Hi all.
I have a question that I have searched for, tried some apps, and have yet to get what I am seeking and shoud be kinda easy IMO.
I am seeking a way to forward all traffic over wifi through a remote ssh server of mine. I am hoping to do so without changing browsers as I am seeking more than just a browser proxy. I tried apps that claim to do it without success (like the Tor app, and transperent proxy). I think icould get connectbot do do it if it was aded to su, but haven't figured that one out yet.
Any suggestions would be loved.
Thanks.
J
Sent from my SPH-D700 using XDA App
Guss this iras harder than I assumed. Does anyone have any suggested solution for my needs? Could ready use some advice fire travel tomorrow.
Sent from my SPH-D700 using XDA App
Sorry for bump
Sent from my SPH-D700 using XDA App
You should be able to foward (nearly) all traffic with OpenVPN. This requires having OpenVPN installed on the proxy machine. Setting this up is a bit tricky, but there should be HOWTO guides available online for it. One of the things you'll need is tunnel device support for your kernel. If it's not compiled in (might be on some of the custom ones), you'll need a tun.ko module. The one in this thread is for the DI18 kernel. If you're running Froyo kernel (e.g., DK28) and it's not compiled in, then you're probably out of luck for now.
Alternatively, if you can live with just HTTP/HTTPS traffic being forwarded, you can use an SSH tunnel along with an HTTP proxy (e.g., tinyproxy) on the proxy end. If you're using the stock browser, you'll need a proxy that supports transparent proxying (tinyproxy does) and you'll have to add firewall rules to the phone to force HTTP traffic over the tunnel. Some alternate browsers (e.g., Opera Mobile) support HTTP proxies directly, so you don't need to add firewall rules.
Assuming you already have an SSH tunnel setup on (localhost) 8888, this firewall rule (entered from a terminal like ConnectBot local) will force all traffic destined for port 80 (HTTP) over it:
Code:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8888
you can clear the rule with:
Code:
iptables -t nat -F OUTPUT
To forward HTTPS traffic, add a second rule using "dport" 443 instead of 80.
You should be able to use ConnectBot to setup the tunnel. Assuming the proxy port on the proxy-end is 8888, you'd setup a rule for "Source port: 8888", "Destination: localhost:8888".
However, the last time I tried doing port-forwarding with ConnectBot it didn't quite work, pages would load partially then stop. Using another ssh client solved the problem. You could try installing dropbear, then from a terminal (e.g., ConnectBot local) run "ssh -L 8888:localhost:8888 [email protected]".
Mk... Thanks for the detailed reply. I will play with your recommendations.
Sent from my SPH-D700 using XDA App
Related
I, like many here, have received a notice about tethering usage. I was working on a non-related project for someone who is heading to China so that they could bypass TGFoC when I had the following idea. If I can pass a computer in China through my SSH server to get internet access, why can't I do the same within the WebTop environment?
I know that in the WebTop environment, the phone window still has a valid connection to my carrier (AT&T, as the case may be), although the Webtop environment does not unless you pay for the double-dipping fee for tether usage. Here's what I did to get internet access on my phone (in Firefox) and it appears to work for me (YMMV):
===Things you'll need:===
Phone with WebTop
ConnectBot installed on the phone
Valid credentials to a box you can SSH to as well as create port forwards on
===Procedure===
1 On the phone, setup the ConnectBot ahead of time for the connection to the server.
2 Create a port forward
2a Name it anything you want (I called my WebProxy)
2b Type should be dynamic (SOCKS)
2c Source port is set to 8080. Any unused port should be fine, but this is the one I used
2d Destination is unchanged
3 Open up Webtop. Although untested, I see no reason why Webtop via HDMI shouldn't work.
4 Within the Mobile view window, connect to your server and ensure that the port forward is enabled (a disabled one has a line through it)
5 Open the Preferences of the WebTop's Firefox
6 Click on Advanced->Network->Settings
7 Change the proxy to be SOCKS and use 127.0.0.1 as the IP and the same port number as you selected in step 2c
8 If you want the DNS requests to work, you may wish to change that within about:config (look for "network.proxy.socks_remote_dns" and set it to true)
Your FF should now pass all its traffic through ConnectBot's SSH connection.
===Caveats===
1 All your network traffic from Firefox will be slower due to your SSH server acting as proxy.
2 You obviously need a desktop/ server machine that is reachable all the time. This may not be cost effective if this is its only use.
3 I do not claim that this is undetectable, only that it works. If another person more knowledgeable in this could comment, I'd appreciate it.
Thoughts?
I'm having occasional issues with ConnectBot not creating the port forward while on mobile data, and I'm thinking it may be timing related. Could anyone assist?
wingmanjd said:
I'm having occasional issues with ConnectBot not creating the port forward while on mobile data, and I'm thinking it may be timing related. Could anyone assist?
Click to expand...
Click to collapse
Solved my own problem. I had a dying Atrix phone previously. My tutorial above works perfectly on my new phone.
This really helped me!
Thanks a lot, it worked (although I can't find a "thanks" button).
But I don't get one little thing. Why we have to set the proxy to "source port"? In my (obviously mistaken) mind, it should be the destination port.
On a computer ssh command we would use something like:
ssh -ND [port-passed-to-proxy] [email protected]
I'm a bit confused by the name "source" to the port being passed to the proxy as I see it the other way around.
perr0.br said:
Thanks a lot, it worked (although I can't find a "thanks" button).
But I don't get one little thing. Why we have to set the proxy to "source port"? In my (obviously mistaken) mind, it should be the destination port.
On a computer ssh command we would use something like:
ssh -ND [port-passed-to-proxy] [email protected]
I'm a bit confused by the name "source" to the port being passed to the proxy as I see it the other way around.
Click to expand...
Click to collapse
Well, I think the confusion lies in possibly the way you're looking at it. From connectBot's viewpoint, it's going to be passing all data that hits the source port via its connection. Firefox's proxy port, and what I'd consider to be a destination port from its point of view, would be the connectBot's source port.
I'm not a developer, but I play one on TV.
tl;dr Google Talk/AndFTP/SIP can't connect over an OpenVPN connection in CM7.2
My OpenVPN configuration has worked for several months. But since 7.2 came out, I've been troubleshooting a problem with my phone's VPN connection to my home server. The symptom I'm seeing is that apps besides the web browser cannot connect to anything over the VPN, including the VPN host itself. When I use tcpdump to watch traffic going over my server's tun0 adapter, I don't see packets sent from AndFTP and SIP (the phone dialer's SIP) ever reach the server. Strangely, the web browser works just fine over the VPN. I'm able to view websites normal, and even connect to my webserver on port 8080.
Like you (probably), my first assumption is that a problem like this is due to misconfiguration somewhere. However I'm starting to think that's not the case this time. My VPN configuration is very simple, and I don't use any iptables netfilter rules anywhere (the server is behind a nat router). These apps work just fine over my VPN when I'm using the old CM7-12112011-nightly-olympus build. My Ubuntu laptop also has no issues using the VPN. I have observed the route table (# busybox route -n) after the VPN connection is made using the latest nightly, and the old build which works. Both routes are the same (for whatever reason, the default gateway isn't removed, but it works on the old build anyway).
So I have only seen this issue when I'm running CM7.2 RC1 or the latest nightly: update-cm-7-20120409-NIGHTLY-olympus-signed.zip
For now I'm back on the CM7-12112011-nightly build, and my apps work on my VPN again. But I wanted to post this here incase this issue affected anyone else. I'm not sure how to continue troubleshooting it, or whether it might even be related to a bug.
I can use Pandora just fine over VPN, as well as download stuff from the Market/Play and use GTalk.
Here's my server config if you want to compare it
Code:
$ cat /etc/openvpn/server.conf
port 12345
proto udp
dev tun
ca /etc/openvpn/blahblah.crt
cert /etc/openvpn/blahblah.crt
key /etc/openvpn/blahblah.key
dh /etc/openvpn/blahblah.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
Ok if these builds are working for you, that does indicate it's just some misconfiguration on my end.
update: I did fresh installs of the last atrix-dev-team build and the latest cm7.2 nightly. On both builds apps are working over the VPN just fine. The only thing that doesn't work is the dialer's built in SIP, it won't connect over the VPN. It works when I'm on the same lan as the server, but not otherwise over the vpn. Watching tcdump, I never see packets coming from the phone when I enable "Receive incoming calls."
So I just gave up trying to get the SIP dialer to work on my VPN, and installed CSipSimple and SIPDroid. Both work just fine over VPN. While both these apps are popular, I was only avoiding using them since I didn't think they would be necessary. I've used the dialer's SIP to proxy calls over asterisk in the past with my original A855 Droid. Not sure why it doesn't work anymore, but not a big deal either.
I am also having some difficulty with openvpn. I am running CM7.2 RC3 on my Atrix. I have never had it working before on the Atrix (recent convert to CM7), but have had it working on laptops and an iphone. Was intrigued that it appears to be built in. I just cannot get it to work.
My issues are:
1) I cannot use the tun device. If I try, it appears to connect, then errors out.
Code:
N read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
If I select tap, it will connect, but then it tells me that there are fragment errors
Code:
FRAG_IN error flags=0xfa3333ff: FRAG_TEST not implemented
2) I cannot add the 'extra arguments' under the advanced settings. I try tp put "fragment 1400" and . I'd like to add mssfix as well, but cannot figure out how to use this input block. If I try "fragment 1400" same thing:
Code:
MANAGEMENT: Client disconnected
When I use tap and keep the extra arguments clear, it appears to connect, but I get nothing: andsmb cannot see smb shares, I cannot get to the router web page, etc.
I have also configured pptp and that will allow me to connect (access shares and see the router web interface (ddwrt). I would prefer openvpn, though. Any help appreciated.
My connect script with a laptop is:
Code:
remote xxxx.dyndns-office.com 1194
client
dev tap0
proto udp
mssfix 1400
fragment 1400
resolv-retry infinite
nobind
persist-key
persist-tun
float
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
Keith
For anyone interested in data security the ability to encrypt network traffic is obviously important-- especially in light of the myriad of recent well publicized reports of private and government electronic snooping. It is also relevant to mention that to date no one has come close to cracking "TwoFish" encryption which can be used by SSH. With this in mind, consider the following tutorial which describes a method for encrypting all 3g, 4g, and Wi-Fi data, thus beefing up phone and personal data security.
Setting up a global SSH Tunnel on Android phones
This tutorial assumes the reader possesses a fully configured SSH server and rooted phone. In lieu of a server, (eg., the reader only has only a Windows-based operating system), research into CYGWIN is recommended. I use CYGWIN to run my SSH server and I have found that it is the most robust option for Windows users; however, setting this up on Windows can be a daunting task.
Setting up global SSH Tunnel on Android
1. Download 2 apps from the Google Playstore: ConnectBot and ProxyDroid
2. Install ConnectBot and ProxyDroid on your phone.
3. In ConnectBot set up Port forwards for your SSH connection. For "Type" field use "Dynamic (SOCKS)." For “Source Port” use 56001 or any local port not being used. The reasoning behind using port 56001 is this: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535)
4. Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001 (or the port you chose to use in step 3)
Proxy Type: SOCKS5
Global Proxy: Check the box
The above procedure accomplishes several things. First, ConnectBot remotely connects to your SSH server. Next, the ConnectBot connection forwards to the local port 56001. ProxyDroid then redirects all network traffic through the localhost on port 56001. Once you are connected through ConnectBot and ProxyDroid is activated all of your data will be tunneled through the encrypted ConnectBot session. This is an excellent way to set up a global proxy because it does not require manual configuration of any applications to connect through the proxy. You can test the functionality of the connection by opening up your phone browser and performing the Google search: What is my IP. If the proxy is functional you will see the WAN IP of the network of your SSH server. Additional and more thorough testing can be done with packet sniffers such as WireShark.
An application called "SSH Tunnel" is an alternative to accomplishing the above. However, I find ConnectBot and ProxyDroid is more elegant and gives better control-- not to mention being more sophisticated/chic. When correctly performed the ConnectBot and ProxyDroid method encrypts all 3g, 4g and Wi-Fi data on your phone. This is obviously useful for phone access of sensitive materials especially using unfamiliar or alien network connections. With the current proliferation of identity theft via electronic snooping on mobile devices I do not advocate using cellular phones for any banking or electronic transactions without setting up a robust and reliable encrypted connection.
I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this
Android 4.3?
strifej said:
I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this
Click to expand...
Click to collapse
Unfortunately, I have not done any testing with android 4.3 yet so I'm not sure why the dns request wouldn't be proxied. I'll look into it and get back to you.
DNS proxy on android 4.3
strifej said:
I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this
Click to expand...
Click to collapse
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983
4.4
Dr.Tautology said:
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983
Click to expand...
Click to collapse
Tested on kitkat and is working fine. Ssh tunnel app not working however.
Dr.Tautology said:
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983
Click to expand...
Click to collapse
I use pacman rom on nexus 4.
thank you for this tutorial!
I have been looking for a new way to setup SSH tunneling since the app "ssh tunnel" from the Google Play store stopped working with Android 4.2+
I can't wait to try this out..
I have two phones both SGS4's one running CM 10.2 and the other stock on 4.3 so i will try both of them out and report back here how it works out.
Thanks again for the tutorial!
-droidshadow
Thank you Dr.Tautology
Thank you Dr.Tautology
I was searching a big time for the solution you gave me.
First I was using SSHtunnel app from google play and it worked on my note 3 SM-N9005 (rooted) with jb 4.3. After upgrade to 4.4.2 kitkat (rooted) I could connect but there was no changing to my home ip in the browsers that I use with surfing by example to whatmyip . I also have a tablet "nexus 7" 2012 version upgraded also to 4.4.2 and on this device SSHTunnel is functional and the ip is changing??? I did not understand. Now I was searching for alternatives for my galaxy note 3 and I've found ssh connectbot and proxydroid. After I added the settings that I always used with dyn socks5 port 11723 on both programs.... -> connection to my DD-WRT router (with connectbot) was also possible. I also booted proxydroid and again after running chrome or firefox I still had the same ip so it didn't work.... Now I've found your post and read that the socks5 port must be above 49152. I changed the ports on both programs to 56001 in ('connectbot and proxydroid) and BAM! Connected with my home IP from outside my home :laugh:
The weird thing is that it worked on JB 4.3 with socks5 port 11723.
Now my woking SSH tunnel config -> Host = home-ip:7500 (default port = 22 in DDWRT)
user to connect to DD-WRT router = Root
password = Router password
dyn proxy socks5 port = 56001 as you suggest.
I have an app from my isp that I only can use with my home ip so I had to be home and connect by wifi. Now it's possible again with tunneling
Now the only thing that I have to do is thank you. :victory:
Never thought that the port number should be the problem.
Best regards DWroadrunner
I managed to set this up using SSH Tunnel for android. However I would like to use SSH Autotunnel as it's supposed to handle network changes better and is also more light weight. Does anybody know what type of private key this programm accepts? I have had no luck using putty keygen and the id_rsa I created in ubuntu does not seem to work either.
Glad to help!
DWroadrunner said:
Thank you Dr.Tautology
I was searching a big time for the solution you gave me.
First I was using SSHtunnel app from google play and it worked on my note 3 SM-N9005 (rooted) with jb 4.3. After upgrade to 4.4.2 kitkat (rooted) I could connect but there was no changing to my home ip in the browsers that I use with surfing by example to whatmyip . I also have a tablet "nexus 7" 2012 version upgraded also to 4.4.2 and on this device SSHTunnel is functional and the ip is changing??? I did not understand. Now I was searching for alternatives for my galaxy note 3 and I've found ssh connectbot and proxydroid. After I added the settings that I always used with dyn socks5 port 11723 on both programs.... -> connection to my DD-WRT router (with connectbot) was also possible. I also booted proxydroid and again after running chrome or firefox I still had the same ip so it didn't work.... Now I've found your post and read that the socks5 port must be above 49152. I changed the ports on both programs to 56001 in ('connectbot and proxydroid) and BAM! Connected with my home IP from outside my home :laugh:
The weird thing is that it worked on JB 4.3 with socks5 port 11723.
Now my woking SSH tunnel config -> Host = home-ip:7500 (default port = 22 in DDWRT)
user to connect to DD-WRT router = Root
password = Router password
dyn proxy socks5 port = 56001 as you suggest.
I have an app from my isp that I only can use with my home ip so I had to be home and connect by wifi. Now it's possible again with tunneling
Now the only thing that I have to do is thank you. :victory:
Never thought that the port number should be the problem.
Best regards DWroadrunner
Click to expand...
Click to collapse
Hey DWroadrunner,
That's great news! I'm very happy that my post helped you, as my intention was to provide all the necessary information to do this in one place. It's not always the case that a user port wont work, but unless you are big on port level security it's not easy to determine if/when the port is being used. This is probably why 11723 did work for you, however it's always better to go with a dynamic/private port range. Also, if you want a simple way to improve the security of your ssh server change the default port from 22 to something else. You'd be surprised how many attempts to connect will be made by attackers on a daily basis.
Regards,
DocTaut
droidshadow said:
I have been looking for a new way to setup SSH tunneling since the app "ssh tunnel" from the Google Play store stopped working with Android 4.2+
I can't wait to try this out..
I have two phones both SGS4's one running CM 10.2 and the other stock on 4.3 so i will try both of them out and report back here how it works out.
Thanks again for the tutorial!
-droidshadow
Click to expand...
Click to collapse
Let me know if this is working on CM. I have tested on stock 4.3 with no issues.
Any luck yet?
rintinfinn said:
I managed to set this up using SSH Tunnel for android. However I would like to use SSH Autotunnel as it's supposed to handle network changes better and is also more light weight. Does anybody know what type of private key this programm accepts? I have had no luck using putty keygen and the id_rsa I created in ubuntu does not seem to work either.
Click to expand...
Click to collapse
Hello,
I've used auto tunnel a handful of times. Just wanted to check to see if you figured out what key it accepts. I will test it out when I get a chance.
Dr.Tautology said:
Hello,
I've used auto tunnel a handful of times. Just wanted to check to see if you figured out what key it accepts. I will test it out when I get a chance.
Click to expand...
Click to collapse
Hi, the developer send me a mail saying that autotunnel should accept both private key types. None of them worked for me, though. He also suggested to try and paste the content of the private key into the bracket. I might give that a try. Edit: I can confirm copying and pasting the private key works. But it does not seem to transfer traffic via the the server, at least not the 3g traffic while using chrome. Edit 2: Turns out SSH Autotunnel does not use a socks proxy. Therefore secure browsing is not an option. The app is for secure pop3/ftp-server/smtp-server connections only. Thanks go to Matej for his kind support.
I've been using OpenVPN but I'd prefer to use ssh, as I have several ssh servers around the world, plus their pipes are bigger than my home line I have openvpn running on.
I have yet to get SSH Tunnel (apk) to work reliably; it randomly stops working and it's just a dead connection.
Using ProxyDroid unfortunately requires me to launch ConnectBot, connect ssh, then start the proxy. It'd be nice if ConnectBot could bring up the connection automatically, or ProxyDroid could do it. What I do right now is VPN unknown wifi connections and I can automate that with Tasker. I might look to see if I can automate connecting with ConnectBot then enable the ProxyDroid connection.
You can use ssh tunnels also with Drony if some proxy with authentication is involved. Works also on non rooted devices.
Automation
khaytsus said:
I've been using OpenVPN but I'd prefer to use ssh, as I have several ssh servers around the world, plus their pipes are bigger than my home line I have openvpn running on.
I have yet to get SSH Tunnel (apk) to work reliably; it randomly stops working and it's just a dead connection.
Using ProxyDroid unfortunately requires me to launch ConnectBot, connect ssh, then start the proxy. It'd be nice if ConnectBot could bring up the connection automatically, or ProxyDroid could do it. What I do right now is VPN unknown wifi connections and I can automate that with Tasker. I might look to see if I can automate connecting with ConnectBot then enable the ProxyDroid connection.
Click to expand...
Click to collapse
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.
Dr.Tautology said:
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.
Click to expand...
Click to collapse
I think so, it's just firewall settings etc.. Unfortunately for me, I need stuff that doesn't support SOCKS so I've gone back to looking into a faster OpenVPN service.
But this is good for browsing and things that use http etc.
Dr.Tautology said:
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.
Click to expand...
Click to collapse
hi have you figured out an automated script for this task via tasker, iv tried to create something but ended up no where lol.
Hi my collage wifi connection is proxy based
Whenever i surfed internet on that connection only some basic application are connected through that connection
But many 3rd party apps doses't connect by that connection like games
Any solution like connection tunnel apps or else
I don't want to root my device
Thanks
sam.jaat said:
Hi my collage wifi connection is proxy based
Whenever i surfed internet on that connection only some basic application are connected through that connection
But many 3rd party apps doses't connect by that connection like games
Any solution like connection tunnel apps or else
I don't want to root my device
Thanks
Click to expand...
Click to collapse
Do you have to login to the proxy or is it an open proxy? If it's open, you could see if you can find a OpenVPN server that listens on 80 or 443. Then use any OpenVPN client on Android and you can add/update config to match the directions here: https://openvpn.net/index.php/open-source/documentation/howto.html#http
Before anyone says "this has been discussed before" yes it has, but this is the ONLY method that's worked for me, so therefore it may also work for you when others have not.
My carrier is Telcel (Mexico) Its prepaid that I haven't paid for since using the VPN, as it allows me to have free internet, and this method allows me to share it with all my devices, I've used 30GB of data in 2 weeks.
Disclaimer: not responsible for your device in anyway, even though this should not harm anything
STEP 1: You need a rooted device
STEP 2: Make sure you have a VPN app, like OpenVPN or DroidVPN ( I use DroidVPN and its the best)
STEP 3: Download Terminal Emulator
STEP 4: Activate your hotspot and connect to your VPN
STEP 5: launch Terminal emulator and on the first line type "su" (without the quotes) and press enter
STEP 6: Copy and paste this to the Terminal Emulator, MAKE SURE TO PASTE TO A NEW FOLDER USING ROOT BROWSER FIRST, AND COPY TO T.E. IN THE EXACT FORMAT AS SHOWN
Code:
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
STEP 7: That's about it
Also be sure to make a folder with Root Browser and paste the code there, as this resets after re-boot.
Please comment if this worked for you, it worked on my LG G3 on android 4.4.2
FIRST!
So, basically, what do this does?
GabrielCool1 said:
So, basically, what do this does?
Click to expand...
Click to collapse
Basically for me it allows me to bypass my carriers tether restrictions, in example; you have tmobile, your plan has unlimited data but only 5GB of tethering, this will trick it into thinking all traffic is coming from your phone, giving you unlimited data to all your devices
SmokeyTech1 said:
Basically for me it allows me to bypass my carriers tether restrictions, in example; you have tmobile, your plan has unlimited data but only 5GB of tethering, this will trick it into thinking all traffic is coming from your phone, giving you unlimited data to all your devices
Click to expand...
Click to collapse
Venga, que no te entiendo lo del tethering, me lo puedes explicar en español? C:
GabrielCool1 said:
Venga, que no te entiendo lo del tethering, me lo puedes explicar en español? C:
Click to expand...
Click to collapse
Claro! Enviarme un mensaje directo y yo te dijo
FWIW this will be different on different carriers, different devices, and different VPN(Juno's pulse for example). Good info none the less :good:
Sent from my SM-G900P using XDA Free mobile app
miked63017 said:
FWIW this will be different on different carriers, different devices, and different VPN(Juno's pulse for example). Good info none the less :good:
Sent from my SM-G900P using XDA Free mobile app
Click to expand...
Click to collapse
This should darn near be universal, as this was code I found was just a copy and paste of the original, don't need to change anything, it should also work with all VPNs, can't confirm though, I've only used this on my AT&T LG G3, I will try on my HTC One
Also the "IP table" part of the code can be found in a few places, the special part of the code is "ip rule" and "ip route"
SmokeyTech1 said:
This should darn near be universal, as this was code I found was just a copy and paste of the original, don't need to change anything, it should also work with all VPNs, can't confirm though, I've only used this on my AT&T LG G3, I will try on my HTC One
Also the "IP table" part of the code can be found in a few places, the special part of the code is "ip rule" and "ip route"
Click to expand...
Click to collapse
The iptables should be, but the routing, rules, and lookup tables could vary. Also some carriers you would need extra iptables commands and route commands to work with their tethering data cap security measures.
Like I said its useful knowledge but in some cases may need a little extra massaging to fully work.
any good guides for setting up a vpn server on your own PC?
sowers17 said:
any good guides for setting up a vpn server on your own PC?
Click to expand...
Click to collapse
Are you on windows or Linux?
Honestly the easiest way would be to get a router that supports it out of the box, but if you don't have one its still pretty easily doable.
thingss said:
Good guide. Thanks.
Click to expand...
Click to collapse
Did this work for you? If so please state your device name and android version, I'm going to add to the OP a "confirmed working on"
SmokeyTech1 said:
Before anyone says "this has been discussed before" yes it has, but this is the ONLY method that's worked for me, so therefore it may also work for you when others have not.
My carrier is Telcel (Mexico) Its prepaid that I haven't paid for since using the VPN, as it allows me to have free internet, and this method allows me to share it with all my devices, I've used 30GB of data in 2 weeks.
Disclaimer: not responsible for your device in anyway, even though this should not harm anything
STEP 1: You need a rooted device
STEP 2: Make sure you have a VPN app, like OpenVPN or DroidVPN ( I use DroidVPN and its the best)
STEP 3: Download Terminal Emulator
STEP 4: Activate your hotspot and connect to your VPN
STEP 5: launch Terminal emulator and on the first line type "su" (without the quotes) and press enter
STEP 6: Copy and paste this to the Terminal Emulator, MAKE SURE TO PASTE TO A NEW FOLDER USING ROOT BROWSER FIRST, AND COPY TO T.E. IN THE EXACT FORMAT AS SHOWN
Code:
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
STEP 7: That's about it
Also be sure to make a folder with Root Browser and paste the code there, as this resets after re-boot.
Please comment if this worked for you, it worked on my LG G3 on android 4.4.2
Click to expand...
Click to collapse
Do you have a premium account or a free one on Droid VPN?
Sent from my GT-S7392 using xda app-developers app
Andro001 said:
Do you have a premium account or a free one on Droid VPN?
Sent from my GT-S7392 using xda app-developers app
Click to expand...
Click to collapse
Premium, the free account almost never connects, and you only get 100mb daily
SmokeyTech1 said:
Premium, the free account almost never connects, and you only get 100mb daily
Click to expand...
Click to collapse
I used droid vpn on my sim's internet connection after 100mb it disconnected so I just changed the mobile and with the same account I logged jn droid vpn and it got connected. How was it possible?
Sent from my GT-S7392 using xda app-developers app
Andro001 said:
I used droid vpn on my sim's internet connection after 100mb it disconnected so I just changed the mobile and with the same account I logged jn droid vpn and it got connected. How was it possible?
Sent from my GT-S7392 using xda app-developers app
Click to expand...
Click to collapse
I really don't know, maybe droidvpn monitors each devices data, like you can use 100mb on one 100mb on another,
does this work on android lollipop version 5.0? im not sure if its safe to write that down in the android terminal
shadowx141 said:
does this work on android lollipop version 5.0? im not sure if its safe to write that down in the android terminal
Click to expand...
Click to collapse
Works and great! on android 5.02
Is there any way to incorporate this into an AFWall+ profile, so that someone can just switch profile when leaving home and have this automatically setup?
miked63017 said:
Are you on windows or Linux?
Honestly the easiest way would be to get a router that supports it out of the box, but if you don't have one its still pretty easily doable.
Click to expand...
Click to collapse
I got a dlink 510L that says it will run my pantech 290, it work on computer with software, when i put it in router saying no internet.
So I figured I post a guide here for any of you having trouble routing a VPN through the wifi tether interface.
Before I start, you must have a root! Which means this will only work on international varients of the Galaxy S8/S8+ with unlocked bootloader's.
There are plenty of guides online on how to root.
First off, native tethering does NOT use the wlan0 as the interface! Instead the Galaxy S8/S8+ use an interface named swlan0. This means forget all the apps you may have been using like "Android Wifi Tether" etc. You will have to do this manually.
How to setup your phone:
1. First off start buy downloading a VPN app from the play store. My preferred app is "NordVPN" as they offer Netflix and Hulu access. Yes, NordVPN does cost money so your welcome to use any VPN of your choice.
2. Now download an app called "Scripter" from the play store and open it. https://play.google.com/store/apps/details?id=com.faziklogic.scripter
3. Click "Create Script"
4. In the first box name it anything you want like "Tether Hack"
5. In the second box labeled "Commands" copy and paste the below code:
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev swlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev swlan0 scope link table 61
And click "Save"
6. (Optional) Download an app called "Wifi Hotspot Widget" https://play.google.com/store/apps/details?id=com.aiuspaktyn.hotspot so you can add it to your home screen layout for quick access to start Android's wifi tethering feature. While your at it make a quick shortcut of the VPN app you chose and the "Scripter" app so you can easily start the tethering with VPN.
7. Now the fun parts, start you VPN first. Then start your Android wifi tethering feature. Finally, open the "Scripter" app and select the script you made earlier. It will ask if you want to run the script, click "YES".
8. Done! Now go ahead and test it out by connecting your computer to the wifi access point you made and visit a website to verify your VPN is working.
Keep in my mind the biggest advantage to this aside from security is that this will NOT use your carriers tethering data usage. So if you have unlimited data but only 7GB of tethering with this trick you WILL have UNLIMITED tethering.
If you have any questions or liked this post please feel free to comment below or PM me anytime!
Reserved
thanks
mfoster978 said:
So I figured I post a guide here for any of you having trouble routing a VPN through the wifi tether interface.
Before I start, you must have a root! Which means this will only work on international varients of the Galaxy S8/S8+ with unlocked bootloader's.
There are plenty of guides online on how to root.
First off, native tethering does NOT use the wlan0 as the interface! Instead the Galaxy S8/S8+ use an interface named swlan0. This means forget all the apps you may have been using like "Android Wifi Tether" etc. You will have to do this manually.
How to setup your phone:
1. First off start buy downloading a VPN app from the play store. My preferred app is "NordVPN" as they offer Netflix and Hulu access. Yes, NordVPN does cost money so your welcome to use any VPN of your choice.
2. Now download an app called "Scripter" from the play store and open it. https://play.google.com/store/apps/details?id=com.faziklogic.scripter
3. Click "Create Script"
4. In the first box name it anything you want like "Tether Hack"
5. In the second box labeled "Commands" copy and paste the below code:
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev swlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev swlan0 scope link table 61
And click "Save"
6. (Optional) Download an app called "Wifi Hotspot Widget" https://play.google.com/store/apps/details?id=com.aiuspaktyn.hotspot so you can add it to your home screen layout for quick access to start Android's wifi tethering feature. While your at it make a quick shortcut of the VPN app you chose and the "Scripter" app so you can easily start the tethering with VPN.
7. Now the fun parts, start you VPN first. Then start your Android wifi tethering feature. Finally, open the "Scripter" app and select the script you made earlier. It will ask if you want to run the script, click "YES".
8. Done! Now go ahead and test it out by connecting your computer to the wifi access point you made and visit a website to verify your VPN is working.
Keep in my mind the biggest advantage to this aside from security is that this will NOT use your carriers tethering data usage. So if you have unlimited data but only 7GB of tethering with this trick you WILL have UNLIMITED tethering.
If you have any questions or liked this post please feel free to comment below or PM me anytime!
Click to expand...
Click to collapse
Well cool. Cheers. You just breathed new life into an old fossil. Now I have a new target; something of interest to code for. ??