FYI,
I've been able to successfully use iptables to configure ip masquerading (NAT). With it, I am tethered over WiFi without using tetherbot (which still works as a backup). Hopefully someone else can package this to be more useful.
Update: See posts #13 and #15 on how to use Ad-hoc mode.
Root required
Existing wifi network required (and configured)
1> Disable WiFi through the UI. Then turn on Wifi manually using the following commands as root. Normally the phone data interface and WiFi can't be turned on at the same time. (Can this be done through the android gui somehow?)
insmod /system/lib/modules/wlan.ko
wlan_loader -f /system/etc/wifi/Fw1251r1c.bin -e /proc/calibration -i /system/etc/wifi/tiwlan.ini
cd /data/local/tmp
wpa_supplicant -f -Dtiwlan0 -itiwlan0 -c/data/misc/wifi/wpa_supplicant.conf &
sleep 5
ifconfig tiwlan0 192.168.2.30 netmask 255.255.255.0
ifconfig tiwlan0 up
Click to expand...
Click to collapse
Note that I had to use a static ip since dhcp will typically add in a gateway.
2> Enable and configure ip forwarding
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD -s 192.168.2.0/24 -j ACCEPT
iptables -P FORWARD DROP
iptables -t nat -I POSTROUTING -s 192.168.2.0/24 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
Click to expand...
Click to collapse
3> On your computers, set your default gateway to your phone's WiFi IP address (192.168.2.30 - in my case). Also set your DNS to a real DNS server.
Attached is the iptables binary, compiled with the android sdk.
just curious as to why you would want the "tethering" this way. isnt it most likely that any wifi your phone can connect to your computer most probably can too? just curious?
hondamx525 said:
just curious as to why you would want the "tethering" this way. isnt it most likely that any wifi your phone can connect to your computer most probably can too? just curious?
Click to expand...
Click to collapse
This is just progress on tethering. The proxy method is a horrible way of tethering. iptables is the correct way if done correctly. His developments while useless to most are still good because it is progressive. And he can get hotspots now LOL
hondamx525 said:
just curious as to why you would want the "tethering" this way. isnt it most likely that any wifi your phone can connect to your computer most probably can too? just curious?
Click to expand...
Click to collapse
The above configuration uses your existing wifi settings (I haven't tried ad-hoc mode).
USB networking would be better, or even bluetooth. But I'm not sure this is possible.
divinehawk, do you really need an access point? have you tried this using an ad-hoc network? (I am not sure if the G1's WiFi supports ad-hoc networks)
scootley said:
divinehawk, do you really need an access point? have you tried this using an ad-hoc network? (I am not sure if the G1's WiFi supports ad-hoc networks)
Click to expand...
Click to collapse
Doesn't look like the gui will let you do ad-hoc. Maybe if a modified wpa_supplicant.conf. I'll report back if I have success.
Ideal mode would be for the phone to *act* as an access point. But that usually requires driver support.
divinehawk said:
USB networking would be better, or even bluetooth. But I'm not sure this is possible.
Click to expand...
Click to collapse
Code:
# adb --help
[...]
adb forward <local> <remote> - forward socket connections
forward specs are one of:
tcp:<port>
[...]
...but I guess everybody already knew that. I suppose that doing it via iptables under this approach, you are still limited to specific ports.
alansj said:
Code:
# adb --help
[...]
adb forward <local> <remote> - forward socket connections
forward specs are one of:
tcp:<port>
[...]
Click to expand...
Click to collapse
that only works if you want to make a proxy... I think he is trying to make it a true internet sharing app similar to that of the wing and other WM devices
How about something similar to PdaNet?
http://www.theiphoneblog.com/2008/10/16/how-to-tether-with-pdanet/
It's interesting that it works by having you set up an ad-hoc wireless network from your computer and then connecting to that from the iPhone. Maybe that's essentially what scootley was suggesting above.
PdaNet .deb here:
http://apt.modmyi.com/2debs/pdanet1.40.deb
alansj said:
How about something similar to PdaNet?
http://www.theiphoneblog.com/2008/10/16/how-to-tether-with-pdanet/
It's interesting that it works by having you set up an ad-hoc wireless network from your computer and then connecting to that from the iPhone. Maybe that's essentially what scootley was suggesting above.
PdaNet .deb here:
http://apt.modmyi.com/2debs/pdanet1.40.deb
Click to expand...
Click to collapse
That would be awesome... I hope someone can do that soon. I am dying to be able to connect it to my computer.
A True NAT Router will be WOW with UPNP Support
I just managed to get an ad-hoc connection going between my phone and laptop, and NAT running on it. The steps are pretty much the same as in the first post of this thread, but in addition I made some changes to /system/etc/wifi/tiwlan.ini (make sure to keep a backup of the original).
First, make sure wifi is disabled on the phone gui.
Next, Set up the ad-hoc network on the laptop. I called mine "newtest". Change the properties for the connection to assign a static ip. I used 192.168.2.2. Set gateway to 192.168.2.1, and set dns to a public server - i used 4.2.2.1.
In tiwlan.ini, look for "WiFiAdhoc = 0". Change it to the following (set ssid to whatever you use):
WiFiAdhoc = 1
dot11DesiredSSID = newtest
dot11DesiredBSSType = 0
Click to expand...
Click to collapse
After updating tiwlan.ini, enable wifi manually:
insmod /system/lib/modules/wlan.ko
wlan_loader -f /system/etc/wifi/Fw1251r1c.bin -e /proc/calibration -i /system/etc/wifi/tiwlan.ini
ifconfig tiwlan0 192.168.2.1 netmask 255.255.255.0
ifconfig tiwlan0 up
Click to expand...
Click to collapse
At this point, the phone should connect to the ad-hoc network.
Now, from the OP's post, the iptables rules:
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD -s 192.168.2.0/24 -j ACCEPT
iptables -P FORWARD DROP
iptables -t nat -I POSTROUTING -s 192.168.2.0/24 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
Click to expand...
Click to collapse
If all went well, you now have internet access.
@rale00
Thanks a lot
i have Stock RC30 can i do this ?
Thanks rale00,
rale00 said:
I just managed to get an ad-hoc connection going between my phone and laptop, and NAT running on it. The steps are pretty much the same as in the first post of this thread, but in addition I made some changes to /system/etc/wifi/tiwlan.ini (make sure to keep a backup of the original).
Click to expand...
Click to collapse
You can also copy tiwlan.ini to somewhere else, such as /data/local, make changes, then just specify the new file when you run wlan_loader.
wlan_loader -f /system/etc/wifi/Fw1251r1c.bin -e /proc/calibration -i /data/local/wifi/tiwlan.ini
Click to expand...
Click to collapse
Also note that without running wpa_supplicant, you are going unencrypted. Using a custom wpa_supplicant.conf might work (unverified at the moment, can you try?):
My adhoc_wpa.conf
ctrl_interface=tiwlan0
update_config=1
# IBSS/ad-hoc network with WPA-None/TKIP.
network={
ssid="newtest"
mode=1
frequency=2412
proto=WPA
key_mgmt=WPA-NONE
pairwise=NONE
group=TKIP
psk="TEST545#@network"
}
Click to expand...
Click to collapse
Run with:
wpa_supplicant -f -Dtiwlan0 -itiwlan0 -c/data/local/adhoc_wpa.conf &
Click to expand...
Click to collapse
I tried the config you suggested for wpa_supplicant, along with a few others, but I can't seem to get a secure connection working. It tries to connect, but times out authenticating.
Maybe someone else will have some better luck with it?
I am guessing you put TEST545#@network as the key right?
But aren't the keys encrypted?
I thought so... the key is encrypted so we need to put a correct encryption as the key http://en.wikipedia.org/wiki/PBKDF2
Wow, this is truly very cool. I am replying right now, tethered via ad hoc.
I can't connect... I am going to try it without the adhoc mode.
It seems like one logical next step would be a dhcp server.
saurik's Debian demonstration is pretty cool but I don't have the skill to get all the dependencies sorted out and cross-compile. Nevertheless, it seems possible:
http://armel-debs.applieddata.net/debian/dists/lenny/main/binary-armel/Packages.gz says:
Code:
Package: dhcp3-server
Priority: optional
Section: net
Installed-Size: 724
Maintainer: Andrew Pollock <[email protected]>
Architecture: armel
Source: dhcp3
Version: 3.1.1-5
[B]Depends: debianutils (>= 2.8.2), dhcp3-common (= 3.1.1-5), lsb-base, libc6 (>= 2.7-1), debconf (>= 0.5) | debconf-2.0[/B]
Suggests: dhcp3-server-ldap
Conflicts: dhcp
Filename: pool/main/d/dhcp3/dhcp3-server_3.1.1-5_armel.deb
Size: 338070
Somebody who can set up the proper build environment and sort out the dependencies could theoretically statically build dhcp3-server.
Awesome! Thanks for the link
Related
Disconnect from #android on freenode figured out how to get bluetooth tethering to work. It requires root access of course.
http://www.gotontheinter.net/node/515
Enjoy!
BTW, I just tried and this *does* work for windows. Once you run the pand command on the phone, then go back to your computer and right click on the bluetooth icon in the system tray and select "Join a Personal Area Network". Then click "Refresh" in the dialog that pops up, then select the G1 and click connect.
Now you should have a "Bluetooth Network Connection", and you have to set it up with a static ip like Disconnect's post describes.
Wow the Real Hacking is started !
Rock and Roll!
That's pretty nice
Will wait for the DHCP version though, and I am still hoping for a USB way to do it, since Server 2008 and Bluetooth is a nightmare >.<
I keep getting read-only errors when copying into /system/xbin. I've remounted /system as read-write too. (RC30 v1.2)
And if I try to execute pand from /sdcard, I get Permission Denied errors.
Any thoughts, anyone?
The /system/xbin folder is a mounted cramfs image. So is /system/modules. Cramfs is a readonly file system.
I had to use cramfs to compress those two folders because it wouldn't all fit in /system otherwise.
If you really want to add/change something, unmount the folder, and you'll see an xbin.cramfs file in the folder instead. Download that to your computer and use the tools provided by the cramfs project to extract and repack it. Keep in mind the space limitations in /system. There isn't much space left at all
When I run this, the network interface bnep0 isn't created. Here's what happened:
I modified the tether script over in the iptables thread to load the bnep.ko module and run pand, etc.
When I ran my new script, I got an error because I forgot to set the execute permissions on pand. So, I changed the permissions.
Before I went to run the script again, I wanted to get back to my original state, so I tried to 'rmmod bnep'. That failed. I ran 'ps', and saw this process: kbnepd bnep0. I tried to kill it, which didn't work. I turned off BT from the UI, and the process ended. Then I did an rmmod bnep, and it worked.
I re-enabled BT from the UI, and went to run my script again. This time I got a new error and discovered it came from ifconfig. Sure enough, if i run 'busybox ifconfig -a' there is no interface named bnep0. When I did a 'ps' there was no longer this process called kbnepd bnep0.
I have rebooted the phone several times, recopied the module, and even upgraded to JF's v1.2 ROM (from v1.1). Still, whenever I do an 'insmod pathtomodule/bnep.ko', no network interface is created (there are no errors that output to the screen either and 'rmmod bnep' works as well with no errors).
Any ideas?
P.S. In the "Wireless controls" UI, when you tap the Bluetooth checkbox, does the text below remain "Select to turn on Bluetooth" when BT is enabled?
jbruer said:
When I run this, the network interface bnep0 isn't created.
Click to expand...
Click to collapse
Doh... the network interface isn't created until pand gets an incoming connection. pand has an option to run a script when the interface comes up, so I'll try to use that to run the rest of my setup script.
FYI..
I played around with this setup today and the adhoc-wifi tethering is much easier to setup and a lot faster.
Tethering via bluetooth I was only seeing about 70Kb/s, while Tethering via wifi I'm seeing 300+Kb/s.
Not sure if this is a bluetooth issue or what, but getting the bluetooth connection up and running is a pain in the ass compared to adhoc wifi.
Like others have stated, you have to start the pand service(also make sure in bluetooth settings the g1 is discoverable, only lasts 120 seconds) once the connection is established you can complete the other setups...
Hey, thanks for the tip about the calling the script. The connection speed sucks, but at least the setup is easier.. You still need to turn on bluetooth, and make it discoverable so windows can see the NAP and connect to it..
Here's my setup: I use dsnmasq for DHCP...
(blue.sh)
#!/system/bin/sh
insmod /data/local/bin/bnep.ko
/data/local/bin/pand --listen --role NAP --devup /data/local/bin/blue2.sh
(blue2.sh)
#!/system/bin/sh
ifconfig bnep0 192.168.2.1 netmask 255.255.255.0
ifconfig bnep0 up
/data/local/bin/iptables -F
/data/local/bin/iptables -I INPUT -s 192.168.2.254 -j DROP
/data/local/bin/iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/data/local/bin/iptables -I FORWARD -s 192.168.2.0/24 -j ACCEPT
/data/local/bin/iptables -I FORWARD -s 192.168.2.254 -j DROP
/data/local/bin/iptables -P FORWARD DROP
/data/local/bin/iptables -t nat -I POSTROUTING -s 192.168.2.0/24 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
/data/local/bin/dnsmasq -x /data/local/bin/dnsmasq.pid
parrothd said:
FYI..
Tethering via bluetooth I was only seeing about 70Kb/s, while Tethering via wifi I'm seeing 300+Kb/s.
Click to expand...
Click to collapse
Can anyone else reproduce this? (FYI it will share a wifi link but unfortunately, I'm in EDGE and my wifi is WPA2 .. so my wifi connectivity only lasts 5-10 seconds at a time, and edge is.. well.. edge..)
Disconn3ct said:
Can anyone else reproduce this? (FYI it will share a wifi link but unfortunately, I'm in EDGE and my wifi is WPA2 .. so my wifi connectivity only lasts 5-10 seconds at a time, and edge is.. well.. edge..)
Click to expand...
Click to collapse
I can confirm this. I'm in an EDGE area this weekend, so I tested by sharing a Wifi connection. Speedtest on the phone gave 4 Mbps down. Sharing over BT gave 89 kbps down. Also, when I ping the phone while connected to the PAN, I get latency around 30-50ms. Latency to google.com using the shared Wifi was around 250ms.
This may not be related, but if you look in the git for the Dream platform, init.trout.rc has this section: (http://android.git.kernel.org/?p=platform/vendor/htc/dream.git;a=blob;f=init.trout.rc;h=de41a72986890868b07d34c347245396be9f8f90;hb=HEAD)
Code:
64 service hciattach /system/bin/hciattach \
65 -n -s 115200 /dev/ttyMSM0 texas 115200 flow
66 user bluetooth
67 group bluetooth net_bt_admin
68 disabled
I know that hciattach is the BT service, and it appears that its creating a 115k baud serial port. The module we load emulates an ethernet adapter (bnep0), but I'm not sure if this serial device has any relation. Anybody around here know what the deal with this is?
Hmm. that's a good point. I'll play around with it a bit today and see if it's related
Just a quick update on this, google is working on a faster bluetooth driver, which will (automagically) make this faster too.
parrothd said:
Hey, thanks for the tip about the calling the script. The connection speed sucks, but at least the setup is easier.. You still need to turn on bluetooth, and make it discoverable so windows can see the NAP and connect to it..
Here's my setup: I use dsnmasq for DHCP...
...
/data/local/bin/dnsmasq -x /data/local/bin/dnsmasq.pid
Click to expand...
Click to collapse
WOW! Nice job. Could you please put your compiled dnsmasq somethere?
Strange thing. I setuped everything. Seeing iface on my phone via busybox ifconfig. Phone could ping himself via it's bluetooth IP.
Also PC could itself. Ifaces up and active on both sides.
But on PC I am having 0 recieved packets thru virtual bluetooth nic. While on phone i am having both RX and TX. And funny thing what RX on phone is exactly equal to TX on PC. So actually connection working but only one way...
WTF is what? Haven't even idea which way to look into this problem. Anyone have any idea about that?
hmepas said:
WOW! Nice job. Could you please put your compiled dnsmasq somethere?
Click to expand...
Click to collapse
i didn't compile it, but it's available in the iptables thread, if you can't find it I'll post it, having said that, you can also use udhcpd from busybox as well...
parrothd said:
i didn't compile it, but it's available in the iptables thread, if you can't find it I'll post it, having said that, you can also use udhcpd from busybox as well...
Click to expand...
Click to collapse
Oh thanks. I found it easily.
Btw could explain those two lines in your script:
Code:
/data/local/bin/iptables -I INPUT -s 192.168.2.254 -j DROP
/data/local/bin/iptables -I FORWARD -s 192.168.2.254 -j DROP
any secret here? for me those lines is complete useless. Or it's just your local issue which you didn't clean up before publishing script?
They're not needed, but you may want them.
dnsmasq and probably busybox udhcp will only start if you have at least 1 ip available for DHCP assignment(as far as I can tell).
This allows anyone to connect to your G1 mobile when in ad-hoc wifi mode and get access to the internet. Probably something you don't want to allow, with the limited speed and caps.
I use dnsmasq to staticly assign my laptop 192.168.2.30(cux I'm lazy and don't want to manually assign my IP), while assigning everyone else that connects to my G1 IP 192.168.2.254 which I then drop all access via iptables, so they have no access.
If you can figure out how to get dnsmasq or busybox udhcp to provide only static IP assignments then this is not needed...
My dnsmasq.conf changes..
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
dhcp-range=192.168.2.254,192.168.2.254,30m
# Always allocate the host with ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
dhcp-host=00:13:ce:b7:a8:0e,192.168.2.30
I found that if you set the lease time to 0, dnsmasq will not assign an IP address unless it's statically assigned. You still should setup some filtering to keep people of your network, but most users won't bother trying to figuring that out.
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
dhcp-range=192.168.2.254,192.168.2.254,0
Hey, I was trying to share my internet connection on my laptop with my android phone, so the android could use the laptop's internet connection via usb.
Until somebody compiles an usbnet enabled kernel into an android ROM (this would be the cleanest way), the only way I found for doing this has been emulating the "ppp over ssh" method (search google).
I know, tcp over tcp is a bad idea, but hey, it works!.
Every method I found for doing something similar is to do the opposite: share the phone internet connection with the laptop. I'd like my laptop to be the one that shares the Internet.
The idea here is quite simple:
Code:
pppd nodetach noauth nodeflate pty "ssh [email protected] pppd noauth nodetach notty" ipparam vpn 192.168.0.1:192.168.0.254
pppd in the local host can be connected to pppd in the remote host using a tcp connection, so we can have an IP tunnel between the two endpoints.
The first thing I tried was to replace the ssh part of the command with "adb shell", supposing that adb was going to respect the pipe chain, but it seems that adb doesn't connect its stdin with the shell stdin (try "echo test | adb shell cat", it simply doesn't work)
So, I made it work by using the port redirection feature in adb, and the wonderful "nc". The idea is this:
In the linux host:
Code:
# forward 12000/tcp
adb forward tcp:12000 tcp:12000
# enable routing
sysctl net.ipv4.ip_forward=1
# enable nat
iptables -t nat -I POSTROUTING -s 192.168.0.254 -j MASQUERADE -o eth0
In the android device:
Code:
# delete the default route
ip r del default
# execute pppd listening in 12000/tcp
pppd nodetach noauth pty "nc -l -p 12000" defaultroute
In the linux host:
Code:
# execute pppd connected to 12000/tcp
pppd nodetach noauth nodeflate pty "nc localhost 12000" ipparam vpn 192.168.0.1:192.168.0.254
Et voilà. The android device is accessing the Internet using my laptop's ethernet connection via USB.
I'd like to develop a more user friendly method of doing this, but first I'd like to know if somebody has been working on this already.
BTW, AFAIK this is only for linux/unix users.
EDIT: Sorry, forgot to comment: for some reason, android's pppd version, when doing this kind of things, tries to allocate a pseudo tty under "/dev.pts". As this directory doesn't exists, current pppd will fail.
I had to modify pppd source to allocate the pseudo tty under "/dev/pts" instead of under "/dev.pts". I attach the modified version of the binary.
How reliable is it?
I did the same thing a few months ago, but when I ran some heavy traffic through it, the connection broke and adb started reporting the device as "offline" until re-plugged. Are you able to run heavy traffic on top of it for more than 2-3 minutes?
When I tested it for a min it worked great, but when I really needed to use it (my ADSL went offline and I tried to run my home network's traffic through the G1 via ppp), it went offline every 2-3 minutes and needed replugging.
Correction: I retested my script now, on JF 1.51, and it works reliably. With the old kernel (2.6.25) it was unreliable but with the current one it's fine. I'm tethering over it right now.
i made a script to tethering using this pppd-mod for everyone who is interested
Code:
ADB=/opt/android-sdk-1.5/tools/adb
echo "Setting up..."
$ADB shell "echo 1 > /proc/sys/net/ipv4/ip_forward"
$ADB shell "iptables -t nat -F"
$ADB shell "iptables -t nat -A POSTROUTING -j MASQUERADE -o rmnet0"
$ADB forward tcp:12000 tcp:12000
$ADB shell "killall pppd-mod" &> /dev/null
echo "Starting PPP daemon..."
$ADB shell "pppd-mod noauth pty 'nc -l -p 12000 '" &
sleep 5
echo "Establishing connection..."
pppd noauth nodeflate pty "nc localhost 12000" ipparam vpn 192.168.0.2:192.168.0.1
while [ "`ifconfig | grep 192.168.0.1`" == "" ]; do
sleep 1
done
route del -net 0.0.0.0 &> /dev/null
route add -net 0.0.0.0 gw 192.168.0.1
echo "nameserver 4.2.2.2" > /etc/resolv.conf
echo "Connected."
Still hoping some day regular usb networking will work :-/
mzet said:
i made a script to tethering using this pppd-mod for everyone who is interested
Click to expand...
Click to collapse
Is there anything required phone-side for that to work?
juanmasg said:
Until somebody compiles an usbnet enabled kernel into an android ROM (this would be the cleanest way), the only way I found for doing this has been emulating the "ppp over ssh" method (search google).
Click to expand...
Click to collapse
skyjumper said:
Is there anything required phone-side for that to work?
Click to expand...
Click to collapse
I do believe Cyanogen's 3.9.1 has rudimentary support and he's working on getting it working. Of course the man appears to be on at least 3-4 completely unique vectors (quite impressive, I counted donut, samba, cyanogen mod, and usbnet) so it might be a little bit of time before we get this from him.
skyjumper said:
Is there anything required phone-side for that to work?
Click to expand...
Click to collapse
you have to have binary pppd-mod from first post in your $PATH on your phone and rooted phone with iptables of course
mzet said:
you have to have binary pppd-mod from first post in your $PATH on your phone and rooted phone with iptables of course
Click to expand...
Click to collapse
Ah, didnt even notice the first post had a file. Been looking to do this for some time. Thanks to whoever all helped to get it working.
juanmasg said:
Hey, I was trying to share my internet connection on my laptop with my android phone, so the android could use the laptop's internet connection via usb.
Until somebody compiles an usbnet enabled kernel into an android ROM (this would be the cleanest way), the only way I found for doing this has been emulating the "ppp over ssh" method (search google).
I know, tcp over tcp is a bad idea, but hey, it works!.
Every method I found for doing something similar is to do the opposite: share the phone internet connection with the laptop. I'd like my laptop to be the one that shares the Internet.
The idea here is quite simple:
Code:
pppd nodetach noauth nodeflate pty "ssh [email protected] pppd noauth nodetach notty" ipparam vpn 192.168.0.1:192.168.0.254
pppd in the local host can be connected to pppd in the remote host using a tcp connection, so we can have an IP tunnel between the two endpoints.
The first thing I tried was to replace the ssh part of the command with "adb shell", supposing that adb was going to respect the pipe chain, but it seems that adb doesn't connect its stdin with the shell stdin (try "echo test | adb shell cat", it simply doesn't work)
So, I made it work by using the port redirection feature in adb, and the wonderful "nc". The idea is this:
In the linux host:
Code:
# forward 12000/tcp
adb forward tcp:12000 tcp:12000
# enable routing
sysctl net.ipv4.ip_forward=1
# enable nat
iptables -t nat -I POSTROUTING -s 192.168.0.254 -j MASQUERADE -o eth0
In the android device:
Code:
# delete the default route
ip r del default
# execute pppd listening in 12000/tcp
pppd nodetach noauth pty "nc -l -p 12000" defaultroute
In the linux host:
Code:
# execute pppd connected to 12000/tcp
pppd nodetach noauth nodeflate pty "nc localhost 12000" ipparam vpn 192.168.0.1:192.168.0.254
Et voilà. The android device is accessing the Internet using my laptop's ethernet connection via USB.
I'd like to develop a more user friendly method of doing this, but first I'd like to know if somebody has been working on this already.
BTW, AFAIK this is only for linux/unix users.
EDIT: Sorry, forgot to comment: for some reason, android's pppd version, when doing this kind of things, tries to allocate a pseudo tty under "/dev.pts". As this directory doesn't exists, current pppd will fail.
I had to modify pppd source to allocate the pseudo tty under "/dev/pts" instead of under "/dev.pts". I attach the modified version of the binary.
Click to expand...
Click to collapse
Hello,
I have been trying your method without success. The phone and the computer can ping each other but no connection to the internet. Using wireshark I can't see anything on the eth0 when I try to ping from the phone. All I see is stuff from ppp0 and the loop back. What am I doing wrong?
Thanks
ethernet-over-usb
First, I appreciate juanmasg's initiaive on this much needed feature. thanks!
CyanogenMod thread at http://forum.xda-developers.com/showthread.php?t=539744 talks about experimental ethernet-over-usb functionality (see CHANGELOG for 3.9.1). I don't know how it will be used but it seems he's trying to get it to work. juanmasg can talk to cyanogen for current status and a possible integration of his methodology into his ROMs. I am monitoring his thread for any update on this feature and I just sent a tweet to cyanogen about this. he's a great developer!
With your script .I got these output
Setting up...
Starting PPP daemon...
Establishing connection...
[: 16: unexpected operator
Connected.
And it didn't work.Do you have any ideas?
Sorry for my poor English.
I use a route and the route's ip is 192.168.0.1 ,the computer's ip is 192.168.2.
I think it cause the problem but I don't know how to edit your scipt to make it works.
Hmm. Does anyone know the correct parameters to use the actual "adb ppp" command? I've searched all over the web and nobody has posted any example of how to use this command with the G1. What is the name of the tty device that we should use? etc. etc...
Never mind, I see it now in the adb source code. It's a bit useless as-is, but a small tweak would make it pretty useful. If it was changed to return an interactive_shell() session, and then invoke "pppd notty" in that session, then invoke pppd on the host, it would be a simple means of tethering over USB. The only other thing you'd need is to set up the appropriate NAT rules on either side, depending on whether you want the G1 to share the PC's network, or vice versa.
Too bad pppd insists on setting up a pseudo-tty for itself, there's no need for a tty device driver in scenarios like this.
OK, this is the patch I made to adb to make its ppp command work the way I want.
With that, invoke adb like this:
adb ppp foo notty 192.168.2.1:192.168.2.2
The <tty> parameter is no longer used; everything past the "foo" is just passed as arguments to the local pppd.
Once this is done you can set up NAT forwarding on whichever side you want.
And yes, I know this isn't a clean patch. I should make this a new command instead of usurping the existing ppp command, since presumably the original command is still useful to somebody out there. But this was just a quick hack to see if it would work, and it works great. This saves a lot of the CPU overhead of ssh / port forwarding / etc...
To use the G1's network from the PC, issue these commands on the G1:
# enable routing
sysctl net.ipv4.ip_forward=1
# enable nat
iptables -t nat -I POSTROUTING -s 192.168.2.1 -j MASQUERADE -o rmnet0
(Use tiwlan0 if you want to use the G1's wifi. Not sure why you'd need to do this if the PC already has its own wifi.)
And then set the default route on the PC
route add -net default gw 192.168.2.2
I got about 15-20KB/sec download using EDGE, and about 65KB/sec download using 3G. You may want the "usepeerdns" option in your pppd options, otherwise you'll have to edit /etc/resolv.conf yourself and copy the nameservers from the G1's /system/etc/resolv.conf
To use the PC's network from the G1, just swap the appropriate parameters around. E.g.,
Issue these commands on the PC:
# enable routing
sysctl net.ipv4.ip_forward=1
# enable nat
iptables -t nat -I POSTROUTING -s 192.168.2.2 -j MASQUERADE -o eth0
And issue this command on the G1
route add -net default gw 192.168.2.1
ppp over adb on G2
Hi guys,
I've take your example to do the same on my G2.
I've found some problem and some solution.
This is the script I used:
Code:
#!/bin/sh
ADB=/opt/Android/android-sdk-linux_x86-1.5_r3/tools/adb
echo "Setting up..."
$ADB shell "echo 1 > /proc/sys/net/ipv4/ip_forward"
$ADB forward tcp:12000 tcp:12000
$ADB shell "killall pppd-mod" &> /dev/null
echo "Starting PPP daemon..."
$ADB shell "pppd-mod noauth pty 'nc -l -p 12000 '" &
sleep 5
echo "Establishing connection..."
/usr/sbin/pppd noauth nodeflate pty "nc localhost 12000" ipparam vpn 192.168.0.2:192.168.0.1
while [ "`/sbin/ifconfig | grep 192.168.0.1`" == "" ]; do
sleep 1
done
$ADB shell "iproute add default dev ppp0" &
$ADB shell "iproute del default via 192.168.1.1 dev tiwlan0" &
echo "Connected."
But there is a problem on G2. If the system doesn't believe to be connected (WIFI or 3G) although it can go in internet through the ppp connection it doesn't go on internet.
So to fool it I've created a WIFI connection, not suitable for internet, and then deleted ( in the script ) the default route to tiwlan0.
Somebody know if is possible to believe to Android that it is connected when it isn't?
Bye
im on archlinux and i wanna do this :S how can i ?
i follow the guid in the first page but cant get to it :S when i do the last step on the linux host it says that nc its not a commmand .
anyone plzzz ????
Hi dear,
I don't know archlinux...
However the problem in your situation is that you have to install netcat too.
But if you need more help please tell us which problem you encounter with more detail.
Bye
Zioalex
zioalex said:
Hi dear,
I don't know archlinux...
However the problem in your situation is that you have to install netcat too.
But if you need more help please tell us which problem you encounter with more detail.
Bye
Zioalex
Click to expand...
Click to collapse
gonna try installing netcant and comment, thx !!!!
This thread is pretty much an attempt to provide people with a good resource for tethering, and things to help them tether better in some way. It's aimed at people who have no other normal internet connections, but a 4G phone or something. I'll add things as I go, or if people have good suggestions.
Routing your traffic through OpenVPN - Thread by a man who knows his iptables. :good:
In a nutshell:
Open up a terminal, run `su`, and allow access. Make sure you're root (`whoami` should tell you.)
Start your tethering and OpenVPN. I've found that the built-in tethering menu in Settings, and the OpenVPN Settings app (NOT the built-in VPN settings menu) work the best.
Run `netcfg` and make note of your tethering interface (wlan0, usb0, something like that), and your TUN adapter's interface (usually tun0).
Run these:
iptables -A POSTROUTING -s 192.168.43.0/24 -j MASQUERADE -t nat
iptables -A FORWARD -j ACCEPT -i usb0 -o tun0
iptables -A FORWARD -j ACCEPT -i tun0 -o usb0
Google Code project that made (and still makes?) a great Wi-Fi tethering app. - android-wifi-tether You'll need to be rooted.
Helpful app that either starts tethering after a delay, or shows a menu - Auto USB Tethering. Good for people who don't like mucking around in Settings. Delayed tether feature is a paid option, though.
Got something to add? Shoot! I'll listen.
Thank you so much. The VPN thing I didn't know about how to do it until now. T-Mobile restrict access to my PC unless I'm connect it by usb. I will try this and see how it works as I rather use my phone as a router for tethering over the air instead of USB.
Sent from my Atrix HD using Carbon rom and XDA 4 Premium
SVLAN said:
Thank you so much. The VPN thing I didn't know about how to do it until now. T-Mobile restrict access to my PC unless I'm connect it by usb. I will try this and see how it works as I rather use my phone as a router for tethering over the air instead of USB.
Click to expand...
Click to collapse
Wi-Fi tethering + OpenVPN can be a bit of a security risk if you're using WEP, and someone who knows what they're doing is nearby with the right tools. Be careful.
ArghArgh200 said:
Wi-Fi tethering + OpenVPN can be a bit of a security risk if you're using WEP, and someone who knows what they're doing is nearby with the right tools. Be careful.
Click to expand...
Click to collapse
thanks but as a network cracker myself i dont see this coming.lol
Oh.
Oh, another tip for T-Mo: they check by browser user-agent, and only have regexps for .*win%d%d.* and .*windows.* (Probably other stuff too), so if you switch your browser UA to "Linux Desktop", or strip it completely you might be fine.
I was previously using a stock rooted Nexus 4 (with 4.3) with "OpenVPN Connect" (net.openvpn.openvpn) and android built-in wifi tethering to tunnel tethered clients through the OpenVPN connection. This required some iptables modifications but worked fine.
With a stock rooted Nexus 5 (with 4.4.0) and OpenVPN Connect 1.1.12, this stopped working and that was really annoying.
Part of the issue was the one described here
But it was more complicated. It seems that there are routing table issues that I had to research a bunch.
Here are the iptables commands that I already had to run even on the Nexus 4 (with 4.3), which I got from here
Code:
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
These (above) are somewhat liberal firewall rules that you may what to refine for more security.
But below are additional routing entries that I needed to add specifically for the Nexus 5 (with 4.4.0). They force tethered clients to route through the VPN, unless their traffic is a broadcast or designated for the wifi LAN. Those exceptions are required for DHCP to work on the tethered client. They assume the tethered LAN is 192.168.43.XYZ and the OpenVPN interface is tun0.
Code:
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
This seems to all work best if I start OpenVPN after activating tethering, not before.
I'm not entirely clear whether this is a result of some change/bug in KitKat, or an incompatibility in "OpenVPN Connect", or both. I wonder if it would work ok with other OpenVPN clients like "OpenVPN for Android" (de.blinkt.openvpn)
Other Notes:
* Server is OpenVPN 2.3.2
* Server has this line set in its config:
Code:
push "redirect-gateway autolocal def1"
Running android 4.4.2 google stock image with SuperSU on LG Nexus 4. These routing commands worked great and allowed me to tunnel all WiFi tethered traffic through my VPN. Thanks for figuring this out it was bugging me!
Im stock 4.4.2 no root or anything just pure stock i download install openvpn from google play and imported my config files click connect then open PDAnet connect and the Ip is changed.
OK, so I'm having a bit of trouble understanding and implementing the fix for my nexus 5. I've already got WiFi tethering working through the sqlite db fix but now I can't get my connection to work when my VPN (PIA official app) is broadcasting. These commands you're sending, are they done on the phone terminal or computer and is that EXACTLY how theyre being entered. For rules in red where would I find the IP I would use. Thanks guys Id really appreciate any help given.
Worked!
scootley said:
This seems to all work best if I start OpenVPN after activating tethering, not before.
Click to expand...
Click to collapse
Thanks scootley! These worked me on 4.3. I activated my hotspot before OpenVPN, but I used
Code:
iptables --flush
first before entering your commands. Seems to help. My OpenVPN server config also has the following in addition to push redirect:
Code:
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway autolocal def1"
Jrock2t5 said:
OK, so I'm having a bit of trouble understanding and implementing the fix for my nexus 5. I've already got WiFi tethering working through the sqlite db fix but now I can't get my connection to work when my VPN (PIA official app) is broadcasting. These commands you're sending, are they done on the phone terminal or computer and is that EXACTLY how theyre being entered. For rules in red where would I find the IP I would use. Thanks guys Id really appreciate any help given.
Click to expand...
Click to collapse
These commands are entered on the phone. You can download Terminal Emulator or something similar through the app store.
First make sure you're connect to your hotspot from your computer. Next, let's find your local IP address. Here are the instructions for Windows:
Click on the Start menu and type cmd. When you see the cmd applications in Start menu panel, click it or just press enter.
A command line window will open. Type ipconfig and press enter.
You'll see a bunch of information, but the line you want to look for is "IPv4 Address." The number across from that text is your local IP address.
Here's how to do the same thing on a Mac:
Open System Preferences (via the Apple menu at the top lefthand corner of your screen).
When System Preferences opens, click on the icon labeled Network.
You should see a few options on the left with labels like Wi-Fi, Ethernet, Bluetooth, etc. The ones with green dots have IP addresses assigned to them. Click the one on top (if it isn't already selected) and look to the right. There should be a sentence that reads something like "Wi-Fi is connected to Chocolate and has the IP address 192.168.1.102." The number at the end of that sentence is your local IP address.
Thanks for this thread, I've nearly got tethering working through Private Internet Access/Open VPN.
When running the commands
Code:
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
i get an error "RTNETLINK answers: File exists"
I tethered up while connected to the VPN and could ping out to external IP addresses but no DNS resolution. So in my windows settings I manually specified DNS settings and can now browse the web through the VPN on my Galaxy s4!
But how do I fix the DNS issue? I want the clients that connect to pick up the DNS settings that actually work, without having to manually specify.
Thanks for any help
Vpn problem
Hi I havent tried the above options..yet
I have a sgs3 sgh-t999 . a comercial vpn account with the xxx.ovpn cert files.
after getting the details entered into open vpn and importing the cert file all is good untill I go to connect [see attachment]
phone is v4.3, baseband mjc, kernel v 3.0.31, rom S3rx v3.0 1-27-14
any suggestions on how to proceed?
RXP said:
Thanks for this thread, I've nearly got tethering working through Private Internet Access/Open VPN.
When running the commands
Code:
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
i get an error "RTNETLINK answers: File exists"
I tethered up while connected to the VPN and could ping out to external IP addresses but no DNS resolution. So in my windows settings I manually specified DNS settings and can now browse the web through the VPN on my Galaxy s4!
But how do I fix the DNS issue? I want the clients that connect to pick up the DNS settings that actually work, without having to manually specify.
Thanks for any help
Click to expand...
Click to collapse
1) RTNETLINK answers: File exists
This just means you already ran the command before during this reboot session and it's saved into the route table. If you restart your phone, and run the commands again, it will go through first time, but repeated commands will yield same error. Should be normal. Table clears on reboot.
2) Please see the thread at http://forum.xda-developers.com/galaxy-s2/help/solved-wifi-hotspot-issue-samsung-t1689242
It seems like in order for OpenVPN DNS push to work, you have to change your APN settings on your phone to have it automatically register and push out to your other devices. I had the same problem and came across this during a search.
Massive thanks to the OP for posting this here and to everyone helping out in this thread.
The above rules route wifi tethered traffic via the vpn but I was wondering if there are similar rules to route usb tether too?
Cheers
It seems to work once, but when Data connection is lost or openvpn reconnects, wifi tathering stops working, need to do everything again (switch all off, connect to 3G, vpn, create wifi hotspot and apply fix script). And somehow DNS doesn't work. Tryed on Galaxy S5, LG L70, both on 4.4.2
But in general, this workaround is working, just needs a little bit of tweaking
This is fantastic.
For those of you using VPN on your phone as well, does it seem to stay connected? My VPN (OpenVPN) was flawless on 4.3 ... I mean smooth as ice with no disconnects.
When I upgraded to Kitkat, I wanted to immediately hide in a hole from embarrassment. Only after trying to connect and stay connected did I start to read around to check what the heck was going on. Biggest mistake ever. But then again, who would have thought right? I mean come on...who would have thought it would make using VPN a nightmare after an update that's suppose to be improved? Whatever...
Anyhow, lesson learned. Now I'm waiting desperately for someone to figure out how to downgrade from 4.4 back to 4.3 and/or to find a patch/fix for this issue so we don't have to run a script on every boot or reset.
At the end of the day, at least there is a solution thanks to folks like you. Kudos to the OP and everyone else who has contributed to the work around...for the time being lets hope...
:good:
For anyone interested, I played with the commands to have it work over a USB tether instead of Wifi. Why? Because my battery life stinks and this way my phone is charging also. What the heck. works great.
The only change was in the two spots where it has "wlan0" change them to "usb0". Another change was that the subnet of the USB connection is 192.168.42.0/24 (versus 192.168.43.0/24 on wifi). I get it working in this order:
1) reboot phone (to make sure to other lingering route tables are wiped out
2) turn off wifi
3) establish VPN connection
4) start USB tethering (and have your phone usb connected to your computer
5) After eveything is hooked up, open a terminal window, make sure you have superuser access (su) and execute the commands below. I just have them saved in a text file on my phone's sd card, copy them and just paste them all at once into the terminal window. Haven't figured out how to get this to run automatically using init.d (yet - assuming you can because upon phone reboot, I have to assuming that it will spit out errors because the tun0 and usb0 devices will not exist!)
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.42.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.42.0/24 dev usb0 scope link table 61
ip route add broadcast 255.255.255.255 dev usb0 scope link table 61
Vpn api delete route joy downgraded
@grogargh
Have you tried Tasker, run shell
To run after booting [or from widget or otherwise]
http://forum.xda-developers.com/showthread.php?t=1110775
Thought this might help somebody. (Root required)
EDIT: Confirmed working on Carbon ROM 4.3/4.4
Can confirm that this works:
1) Install Crossbreeder ( http://forum.xda-developers.com/showthread.php?t=2113150 ) This modifies the DNS implementation to make the script work like it used to in Android versions pre 4.3
2) Connect VPN (I use the Private Internet Access app)
3) Start WiFi tether
4) Run the following script as superuser(all credit goes to thantos_mehak for this post: http://forum.xda-developers.com/showpost.php?p=39654892&postcount=31 ):
Code:
#!/system/bin/sh (you may need to confirm this is the proper path to sh, with `which sh`)
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -A FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
5) Connect mobile device (such as tablet) and allow it to obtain an IP address from the network before allowing Windows to connect to avoid the mobile data drop while tethering problem. Don't know why this works. Apparently something with the SGS3 and Verizon's network doesn't like to play nice with dolling out IP addresses to PCs. Connecting another Android (or other?) device before allowing your computer to connect prevents the data connection drop.
I'm tethering right now on Carbon ROM (4.3) on my Verizon SGS3.
Hope this helps!