Database Users

GPRS and Static IP with VPN

HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.

Unfortunately there is no simple answer to your question. AFAIK you cant get a fixed ip on gprs, but if your using the right firewall and the right vpn host you dont need to.
I use and supply windows sbs 2003 servers and vpn into them regularly. I have also used citrix to achieve similar results. Might be a bit difficult to persuade your firms it dept to set up something like that for 1 person though.
PM me if youd like any advice.

BillyB said:
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Click to expand...
Click to collapse
Hello Billy,
You ask a good question, but the answer isn't simple. Most carriers do have two types of APN (Access Point Name) provision for your SIM: "private" APN (which provides a non-routable IP assignment from behind a NAT, for basic browsing and e-mail functionality) and "public" APN (that provides a routable IP assignment, which is the Minimum Requirement for a more sophisticated connection type, such as VPN, etc). However, both of them are assigned by a DHCP (Dynamic Host Configuration Protocol) Server on a GGSN (Gateway GPRS Support Node) of your particular GPRS network operator. In either case, the end result will obviously be a DYNAMIC IP address on your GPRS terminal (be it a laptop PC, a PDA, or phone)
Some carriers do offer what is called a "dedicated APN" provision, which gives the subscriber their own IP range to choose from (almost like a small subnet), but it is only available to corporate giants like Pepsi (for example).
Now, to sum it up, you must have the proper APN provisioned on your Mobile SIM account (which the provider will normally call something like a "VPN data package" in billing terms). Then, you must obviously establish a GPRS session before you can connect your VPN client (but remember that most basic VPN clients work the best). It is pretty sad to say, but Microsoft Windows-embedded VPN client on Win2k/XP Pro so far has performed the best with no quirks whatsoever. It has to be via PPTP...L2TP has also worked for me..otherwise, the fancier (and more secure) the VPN tunneling protocol, the more its likely to fail. Normally all you need for a basic MS WIndows VPN client config is the Server name (or IP address), the user name, and the password.
Hope this helps,
Let me know how it goes,
Alex
PS. PM me if you have further questions.

VPN and TS Its like pulling teeth
hi all this has got to be the most anoying problem ever. i can connect to O2 vpn access point and hence i can connect to my work vpn server. however as soon as i try to open a TS connection to my desktop (through the vpn) the VPN connection is dropped and i never connect. Can anybody tell me why? if i have a vpn connection to my work server why does TS try to make another connection and bomb out the original. Is there a fix or another way of doing this i.e. does a external IP have to be nat'd to my desktop IP on port 3389? all help greatly appreciated. Ian

i've looked everywhere, seriously. -remote desktop

any detailed how to guide?, i can do it, i'm fairly tech savvy, so i just need to kneed out a few things. maybe if you caould start from the beginning and i can see where i went wrong.
logmein.com works, but i want something more personal, just bewtween the computer and my phone. somerthing that looks good and scales full screen preferably.
please guys?, point me in the right direction.. all the posts just keep saying to search and there's lots of info, but there's no step by step guide.
thanks guys!

ok i got it going.
first go to the computer you want to connect to and go to control panel / system
click on remote, enable remote users
go to start menu, run. type cmd
in command write "ipconfig /all"
take note of your ip address
on your phone go to remote desktop,
computer = your ip address
username = (go to startmenu, control panel, user accounts) use one of those names.
password = blank unless you have a password.
domain = i left blank.
connect full color unless it doesnt work for you
if you can connect and you get a password error
type the error you get inot google and you should get a fix as your first link.
try that.
blam, remote desktop, it's awesome.

Nice how-to...
this is the most succinct tutorial on how to do this that I've seen. I'm still having trouble, though. I get the "Cannot connect. Likely reason are: 1 the remote comupter is not set up for this. 2. Reached the maximum number of connections. 3. A network error occurred while connecting."
I have set up the XP PC, & taken down all firewalls. I only have one user account and it has a password. I've even tried using Hamachi with one of their VPN ip addresses (awesome and free for pc2pc). I 've combed trhough my router settings too, and tried to clear everything there, too. I can RD from an XP laptop, so ti seems to be something on the unit, to me. I've also setup file sharing w/ Total Commander (it's served my purposes amply).
I really have googled & googled & googled. If anyone has any idea what is going on, I'd be grateful for some ideas.

Have you enabled the RDP on the host computer?
Right click my computer
Properties
Remote
Then enable allow user to connect remotely.

Will only work on XP Pro, or Vista if you choose to allow older clients which they scaremonger you against by saying it's less secure.

Danke!
I've been scared away from Vista for the usual "new" OS reasons, but perhaps it's getting to be time for me to haul my old conservative back-end into the modern world.
Thanks so much for taking the time!
(and to Biohead: yes, I followed the instructions I lauded so vehemently.... ???)

you're running vista?
and you haven't been able to connect still, right?
sorry i could walk you through xp, but man vista sucks, i wouldn't touch it with a 10 foot pole.

i'm setting up remote desktop on my iphone
hahaha totally referred to this guide

and it sucks, so i'm sticking with vnc
man, i miss my exec/universal

dutchschultz said:
any detailed how to guide?, i can do it, i'm fairly tech savvy, so i just need to kneed out a few things. maybe if you caould start from the beginning and i can see where i went wrong.
logmein.com works, but i want something more personal, just bewtween the computer and my phone. somerthing that looks good and scales full screen preferably.
please guys?, point me in the right direction.. all the posts just keep saying to search and there's lots of info, but there's no step by step guide.
thanks guys!
Click to expand...
Click to collapse
Hope this helps
http://forum.xda-developers.com/showthread.php?t=366312
http://forum.xda-developers.com/showthread.php?t=294524

orb3000 said:
Hope this helps
http://forum.xda-developers.com/showthread.php?t=366312
http://forum.xda-developers.com/showthread.php?t=294524
Click to expand...
Click to collapse
you, my friend, are awesome

A possible solution for those of us on T-Mobile's standard web n walk
Sorry to resurrect this thread, but I thought I'd post my experiences here in case anyone else (like me) searches for a solution to enabling RDP on T-Mobile (UK at least).
I was having the same problem with remote desktop, it saying that the server was not available. I phoned up T-Mobile's helpdesk as recommended here and after getting past first line support (who didn't know what remote desktop was, and tried sending new connection settings to my phone to resolve the issue) I got through to someone who knew what they were talking about. Turns out that I'm on T-Mobile's "basic" or "handset-only" web-n-walk package, and it's not possible to use RDP on this. I assume they block the relevant ports. They told me that I could pay an extra fiver a month to upgrade to a version of web-n-walk which can handle RDP.
Well I told them I would think about it, but instead tried to find a way around it as the one or two times I need to use RDP are certainly not worth a fiver a month. My solution is probably only suitable for the more techy of us, but without much work and with no prior experience I managed to set up a SSH tunnel using FreeSSHd as a server running on my windows server (although a normal windows box should work fine - http://www.freesshd.com/) and zaTunnel as a client on my phone (http://www.zatelnet.com/zatunnel/main.php). Both programs are free.
Basically my phone takes all RDP connections and tunnels them over SSH to my windows server, which then turns them back into RDP connections. T-Mobile have no idea I'm using RDP, and if they block the SSH port in the future I can always change FreeSSHd to run on port 80 (for web). This will also work for other protocols T-Mobile might be blocking (FTP springs to mind).
Just thought I'd post this in case anyone was in my situation of needing RDP on their standard web'n'walk.
Edit Sorry posted this in the wrong thread! Will leave this post up however just in case someone finds it useful

echolock
Many thanks for the above have been searching everywhere for a fix to this. I am the same as you T Mobile (UK) and can't connect.
Could you give some additional advice as how you got the RDP to work.
For the record I can connect by Wi-Fi and by using a PAYG sim from a different carrier. However, I am on a contract with T Mobile and don't want to carry a different sim just to use the RDP.
I have installed both apps. I can make a connection from zaTunnel on Port SSH:24 to the freeSSHD server (SSH - listening on port 24). Other than adding a User and changing the default port to 24 there are no other changes I have made in freeSSHD.
Under the connections tab in zaTunnel I have left Network: Automatic with the other settings relevant to make a connection.
Under the ports tab of zaTunnel I have
LP> 3389,
IP/URL . IP of the desktop I want to connect to of 192.168.1.10
>RP 3389
When I the start the Remote Desktop app under my Windows Mobile 6.1 it indicates connecting the fails as before.
Also forgot to mention freeSSHD is running on the desktop I want to connect to.

Sure thing.
When you run Remote Desktop under Windows Mobile, make sure you connect to "localhost" NOT to the IP of the desktop you want to connect to.
Your other settings seem correct to me.
To attempt to explain a little, basically what happens is as follows. For simplicity's sake I will have three machines, your phone, your SSH server and your RDP server (although the latter two can be the same).
On your phone:
1) Remote Desktop connects to localhost on port 3389.
2) zaTunnel is listening on localhost on port 3389. It echos all commands sent to this port out on port 22 over your cellular connection to your SSH server, also providing details of your RDP server and port.
On your SSH server:
3) FreeSSHd receives the commands sent over port 22 and is told by zaTunnel to convert them to commands sent to your RDP server using port 3389.
On your RDP server:
4) Remote Desktop receives a normal RDP request over the normal port from your SSH server.
5) Responses are sent to your SSH server.
On your SSH server:
6) FreeSSHd receives the RDP responses, and sends them back to your phone over port 22.
On your phone:
7) zaTunnel converts the commands sent over port 22 back into RDP commands sent over port 3389.
8) Remote desktop receives a response from zaTunnel and thinks it's connected directly to an RDP server on localhost. In actuality it's connected to your RDP server using an SSH tunnel provided by zaTunnel and FreeSSHd.
Hope this makes sense, I'm not very good at explaining this!

Ah found another problem. The IP of your desktop you say is 192.168.1.10 - this is a local IP address so will only work on your local network.
Go to a website like http://whatismyipaddress.com/ from the machine you run SSHd on to find out what your current "external" IP address is. Bear in mind that most home broadband connections have a "dynamic" address which is allocated to you and might change from time to time - you can always use something like http://www.dyndns.com/services/dns/dyndns/ to set yourself up with a static hostname, and run a program on your machine which updates your hostname with the correct IP address every time it changes. Some routers have this functionality built in.

Thanks for the quick response and explanation.
Between posting and reading your reply I had worked out the RDP app needs the localhost or the IP 127.0.0.1.
I had come back here to post, so others would know in future.
Your other point you raised about the desktop IP. I have used this only in the ports tab on zaTunnel. The connection tab has a proper mydomainname.com address. (Provides email and a webmail interface).
Anyway, can connect now and thank you again in solving this for me. (If your in Leeds I will buy you a beer).

Ah yeah the 192.* address would work on the ports tab, fair enough. Might be worth pointing out if others read this that this is only the case if the machine you're trying to RDP to is on the same local network (or the same machine) as the machine you have FreeSSHd running on.
But good to hear you got it working Now hopefully T-Mobile won't cotton-on and decide to block port 22 too...

Remote Desktop WM6 T-Mobile Wing help

I have been searching for clarity thru islands of info in the forums as well as the net. Any help directing me would be sweet. I am trying to use my T-Mobile Wing HTC WM6 to control a computer on my home network. I have somewhat knowledge of having the server and client. Have read and installed programs. I want to be at McDonalds *or any wifi spot and log in to home computer. When I have a VNC server running it says the network ip address of 192.168.1.101 but I assume thats because its thru my network. I have went to what is my ip address.com and tried that with the port the server allows in the vnc viewer and had no luck. I think I might be too newb for such an advanced concept. I am somewhat computer savvy to alot of technical terms. If anyone could help it would be greatly appreciated. I use messengers if faster communication is necessary. Thanks in advance to any help or thoughts.

homiedaclown said:
I have been searching for clarity thru islands of info in the forums as well as the net. Any help directing me would be sweet. I am trying to use my T-Mobile Wing HTC WM6 to control a computer on my home network. I have somewhat knowledge of having the server and client. Have read and installed programs. I want to be at McDonalds *or any wifi spot and log in to home computer. When I have a VNC server running it says the network ip address of 192.168.1.101 but I assume thats because its thru my network. I have went to what is my ip address.com and tried that with the port the server allows in the vnc viewer and had no luck. I think I might be too newb for such an advanced concept. I am somewhat computer savvy to alot of technical terms. If anyone could help it would be greatly appreciated. I use messengers if faster communication is necessary. Thanks in advance to any help or thoughts.
Click to expand...
Click to collapse
a few thoughts,
1. what version of windows are you running. (e.g Xp Home or vista )
as Vista home basic and premium will not accept a remote desktop connection without a 3rd party hack to make it work only business and ultimate support remote desktop
If on XP home be sure to set allowing of remote desktop sessions to be allowed under the system properties area.
2. do you have a password setup on the user account that you log into windows on if no remote desktop will not allow access.
3. when browsing from a 3rd party network ( e.g mcdonalds or over GPRS/HSDPA ) you browse to your external ip not the dark ip of 192.168.1.x i use dyndns.org so i can just browse to the dynamic domain ip which is my external ip of my home pc
4. since you mentioned a dark ip i can only also assume your using a router at home. this means you either use such as LogmeIn/Hamachi and browse to the home pc's Hamachi IP ( e.g 5.5.100.50 ) or you will have to set a port forward in your router to forward any requests from port 3389 to the local IP of the home pc, ( e.g 192.168.1.100 )
I use static ip's in my router at home to ensire that the port forward will always goto my home pc's internal ip address. My particular router from netgear allows to have the ip of a specific machine be assigned the same ip internally based on it's ethernet adapter MAC address. making no changes required on the pc itself other them standard DHCP.
hope this helps.

1. what version of windows are you running. (e.g Xp Home or vista )
as Vista home basic and premium will not accept a remote desktop connection without a 3rd party hack to make it work only business and ultimate support remote desktop
If on XP home be sure to set allowing of remote desktop sessions to be allowed under the system properties area.
1. I am using Windows XP Home. I have allowed Remote Access under the tab Systems Tab.
2. I only have a pw on the prog VNC server on the pc but no passwords for windows *should I? :| ... Then I try VNC Viewer the the Pocket PC *T-mobile Wing.
3. I am reading up on the dyndns.org site. I assume I need the free dns service for those with dynamic IP addresses. *i hope I have that.
4. I have Linksys Bef11s4... I believe I can set static ip's though its tricky for me. I am going to try for the pc I want to connect to. This networking stuff gets a little bit blurry for me. I understand that static means non-changing, therefore the pc to connect to in network will have same ip on restarts and things. I am familiar with the port forwarding options *do i need tcp and udp checked?... again any thoughts definately appreciated...
lastly, Do you have any particular progs you recommend for me to do this concept? I have a few installed, but not sure i need all.. I have pocketputty on pda and wm6 rdc... plus vncvier. On the PC i have VNC CLient and VNC Server *believe I only need server. Thank you for your time Cyberjak

1. Just go to http://www.logmein.com
2. Sign up. It's free.
3. Screw Remote Desktop and juggling internal vs. external IP addresses and DNS.
4. Use/enjoy...no work needed.
MJB

Logmein has like 6 choices... I am looking to remote access outside my network... also is this free? I see trials and stuff... thanks for help mjb

have the logme in installed on main and when i use pda it doesnt work...i installed cab and log in fine but when i go to remote the pc it takes my access code and then pops up with error message for menuPDA.html... i cleared history and cookies and tried to make sense of the forums... I am using the T-mobile Wing with WM6.... wierd... willing to try the other way if needed... i guess i could also try loggin thru a pc not home to the remote pc... i believe i saying this remote term correctly but i believe u understand. I am trying to use my PDA anywhere to control home pc.... thanks for help guys... i am willing to try whatever way works...

I've used Logmein on my MDA Pro, Ameo and now on my Vario 3.
You should first try to remote your PC while your sitting next to it. That way you can see any firewall pop ups that may be blocking you.

I have been trying when i am right next to it... I am using my WM6 to connect wi-fi to the internet thru my network.... the pc i wanna control is on my network...

It doesn't matter what network the PDA and PC are on. Logmein uses an internet connection.

yeah, tried a bunch of things to get logmein to work, and it always comes to the page of "403 Forbidden (0x5) menuPDA.html System error: Access is denied. (5)"
checked their forrums too...
guessing i should try going back to client/server manual entry... either way, any advice from you guys much appreciated.... It seems WM6 are known for incompatibility issues with RDC situations.... hoping not the case but...thanks again guys

got logmein working nicely, thank you for the help guys...

Gooer Remote Desktop Service
I am using Gooer Remote Desktop Service(http://www.gooer.com) and it let me access my home PC using laptop or mobile phone.

remote desktop only works, as far as I know, on XP pro & Vista
http://forum.xda-developers.com/showthread.php?t=357009

[HOWTO] Use VPN with your Android & Home Router

This is a simple tutorial to allow you to connect to the internet using VPN through your home router.
:NOTE: At present, the steps here are sparse. They assume some technical capability to set things up yourself, this is just kindof a guide as to WHAT you'll need to setup.
Why, you ask? Security. Using a VPN will essentially encrypt your communications though a tunnel back to your home computer. Not going into all that here, basically a simple guide. I assume we're all smart here, so the basics.
Prerequisites
1. DD-WRT V24 Capable router. If you don't have this, then you will need to instead use a different method involving installing software on your PC that I won't cover here. The advantage of the DD-WRT router is ease of setup on the router, and not having to have your computer turned on.
2) Capable Android Phone & Provider. I can't troubleshoot your ROM or provider. Some Android Roms don't support VPN, and it's broken in some. Some providers apparently block it. If your Rom is good and your provider doesn't block it, you're golden. In some cases (such as on the G2X) custom kernels (such as Faux123's) will add the necessary TUN support. Or you may need to add a TUN.KO file if it doesn't... again, device specific, refer to appropriate device forums.
3) If you don't have a static IP (I assume you don't) you'll need a dynamic DNS provider compatible with DD-WRT. I prefer freedns.afraid.org, but you can use any o these: dyndns.org, zoneedit.com, No-Ip.com, 3322.org, easydns.com tzo.com or dynsip.org.
Got all that? Great!
Okay, here's the fun bit.
STEP 1
First, you need to hack your router. It's a LOT like rooting your Android phone. How to do it is BEYOND the scope of what I can write here, but what you need to do is visit http://www.dd-wrt.com and have a look around. Or, you can actually purchase routers with DD-WRT pre-installed. Basically you have to flash a custom ROM onto your router. It needs to support VPN, and be at least version "v24 SP1". Older versions may have a DIFFERENT VPN setup that's not as easy. Don't say I didn't warn you. I flashed the full-featured VOIP version to my router, a Buffalo WHR-G54S.
Unlocking (if necessary) and flashing your router with DD-WRT is a topic as broad as rooting/flashing Android - so I can't help you here. But once it is done, you are ready for....
STEP 2
Setup your dynamic DNS provider. I used http://freedns.afraid.org/ to do this. Basically you go to the site and sign up for the free "subdomain" services. You can pick a name that will be on a number of different domains, such as "us.to", where you could maybe pick something like "kick.us.to" if it isn't taken yet. All that matters is you remember the name.
Next, in DD-WRT, go to the Setup->DDNS tab and select the proper DDNS service and enter the information it asks for -- your service used, username, password and hostname usually. You can usually leave update interval at the default, and normally you don't need to use external IP check.
NOTE: You need to make sure you are not "Double NAT-ed".. this means two routers stacked is a nono. If you have a router connected to a cable/dsl router (instead of a cable/dsl modem), then it needs to be set to BRIDGE mode. Again.. complicated and really a topic best dealt with on its own.
Once you've setup your Dynamic DNS, you're well on your way. You can actually use that hostname for all sorts of things, such as always being able to get Audiogalaxy to connect to the right host without having to know a numeric IP that could change.
STEP 3
You're on a roll... Now, time to setup the VPN in the router. This is done under the Services->VPN tab. If that tab doesn't exist, then you got the wrong version of DD-WRT and need to go back to Step 1.
Enable PPTP Server, Broadcast Support, MPPE Encryption. Under Server IP enter your ROUTER's IP address (usually 192.168.1.1, or whatever you use to connect to your router). Under Client IP's, enter the range of clients on your local network in the format: 192.168.1.100-149 (where 100-149 represents possible IP addresses I've set in DD-WRT for my LAN)... this doesn't seem as important since we'll be connecting from outside.. Just do it.
Under CHAP-Secrets enter in your preferred username and password in the format:
username * password *
that is, the username, a space, *, a space, the password, a space and then *
Save and apply settings. (You need to click both SAVE and APPLY, DD-WRT is weird like this)
STEP 4
Back to Android! Yay! This part of the procedure may vary by phone, but this is how it is on my Gingerbread T-Mobile G2X with faux123's kernel.
Goto Settings->Wireless & Networks->VPN Settings->Add VPN->Add PPTP VPN
VPN Name=whatever you want
VPN server= your dynamic IP name you selected in Step 2
Enable encryption = Yes
now, hit Menu->Save
You should now see your VPN listed under VPNs. Click on it, and select CONNECT. Type in your username and password you selected at the end of Step 3.
It should connect. CONGRATULATIONS!
You should also have a notification in your taskbar that will now let you disconnect from the VPN.
STEP 5
Enjoy! .. wait, what? It didn't work? It did for me!!!
I guess.... ask questions here, or if it appears to be a phone issue, ask in your device's appropriate forum (and link to this thread so people know what guide you're following)
And, if anybody reading this is a better expert in setting this stuff up than I am, feel free to critique/laugh/criticize/constructively comment on this little howto and I'll correct anything I Rick Perry'd.

Nice tutorial! Would have been better if you also included more details in hacking our router

DroidVPN said:
Nice tutorial! Would have been better if you also included more details in hacking our router
Click to expand...
Click to collapse
I would have, but like I said, that's a topic as big as phone hacking itself. Every model of router is going to be different! There may be models that support VPN in the router as well without DD-WRT, but I'm not familiar with that setup.
DD-WRT's website has a pretty huge forum on what routers are compatible and how to set it all up.

The optimal speed can be achieved by the compression of traffic and by minimizing server loads. Web acceleration will enable you bring about a drastic improvement in the web page response time. This kind of acceleration usually come in lesser costs and offers the best web application performance.

So Wat does this do? Keeps u secured from the eyes of the ISP?.. harder for others to hack u?...
Sent from my HTC Desire using xda premium

evilgenius00 said:
So Wat does this do? Keeps u secured from the eyes of the ISP?.. harder for others to hack u?...
Sent from my HTC Desire using xda premium
Click to expand...
Click to collapse
lotherius said:
Security. Using a VPN will essentially encrypt your communications though a tunnel back to your home computer.
Click to expand...
Click to collapse
Yeah, that.
...
10char.

Nice TUT, VPN working

Thanks. I mostly appreciated the idea of using afraid.org.
For some reason, Dyndns and no-ip wouldn't work with ICS as client.

thanks for this tut, keep it up

nice.. thanks for sharing

The cool thing is, once you start hacking your router, you open up all sorts of fun. Like using a virtual wireless network to bridge the open wifi network that gets 1 bar of signal in one little corner of your apartment to be a full strength WPA protected network with your own SSID and subnet that all of your devices can use ... not like I would do such a thing. Now, I *am* a bit afraid to try to set up a VPN on the bridged virtual network..... that could get complicated.

Will this also work with OpenDNS?
Already running DDWRT v24 on WRT600N, and trying to figure this VPN stuff to connect my Atrix running CM10. Thanks for any help

katinatez said:
Will this also work with OpenDNS?
Already running DDWRT v24 on WRT600N, and trying to figure this VPN stuff to connect my Atrix running CM10. Thanks for any help
Click to expand...
Click to collapse
Any service which gives you a stable hostname to the outside network should work.

If you have a higher end router that supports the mega builds (8MB flash), then you can opt for OpenVPN which is more secure than PPTP. Setup is more complicated though.

australix said:
If you have a higher end router that supports the mega builds (8MB flash), then you can opt for OpenVPN which is more secure than PPTP. Setup is more complicated though.
Click to expand...
Click to collapse
Still using a (now antiquated) Buffalo WHR-G54S which has 4MB flash and 16MB Ram... so while it has a lot of features, OpenVPN is lacking... so I can't test that method personally.
This Buffalo is the best router I've ever owned, though. I still can do without gigabit or N networking, so I'm not upgrading. I went through 5 or 6 bad routers (even a Linksys WRT-54G that crashed constantly) before I got this one.

Thanks for all the info here. I've deleted the post because I think my issue is with something else.
Thanks..
p

very...helpfull..!!!

Very easy guide! Thanks!

455
nice cool...

bumpin this because i have a question regarding this, i just set this up and it works great
there are mainly two types of auth vpn servers use, certificate authentication and username/password
i tried to set up password one, and you still need the server public certificate along with username/password, but you don't need client public and private keys unlike with cert auth.
now, i placed the server key, ca.crt, on my internal storage and together with username/password, works great, my concern is security of this file. this file needs to be accessible right, so you can't put it in /etc or /system, having it in internal storage, any app with storage permission can read it... isn't this a security risk? how is this solved? where do i put the file?
thanks
edit: also, how do i *prevent* network traffic without vpn? i know there is always on option and start on boot, but i did, and when the boot finnishes there is a brief moment when the phone connects on mobile network just before initializing vpn and in that brief moment android probably sends all sorts of passwords and data through the network ... how do i delay this until vpn is initialized?

Setting up Global SSH Tunnel on Android

For anyone interested in data security the ability to encrypt network traffic is obviously important-- especially in light of the myriad of recent well publicized reports of private and government electronic snooping. It is also relevant to mention that to date no one has come close to cracking "TwoFish" encryption which can be used by SSH. With this in mind, consider the following tutorial which describes a method for encrypting all 3g, 4g, and Wi-Fi data, thus beefing up phone and personal data security.
Setting up a global SSH Tunnel on Android phones
This tutorial assumes the reader possesses a fully configured SSH server and rooted phone. In lieu of a server, (eg., the reader only has only a Windows-based operating system), research into CYGWIN is recommended. I use CYGWIN to run my SSH server and I have found that it is the most robust option for Windows users; however, setting this up on Windows can be a daunting task.
Setting up global SSH Tunnel on Android
1. Download 2 apps from the Google Playstore: ConnectBot and ProxyDroid
2. Install ConnectBot and ProxyDroid on your phone.
3. In ConnectBot set up Port forwards for your SSH connection. For "Type" field use "Dynamic (SOCKS)." For “Source Port” use 56001 or any local port not being used. The reasoning behind using port 56001 is this: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535)
4. Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001 (or the port you chose to use in step 3)
Proxy Type: SOCKS5
Global Proxy: Check the box
The above procedure accomplishes several things. First, ConnectBot remotely connects to your SSH server. Next, the ConnectBot connection forwards to the local port 56001. ProxyDroid then redirects all network traffic through the localhost on port 56001. Once you are connected through ConnectBot and ProxyDroid is activated all of your data will be tunneled through the encrypted ConnectBot session. This is an excellent way to set up a global proxy because it does not require manual configuration of any applications to connect through the proxy. You can test the functionality of the connection by opening up your phone browser and performing the Google search: What is my IP. If the proxy is functional you will see the WAN IP of the network of your SSH server. Additional and more thorough testing can be done with packet sniffers such as WireShark.
An application called "SSH Tunnel" is an alternative to accomplishing the above. However, I find ConnectBot and ProxyDroid is more elegant and gives better control-- not to mention being more sophisticated/chic. When correctly performed the ConnectBot and ProxyDroid method encrypts all 3g, 4g and Wi-Fi data on your phone. This is obviously useful for phone access of sensitive materials especially using unfamiliar or alien network connections. With the current proliferation of identity theft via electronic snooping on mobile devices I do not advocate using cellular phones for any banking or electronic transactions without setting up a robust and reliable encrypted connection.

I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this

Android 4.3?
strifej said:
I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this
Click to expand...
Click to collapse
Unfortunately, I have not done any testing with android 4.3 yet so I'm not sure why the dns request wouldn't be proxied. I'll look into it and get back to you.

DNS proxy on android 4.3
strifej said:
I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this
Click to expand...
Click to collapse
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983

4.4
Dr.Tautology said:
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983
Click to expand...
Click to collapse
Tested on kitkat and is working fine. Ssh tunnel app not working however.

Dr.Tautology said:
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983
Click to expand...
Click to collapse
I use pacman rom on nexus 4.

thank you for this tutorial!
I have been looking for a new way to setup SSH tunneling since the app "ssh tunnel" from the Google Play store stopped working with Android 4.2+
I can't wait to try this out..
I have two phones both SGS4's one running CM 10.2 and the other stock on 4.3 so i will try both of them out and report back here how it works out.
Thanks again for the tutorial!
-droidshadow

Thank you Dr.Tautology
Thank you Dr.Tautology
I was searching a big time for the solution you gave me.
First I was using SSHtunnel app from google play and it worked on my note 3 SM-N9005 (rooted) with jb 4.3. After upgrade to 4.4.2 kitkat (rooted) I could connect but there was no changing to my home ip in the browsers that I use with surfing by example to whatmyip . I also have a tablet "nexus 7" 2012 version upgraded also to 4.4.2 and on this device SSHTunnel is functional and the ip is changing??? I did not understand. Now I was searching for alternatives for my galaxy note 3 and I've found ssh connectbot and proxydroid. After I added the settings that I always used with dyn socks5 port 11723 on both programs.... -> connection to my DD-WRT router (with connectbot) was also possible. I also booted proxydroid and again after running chrome or firefox I still had the same ip so it didn't work.... Now I've found your post and read that the socks5 port must be above 49152. I changed the ports on both programs to 56001 in ('connectbot and proxydroid) and BAM! Connected with my home IP from outside my home :laugh:
The weird thing is that it worked on JB 4.3 with socks5 port 11723.
Now my woking SSH tunnel config -> Host = home-ip:7500 (default port = 22 in DDWRT)
user to connect to DD-WRT router = Root
password = Router password
dyn proxy socks5 port = 56001 as you suggest.
I have an app from my isp that I only can use with my home ip so I had to be home and connect by wifi. Now it's possible again with tunneling
Now the only thing that I have to do is thank you. :victory:
Never thought that the port number should be the problem.
Best regards DWroadrunner

I managed to set this up using SSH Tunnel for android. However I would like to use SSH Autotunnel as it's supposed to handle network changes better and is also more light weight. Does anybody know what type of private key this programm accepts? I have had no luck using putty keygen and the id_rsa I created in ubuntu does not seem to work either.

Glad to help!
DWroadrunner said:
Thank you Dr.Tautology
I was searching a big time for the solution you gave me.
First I was using SSHtunnel app from google play and it worked on my note 3 SM-N9005 (rooted) with jb 4.3. After upgrade to 4.4.2 kitkat (rooted) I could connect but there was no changing to my home ip in the browsers that I use with surfing by example to whatmyip . I also have a tablet "nexus 7" 2012 version upgraded also to 4.4.2 and on this device SSHTunnel is functional and the ip is changing??? I did not understand. Now I was searching for alternatives for my galaxy note 3 and I've found ssh connectbot and proxydroid. After I added the settings that I always used with dyn socks5 port 11723 on both programs.... -> connection to my DD-WRT router (with connectbot) was also possible. I also booted proxydroid and again after running chrome or firefox I still had the same ip so it didn't work.... Now I've found your post and read that the socks5 port must be above 49152. I changed the ports on both programs to 56001 in ('connectbot and proxydroid) and BAM! Connected with my home IP from outside my home :laugh:
The weird thing is that it worked on JB 4.3 with socks5 port 11723.
Now my woking SSH tunnel config -> Host = home-ip:7500 (default port = 22 in DDWRT)
user to connect to DD-WRT router = Root
password = Router password
dyn proxy socks5 port = 56001 as you suggest.
I have an app from my isp that I only can use with my home ip so I had to be home and connect by wifi. Now it's possible again with tunneling
Now the only thing that I have to do is thank you. :victory:
Never thought that the port number should be the problem.
Best regards DWroadrunner
Click to expand...
Click to collapse
Hey DWroadrunner,
That's great news! I'm very happy that my post helped you, as my intention was to provide all the necessary information to do this in one place. It's not always the case that a user port wont work, but unless you are big on port level security it's not easy to determine if/when the port is being used. This is probably why 11723 did work for you, however it's always better to go with a dynamic/private port range. Also, if you want a simple way to improve the security of your ssh server change the default port from 22 to something else. You'd be surprised how many attempts to connect will be made by attackers on a daily basis.
Regards,
DocTaut

droidshadow said:
I have been looking for a new way to setup SSH tunneling since the app "ssh tunnel" from the Google Play store stopped working with Android 4.2+
I can't wait to try this out..
I have two phones both SGS4's one running CM 10.2 and the other stock on 4.3 so i will try both of them out and report back here how it works out.
Thanks again for the tutorial!
-droidshadow
Click to expand...
Click to collapse
Let me know if this is working on CM. I have tested on stock 4.3 with no issues.

Any luck yet?
rintinfinn said:
I managed to set this up using SSH Tunnel for android. However I would like to use SSH Autotunnel as it's supposed to handle network changes better and is also more light weight. Does anybody know what type of private key this programm accepts? I have had no luck using putty keygen and the id_rsa I created in ubuntu does not seem to work either.
Click to expand...
Click to collapse
Hello,
I've used auto tunnel a handful of times. Just wanted to check to see if you figured out what key it accepts. I will test it out when I get a chance.

Dr.Tautology said:
Hello,
I've used auto tunnel a handful of times. Just wanted to check to see if you figured out what key it accepts. I will test it out when I get a chance.
Click to expand...
Click to collapse
Hi, the developer send me a mail saying that autotunnel should accept both private key types. None of them worked for me, though. He also suggested to try and paste the content of the private key into the bracket. I might give that a try. Edit: I can confirm copying and pasting the private key works. But it does not seem to transfer traffic via the the server, at least not the 3g traffic while using chrome. Edit 2: Turns out SSH Autotunnel does not use a socks proxy. Therefore secure browsing is not an option. The app is for secure pop3/ftp-server/smtp-server connections only. Thanks go to Matej for his kind support.

I've been using OpenVPN but I'd prefer to use ssh, as I have several ssh servers around the world, plus their pipes are bigger than my home line I have openvpn running on.
I have yet to get SSH Tunnel (apk) to work reliably; it randomly stops working and it's just a dead connection.
Using ProxyDroid unfortunately requires me to launch ConnectBot, connect ssh, then start the proxy. It'd be nice if ConnectBot could bring up the connection automatically, or ProxyDroid could do it. What I do right now is VPN unknown wifi connections and I can automate that with Tasker. I might look to see if I can automate connecting with ConnectBot then enable the ProxyDroid connection.

You can use ssh tunnels also with Drony if some proxy with authentication is involved. Works also on non rooted devices.

Automation
khaytsus said:
I've been using OpenVPN but I'd prefer to use ssh, as I have several ssh servers around the world, plus their pipes are bigger than my home line I have openvpn running on.
I have yet to get SSH Tunnel (apk) to work reliably; it randomly stops working and it's just a dead connection.
Using ProxyDroid unfortunately requires me to launch ConnectBot, connect ssh, then start the proxy. It'd be nice if ConnectBot could bring up the connection automatically, or ProxyDroid could do it. What I do right now is VPN unknown wifi connections and I can automate that with Tasker. I might look to see if I can automate connecting with ConnectBot then enable the ProxyDroid connection.
Click to expand...
Click to collapse
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.

Dr.Tautology said:
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.
Click to expand...
Click to collapse
I think so, it's just firewall settings etc.. Unfortunately for me, I need stuff that doesn't support SOCKS so I've gone back to looking into a faster OpenVPN service.
But this is good for browsing and things that use http etc.

Dr.Tautology said:
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.
Click to expand...
Click to collapse
hi have you figured out an automated script for this task via tasker, iv tried to create something but ended up no where lol.

Hi my collage wifi connection is proxy based
Whenever i surfed internet on that connection only some basic application are connected through that connection
But many 3rd party apps doses't connect by that connection like games
Any solution like connection tunnel apps or else
I don't want to root my device
Thanks

sam.jaat said:
Hi my collage wifi connection is proxy based
Whenever i surfed internet on that connection only some basic application are connected through that connection
But many 3rd party apps doses't connect by that connection like games
Any solution like connection tunnel apps or else
I don't want to root my device
Thanks
Click to expand...
Click to collapse
Do you have to login to the proxy or is it an open proxy? If it's open, you could see if you can find a OpenVPN server that listens on 80 or 443. Then use any OpenVPN client on Android and you can add/update config to match the directions here: https://openvpn.net/index.php/open-source/documentation/howto.html#http