I have a problem of setting up http proxy server for my wireless connection.
What I have done is:
1. in settings -> connections
automatically connecting to internet by using: My ISP
automatically connecting to private network by using: My Work Network.
2. In My Work Network -> proxy settings
ticks, this network connects to internet
ticks,this network use a proxy server to connect to internet.
advanced:
HTTP: proxy.proxy.proxy: 8080
3. Set my wireless connection connect to Work network.
However, after the wireless was enabled, my proxy setting alway vanished away, like I haven't setup any proxy setting at all.
If I want to try to re-set my proxy server again in My Work Network. It will vanished away when I back to setting panel.
But if I disable the wireless connection, then my proxy setting can stay there. If my wireless turned on again, my proxy setting would gone immdiately.
Do you know what's wrong?
Hi there!
Maybe I'm just too stupid, but I've benn trying for weeks now to setup the network parameters for my University's Campus network and failed miserably, so could someone please explain to me how this darn "Internet Connection Manager" works?
What I need in brief:
How can I setup a proxy to use with and only with
- HTTP(S) and FTP(S)
for a WiFi-Network that
- is NOT encrypted
- does NOT require dialing a number / accessing a modem
- does NOT use a VPN
??
Whenever I try this it always results in the connection dying completely.
In other words: When I select my standard UMTS-uplink as "default connection for programs connecting automatically" and then manually establish a WiFi-connection I can reach all computers available on the campus network get ping responses and everything, but I cannot use a proxy, hence not load off-campus pages.
When I define a new connection and enter my settings (just WiFi-name and the proxy details) I can still establish a WiFi-connection, but get a ping timeout even on the access point and the intranet servers usually available through the WiFi. No SSH login, no intranet, nothing (but I do get an IP assigned & stuff)
Here's what I would like to do in theory:
=> Manually connect to a WiFi-Network called "tuwlan".
. -open network
. -no encryption
. -IP, netmask, gateway, nameserver etc provided automatically by DHCP
=> Establish a SSH2 (SecureShell) connection to our on-campus proxy server and tunnel some ports to get through the Subnets (extremely restrictive) firewall.
. -SSH including port forwarding done with PockeTTY, works like a charm
=> Use Opera Mobile to surf web pages and FTP Sites through the proxy "localhost:40081" (which is forwarded to our campus proxy server through SSH2).
=> The Proxy only knows HTTP(S) and FTP(S), so all other programs (ICQ, Skype etc) are not to use it!
This setup used to work great with older Opera versions, but they removed the proxy setting dialog in favor of directly using the ICM settings.
So now I'm stuck with Microsofts Internet Connection Manager
Can anyone please help me to get this working?
Trying to connect to a WiFi network with a proxy server and internet explorer states that the page cannot be displayed, on a laptop it takes you to a login page for the school but it just wont work.
Thanks for any help.
The purpose of this post is to explain how to tether with openvpn, which will hopefully avoid ATT's all seeing eyes, as well as prevent any detection during tethering.
All ATT will ever see is encrypted traffic between a connection that is initiated from my phone and ends at my vpn server. So the only way they would be able to determine if you are tethering, is if they are spying on you ala CIQ directly on your device, or your device phones home and tattles on you. That would open up a different can of worms and a **** storm would ensue.
This method requires a number of things.
* Openvpn server (preferably running on a static address, but will work with dynamic DNS services) with a reliable connection. I use a VPS server for $25 a month, but it is fast and reliable.
* Openvpn on your phone (any will work as long as it has the tun driver or tun built into the kernel(
* Some sort of gateway (your openvpn server can be running on it as well, or a seperate host), I use Freebsd/Openbsd. For linux, your on your own to figure out NAT and gateway functions.
Really, that is about it.
My Openvpn server config, you can set it up any way you like, but certain statements are required, specifically those in the hashed out box if you want your subnets to talk to each other, and route the traffic
Code:
port ****
proto tcp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/vps.server.crt
key /usr/local/etc/openvpn/keys/vps.server.key
dh /usr/local/etc/openvpn/keys/dh2048.pem
server 192.168.150.0 255.255.255.0
ifconfig-pool-persist ipp.txt
mode server
client-to-client
client-config-dir ccd
###############################################
# my phone and home subnets, can be any RFC1918 address space
# Advertise and note your home subnets in this section, unless you
# do not want the various subnets to talk to each other, then you
# can also remove the client-to-client statements
###############################################
push "route 192.168.15.0 255.255.255.0"
push "route 192.168.43.0 255.255.255.0"
route 192.168.15.0 255.255.255.0
route 192.168.43.0 255.255.255.0
###############################################
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 4
My client config on my phone (change the remote statement to match your openvpn server host and port)
Code:
client
proto tcp
dev tun
remote vpn.example.com 1234
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
/usr/local/etc/openvpn/ccd is where I have my client specific configs (match the location to that identified in the server.conf file for your vpn server). I also use certificates unique to each host that connects to my vpn, the names of the files in the "ccd" directory must match the name you gave the device when you created your certificates. I use easy-ssl to manage my certs.
for my phone, which I named "galaxy_s" I have the following (note the DNS option is optional, I was having problems with it so I just hardcoded 8.8.8.8, googles dns server into my network settings on my laptop)
/usr/local/etc/openvpn/ccd/galaxy_s
The iroute statement just tells the openvpn server what subnets you have behind your device, in this case the phone. I am guessing all of the android phones use 192.168.43.x as the NAT'd subnet, otherwise change it to whatever your phone is assigning.
Code:
push "redirect-gateway"
push "dhcp-option DNS 192.168.15.1"
iroute 192.168.43.0 255.255.255.0
The rest of the configurations are related to your primary gateway, which in my case also runs the openvpn server. I am using freebsd and pf, the configs needed for that are essentially natting statements, and firewall rules.
for pf, the following rules are what I use
I also trust all the traffic on my tun0 device, so I told pf to ignore it and pass all traffic
Code:
nat on $int from 192.168.150.0/24 to any -> $int/32
nat on $int from 192.168.43.0/24 to any -> $int/32
set skip on tun0
Hopefully this is useful to other folks, if not, let it be buried
THanks for an EXCELLENT guide!
Quick question. When I use this server conf file, my ssh on my local network hangs up and goes down.
In other words:
I am running openvpn on a home linux server. It is connected through a home router to the internet and has a network set up at 192.168.1.0.
Router is 192.168.1.1,
vpn server is on 192.168.1.51.
If I start openvpn, I cannot ssh from a local network (192.168.1.81) laptop. If I turn off openvpn I can. I changed your 192.168.15.0 addresses in server conf file to 192.168.1.0. I have a feeling it has to do with that.
Well, yes, you will need to modify the configs to suit your own address scheme. As for why you cannot ssh, I am not sure, is that .81 device on the same network as the openvpn server, or are you coming from a different network.
My setup has the gateway the same as the openvpn server simply due to the fact that I am using a Virtual Private Server (VPS) and I only have that as the 1 external static system.
I would check the route statements, I'm not sure, but you might have a routing loop that would be causing the problem, can you traceroute or ping, or use any other protocol/application to see if you can connect). If you set the default gateway of the openvpn server as the .1 address, and then you are trying to connect to another internal address, the .81, when you ssh from whatever device is connected to the openvpn server, it may attempt to connect to the gateway at .1 and then return back into your network to .81.
I could be wrong, it is hard to tell when you are not sitting at the actual systems.
Got it to work! Here's some tips for others
Thanks again for your help jvanbrecht. Last night I was able to sit down, get a better understanding of how it worked via openvpn's HOWTO, and get it running.
I did need to make a few mods for it to work in my configuration (as is expected since very few network configs are the same).
My configuration:
Single home network, say on 192.168.15.0.
Single router, at 192.168.15.1.
Home server hosting VPN on 192.168.15.51. It is running Ubuntu Maverick.
Skyrocket on subnet 192.168.43.0
My modifications:
Since I don't need direct access between VPN clients and my home subnetwork, in the server config I commented out:
Code:
#push "route 192.168.1.0 255.255.255.0"
#route 192.168.1.0 255.255.255.0
It was giving me some problems SSHing into my home server from a local network machine so this was the quick fix.
Initially it wasn't routing ALL traffic, just that directed from VPN client to the VPN server. So I added this to the server conf:
Code:
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.150.1"
In my home (tomato) router, I just port forwarded any TCP traffic on 1194 to the home server (192.168.15.51)
I think openvpn does this already. But just in case, I added an iptable nat entry to forward packet from VPN network to eth0 (my NIC). As root:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
And I added the following entry to /etc/rc.local so it persists on restart.
Code:
iptables -t nat -A POSTROUTING -s 192.168.150.0/24 -o eth0 -j MASQUERADE
Some debugging tips for others
Simplest way to verify HTTP traffic is being forwarded is, after connecting to vpn from phone, go to www.whatismyip.com. Make sure it matches your phone.
If you are having trouble connecting to the VPN, watch the openvpn log for errors. "tail -f /var/log/openvpn/openvpn.conf"
After connecting, make sure you can ping from your home server to the phone.
From Server: "ping 192.168.150.10"
From Phone: Open Terminal Emulator and type "ping 192.168.150.1"
You can also validate the traffic is forwarding through VPN by using traceroute. You can test both forwarding and DNS
From Phone: Open Terminal Emulator, type
Code:
su
For no-DNS test first:
Code:
traceroute 74.125.115.104
For DNS test:
Code:
traceroute www.google.com
For each, do your tests on the cell network (NOT home wifi) and verify that the route passes through your vpn server and doesn't bypass it completely.
Lastly to make sure traffic is being piped, you can monitor VPN traffic from your openvpn server by typing:
Code:
tcpdump -i tun0
jvanbrecht:
Do you have any recommendations about dropped connections? I noticed while testing that sometimes my openvpn connection would drop and my phone browsing would immediately default to the direct default cell provider connection.
Of course if tethering, this could be very bad.
Any tips on ensuring that if VPN is enabled, but no connection, that it won't ever try and route around it?
would using any vpn do the same thing? or something making this special ? any one tested this ?
It's been a few weeks since I tried the openvpn app. Back then everything seemed to be working well. But I tried again today and am having problems.
- I can access everything fine via vpn if my phone is connected to my local wifi where the vpn server resides.
- I can access IP addresses (e.g. the ip address of google.com) if connected to vpn via AT&T's 3G network
- I CANNOT access websites by their name (e.g. www.google.com) anymore.
It seems the DNS forwarding over VNC is messed up. Any tips on what the problem could be?
I still have the same settings as above, e.g. push "dhcp-option DNS 192.168.150.1"
Is it possible I need to do any additional configuration on my phone?
Is it possible to replace my router DNS address with a public one like google's "8.8.8.8" or "4.2.2.2"?
Any tips greatly appreciated!
Deleted. Please ignore. Still having issues.
So I had the opportunity to play around with my config (listed above) a bit more this evening. I was at a location where I had good external WiFi (Panera) along with 3G.
If I connect from my phone to my home VPN server over EXTERNAL WIFI (Panera), I have no problems with VPN. everything works flawlessly.
If I connect from my phone to my home VPN server over AT&T 3G network, it fails. Essentially it can't resolve any DNS queries. I can type in a website's IP address and surf that way, but I can't say type in "www.cnn.com" and get a page to load.
For the latter, when I watch the web queries using "tcpdump -i tun0", I see the requests go out from my phone to the websites, but they don't come back. For example, I see:
"192.168.150.10 > a.b.c.d (www.cnn.com)",
but I don't see:
"a.b.c.d (www.cnn.com) > 192.168.150.10"
Is it possible that AT&T is somehow blocking VPN via DNS? At first I thought my openvpn dns settings were messed up ... but it works across external wifi no problem.
---------- Post added at 01:24 AM ---------- Previous post was at 01:07 AM ----------
For those that are interested in the future, I think I narrowed down the issue:
It seems VPN connectivity is dependent on the AT&T Access Point Network (APN)
By default for my Skyrocket I was on the AT&T PTA APN wit settings:
Code:
APN: pta
MMSC: http://mmsc.mobile.att.net
MMS proxy: proxy.mobile.att.net
MMS Port: 80
...
I then switched to what is called the "AT&T Expanded" APN with settings:
Code:
APN: wap.cingular
User Name: [email protected]
(rest of settings somewhere here on xda ...)
... and that one worked perfectly.
I switched back and forth a few tiimes to confirm. It seems on pta, I can't resolve DNS over VPN. For the wap.cingular, I have no problems.
Anyone else can confirm this is most likely the issue I am seeing and that it can possibly make sense?
Hi, I am very familiar with methods for bypassing mobile data (T-mobile) throttling when hotspot is enabled.
I tried every single one of them. It doesn't work on my phone which doesn't have USB debugging enabled.
Please don't tell me to root my device or enable usb debugging. I will never do that.
I have found one solution which is kind of a pain to setup everything
And I have found one other half measure which is a bit easier to setup.
Solution one involves,
1) Downloading Termux
2) Type ifconfig to get the hotspot IP address
3) Set password with passwd
4) Type sshd -dD
5) Then over to the PC, open up my ssh client (I use bitvise)
6) Type in the hotspot IP address and the listening port from step 4
7) Go to services tab and enable socks/HTTP proxy forwarding. Set listen interface at 127.0.0.1:12345
8) Go to PC global proxy settings and type in 127.0.0.1:12345
9) Check the speed to see that it is not throttled
10) I was getting 10-50 mbps now
Solution two involves,
1) Downloading proxy server app
2) setup a shadowsocks server at hotspot ip:random port with aes-256-gcm encryption
3) Go to the PC and download shadowsocks program.
4) Add server ip as the hotspot ip. Add server port as the random port assigned in step 2, add password
5) Right click on the tray icon and set system proxy as global.
6) Check to see that speed is not throttled at 600kbps
7) I found out that it was now throttling at 3mpbs instead of 600kpbs
Problems I am facing.
1)DHCP assigns random IP to the hotspot IP whenever you turn on / off the hotspot.
There is no way to assign static IP without root. So I like solution 2 because the proxy server app automatically updates shows me the hotspot IP and I can simply click it to set it. With solution 1, I have to go to termux and ifconfig everytime to get my ip address.
2) The shadowsocks solution is slower at 3mbps max speed compared to solution 1. Although it's better than the 600kbps throttle, I still don't know why it is being throttled at 3mbps. Anyone know how to fix this?
3) I would like to mask my internet activity on my PC from my mobile provider with a VPN or something. Everytime I enable the VPN on the PC on top of everything, Then I'm back to being throttled at 600kbps.
If I enable VPN on phone before setting up shadowsocks, then it doesn't work. My end goal is to prevent my carrier from knowing what I'm browsing on my PC that is connected up to the shadowsocks being hosted on my phone using the mobile data. How to achieve this?
Thank you.