OpenVPN for PocketPC doesn't work - why? - General Topics

Hallo zusammen,
I try to make a make a OpenVPN-Connection with my HTC-Hemes to my OpenVPN-Server. When I connect a Computer to my Hermes I can establish a VPN-Connection without any problems.
When I try to use the same Client-Config-File on my HTC-Hermes with OpenVPN for PocketPC it doesn't work.
I use the official ROM of WM6 (T-Mobile Germany) on my Hermes
I use this Version of OpenVPN for PocketPC:
http://ovpnppc.ziggurat29.com/ovpnppc-main.htm
I used the cab-File to install it directly on the Hermes
Where is the problem?
What do I have to change?
My OpenVPN-Server config:
# OpenVPN 2.1 Config, Sat Mar 21 10:01:07 CET 2009
proto udp
dev tap
ca /tmp/flash/ca.crt
cert /tmp/flash/box.crt
key /tmp/flash/box.key
dh /tmp/flash/dh.pem
tls-server
tls-auth /tmp/flash/static.key 0
port 1194
push "redirect-gateway"
ifconfig 192.168.201.97 255.255.255.0
push "route-gateway 192.168.201.97"
push "route 192.168.3.0 255.255.255.0"
max-clients 4
tun-mtu 1500
mssfix
verb 3
daemon
cipher BF-CBC
comp-lzo
float
keepalive 10 120
push "route-gateway 192.168.3.101"
Click to expand...
Click to collapse
my Client-Config:
client
dev tap
proto udp
remote tauscher.dyndns.org 1194
nobind
persist-key
persist-tun
ca "\\Programme\\OpenVPN\\config\\ca.cer"
cert "\\Programme\\OpenVPN\\config\\client1.cer"
key "\\Programme\\OpenVPN\\config\\client1.key"
tls-remote Eumex
tls-auth "\\Programme\\OpenVPN\\config\\ovpnstatic.key" 1
auth SHA1
cipher BF-CBC
comp-lzo
verb 4
Click to expand...
Click to collapse
Log of the Client:
http://pastebin.com/f447ce60b
Best wishes
UP

Related

How do I spoof the mac address?

Is there a way to change the MAC address functionally, so that other devices think it has that address?
I have tried these methods (tiwlan0 corresponds to the wifi mac, no, it's not eth0)
In ADB: # ip link set tiwlan0 address 00:12:f0:dd:cc:dc
error: ip: SIOCSIFHWADDR: Operation not supported on transport endpoint
In terminal emulator on the phone: ip link set tiwlan0 address 00:12:f0:dd:cc:dc
error: ip: socket: operation not permitted
I have heard that some do change it but it reverts when communicating with a device.
It is working via fastboot.. There was a method somewhere in the Hero section.
Does this work on the G1?
Yes, it works flawlessly.
forum dot xda-developers dot com/showthread dot php?t=686789&highlight=mac+address+fastboot
Or search for mac fastboot in hero development forum.
On demand!
But how to do it on demand?
I usually can't launch fastboot in the airport
Removed...

[Q] IPSec on ICS w/ pfSense

Has anyone gotten IPSec (either L2TP/IPSec w/ PSK or IPSec Xauth PSK) to work on ICS (4.0.3) with pfSense 2.0.1? I'm looking for clues. It's not working for me.
The closest I've gotten this to work is by setting level 1 to aggressive/DES/MD5 and level 2 to ESP/AES(auto)/MD5.
Not sure if this is part of the problem though:
racoon: INFO: login failed for user "XXXXXXXX"
racoon: DEBUG: Attribute XAUTH_USER_PASSWORD, len 15
racoon: DEBUG: Attribute XAUTH_USER_NAME, len 8
racoon: DEBUG: Short attribute XAUTH_TYPE = 0
but the passwd is 14 chars long.
Has anyone gotten ICS to link up with pfSense 2.0.1?

[APP][2.2+] DigiControl/DigiSSHD 0.2 - SSH server with per session control

DigiControl - Lightweight Android agile helper for console applications. It is based on C++ Boost, Scala, AspectJ.
DigiSSHD component for DigiControl, based on Dropbear SSH Server and OpenSSH SFTP Server.
This is alpha stage software
Software
DigiSSHD is a DigiControl component that provide:
Security Shell - remote shell service or command execution
Security Copy - transfer files between android and remote client
Security FTP - transfer files between android and remote client
BTW look for SFTP vs. SCP
It is based on open source software:
Dropbear server (Shell and SCP) available under MIT license
OpenSSH server (SFTP) available under BSD license
DigiControl is agile helper for console applications such as a network services, local utilites and so on. DigiControl have a lot of things under the hood that allow to start/stop/restart Digi components, interact with sessions and permissions and much more. It is mediator between installed components, plugins, android device and you.
It is alpha stage software writen in Scala language. Scala on Android is a bit out of mainstream, so take it easy. Bridge piece is on C++ BOOST.
Large part of the DigiControl source code available at GitHub as DigiLib library under Apache 2.0 license.
Core part of the DigiSSHD source code available at GitHub under GPLv3 license, another one available as DigiLib library under Apache 2.0 license.
FYI There are a lot of threads and hundreds of places with watchdog timer and thousands of places with recovery logic. Also user interface and background service are independent processes.
If application freeze... The longest watchdog timeout is about 5 minutes, the shortest watchdog timeout is 1 second, most of them - not more then 20 seconds. Wait. After unfreeze, upload report to us.
If application block something or show something unexpected, as you think ;-) Upload report to us, then rotate you device. After device rotated, there'll be reinitialization.
If something blows up, it explodes with stack traces, uh, Sssssmmmokie! Restart application after crash, upload report to us.
You may upload report via context menu. The report dialog will be appear automatically if there is a stack trace.
If you have an idea how to improve DigiNNN or a wish to change something, please submit your idea via GitHub tracker. Please, submit technical issues too.
There is only DigiSSHD component available at this time. DigiSSHD is sshd server that provide secure shell, scp and sftp
Please install DigiControl and DigiSSHD simultaneously. This is two parts of the single application.
Interface
There are two ACL types (access control list)
interface ACL that defined what network interface(s) will be used (tab service)
connection ACL that defined (by IP) allow/deny rules to access to phone, and interactive mode (tab session)
You may find current IP at information tab
Port option located at service tab
Code
It may be interesting because it almost written in Scala. Actualy apk build with scala 2.8.2.
Scala 2.9.x and 2.10.0 M2 have some critical bugs in compiller and too fat :-( There are few insignificant java files. Maybe someday it will be replaced with scala code, but I don't want waste time.
Controller native helper written in C++ with BOOST (I don't like C, C#, java and assembler ) It is battery friendly single threaded asynchronous INETD server. This is the only non Scala part.
All application created in XXP style (extreme extreme programming ) - no unit tests, no design, no comments, only the simplest code that easy to read
If you find BUG sure you will ;-) Please open issue on github or click on report in context menu. Report will be uploaded to Google Cloud storage.
Versions
0.2
- Improvements: add notification with service state
- Improvements: remember last active tab
- Bug fixes: remove toolbox/busybox dependency (file objects permission control is less granular now)
- Improvements: add ui for public key authentication
- Bug fixes: remove some startup deadlocks
- Improvements: by default add connection from private networks to permit ACL
- Improvements: by default new components enabled
- Improvements: add contol level background (novice, intermediate, professional)
- Improvements: add sshd profile generation
0.1.05
- Bug fixes: fix sporadic error on component restart
- Bug fixes: fix preferred layout orientation
- Improvements: implement smart shutdown sequence mechanism. No task killer needed. All components and their dependencies (include services and providers) terminated in proper order with respect to idle timeouts
- Improvements: more verbose single user/multi user logic
- Bug fixes: set minimum API level to 9
- Bug fixes: progress dialog deadlock at multiple activity change
- Bug fixes: busy state lock
0.1.04
- Bug fixes: 'port already in use' bug
- Improvements: improve dialog routines
- Improvements: improve log rotation, add gzip compression to initialization sequence
0.1.03
- Improvements: add database retry guard that prevent sporadic errors
- Improvements: add coreutil 'ls', improve groups helper, now SCP working at most of devices without any tuning
- Improvements: add active user name to session entry
- Bug fixes: set minimum API level to 10
- Bug fixes: fix creation of unused /sdcard/Android/data/file empty directory
move the magic button to the top by user request
- Bug fixes: drop Android 2.2 Froyo support hacks
- Bug fixes: remove deadlock in safe dialogs
- Bug fixes: fix possible desynchronization in global shutdown sequence
- Improvements: add welcome dialog and assistant with green sputnik
- Improvements: add option of preferred layout orientation
0.1.02 - critical bugfixes
0.1.01 - 16.05.2012
- Improvements: reduce size, move DigiSSHD to SD card
- Improvements: improve stability, add SCP groups helper
- Bug fixes: SFTP permissions
- Improvements: add activity event log
- Improvements: add session event log
- Improvements: add single user/multi user mode
- Improvements: improve interface, user management
- Bug fixes: fixes tons of bugs
0.0.2 - 03.05.2012 mostly working
0.0.0 - 21.04.2012 something working
Your Help Is Always Welcome
* user interface - unstable
* native helper - mostly stable
* dropbear server - stable
King Regards,
Alexey
Please TURN ON subtitles in video.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
reserved
[ reserved ]
Looks like an impressive app, thanks...
Is there any way to use key-based authentication instead of a password, please?
Wonderful work!
I will fix up public key authentication in next release. I need add few functions.
I hope that new release 0.1.06 will be ready within 2 days.
Thank you for your interest in app. It is really important for me.
cdmackay said:
Looks like an impressive app, thanks...
Is there any way to use key-based authentication instead of a password, please?
Click to expand...
Click to collapse
I have tested key-based authentication - it work both in privileged and unprivileged modes. Sorry for delay ;-)
Thanks for the new version; my comments, for what they're worth:
- Control level background: interesting idea, but I didn't notice it actually showing anything; turned off, nothing seemed different.
- Notification icon; I'd like there to be an icon only when the Control program is actually enabled. As it is, it seems there is no way to disable the icon when things are "OFF"?
- Publickey works well for user android (thanks!). But doesn't seem that there is any way to do per-user public keys, when using multi-user? I don't need this functionality mind you, single-user is enough for me, just mentioning it.
- I would like to be able to disable password access entirely, and use only publickey. That doesn't seem possible at the moment?
- The apps are a little complex; that's not a problem, but I think there could be better documentation, esp on how to do common things. It's possible that this is there already, but docs seem a little spread around...
thanks again...
It worked couple days ago. Today after restoring from TB, it kept on restarting itself. I later noticed that it was trying to bind under an older LAN ip from couple days ago. I unchecked the older ip and add the curent lan ip, but it still restarting itself and shows error. I let it emailed the report to you. I'm on Vibrant CM9 nightly 20120704
I noticed couple things from first try. The OFF button in Digisshd does not change to ON when it was started. I couldn't tell if it already started or not. Don't take this the wrong way, but the gui seems to have lots of features but not intuitive yet. There should be some obvious status/indicator. The many tabs are nice and your project seems powerful sshd, but somehow I'm still lost in figuring it out.
Thank you for feedback. For bind issues - You may remove all bind filters, so it will be looks like
I will check report. I am preparing version 0.3 right now. It will fix some system design issues, also it will be adjusted for level API 15 (fragments, action bar, and so on). I am sure that I achieve target within two days.
UI is really weak point. :silly: Maybe I will build some trigger that hide intermediate and professional level... options VS plain and simple UI - question of balance. I want have all available options.
kobesabi said:
It worked couple days ago. Today after restoring from TB, it kept on restarting itself. I later noticed that it was trying to bind under an older LAN ip from couple days ago. I unchecked the older ip and add the curent lan ip, but it still restarting itself and shows error. I let it emailed the report to you. I'm on Vibrant CM9 nightly 20120704
I noticed couple things from first try. The OFF button in Digisshd does not change to ON when it was started. I couldn't tell if it already started or not. Don't take this the wrong way, but the gui seems to have lots of features but not intuitive yet. There should be some obvious status/indicator. The many tabs are nice and your project seems powerful sshd, but somehow I'm still lost in figuring it out.
Click to expand...
Click to collapse
Request: optional blank DigiControl notification icon?
I'm using DigiSSHD along with DigiControl on two android devices: a myTouch 4G Slide running CM-7.1.0 and a Galaxy Tab 2 10.1 running CM-9.0-RC2. In both cases, it's working very well for me. Thank you for a great couple of utilities!
I have a request: as an option, could you offer a blank DigiControl notification icon, to keep the clutter out of the notification area? I know that the presence of such an icon is necessary in order to ensure that DigiControl doesn't get swapped out or shut down, but if you offered a blank icon, at least we wouldn't _see_ it in the notification area.
For example, the Tasker app offers an optional blank icon for the same purpose.
Thank you very much for considering this request.
.​
Hi. Great app! Thanks for your work on this! Is there a tutorial for how to connect using USB? My phone is a Galaxy Nexus (running Cyanogenmod 9 RC2). As you know, the Galaxy Nexus uses MTP instead of USB Mass Storage. MTP does not work well for me. I would prefer to use SFTP over USB. I believe DigiSSHD allows this, but I need some step by step instructions. So far, I have not figured out how to make it work.
One solution I am thinking of is to use EasyTether. At the moment, my phone is plugged into my Linux box via USB and EasyTether is connected. I can ping the phone on 192.168.117.1. What are the next steps?
If not using Easy Tether, what other ways can I connect via SFTP and USB to my Galaxy Nexus? Thank you for your work on this very important app!
1. open DigiSSHD info tab. Look at interfaces block. USB interface must be there.
2. start DigiSSHD
3. open any terminal on phone, enter netstat -al
example from my phone
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:7777 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7203 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:32500 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:43866 127.0.0.1:7777 ESTABLISHED
tcp 0 0 10.255.255.247:47225 213.75.57.103:443 ESTABLISHED
tcp 0 0 127.0.0.1:7777 127.0.0.1:43818 ESTABLISHED
tcp 0 0 127.0.0.1:7777 127.0.0.1:33561 ESTABLISHED
tcp 0 0 127.0.0.1:7777 127.0.0.1:43819 ESTABLISHED
tcp 0 0 127.0.0.1:43818 127.0.0.1:7777 ESTABLISHED
tcp 0 0 10.255.255.247:2222 10.255.255.250:47123 ESTABLISHED
tcp 0 0 127.0.0.1:7777 127.0.0.1:43866 ESTABLISHED
tcp 0 0 127.0.0.1:43819 127.0.0.1:7777 ESTABLISHED
tcp6 0 1 ::ffff:10.255.255.247:46121 ::ffff:173.194.32.32:80 CLOSE_WAIT
tcp6 0 0 ::ffff:127.0.0.1:33561 ::ffff:127.0.0.1:7777 ESTABLISHED
tcp6 0 1 ::ffff:10.255.255.247:51556 ::ffff:173.194.32.48:443 CLOSE_WAIT
tcp6 0 1 ::ffff:10.255.255.247:37148 ::ffff:173.194.32.0:443 CLOSE_WAIT
tcp6 0 0 ::ffff:10.255.255.247:35515 ::ffff:173.194.69.188:5228 ESTABLISHED
tcp6 0 1 ::ffff:10.255.255.247:48747 ::ffff:173.194.32.8:443 CLOSE_WAIT
tcp6 0 1 ::ffff:10.255.255.247:43505 ::ffff:173.194.32.18:443 CLOSE_WAIT
Red string indicate that you may connect to tcp port 2222 on any available interface (0.0.0.0)
If something lost send me message via PM, we will troubleshoot your connection
MountainX said:
Hi. Great app! Thanks for your work on this! Is there a tutorial for how to connect using USB? My phone is a Galaxy Nexus (running Cyanogenmod 9 RC2). As you know, the Galaxy Nexus uses MTP instead of USB Mass Storage. MTP does not work well for me. I would prefer to use SFTP over USB. I believe DigiSSHD allows this, but I need some step by step instructions. So far, I have not figured out how to make it work.
One solution I am thinking of is to use EasyTether. At the moment, my phone is plugged into my Linux box via USB and EasyTether is connected. I can ping the phone on 192.168.117.1. What are the next steps?
If not using Easy Tether, what other ways can I connect via SFTP and USB to my Galaxy Nexus? Thank you for your work on this very important app!
Click to expand...
Click to collapse
Ezzzzh said:
1. open DigiSSHD info tab. Look at interfaces block. USB interface must be there.
Click to expand...
Click to collapse
Thanks for your reply. Starting at step 1, no interface block is shown. I only see sections for community, support and legal under the information tab. How should I troubleshoot this?
You open DigiControl, not DigiSSHD. Jump to DigiSSHD
MountainX said:
Thanks for your reply. Starting at step 1, no interface block is shown. I only see sections for community, support and legal under the information tab. How should I troubleshoot this?
Click to expand...
Click to collapse
If you really open DigiSSHD and interface block is absent... Send me report please from option menu. There is a lot of surprises in reality. Maybe Interfaces block is disappeared???
MountainX said:
Thanks for your reply. Starting at step 1, no interface block is shown. I only see sections for community, support and legal under the information tab. How should I troubleshoot this?
Click to expand...
Click to collapse
Ezzzzh said:
1. open DigiSSHD info tab. Look at interfaces block. USB interface must be there.
Click to expand...
Click to collapse
Ezzzzh said:
You open DigiControl, not DigiSSHD. Jump to DigiSSHD
Click to expand...
Click to collapse
Yes, you are right. Now I am looking at the Information Tab of DigiSSHD. I see the Interfaces block.
My phone is plugged into my computer via USB at the moment. There is no USB interface listed. (This is true both with and without EasyTether running.) There are other interfaces listed such as ifb0, ifb1, rmnet0, rmnet1, rmnet2 and sit0. All these have addresses of 0.0.0.0. wlan0 is also listed with an address of 192.168.x.x.
However, when EasyTether is enabled, I can currently ping my phone from my PC via the USB interface:
ping 192.168.117.1
PING 192.168.117.1 (192.168.117.1) 56(84) bytes of data.
64 bytes from 192.168.117.1: icmp_req=1 ttl=128 time=4.32 ms
64 bytes from 192.168.117.1: icmp_req=2 ttl=128 time=4.52 ms
What is the next troubleshooting step? Thanks.
show
ifconfig -a
and
netstat -al
from phone
MountainX said:
Yes, you are right. Now I am looking at the Information Tab of DigiSSHD. I see the Interfaces block.
My phone is plugged into my computer via USB at the moment. There is no USB interface listed. (This is true both with and without EasyTether running.) There are other interfaces listed such as ifb0, ifb1, rmnet0, rmnet1, rmnet2 and sit0. All these have addresses of 0.0.0.0. wlan0 is also listed with an address of 192.168.x.x.
However, when EasyTether is enabled, I can currently ping my phone from my PC via the USB interface:
ping 192.168.117.1
PING 192.168.117.1 (192.168.117.1) 56(84) bytes of data.
64 bytes from 192.168.117.1: icmp_req=1 ttl=128 time=4.32 ms
64 bytes from 192.168.117.1: icmp_req=2 ttl=128 time=4.52 ms
What is the next troubleshooting step? Thanks.
Click to expand...
Click to collapse
Ezzzzh said:
show
ifconfig -a
and
netstat -al
from phone
Click to expand...
Click to collapse
This is with EasyTether CONNECTED!
[email protected]:/ # netstat -al
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:58682 127.0.0.1:33333 ESTABLISHED
tcp6 0 0 :::33333 :::* LISTEN
tcp6 0 1 ::ffff:192.168.1.29:55777 ::ffff:74.125.45.120:80 CLOSE_WAIT
tcp6 0 0 ::ffff:192.168.1.29:37690 ::ffff:74.125.137.188:5228 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.29:47507 ::ffff:173.194.37.80:443 CLOSE_WAIT
tcp6 0 1 ::ffff:192.168.1.29:42791 ::ffff:173.194.37.81:443 CLOSE_WAIT
tcp6 0 0 ::ffff:192.168.1.29:53132 ::ffff:74.125.45.101:443 ESTABLISHED
tcp6 0 0 ::ffff:127.0.0.1:33333 ::ffff:127.0.0.1:58682 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.29:34921 ::ffff:74.125.139.138:80 CLOSE_WAIT
tcp6 0 1 ::ffff:192.168.1.29:34199 ::ffff:74.125.45.101:443 CLOSE_WAIT
udp6 0 0 :::44717 :::* CLOSE
[email protected]:/ # ifconfig -a
-a: no such device
[email protected]:/ # ifconfig
[email protected]:/ #
Google search: "android ifconfig syntax" --> no useful results found
---------- Post added at 05:21 PM ---------- Previous post was at 05:17 PM ----------
Ezzzzh said:
show
ifconfig -a
and
netstat -al
from phone
Click to expand...
Click to collapse
Here it is without EasyTether connected:
[email protected]:/ # netstat -al
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp6 0 1 ::ffff:192.168.1.29:55777 ::ffff:74.125.45.120:80 CLOSE_WAIT
tcp6 0 0 ::ffff:192.168.1.29:37690 ::ffff:74.125.137.188:5228 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.29:47507 ::ffff:173.194.37.80:443 CLOSE_WAIT
tcp6 1 1 ::ffff:192.168.1.29:42791 ::ffff:173.194.37.81:443 LAST_ACK
tcp6 0 0 ::ffff:127.0.0.1:33333 ::ffff:127.0.0.1:58682 TIME_WAIT
tcp6 0 1 ::ffff:192.168.1.29:34921 ::ffff:74.125.139.138:80 CLOSE_WAIT
tcp6 0 0 ::ffff:192.168.1.29:49525 ::ffff:74.125.45.138:443 ESTABLISHED
tcp6 0 0 ::ffff:192.168.1.29:46645 ::ffff:74.125.45.139:443 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.29:34199 ::ffff:74.125.45.101:443 CLOSE_WAIT
[email protected]:/ #
still no results from ifconfig....
First of all I don't see any 0.0.0.0:2222. Are you start DigiSSHD? Is it show state Active?
Second, Are you sure that 192.168.117.1 is not your local PC interface?
Third, sorry ifconfig arg only working, so use netcfg
MountainX said:
This is with EasyTether CONNECTED!
[email protected]:/ # netstat -al
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:58682 127.0.0.1:33333 ESTABLISHED
tcp6 0 0 :::33333 :::* LISTEN
tcp6 0 1 ::ffff:192.168.1.29:55777 ::ffff:74.125.45.120:80 CLOSE_WAIT
tcp6 0 0 ::ffff:192.168.1.29:37690 ::ffff:74.125.137.188:5228 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.29:47507 ::ffff:173.194.37.80:443 CLOSE_WAIT
tcp6 0 1 ::ffff:192.168.1.29:42791 ::ffff:173.194.37.81:443 CLOSE_WAIT
tcp6 0 0 ::ffff:192.168.1.29:53132 ::ffff:74.125.45.101:443 ESTABLISHED
tcp6 0 0 ::ffff:127.0.0.1:33333 ::ffff:127.0.0.1:58682 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.29:34921 ::ffff:74.125.139.138:80 CLOSE_WAIT
tcp6 0 1 ::ffff:192.168.1.29:34199 ::ffff:74.125.45.101:443 CLOSE_WAIT
udp6 0 0 :::44717 :::* CLOSE
[email protected]:/ # ifconfig -a
-a: no such device
[email protected]:/ # ifconfig
[email protected]:/ #
Google search: "android ifconfig syntax" --> no useful results found
---------- Post added at 05:21 PM ---------- Previous post was at 05:17 PM ----------
Here it is without EasyTether connected:
[email protected]:/ # netstat -al
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp6 0 1 ::ffff:192.168.1.29:55777 ::ffff:74.125.45.120:80 CLOSE_WAIT
tcp6 0 0 ::ffff:192.168.1.29:37690 ::ffff:74.125.137.188:5228 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.29:47507 ::ffff:173.194.37.80:443 CLOSE_WAIT
tcp6 1 1 ::ffff:192.168.1.29:42791 ::ffff:173.194.37.81:443 LAST_ACK
tcp6 0 0 ::ffff:127.0.0.1:33333 ::ffff:127.0.0.1:58682 TIME_WAIT
tcp6 0 1 ::ffff:192.168.1.29:34921 ::ffff:74.125.139.138:80 CLOSE_WAIT
tcp6 0 0 ::ffff:192.168.1.29:49525 ::ffff:74.125.45.138:443 ESTABLISHED
tcp6 0 0 ::ffff:192.168.1.29:46645 ::ffff:74.125.45.139:443 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.29:34199 ::ffff:74.125.45.101:443 CLOSE_WAIT
[email protected]:/ #
still no results from ifconfig....
Click to expand...
Click to collapse
Ezzzzh said:
First of all I don't see any 0.0.0.0:2222. Are you start DigiSSHD? Is it show state Active?
Click to expand...
Click to collapse
In your initial instructions, you said that step 2 was to "start DigiSSHD". I assumed you meant to turn it "on" so it becomes active in step 2. I was not yet able to satisfy the criteria you listed in step 1, so I didn't do step 2.
However, based on this reply, I have now made DigiSSHD active. Here are the results with it active (and EasyTether disabled):
[email protected]:/ # netstat -al
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN
tcp6 0 1 ::ffff:192.168.1.29:55777 ::ffff:74.125.45.120:80 CLOSE_WAIT
tcp6 0 0 ::ffff:192.168.1.29:37690 ::ffff:74.125.137.188:5228 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.29:47507 ::ffff:173.194.37.80:443 CLOSE_WAIT
tcp6 0 0 ::ffff:192.168.1.29:56790 ::ffff:173.194.37.84:443 ESTABLISHED
tcp6 0 0 ::ffff:192.168.1.29:38504 ::ffff:74.125.45.138:443 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.29:34921 ::ffff:74.125.139.138:80 CLOSE_WAIT
tcp6 0 0 ::ffff:192.168.1.29:37816 ::ffff:74.125.45.138:443 ESTABLISHED
tcp6 0 1 ::ffff:192.168.1.29:34199 ::ffff:74.125.45.101:443 CLOSE_WAIT
[email protected]:/ # netcfg
lo UP 127.0.0.1/8 0x00000049 00:00:00:00:00:00
ifb0 DOWN 0.0.0.0/0 0x00000082 8e:11:c8:13:eb:cd
ifb1 DOWN 0.0.0.0/0 0x00000082 46:64:07:e9:bf:b6
sit0 DOWN 0.0.0.0/0 0x00000080 00:00:00:00:00:00
ip6tnl0 DOWN 0.0.0.0/0 0x00000080 00:00:00:00:00:00
rmnet0 DOWN 0.0.0.0/0 0x00001090 00:00:00:00:00:00
rmnet1 DOWN 0.0.0.0/0 0x00001090 00:00:00:00:00:00
rmnet2 DOWN 0.0.0.0/0 0x00001090 00:00:00:00:00:00
wlan0 UP 192.168.1.29/24 0x00001043 a0:0b:ba:cc:88:00
[email protected]:/ #
Ezzzzh said:
First of all I don't see any 0.0.0.0:2222. Are you start DigiSSHD? Is it show state Active?
Click to expand...
Click to collapse
It is there now, once I move to step 2 of your instructions.
Ezzzzh said:
Are you sure that 192.168.117.1 is not your local PC interface?
Click to expand...
Click to collapse
192.168.117.1 is the phone's IP when EasyTether is enabled and connected via USB. (The PC's IP on the easytether0 iface is 192.168.117.2.) I also have a a wlan0 IP address on the phone, but I am trying to connect via USB, of course.
---------- Post added at 05:50 PM ---------- Previous post was at 05:40 PM ----------
This might help too:
[email protected]:~/.ssh$ ssh [email protected] -vvv -p 2222
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.117.1 [192.168.117.1] port 2222.
debug1: connect to address 192.168.117.1 port 2222: Connection timed out
ssh: connect to host 192.168.117.1 port 2222: Connection timed out
[email protected]:~/.ssh$ ping 192.168.117.1
PING 192.168.117.1 (192.168.117.1) 56(84) bytes of data.
64 bytes from 192.168.117.1: icmp_req=1 ttl=128 time=3.13 ms
64 bytes from 192.168.117.1: icmp_req=2 ttl=128 time=2.99 ms
--- 192.168.117.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 2.994/3.063/3.133/0.088 ms
[email protected]:~/.ssh$ ifconfig
easytether0 Link encap:Ethernet HWaddr YY:YY:YY:YY:YY:YY
inet addr:192.168.117.2 Bcast:192.168.117.255 Mask:255.255.255.0
inet6 addr: fe80::54ff:fe74:6872/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20 errors:0 dropped:0 overruns:0 frame:0
TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:1664 (1.6 KB) TX bytes:11583 (11.5 KB)
eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:192.168.1.55 Bcast:192.168.1.1 Mask:255.255.255.0
inet6 addr: xxxxxxxxxxxxxxxxxxxxxxxxx/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:35971246 errors:0 dropped:0 overruns:0 frame:0
TX packets:61929545 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10794714666 (10.7 GB) TX bytes:87663599559 (87.6 GB)
Interrupt:17 Memory:fe400000-fe420000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4522645 errors:0 dropped:0 overruns:0 frame:0
TX packets:4522645 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6798287997 (6.7 GB) TX bytes:6798287997 (6.7 GB)

[Q] Android KITKAT - VPNService Route Exclusion

Hi All,
It is know that IP exclusion is almost impossible using Android VPN Service API in NON ROOTED Device.
But I have rooted device . So I first connect VPN ( openvpn ).
After than from ADB ROOT SHELL - I run following command
./route add -net <<DESTINATION_IP>> netmask 255.255.255.255 gw 192.168.1.1
For example if I run following command
./route add -net 141.101.120.15 netmask 255.255.255.255 gw 192.168.1.1
All traffic to whatismyip DOT com/ go directly ( Not passing through VPN )
Hence whatismyip.com reports my Local ISP IP in Its home page.
By these way I could exclude IPs from VPN path. This is working fine in ICS and Jelly without any issue.
But this same procedure not working in KITKAT. I tested both in 4.4.2 and 4.4.4
If I modify route, traffic still goes through VPN path. Whatismyip.com displaying VPN Server IP in its home page.
My KITKAT routing table shows following same as ICS and jelly. Command is successfully executed in routing table..But just not working..
Can anybody please point out what changes I need to make for KITKAT.
Thank you
----Fresh Routing Table -----
Code:
ip route
default via 192.168.1.1 dev wlan0
default via 192.168.1.1 dev wlan0 metric 324
192.168.1.0/24 dev wlan0 scope link
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.2 metric 324
192.168.1.1 dev wlan0 scope link
----- After VPN Connected------
Code:
ip route
default via 192.168.1.1 dev wlan0
default via 192.168.1.1 dev wlan0 metric 324
172.22.1.4/30 dev tun0 proto kernel scope link src 172.22.1.6
192.168.1.0/24 dev wlan0 scope link
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.2 metric 324
192.168.1.1 dev wlan0 scope link
------ After whatismyip dot com [141.101.120.15] exclusion ------
Code:
ip route
default via 192.168.1.1 dev wlan0
default via 192.168.1.1 dev wlan0 metric 324
[B]141.101.120.15 via 192.168.1.1 dev wlan0[/B]
172.22.1.4/30 dev tun1 proto kernel scope link src 172.22.1.6
192.168.1.0/24 dev wlan0 scope link
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.2 metric 324
192.168.1.1 dev wlan0 scope link

Connecting to OpenVPN running on OpenWrt from Android

Code:
OpenVPN 2.5.3 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
I installed OpenVPN on the latest OpenWrt 21.02.1
The client config and server conf files both have these lines at the top:
Code:
user nobody
group nogroup
dev tun
..
..
I installed the OpenVPN for Android app on my Android phone. When entering the client config file... am I supposed to comment out or delete the first two lines since there is no user called: nobody and no group called nogroup in my Android. At least I didn't see anything in /etc/group and /etc/passwd in Android OS.
I see in the OpenVPN manual that the --user option lets you:
"Change the user ID of the OpenVPN process to user after initialization, dropping privileges in the process. This option is useful to protect the system in the event that some hostile party was able to gain control of an OpenVPN session."
I can connect from the Android client to OpenVPN server by commenting out those two lines but is there a way to obtain the benefit of running as user "nobody" and group "nogroup", or some such unpriviledged user, when connecting to OpenVPN server on OpenWrt from an Android phone? From a Terminal to my phones Android OS if I do ls -l I can see user and group of all files is: u0_a252 so should I make a user an group of u0_a252 on the server running OpenVPN and then use that as the user and group inyou are dropping root privileges on the client with --user and/or --group the client and server config files? My phone is not rooted so I guess running as user u0_a252 will be the same thing as running OpenVPN unpriviledged?
Lastly do I NEED to define a user AND a group or is one or the other enough? The OpenVPN manual is a bit ambiguous on this point because it also states: "[if] you are dropping root privileges on the client with --user and/or --group.."
Cheers,
Flex
I asked the creator of the OpenVPN for Android app.
That app ignores the OpenVPN --user and --group options and it runs as an unpriviledged user which can be confirmed by installing Android Debug Bridge (ADB) on a computer to which the phone is attached via USB cable. Then run commands such as these:
Bash:
# adb shell
sunfish:/ $ top | grep openvpn
20901 shell 20 0 10G 2.8M 2.1M S 0.0 0.0 0:00.00 grep openvpn
20901 shell 20 0 10G 2.8M 2.1M S 0.0 0.0 0:00.00 grep openvpn
19186 u0_a253 20 0 14G 96M 49M S 0.6 1.7 0:02.23 de.blinkt.openvpn:openvpn
19186 u0_a253 20 0 14G 96M 49M S 0.3 1.7 0:02.25 de.blinkt.openvpn:openvpn
19186 u0_a253 20 0 14G 96M 49M S 0.6 1.7 0:02.26 de.blinkt.openvpn:openvpn
So in my case the client connecting to the OpenVPN server has user id: u0_a253 and not root.
Cheers,
Flex

Categories

Resources