB12/09/2018 - 20:32
File securefishnet-2.1-5.i486.rpm157.23 KB12/09/2018 - 20:32
File securefishnet-2.1-7.armv7hl.rpm146.15 KB22/01/2019 - 12:28
File securefishnet-2.1-7.i486.rpm157.54 KB22/01/2019 - 12:28
File securefishnet-2.1-8.armv7hl.rpm146.13 KB28/01/2019 - 18:57
File securefishnet-2.1-8.i486.rpm157.3 KB28/01/2019 - 18:57
File securefishnet-2.1-9.armv7hl.rpm145.94 KB08/03/2019 - 11:38
File securefishnet-2.1-9.i486.rpm157.26 KB08/03/2019 - 11:38
File securefishnet-2.1-11.armv7hl.rpm147.17 KB08/08/2019 - 14:12
File securefishnet-2.1-11.i486.rpm159.11 KB08/08/2019 - 14:12
Changelog: 

2.1-11

  • Fixes for 3.1.0.11

2.1-9

  • Dns is not always ready instantly so add small delay

2.1-8

  • fix for bug in compat mode/static Key handling

2.1-7

  • Fix for various DNS and routing related issues

2.1-5

  • Fix for changes in SFOS 2.2.1.18 ( UI opened twice because of the way autostart was made (used when VPN is selected to start at boot) )

2.1-4

  • fixes for 2.2.0.29
  • fix for default gateway not persistent in connection change

2.1-2

  • fixes for 2.1.1.26 (not tested with earlier OS versions)

2.0-7

  • bug fixes
  • ui tweaks
  • connection changing logic improved

2.0-5

  • bug fixes
  • ui tweaks
  • more than 3 connections or conffiles
  • rewrite of connection changing logic ( again )

1.9-5

  • bug fixes

1.9-2

  • lots of new features (check config page)
  • rewrite of connection changing logic ( only tested with SFOS 2.0.1.7 )

1.6-5

  • fixed bug with routing not always working as it should

1.6-4

  • bug fixes

1.6-3

  • bug fixes

1.6-2

  • Lots of minor tweaks
  • UI fixes
  • more icon sizes = bigger rpm...
  • i486 build (not tested on real device but runs fine on emulator)

1.5-4

  • and more old bugs fixed... huh...

1.5-3

  • more bug fixes

1.5-2

  • bug fixes
  • You should reboot AFTER installing this as there might be some unwanted leftovers (in routing table) from earlier versions.

1.5-1

  • bug fixes
  • tcp connection handling improvements and other internal changes

1.4-4

  • bug fixes

1.4-2

  • new filepicker
  • uses less memory
  • loads faster

1.3-2

  • bug fixes
  • better roaming logic

1.2-4

  • Some roaming fixes
  • UI fixes
  • "Static Key" in config dialog might help if connection doesn't start (at all)

1.2-2

  • Roaming logic is removed from UI and daemon handles that now so you can close UI and it should still roam
  • bug fix for routing

1.0-4

  • bug fixes

1.0-2

  • fix for minor bug in roaming
  • less memory used
  • fix for gw not being set with newer openvpn

1.0-1

  • UIs internal logic rewrite
  • Added connection detection
  • Fixed reconnect with openvpn
  • Added restart of connection when changing networks ( wlan <-> mobile )
  • After UI start status of connection is now shown (If connection is/was up). Roaming logic is in UI so changing networks won't work when UI is closed. 

0.9-5

  • ui fixes

0.9-3

  • ui fixes

0.8-5

  • more bug fixes

0.8-4

  • fixes bug: dns forwarding in android apps

0.8-2

  • MicroSD button in filepicker might actually work now ;-)
  • Wait longer for response from openvpn

0.8-1

  • Landscape

0.7-2

  • Bug fixes

0.7-1

  • Small UI improvements
  • Encryption is now used on username and passwords when saved ( light encryption only )

0.6-3

  • Bug fixes

0.6-2

  • Bug fixes
  • You can now execute script with PushUpMenu ( user nemo )

0.6-1

  • Support for username/password
  • Rewrite of everything but UI

0.4-2

  • Minor bug fix

0.4-1

  • Added support for password encrypted keys ( in config )
  • Bug fixes

0.2-3

  • Bug fixes

0.2-2

  • Bug fixes
  • UI improvements

0.1-2 - initial release

Comments

korppi's picture

No ports of this app to N9. N9 is too locked up for that. But you can use openvpn in it.

Matty69's picture

Hi! Same problem with client for me: it disconnects immediately after start - seems it even doesnt try ty to connect to the network. Got the same error messages as wico after starting securefishnet-gui from cli. "Static key" option in UI doesnt make a difference. openvpn from CLI with same .ovpn works.

korppi's picture

Execute as root "/usr/sbin/openvpn --user nobody --group nobody --config your_config_file_name --verb 4" and send me the output. Remove all IP:s and personal info from log.

abbaspower's picture

When I install this package in sailfish os 1.1.4.29 I have the following error:
Transaction/7686_ecdadbcc
Status:repo-not-availabel
Extra details:
Authentication failed(is SSU set up correctly?)
Dismiss
I think openvpn upgraded from 2.3.4-2 to 2.3.6-1 by NileDK

korppi's picture

So this has nothing to do with securefishnet...

 

You have NielDK's repo active and there are no package named(or version) like that anymore...

Refresh package list.

And why not use openvpn from Jolla?

wico's picture

Since a day I try to get securefishnet started on my jolla - with no success.
Here is the whole story:

1) I have a openvpn-config with static key. Works perfectly on commandline!
2) With securefishnet after pressing "start", it immediately goes into "disconnect" state. Via the terminal I can see:

[nemo@singularity ~]$ securefishnet-gui
[D] QWaylandEglClientBufferIntegration::QWaylandEglClientBufferIntegration:62 - Using Wayland-EGL
[D] onOutputChanged:158 - ,ONLINESonlineONLINES,MANAGEMENT:,VPNGW,,MANAGEMENT:,OLDGW,,MANAGEMENT:,VSIP,,MANAGEMENT:,DNS,
[D] onOutputChanged:158 - ,ONLINESonlineONLINES
[D] onOutputChanged:158 - STATE,DISCONNECTED,

3) I started the OVPNdaemon via strace and can see:

strace -s 1024 -f /usr/bin/OVPNdaemon
[...]
[pid 16898] execve("/usr/sbin/openvpn", ["/usr/sbin/openvpn", "--user", "nobody", "--group", "nobody", "--config", "/home/nemo/fireland-singularity.conf", "--dev", "p2p5", "--dev-type", "tun", "--verb", "4", "--management-query-passwords", "--auth-retry", "interact", "--management-hold", "on", "--persist-tun", "--auth-user-pass", "--persist-key", "--management", "127.0.0.1", "4445"], [/* 20 vars */] <unfinished ...>
[...]
[pid 16895] read(12, "Options error: --auth-user-pass requires --pull\n", 48) = 48
[...]
[pid 16898] +++ exited with 1 +++
[...]

4) Same happens if I run openvpn with the above arguments directly:

[root@singularity openvpn]# /usr/sbin/openvpn --user nobody --group nobody --config /home/nemo/fireland-singularity.conf --dev p2p5 --dev-type tun --verb 4 --management-query-passwords --auth-retry interact --management-hold on --persist-tun --auth-user-pass --persist-key --management 127.0.0.1 4445
Options error: --auth-user-pass requires --pull
Use --help for more information.

EXIT 1

Thus - is securefisnet unable to handle static-key situations? When I remove "--auth-user-pass" from the arguments, it looks way better. But unfortunately I cant tweak OVPNdaemon to do so. :(

Thanks for help!

 

Martin

korppi's picture

Thanks for all your effort to help.

You can try to add "pull" to your configfile. If that doesn't help then it needs little more coding...

 

wico's picture

I tried that - problem with pull is:

Options error: Parameter --pull can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified.

But I use a static key (which is mandatory, I cant switch to TLS due to other reasons).

Big thanks for your awesome support!

 

Martin

korppi's picture

Ok

Little more coding for me then ;-)

wico's picture

Tell me if you need a sample-config. :)

Are you github'ing?

korppi's picture

There is new option in config dialog try it if it helps. If the busy indicator doesn't stop, openvpn still might be connected... I need openvpns log in that case.

wico's picture

Works now! God job! :)

abbaspower's picture

Hi,

Thank you for this package but dont work in sailfishos 1.1.4.29 

please upgrade to new version

korppi's picture

Works for me...

Little more info please. Can't help if all I get is    "  don't work  "  ...

known issues:

- Ipv6 will not work

- If certs and keys are not with absolute paths in config...

 

jaekkay's picture

Thank you for the regular updates and the recent improvements!

carepack's picture

thx for the update!!!! 

carepack's picture

hi korppi,

thx for you're gui for openvpn. One question:

The connection is establised perfectly. But to reach my home server etc. I have to manually add a new route. Is it possible in any kind of way that this don't have to be manually done? It's all about comfort :-)

 

But big thx!

korppi's picture

There is bug with routing if you are using tun device. Already fixed it but have to run more tests. Tap device is working.

Routing table is not the default one, so don't try to check with "route" command as it shows the default table.

Moth's picture

Just a small recommendation... ;-)

korppi's picture

I know my icon is bad...

And thanks for this, but someone was faster. I just forgot to change it.

virgi's picture

Hello there! thanks for great app, but i cannot establish vpn connection with it=(

if i openvpn from shell under nemo i get "Cannot open TUN/TAP dev /dev/net/tun: Permission denied"

and it works just fine under devel-su

Any ideas?

Thanks.

Alex.

korppi's picture

Did you put absolute paths for keys in config file when trying my app?

 

And just as openvpn says it, "Permission denied".

Nemo can't make tun/tap device and update routing and ...

virgi's picture

yes, paths are absolute.

I tried to give vpn and openvpn permissions to nemo user, but that didn't help.

The thing is why i'm the only one having this issue. Can you post output of "id" command in shell for nemo user? Maybe some groups are missing.

korppi's picture

You should not need to change any settings on device. If you use Jolla anyway... don't know about other devices. There's daemon with my app which has necessary rights to execute openvpn. But you can try with devel-su and if its working send me the logs. I don't need IPs and such only need to see failure point and what led to it. "--verb 4" at the end on commandline.

And one more thing you can't hardcode the TUN/TAP device in config...

virgi's picture

great! it's just a wrong password! that's the problem with 512bit passwords=\ sorry for taking your time

PS that error i've got, when password was wrong, was in infinite loop (until you hit stop button). May be you could create some kind of workaround or just insert password check for key with openssl before running openvpn

anyway thanks again for so much needed app

korppi's picture

No problem

My app should inform the user about that. It reads openvpns output and when it doesn't understand stays in that loop. I have to check why thats not working.

casanunda's picture

Thanks, works great!

It did not work at first, but after reading another comment and changing the path to the key file to absolute path in the config file (which is not an obvious step), everything works fine.

timetourist's picture

This is really great! Works perfect with VyprVPN. Anyone who wants to use VyprVPN on his Jolla can get the OpenVPN configuration files from this page: https://www.goldenfrog.com/UK/support/vyprvpn/vpn-setup/ipad/openvpn-con... . These config files already contain the certificate, so no need to fiddle around. Just add a profile in SecureFishNet and point to the OVPN-file. For each VPN-gateway you will need one config file. NOTE: you have to rename the config files so they do not contain any blanks.

jaekkay's picture

Hi, After successful connection, dns seem to be fine on Sailfish browser but Android firefox/opera browser still shows ISP dns (Dns queries does not seem to be forwarded through VPN). Is this expected behaviour? Thanks.

korppi's picture

Thanks for reporting. Fixed

Pages