HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Unfortunately there is no simple answer to your question. AFAIK you cant get a fixed ip on gprs, but if your using the right firewall and the right vpn host you dont need to.
I use and supply windows sbs 2003 servers and vpn into them regularly. I have also used citrix to achieve similar results. Might be a bit difficult to persuade your firms it dept to set up something like that for 1 person though.
PM me if youd like any advice.
BillyB said:
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Click to expand...
Click to collapse
Hello Billy,
You ask a good question, but the answer isn't simple. Most carriers do have two types of APN (Access Point Name) provision for your SIM: "private" APN (which provides a non-routable IP assignment from behind a NAT, for basic browsing and e-mail functionality) and "public" APN (that provides a routable IP assignment, which is the Minimum Requirement for a more sophisticated connection type, such as VPN, etc). However, both of them are assigned by a DHCP (Dynamic Host Configuration Protocol) Server on a GGSN (Gateway GPRS Support Node) of your particular GPRS network operator. In either case, the end result will obviously be a DYNAMIC IP address on your GPRS terminal (be it a laptop PC, a PDA, or phone)
Some carriers do offer what is called a "dedicated APN" provision, which gives the subscriber their own IP range to choose from (almost like a small subnet), but it is only available to corporate giants like Pepsi (for example).
Now, to sum it up, you must have the proper APN provisioned on your Mobile SIM account (which the provider will normally call something like a "VPN data package" in billing terms). Then, you must obviously establish a GPRS session before you can connect your VPN client (but remember that most basic VPN clients work the best). It is pretty sad to say, but Microsoft Windows-embedded VPN client on Win2k/XP Pro so far has performed the best with no quirks whatsoever. It has to be via PPTP...L2TP has also worked for me..otherwise, the fancier (and more secure) the VPN tunneling protocol, the more its likely to fail. Normally all you need for a basic MS WIndows VPN client config is the Server name (or IP address), the user name, and the password.
Hope this helps,
Let me know how it goes,
Alex
PS. PM me if you have further questions.
VPN and TS Its like pulling teeth
hi all this has got to be the most anoying problem ever. i can connect to O2 vpn access point and hence i can connect to my work vpn server. however as soon as i try to open a TS connection to my desktop (through the vpn) the VPN connection is dropped and i never connect. Can anybody tell me why? if i have a vpn connection to my work server why does TS try to make another connection and bomb out the original. Is there a fix or another way of doing this i.e. does a external IP have to be nat'd to my desktop IP on port 3389? all help greatly appreciated. Ian
Does anyone know of an app that allows your phone to become a web proxy?
Let me explain my situation... I work for a corporation that filters all their internet connections through a web proxy, which sucks cuz I can't visit any of the fun sites... one way around this I've found was to use ICS on my phone but that interferes with the default gateway on the current network.
All traffic on the network by default goes to an internal gateway on the local intranet and it really needs to stay this way because there are too many work ip's and ports to be able to statically route all of them through a specific destination and leave the default gateway as the ICS 192.168.1.1.
I have been able to create static routes to specific ip addresses (like my home computer) which override the default gateway and use ICS instead.. this is great but obviously not that great for web browsing and masking my use on the internet... what I would like to be able to do is set the HTTP proxy to my phone and have it handle all of the redirection... that would allow me to have a single route in the routing tables but span out to wherever I want on the web...
Oh, and yes, I have thought of just setting up a proxy on my home comp and routing through the phone -> home comp -> back through phone but that obviously limits me to the upstream bandwidth of my home network... which isn't TERRIBLE, and is feasible but obviously if I could eliminate the extra jump it would be much much better.
I can handle the routing tables np, they're easy to add from command-line.. problem is I need some kind of a proxy application on the phone that will handle all of the HTTP calls... anyone know of an application such as this?
Thanks
Hm can't say I know of an app that does this... it is planned for one of the upcoming releases of WMWifiRouter but that's still a while away and may give you the gateway issue again.
Chainfire said:
Hm can't say I know of an app that does this... it is planned for one of the upcoming releases of WMWifiRouter but that's still a while away and may give you the gateway issue again.
Click to expand...
Click to collapse
Ya I did more googling and still can't find anything... I just setup dante server on my linux vm at home and got a good socks proxy going.. seems to be working very well.. my upstream on cable is 80k/sec so that's not too bad I guess.
I'll keep an eye on wmwifirouter release notes though thanks
Hi Guys,
I'm writing an Android App for my diploma and i need to find a way to sniff the traffic of an unsecured wifi network. I need the session cookies, sent by other clients in the network.
I've tried to install busybox and use '/system/xbin/ifconfig eth0 promisc' to switch into promiscuous mode, and it actually does according to the output of 'system/xbin/ifconfig eth0' but i dont receive any packets of the clients in the network, only packets from my router.
My question is, what i'm doing wrong and how can i achieve to sniff cookies from other clients.
Thx in Advance!
Joker
SoSJokerSoS said:
Hi Guys,
I'm writing an Android App for my diploma and i need to find a way to sniff the traffic of an unsecured wifi network. I need the session cookies, sent by other clients in the network.
I've tried to install busybox and use '/system/xbin/ifconfig eth0 promisc' to switch into promiscuous mode, and it actually does according to the output of 'system/xbin/ifconfig eth0' but i dont receive any packets of the clients in the network, only packets from my router.
My question is, what i'm doing wrong and how can i achieve to sniff cookies from other clients.
Thx in Advance!
Joker
Click to expand...
Click to collapse
Read some good books on sockets and tcp/ip networking I can recommend Richard Stevens. O'Reilly does have some good books on tcp/ip networking. Ask your teacher how tcp/upd packets are routed in a network.
kwbr said:
Read some good books on sockets and tcp/ip networking I can recommend Richard Stevens. O'Reilly does have some good books on tcp/ip networking. Ask your teacher how tcp/upd packets are routed in a network.
Click to expand...
Click to collapse
can we read the 802.11 header( eg..probe, ARP,) with or without root into the device using just the onboard WIFI chip-set comes with the samsung S4 or any android phone.
I, like many here, have received a notice about tethering usage. I was working on a non-related project for someone who is heading to China so that they could bypass TGFoC when I had the following idea. If I can pass a computer in China through my SSH server to get internet access, why can't I do the same within the WebTop environment?
I know that in the WebTop environment, the phone window still has a valid connection to my carrier (AT&T, as the case may be), although the Webtop environment does not unless you pay for the double-dipping fee for tether usage. Here's what I did to get internet access on my phone (in Firefox) and it appears to work for me (YMMV):
===Things you'll need:===
Phone with WebTop
ConnectBot installed on the phone
Valid credentials to a box you can SSH to as well as create port forwards on
===Procedure===
1 On the phone, setup the ConnectBot ahead of time for the connection to the server.
2 Create a port forward
2a Name it anything you want (I called my WebProxy)
2b Type should be dynamic (SOCKS)
2c Source port is set to 8080. Any unused port should be fine, but this is the one I used
2d Destination is unchanged
3 Open up Webtop. Although untested, I see no reason why Webtop via HDMI shouldn't work.
4 Within the Mobile view window, connect to your server and ensure that the port forward is enabled (a disabled one has a line through it)
5 Open the Preferences of the WebTop's Firefox
6 Click on Advanced->Network->Settings
7 Change the proxy to be SOCKS and use 127.0.0.1 as the IP and the same port number as you selected in step 2c
8 If you want the DNS requests to work, you may wish to change that within about:config (look for "network.proxy.socks_remote_dns" and set it to true)
Your FF should now pass all its traffic through ConnectBot's SSH connection.
===Caveats===
1 All your network traffic from Firefox will be slower due to your SSH server acting as proxy.
2 You obviously need a desktop/ server machine that is reachable all the time. This may not be cost effective if this is its only use.
3 I do not claim that this is undetectable, only that it works. If another person more knowledgeable in this could comment, I'd appreciate it.
Thoughts?
I'm having occasional issues with ConnectBot not creating the port forward while on mobile data, and I'm thinking it may be timing related. Could anyone assist?
wingmanjd said:
I'm having occasional issues with ConnectBot not creating the port forward while on mobile data, and I'm thinking it may be timing related. Could anyone assist?
Click to expand...
Click to collapse
Solved my own problem. I had a dying Atrix phone previously. My tutorial above works perfectly on my new phone.
This really helped me!
Thanks a lot, it worked (although I can't find a "thanks" button).
But I don't get one little thing. Why we have to set the proxy to "source port"? In my (obviously mistaken) mind, it should be the destination port.
On a computer ssh command we would use something like:
ssh -ND [port-passed-to-proxy] [email protected]
I'm a bit confused by the name "source" to the port being passed to the proxy as I see it the other way around.
perr0.br said:
Thanks a lot, it worked (although I can't find a "thanks" button).
But I don't get one little thing. Why we have to set the proxy to "source port"? In my (obviously mistaken) mind, it should be the destination port.
On a computer ssh command we would use something like:
ssh -ND [port-passed-to-proxy] [email protected]
I'm a bit confused by the name "source" to the port being passed to the proxy as I see it the other way around.
Click to expand...
Click to collapse
Well, I think the confusion lies in possibly the way you're looking at it. From connectBot's viewpoint, it's going to be passing all data that hits the source port via its connection. Firefox's proxy port, and what I'd consider to be a destination port from its point of view, would be the connectBot's source port.
I'm not a developer, but I play one on TV.
For anyone interested in data security the ability to encrypt network traffic is obviously important-- especially in light of the myriad of recent well publicized reports of private and government electronic snooping. It is also relevant to mention that to date no one has come close to cracking "TwoFish" encryption which can be used by SSH. With this in mind, consider the following tutorial which describes a method for encrypting all 3g, 4g, and Wi-Fi data, thus beefing up phone and personal data security.
Setting up a global SSH Tunnel on Android phones
This tutorial assumes the reader possesses a fully configured SSH server and rooted phone. In lieu of a server, (eg., the reader only has only a Windows-based operating system), research into CYGWIN is recommended. I use CYGWIN to run my SSH server and I have found that it is the most robust option for Windows users; however, setting this up on Windows can be a daunting task.
Setting up global SSH Tunnel on Android
1. Download 2 apps from the Google Playstore: ConnectBot and ProxyDroid
2. Install ConnectBot and ProxyDroid on your phone.
3. In ConnectBot set up Port forwards for your SSH connection. For "Type" field use "Dynamic (SOCKS)." For “Source Port” use 56001 or any local port not being used. The reasoning behind using port 56001 is this: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535)
4. Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001 (or the port you chose to use in step 3)
Proxy Type: SOCKS5
Global Proxy: Check the box
The above procedure accomplishes several things. First, ConnectBot remotely connects to your SSH server. Next, the ConnectBot connection forwards to the local port 56001. ProxyDroid then redirects all network traffic through the localhost on port 56001. Once you are connected through ConnectBot and ProxyDroid is activated all of your data will be tunneled through the encrypted ConnectBot session. This is an excellent way to set up a global proxy because it does not require manual configuration of any applications to connect through the proxy. You can test the functionality of the connection by opening up your phone browser and performing the Google search: What is my IP. If the proxy is functional you will see the WAN IP of the network of your SSH server. Additional and more thorough testing can be done with packet sniffers such as WireShark.
An application called "SSH Tunnel" is an alternative to accomplishing the above. However, I find ConnectBot and ProxyDroid is more elegant and gives better control-- not to mention being more sophisticated/chic. When correctly performed the ConnectBot and ProxyDroid method encrypts all 3g, 4g and Wi-Fi data on your phone. This is obviously useful for phone access of sensitive materials especially using unfamiliar or alien network connections. With the current proliferation of identity theft via electronic snooping on mobile devices I do not advocate using cellular phones for any banking or electronic transactions without setting up a robust and reliable encrypted connection.
I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this
Android 4.3?
strifej said:
I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this
Click to expand...
Click to collapse
Unfortunately, I have not done any testing with android 4.3 yet so I'm not sure why the dns request wouldn't be proxied. I'll look into it and get back to you.
DNS proxy on android 4.3
strifej said:
I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this
Click to expand...
Click to collapse
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983
4.4
Dr.Tautology said:
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983
Click to expand...
Click to collapse
Tested on kitkat and is working fine. Ssh tunnel app not working however.
Dr.Tautology said:
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983
Click to expand...
Click to collapse
I use pacman rom on nexus 4.
thank you for this tutorial!
I have been looking for a new way to setup SSH tunneling since the app "ssh tunnel" from the Google Play store stopped working with Android 4.2+
I can't wait to try this out..
I have two phones both SGS4's one running CM 10.2 and the other stock on 4.3 so i will try both of them out and report back here how it works out.
Thanks again for the tutorial!
-droidshadow
Thank you Dr.Tautology
Thank you Dr.Tautology
I was searching a big time for the solution you gave me.
First I was using SSHtunnel app from google play and it worked on my note 3 SM-N9005 (rooted) with jb 4.3. After upgrade to 4.4.2 kitkat (rooted) I could connect but there was no changing to my home ip in the browsers that I use with surfing by example to whatmyip . I also have a tablet "nexus 7" 2012 version upgraded also to 4.4.2 and on this device SSHTunnel is functional and the ip is changing??? I did not understand. Now I was searching for alternatives for my galaxy note 3 and I've found ssh connectbot and proxydroid. After I added the settings that I always used with dyn socks5 port 11723 on both programs.... -> connection to my DD-WRT router (with connectbot) was also possible. I also booted proxydroid and again after running chrome or firefox I still had the same ip so it didn't work.... Now I've found your post and read that the socks5 port must be above 49152. I changed the ports on both programs to 56001 in ('connectbot and proxydroid) and BAM! Connected with my home IP from outside my home :laugh:
The weird thing is that it worked on JB 4.3 with socks5 port 11723.
Now my woking SSH tunnel config -> Host = home-ip:7500 (default port = 22 in DDWRT)
user to connect to DD-WRT router = Root
password = Router password
dyn proxy socks5 port = 56001 as you suggest.
I have an app from my isp that I only can use with my home ip so I had to be home and connect by wifi. Now it's possible again with tunneling
Now the only thing that I have to do is thank you. :victory:
Never thought that the port number should be the problem.
Best regards DWroadrunner
I managed to set this up using SSH Tunnel for android. However I would like to use SSH Autotunnel as it's supposed to handle network changes better and is also more light weight. Does anybody know what type of private key this programm accepts? I have had no luck using putty keygen and the id_rsa I created in ubuntu does not seem to work either.
Glad to help!
DWroadrunner said:
Thank you Dr.Tautology
I was searching a big time for the solution you gave me.
First I was using SSHtunnel app from google play and it worked on my note 3 SM-N9005 (rooted) with jb 4.3. After upgrade to 4.4.2 kitkat (rooted) I could connect but there was no changing to my home ip in the browsers that I use with surfing by example to whatmyip . I also have a tablet "nexus 7" 2012 version upgraded also to 4.4.2 and on this device SSHTunnel is functional and the ip is changing??? I did not understand. Now I was searching for alternatives for my galaxy note 3 and I've found ssh connectbot and proxydroid. After I added the settings that I always used with dyn socks5 port 11723 on both programs.... -> connection to my DD-WRT router (with connectbot) was also possible. I also booted proxydroid and again after running chrome or firefox I still had the same ip so it didn't work.... Now I've found your post and read that the socks5 port must be above 49152. I changed the ports on both programs to 56001 in ('connectbot and proxydroid) and BAM! Connected with my home IP from outside my home :laugh:
The weird thing is that it worked on JB 4.3 with socks5 port 11723.
Now my woking SSH tunnel config -> Host = home-ip:7500 (default port = 22 in DDWRT)
user to connect to DD-WRT router = Root
password = Router password
dyn proxy socks5 port = 56001 as you suggest.
I have an app from my isp that I only can use with my home ip so I had to be home and connect by wifi. Now it's possible again with tunneling
Now the only thing that I have to do is thank you. :victory:
Never thought that the port number should be the problem.
Best regards DWroadrunner
Click to expand...
Click to collapse
Hey DWroadrunner,
That's great news! I'm very happy that my post helped you, as my intention was to provide all the necessary information to do this in one place. It's not always the case that a user port wont work, but unless you are big on port level security it's not easy to determine if/when the port is being used. This is probably why 11723 did work for you, however it's always better to go with a dynamic/private port range. Also, if you want a simple way to improve the security of your ssh server change the default port from 22 to something else. You'd be surprised how many attempts to connect will be made by attackers on a daily basis.
Regards,
DocTaut
droidshadow said:
I have been looking for a new way to setup SSH tunneling since the app "ssh tunnel" from the Google Play store stopped working with Android 4.2+
I can't wait to try this out..
I have two phones both SGS4's one running CM 10.2 and the other stock on 4.3 so i will try both of them out and report back here how it works out.
Thanks again for the tutorial!
-droidshadow
Click to expand...
Click to collapse
Let me know if this is working on CM. I have tested on stock 4.3 with no issues.
Any luck yet?
rintinfinn said:
I managed to set this up using SSH Tunnel for android. However I would like to use SSH Autotunnel as it's supposed to handle network changes better and is also more light weight. Does anybody know what type of private key this programm accepts? I have had no luck using putty keygen and the id_rsa I created in ubuntu does not seem to work either.
Click to expand...
Click to collapse
Hello,
I've used auto tunnel a handful of times. Just wanted to check to see if you figured out what key it accepts. I will test it out when I get a chance.
Dr.Tautology said:
Hello,
I've used auto tunnel a handful of times. Just wanted to check to see if you figured out what key it accepts. I will test it out when I get a chance.
Click to expand...
Click to collapse
Hi, the developer send me a mail saying that autotunnel should accept both private key types. None of them worked for me, though. He also suggested to try and paste the content of the private key into the bracket. I might give that a try. Edit: I can confirm copying and pasting the private key works. But it does not seem to transfer traffic via the the server, at least not the 3g traffic while using chrome. Edit 2: Turns out SSH Autotunnel does not use a socks proxy. Therefore secure browsing is not an option. The app is for secure pop3/ftp-server/smtp-server connections only. Thanks go to Matej for his kind support.
I've been using OpenVPN but I'd prefer to use ssh, as I have several ssh servers around the world, plus their pipes are bigger than my home line I have openvpn running on.
I have yet to get SSH Tunnel (apk) to work reliably; it randomly stops working and it's just a dead connection.
Using ProxyDroid unfortunately requires me to launch ConnectBot, connect ssh, then start the proxy. It'd be nice if ConnectBot could bring up the connection automatically, or ProxyDroid could do it. What I do right now is VPN unknown wifi connections and I can automate that with Tasker. I might look to see if I can automate connecting with ConnectBot then enable the ProxyDroid connection.
You can use ssh tunnels also with Drony if some proxy with authentication is involved. Works also on non rooted devices.
Automation
khaytsus said:
I've been using OpenVPN but I'd prefer to use ssh, as I have several ssh servers around the world, plus their pipes are bigger than my home line I have openvpn running on.
I have yet to get SSH Tunnel (apk) to work reliably; it randomly stops working and it's just a dead connection.
Using ProxyDroid unfortunately requires me to launch ConnectBot, connect ssh, then start the proxy. It'd be nice if ConnectBot could bring up the connection automatically, or ProxyDroid could do it. What I do right now is VPN unknown wifi connections and I can automate that with Tasker. I might look to see if I can automate connecting with ConnectBot then enable the ProxyDroid connection.
Click to expand...
Click to collapse
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.
Dr.Tautology said:
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.
Click to expand...
Click to collapse
I think so, it's just firewall settings etc.. Unfortunately for me, I need stuff that doesn't support SOCKS so I've gone back to looking into a faster OpenVPN service.
But this is good for browsing and things that use http etc.
Dr.Tautology said:
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.
Click to expand...
Click to collapse
hi have you figured out an automated script for this task via tasker, iv tried to create something but ended up no where lol.
Hi my collage wifi connection is proxy based
Whenever i surfed internet on that connection only some basic application are connected through that connection
But many 3rd party apps doses't connect by that connection like games
Any solution like connection tunnel apps or else
I don't want to root my device
Thanks
sam.jaat said:
Hi my collage wifi connection is proxy based
Whenever i surfed internet on that connection only some basic application are connected through that connection
But many 3rd party apps doses't connect by that connection like games
Any solution like connection tunnel apps or else
I don't want to root my device
Thanks
Click to expand...
Click to collapse
Do you have to login to the proxy or is it an open proxy? If it's open, you could see if you can find a OpenVPN server that listens on 80 or 443. Then use any OpenVPN client on Android and you can add/update config to match the directions here: https://openvpn.net/index.php/open-source/documentation/howto.html#http