Database Info

[APP] OpenVPN for WM5/6 Smartphone

I managed to install and run OpenVPN for PPC on my S710 smartphone. I'm sure it will also work on other WM5/6 smartphones.
Here are the steps to install:
1. Make sure your device is unlocked, otherwise unlock it with Microsoft Security Manager
2. Unzip the attached .zip and copy the OpenVPN directory to \Storage Card\Program Files (you can choose another path but then you will have to modify two shortcuts in \Windows\Start Menu
3. Copy the Windows directory to \ (don't worry, it only adds two files in \Windows and two shortcuts in \Windows\Start Menu)
4. Copy the two registry files form the Registry directory to your device, e.g. to \My Documents and register them. To easily do that, I recommend Resco Registry editor)
To use OpenVPN you must of course have an OpenVPN server where you can connect to. Furthermore you need to create a config file and save it as "smartphone.ovpn" to \Storage Card\Program Files\OpenVPN\config
I have put there an example file which contains a line to write a log file "client.log" to \Storage Card\Program Files\OpenVPN\log. The log file helps you to debug any connection issues.
If you want to connect to your OpenVPN server, first fire up your Wifi or GPRS/Edge/UMTS. Now start the OpenVPN Connection manager, return to the Home screen and start the OpenVPN client by clicking on the white icon in your Start menu (sorry, I didn't bother to create or link it with a nice icon ...). The VPN connection will be established on top of your existing data connection. I noticed that it is sometimes necessary to tweak connection settings in the browser (toggle from Internet to Work or vice versa. It requires some experimenting to get the hang of it).
If you want to disconnect then click on OpenVPN Connection manager and select the VPN tab. In the bottom-right corner you can see just a little part of a button. Use the D-pad to select that button (the border line will become bold if you selected it) and click it. This will send a terminate signal to client and release the TAP network interface.
My mobile operator blocks VoIP ports so I mainly use an OpenVPN connection to tunnel VoIP traffic through an Edge connection
Only if you have smartphone specific feedback post in this thread. Do not ask general OpenVPN questions here. For more info about OpenVPN for PPC see: http://ovpnppc.ziggurat29.com/ovpnppc-main.htm there is a forum as well.
Have fun!

Awesome info, thanks!

Excellent info, will link it in from my forthoing OpenVPN article!

great job !

Hi,
I have DASH WM6 from T-Mobile.
4. Copy the two registry files form the Registry directory to your device, e.g. to \My Documents and register them. To easily do that, I recommend Resco Registry editor)
I did save 2 registry files in \My Documents. But I don't know how to register them, I execute TAP Device and TAP Device1 I get "no Application Associate to it"
I downloaded regeditor Rescue, but I get an error says, Unsuccessful install because this app not for this device"
I downloaded the SKTools - Registry Editor, but don't know to to register 2 registry files.
Please help.
I like to use GRPS to VPN back to my office and use VOIP.
Thanks in Advance.

Hi,
Also, I have Windows 2003 Radius Server (also VPN Server). Would it work with openVPN client? I see your sample.ovpn with some kind of security certs (TLS). Are there any steps to export the cert from Win-2003 server to this OpenVPN client? [I did copy the server cert on the phone; when I am in office, I can get phone Wi-Fi to auth with WPA TLS - Wi-Fi Access point.]
Thanks,

No, unfortunately OpenVPN client only connects to an OpenVPN server.

timolthy_keithy said:
Hi,
I have DASH WM6 from T-Mobile.
4. Copy the two registry files form the Registry directory to your device, e.g. to \My Documents and register them. To easily do that, I recommend Resco Registry editor)
Click to expand...
Click to collapse
I'm having the same problem. I downloaded and installed the PHM registry editor, but I can't seem to figure out how to get it just import the registry entries. I thought about doing it manually, but the .REG files seem to be in a binary format...

Does anyone know how I can use IPsec VPN? I've got Bluefire VPN wich supports it, but when I try to connect it says
"The Connection Settings do not allow a VPN connection to be established. The device may be configured to use the same network for both The Internet and Work. Please verify the Connection Settings and try again (-71)"
Ive looked all over for this sort of settings, but havent been able to find any. Anyone to help?

@invader_zog: it seems you didn't perform step 1.
Here are the steps to install:
1. Make sure your device is unlocked, otherwise unlock it with Microsoft Security Manager
Click to expand...
Click to collapse
@GnarusLeo: no need to hijack this thread, just open a new topic in the networking forum.

BTW, please also repost and/or link non-Vox-only tutorials like this from the General forum so that all users can be notified of it.

Something strange...
Hi,
i am trying to connect to my VPN using your software. Everything seems OK from the log, but in the OpenVPN Connection Manager, the TAP device becomes unloaded and the VPN State is Oprhan. Do you have a similar problem ?
--
Chri13

jockyw2001 said:
@invader_zog: it seems you didn't perform step 1.
@GnarusLeo: no need to hijack this thread, just open a new topic in the networking forum.
Click to expand...
Click to collapse
I did do step 1, but I ended up needing to get the registry tool recommended. I think I have everything working except I realized that the IP addresses of the back network I am VPNing into is in the same subnet as the IP that the phone has... but at least that is a networking problem I can more easily sink my teeth into...

timolthy_keithy said:
Hi,
Also, I have Windows 2003 Radius Server (also VPN Server). Would it work with openVPN client?
Click to expand...
Click to collapse
If you have a Win2k3 or a MS ISA ... you dont need any VPN Client! Its included in WM5 and WM6. Read VPN Articel in the Technet.

timolthy_keithy said:
I downloaded regeditor Rescue, but I get an error says, Unsuccessful install because this app not for this device"
I downloaded the SKTools - Registry Editor, but don't know to to register 2 registry files.
Click to expand...
Click to collapse
http://www.resco.net/downloads/cab/registryen_s.ARM.CAB
Click to expand...
Click to collapse
i found add-in for resco explorer.
it works on i600.

No TAP Device ... Can't regedit HKLM
Though Resco Registry Editor says it successfully imported the contents of the *.reg files, the entries aren't really there. I've tried to manually enter with Resco and with PHM, but neither can make changes in HKLM. (They can edit in HKCU, though).
I have a T-Mobile Dash with their WM6 ROM.
Any suggestions?
FWIW: Everything seems to be working OK upto the point where the TAP device is started. Certs are negotiated and settings are received from OpenVPN server, but it just cannot start the TAP device. Last lines in the logfile are:
Thu Sep 20 23:15:57 2007 us=563000 OPTIONS IMPORT: timers and/or timeouts modified
Thu Sep 20 23:15:57 2007 us=564000 OPTIONS IMPORT: --ifconfig/up options modified
Thu Sep 20 23:15:57 2007 us=566000 OPTIONS IMPORT: route options modified
Thu Sep 20 23:15:57 2007 us=568000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Sep 20 23:15:57 2007 us=663000 There are no TAP-Win32 adapters on this system.
Thu Sep 20 23:15:57 2007 us=664000 Exiting
Update: I have successfully imported the Registry keys using Resco Registry Editor. They fix was to install the application unlock cab found at: http://forum.xda-developers.com/showpost.php?p=1146363&postcount=30
Now I can establish an OpenVPN to my home network and browse internal systems (Needed to set IE to use "Work" network: Menu->Tools->Options->Connections: Un-check Audomatically detect settings, Select Network: Work).

I have the HTC S710 vox,i made all the pass for installing the VPN,but i can not use this aplication.The program start but i can not modify nothing and if i press the button ok the aplication make exit.Please help me!

It seems i had the same problem like bcred, but his solution doesn't work for me.
I have a Vodafone VPA Compact GPS (HTC P3600, HTC Trinity) Original branded WM5
Code:
Mon Feb 18 09:50:27 2008 us=712000 There are no TAP-Win32 adapters on this system.
Mon Feb 18 09:50:27 2008 us=713000 Exiting
I used the unlock cab and the imported the Registry Keys. But it still doesn't work. Always the message above.
While using the OpenVPN Manager i see one TAP device, which is not loaded. If i try to start it, a message came: cannot be started. I can delete the adapter, install a new one, but it is still not useable.
In the networkcards tab, i can see the "TAP1 Virtual Ethernet Device" and "Virtual Ethernet Intermediate Miniport". But there are no options available.
Has anyone a suggestion for me?
Thanks
schnurzelat

Hi,
I've been using openvpn for a while now with my Kaiser and it rocks. Yet I do have one small issue I'd like help with... whenever I turn the screen off or if it turns itself off (power saving settings) the vpn drops. I'd like it to stay live even when the screen is off. How can I acheive this ?
Thanks,
Axet

I would guess changing the power saving settings for the WIFI would help this (if you're using WIFI) - most have a setting to turn WIFI off if the screen goes off

A new HTC TouchPro Hotfix today

HTC has uploaded a new Hot fix Today
HTC says on their support site:
"Hot Fix to enhance WAP security for HTC Touch Pro" and follows up with this info:
"When users access the Internet via wireless, some websites may present security concerns. This hot fix enhances the URL filter function in WAP (Wireless Access Protocol) security to prevent access to those web sites which are insecure."
Please - may anyone find out if this hot fix is an important update

This is the Hot Fix
Here is the Hot Fix from HTC.com

looks to me like all it is is a way to block websites that may not work right on your phone or may cause security problems. personally i like the full access and dont want to be limited on which sites i can visit even if they do "think" they are a "security" issue.

Where ist he link on the HTC site about this.. i cant find it anywhere

Here the reg changes :
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100c"=dword:800
"0000100d"=dword:C40
Original cab attached.
EDIT: original link here.

monx® said:
Here the reg changes :
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100c"=dword:800
"0000100d"=dword:C40
Original cab attached.
EDIT: original link here.
Click to expand...
Click to collapse
Pardon my ignorance but what is this reg edit actually doing?
It's obviously not a simple website blacklist. Does it restrict you from entering data on non-HTTPS websites while on wireless or something?

http://msdn.microsoft.com/en-us/library/ms890523.aspx
Those 2 security policies control that. The dword value is the role mask.
More info: http://msdn.microsoft.com/en-us/library/aa455966.aspx
This page has a list of security roles that fit the role mask at the bottom: http://www.xs4all.nl/~itsme/projects/xda/smartphone-policies.html
100c is set to:
SECROLE_PPG_TRUSTED 2048 Trusted Push Proxy Gateway role.
Messages assigned this role indicate that the content sent by the Push Initiator is trusted by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG).
Click to expand...
Click to collapse
100d is set to:
SECROLE_PPG_TRUSTED 2048 Trusted Push Proxy Gateway role.
SECROLE_PPG_AUTH 1024 Push Initiator Authenticated role.
Messages assigned this role indicate that the Push Initiator is authenticated by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG).
SECROLE_USER_UNAUTH 64 User Unauthenticated role.
This role is assigned to unsigned WAP push messages, and to unsigned .cab files. This role provides permissions to install a Home screen or ring tones.
Click to expand...
Click to collapse
The change from default is allowing SECROLE_USER_UNAUTH in 100d.

I use Mac computers... So i cant install it with an .exe extension.
Are there someone with this file in .cab?
thanx

How to Access/Control PC from Android free and Without a Static IP!!!

The following is a 3-step process for gaining remote access to your PC Via your Android phone's data connection for FREE and without a static IP.
IT USES YOUR DATA PLAN SO MAKE SURE YOUR HAVE UNLIMITED DATA PLAN OR YOU'LL BE SAD!!!
It allows you to control and view your PC by accessing Windows Remote Desktop using Pocket Cloud on your Android. I used this method on my T-mobile Samsung Vibrant and am now using it on my HTC Amaze. Currently, I have only tested this using Windows XP. I HAVE NOT TRIED IT ON WINDOWS 7. Someone smarter than I can tweak the process for Windows 7 and MAC OS. Please feel free.
I put this little solution together from some forums I found scattered all over the internet. When I needed it, I couldn’t find the complete solution in one place so; I consolidated it for you here. The VB script in particular is not my original work and I can't remember where I got it for the life of me so; my apologies to the author for not properly citing it here. PLEASE NOTE THAT I AM ONLY POSTING THE METHOD I USED. USE IT AT YOUR OWN RISK!
Now…down to business!!!!!
Here is how it works:
Your PC automatically accesses a website to gather your WAN IP information and sends an "email-to-text message" to your Android on a schedule of your choice. This ensures that you always have access to your current WAN IP address. This is important; DSL providers change your WAN IP address as much as 10 times/day where cable internet providers only do it about once/month.
You then use this information to configure Pocket Cloud (available for free on the Android Market) to connect to your home router/PC. Using the current WAN IP as the "host address" in Pocket Cloud, you can connect, control, and view your PC remotely over your Android's data connection.
Requirements:
In order for connection to work, the following must be done before you start the steps. Don't worry, these are all easy.
· Your PC must be powered on with an internet connection (obviously)
· Windows XP must have a windows logon password set (assuming you are not on a home network with an actual server).
NOTE
If you have a modem connected directly with no router, you are all set. Skip the next bullet.​
· Your router must be set to forward "remote desktop" activity (port 3389) to the PC to which you'd like to connect; make sure the router doesn't block the remote desktop application (see your router manual).
· Make sure your internet security software (see your software manual) and Windows XP ("my computer" properties under the "remote" tab) allows remote access to your PC.
STEP 1. Tweak the RED ITALIC TEXT ONLY of the VB Script (attached at the bottom) in by creating a new "note pad" file; pasting it in to "Note Pad"; and saving the file as "EmailIP.vbs".
NOTE
You can test your script by double clicking the .vbs file you just created. If you then get a text message with your IP address in it, you are good to go. The text message should only take a few minutes to arrive.​
STEP 2. Schedule the script to run at any interval you'd like by browsing to it from within Windows Task Scheduler. This is under Start>All Programs>Accessories>System Tools>Scheduled Tasks. If you need help with task scheduler, Google it.
NOTE
The task should be scheduled more frequently for those using a DSL home internet provider. I set mine for every 2 hours as I use DSL at home. Cable internet can be scheduled to run much less often.​
STEP 3. Install and configure Pocket Cloud RDP free from Android Market. using IP just texted to your Android and your Windows Logon information. ​
· Create a new connection in pocket cloud.
· Enter a nick name of your choice into the "Nick Name" field.
· Enter the WAN IP which was just texted to your phone into the "Host Address" field.
· Enter your windows logon user name and password into the "User Name" and "Password" fields.
· Leave everything else alone!
· Scroll to the bottom and hit "Save."
· Tap the connection and you should be connected to your PC with in seconds.
Cheers!

I use MyPhoneExplorer, very easy and noob-proof

i use teamviewer for this...
teamviewer does not require u to have static WAN ip...
the only thing u need is teamviewer account which is free...

I have create a vpn and get the static ip from no-ip.org

.
Thread moved. Would advise you to read forum rules and post in correct section.

enox2604 said:
I have create a vpn and get the static ip from no-ip.org
Click to expand...
Click to collapse
Good choice, however, no-ip and teamviewer both require that a 3rd party have certain terminal info or it pings the server periodically. This solution keeps third arties out of the equation with the exception of a collecting your own IP from an outside URL. Again, somone much smarter than I would be able to write a script that collects your WAN from the CMD prompt or something native to OS rather than a URL. If you know how, Please do and post it here.

orb3000 said:
Thread moved. Would advise you to read forum rules and post in correct section.
Click to expand...
Click to collapse
My Apologies. I did read them and didn't see a good fit anywhere as this is neither an App nor a game. It will take me some time to figure out where threads should be posted. Thanks for your patience.

Setting up OpenVPN on VPS server, and on ICS/GB clients

Warning: This configuration no longer works for me. Try at your own risk.
Who is this for?:
People who are comfortable installing servers but still need a little bit of spoon-feeding at times. People who already have a VPS and want to use it as a VPN for privacy purposes or to bypass a firewall. If you don't use ICS, your phone needs to be rooted.
I just spent a few hours figuring out VPN issues and want to share the fruits of my labor. This is for people with a server who want to set up both the server and the client. Goal: route all your internet traffic through your server when the VPN is active. You need a VPS or dedicated server to do this. I went with OpenVPN because PPTP VPNs don't work with some ICS roms. I don't know a lot about networking issues, so I can probably help with some linuxy-server setup issues, but a lot of networking is beyond my grasp.
Server config:
The hard part was the server config, which I found helpful information for on two pages. OpenVPN must be installed, and then you must generate keys and a little bit of data for the server. I used instructions here (but if you search for "server generate openvpn keys", there should be a lot of tutorials). On my system the "init-config" command didn't exist, so I basically skipped that step. When finished, copy client1.crt, client1.key, and ca.crt to the phone.
I had a really hard time with the config file, but this little bug report was a fantastic resource. I ended up with the following config file:
Code:
dev tun
server 10.8.0.0 255.255.255.0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
verb 5
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
comp-lzo
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
The DNS servers I'm using are google's. OpenDNS would be another good choice.
ICS instructions:
Install OpenVPN for Android. Open it, click "All your precious VPNs", add one and configure it. In the "basic" section, choose your server's hostname. For "type", choose "Certificates". Below that, select "ca.crt", "client1.crt", and "client1.key" in order. (Choose them with the file picker then press the "Select" button.) These are the files you generated on the server and copied to the phone. No other options need to be changed. Press "back" to save and touch the name of the configuration you've created. Enjoy your VPN-based browsing!
Gingerbread instructions (or ICS if you like pain):
Your device needs to be rooted with busybox and kernel tunneling capability. If you're running a popular rooted ROM, you probably have all you need. Install OpenVPN Installer and OpenVPN Settings. Run OpenVPN Installer and install the OpenVPN executable (please read the instructions--this may not work if your phone does not have the file /system/xbin/busybox).
Remember the files I told you to copy to your phone? Put them in /sdcard/openvpn/. Here's the client configuration file I used, which you should save as /sdcard/openvpn/openvpn.conf:
Code:
remote YOUR-SERVER.com
dev tun
client
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
mute-replay-warnings
Then open the OpenVPN Settings app and check the two checkboxes to start the server and start the tunnel. Enjoy your VPN-based browsing!
To check whether it worked:
Use a browser to visit whatismyipaddress.com. The result that's displayed should be the IP address of your server.

Any way to make this work with http://tunlr.net/

Sorry, Tunlr.net is not related to OpenVPN.

How to disable ICMP redirects? [Guide]

Surprised nobody did a thread about this, so let me be the first one.
Lets start of what I mean with the title:
http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Redirect
The Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached.
Click to expand...
Click to collapse
Now, there is a relatively interesting named attack called "DoubleDIrect".
Link to article :
Link
So what is it? A Man in the middle attack,
“Man-in-the-Middle” attack (MITM) enabling an attacker to redirect a victim’s traffic to the attacker’s device. Once redirected, the attacker can steal credentials and deliver malicious payloads to the victim’s mobile device that can not only quickly infect the device, but also spread throughout a corporate network.
Click to expand...
Click to collapse
There is a trick you can use to disable ICMP redirects to your phone, linux laptop or even windows laptop, to prevent this exploit.
For android you need root and a terminal app.
So, firstly write su
su
then write
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
If you want to check if you have disabled it, all you need to do is write.
cat /proc/sys/net/ipv4/conf/all/accept_redirects
it should answer with 1 if its enabled or 0 if it isnt.
This only works until you restarted your phone. So, best to create a sh file and run it automatically.
I have created a sh, just incase I need to enable or disable it.
The same thing goes for linux if you have a linux machine
For windows, open regedit:
go to HKEY_LOCAL_MACHINE > SYSTEM > currentcontrolset >Services > Tcpip > parameters
and then there is a reg dword called enableICMPredirects, open it and change the value to 0.
The attackers are not only sniffing all the DNS traffic of the victim, but everything that is resolved through it.
Who is at risk?
Quote from the article:
– iOS: The attack works on latest versions of iOS including iOS 8.1.1
– Android: On most Android devices. Including Nexus 5 + Lollipop
– Mac: Mac OS X Yosemite is vulnerable.
Most of GNU/Linux and Windows desktop operating system do not accept ICMP redirect packets.
Click to expand...
Click to collapse
My xperia Z ultra , running 4.4.4 anrdoid kitkat, was vulnerable to this exploit just as my windows 8.1 notebook.
Stay safe!
Edit: if you somehow manage to brick your phone during the rooting process or this, I am not responsible.