This is what i get on CM12. Similar commands like 'ip route' show the same. No default gateway. But the internet connection works as the gateway is defined properly in the Android WiFi settings. But why doesn't it show up with the 'route' command?
Code:
localhost / # busybox route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 * 255.255.255.0 U 0 0 0 wlan0
Related
We have develop a vpn client and a virtual ethernet adapter (NIC). So all IP packets will go through the virtual interface.
So we can set the metric and default gw in the routing table to the virtual adapter. it works fine on the old firmware of HTC universal (MDA Pro). But on the new WM Firmware of T-Mobile (ExtRom 1.30.223 GER) the network traffic go only through the wireless lan and not through our virtual interface.
Here is the routing table :
Destination | Mask | Nexthop | interface index | metric
0.0.0.0 | 0.0.0.0 | 192.169.1.1 | 2.0.0.0 | 10
0.0.0.0 | 0.0.0.0 | 10.0.6.1 | 3.0.1.0 | 30
the router of our virtual NIC is all ready setted in the top of the routing table, also metric and it have a less index, but IP packet go through WLAN ?!
ps.
theoretically we can set the default gateway to UMTS or WLAN.
although the virtual adapter have a less metric and
index in the routing table !?
Does any body try to set default GW, or to swap default GW beetween GPRS/UMTS and WLAN connection ?
There is a code sample from Pb, but it doesn't work in our project.
\PUBLIC\COMMON\OAK\DRIVERS\NETSAMP\ROUTE
Please remove the "zip" ending in attachment.
Is it possible to connect the Trinity to a "Conceptronic C54APM" access point with WEP activated?
I am able to connect it, give the correct password but I can get no communication!!!
Thanks in advance.
edba2000 said:
Is it possible to connect the Trinity to a "Conceptronic C54APM" access point with WEP activated?
I am able to connect it, give the correct password but I can get no communication!!!
Thanks in advance.
Click to expand...
Click to collapse
Try taking off the wep protection on your access point, then get the Trinity connnected. If all is well, then add the wep again. Make sure that you check that the "shared" option is the same on both.
Just in case, access can also be restricted/enabled at the MAC level.
Thanks for the answer.
Even without WEP, I still can't connect
Here is my "Access Point" config:
System
Up time 0day:0h:21m:25s
Hardware Version Rev. A
Firmware Version 1.25
Wireless Configuration
Mode AP
ESSID xxxxxx
Channel Number 5
Security WEP
BSSID 00:xx:xx:xx:xx:xx
Associated Clients 2
LAN Configuration
IP Address 192.168.0.2
Subnet Mask 255.255.255.0
Default Gateway 192.168.0.1
MAC Address 00:xx:xx:xx:xx:xx
Authentication Type : Open System Shared Key [X]Auto
Fragment Threshold : 2346 (256-2346)
RTS Threshold : 2347 (0-2347)
Beacon Interval : 100 (20-1024 ms)
Data Rate : 54M
Transmit Rate :
Preamble Type : [X] Long Preamble Short Preamble
Broadcast ESSID : [X] Enabled Disabled
IAPP : [X] Enabled Disabled
802.11g Protection : Enabled [X] Disabled
Encryption : WEP
Key Length : 128 bit
Key Format : ASCII (13 char)
Default Tx Key : key1
Encryption Key 1 : *************
Encryption Key 2 : *************
Encryption Key 3 : *************
Encryption Key 4 : *************
[ ] Enable 802.1x Authentication
* Management IP
IP Address : 192.168.0.2
Subnet Mask : 255.255.255.0
Gateway Address : 192.168.0.1
DHCP Server : enabled
* DHCP Server
Default Gateway IP : 192.168.0.1
Domain Name Server IP : 192.168.0.1
Start IP : 192.168.0.5
End IP : 192.168.0.10
Domain Name :
Lease Time : forever
When I connect my HTC to the AccessPoint, the IP 192.158.0.5 is assigned to it but I can't ping to 192.168.0.2 (the AP IP)
Some other help would be great!
Thanks
edba2000 said:
Is it possible to connect the Trinity to a "Conceptronic C54APM" access point with WEP activated?
I am able to connect it, give the correct password but I can get no communication!!!
Thanks in advance.
Click to expand...
Click to collapse
You should try and connect your Trinity to another hot spot just to make sure that the Wifi is working properly. If so, you might try resetting your access point by the pin hole on the back, or however your AP resets. Personally, if I'm ever having trouble connecting a device to my network, I turn off all encryption and filtering until I get a connection. The info you gave shows WEP encryption is still on.
Hi Matterhorn,
Thanks for the answer. The info I gave shows WEP activated, but I did the test without WEP too. The result is the same.
The HTC is working properly and I can connect to other APs. I can't understand what's happening!!!
JUST FOUND THE PROBLEM!!!
The power mode must be: "Best Performance"
Thanks to all.
Of course that it will work on any Linux ! Of course that with any WM5 AKU 3 device ! Certainly that it works on 3G, EDGE, GPRS, because the PC doesn't see the WAN itself (the GSM network).
The stages are as simple as 1, 2, 3 !
1. Go (on the WM5 AKU 3.x device) to Internet Sharing, select your network, select BT-PAN profice and click Connect.
2. Open a console on Linux (root) and start writing:
root# pand -s -r PANU
root# pand -Q10
(optional, to test) root# pand -l
root# ifconfig bnep0 192.168.0.2
root# route add default gw 192.168.0.1
root# echo "nameserver 194.102.255.2" > /tmp/resolv.conf.bnep0
3. READY !
Notes upon the implied commands:
a) pand -s -r PANU // starts the PAN daemon (server) in the PANU mode and puts it to listening mode
b) pand -Q10 // performs a 10sec search for the HCI address of a PANU and connects to it
c) pand -l // view if you have connection : bnep0 00:17:83:01:38:6B PANU - in my case
d) ifconfig bnep0 192.168.0.2 // sets the IP of the virtual network interface. Please do veryfy on your PDA that the PAN interface has 192.168.0.1 already seted up. Of course that you can use other IPs, but stay in the same network !
e) route add default gw 192.168.0.1 // sets the WM5 device as the gateway for IP packets. Certainly that you can change the address for originality, but remember that it must be the IP of the PAN interface on the WM5 device !
f) echo "nameserver 194.102.255.2" > /tmp/resolv.conf.bnep0 // assigns a DNS server to be queried. Of course that you can use any DNS IP that you want.
g) REMEMBER: On Fedora, IP forward is already activated. On Debian it is not. Thus, before command number e, you must activate it by typing "echo 1 > /proc/sys/net/ipv4/ip_forward" (without the quotes).
Cheers !
We are testing IP forwarding feature on windows mobile 6.1 platform. The scenario is as following:
169.254.19.49/16 169.254.54.165/16
+--------| a +--------+
| PC1 | ----------- | Mobile |
+--------+ +--------+
\ |
\ c b |
\ |
\ |
\ +---------+
\-------------- | PC2 |
169.254.160.194/16 +---------+
We setup an Wi-Fi ad-hoc network and 3 nodes involved. This is a full mesh network. There is a direct wireless link 'c' between PC1 and PC2 and we expect the IP packets path changed to be PC1--Mobile--PC2.
We enabled IP forwarding on the mobile phone and change PC1 and PC2's routing tables. But it seems IP forwarding does not work properly. We did 'ping 169.254.19.49' from PC2 and we did get the ICMP replies. While the packet sniffer shows that those replies are originated by the middle node (source IP is 169.254.54.165) and no packets are received by 169.254.19.49. How come the mobile phone take the responsibility to answer the ICMP reply for PC1 and it even does not check the reachability to PC1.It seems there is some kind of proxy running on the mobile? Any configuration we are missing?
The modifications to the devices are attached below:
PC1
----------------------------------------------------------------------------------------
IP: 169.254.19.49/16
Routing Table:
Network Destination Netmask Gateway Interface Metric
169.254.0.0 255.255.0.0 169.254.19.49 169.254.19.49 30
169.254.19.49 255.255.255.255 127.0.0.1 127.0.0.1 30
169.254.160.194 255.255.255.255 169.254.54.165 169.254.19.49 30
169.254.255.255 255.255.255.255 169.254.19.49 169.254.19.49 30
Basically, the routing setting implies that 'to 169.254.160.194, the next hop is 169.254.54.165'.
Registry setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect = 0
The purpose is to ignore possible ICMP redirect message from the mobile phone which would change the route entry 169.254.160.194 back to a direct network route.
Mobile:
----------------------------------------------------------------------------------------
IP: 169.254. 54.165/16
Routing Table:
Network Destination Netmask Gateway Interface
Metric
169.254.0.0 255.255.0.0 169.254.160.194 0x3
25
169.254.19.49 255.255.255.255 169.254.54.165 0x3
30
169.254.54.165 255.255.255.255 127.0.0.1 0x3
30
169.254.160.194 255.255.255.255 169.254.54.165 0x3
30
169.254.255.255 255.255.255.255 169.254.2.1 0x30002
30
169.254.255.255 255.255.255.255 169.254.54.165 0x3
30
Registry setting:
HKEY_LOCAL_MACHINE\Comm\Tcpip\Parms\IpEnableRouter = 1
HKEY_LOCAL_MACHINE\Comm\Tcpip\Parms\EnableICMPRedirects = 0
PC2
----------------------------------------------------------------------------
------------
IP: 169.254.160.194/16
Routing Table:
Network Destination Netmask Gateway Interface
Metric
169.254.0.0 255.255.0.0 169.254.160.194 169.254.160.194
25
169.254.19.49 255.255.255.255 169.254.54.165 169.254.160.194
30
169.254.160.194 255.255.255.255 127.0.0.1 127.0.0.1
25
169.254.255.255 255.255.255.255 169.254.2.2 169.254.2.2
30
169.254.255.255 255.255.255.255 169.254.160.194 169.254.160.194
25
Basically, the routing setting implies that 'to 169.254.19.49, the next hop
is 169.254.54.165'.
Registry setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Enable
ICMPRedirect = 0
YOu shouldn't use 169.254 addressing.
169.254.0.0/16 is the "link local" block. It is allocated for communication between hosts on a single link.
Have a quick read on RFC 3330
something else in your network is probably interfering.
use 10.0.0.0/8 or perhaps 192.168.0.0/16 or 172.16.0.0/12 as these are set aside for private networking addresses.
thank you very much
farkah said:
YOu shouldn't use 169.254 addressing.
169.254.0.0/16 is the "link local" block. It is allocated for communication between hosts on a single link.
Have a quick read on RFC 3330
something else in your network is probably interfering.
use 10.0.0.0/8 or perhaps 192.168.0.0/16 or 172.16.0.0/12 as these are set aside for private networking addresses.
Click to expand...
Click to collapse
Thank you Very Much!!!! I have solve this problem!!!!
I see alot of questions about VPN's so I've decided to post an easy way to setup PIA VPN on a router running DD-WRT. I'm currently using a Netgear R8000 as a VPN router. Please note that running a VPN on your router will slow your speeds way down. I'm currently hitting 15-30mbps which is ok to run the firestick. The settings I am posting is what seems to be the fastest and most reliable for me. You can alway change the server you want to use but do not change anything else. Once your done rebooting you can test to make sure you are completely secure on the PIA webpage then go and run your DNS Leak Tests. If you are going to run a double router setup (which I am running) let me know and I'll post the setup for that also.
First you need to login to your router. Normally you would type 192.168.1.1 into the search bar. Default username for Netgear is "admin", password is "password".
In the DD-WRT Control Panel page, navigate to Setup > Basic Setup.
Under Network Address Server Settings (DHCP), set:
Static DNS 1 = 4.2.2.1
Static DNS 2 = 4.2.2.2
Static DNS 3 = 4.2.2.3
Use DNSMasq for DHCP = Checked
Use DNSMasq for DNS = Checked
DHCP-Authoritative = Checked
Save and Apply Settings.
Next navigate to Administration > Commands.
Cut and paste this insert your username and password USERNAME="user-name-here" and PASSWORD="password-here" , click the Save Startup button, then Reboot Router. :
#!/bin/sh
USERNAME="user-name-here"
PASSWORD="password-here"
PROTOCOL="udp"
# Add - delete - edit servers between ##BB## and ##EE##
REMOTE_SERVERS="
##BB##
# US - MIDWEST
remote us-midwest.privateinternetaccess.com 8080
##EE##
"
#### DO NOT CHANGE below this line unless you know exactly what you're doing ####
CA_CRT='-----BEGIN CERTIFICATE-----
MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
-----END CERTIFICATE-----'
OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`
if [ "$OPVPNENABLE" != 0 ]; then
nvram set openvpncl_enable=0
nvram commit
fi
sleep 10
mkdir /tmp/pia; cd /tmp/pia
echo -e "$USERNAME\n$PASSWORD" > userpass.conf
echo "$CA_CRT" > ca.crt
echo "#!/bin/sh
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE" > route-up.sh
echo "#!/bin/sh
iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE" > route-down.sh
chmod 644 ca.crt; chmod 600 userpass.conf; chmod 700 route-up.sh route-down.sh
sleep 10
echo "client
auth-user-pass /tmp/pia/userpass.conf
management 127.0.0.1 5001
management-log-cache 50
dev tun0
proto $PROTOCOL
comp-lzo adaptive
fast-io
script-security 2
mtu-disc yes
verb 4
mute 5
cipher bf-cbc
auth sha1
tun-mtu 1500
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
log-append piavpn.log
ca ca.crt
status-version 3
status status
daemon
$REMOTE_SERVERS" > pia.conf
ln -s /tmp/pia/piavpn.log /tmp/piavpn.log
ln -s /tmp/pia/status /tmp/status
(killall openvpn; openvpn --config /tmp/pia/pia.conf --route-up /tmp/pia/route-up.sh --down /tmp/pia/route-down.sh) &
exit 0
This is a really helpful post because not too many people out there are trying to do this exact thing.
I've tried like heck with my Linksys WRT3200ACM running DD-WRT build 2/17/2018. I have a Fire TV that I use mostly for running sideloaded Android apps and playing local network media from my NAS. I wanted to get the Fire TV to go through PIA on my router and allow the rest of my home network traffic to avoid the VPN.
With the easy GUI, I was able to get PIA to show a stable connection on the DD-WRT Status/VPN page, so I think it's working. The problem arose when I reserved an IP for the Fire TV on my router outside the DHCP range and named that IP as the single one to go through the VPN. I'm told, policy based routing switches the router application of the VPN to white listing only named addresses to use the service. That seemed to work, because as soon as I named an IP for policy based routing, all other traffic jumped to full (non-VPN) speed and showed as unprotected at the PIA website.
The problem was, when the Fire connected to the reserved IP, it immediately showed a loss of internet connectivity. No amount of fiddling with settings has brought joy. I suspect that something in my setup is wrong. Is it okay to set the reserved IP on the router via the MAC/host address? Is it okay to leave the wired Fire TV network setting at default, assuming it just joins the IP reserved for it? (I think so, because the reserved IP setup worked as long as I had the OpenVPN settings disabled) Also, since I've had constant trouble with UDP in my PIA settings, is it okay to switch to TCP as I have done?
Anyway, I finally hit the wall and I'm posting to the collective brain of the internet about this. I guess it's all too vague to solve as there are about a hundred moving parts, but I thought I'd give it a shot.
Thanks!