Related
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Unfortunately there is no simple answer to your question. AFAIK you cant get a fixed ip on gprs, but if your using the right firewall and the right vpn host you dont need to.
I use and supply windows sbs 2003 servers and vpn into them regularly. I have also used citrix to achieve similar results. Might be a bit difficult to persuade your firms it dept to set up something like that for 1 person though.
PM me if youd like any advice.
BillyB said:
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Click to expand...
Click to collapse
Hello Billy,
You ask a good question, but the answer isn't simple. Most carriers do have two types of APN (Access Point Name) provision for your SIM: "private" APN (which provides a non-routable IP assignment from behind a NAT, for basic browsing and e-mail functionality) and "public" APN (that provides a routable IP assignment, which is the Minimum Requirement for a more sophisticated connection type, such as VPN, etc). However, both of them are assigned by a DHCP (Dynamic Host Configuration Protocol) Server on a GGSN (Gateway GPRS Support Node) of your particular GPRS network operator. In either case, the end result will obviously be a DYNAMIC IP address on your GPRS terminal (be it a laptop PC, a PDA, or phone)
Some carriers do offer what is called a "dedicated APN" provision, which gives the subscriber their own IP range to choose from (almost like a small subnet), but it is only available to corporate giants like Pepsi (for example).
Now, to sum it up, you must have the proper APN provisioned on your Mobile SIM account (which the provider will normally call something like a "VPN data package" in billing terms). Then, you must obviously establish a GPRS session before you can connect your VPN client (but remember that most basic VPN clients work the best). It is pretty sad to say, but Microsoft Windows-embedded VPN client on Win2k/XP Pro so far has performed the best with no quirks whatsoever. It has to be via PPTP...L2TP has also worked for me..otherwise, the fancier (and more secure) the VPN tunneling protocol, the more its likely to fail. Normally all you need for a basic MS WIndows VPN client config is the Server name (or IP address), the user name, and the password.
Hope this helps,
Let me know how it goes,
Alex
PS. PM me if you have further questions.
VPN and TS Its like pulling teeth
hi all this has got to be the most anoying problem ever. i can connect to O2 vpn access point and hence i can connect to my work vpn server. however as soon as i try to open a TS connection to my desktop (through the vpn) the VPN connection is dropped and i never connect. Can anybody tell me why? if i have a vpn connection to my work server why does TS try to make another connection and bomb out the original. Is there a fix or another way of doing this i.e. does a external IP have to be nat'd to my desktop IP on port 3389? all help greatly appreciated. Ian
Does anyone know of an app that allows your phone to become a web proxy?
Let me explain my situation... I work for a corporation that filters all their internet connections through a web proxy, which sucks cuz I can't visit any of the fun sites... one way around this I've found was to use ICS on my phone but that interferes with the default gateway on the current network.
All traffic on the network by default goes to an internal gateway on the local intranet and it really needs to stay this way because there are too many work ip's and ports to be able to statically route all of them through a specific destination and leave the default gateway as the ICS 192.168.1.1.
I have been able to create static routes to specific ip addresses (like my home computer) which override the default gateway and use ICS instead.. this is great but obviously not that great for web browsing and masking my use on the internet... what I would like to be able to do is set the HTTP proxy to my phone and have it handle all of the redirection... that would allow me to have a single route in the routing tables but span out to wherever I want on the web...
Oh, and yes, I have thought of just setting up a proxy on my home comp and routing through the phone -> home comp -> back through phone but that obviously limits me to the upstream bandwidth of my home network... which isn't TERRIBLE, and is feasible but obviously if I could eliminate the extra jump it would be much much better.
I can handle the routing tables np, they're easy to add from command-line.. problem is I need some kind of a proxy application on the phone that will handle all of the HTTP calls... anyone know of an application such as this?
Thanks
Hm can't say I know of an app that does this... it is planned for one of the upcoming releases of WMWifiRouter but that's still a while away and may give you the gateway issue again.
Chainfire said:
Hm can't say I know of an app that does this... it is planned for one of the upcoming releases of WMWifiRouter but that's still a while away and may give you the gateway issue again.
Click to expand...
Click to collapse
Ya I did more googling and still can't find anything... I just setup dante server on my linux vm at home and got a good socks proxy going.. seems to be working very well.. my upstream on cable is 80k/sec so that's not too bad I guess.
I'll keep an eye on wmwifirouter release notes though thanks
I'm an IT guy and I just got into smartphone PPCs for the first time after a long-time hiatus from PDAs when I used to be a Palm owner. After my last palm, a LifeDrive, got stolen I moved to a Moto Q wich was a big dissapointment OS wise, and I never really got into modding it or anything, just set my POP3 e-mail server and used it like that for 2 years (draw back was that I didn't have contact sync nore internal e-mail sync that got handled by my exchange server). My contract with that Q expired and I made the move to a Sprint Mogul with WM 6.1 Pro and I'm NEVER LOOKING BACK!!!
Anyways, enough about me, this is my first contribution so I wanted to do the little intro.
I had searched around a bit about how to get ActiveSync to sync my company's Exchange server through PPTP VPN (we don't have it published with a certificate for an actual push config) but all I found was info on how to setup the VPN itself, being an IT guy that was like pointing out the obvious to me as I had already got that running and connecting but couldn't get anything but the OWA site opening in IE and Opera.
Basically what I figured out was that I had to program a work URL exception in the Connections control panel under the Advanced tab. There I added my exchange server's IP address as a URL and used that IP to program the server under ActiveSync with all the usual credentials. I can't configure it to receive as items arrive, instead I had to let the configuration run on a 10 minute schedule. Every time the schedule is up I see the VPN connecting pop up and it syncs PERFECTLY and disconnects the VPN. (It doesn't turn on my screen each time, it just pops up if I'm using it; but that pop up can be turned off if it gets to annoying).
I don't know if anyone else knew about this but I though I'd share this info as I searched for a few days and found nothing, ended up figuring this out myself. If this is new info I'll post more detailed configuration information for those who desire it.
BTW, this is working over the Data Plan and WiFi as well.
Wow. your a god...
I been trying to figure why it kept disconnecting the vpn when it synced up.
Adding the work url exception works perfect...
(Im using WM6.1 on a Samsung Omnia)
Many Many thanks!
No problem dude! I'm surprised no one else has really found this helpful. Glad I could help!
BTW, those exceptions work very well for internal web sites as well. I use it to log in to web-based management consoles such as Symantec's Mail Security for Exchange, Symantec Endpoint, basically if you got an internal website of some sort you can access it through VPN using a Work URL Exception.
I was looking for this info too, i would like more detailed configuration information about this.
Thanx in advance...
Roland hendriks
What part of the configuration are you having trouble with? Configuring the VPN, the Exchange Server or the URL Exception?
Thanks
I personally am thankful for your information. Even if none of the other 1000s of readers out there say anything...
Thank you for sharing your knowledge.
Tim
Glad I could help! I know I broke my head over this one during the first week of me having a WM phone. I figured it out thanks to the Fdc Soft Task Manager using the Netstat utility. It let me know exactly what the network stack of the phone was trying to do and the URL exclussion I just stumbled upon and reading what the page said it lead me to believe that it might be a routing table for configured "WORK" connections. And it worked.
During the past month or two of using my exchange like this and switching around ROMs and cooking my own ones now I've noticed that having TCP Data Reconnect and Transmission Retry settings in your registry set to high will cause Active Sync to take a long ass time for it to actually route communications through the VPN connection. I noticed this after using custom ROMs wich some have these settings increased to ensure communications go through but they raise connection timeouts way to much. On my own custom ROM I've set these to defaults (2 and 4 respectively) and Active Sync only takes about 1 minute to start syncing onces you hit sync while you wait for it to dial the cellular line and the VPN.
you talk about the vpn..
i think you are in the very small percentage of ppl who can get that to work.
i have the activesync set to manual and have tried the vpn type to both IPSec/L2TP and PPTP
w/o success..i always get a UN PW error which i know cant be so..
i set the host ip to what was shown from "whatsmyip"..
searching for quite awhile, i see thousands of ppl who cant get it to work and have
never found a reliable method that works for anyone but the person who posted it.
if you could back track a little and post how to do it, there are probly
thousands of ppl who would find it very useful and really appreciate it.
thanx
Well one thing is how to setup a WM device's VPN client to connect to your VPN server and another is actually configuring your VPN server. Do you have a working VPN setup in your corporate network already? This usually is setup by having a static IP assigned to your corporate internet connection and a firewall configured to allow VPN access with all the necessary traffic and authentication routes.
If you don't have a static IP in your office and use a lower cost DSL or Cable connection you aren't SOL, for these types of connections you can use a service like dyndns.org to dynamically upadate your dynamic IP into a static dns name like: mycompany.dyndns.org for example. This requires you to setup your firewall or ISP modem to communicate with dyndns.org to report the changes. Most firewalls come with this funcionality already built-in, but most of them also call them by different names so you'd have to look up your equipment's documentation on how to report a dynamic dns service.
I would be happy to help you setup your VPN correctly but its more practicall for me to help you setup a checklist on which type of VPN you want to setup (IPSec or PPTP) and what your corporate network's infrastructure looks like and let you know what to look for in google; there is PLENTY of very helpful information on the web on how to setup VPN but first you have to know what you need and how you are going to achieve it and then you'll know what to look for.
Each setup is very particular to the customer's needs and the network infrastructure that is setup and how much security you want to use (IPSec is a naturally secured VPN tunnel protocol while PPTP is not secured by nature but can be secured with a Radius server in your DMZ validating authentication in an encruypted manner to your Active Directory service).
What I posted above will work for an already existing and working PPTP VPN connection wich I already had running for years in my office and I regularly use with my laptop to connect to my exchange server while on the road or at home. What I posted above is what is need to get your WM device to connect to an already functioning PPTP VPN server.
Hope this helps. And if I'm to help you make a checklist I need a lot of information:
Type of ISP (static IP or dynamic IP)
Type/Brand of firewall device
How the devices are connected together (dumb modem or internet router from your ISP to your firewall's WAN port or a full blown router provided by your ISP wich is patched into your firewall's WAN port)
Internal network configuration (both AD and Exchange on same server (SBS) or separated)
What amount of security you are looking for.
Send me some PMs and maybe I could at least point you in the right direction.
nttdemented: I'm doing the PPTP shuffle at the moment, and wanted to pick your brains..
The basic connection is running fine - e.g. when I add 192.168.0.1 as an Exception and go to http://192.168.0.1 in Pocket IE the VPN fires up and I see the page just fine.
I've also added '10.6.1.8' as an exception, but if I go to that address in PIE, I don't see any network activity (using ethereal/tcpdump) on the 'ppp0' server interface (I use Ubuntu server's pptpd) ...
Can I assume that your Exchange server is hosted on the same machine as your PPTP server? Some MS SBS or similar?
Even if I configure an http proxy (on the 192.168.0.1 IP) I see no activity when I try the 10.6.1.8 address. :/
thanks so much!!
that i didn't find/read about the "exceptions" option in WM before...
Somehow, when i got my phone, i got it to work without this workaround, it just worked, out of the box, no exception setting required. (VPN settings + exchange server location were enough)
But yesterday, from the one moment to the next, it suddenly stopped working.
In my efforts to get it to work again i deleted the exchange settings, but doing that, I deleted all my contacts and my agenda! I was in big trouble because I really needed those , but after reading your post, i got it working again! my phone is synching "as we speak" and i'm very happy!
don't know how it worked before, don't know why it stopped working, all I know is, it's working now!
you made my day
Good to know!
Cheers!
I've since stopped using this method as we got around to publishing our Exchange server with an SSL certificate so I'm actually using SSL enabled ActiveSync push on my phone now.
Excuse me but perhaps you can help me too.
My problem is that I can get/sync my mails using WIFI.
If I connect thru GPRS, y go to send/receive and I get all the mails. If I'm on my office and connect thru WIFI to the work net I also get all the mails from the exchange server.
The problem is when I'm outside my office and connect to other wifi net and try to sync my mails. I have an HTC TOUCH CRUISE with WM 6.1 original from HTC without any flash.
Thanks in advance.
VPN connection doesn't always connect for ActiveSync synchronization?
I have had ActiveSync working with an Exchange server over a PPTP VPN connection for years now, but there has been one nagging issue I can't figure out. For the most part it works, but sometimes when ActiveSync tries to sync it will not make the VPN connection. There is only one connection listed when I tap on the icon on the notification bar - the phone's data connection. So in activesync, the icon with the arrows spins for a while but nothing synchronizes. I think it ends up saying "waiting for network" or something like that. It seems to always work when I manually hit "sync", but sometimes it fails on scheduled synchronizations.
Any idea why this happens sometimes?
oh...cheers...got my brain back...
The exceptions rule has almost fixed mine now. I'm getting mail but not through Activesync (just sits waiting for network).
I have a stock Samsung Vibrant. It connects to my home wifi network just fine and is very fast.
At my school we have to register the mac address' of devices we have on their Clean Access servers. I have registered many devices that work fine.
I registered the mac address of my Vibrant, and it can connect to the wifi, but it will not load a web page. Does anyone have any idea of what is wrong.
I also registered my roommates Vibrant. His does not work either.
I work at the Schools Tech Support so I have access to register and edit my phone on their Clean Access servers.
Does anyone have any solutions?
are you using WPA/WPAv2 or WEP + RADIUS authentication? Does your vibrant obtain an IP address successfully? Can you ping the default router?
The wifi that works at my apartment is WPA2.
The wifi at school is an open network. I can fully connect to their wifi.
Status Connected
Speed 48Mbps
Signal Strength Good
Security Open
IP address (a real IP address)
Im going out on a limb here. I am going to say its the Clean access and your "open network". I assume on your schools computer you use your student ID and some password. Your phone would need the same thing if that is the case. I know at my school, iphones are the only phones that can access our clean access. If its not the case then i am sorry.
my school runs clean access and it works fine. but they have two networks a guest and a login. i use the guest cause i don't want to waste the time to login. but i can try it on monday. typically with linux (i.e. android) you have a web portal and have to agree to some antivirus bs by clicking a button and that's it (and login for the non guest network). one thing i have noticed, though, is that typically i have to turn wifi on, connect to the network, try to load a page, it doesn't work, then i turn wifi off then immediately back on and try to load a page and it takes me to the login/terms portal page.
GTASouthPark said:
The wifi that works at my apartment is WPA2.
The wifi at school is an open network. I can fully connect to their wifi.
Status Connected
Speed 48Mbps
Signal Strength Good
Security Open
IP address 140.209.21.68
Click to expand...
Click to collapse
You should remove the IP from post. Anyways, it seems like the handshake is good. Note down the address of redirected terms and conditions page you get when trying to go online from a laptop. Then enter the same address in vibrant's browser once you are connected through Wifi ( or set it as homepage) and see if that lets it through.
Probably an issue with Android's lack of native NTLM support. AFAIK this is still unresolved. Have you tried using Fennec rather than the stock browser? I've heard you can authenticate properly using it.
Siks said:
Probably an issue with Android's lack of native NTLM support. AFAIK this is still unresolved. Have you tried using Fennec rather than the stock browser? I've heard you can authenticate properly using it.
Click to expand...
Click to collapse
interesting. i use dolphin hd and it works for the clean access web authentication page.
Could be, if your school does not have a guest account login for devices, that you are getting on the segregated network because CA cannot verify the "cleanliness" of your device. When I setup CA it verified patch levels and such on the non-guest network, so unless CA comes out with a Android client/access list, it may not work.
watcher64 said:
Could be, if your school does not have a guest account login for devices, that you are getting on the segregated network because CA cannot verify the "cleanliness" of your device. When I setup CA it verified patch levels and such on the non-guest network, so unless CA comes out with a Android client/access list, it may not work.
Click to expand...
Click to collapse
except then it wouldn't allow osx or linux. clean access requires an app for windows to verify service pack and av and whatever, but for linux and osx it doesn't. it wouldn't be able to (at least for linux).
funeralthirst said:
except then it wouldn't allow osx or linux. clean access requires an app for windows to verify service pack and av and whatever, but for linux and osx it doesn't. it wouldn't be able to (at least for linux).
Click to expand...
Click to collapse
That is correct but it can ID the operating system and has exceptions for those flavors ...
Hey it's me again.
I don't think it's an android thing because I had my G1 on the servers.
Normally what happens if you aren't registered on Clean Access is, if you open a web browser, you will be automatically redirected to an authentication page where you put in your school ID and password. This would work fine and allow me to get on the wifi, but it never came up on the web browser, it just tries to load the page for awhile and goes to a 'Page cannot be displayed' page.
Also I have tried using different browsers, including Dolphin HD.
If I can just get to the authentication page even it will be fine, I could work with that.
Also the school does have a guest login, but you have to get to the authentication page, and I wouldnt want guest access since it limits time, bandwidth, and features.
That is exactly what I said my last reply...Try putting https infront of your authentication URL, and make sure the java-script etc. is on in your browser...Try clearing cache and hit refresh as well. Also, see what happens if you set that URL as homepage...
GTASouthPark said:
Hey it's me again.
I don't think it's an android thing because I had my G1 on the servers.
Normally what happens if you aren't registered on Clean Access is, if you open a web browser, you will be automatically redirected to an authentication page where you put in your school ID and password. This would work fine and allow me to get on the wifi, but it never came up on the web browser, it just tries to load the page for awhile and goes to a 'Page cannot be displayed' page.
Also I have tried using different browsers, including Dolphin HD.
If I can just get to the authentication page even it will be fine, I could work with that.
Also the school does have a guest login, but you have to get to the authentication page, and I wouldnt want guest access since it limits time, bandwidth, and features.
Click to expand...
Click to collapse
did you try turning on wifi, wait for it to connect, try to load a page (any page because it will redirect you), wait for it to time out, pull down the notification bar, turn wifi off, turn it back on and then reload the page? i know it sounds dumb, but this is the only way i've got it to work at my school and it works every time...
watcher64 said:
That is correct but it can ID the operating system and has exceptions for those flavors ...
Click to expand...
Click to collapse
to what flavors? i'm guessing android will show as linux since it's based off a linux kernel. more than likely it checks for windows, and if false goes to the default linux/osx page because to clean access those aren't threat os's.
VICosPhi said:
That is exactly what I said my last reply...Try putting https infront of your authentication URL, and make sure the java-script etc. is on in your browser...Try clearing cache and hit refresh as well. Also, see what happens if you set that URL as homepage...
Click to expand...
Click to collapse
they don't have the authentication URL on their homepage so I don't know what it is, it should automatically redirect me to it.
Also when I connect to wifi, try to load a page, let it time out, turn off wifi, turn it back on and connect again, and then refresh the page.. nothing happens it times out again.
Ok so I did find out the authentication page URL. Typed it into my phone. I had high hopes when a page saying "You are being redirected to the network authentication page. If you are not redirected automatically, then please click HERE".
Anyway it did redirect me, to a "Web page not available"... etc.
In the default browser it gave me the error... "Data connectivity problem. A secure connection could not be established". umm wtf?
Can you communicate with other protocols/ports? I used to be able to exploit a bug with our school's CCA servers where I could just connect unauthenticated and use SSH. (Maybe it was a feature?)
I can't use any other web protocols.
Bump. Okay. I've figured out how to do this . '
it's a t mobile vibrant either kernel or rom problem. My phone connected the very first time I tried to use it at an argosy site, then never ever ever again.
so. I used wifi manager to find out what the ip, gateway, subnet mask, and dns 1 and 2 were. I went to settings, wifi, options key to go to advanced options, from there selected static ip and entered all the info I gathered
bam! ! Connected every time.
Oh and btw, the reason I say its a tmobile vibrant rom or kernel problem is that on fusion, Eugene's and bionix final, I was able to connect right away, every time . And on my f friends att fascinate and verizon captivate, they never had to enter the static ip like I did. They connected right away every time . Yet everyone I know that had s vibrant kept having the same proble. m i did .
Tmobile. What a piece of ****. Anyway I figured nobody had this figured out so I'd jump in.
Hope this helps out some people. GL
If you're like me, then you have a data plan with T-Mobile that includes only 2.5GB of data for tethering. After you 2.5GB is up,T-Mobile begins redirecting all of your tethered traffic to a webpage prompting you to buy more tethering data.
T-Mobile does this by reading all of the headers on every HTTP request. It analyzes each one and reads the User-Agent string. This is what tells websites how to deliver their content for you and is why you only get mobile versions of webpages on your phone and not on your laptop. So, many people got around this by spoofing the user agent with a browser plugin to make it look like your laptop was requesting the mobile version of websites (so T-Mobile would think that it's a phone requesting the data, not a tethered laptop.) However this solution only works for that specific browser. Other browsers, applications, and devices that do not support User-Agent spoofing were left without a solution. Was I really the only one trying to tether my PS3 for Netflix and gaming?
So some people turned to VPNs which basically act as a secure proxy so that T-Mobile could not read the traffic and tell what the User-Agent was. But this often costs money and/or slows down your network speed. Seeing as how people who are looking for a tether workaround are trying to not spend money, and are trying to use T-Mobile's lightning fast LTE, this isn't really a practical solution.
So after spending hours and hours looking for a solution, I came to the conclusion that there was none yet.
I deduced that the obvious solution would be to modify the packets on the fly and change the user-agent string of every HTTP request as it came to the phone before forwarding it on to T-Mobile. Luckily for us, all HTTP requests that have no User-Agent string or a string of "null/null" etc. are automatically accepted! So all that needed to be done was to strip the user-agent string of all of the outgoing HTTP requests - on the fly.
My first thought was that hopefully there was an android app that could do this.
There isn't.
And I am not capable of making one but if you find one or can make one, please tell me and I will adjust this explanation because that would make things a bit simpler. However, since we don't live in a perfect world, we have to run a program on a computer and route all traffic through that program. This wonderful little program that I came across called "Fiddler" (it won't let me post the link but it's www[dot]fiddler2[dot]com) is just what we need. It's a completely free program.
Go download and install fiddler. This program will allow us to monitor and 'fiddle' with the network traffic on the fly!
First, fire up your tethering app on your phone and connect your computer. I personally use android WiFi tether but I suppose it probably doesn't matter which one you use. Once you've connected your computer. Open up fiddler, go to "Rules," "User-Agents," and select "Custom..." A window will pop up. Leave this blank and click okay. Now, all of the network traffic from that computer with have its user-agent string modified to "User-Agent:[blank]" Test this out on any browser on your computer and you should not be redirected to the upsell page.
Now for all of your other devices! I was particularly concerned with my PS3 but any device that supports proxy use will work. That's a hell of a lot more devices than the number that support UA spoofing haha. Go to "Connection Settings" on your PS3 and select "Manual"
Go through your setup as usual and connect to your phone's wifi hotspot. When you come to the page that says "Proxy Settings" select "Use"
For the IP address go back to your computer and look at Fiddler. In the top-right corner there is an image of two computers and it says "Online" next to it. Hover over that icon and it will have an IP address listed. This is the virtual proxy that Fiddler has set up for auxillary incoming traffic on the local network. Type that IP address into the PS3's proxy settings and use port 8888 (you may have to configure your computer firewall to allow incoming traffic on that address/port)
Also, in Fiddler go to the AutoResponder tab and check the box that says "Unmatched requests passthrough." This is so that HTTP requests that come in without a User-agent already defined will just be passed on. If this box is not checked you may get frequent 404 errors.
Finish up the connection settings on the PS3 and let it fly! You can watch the traffic on Fiddler in real time!
This is my first post on XDA and this workaround is brand new as far as I can tell so there may be some kinks that need to be worked out.
Let me know if you have any questions or problems!
Respectfully,
Hunter.
TexasState said:
If you're like me, then you have a data plan with T-Mobile that includes only 2.5GB of data for tethering. After you 2.5GB is up,T-Mobile begins redirecting all of your tethered traffic to a webpage prompting you to buy more tethering data.
T-Mobile does this by reading all of the headers on every HTTP request. It analyzes each one and reads the User-Agent string. This is what tells websites how to deliver their content for you and is why you only get mobile versions of webpages on your phone and not on your laptop. So, many people got around this by spoofing the user agent with a browser plugin to make it look like your laptop was requesting the mobile version of websites (so T-Mobile would think that it's a phone requesting the data, not a tethered laptop.) However this solution only works for that specific browser. Other browsers, applications, and devices that do not support User-Agent spoofing were left without a solution. Was I really the only one trying to tether my PS3 for Netflix and gaming?
So some people turned to VPNs which basically act as a secure proxy so that T-Mobile could not read the traffic and tell what the User-Agent was. But this often costs money and/or slows down your network speed. Seeing as how people who are looking for a tether workaround are trying to not spend money, and are trying to use T-Mobile's lightning fast LTE, this isn't really a practical solution.
So after spending hours and hours looking for a solution, I came to the conclusion that there was none yet.
I deduced that the obvious solution would be to modify the packets on the fly and change the user-agent string of every HTTP request as it came to the phone before forwarding it on to T-Mobile. Luckily for us, all HTTP requests that have no User-Agent string or a string of "null/null" etc. are automatically accepted! So all that needed to be done was to strip the user-agent string of all of the outgoing HTTP requests - on the fly.
My first thought was that hopefully there was an android app that could do this.
There isn't.
And I am not capable of making one but if you find one or can make one, please tell me and I will adjust this explanation because that would make things a bit simpler. However, since we don't live in a perfect world, we have to run a program on a computer and route all traffic through that program. This wonderful little program that I came across called "Fiddler" (it won't let me post the link but it's www[dot]fiddler2[dot]com) is just what we need. It's a completely free program.
Go download and install fiddler. This program will allow us to monitor and 'fiddle' with the network traffic on the fly!
First, fire up your tethering app on your phone and connect your computer. I personally use android WiFi tether but I suppose it probably doesn't matter which one you use. Once you've connected your computer. Open up fiddler, go to "Rules," "User-Agents," and select "Custom..." A window will pop up. Leave this blank and click okay. Now, all of the network traffic from that computer with have its user-agent string modified to "User-Agent:[blank]" Test this out on any browser on your computer and you should not be redirected to the upsell page.
Now for all of your other devices! I was particularly concerned with my PS3 but any device that supports proxy use will work. That's a hell of a lot more devices than the number that support UA spoofing haha. Go to "Connection Settings" on your PS3 and select "Manual"
Go through your setup as usual and connect to your phone's wifi hotspot. When you come to the page that says "Proxy Settings" select "Use"
For the IP address go back to your computer and look at Fiddler. In the top-right corner there is an image of two computers and it says "Online" next to it. Hover over that icon and it will have an IP address listed. This is the virtual proxy that Fiddler has set up for auxillary incoming traffic on the local network. Type that IP address into the PS3's proxy settings and use port 8888 (you may have to configure your computer firewall to allow incoming traffic on that address/port)
Also, in Fiddler go to the AutoResponder tab and check the box that says "Unmatched requests passthrough." This is so that HTTP requests that come in without a User-agent already defined will just be passed on. If this box is not checked you may get frequent 404 errors.
Finish up the connection settings on the PS3 and let it fly! You can watch the traffic on Fiddler in real time!
This is my first post on XDA and this workaround is brand new as far as I can tell so there may be some kinks that need to be worked out.
Let me know if you have any questions or problems!
Respectfully,
Hunter.
Click to expand...
Click to collapse
Yeah, that's a workaround indeed, however the setup is long and extensive for anyone. We're still trying to find a QUICK solution that doesn't require a mass setup of every device. I only bounce to my tethering when there's an outage at home or I'm on the road, neither are the best solutions to be spending time switching everything over when I could have just as easily opened the browser on my phone to take care of everything. I found this post from the link you posted in the other thread where we weren't discussing hard solutions, just concepts and ideas, theoretical solutions (hence why there was never a post like this there). It's great to see that the one thing we know is the catalyst has been confirmed once again (HTTP USER-AGENT) as what T-Mo and every other carrier is doing, so this is a solution for not just T-Mo, but every provider. Again, it's a hell of a setup and requires that you keep at least one computer active during the ENTIRE tethering session, also, it appears T-Mo doesn't block Playstation 3 from what I can tell, at least we were able to watch like 3-4 hours of Netflix when we had the 500mb tethering cap without a problem.
This affect nat type? If I use this program? Ps3 online game though
Sent from my SGH-T889 using XDA Premium 4 mobile app
It seems T-Mobile has caught onto using different agents. I was trying to use mobile hotspot on my laptop yesterday. It didn't matter if my UA was android handset or Googlebot, it redirected me to a hotspot upsell page.
Dr. Hax said:
It seems T-Mobile has caught onto using different agents. I was trying to use mobile hotspot on my laptop yesterday. It didn't matter if my UA was android handset or Googlebot, it redirected me to a hotspot upsell page.
Click to expand...
Click to collapse
Go into your APNs and select the tethering APN, if you can edit the hostname from epc.tmobile.com to fast.t-mobile.com or whatever your normal APN is, there are a bunch of threads talking about how to get tethering working, this is just the LAST step, don't come here thinking this is the FIRST step, you're going at it backwards.
TexasState said:
If you're like me, then you have a data plan with T-Mobile that includes only 2.5GB of data for tethering. After you 2.5GB is up,T-Mobile begins redirecting all of your tethered traffic to a webpage prompting you to buy more tethering data.
T-Mobile does this by reading all of the headers on every HTTP request. It analyzes each one and reads the User-Agent string. This is what tells websites how to deliver their content for you and is why you only get mobile versions of webpages on your phone and not on your laptop. So, many people got around this by spoofing the user agent with a browser plugin to make it look like your laptop was requesting the mobile version of websites (so T-Mobile would think that it's a phone requesting the data, not a tethered laptop.) However this solution only works for that specific browser. Other browsers, applications, and devices that do not support User-Agent spoofing were left without a solution. Was I really the only one trying to tether my PS3 for Netflix and gaming?
So some people turned to VPNs which basically act as a secure proxy so that T-Mobile could not read the traffic and tell what the User-Agent was. But this often costs money and/or slows down your network speed. Seeing as how people who are looking for a tether workaround are trying to not spend money, and are trying to use T-Mobile's lightning fast LTE, this isn't really a practical solution.
So after spending hours and hours looking for a solution, I came to the conclusion that there was none yet.
I deduced that the obvious solution would be to modify the packets on the fly and change the user-agent string of every HTTP request as it came to the phone before forwarding it on to T-Mobile. Luckily for us, all HTTP requests that have no User-Agent string or a string of "null/null" etc. are automatically accepted! So all that needed to be done was to strip the user-agent string of all of the outgoing HTTP requests - on the fly.
My first thought was that hopefully there was an android app that could do this.
There isn't.
And I am not capable of making one but if you find one or can make one, please tell me and I will adjust this explanation because that would make things a bit simpler. However, since we don't live in a perfect world, we have to run a program on a computer and route all traffic through that program. This wonderful little program that I came across called "Fiddler" (it won't let me post the link but it's www[dot]fiddler2[dot]com) is just what we need. It's a completely free program.
Go download and install fiddler. This program will allow us to monitor and 'fiddle' with the network traffic on the fly!
First, fire up your tethering app on your phone and connect your computer. I personally use android WiFi tether but I suppose it probably doesn't matter which one you use. Once you've connected your computer. Open up fiddler, go to "Rules," "User-Agents," and select "Custom..." A window will pop up. Leave this blank and click okay. Now, all of the network traffic from that computer with have its user-agent string modified to "User-Agent:[blank]" Test this out on any browser on your computer and you should not be redirected to the upsell page.
Now for all of your other devices! I was particularly concerned with my PS3 but any device that supports proxy use will work. That's a hell of a lot more devices than the number that support UA spoofing haha. Go to "Connection Settings" on your PS3 and select "Manual"
Go through your setup as usual and connect to your phone's wifi hotspot. When you come to the page that says "Proxy Settings" select "Use"
For the IP address go back to your computer and look at Fiddler. In the top-right corner there is an image of two computers and it says "Online" next to it. Hover over that icon and it will have an IP address listed. This is the virtual proxy that Fiddler has set up for auxillary incoming traffic on the local network. Type that IP address into the PS3's proxy settings and use port 8888 (you may have to configure your computer firewall to allow incoming traffic on that address/port)
Also, in Fiddler go to the AutoResponder tab and check the box that says "Unmatched requests passthrough." This is so that HTTP requests that come in without a User-agent already defined will just be passed on. If this box is not checked you may get frequent 404 errors.
Finish up the connection settings on the PS3 and let it fly! You can watch the traffic on Fiddler in real time!
This is my first post on XDA and this workaround is brand new as far as I can tell so there may be some kinks that need to be worked out.
Let me know if you have any questions or problems!
Respectfully,
Hunter.
Click to expand...
Click to collapse
Doesn't work on ps3...obtaining ip address succeeds but internet connection fails..i added the ip and port 8888 to the fire wall and allowed connection. and when i hover over the two computers it shows two ip addresses i have tried both and same results
metro pcs upsell, lg optimus f3/JB 4.1.2
I'm on the Metro PCS network, i used to have the lg motion and that phone would hotspot my ps3 with no problems. I figured that I would upgrade my phone to the lg optimus F3 and keep hotspoting on the $60 unlimited plan. Much to my surprise I have ran into the same issue many have others have ran into, the tmobile upsell page. mine now says metro pcs upsell. so I have tried many Apps in the store with no possible way around the upsell page. After hours and days of research, its apperhant that tmobile and metro pcs are not restricting the tethering function. I can obtain an ip address but not gain internet access. As have many others. I've rooted my phone using motochopper, i installed titanium backup pro, and rom toolbox pro. I backed up all my apk's to the external and went root browsing for anything that has to do with wifi, hotspot or tether. I wasnt getting anywhere untill today. My LG Optimus F3 runs on JB 4.1.2, instead of finding tethering features i found the open source codes on sharing data and http rules. I dont have much experience with altering codes, but i do know this would be a great starting point for bypassing the upsell reroute. By using romtools pro, i finally found myself using the app manager, from there i clicked on the file networking apk, i scrolled the app display to the right to get to romtools special features, clicked on explore apk. Every rule was laid out in plain text using a notepad. Javax/servlets/resources. Every file in this folder can be read with notepad. There is tons of info regarding internet sharing, web browsing, and what runs and triggers the infamous upsell codes. I've read a few post where developers are trying to find the source of upsell, i hope this helps as a starting point. (Besides that) i was also able to enter the lg hidden menu and uninstall all metro pcs apps with one click
"(Besides that) i was also able to enter the lg hidden menu and uninstall all metro pcs apps with one click""" ????
i am in exact same boat , metropcs , rooted with all tricks tried , and still upsell page .
one interesting thing though is my lg motion can use the F3 wifi for ip camera apps . tried other apps but no go .
"IP camera viewer" has no issues accessing internet by way of a wifi tether on the F3 using my non active LG motion , strange .......the other apps report network errors or just fail to start ( netflix ) perhaps this will help in hunting a bypass on the UPsell crap
Thanks but...
Thanks for providing the most current news about this problem with Tmobile, I have been using HMA / foxfi since Aug 2013. Just a few hours ago it stopped working, couldn't even login to VPN. I lost my useragent switcher when I upgraded Chrome, and couldn't fall back on that either, so thanks for the tip about fiddler.
I am currently online because I caved to the upsell. So my question is, has Tmobile "improved" security on its upsell to the point that VPN's and UA spoofs dont work anymore, and do I have to learn the answer to this by community or by blowing my data limit again? Does anyone have a fresh strategy, or know what's going on in Tmobile business? Do they even care about people like us?
I live by this connection, since other ISP's around here are not worthwhile, and I maintain mobile business with my laptop, and I would prefer to process GB's without having to scavenge for someone else's wifi.
petedude2lu3 said:
Thanks for providing the most current news about this problem with Tmobile, I have been using HMA / foxfi since Aug 2013. Just a few hours ago it stopped working, couldn't even login to VPN. I lost my useragent switcher when I upgraded Chrome, and couldn't fall back on that either, so thanks for the tip about fiddler.
I am currently online because I caved to the upsell. So my question is, has Tmobile "improved" security on its upsell to the point that VPN's and UA spoofs dont work anymore, and do I have to learn the answer to this by community or by blowing my data limit again? Does anyone have a fresh strategy, or know what's going on in Tmobile business? Do they even care about people like us?
I live by this connection, since other ISP's around here are not worthwhile, and I maintain mobile business with my laptop, and I would prefer to process GB's without having to scavenge for someone else's wifi.
Click to expand...
Click to collapse
VPN's no longer work for me either. I'm not getting the upsell page just no internet access at all while tethering.
Thanks TexasState, this was very valuable information that got me completely through T-Mobile's "walled garden" on their unlimited high-speed plan (for phones only) in an area where we don't have any good land-line options. :good:
What are some proactive approaches to making sure T-Mobile doesn't block my line? I'm using a phone basically as a makeshift wifi-router and all our computers run Fiddler. Is there anything else that T-Mobile might do to sniff out cheaters in the future? Is user-agent the only thing they can look at to determine if you're cheating?
Greetings first post here on XDA I have been able to tether via usb on metro/tmobile in OKC ,I am on a rooted F3 (LGMS659) I have tried just about everything a little luck with open garden but too slow for me ,downloaded foxfi wifi ap point no go ,redirected to upsell , tried usb with level one settings ,it works . but I may have done something when I entered the hidden menu 3548#*659# in settings those last two are interesting to me Upsell Url and ATS Start Property On
Took me about 8-10 hours to figure it out but i did it so heres how you get your tether back.
1.Open up your hidden menu.
2.Open Wlan test.
3. Click on UpSell and turn it off.
And turn on your tether app and have fun.
JUN10R831 said:
Took me about 8-10 hours to figure it out but i did it so heres how you get your tether back.
1.Open up your hidden menu.
2.Open Wlan test.
3. Click on UpSell and turn it off.
And turn on your tether app and have fun.
Click to expand...
Click to collapse
After half a day on the unlimited plan with Tea Mobile, this seems to have worked for me. Had to reinstall hiddenmenu.apk on my LG phone because I removed it earlier as bloatware but even after a reinstall as a user (as opposed to system) app, it worked.
Procedure was slightly different due to different model of phone/hidden menu but same basic procedure. BTW, it's unlimited but with 2.5 gb cap for hotspot. Let's just say I'm over the cap.
EDIT: So I got to almost 6 gb in one day, but then I got the redirect of death. I will troubleshoot when I have time later.
dbozam said:
After half a day on the unlimited plan with Tea Mobile, this seems to have worked for me. Had to reinstall hiddenmenu.apk on my LG phone because I removed it earlier as bloatware but even after a reinstall as a user (as opposed to system) app, it worked.
Procedure was slightly different due to different model of phone/hidden menu but same basic procedure. BTW, it's unlimited but with 2.5 gb cap for hotspot. Let's just say I'm over the cap.
Click to expand...
Click to collapse
What model did you use? Mine was in the Hidden Menu --> Settings menu.. and i chose "Upsell Try Off" with no avail.
LG G2 for Tmobile.
S4 "Hidden" Menu
I'm having the same issues as presented above but I'm unable to get into the "hidden" menu using the key code mentioned. I'm running Wicked V10 (it's great). Would love to test this out if I could access the right menu. So far I've gotten into the service menu but that's it.
This is by far the best work around I have found. Everything works. And if you are clever you can edit your user agent rules so they are automatic. Then turn fiddler into a windows service so ya never have to see it again and it just works. Excellent tutorial. The only thing I wish I could do is figure out how to get my Xbox 360 to connect to fiddlers proxy. If anyone knows please post it.
Thanks again OP
-Polluti0n
Sent from my SAMSUNG-SGH-T879 using XDA Premium 4 mobile app
Blank UA causes 403s and ASP issues.
This method works fantastic overall. I have my phone tethered to a router and run fiddler on all needed devices - no upsell message thus far (40GB+ down)
The issue I've run into is that some websites user the User Agent string to serve different content - by using a blank UA many ASP.net websites fail (on _doPostBack, in particular) and several give 403 errors (docs.WooThemes com) so I switched to a mobile UA but then sites serve mobile versions of their content (Amazon com). The next option is a desktop UA, but then I may as well not even switch it at ll?
I'm wondering - does anyone know what specifically T-Mobile looks for in the UA field, or know of a valid UA string that avoids detection but doesn't register as mobile (or give 403's)?
brn2drv99 said:
This method works fantastic overall. I have my phone tethered to a router and run fiddler on all needed devices - no upsell message thus far (40GB+ down)
The issue I've run into is that some websites user the User Agent string to serve different content - by using a blank UA many ASP.net websites fail (on _doPostBack, in particular) and several give 403 errors (docs.WooThemes com) so I switched to a mobile UA but then sites serve mobile versions of their content (Amazon com). The next option is a desktop UA, but then I may as well not even switch it at ll?
I'm wondering - does anyone know what specifically T-Mobile looks for in the UA field, or know of a valid UA string that avoids detection but doesn't register as mobile (or give 403's)?
Click to expand...
Click to collapse
Googlebot and safari 5 for windows work great and are undetected by T-Mobile.
Sent from my SAMSUNG-SGH-T879 using XDA Premium 4 mobile app
Polluti0n said:
Googlebot and safari 5 for windows work great and are undetected by T-Mobile.
Click to expand...
Click to collapse
Seems to work perfectly. Thanks!
For anyone needing it, here's a bare-bones CustomRules js file for Fiddler.
Code:
import System;
import Fiddler;
class Handlers
{
static function OnBeforeRequest(oSession: Session) {
// User-Agent Overrides
oSession.oRequest["User-Agent"] = "Mozilla/5.0 (compatible; Googlebot/2.1; +tp://w.google.com/bot.html)";
// Add 'ht' after the + and make it 3 'w's instead of just one
}
}