Hero, OpenVPN, StrongVPN and the Big China Mistery - Hero, G2 Touch General

Well I searched the forums all over the interweb for a week now, and did not find an answer so I post.
I live in China and as part of the Expat Survival Kit I run an OpenVPN service to solve my facebooktwitteryoutoube problems. The provider is strongvpn.com, or other name reliablehosting.com - reliable, they are, and responsive and helpful and everything.
The VPN uses a San Francisco server, so anytime I fire it up on my PC, I have a USA IP, and can access Youtube, Facebook, Twitter, Pandora et al. Bingo.
I struggled days to hack this connection on my Hero, and finally managed, it works, it connects. Apparently.
Now here is the hick:
- I connect on the Hero with TunnelDroid, using my original StrongVPN config file. It takes some time, but usually connects, either WiFi and Edge.
- I check my external IP, it's the good old Frisco one, I seem good to go
- I can surf sites like e.g. Amnesty International, impossible without VPN. I can use Pandora, so definitely I have US IP. Eventually if there is an embedded Youtube vid somewhere, I even can see and try to start it (although it's dead slow)!
- But, none of the social integration features work. I can not log in into twitter, facebook etc, and when I try to visit those sites with the browser, I have the same result as without VPN, nada. Timeout, service unavailable, technical problem, you name it
Now, if there is any developer / network or VPN expert / GFW operator / Google guru around... I really want to understand exactly what the problem can be - that would help some fellow Hero owners here in China
I changed the "hosts" file that I found on some forums... I tried to boost the process with some web proxy... Tried everything - nothing works.
How is it possible that I'm behind a VPN, I have American IP reported by any software you can imagine, and still I'm blocked, while everything works fine on the PC with the same VPN connection???
I can live without these apps and sites on my Hero...but can not live without finding out the truth

你有没有把DNS设置成OpenDNS的地址或者GooglePublicDNS的地址?
GFW好像会返回伪造的ip,纵然你有US的IP也无法访问一个假的IP,对吧
Ok,if you're hard to read Chinese...
Use a OpenDNS address or Google Public DNS address instead of ISP's,All of those DNS server are GFWed.They'll reply a fake ip address of Youtube.

Not working
Thanks,
I tried this way, but still no result.
How can ANY filter get through an 1024-bit secured openVPN connection anyway????
And on the PC, the same connection works flawlessly...

Is there any routetable or something like that?a modified hosts?some ROMs will do that.
a VPN connection will route all of your data in normal,but if you set a routetable,some special URL will not pass the VPN,
check them or flash a foreign ROM instead and try again.
Good luck

AFAIK the standard Hero kernel does not come with the tun.ko driver (which is necessary to capture the outgoing traffic and redirect it to the tunnel). Did you install a custom kernel, too? E.g. newer MoDaCo images have it by default.

I did nearly everything...modified hosts. Running MoDaCo 3.0 with newest 1.9 Tekn. kernel. Installed the openvpn binaries. And the connection WORKS, just not for everything...
Anybody in China who can use the social networking features on the Hero?

Ps: the reoutetable, I don't really know where to look it for...

I don't know the answer, but you can debug it yourself with a computer and wireless access point:
Hero <--wifi--> AP <--ethernet--> Computer running packet sniffer <--Internet-->

A few comments:
Don't consider Pandora as proof of a US IP. Better check on a website that gives actual info about your location.
The comments about OpenDNS and hosts files are helpful, but both assume that the wrong IPs are not already cached somewhere. Make sure all caches (DNS, browser, etc.) are flushed.
The easiest way to find out if the DNS is the problem is to do a ping to youtube.com and see if the IP range really belongs to Google or of it's a random IP elsewhere. You can use a 'whois' command or website to figure out who the IP belongs to.
Please note that OpenVPN does not encrypt at 1024-bit. 1024-bit is just the initial key length, which is unrelated to the 128-bit or 256-bit of the actual tunnel.
Btw, you don't necessarily need to use OpenVPN. Lighter protocols like PPTP and L2TP may perform better on a phone. China Unicom works well with both. China Telecom works fine with L2TP.
Greetings from Shenzhen.

open VPN
Hi,
not sure if this thread is still alive but i give it a try...
I' currently running elelinux 2.4 with [email protected] on my HTC hero and have trouble connecting to a friends VPN.
the VPN server is in Germany and it works well for my friend, who is also hosting the server. however when i try to connect the server records following:
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
and it seems that my phone is refusing the connection to the server...
any ideas?
thanks!

hero.walker said:
Hi,
not sure if this thread is still alive but i give it a try...
I' currently running elelinux 2.4 with [email protected] on my HTC hero and have trouble connecting to a friends VPN.
the VPN server is in Germany and it works well for my friend, who is also hosting the server. however when i try to connect the server records following:
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
and it seems that my phone is refusing the connection to the server...
any ideas?
thanks!
Click to expand...
Click to collapse
hi there , I don't use elelinux 2.4, but i encountered an same error with CM 7 nightly build, and I believe that is an issue of the kernel you are using for the kernel have some problem with the tun.ko moduel , here is the thread ( read from page 42 ) :
forum.cyanogenmod.com/topic/14455-cm7-discussion-of-nightlies/page__st__860
sorry , i haven't get the permission to post url here yet .

thanks for the link! seem like it does not work with my current kernel, will fash the flykernel from elelinux and try again.

Related

vpn client?

hey guys,
am trying to connect to my office's VPN with my vario II. the default software provided does not seem sufficient. for one, i have one of those security key ring things which means my password changes every time i want to connect.
my pc uses cisco's vpn client...
any ideas? right now i'm just synching my exchange server with my pda using activesync, but wouldnt' midn having it on the go! there's no "external" access as such for the exchange server - it does have a web front end but its highly customized and isn't as easy as just configuring it as an external data source on my pda...
This one works perfect for me..
http://www.ncp.de/english/download/testsoftware/index.html
We use AnthaVPN at my university and it's supposed to work quite well with Cisco concentrator gateways, but be warned, if you have the latest 3.3 aku, you might run into problems like I did regarding loosing 3g internet connectivity on your hermes. However it could have just been a fluke as I didn't bother trying a fresh install of antha after a hard reset or anything since 3g is just as fast as my universities wireless internet anyways
Hope this helps
You can also try Bluefire. They have a 30 day fully functional trial version.
Find out more Here
Applestar said:
http://www.ncp.de/english/download/testsoftware/index.html
Click to expand...
Click to collapse
I have installed this but can't see any way of configuring the VPN connection. How did you configure it?
You have to use the PC client in order to create a configuration file and then transfer the file to your device
duh!
thanks!
bluefire is amazing. i bought it.
I came close to getting bluefire to work on our Cisco network... But once connected it would not transfer data.
I read on a seperate post here that alledgely the medianet unlimited plan uses the wap.cingular access point. That point is NAT based and some vpn clients do not like that... So they refuse the connection based on changing ip addresses.
I am not a networking expert so I do not know if this is in fact the case.
I do know I tried every freakin setting for bluefile and could not get a vpn tunnel from my phone to our Cisco vpn... So I gave up!
NCP
Could I get more specific infos about bluefire? They wanted a 5 page survey before they would send me a (business) trial.
Well, NCP Secure Entry VPN Client works perfect for me with Lancom and other standard firewalls. And yes, configuration is made with a Win XP Desktop Application. Nice about this: They got a Desktop VPN client as well which will be configured exactly the same way. So if you got a working setting for your Laptop you can manually copy the settings and they will work on the PPC as well - thats what I did.

WM 6.1 ActiveSync Exchange Sync over PPTP VPN WORKING ON FIXED SCHEDULE

I'm an IT guy and I just got into smartphone PPCs for the first time after a long-time hiatus from PDAs when I used to be a Palm owner. After my last palm, a LifeDrive, got stolen I moved to a Moto Q wich was a big dissapointment OS wise, and I never really got into modding it or anything, just set my POP3 e-mail server and used it like that for 2 years (draw back was that I didn't have contact sync nore internal e-mail sync that got handled by my exchange server). My contract with that Q expired and I made the move to a Sprint Mogul with WM 6.1 Pro and I'm NEVER LOOKING BACK!!!
Anyways, enough about me, this is my first contribution so I wanted to do the little intro.
I had searched around a bit about how to get ActiveSync to sync my company's Exchange server through PPTP VPN (we don't have it published with a certificate for an actual push config) but all I found was info on how to setup the VPN itself, being an IT guy that was like pointing out the obvious to me as I had already got that running and connecting but couldn't get anything but the OWA site opening in IE and Opera.
Basically what I figured out was that I had to program a work URL exception in the Connections control panel under the Advanced tab. There I added my exchange server's IP address as a URL and used that IP to program the server under ActiveSync with all the usual credentials. I can't configure it to receive as items arrive, instead I had to let the configuration run on a 10 minute schedule. Every time the schedule is up I see the VPN connecting pop up and it syncs PERFECTLY and disconnects the VPN. (It doesn't turn on my screen each time, it just pops up if I'm using it; but that pop up can be turned off if it gets to annoying).
I don't know if anyone else knew about this but I though I'd share this info as I searched for a few days and found nothing, ended up figuring this out myself. If this is new info I'll post more detailed configuration information for those who desire it.
BTW, this is working over the Data Plan and WiFi as well.
Wow. your a god...
I been trying to figure why it kept disconnecting the vpn when it synced up.
Adding the work url exception works perfect...
(Im using WM6.1 on a Samsung Omnia)
Many Many thanks!
No problem dude! I'm surprised no one else has really found this helpful. Glad I could help!
BTW, those exceptions work very well for internal web sites as well. I use it to log in to web-based management consoles such as Symantec's Mail Security for Exchange, Symantec Endpoint, basically if you got an internal website of some sort you can access it through VPN using a Work URL Exception.
I was looking for this info too, i would like more detailed configuration information about this.
Thanx in advance...
Roland hendriks
What part of the configuration are you having trouble with? Configuring the VPN, the Exchange Server or the URL Exception?
Thanks
I personally am thankful for your information. Even if none of the other 1000s of readers out there say anything...
Thank you for sharing your knowledge.
Tim
Glad I could help! I know I broke my head over this one during the first week of me having a WM phone. I figured it out thanks to the Fdc Soft Task Manager using the Netstat utility. It let me know exactly what the network stack of the phone was trying to do and the URL exclussion I just stumbled upon and reading what the page said it lead me to believe that it might be a routing table for configured "WORK" connections. And it worked.
During the past month or two of using my exchange like this and switching around ROMs and cooking my own ones now I've noticed that having TCP Data Reconnect and Transmission Retry settings in your registry set to high will cause Active Sync to take a long ass time for it to actually route communications through the VPN connection. I noticed this after using custom ROMs wich some have these settings increased to ensure communications go through but they raise connection timeouts way to much. On my own custom ROM I've set these to defaults (2 and 4 respectively) and Active Sync only takes about 1 minute to start syncing onces you hit sync while you wait for it to dial the cellular line and the VPN.
you talk about the vpn..
i think you are in the very small percentage of ppl who can get that to work.
i have the activesync set to manual and have tried the vpn type to both IPSec/L2TP and PPTP
w/o success..i always get a UN PW error which i know cant be so..
i set the host ip to what was shown from "whatsmyip"..
searching for quite awhile, i see thousands of ppl who cant get it to work and have
never found a reliable method that works for anyone but the person who posted it.
if you could back track a little and post how to do it, there are probly
thousands of ppl who would find it very useful and really appreciate it.
thanx
Well one thing is how to setup a WM device's VPN client to connect to your VPN server and another is actually configuring your VPN server. Do you have a working VPN setup in your corporate network already? This usually is setup by having a static IP assigned to your corporate internet connection and a firewall configured to allow VPN access with all the necessary traffic and authentication routes.
If you don't have a static IP in your office and use a lower cost DSL or Cable connection you aren't SOL, for these types of connections you can use a service like dyndns.org to dynamically upadate your dynamic IP into a static dns name like: mycompany.dyndns.org for example. This requires you to setup your firewall or ISP modem to communicate with dyndns.org to report the changes. Most firewalls come with this funcionality already built-in, but most of them also call them by different names so you'd have to look up your equipment's documentation on how to report a dynamic dns service.
I would be happy to help you setup your VPN correctly but its more practicall for me to help you setup a checklist on which type of VPN you want to setup (IPSec or PPTP) and what your corporate network's infrastructure looks like and let you know what to look for in google; there is PLENTY of very helpful information on the web on how to setup VPN but first you have to know what you need and how you are going to achieve it and then you'll know what to look for.
Each setup is very particular to the customer's needs and the network infrastructure that is setup and how much security you want to use (IPSec is a naturally secured VPN tunnel protocol while PPTP is not secured by nature but can be secured with a Radius server in your DMZ validating authentication in an encruypted manner to your Active Directory service).
What I posted above will work for an already existing and working PPTP VPN connection wich I already had running for years in my office and I regularly use with my laptop to connect to my exchange server while on the road or at home. What I posted above is what is need to get your WM device to connect to an already functioning PPTP VPN server.
Hope this helps. And if I'm to help you make a checklist I need a lot of information:
Type of ISP (static IP or dynamic IP)
Type/Brand of firewall device
How the devices are connected together (dumb modem or internet router from your ISP to your firewall's WAN port or a full blown router provided by your ISP wich is patched into your firewall's WAN port)
Internal network configuration (both AD and Exchange on same server (SBS) or separated)
What amount of security you are looking for.
Send me some PMs and maybe I could at least point you in the right direction.
nttdemented: I'm doing the PPTP shuffle at the moment, and wanted to pick your brains..
The basic connection is running fine - e.g. when I add 192.168.0.1 as an Exception and go to http://192.168.0.1 in Pocket IE the VPN fires up and I see the page just fine.
I've also added '10.6.1.8' as an exception, but if I go to that address in PIE, I don't see any network activity (using ethereal/tcpdump) on the 'ppp0' server interface (I use Ubuntu server's pptpd) ...
Can I assume that your Exchange server is hosted on the same machine as your PPTP server? Some MS SBS or similar?
Even if I configure an http proxy (on the 192.168.0.1 IP) I see no activity when I try the 10.6.1.8 address. :/
thanks so much!!
that i didn't find/read about the "exceptions" option in WM before...
Somehow, when i got my phone, i got it to work without this workaround, it just worked, out of the box, no exception setting required. (VPN settings + exchange server location were enough)
But yesterday, from the one moment to the next, it suddenly stopped working.
In my efforts to get it to work again i deleted the exchange settings, but doing that, I deleted all my contacts and my agenda! I was in big trouble because I really needed those , but after reading your post, i got it working again! my phone is synching "as we speak" and i'm very happy!
don't know how it worked before, don't know why it stopped working, all I know is, it's working now!
you made my day
Good to know!
Cheers!
I've since stopped using this method as we got around to publishing our Exchange server with an SSL certificate so I'm actually using SSL enabled ActiveSync push on my phone now.
Excuse me but perhaps you can help me too.
My problem is that I can get/sync my mails using WIFI.
If I connect thru GPRS, y go to send/receive and I get all the mails. If I'm on my office and connect thru WIFI to the work net I also get all the mails from the exchange server.
The problem is when I'm outside my office and connect to other wifi net and try to sync my mails. I have an HTC TOUCH CRUISE with WM 6.1 original from HTC without any flash.
Thanks in advance.
VPN connection doesn't always connect for ActiveSync synchronization?
I have had ActiveSync working with an Exchange server over a PPTP VPN connection for years now, but there has been one nagging issue I can't figure out. For the most part it works, but sometimes when ActiveSync tries to sync it will not make the VPN connection. There is only one connection listed when I tap on the icon on the notification bar - the phone's data connection. So in activesync, the icon with the arrows spins for a while but nothing synchronizes. I think it ends up saying "waiting for network" or something like that. It seems to always work when I manually hit "sync", but sometimes it fails on scheduled synchronizations.
Any idea why this happens sometimes?
oh...cheers...got my brain back...
The exceptions rule has almost fixed mine now. I'm getting mail but not through Activesync (just sits waiting for network).

Vibrant Wifi problem (Clean Access)

I have a stock Samsung Vibrant. It connects to my home wifi network just fine and is very fast.
At my school we have to register the mac address' of devices we have on their Clean Access servers. I have registered many devices that work fine.
I registered the mac address of my Vibrant, and it can connect to the wifi, but it will not load a web page. Does anyone have any idea of what is wrong.
I also registered my roommates Vibrant. His does not work either.
I work at the Schools Tech Support so I have access to register and edit my phone on their Clean Access servers.
Does anyone have any solutions?
are you using WPA/WPAv2 or WEP + RADIUS authentication? Does your vibrant obtain an IP address successfully? Can you ping the default router?
The wifi that works at my apartment is WPA2.
The wifi at school is an open network. I can fully connect to their wifi.
Status Connected
Speed 48Mbps
Signal Strength Good
Security Open
IP address (a real IP address)
Im going out on a limb here. I am going to say its the Clean access and your "open network". I assume on your schools computer you use your student ID and some password. Your phone would need the same thing if that is the case. I know at my school, iphones are the only phones that can access our clean access. If its not the case then i am sorry.
my school runs clean access and it works fine. but they have two networks a guest and a login. i use the guest cause i don't want to waste the time to login. but i can try it on monday. typically with linux (i.e. android) you have a web portal and have to agree to some antivirus bs by clicking a button and that's it (and login for the non guest network). one thing i have noticed, though, is that typically i have to turn wifi on, connect to the network, try to load a page, it doesn't work, then i turn wifi off then immediately back on and try to load a page and it takes me to the login/terms portal page.
GTASouthPark said:
The wifi that works at my apartment is WPA2.
The wifi at school is an open network. I can fully connect to their wifi.
Status Connected
Speed 48Mbps
Signal Strength Good
Security Open
IP address 140.209.21.68
Click to expand...
Click to collapse
You should remove the IP from post. Anyways, it seems like the handshake is good. Note down the address of redirected terms and conditions page you get when trying to go online from a laptop. Then enter the same address in vibrant's browser once you are connected through Wifi ( or set it as homepage) and see if that lets it through.
Probably an issue with Android's lack of native NTLM support. AFAIK this is still unresolved. Have you tried using Fennec rather than the stock browser? I've heard you can authenticate properly using it.
Siks said:
Probably an issue with Android's lack of native NTLM support. AFAIK this is still unresolved. Have you tried using Fennec rather than the stock browser? I've heard you can authenticate properly using it.
Click to expand...
Click to collapse
interesting. i use dolphin hd and it works for the clean access web authentication page.
Could be, if your school does not have a guest account login for devices, that you are getting on the segregated network because CA cannot verify the "cleanliness" of your device. When I setup CA it verified patch levels and such on the non-guest network, so unless CA comes out with a Android client/access list, it may not work.
watcher64 said:
Could be, if your school does not have a guest account login for devices, that you are getting on the segregated network because CA cannot verify the "cleanliness" of your device. When I setup CA it verified patch levels and such on the non-guest network, so unless CA comes out with a Android client/access list, it may not work.
Click to expand...
Click to collapse
except then it wouldn't allow osx or linux. clean access requires an app for windows to verify service pack and av and whatever, but for linux and osx it doesn't. it wouldn't be able to (at least for linux).
funeralthirst said:
except then it wouldn't allow osx or linux. clean access requires an app for windows to verify service pack and av and whatever, but for linux and osx it doesn't. it wouldn't be able to (at least for linux).
Click to expand...
Click to collapse
That is correct but it can ID the operating system and has exceptions for those flavors ...
Hey it's me again.
I don't think it's an android thing because I had my G1 on the servers.
Normally what happens if you aren't registered on Clean Access is, if you open a web browser, you will be automatically redirected to an authentication page where you put in your school ID and password. This would work fine and allow me to get on the wifi, but it never came up on the web browser, it just tries to load the page for awhile and goes to a 'Page cannot be displayed' page.
Also I have tried using different browsers, including Dolphin HD.
If I can just get to the authentication page even it will be fine, I could work with that.
Also the school does have a guest login, but you have to get to the authentication page, and I wouldnt want guest access since it limits time, bandwidth, and features.
That is exactly what I said my last reply...Try putting https infront of your authentication URL, and make sure the java-script etc. is on in your browser...Try clearing cache and hit refresh as well. Also, see what happens if you set that URL as homepage...
GTASouthPark said:
Hey it's me again.
I don't think it's an android thing because I had my G1 on the servers.
Normally what happens if you aren't registered on Clean Access is, if you open a web browser, you will be automatically redirected to an authentication page where you put in your school ID and password. This would work fine and allow me to get on the wifi, but it never came up on the web browser, it just tries to load the page for awhile and goes to a 'Page cannot be displayed' page.
Also I have tried using different browsers, including Dolphin HD.
If I can just get to the authentication page even it will be fine, I could work with that.
Also the school does have a guest login, but you have to get to the authentication page, and I wouldnt want guest access since it limits time, bandwidth, and features.
Click to expand...
Click to collapse
did you try turning on wifi, wait for it to connect, try to load a page (any page because it will redirect you), wait for it to time out, pull down the notification bar, turn wifi off, turn it back on and then reload the page? i know it sounds dumb, but this is the only way i've got it to work at my school and it works every time...
watcher64 said:
That is correct but it can ID the operating system and has exceptions for those flavors ...
Click to expand...
Click to collapse
to what flavors? i'm guessing android will show as linux since it's based off a linux kernel. more than likely it checks for windows, and if false goes to the default linux/osx page because to clean access those aren't threat os's.
VICosPhi said:
That is exactly what I said my last reply...Try putting https infront of your authentication URL, and make sure the java-script etc. is on in your browser...Try clearing cache and hit refresh as well. Also, see what happens if you set that URL as homepage...
Click to expand...
Click to collapse
they don't have the authentication URL on their homepage so I don't know what it is, it should automatically redirect me to it.
Also when I connect to wifi, try to load a page, let it time out, turn off wifi, turn it back on and connect again, and then refresh the page.. nothing happens it times out again.
Ok so I did find out the authentication page URL. Typed it into my phone. I had high hopes when a page saying "You are being redirected to the network authentication page. If you are not redirected automatically, then please click HERE".
Anyway it did redirect me, to a "Web page not available"... etc.
In the default browser it gave me the error... "Data connectivity problem. A secure connection could not be established". umm wtf?
Can you communicate with other protocols/ports? I used to be able to exploit a bug with our school's CCA servers where I could just connect unauthenticated and use SSH. (Maybe it was a feature?)
I can't use any other web protocols.
Bump. Okay. I've figured out how to do this . '
it's a t mobile vibrant either kernel or rom problem. My phone connected the very first time I tried to use it at an argosy site, then never ever ever again.
so. I used wifi manager to find out what the ip, gateway, subnet mask, and dns 1 and 2 were. I went to settings, wifi, options key to go to advanced options, from there selected static ip and entered all the info I gathered
bam! ! Connected every time.
Oh and btw, the reason I say its a tmobile vibrant rom or kernel problem is that on fusion, Eugene's and bionix final, I was able to connect right away, every time . And on my f friends att fascinate and verizon captivate, they never had to enter the static ip like I did. They connected right away every time . Yet everyone I know that had s vibrant kept having the same proble. m i did .
Tmobile. What a piece of ****. Anyway I figured nobody had this figured out so I'd jump in.
Hope this helps out some people. GL

[HOWTO] Use VPN with your Android & Home Router

This is a simple tutorial to allow you to connect to the internet using VPN through your home router.
:NOTE: At present, the steps here are sparse. They assume some technical capability to set things up yourself, this is just kindof a guide as to WHAT you'll need to setup.
Why, you ask? Security. Using a VPN will essentially encrypt your communications though a tunnel back to your home computer. Not going into all that here, basically a simple guide. I assume we're all smart here, so the basics.
Prerequisites
1. DD-WRT V24 Capable router. If you don't have this, then you will need to instead use a different method involving installing software on your PC that I won't cover here. The advantage of the DD-WRT router is ease of setup on the router, and not having to have your computer turned on.
2) Capable Android Phone & Provider. I can't troubleshoot your ROM or provider. Some Android Roms don't support VPN, and it's broken in some. Some providers apparently block it. If your Rom is good and your provider doesn't block it, you're golden. In some cases (such as on the G2X) custom kernels (such as Faux123's) will add the necessary TUN support. Or you may need to add a TUN.KO file if it doesn't... again, device specific, refer to appropriate device forums.
3) If you don't have a static IP (I assume you don't) you'll need a dynamic DNS provider compatible with DD-WRT. I prefer freedns.afraid.org, but you can use any o these: dyndns.org, zoneedit.com, No-Ip.com, 3322.org, easydns.com tzo.com or dynsip.org.
Got all that? Great!
Okay, here's the fun bit.
STEP 1
First, you need to hack your router. It's a LOT like rooting your Android phone. How to do it is BEYOND the scope of what I can write here, but what you need to do is visit http://www.dd-wrt.com and have a look around. Or, you can actually purchase routers with DD-WRT pre-installed. Basically you have to flash a custom ROM onto your router. It needs to support VPN, and be at least version "v24 SP1". Older versions may have a DIFFERENT VPN setup that's not as easy. Don't say I didn't warn you. I flashed the full-featured VOIP version to my router, a Buffalo WHR-G54S.
Unlocking (if necessary) and flashing your router with DD-WRT is a topic as broad as rooting/flashing Android - so I can't help you here. But once it is done, you are ready for....
STEP 2
Setup your dynamic DNS provider. I used http://freedns.afraid.org/ to do this. Basically you go to the site and sign up for the free "subdomain" services. You can pick a name that will be on a number of different domains, such as "us.to", where you could maybe pick something like "kick.us.to" if it isn't taken yet. All that matters is you remember the name.
Next, in DD-WRT, go to the Setup->DDNS tab and select the proper DDNS service and enter the information it asks for -- your service used, username, password and hostname usually. You can usually leave update interval at the default, and normally you don't need to use external IP check.
NOTE: You need to make sure you are not "Double NAT-ed".. this means two routers stacked is a nono. If you have a router connected to a cable/dsl router (instead of a cable/dsl modem), then it needs to be set to BRIDGE mode. Again.. complicated and really a topic best dealt with on its own.
Once you've setup your Dynamic DNS, you're well on your way. You can actually use that hostname for all sorts of things, such as always being able to get Audiogalaxy to connect to the right host without having to know a numeric IP that could change.
STEP 3
You're on a roll... Now, time to setup the VPN in the router. This is done under the Services->VPN tab. If that tab doesn't exist, then you got the wrong version of DD-WRT and need to go back to Step 1.
Enable PPTP Server, Broadcast Support, MPPE Encryption. Under Server IP enter your ROUTER's IP address (usually 192.168.1.1, or whatever you use to connect to your router). Under Client IP's, enter the range of clients on your local network in the format: 192.168.1.100-149 (where 100-149 represents possible IP addresses I've set in DD-WRT for my LAN)... this doesn't seem as important since we'll be connecting from outside.. Just do it.
Under CHAP-Secrets enter in your preferred username and password in the format:
username * password *
that is, the username, a space, *, a space, the password, a space and then *
Save and apply settings. (You need to click both SAVE and APPLY, DD-WRT is weird like this)
STEP 4
Back to Android! Yay! This part of the procedure may vary by phone, but this is how it is on my Gingerbread T-Mobile G2X with faux123's kernel.
Goto Settings->Wireless & Networks->VPN Settings->Add VPN->Add PPTP VPN
VPN Name=whatever you want
VPN server= your dynamic IP name you selected in Step 2
Enable encryption = Yes
now, hit Menu->Save
You should now see your VPN listed under VPNs. Click on it, and select CONNECT. Type in your username and password you selected at the end of Step 3.
It should connect. CONGRATULATIONS!
You should also have a notification in your taskbar that will now let you disconnect from the VPN.
STEP 5
Enjoy! .. wait, what? It didn't work? It did for me!!!
I guess.... ask questions here, or if it appears to be a phone issue, ask in your device's appropriate forum (and link to this thread so people know what guide you're following)
And, if anybody reading this is a better expert in setting this stuff up than I am, feel free to critique/laugh/criticize/constructively comment on this little howto and I'll correct anything I Rick Perry'd.
Nice tutorial! Would have been better if you also included more details in hacking our router
DroidVPN said:
Nice tutorial! Would have been better if you also included more details in hacking our router
Click to expand...
Click to collapse
I would have, but like I said, that's a topic as big as phone hacking itself. Every model of router is going to be different! There may be models that support VPN in the router as well without DD-WRT, but I'm not familiar with that setup.
DD-WRT's website has a pretty huge forum on what routers are compatible and how to set it all up.
The optimal speed can be achieved by the compression of traffic and by minimizing server loads. Web acceleration will enable you bring about a drastic improvement in the web page response time. This kind of acceleration usually come in lesser costs and offers the best web application performance.
So Wat does this do? Keeps u secured from the eyes of the ISP?.. harder for others to hack u?...
Sent from my HTC Desire using xda premium
evilgenius00 said:
So Wat does this do? Keeps u secured from the eyes of the ISP?.. harder for others to hack u?...
Sent from my HTC Desire using xda premium
Click to expand...
Click to collapse
lotherius said:
Security. Using a VPN will essentially encrypt your communications though a tunnel back to your home computer.
Click to expand...
Click to collapse
Yeah, that.
...
10char.
Nice TUT, VPN working
Thanks. I mostly appreciated the idea of using afraid.org.
For some reason, Dyndns and no-ip wouldn't work with ICS as client.
thanks for this tut, keep it up
nice.. thanks for sharing
The cool thing is, once you start hacking your router, you open up all sorts of fun. Like using a virtual wireless network to bridge the open wifi network that gets 1 bar of signal in one little corner of your apartment to be a full strength WPA protected network with your own SSID and subnet that all of your devices can use ... not like I would do such a thing. Now, I *am* a bit afraid to try to set up a VPN on the bridged virtual network..... that could get complicated.
Will this also work with OpenDNS?
Already running DDWRT v24 on WRT600N, and trying to figure this VPN stuff to connect my Atrix running CM10. Thanks for any help
katinatez said:
Will this also work with OpenDNS?
Already running DDWRT v24 on WRT600N, and trying to figure this VPN stuff to connect my Atrix running CM10. Thanks for any help
Click to expand...
Click to collapse
Any service which gives you a stable hostname to the outside network should work.
If you have a higher end router that supports the mega builds (8MB flash), then you can opt for OpenVPN which is more secure than PPTP. Setup is more complicated though.
australix said:
If you have a higher end router that supports the mega builds (8MB flash), then you can opt for OpenVPN which is more secure than PPTP. Setup is more complicated though.
Click to expand...
Click to collapse
Still using a (now antiquated) Buffalo WHR-G54S which has 4MB flash and 16MB Ram... so while it has a lot of features, OpenVPN is lacking... so I can't test that method personally.
This Buffalo is the best router I've ever owned, though. I still can do without gigabit or N networking, so I'm not upgrading. I went through 5 or 6 bad routers (even a Linksys WRT-54G that crashed constantly) before I got this one.
Thanks for all the info here. I've deleted the post because I think my issue is with something else.
Thanks..
p
very...helpfull..!!!
Very easy guide! Thanks!
455
nice cool...
bumpin this because i have a question regarding this, i just set this up and it works great
there are mainly two types of auth vpn servers use, certificate authentication and username/password
i tried to set up password one, and you still need the server public certificate along with username/password, but you don't need client public and private keys unlike with cert auth.
now, i placed the server key, ca.crt, on my internal storage and together with username/password, works great, my concern is security of this file. this file needs to be accessible right, so you can't put it in /etc or /system, having it in internal storage, any app with storage permission can read it... isn't this a security risk? how is this solved? where do i put the file?
thanks
edit: also, how do i *prevent* network traffic without vpn? i know there is always on option and start on boot, but i did, and when the boot finnishes there is a brief moment when the phone connects on mobile network just before initializing vpn and in that brief moment android probably sends all sorts of passwords and data through the network ... how do i delay this until vpn is initialized?

[Q] VPN problems with CM7.1

I'm having with trouble getting VPN to work on my Nook Color, running cm7.1 encore stable. It seems every time I enter my password to connect, the status changes to 'Connecting...' and freezes the nook. Has anyone gotten VPN to work on CM7.1? I'm outside the US so I would like to run VPN to connect to Hulu and Crackler...
Any help on this would be appreciated
BUMP
I'm having the same issue with CM 7.1.0.1 (stable). Like the original poster stated in his post every time I connect to a VPN my Nook Color freezes and I have to do a hard reboot.
I use VPN a lot on my Android devices so it would be great if someone could tell me how I can get it to work on the Nook Color.
If you can use OpenVPN, that works very well for me via the OpenVPN Settings app.
swaaye said:
If you can use OpenVPN, that works very well for me via the OpenVPN Settings app.
Click to expand...
Click to collapse
My provider charges extra for OpenVPN so I'm stuck for now trying to get PPTP VPN to work on my NC.
I straight up have the answer for you. DroidVPN is in beta right now, search them on the forums. They will provide you with VPN for free. They require that you email them for a registration code and that's it.
Highly recommended. Quick connection and nice servers. Download and browsing speed mostly equivalent to what I was getting before.
Give them a try. You will need a tun.ko in your system/lib/module folder, but it is built into the kernel. I just bring that up so it doesn't seem to be a stumbling block to anyone looking into the app.
mateorod said:
I straight up have the answer for you. DroidVPN is in beta right now, search them on the forums. They will provide you with VPN for free. They require that you email them for a registration code and that's it.
Highly recommended. Quick connection and nice servers. Download and browsing speed mostly equivalent to what I was getting before.
Give them a try. You will need a tun.ko in your system/lib/module folder, but it is built into the kernel. I just bring that up so it doesn't seem to be a stumbling block to anyone looking into the app.
Click to expand...
Click to collapse
I already have a prepaid subscription to a VPN provider (StrongVPN) which allows me to have an IP address from anywhere in the world. I watch shows on the BBC iPlayer which only streams to UK IPs. I also used this before to watch Netflix while in Europe with a US IP.
This DroidVPN sounds fine for folks that aren't needing international IPs although I don't know how many servers they have and what type of speeds one can expect using them.

Categories

Resources