These are very general, as long as android implements prop system at its core and is build on top of linux...
Prerequisites:
rooted device
#setprop net.hostname whateveryouwant
sets the host name reported on the network, instead of the default Android-number. This becomes useful if you're used to call (browse) the computers on your network by name...
if your kernel supports iptables you can use this command to force every dns request to a specific dns ip (instead of that one provided from dhcp):
#iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination IP
this works for all connections (interfaces), and is useful to override 3G and wifi ISP DNS to get more fast connections (as long as isp dns may become slow) and other advantages...
interfaces can be limited with -i interface option of iptables to set type of connection (3G, wifi, etc) uses the dns (if an interface is not listed than, will use its default, dhcp, dns).
Hope to be useful, despite it's not a guide.
Hi,
I'm trying to use my Mi 4c as ftp server but isn't working.
Firstly I tried with the ftp option available in file explorer app without luck. Then, I installed primitive ftpd and it displays this info:
Code:
IP Address (Network Interface)
10.0.2.15 (usbnet0)
192.168.1.99 (wla0)
From my laptop, ping command can't connect with my phone:
Code:
ping 192.168.1.99
PING 192.168.1.99 (192.168.1.99) 56(84) bytes of data.
WARNING: kernel is not very fresh, upgrade is recommended.
From 192.168.1.67: icmp_seq=2 Destination Host Unreachable
From 192.168.1.67: icmp_seq=3 Destination Host Unreachable
From 192.168.1.67: icmp_seq=4 Destination Host Unreachable
--- 192.168.1.99 ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5000ms
pipe 4
As you can see, my local network is 192.168.1.0/24 but my phone is not available (I don't know what is usbnet0). I tried with other apps that use a local network such as LG TV Remote or Epson iPrint and they aren't working either, What can I do? I'm using the newest rom from xiaomi.eu
Thanks in advance and sorry if my english is not good.
I have a G930F running Superman ROM rooted on MM with a ported XAA CSC. I have set it up to run a VPN gateway using iptables and ip route. I am able to get tethered devices to connect to the Internet through the VPN if I manually set the IP addresses and DNS servers on the clients connecting. I do however have some devices that do not have the ability to manually set the IP and DNS servers and it's also a pain to set every device up manually. I ran a Wireshark capture and found several ARP requests not being responded to from dhcpd/dnsmasq trying to hand out ip addresses to the clients. My goal is to get DHCP up and running on wlan0 to hand out IP and DNS configuration. I suspect it is not working due to the nature of the changes I've made with iptables and ip route. I'm thinking the dhcp is being forwarded to the tun0 interface. My question is how to exclude the DHCP from being forwarded to the tun0 interface... Or if someone else can come up with a more elegant solution to my problem, as I'm currently reading up on ip and iptables syntax and commands and my current knowledge is fairly basic. The process I'm using to connect my tethered devices is as follows: connect VPN, turn on tether, run commands listed below to connect the wlan0 and tun0 interfaces and connect clients to the phone after manually setting the IP and DNS.
Code:
su
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -A FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
Any help would be greatly appreciated!
SystematiQ said:
Any help would be greatly appreciated!
Click to expand...
Click to collapse
Did you ever get this to work nicely? I am very intrigued.
Also, what VPN software are you using? I am using NCP which does most of what I want, though it is frustrating that I can't programmatically control connection/disconnection/profile selection nor even get it to connect at boot.
I have to access the Internet through my phone data connection, from both Windows 10 laptop and Android 6.0.1 tablet. Both devices can connect fine to the wifi hotspot and they can use the Internet. However, if I connect the VPN client (Private Internet Access), neither the Windows 10 laptop, nor the Android tablet can connect anymore. If they were already connected before activating VPN, Internet access stops on both devices. The OnePlus One phone is rooted.
I googled for a solution and I found something with using iptables. The following commands should be pasted in a terminal window under root:
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
After these commands, the Windows 10 laptop can access the Internet, even if the VPN connection is active. However, the traffic from the laptop doesn't go through the VPN connection on the phone. If I check the IP address at whatismyip.com from the laptop, I get the T-Mobile ip address. If I do the same thing from the phone, I get the PIA server ip address.
Unfortunately, this solution does not work for the Android tablet. If already connected to the wifi hotspot, before activating VPN on the phone, Internet access stops. If I try to connect the tablet after activating VPN, it gets stuck in "obtaining IP address".
It seems that somehow, the Windows DHCP client knows how to access the DHCP server running on the phone (at 192.168.143.1). However, the request from the Android tablet is probably sent to the Internet, and does not reach the DHCP server (or the DNS server.) I suspect the local network (192.168.143.0/24) should be somehow excluded in iptables, but I don't know how to do that. Also, I'm not sure if I exclude it, the connection from Windows laptop will be affected.
So my main question is:
Is there a solution to access the wifi hotspot on the phone while VPN is active, from BOTH Windows and Android devices?
My second question is:
Is there a solution to direct the network traffic coming from the devices connected to the wifi hotspot, THROUGH the VPN connection running on the phone?
XDA:DevDB Information
Tethering with active VPN connection, Kernel for the OnePlus One
Contributors
alanPr
Kernel Special Features:
Version Information
Status: Testing
Created 2018-07-09
Last Updated 2018-07-09
This is a guide for tethering over USB Ethernet adapter. The purpose of this is to reliably USB tether to any router, without the need for a USB port or stable USB/RNDIS support(Broadcom MIPS is particularly bad). USB-OTG-ACA means the phone is powered externally while also operating in host mode. I used a cheap micro-USB Y-cable for this that lets me plug in a power source, USB Ethernet adapter, and phone together. IPv6 is supported via masquerading, so you share public IPs with your phone(thus hiding devices behind it). In this example I tether to a VPN tun0 interface, but you can tether to and from any interface you want.
This guide is targeted to more advanced users, but I included a E5 Play kernel and the files required at the bottom of this post for those who wouldn't be able to try this otherwise.
The first step is to enable the kernel IPv6 NAT table, with iptables and masquerading support. To do this I used LSM Kernel. My device is the E5 Play, steps for other devices are a little different.
https://forum.xda-developers.com/moto-e5/development/kernel-lowspecmoto-kernel-v0-1a-t3882378
These need to be set in james_defconfig. You can also enable any necessary kernel modules for your Ethernet adapter here.
Code:
CONFIG_NF_NAT_IPV6=y
CONFIG_IP6_NF_TARGET_MASQUERADE=y
CONFIG_IP6_NF_NAT=y
I had to disable the WireGuard install script and use jury_rig.sh instead, as well as fix a minor typo in the build script(misspelled and erroneous compile command) and one of the source files (extra const declaration).
The next step is to disable the IPv4 DHCP client for the Ethernet adapter's interface eth0. After a little reverse engineering, I found this state was controlled by /data/misc/ethernet/ipconfig.txt, and there is already a tool I can use to generate configurations.
https://github.com/jhswartz/ipconfigstore
I just feed it an empty static assignment and DHCP is then disabled.
Code:
ipAssignment: STATIC
id: 0
Next was to cross-compile radvd to support RA for IPv6. Modern versions of OpenWRT support spoofing so you don't need this, but everything else requires you run a RA server from the gateway device. I needed to use android-ifaddrs to get around an unsupported feature in the NDK. The version I built expects the config to exist at /sdcard/radvd.conf.
Now comes the scripting to make everything work. I made an application for this, but you can also accomplish this with something like Tasker or even run it manually.
At boot:
*Launch radvd as a root daemon
*Start your VPN
*Delete the file /sdcard/tether.state
*Execute tether.sh as root
On Intent.ACTION_POWER_CONNECTED:
*Execute tether.sh as root
tether.state keeps the script from applying NAT rules more than once, so the connection is just restored when the script is re-ran.
Code:
#!/system/bin/sh
echo 'Waiting for tether interfaces'
for waitTime in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
do
if [ -d '/sys/class/net/eth0' ] && [ -d '/sys/class/net/tun0' ] ; then break ; fi
echo "$waitTime"
sleep 1
done
sleep 2
if [ -d '/sys/class/net/eth0' ] && [ -d '/sys/class/net/tun0' ]
then
echo 'Preparing tether interface'
ip link set dev eth0 down
ip link set dev eth0 mtu 1280
sysctl -w net.ipv6.conf.eth0.mtu=1280
sysctl -w net.ipv6.conf.eth0.autoconf=0
sysctl -w net.ipv6.conf.eth0.accept_ra=0
ip addr flush dev eth0
echo 'Setting IP addresses'
ip -6 addr add fd00::1/64 dev eth0 scope global
ndc interface setcfg eth0 192.168.42.129 24 up
echo 'Waiting for interface to come up'
for waitTime in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
do
if [ "$(cat /sys/class/net/eth0/operstate)" = 'up' ] ; then break ; fi
echo "$waitTime"
sleep 1
done
sleep 3
ip -6 route add fd00::/64 dev eth0 src fd00::1
echo 'Enabling IP forwarding'
ndc ipfwd enable tethering
echo 'Adding marked routes'
ndc network interface add 99 eth0
ndc network route add 99 eth0 192.168.42.0/24
ndc network route add 99 eth0 fd00::/64
ndc network route add 99 eth0 fe80::/64
if [ ! -f '/sdcard/tether.state' ]
then
echo 'Setting up NAT'
touch /sdcard/tether.state
ndc nat enable eth0 tun0 99
ndc ipfwd add eth0 tun0
ip6tables -t nat -N natctrl_nat_POSTROUTING
ip6tables -t nat -A POSTROUTING -j natctrl_nat_POSTROUTING
ip6tables -t nat -A natctrl_nat_POSTROUTING -o tun0 -j MASQUERADE
ip6tables -t filter -A natctrl_FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -g natctrl_tether_counters
ip6tables -t filter -A natctrl_FORWARD -i eth0 -o tun0 -m state --state INVALID -j DROP
ip6tables -t filter -A natctrl_FORWARD -i eth0 -o tun0 -g natctrl_tether_counters
ip6tables -t filter -A natctrl_FORWARD -j DROP
fi
else
echo 'Skipping operation, USB not connected'
fi
eth0 is the Ethernet adapter and tun0 is the VPN interface. I also use a very similar script to do the same thing with RNDIS, you can setup all kinds of interesting tethering setups with these commands. If you want to run DHCP on the phone for use with a switch or cross-over cable or whatever, this command should work as root:
Code:
dnsmasq --keep-in-foreground --no-resolv --no-poll --dhcp-authoritative --dhcp-range=192.168.42.10,192.168.42.99,1h --dhcp-option=6,8.8.8.8,8.8.4.4 --dhcp-option-force=43,ANDROID_METERED --dhcp-leasefile=/sdcard/dnsmasq.leases --pid-file=/sdcard/dnsmasq.pid --listen-mark 0xf0063
Since this is a powered tethering setup, you probably want to use something to control charging:
https://play.google.com/store/apps/details?id=com.slash.batterychargelimit&hl=en&gl=US
On the router, set it's IP to 192.168.42.1, gateway to 192.168.42.129, DNS servers, and DHCP range to 192.168.42.10-192.168.42.99. Disable IPv6 support if it has it. Don't plug anything into the WAN (yellow) port, the phone connects to LAN.
Moto E5 Play kernel with IPv6 NAT support
https://drive.google.com/file/d/15IDtuuOn60bgw5FHVnoacexe2fjzuHcg/view?usp=sharing
ipconfig.txt, radvd, radvd.conf, tether.sh
https://drive.google.com/file/d/18YL4rYyF9tFu34WI_wzBLNtiUDp9U7_a/view?usp=sharing
I wrote an app to manage this, but it still needs a bit of work to handle custom configurations.
fddm said:
This is a guide for tethering over USB Ethernet adapter. The purpose of this is to reliably USB tether to any router, without the need for a USB port or stable USB/RNDIS support(Broadcom MIPS is particularly bad). USB-OTG-ACA means the phone is powered externally while also operating in host mode. I used a cheap micro-USB Y-cable for this that lets me plug in a power source, USB Ethernet adapter, and phone together. IPv6 is supported via masquerading, so you share public IPs with your phone(thus hiding devices behind it). In this example I tether to a VPN tun0 interface, but you can tether to and from any interface you want.
This guide is targeted to more advanced users, but I included a E5 Play kernel and the files required at the bottom of this post for those who wouldn't be able to try this otherwise.
The first step is to enable the kernel IPv6 NAT table, with iptables and masquerading support. To do this I used LSM Kernel. My device is the E5 Play, steps for other devices are a little different.
https://forum.xda-developers.com/moto-e5/development/kernel-lowspecmoto-kernel-v0-1a-t3882378
These need to be set in james_defconfig. You can also enable any necessary kernel modules for your Ethernet adapter here.
Code:
CONFIG_NF_NAT_IPV6=y
CONFIG_IP6_NF_TARGET_MASQUERADE=y
CONFIG_IP6_NF_NAT=y
I had to disable the WireGuard install script and use jury_rig.sh instead, as well as fix a minor typo in the build script(misspelled and erroneous compile command) and one of the source files (extra const declaration).
The next step is to disable the IPv4 DHCP client for the Ethernet adapter's interface eth0. After a little reverse engineering, I found this state was controlled by /data/misc/ethernet/ipconfig.txt, and there is already a tool I can use to generate configurations.
https://github.com/jhswartz/ipconfigstore
I just feed it an empty static assignment and DHCP is then disabled.
Code:
ipAssignment: STATIC
id: 0
Next was to cross-compile radvd to support RA for IPv6. Modern versions of OpenWRT support spoofing so you don't need this, but everything else requires you run a RA server from the gateway device. I needed to use android-ifaddrs to get around an unsupported feature in the NDK. The version I built expects the config to exist at /sdcard/radvd.conf.
Now comes the scripting to make everything work. I made an application for this, but you can also accomplish this with something like Tasker or even run it manually.
At boot:
*Launch radvd as a root daemon
*Start your VPN
*Delete the file /sdcard/tether.state
*Execute tether.sh as root
On Intent.ACTION_POWER_CONNECTED:
*Execute tether.sh as root
tether.state keeps the script from applying NAT rules more than once, so the connection is just restored when the script is re-ran.
Code:
#!/system/bin/sh
echo 'Waiting for tether interfaces'
for waitTime in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
do
if [ -d '/sys/class/net/eth0' ] && [ -d '/sys/class/net/tun0' ] ; then break ; fi
echo "$waitTime"
sleep 1
done
sleep 2
if [ -d '/sys/class/net/eth0' ] && [ -d '/sys/class/net/tun0' ]
then
echo 'Preparing tether interface'
ip link set dev eth0 down
ip link set dev eth0 mtu 1280
sysctl -w net.ipv6.conf.eth0.mtu=1280
sysctl -w net.ipv6.conf.eth0.autoconf=0
sysctl -w net.ipv6.conf.eth0.accept_ra=0
ip addr flush dev eth0
echo 'Setting IP addresses'
ip -6 addr add fd00::1/64 dev eth0 scope global
ndc interface setcfg eth0 192.168.42.129 24 up
echo 'Waiting for interface to come up'
for waitTime in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
do
if [ "$(cat /sys/class/net/eth0/operstate)" = 'up' ] ; then break ; fi
echo "$waitTime"
sleep 1
done
sleep 3
ip -6 route add fd00::/64 dev eth0 src fd00::1
echo 'Enabling IP forwarding'
ndc ipfwd enable tethering
echo 'Adding marked routes'
ndc network interface add 99 eth0
ndc network route add 99 eth0 192.168.42.0/24
ndc network route add 99 eth0 fd00::/64
ndc network route add 99 eth0 fe80::/64
if [ ! -f '/sdcard/tether.state' ]
then
echo 'Setting up NAT'
touch /sdcard/tether.state
ndc nat enable eth0 tun0 99
ndc ipfwd add eth0 tun0
ip6tables -t nat -N natctrl_nat_POSTROUTING
ip6tables -t nat -A POSTROUTING -j natctrl_nat_POSTROUTING
ip6tables -t nat -A natctrl_nat_POSTROUTING -o tun0 -j MASQUERADE
ip6tables -t filter -A natctrl_FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -g natctrl_tether_counters
ip6tables -t filter -A natctrl_FORWARD -i eth0 -o tun0 -m state --state INVALID -j DROP
ip6tables -t filter -A natctrl_FORWARD -i eth0 -o tun0 -g natctrl_tether_counters
ip6tables -t filter -A natctrl_FORWARD -j DROP
fi
else
echo 'Skipping operation, USB not connected'
fi
eth0 is the Ethernet adapter and tun0 is the VPN interface. I also use a very similar script to do the same thing with RNDIS, you can setup all kinds of interesting tethering setups with these commands. If you want to run DHCP on the phone for use with a switch or cross-over cable or whatever, this command should work as root:
Code:
dnsmasq --keep-in-foreground --no-resolv --no-poll --dhcp-authoritative --dhcp-range=192.168.42.10,192.168.42.99,1h --dhcp-option=6,8.8.8.8,8.8.4.4 --dhcp-option-force=43,ANDROID_METERED --dhcp-leasefile=/sdcard/dnsmasq.leases --pid-file=/sdcard/dnsmasq.pid --listen-mark 0xf0063
Since this is a powered tethering setup, you probably want to use something to control charging:
https://play.google.com/store/apps/details?id=com.slash.batterychargelimit&hl=en&gl=US
On the router, set it's IP to 192.168.42.1, gateway to 192.168.42.129, DNS servers, and DHCP range to 192.168.42.10-192.168.42.99. Disable IPv6 support if it has it. Don't plug anything into the WAN (yellow) port, the phone connects to LAN.
Moto E5 Play kernel with IPv6 NAT support
https://drive.google.com/file/d/15IDtuuOn60bgw5FHVnoacexe2fjzuHcg/view?usp=sharing
ipconfig.txt, radvd, radvd.conf, tether.sh
https://drive.google.com/file/d/18YL4rYyF9tFu34WI_wzBLNtiUDp9U7_a/view?usp=sharing
I wrote an app to manage this, but it still needs a bit of work to handle custom configurations.
Click to expand...
Click to collapse
For those who don't have a kernel with the network modules you've mentioned, but want to get ipv6 working (thinking of Tmobile) and have access to openwrt router, would adding the mentioned ip6tables command work?
In my router, I added something like this,
ip6tables -t mangle -I POSTROUTING -o usb0 -j HL --hl-set 65
but ipv6 connection didn't work. If I remove that line from the router firewall, then ipv6 connection works but it counts as tethered.
aznxwill said:
For those who don't have a kernel with the network modules you've mentioned, but want to get ipv6 working (thinking of Tmobile) and have access to openwrt router, would adding the mentioned ip6tables command work?
In my router, I added something like this,
ip6tables -t mangle -I POSTROUTING -o usb0 -j HL --hl-set 65
but ipv6 connection didn't work. If I remove that line from the router firewall, then ipv6 connection works but it counts as tethered.
Click to expand...
Click to collapse
One option is to use your phone's native tether and set up IPv6 nat on your router. This will make your iptables rule work and only requires provisioning and dun bypasses on the phone. The downside is your tethered traffic will go through a separate IPv6 address from your phone, so it's more risky.
The other option is to proxy, but getting UDP support is a real hurdle. Ideas are porting Shadowsocks or one of those Socks5 proxies written in Go. Adding UDP support to microsocks is also possible, but way more work. You'd use the Shadowsocks client or transocks-wong on the router to serve clients with no knowledge of the proxy.
Edit: also, what phone/rom/router are you working with?
fddm said:
One option is to use your phone's native tether and set up IPv6 nat on your router. This will make your iptables rule work and only requires provisioning and dun bypasses on the phone. The downside is your tethered traffic will go through a separate IPv6 address from your phone, so it's more risky.
The other option is to proxy, but getting UDP support is a real hurdle. Ideas are porting Shadowsocks or one of those Socks5 proxies written in Go. Adding UDP support to microsocks is also possible, but way more work. You'd use the Shadowsocks client or transocks-wong on the router to serve clients with no knowledge of the proxy.
Edit: also, what phone/rom/router are you working with?
Click to expand...
Click to collapse
I'm working with OnePlus 8 (phone) + GL.iNET MT-1300 (router) on TMO network.
I am able to get USB tethering to work with the router for IPv4. My setup is as follows:
Phone (USB) <---> MT-1300 (router) <---> clients (PC/phones/TVs)
For IPv4, I added the following line to router firewall:
iptables -t mangle -I POSTROUTING -o usb0 -j TTL --ttl-set 65
Click to expand...
Click to collapse
Currently trying to figure out IPv6...
This is the guide to enable nat6 on openwrt:
NAT66 and IPv6 masquerading
NAT66 and IPv6 masquerading This article relies on the following: * Accessing web interface / command-line interface * Managing configs / packages / services / logs Introduction * This how-to describes the method for setting up NAT66 aka NAT6 with IPv6 masquerading on your OpenWrt...
openwrt.org
Make sure usb0 is bridged to wan, not lan. Then your iptables rule will work.