WM6 and SAMBA - JASJAR, XDA Exec, MDA Pro ROM Development

Windows Mobile 6 doesn't play with SAMBA folders, do to a increase security setting for lanmanager passwords. Does anyone know how to connect my WM6 PPC to a SAMBA share? Samba is rejecting my User Name Password, or more likely my PPC is rejecting sending the user name password in the clear to the samba server. So how do I permit this?
60 looks at this, suggest I'm not the only one with the problem....
Anyone else have the problem as well?
I can't connect to a share on a WRT350N so any answers? Anyone else in the same boat?
Thanks

i'm having problem too.
I can explore my pc samba share, but can't explore my asus router share.
tested both total commander and htc network

Perhaps this has to do with the way the aforementioned apps handle the SMB protocol. I am using Resco File Explorer and never had any problems with my network. I can connect to SAMBA v2 and v3 shares. All my shares have a strong security policy, and they are on a variety of linux flavours: Fedora Core 4, Fedora 8, Gentoo 2007 and OpenSUSE 10.3.
Could you be more specific on what you describe as "increase security setting for lanmanager passwords"?

WRaymond said:
Perhaps this has to do with the way the aforementioned apps handle the SMB protocol. I am using Resco File Explorer and never had any problems with my network. I can connect to SAMBA v2 and v3 shares. All my shares have a strong security policy, and they are on a variety of linux flavours: Fedora Core 4, Fedora 8, Gentoo 2007 and OpenSUSE 10.3.
Could you be more specific on what you describe as "increase security setting for lanmanager passwords"?
Click to expand...
Click to collapse
Yes you are correct, you need a third party app to correctly connect Samba shares with passwords.
There are plenty of "free" File Explorers that will give you this functionality, the standard file explorer is rubbish, even for open shares.

For Vista it is necessary to do,
Open Control Panel | Switch to classic View | Administrative Tools (icon) | Local Security Policy (right pane) | Continue when prompted | click on Local Policies (left pane) | Click on Security Options | scroll down to Network security: LAN Manager authentication level double click on it.. Then change it to "Send LM & NTLM - use NTLMv2 session security if negotiated" | OK | X |
The above change is necessary to connect to my Linksys WRT350N or to connect to my Magnia SG30 server. With Jwrightmcps Crossbow ROM Update 2.12.06 WWE both the Network Plugin and Resco Explorer 2007 v6.10 and v6.17 fail to transmit the password and user name to the SAMBA shares. The same as Vista does without the above change. I can however connect to a Vista box and access it's files.

The following is an excerpt from Resco's File Explorer FAQ:
8.7. I have problems connecting to Windows Server 2003 running as a domain controller.
Windows CE networking is not able to map the drives from the servers using SMB signing.
This can be solved by changing the following setting in the Domain Controller Security Policy under Local Policies --> Security Options
Microsoft Network Server: Digitally sign communications (always): Disabled
8.8. I am not able to map the Linux (or MAC) Samba drive
This problem is similar to 8.7. You need to disable SMB signing. Please try to locate the "smb.conf" file and add the line use spnego = no under section [global]
Click to expand...
Click to collapse
I guess that you could try relaxing restrictions on your SAMBA shares and use MAC address filtering to be on the safe side. It can be easily done on both your router and server. You can also map a static IP to your Universal and allow it access to your shares based on its IP. This allows you to easily reconfigure SAMBA to accept connections from specific computers.

Resco is not working for me.
Total commander works fine with samba password. The weird thing is that my router has a setup with guest account and no password.

lyka said:
Resco is not working for me.
Total commander works fine with samba password. The weird thing is that my router has a setup with guest account and no password.
Click to expand...
Click to collapse
Interesting... As far as I can tell, Total Commander, Resco Explorer, File Explor, and the Network Plugin all call the same password manger in WM6 and that manager does not send the passwords in a form that SAMBA understands.
In theory changing the key at HKLM\Comm\SecurityProviders\NTLM\LmCompatibilityLevel to 2 from 3 should do what I need, and enable the Universal to communicate with my SAMBA server. That it doesn't suggest to me that there is a problem with the LM security provider.

WRaymond said:
The following is an excerpt from Resco's File Explorer FAQ:
8.7. I have problems connecting to Windows Server 2003 running as a domain controller.
Windows CE networking is not able to map the drives from the servers using SMB signing.
This can be solved by changing the following setting in the Domain Controller Security Policy under Local Policies --> Security Options
Microsoft Network Server: Digitally sign communications (always): Disabled
8.8. I am not able to map the Linux (or MAC) Samba drive
This problem is similar to 8.7. You need to disable SMB signing. Please try to locate the "smb.conf" file and add the line use spnego = no under section [global]
Click to expand...
Click to collapse
I guess that you could try relaxing restrictions on your SAMBA shares and use MAC address filtering to be on the safe side. It can be easily done on both your router and server. You can also map a static IP to your Universal and allow it access to your shares based on its IP. This allows you to easily reconfigure SAMBA to accept connections from specific computers.
Click to expand...
Click to collapse
Locating the "smb.conf" file and add the line use spnego = no under section [global] makes no difference on the Magnia server, and is not an option on the WRT350N....

What version of SAMBA do you have on the Magnia, and on what OS?
Looking at version 3.0.25 comprehensive release notes, I found the following bugfix in version 3.0.20:
* BUG 1828: Fixed SPNEGO issues with PocketPC clients.
Click to expand...
Click to collapse
If upgrading SAMBA doesn't fix your problems, or if you already have the latest version installed (3.0.28), would you mind attaching your smb.conf file?
I read the manual of the Linksys box, but I couldn't find anything conclusive. There are quite a few settings that pertain to the external storage device, perhaps you could try playing around with them to see if anything improves.

@ dah54:
So, had any luck yet?

I have verified that changing the LMCompatibility level from 3 to 2 does indeed work now for WM6. I'm also using a Dell X50v with Maglite's A02 RTM version of WM6. No changes to my samba server with "use spnego = no" in global.

hocky98 said:
I have verified that changing the LMCompatibility level from 3 to 2 does indeed work now for WM6. I'm also using a Dell X50v with Maglite's A02 RTM version of WM6. No changes to my samba server with "use spnego = no" in global.
Click to expand...
Click to collapse
Could you please tell us what you actually did? I changed this registry key, but it doesn't work for me.
I love this WM6 but connecting to my NAS is something I won't miss.

Anything new in here? It doesnt work for me with all the great WM6 releases this is really a bad issue.
Changed this registry key, tried several samba versions and configs, but this one drives me crazy.

Come on, anyone must fix this .

It works finally!
A lot of posts in different forums suggest to add a line
use spnego = No
Click to expand...
Click to collapse
to the smb.conf and thus "disabling SMB signing". This is painfully wrong.
The setting does not affect SMB signing, but the Extended Security Negotiation, which seems to be REQUIRED by WM6.
So putting it to
use spnego = Yes
Click to expand...
Click to collapse
did the trick here . Please let me know, if this helps anyone else...
Wireshark helped in finding the difference in the SAMBA and WM6 flags in the SMB protocol negotiation.
SMB signing would be required if HKLM\Comm\Redir\SmbSignatureMode would be set to 3, which is not the default. Values 1(default) and 2 should work with and without SMB signing. (http://msdn2.microsoft.com/en-us/library/aa921092.aspx)

Although I didn't change anything (awarently) it works no. I'm using a WM 6.1 image of Lennesh with the following smb.conf:
Code:
[global]
netbios name = nas
workgroup = WORKGROUP
server string = network attached storage
load printers = no
show add printer wizard = no
disable spoolss = yes
use client driver = yes
log file = /var/log/%m.log
lock directory = /var/lock
max log size = 0
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %nn *new*password* %nn *changed*
socket options = IPTOS_LOWDELAY TCP_NODELAY
security mask = 0777
create mask = 0777
fstype = NTFS
max smbd processes = 200
map to guest = Bad User
csc policy = disable
hide dot files = yes
veto files = /lost+found/autobootfs/
block size = 4096
guest ok = no
max connections = 200
getwd cache = Yes
lm announce = yes
lm interval = 120
max xmit = 8192
status = no
deadtime = 0
level2 oplocks = True
dns proxy = no
client code page = 437
character set =
valid chars =
read only = no
browseable = yes
public = yes
writable = yes
force create mode = 0777
force directory mode = 0777
force security mode = 0777
create mask = 0777
acl check permissions = no
unix charset = ISO8859-15
use spnego = no
[misc]
comment = miscellanious things
path = /mnt/misc
[music]
comment = music
path = /mnt/music
[toolz]
comment = tools
path = /mnt/toolz
I'm so happy just now!

I'm having the same problem with the stock firmware of my Samsung i780
Samba Version 3.0.23c (on a linksys nslu2)
Connecting to my desktop (windows xp pro) works fine, but both seeing or accessing the nslu2's shares are a problem.
Any real solution to this problem? I tried all suggested methods (samba2, spnego, ...)
thanks

dah54 said:
Interesting... As far as I can tell, Total Commander, Resco Explorer, File Explor, and the Network Plugin all call the same password manger in WM6 and that manager does not send the passwords in a form that SAMBA understands.
In theory changing the key at HKLM\Comm\SecurityProviders\NTLM\LmCompatibilityLevel to 2 from 3 should do what I need, and enable the Universal to communicate with my SAMBA server. That it doesn't suggest to me that there is a problem with the LM security provider.
Click to expand...
Click to collapse
OK. The correct answer is here:
Change HKLM\Comm\SecurityProviders\NTLM\LmCompatibilityLevel to 1 from 3, not to 2 (ref: http://msdn.microsoft.com/en-us/library/aa922895.aspx and http://msdn.microsoft.com/en-us/library/aa925018.aspx) as "You can also set the LmCompatibilityLevelServer value to 2 or to 3. Both of these specify that the server will only use NTLM v2. Authentication will fail if the client is not capable of NTLM v2 protocol. For more information, see Authentication Services Registry Settings".
And check to make sure HKLM\Comm\Redir\SmbSignatureMode is set to 0 (not recommended 'cos it may cause problems with windows servers), 1 or 2, but not 3 (ref: http://msdn.microsoft.com/en-us/library/aa921092.aspx).
And you can try to set HKLM\Comm\Redir\AllowedAuthMethods to 3 to see if it makes any difference. To me, 2 works fine.
No need to modify samba configurations if you are running a recent version of samba (3.0.28 right now). Anyway, you can always try to add "use spnego = no" (maybe "client use spnego = no" or "spnego = no" as stated and/or quoted in other posts/web pages, I'm not sure of it.) to see if it makes any difference in your situation/samba version.

hi there,
i have it set to 2 but doesnt help.. could yo give your working configuration of samba and versions of wm/netwprk plugin etc please? thanks

Related

[APP] OpenVPN for WM5/6 Smartphone

I managed to install and run OpenVPN for PPC on my S710 smartphone. I'm sure it will also work on other WM5/6 smartphones.
Here are the steps to install:
1. Make sure your device is unlocked, otherwise unlock it with Microsoft Security Manager
2. Unzip the attached .zip and copy the OpenVPN directory to \Storage Card\Program Files (you can choose another path but then you will have to modify two shortcuts in \Windows\Start Menu
3. Copy the Windows directory to \ (don't worry, it only adds two files in \Windows and two shortcuts in \Windows\Start Menu)
4. Copy the two registry files form the Registry directory to your device, e.g. to \My Documents and register them. To easily do that, I recommend Resco Registry editor)
To use OpenVPN you must of course have an OpenVPN server where you can connect to. Furthermore you need to create a config file and save it as "smartphone.ovpn" to \Storage Card\Program Files\OpenVPN\config
I have put there an example file which contains a line to write a log file "client.log" to \Storage Card\Program Files\OpenVPN\log. The log file helps you to debug any connection issues.
If you want to connect to your OpenVPN server, first fire up your Wifi or GPRS/Edge/UMTS. Now start the OpenVPN Connection manager, return to the Home screen and start the OpenVPN client by clicking on the white icon in your Start menu (sorry, I didn't bother to create or link it with a nice icon ...). The VPN connection will be established on top of your existing data connection. I noticed that it is sometimes necessary to tweak connection settings in the browser (toggle from Internet to Work or vice versa. It requires some experimenting to get the hang of it).
If you want to disconnect then click on OpenVPN Connection manager and select the VPN tab. In the bottom-right corner you can see just a little part of a button. Use the D-pad to select that button (the border line will become bold if you selected it) and click it. This will send a terminate signal to client and release the TAP network interface.
My mobile operator blocks VoIP ports so I mainly use an OpenVPN connection to tunnel VoIP traffic through an Edge connection
Only if you have smartphone specific feedback post in this thread. Do not ask general OpenVPN questions here. For more info about OpenVPN for PPC see: http://ovpnppc.ziggurat29.com/ovpnppc-main.htm there is a forum as well.
Have fun!
Awesome info, thanks!
Excellent info, will link it in from my forthoing OpenVPN article!
great job !
Hi,
I have DASH WM6 from T-Mobile.
4. Copy the two registry files form the Registry directory to your device, e.g. to \My Documents and register them. To easily do that, I recommend Resco Registry editor)
I did save 2 registry files in \My Documents. But I don't know how to register them, I execute TAP Device and TAP Device1 I get "no Application Associate to it"
I downloaded regeditor Rescue, but I get an error says, Unsuccessful install because this app not for this device"
I downloaded the SKTools - Registry Editor, but don't know to to register 2 registry files.
Please help.
I like to use GRPS to VPN back to my office and use VOIP.
Thanks in Advance.
Hi,
Also, I have Windows 2003 Radius Server (also VPN Server). Would it work with openVPN client? I see your sample.ovpn with some kind of security certs (TLS). Are there any steps to export the cert from Win-2003 server to this OpenVPN client? [I did copy the server cert on the phone; when I am in office, I can get phone Wi-Fi to auth with WPA TLS - Wi-Fi Access point.]
Thanks,
No, unfortunately OpenVPN client only connects to an OpenVPN server.
timolthy_keithy said:
Hi,
I have DASH WM6 from T-Mobile.
4. Copy the two registry files form the Registry directory to your device, e.g. to \My Documents and register them. To easily do that, I recommend Resco Registry editor)
Click to expand...
Click to collapse
I'm having the same problem. I downloaded and installed the PHM registry editor, but I can't seem to figure out how to get it just import the registry entries. I thought about doing it manually, but the .REG files seem to be in a binary format...
Does anyone know how I can use IPsec VPN? I've got Bluefire VPN wich supports it, but when I try to connect it says
"The Connection Settings do not allow a VPN connection to be established. The device may be configured to use the same network for both The Internet and Work. Please verify the Connection Settings and try again (-71)"
Ive looked all over for this sort of settings, but havent been able to find any. Anyone to help?
@invader_zog: it seems you didn't perform step 1.
Here are the steps to install:
1. Make sure your device is unlocked, otherwise unlock it with Microsoft Security Manager
Click to expand...
Click to collapse
@GnarusLeo: no need to hijack this thread, just open a new topic in the networking forum.
BTW, please also repost and/or link non-Vox-only tutorials like this from the General forum so that all users can be notified of it.
Something strange...
Hi,
i am trying to connect to my VPN using your software. Everything seems OK from the log, but in the OpenVPN Connection Manager, the TAP device becomes unloaded and the VPN State is Oprhan. Do you have a similar problem ?
--
Chri13
jockyw2001 said:
@invader_zog: it seems you didn't perform step 1.
@GnarusLeo: no need to hijack this thread, just open a new topic in the networking forum.
Click to expand...
Click to collapse
I did do step 1, but I ended up needing to get the registry tool recommended. I think I have everything working except I realized that the IP addresses of the back network I am VPNing into is in the same subnet as the IP that the phone has... but at least that is a networking problem I can more easily sink my teeth into...
timolthy_keithy said:
Hi,
Also, I have Windows 2003 Radius Server (also VPN Server). Would it work with openVPN client?
Click to expand...
Click to collapse
If you have a Win2k3 or a MS ISA ... you dont need any VPN Client! Its included in WM5 and WM6. Read VPN Articel in the Technet.
timolthy_keithy said:
I downloaded regeditor Rescue, but I get an error says, Unsuccessful install because this app not for this device"
I downloaded the SKTools - Registry Editor, but don't know to to register 2 registry files.
Click to expand...
Click to collapse
http://www.resco.net/downloads/cab/registryen_s.ARM.CAB
Click to expand...
Click to collapse
i found add-in for resco explorer.
it works on i600.
No TAP Device ... Can't regedit HKLM
Though Resco Registry Editor says it successfully imported the contents of the *.reg files, the entries aren't really there. I've tried to manually enter with Resco and with PHM, but neither can make changes in HKLM. (They can edit in HKCU, though).
I have a T-Mobile Dash with their WM6 ROM.
Any suggestions?
FWIW: Everything seems to be working OK upto the point where the TAP device is started. Certs are negotiated and settings are received from OpenVPN server, but it just cannot start the TAP device. Last lines in the logfile are:
Thu Sep 20 23:15:57 2007 us=563000 OPTIONS IMPORT: timers and/or timeouts modified
Thu Sep 20 23:15:57 2007 us=564000 OPTIONS IMPORT: --ifconfig/up options modified
Thu Sep 20 23:15:57 2007 us=566000 OPTIONS IMPORT: route options modified
Thu Sep 20 23:15:57 2007 us=568000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Sep 20 23:15:57 2007 us=663000 There are no TAP-Win32 adapters on this system.
Thu Sep 20 23:15:57 2007 us=664000 Exiting
Update: I have successfully imported the Registry keys using Resco Registry Editor. They fix was to install the application unlock cab found at: http://forum.xda-developers.com/showpost.php?p=1146363&postcount=30
Now I can establish an OpenVPN to my home network and browse internal systems (Needed to set IE to use "Work" network: Menu->Tools->Options->Connections: Un-check Audomatically detect settings, Select Network: Work).
I have the HTC S710 vox,i made all the pass for installing the VPN,but i can not use this aplication.The program start but i can not modify nothing and if i press the button ok the aplication make exit.Please help me!
It seems i had the same problem like bcred, but his solution doesn't work for me.
I have a Vodafone VPA Compact GPS (HTC P3600, HTC Trinity) Original branded WM5
Code:
Mon Feb 18 09:50:27 2008 us=712000 There are no TAP-Win32 adapters on this system.
Mon Feb 18 09:50:27 2008 us=713000 Exiting
I used the unlock cab and the imported the Registry Keys. But it still doesn't work. Always the message above.
While using the OpenVPN Manager i see one TAP device, which is not loaded. If i try to start it, a message came: cannot be started. I can delete the adapter, install a new one, but it is still not useable.
In the networkcards tab, i can see the "TAP1 Virtual Ethernet Device" and "Virtual Ethernet Intermediate Miniport". But there are no options available.
Has anyone a suggestion for me?
Thanks
schnurzelat
Hi,
I've been using openvpn for a while now with my Kaiser and it rocks. Yet I do have one small issue I'd like help with... whenever I turn the screen off or if it turns itself off (power saving settings) the vpn drops. I'd like it to stay live even when the screen is off. How can I acheive this ?
Thanks,
Axet
I would guess changing the power saving settings for the WIFI would help this (if you're using WIFI) - most have a setting to turn WIFI off if the screen goes off

A new HTC TouchPro Hotfix today

HTC has uploaded a new Hot fix Today
HTC says on their support site:
"Hot Fix to enhance WAP security for HTC Touch Pro" and follows up with this info:
"When users access the Internet via wireless, some websites may present security concerns. This hot fix enhances the URL filter function in WAP (Wireless Access Protocol) security to prevent access to those web sites which are insecure."
Please - may anyone find out if this hot fix is an important update
This is the Hot Fix
Here is the Hot Fix from HTC.com
looks to me like all it is is a way to block websites that may not work right on your phone or may cause security problems. personally i like the full access and dont want to be limited on which sites i can visit even if they do "think" they are a "security" issue.
Where ist he link on the HTC site about this.. i cant find it anywhere
Here the reg changes :
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100c"=dword:800
"0000100d"=dword:C40
Original cab attached.
EDIT: original link here.
monx® said:
Here the reg changes :
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100c"=dword:800
"0000100d"=dword:C40
Original cab attached.
EDIT: original link here.
Click to expand...
Click to collapse
Pardon my ignorance but what is this reg edit actually doing?
It's obviously not a simple website blacklist. Does it restrict you from entering data on non-HTTPS websites while on wireless or something?
http://msdn.microsoft.com/en-us/library/ms890523.aspx
Those 2 security policies control that. The dword value is the role mask.
More info: http://msdn.microsoft.com/en-us/library/aa455966.aspx
This page has a list of security roles that fit the role mask at the bottom: http://www.xs4all.nl/~itsme/projects/xda/smartphone-policies.html
100c is set to:
SECROLE_PPG_TRUSTED 2048 Trusted Push Proxy Gateway role.
Messages assigned this role indicate that the content sent by the Push Initiator is trusted by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG).
Click to expand...
Click to collapse
100d is set to:
SECROLE_PPG_TRUSTED 2048 Trusted Push Proxy Gateway role.
SECROLE_PPG_AUTH 1024 Push Initiator Authenticated role.
Messages assigned this role indicate that the Push Initiator is authenticated by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG).
SECROLE_USER_UNAUTH 64 User Unauthenticated role.
This role is assigned to unsigned WAP push messages, and to unsigned .cab files. This role provides permissions to install a Home screen or ring tones.
Click to expand...
Click to collapse
The change from default is allowing SECROLE_USER_UNAUTH in 100d.
I use Mac computers... So i cant install it with an .exe extension.
Are there someone with this file in .cab?
thanx

How to Access/Control PC from Android free and Without a Static IP!!!

The following is a 3-step process for gaining remote access to your PC Via your Android phone's data connection for FREE and without a static IP.
IT USES YOUR DATA PLAN SO MAKE SURE YOUR HAVE UNLIMITED DATA PLAN OR YOU'LL BE SAD!!!
It allows you to control and view your PC by accessing Windows Remote Desktop using Pocket Cloud on your Android. I used this method on my T-mobile Samsung Vibrant and am now using it on my HTC Amaze. Currently, I have only tested this using Windows XP. I HAVE NOT TRIED IT ON WINDOWS 7. Someone smarter than I can tweak the process for Windows 7 and MAC OS. Please feel free.
I put this little solution together from some forums I found scattered all over the internet. When I needed it, I couldn’t find the complete solution in one place so; I consolidated it for you here. The VB script in particular is not my original work and I can't remember where I got it for the life of me so; my apologies to the author for not properly citing it here. PLEASE NOTE THAT I AM ONLY POSTING THE METHOD I USED. USE IT AT YOUR OWN RISK!
Now…down to business!!!!!
Here is how it works:
Your PC automatically accesses a website to gather your WAN IP information and sends an "email-to-text message" to your Android on a schedule of your choice. This ensures that you always have access to your current WAN IP address. This is important; DSL providers change your WAN IP address as much as 10 times/day where cable internet providers only do it about once/month.
You then use this information to configure Pocket Cloud (available for free on the Android Market) to connect to your home router/PC. Using the current WAN IP as the "host address" in Pocket Cloud, you can connect, control, and view your PC remotely over your Android's data connection.
Requirements:
In order for connection to work, the following must be done before you start the steps. Don't worry, these are all easy.
· Your PC must be powered on with an internet connection (obviously)
· Windows XP must have a windows logon password set (assuming you are not on a home network with an actual server).
NOTE
If you have a modem connected directly with no router, you are all set. Skip the next bullet.​
· Your router must be set to forward "remote desktop" activity (port 3389) to the PC to which you'd like to connect; make sure the router doesn't block the remote desktop application (see your router manual).
· Make sure your internet security software (see your software manual) and Windows XP ("my computer" properties under the "remote" tab) allows remote access to your PC.
STEP 1. Tweak the RED ITALIC TEXT ONLY of the VB Script (attached at the bottom) in by creating a new "note pad" file; pasting it in to "Note Pad"; and saving the file as "EmailIP.vbs".
NOTE
You can test your script by double clicking the .vbs file you just created. If you then get a text message with your IP address in it, you are good to go. The text message should only take a few minutes to arrive.​
STEP 2. Schedule the script to run at any interval you'd like by browsing to it from within Windows Task Scheduler. This is under Start>All Programs>Accessories>System Tools>Scheduled Tasks. If you need help with task scheduler, Google it.
NOTE
The task should be scheduled more frequently for those using a DSL home internet provider. I set mine for every 2 hours as I use DSL at home. Cable internet can be scheduled to run much less often.​
STEP 3. Install and configure Pocket Cloud RDP free from Android Market. using IP just texted to your Android and your Windows Logon information. ​
· Create a new connection in pocket cloud.
· Enter a nick name of your choice into the "Nick Name" field.
· Enter the WAN IP which was just texted to your phone into the "Host Address" field.
· Enter your windows logon user name and password into the "User Name" and "Password" fields.
· Leave everything else alone!
· Scroll to the bottom and hit "Save."
· Tap the connection and you should be connected to your PC with in seconds.
Cheers!
I use MyPhoneExplorer, very easy and noob-proof
i use teamviewer for this...
teamviewer does not require u to have static WAN ip...
the only thing u need is teamviewer account which is free...
I have create a vpn and get the static ip from no-ip.org
.
Thread moved. Would advise you to read forum rules and post in correct section.
enox2604 said:
I have create a vpn and get the static ip from no-ip.org
Click to expand...
Click to collapse
Good choice, however, no-ip and teamviewer both require that a 3rd party have certain terminal info or it pings the server periodically. This solution keeps third arties out of the equation with the exception of a collecting your own IP from an outside URL. Again, somone much smarter than I would be able to write a script that collects your WAN from the CMD prompt or something native to OS rather than a URL. If you know how, Please do and post it here.
orb3000 said:
Thread moved. Would advise you to read forum rules and post in correct section.
Click to expand...
Click to collapse
My Apologies. I did read them and didn't see a good fit anywhere as this is neither an App nor a game. It will take me some time to figure out where threads should be posted. Thanks for your patience.

Setting up OpenVPN on VPS server, and on ICS/GB clients

Warning: This configuration no longer works for me. Try at your own risk.
Who is this for?:
People who are comfortable installing servers but still need a little bit of spoon-feeding at times. People who already have a VPS and want to use it as a VPN for privacy purposes or to bypass a firewall. If you don't use ICS, your phone needs to be rooted.
I just spent a few hours figuring out VPN issues and want to share the fruits of my labor. This is for people with a server who want to set up both the server and the client. Goal: route all your internet traffic through your server when the VPN is active. You need a VPS or dedicated server to do this. I went with OpenVPN because PPTP VPNs don't work with some ICS roms. I don't know a lot about networking issues, so I can probably help with some linuxy-server setup issues, but a lot of networking is beyond my grasp.
Server config:
The hard part was the server config, which I found helpful information for on two pages. OpenVPN must be installed, and then you must generate keys and a little bit of data for the server. I used instructions here (but if you search for "server generate openvpn keys", there should be a lot of tutorials). On my system the "init-config" command didn't exist, so I basically skipped that step. When finished, copy client1.crt, client1.key, and ca.crt to the phone.
I had a really hard time with the config file, but this little bug report was a fantastic resource. I ended up with the following config file:
Code:
dev tun
server 10.8.0.0 255.255.255.0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
verb 5
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
comp-lzo
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
The DNS servers I'm using are google's. OpenDNS would be another good choice.
ICS instructions:
Install OpenVPN for Android. Open it, click "All your precious VPNs", add one and configure it. In the "basic" section, choose your server's hostname. For "type", choose "Certificates". Below that, select "ca.crt", "client1.crt", and "client1.key" in order. (Choose them with the file picker then press the "Select" button.) These are the files you generated on the server and copied to the phone. No other options need to be changed. Press "back" to save and touch the name of the configuration you've created. Enjoy your VPN-based browsing!
Gingerbread instructions (or ICS if you like pain):
Your device needs to be rooted with busybox and kernel tunneling capability. If you're running a popular rooted ROM, you probably have all you need. Install OpenVPN Installer and OpenVPN Settings. Run OpenVPN Installer and install the OpenVPN executable (please read the instructions--this may not work if your phone does not have the file /system/xbin/busybox).
Remember the files I told you to copy to your phone? Put them in /sdcard/openvpn/. Here's the client configuration file I used, which you should save as /sdcard/openvpn/openvpn.conf:
Code:
remote YOUR-SERVER.com
dev tun
client
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
mute-replay-warnings
Then open the OpenVPN Settings app and check the two checkboxes to start the server and start the tunnel. Enjoy your VPN-based browsing!
To check whether it worked:
Use a browser to visit whatismyipaddress.com. The result that's displayed should be the IP address of your server.
Any way to make this work with http://tunlr.net/
Sorry, Tunlr.net is not related to OpenVPN.

How to disable ICMP redirects? [Guide]

Surprised nobody did a thread about this, so let me be the first one.
Lets start of what I mean with the title:
http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Redirect
The Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached.
Click to expand...
Click to collapse
Now, there is a relatively interesting named attack called "DoubleDIrect".
Link to article :
Link
So what is it? A Man in the middle attack,
“Man-in-the-Middle” attack (MITM) enabling an attacker to redirect a victim’s traffic to the attacker’s device. Once redirected, the attacker can steal credentials and deliver malicious payloads to the victim’s mobile device that can not only quickly infect the device, but also spread throughout a corporate network.
Click to expand...
Click to collapse
There is a trick you can use to disable ICMP redirects to your phone, linux laptop or even windows laptop, to prevent this exploit.
For android you need root and a terminal app.
So, firstly write su
su
then write
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
If you want to check if you have disabled it, all you need to do is write.
cat /proc/sys/net/ipv4/conf/all/accept_redirects
it should answer with 1 if its enabled or 0 if it isnt.
This only works until you restarted your phone. So, best to create a sh file and run it automatically.
I have created a sh, just incase I need to enable or disable it.
The same thing goes for linux if you have a linux machine
For windows, open regedit:
go to HKEY_LOCAL_MACHINE > SYSTEM > currentcontrolset >Services > Tcpip > parameters
and then there is a reg dword called enableICMPredirects, open it and change the value to 0.
The attackers are not only sniffing all the DNS traffic of the victim, but everything that is resolved through it.
Who is at risk?
Quote from the article:
– iOS: The attack works on latest versions of iOS including iOS 8.1.1
– Android: On most Android devices. Including Nexus 5 + Lollipop
– Mac: Mac OS X Yosemite is vulnerable.
Most of GNU/Linux and Windows desktop operating system do not accept ICMP redirect packets.
Click to expand...
Click to collapse
My xperia Z ultra , running 4.4.4 anrdoid kitkat, was vulnerable to this exploit just as my windows 8.1 notebook.
Stay safe!
Edit: if you somehow manage to brick your phone during the rooting process or this, I am not responsible.

Categories

Resources