Related
Hello. I have searched the forums but can't find a solution that works for me.
I need to connect my g1 to my laptop Wi-fi connection or at least via USB using adb shell. Can someone help me. I live in a country with very expensive 3g
data and cannot afford downloading apps. Any help will be appreciated.
I have rooted G1 with JF rc33
Why not get a wireless router?
/Mats
for example at work...
Edit : Nvm just reread ur post
Just get a wireless router or use the ad hoc thing for laptops, google search it
http://www.wi-fiplanet.com/tutorials/article.php/1451421
Пробвай това: http://junefabrics.com/android/index.php
Try this: http://junefabrics.com/android/index.php
;-)
Thanks
Well, getting a wireless router just to connect my G1 from time to time seems like a waste of money to me.I have read some articles about G1 and ad hoc networks and it seems that it is not possible at this moment to connect the device to a laptop. Actually I used to connect a PPC this way but the G1 won't even detect the ad hoc network i create. Well, if there isn't any other solution I guess the wireless router will be the last resort then. About PdaNET- i think it does just the opposite - it connects your PC to the internet using your phone. Isn't there any way to reverse teether using adb shell and usb cable?
Come on, is it really impossible to reverse tether using adb shell fo rexample, cant anyone with more knowledge give a solution please.
I was looking for something else and came across this post. I decided, even though it's ANCIENT, that someone might want to do the same, so I went to Google and searched for "Reverse tether G1 android". Within 5 minutes I had the answer.
http://androidcommunity.com/forums/291099-post8.html
It does require you to do a little command-line work on the G1 itself (or through ADB on the command prompt of the computer) but it appears it can be done.
HIH.
try this
Close any program that uses internet on your PC, connect your phone, turn on USB tethering. You would see a new virtual network adapter in your PC, enable internet sharing on that adapter as described in this article(hxxp://support.microsoft.com/kb/306126). The adapter's ip address would change to 192.168.0.1 with netmask of 255.255.255.0.
Then input the following codes line by line in your phone's terminal, you could download GScript(hxxp://code.google.com/p/gscript-android/) to do the job or just save it as a .sh file with 755 permission and run it when you want.
Code:
busybox ifconfig usb0 192.168.0.2 netmask 255.255.255.0
busybox route delete default
iptables -F
iptables -F -t nat
busybox route add default gw 192.168.0.1
setprop net.dns1 8.8.8.8
setprop "net.gprs.http-proxy" ""
You would need to keep your GPRS/Edge connection on to trick programs into thinking that you have an internet connection, but all your phone's data is now routed thru your PC. Confirm this by checking if the GPRS/Edge icon on the top has those up and down arrows in it.
And to disable this, you simply turn off USB tethering and restart your GPRS/Edge connection.
OMG I just replied a post of 23rd March 2009, 09:13 PM! Don't think axlastro is needing this anymore. lol
@test1943
nice, I have been looking for this but...
how do I disable this properly?
To "restart your GPRS/Edge connection" I put my phone into airplane mode and then back to normal but it still couldn't connect to the network?? so I just rebooted and now that works.
But now my phone isn't recognized by my pc when I plug in the usb??
Any help.
oops let me take that all back. reboot, re-plugin and pc finds my phone again. tested again and it works as described.
Sweet Thanks
can this be done using root explorer?
I don't think so.
I just used gscript lite (free on the market)
I saved the stuff from test1943 in notepad as USBTether.sh, copied to my sdcard into the gscript folder.
Open gscript, push menu > add script. Click load file and select the USBTether.sh.
Made sure su was checked and clicked save.
Created a shortcut on the homescreen for this script.
1. Enabled Usb Tether
2. ran script
3. ???
4. profit.
Sleeepy2 said:
@test1943
nice, I have been looking for this but...
how do I disable this properly?
To "restart your GPRS/Edge connection" I put my phone into airplane mode and then back to normal but it still couldn't connect to the network?? so I just rebooted and now that works.
But now my phone isn't recognized by my pc when I plug in the usb??
Any help.
oops let me take that all back. reboot, re-plugin and pc finds my phone again. tested again and it works as described.
Sweet Thanks
Click to expand...
Click to collapse
The easiest way to disable this(I think we could call it reverse USB tethering) was to use an APN switch, the "APN on-off Widget" in the market seems to do the job right. Turn off USB tethering, switch off APN, then switch on and you are good to go.
And Sleeepy2, how do you mean by "not recognized by my pc", is it in storage mode or debug mode?
plumppp said:
can this be done using root explorer?
Click to expand...
Click to collapse
I think he is referring to the root explorer by Gpc, a Taiwanese. Never used that app, but judging by its description it could turn on/off APN just like the "APN on-off Widget" did.
Sleeepy2 said:
I don't think so.
I just used gscript lite (free on the market)
I saved the stuff from test1943 in notepad as USBTether.sh, copied to my sdcard into the gscript folder.
Open gscript, push menu > add script. Click load file and select the USBTether.sh.
Made sure su was checked and clicked save.
Created a shortcut on the homescreen for this script.
1. Enabled Usb Tether
2. ran script
3. ???
4. profit.
Click to expand...
Click to collapse
ok thanks, gonna give it a try now
Edit: is this step necessary? im using vista and can't seem to find it.. can i skip it?
# Log on to the client computer as Administrator or as Owner.
# Click Start, and then click Control Panel.
# Click Network and Internet Connections.
# Click Network Connections.
# Right-click Local Area Connection, and then click Properties.
# Click the General tab, click Internet Protocol (TCP/IP) in the This connection uses the following items list, and then click Properties.
# In the Internet Protocol (TCP/IP) Properties dialog box, click Obtain an IP address automatically (if it is not already selected), and then click OK.
Note You can also assign a unique static IP address in the range of 192.168.0.2 to 192.168.0.254. For example, you can assign the following static IP address, subnet mask, and default gateway:
IP Address 192.168.0.2
Subnet mask 255.255.255.0
Default gateway 192.168.0.1
plumppp said:
ok thanks, gonna give it a try now
Edit: is this step necessary? im using vista and can't seem to find it.. can i skip it?
# Log on to the client computer as Administrator or as Owner.
# Click Start, and then click Control Panel.
# Click Network and Internet Connections.
# Click Network Connections.
# Right-click Local Area Connection, and then click Properties.
# Click the General tab, click Internet Protocol (TCP/IP) in the This connection uses the following items list, and then click Properties.
# In the Internet Protocol (TCP/IP) Properties dialog box, click Obtain an IP address automatically (if it is not already selected), and then click OK.
Note You can also assign a unique static IP address in the range of 192.168.0.2 to 192.168.0.254. For example, you can assign the following static IP address, subnet mask, and default gateway:
IP Address 192.168.0.2
Subnet mask 255.255.255.0
Default gateway 192.168.0.1
Click to expand...
Click to collapse
Sorry for the confusion, that article was for XP only. Check this one for Vista: hxxp://windows.microsoft.com/en-US/windows-vista/Using-ICS-Internet-Connection-Sharing
Notice: the network adapter you'll be working on should NOT be "Local Area Connection" because that's your PC's adapter. If you should have enabled USB tethering on your phone, you should see NEW one(i.e. it was not there before you turn on tethering), in my Windows 7, it was named "Local Area Connection 2".
test1943 said:
And Sleeepy2, how do you mean by "not recognized by my pc", is it in storage mode or debug mode?
Click to expand...
Click to collapse
I mean after disabling usb tether, unplug usb, then plug it back in. The pc did nothing. Didn't recognize that I even plugged it in. Must be something that I did because it works great now.
I just need to figure out how to us gscript to enable USB Tether then I can do it all with 1 shortcut.
Then another 1 to disable USB Tether, disable apn and then re-enable apn.
test1943 said:
Sorry for the confusion, that article was for XP only. Check this one for Vista: hxxp://windows.microsoft.com/en-US/windows-vista/Using-ICS-Internet-Connection-Sharing
Notice: the network adapter you'll be working on should NOT be "Local Area Connection" because that's your PC's adapter. If you should have enabled USB tethering on your phone, you should see NEW one(i.e. it was not there before you turn on tethering), in my Windows 7, it was named "Local Area Connection 2".
Click to expand...
Click to collapse
ok thanks, gonna try this again
Edit: sorry if im beginning to become an annoyance.. but when i run the script i get "stderrr Script execution failed" "no such process network is unreachable"
Su is checked, i also removed tex. and added sh
plumppp said:
ok thanks, gonna try this again
Edit: sorry if im beginning to become an annoyance.. but when i run the script i get "stderrr Script execution failed" "no such process network is unreachable"
Su is checked, i also removed tex. and added sh
Click to expand...
Click to collapse
Please type in each line to see which line produces error. And may I ask which ROM are you using? Remember to su first.
test1943 said:
Please type in each line to see which line produces error. And may I ask which ROM are you using? Remember to su first.
Click to expand...
Click to collapse
okay thanks again, i'll do it manually one at a time. i'm using cyanogen 307 nightly
Edit: okay.. i didn't even get pass the first line lol..
i'm assuming its the rom.. when typing "busybox ifconfig usb0 192.168.0.2 netmask 255.255.255.0"
i get: [ifconfig: socket: Permission denied]
which rom are you using?
plumppp said:
okay thanks again, i'll do it manually one at a time. i'm using cyanogen 307 nightly
Edit: okay.. i didn't even get pass the first line lol..
i'm assuming its the rom.. when typing "busybox ifconfig usb0 192.168.0.2 netmask 255.255.255.0"
i get: [ifconfig: socket: Permission denied]
which rom are you using?
Click to expand...
Click to collapse
That seems to be a root problem to me, does other root-required apps work right?
Before i start i want to let people know YES I DO HAVE A WIRELESS ROUTER!! So please do not respond telling me to just go buy a router.
REQUEST - Reverse wired tethering. I.E. Sharing PC's iNet connection with your phone via USB.
REASON - My university's wireless is locked down and does not allow mobile phones, pda's to connect up to our wireless without submitting MAC for approval. Looking to sync certain apps without using my data connection.
I dont know if anyone has played around with trying to get this working or not. I know its a small market of people who may be interested in this, but for certain places (CANADA) where data charges are WAY to expensive this could be handy for students at UNI where wireless is not an option.
get a second wifi adapter on your laptop, and share your uni wireless network connection with the second wifi adapter. Use a hidden SSID, then no one will know what is going on
This was asked a couple of times before here and I remember people saying you couldn't reverse the tethering.You could try though.
alexperkins said:
get a second wifi adapter on your laptop, and share your uni wireless network connection with the second wifi adapter. Use a hidden SSID, then no one will know what is going on
Click to expand...
Click to collapse
Thats a good idea xD
Hey guys,
I have been trying to find a way to do this for a long time.
The best solution i have found (actually the only solution) is Connectify. The only downside is you must have Win7.
What it does is turns your wifi adapter into a HotSpot, even if you are using wifi to get the net in the first place. Its a great tool and should be what your after.
http://www.connectify.me/
memphisraynz said:
Hey guys,
I have been trying to find a way to do this for a long time.
The best solution i have found (actually the only solution) is Connectify. The only downside is you must have Win7.
What it does is turns your wifi adapter into a HotSpot, even if you are using wifi to get the net in the first place. Its a great tool and should be what your after.
http://www.connectify.me/
Click to expand...
Click to collapse
thank you so much for this
Your best solution is the WiFi adapter. You could most likely get away with a SOCKS proxy over USB, possibly using adb, but it would be complicated, unstable, and messy.
I still don't know you just don't use your wireless router. I assume they have wired. Clone your PC's mac address and hook it up. Universities are retarded with that crap. They have the worst networks and security.
If no wired, then what podunk place is it? haha
Even if they had only wireless , you could set up a wlan client and repeat it. DDWRT, etc, ftw.
Just get backtrack for your laptop and spoof your mac to all 0 then grab connect to the network at your school the spoofed mac will allow you to browse so long as no other encyption is on the network such as WEP or WPA.
then you can try to flood all the ports on the network so no one else can connect then spoof your phones mac by conneecting to your laptop through wireless as an adhoc connection and while staying connected through adhoc load a second server through the same wireless network card and you can connect to the achools network again. and walla...
death1246 said:
Just get backtrack for your laptop and spoof your mac to all 0 then grab connect to the network at your school the spoofed mac will allow you to browse so long as no other encyption is on the network such as WEP or WPA.
then you can try to flood all the ports on the network so no one else can connect then spoof your phones mac by conneecting to your laptop through wireless as an adhoc connection and while staying connected through adhoc load a second server through the same wireless network card and you can connect to the achools network again. and walla...
Click to expand...
Click to collapse
so simple, i dunno why i didnt think of that. thanks! lol
Well its quit simple once you learn your way around linux...
If you have any experience with *nix, you may want to look at Cyanogen's original usb tether shell script:
http://github.com/cyanogen/android_vendor_cyanogen/blob/master/bin/usb-tether
Basically you could use the internet connection sharing function that comes with all popular OSes and access your uni's network on your phone. You must have Cyanogen mod or another mod using his kernel. Not yet working on OSX for some reason. Tested under Windows 7.
First you'll need to figure out what IP address range your computer's DHCP server is using. This is normally fixed for each OS. For Windows 7, it's always 192.168.137.0/24.
For OSX or Linux, you can setup connection sharing (for some other connection because we don't have the USB interface yet) and ifconfig.
Second is to enable the USB connection on the phone's side. Type the following command in any console program, like Connectbot. (You must use a console program as opposed to adb because you will lose USB debugging once the USB network interface is enabled.)
Code:
su
cd /sys/devices/virtual/net/usb0
ifconfig usb0 192.168.137.200 mask 255.255.255.0
echo 1 > enable
The first line makes you the superuser. (Skip if the command prompt is #)
The second line land you in usb0's directory under sys. We'll need to type the disable command later, so it's easier if we're here.
The third line brings up the virtual usb network interface and sets its IP address.
The IP address should be in the same network (i.e. IP address range) you obtained in step 1. Say if the original is 192.168.137.1 in a /24, you can use 192.168.137.2 through 192.168.137.254
This actually enables the usb interface.
You will now see a new network adapter is recognized by your computer. Set up connection sharing to share your internet TO that adapter.
Make sure you have connection by pinging your computer from your phone.
For example:
ping 192.168.137.1
Now you'll have to change the routes so traffic go through the USB cable instead of the mobile network.(# is the command prompt, do not enter)
# busybox route
check the line starting with "default". Write down the ip address after it; call it IP1.
# getprop net.dns1
Call the IP returned IP2.
Code:
busybox route del default gw IP1
busybox route add -host IP2 rmnet0
busybox route add default gw 192.168.137.1
The first line deletes the old default route via the mobile network.
The second line adds an "exception" for your carrier's DNS server.
The third line adds the new route via USB. You should replace the address at the end with the IP address from the first step.
Your network should be working now. Test by visiting some website that is only available on campus or by traceroute.
You must make sure the mobile network is always connected though. This is because domain names are still resolved by your mobile carrier. If you ever lose your mobile connection, the routing table will be changed as well.
To disconnect:
Make sure you're still in /sys/devices/virtual/net/usb0.(Use pwd if unsure.)
Code:
netcfg usb0 down
echo 0 > enable
The usb interface will disappear on your computer.
Now switch the phone to airplane mode and back to re-enable mobile network.
The disconnect step should always restore your phone's state.
// This is written at 3am, so use it at your own risk...
help?
look at this
http://superuser.com/questions/91699/spoof-mac-address-from-ip-command
bg
It's really sad that Android can't reverse tether. If you want to use your laptop's AdHoc connection you have to do serious hacking to the tiwlan.ini and the wpa_supplicant.conf. There is no way to connect via bluetooth ar USB.
I'm seriously considering WP7 now for my next OS of choice... A nd for everyone saying "go buy a router" - go buy a router and stick it up your .... nose.
Hi,
I have the same problem. No WiFi in my work and no WiFi in my current home (a Resident Hall). There's no possibility to buy a WiFi router, of course. I tried to hack the system to connect ad-hoc networks but it didn't work.
I have found some interesting resources:
sluniverse.com/php/vb/blogs/psyke+phaeton/1042-making-android-phone-use-your.html
letsgoustc.spaces.live.com/blog/cns!89AD27DFB5E249BA!877.entry
I have a HTC Magic with the ADP-DRC83 hacked ROM with Usb tethering integrated. But usb0 interface in the mobile is configured to provide Internet connection (as gateway) to the PC, not the reverse functionality: connecting the mobile to Internet through the PC. So, all I need is to change the gateway in Android and then configure a NAT-DNS in my linux PC (easy with iptables and dnsmasq). But, I don't know how automatize the process exactly.
digitaljeff said:
but for certain places (CANADA) where data charges are WAY to expensive this could be handy for students at UNI where wireless is not an option.
Click to expand...
Click to collapse
Wind will be launching in vancouver soon.
$35 unlimited data.
Silly ragin' cajun.
Ok, now it works. Here it's my procedure for a HTC Magic (Sapphire) without any APN previously configured from Telecom provider and ROM CSDIv4.
In the mobile by using Better Terminal:
Code:
su
cd /sys/devices/virtual/net/usb0
echo 1 > enable
ifconfig usb0 192.168.2.2 mask 255.255.255.0
busybox route add default gw 192.168.2.1
setprop net.dns1 8.8.8.8
In the linux computer:
Code:
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i usb0 -j ACCEPT
sudo ifconfig usb0 192.168.2.1 netmask 255.255.255.0
Android Market downloads and location service don't work but I think is possible if you switch on the WiFi.
Update: Syncronization, Android Market downloads and location service don't work even the WiFi antenna is switched on. I have added the iptables commands also.
Well gosh, reverse wireless tethering is so much simpler
There are another similar thread: http://forum.xda-developers.com/showthread.php?t=522498
The purpose of this post is to explain how to tether with openvpn, which will hopefully avoid ATT's all seeing eyes, as well as prevent any detection during tethering.
All ATT will ever see is encrypted traffic between a connection that is initiated from my phone and ends at my vpn server. So the only way they would be able to determine if you are tethering, is if they are spying on you ala CIQ directly on your device, or your device phones home and tattles on you. That would open up a different can of worms and a **** storm would ensue.
This method requires a number of things.
* Openvpn server (preferably running on a static address, but will work with dynamic DNS services) with a reliable connection. I use a VPS server for $25 a month, but it is fast and reliable.
* Openvpn on your phone (any will work as long as it has the tun driver or tun built into the kernel(
* Some sort of gateway (your openvpn server can be running on it as well, or a seperate host), I use Freebsd/Openbsd. For linux, your on your own to figure out NAT and gateway functions.
Really, that is about it.
My Openvpn server config, you can set it up any way you like, but certain statements are required, specifically those in the hashed out box if you want your subnets to talk to each other, and route the traffic
Code:
port ****
proto tcp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/vps.server.crt
key /usr/local/etc/openvpn/keys/vps.server.key
dh /usr/local/etc/openvpn/keys/dh2048.pem
server 192.168.150.0 255.255.255.0
ifconfig-pool-persist ipp.txt
mode server
client-to-client
client-config-dir ccd
###############################################
# my phone and home subnets, can be any RFC1918 address space
# Advertise and note your home subnets in this section, unless you
# do not want the various subnets to talk to each other, then you
# can also remove the client-to-client statements
###############################################
push "route 192.168.15.0 255.255.255.0"
push "route 192.168.43.0 255.255.255.0"
route 192.168.15.0 255.255.255.0
route 192.168.43.0 255.255.255.0
###############################################
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 4
My client config on my phone (change the remote statement to match your openvpn server host and port)
Code:
client
proto tcp
dev tun
remote vpn.example.com 1234
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
/usr/local/etc/openvpn/ccd is where I have my client specific configs (match the location to that identified in the server.conf file for your vpn server). I also use certificates unique to each host that connects to my vpn, the names of the files in the "ccd" directory must match the name you gave the device when you created your certificates. I use easy-ssl to manage my certs.
for my phone, which I named "galaxy_s" I have the following (note the DNS option is optional, I was having problems with it so I just hardcoded 8.8.8.8, googles dns server into my network settings on my laptop)
/usr/local/etc/openvpn/ccd/galaxy_s
The iroute statement just tells the openvpn server what subnets you have behind your device, in this case the phone. I am guessing all of the android phones use 192.168.43.x as the NAT'd subnet, otherwise change it to whatever your phone is assigning.
Code:
push "redirect-gateway"
push "dhcp-option DNS 192.168.15.1"
iroute 192.168.43.0 255.255.255.0
The rest of the configurations are related to your primary gateway, which in my case also runs the openvpn server. I am using freebsd and pf, the configs needed for that are essentially natting statements, and firewall rules.
for pf, the following rules are what I use
I also trust all the traffic on my tun0 device, so I told pf to ignore it and pass all traffic
Code:
nat on $int from 192.168.150.0/24 to any -> $int/32
nat on $int from 192.168.43.0/24 to any -> $int/32
set skip on tun0
Hopefully this is useful to other folks, if not, let it be buried
THanks for an EXCELLENT guide!
Quick question. When I use this server conf file, my ssh on my local network hangs up and goes down.
In other words:
I am running openvpn on a home linux server. It is connected through a home router to the internet and has a network set up at 192.168.1.0.
Router is 192.168.1.1,
vpn server is on 192.168.1.51.
If I start openvpn, I cannot ssh from a local network (192.168.1.81) laptop. If I turn off openvpn I can. I changed your 192.168.15.0 addresses in server conf file to 192.168.1.0. I have a feeling it has to do with that.
Well, yes, you will need to modify the configs to suit your own address scheme. As for why you cannot ssh, I am not sure, is that .81 device on the same network as the openvpn server, or are you coming from a different network.
My setup has the gateway the same as the openvpn server simply due to the fact that I am using a Virtual Private Server (VPS) and I only have that as the 1 external static system.
I would check the route statements, I'm not sure, but you might have a routing loop that would be causing the problem, can you traceroute or ping, or use any other protocol/application to see if you can connect). If you set the default gateway of the openvpn server as the .1 address, and then you are trying to connect to another internal address, the .81, when you ssh from whatever device is connected to the openvpn server, it may attempt to connect to the gateway at .1 and then return back into your network to .81.
I could be wrong, it is hard to tell when you are not sitting at the actual systems.
Got it to work! Here's some tips for others
Thanks again for your help jvanbrecht. Last night I was able to sit down, get a better understanding of how it worked via openvpn's HOWTO, and get it running.
I did need to make a few mods for it to work in my configuration (as is expected since very few network configs are the same).
My configuration:
Single home network, say on 192.168.15.0.
Single router, at 192.168.15.1.
Home server hosting VPN on 192.168.15.51. It is running Ubuntu Maverick.
Skyrocket on subnet 192.168.43.0
My modifications:
Since I don't need direct access between VPN clients and my home subnetwork, in the server config I commented out:
Code:
#push "route 192.168.1.0 255.255.255.0"
#route 192.168.1.0 255.255.255.0
It was giving me some problems SSHing into my home server from a local network machine so this was the quick fix.
Initially it wasn't routing ALL traffic, just that directed from VPN client to the VPN server. So I added this to the server conf:
Code:
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.150.1"
In my home (tomato) router, I just port forwarded any TCP traffic on 1194 to the home server (192.168.15.51)
I think openvpn does this already. But just in case, I added an iptable nat entry to forward packet from VPN network to eth0 (my NIC). As root:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
And I added the following entry to /etc/rc.local so it persists on restart.
Code:
iptables -t nat -A POSTROUTING -s 192.168.150.0/24 -o eth0 -j MASQUERADE
Some debugging tips for others
Simplest way to verify HTTP traffic is being forwarded is, after connecting to vpn from phone, go to www.whatismyip.com. Make sure it matches your phone.
If you are having trouble connecting to the VPN, watch the openvpn log for errors. "tail -f /var/log/openvpn/openvpn.conf"
After connecting, make sure you can ping from your home server to the phone.
From Server: "ping 192.168.150.10"
From Phone: Open Terminal Emulator and type "ping 192.168.150.1"
You can also validate the traffic is forwarding through VPN by using traceroute. You can test both forwarding and DNS
From Phone: Open Terminal Emulator, type
Code:
su
For no-DNS test first:
Code:
traceroute 74.125.115.104
For DNS test:
Code:
traceroute www.google.com
For each, do your tests on the cell network (NOT home wifi) and verify that the route passes through your vpn server and doesn't bypass it completely.
Lastly to make sure traffic is being piped, you can monitor VPN traffic from your openvpn server by typing:
Code:
tcpdump -i tun0
jvanbrecht:
Do you have any recommendations about dropped connections? I noticed while testing that sometimes my openvpn connection would drop and my phone browsing would immediately default to the direct default cell provider connection.
Of course if tethering, this could be very bad.
Any tips on ensuring that if VPN is enabled, but no connection, that it won't ever try and route around it?
would using any vpn do the same thing? or something making this special ? any one tested this ?
It's been a few weeks since I tried the openvpn app. Back then everything seemed to be working well. But I tried again today and am having problems.
- I can access everything fine via vpn if my phone is connected to my local wifi where the vpn server resides.
- I can access IP addresses (e.g. the ip address of google.com) if connected to vpn via AT&T's 3G network
- I CANNOT access websites by their name (e.g. www.google.com) anymore.
It seems the DNS forwarding over VNC is messed up. Any tips on what the problem could be?
I still have the same settings as above, e.g. push "dhcp-option DNS 192.168.150.1"
Is it possible I need to do any additional configuration on my phone?
Is it possible to replace my router DNS address with a public one like google's "8.8.8.8" or "4.2.2.2"?
Any tips greatly appreciated!
Deleted. Please ignore. Still having issues.
So I had the opportunity to play around with my config (listed above) a bit more this evening. I was at a location where I had good external WiFi (Panera) along with 3G.
If I connect from my phone to my home VPN server over EXTERNAL WIFI (Panera), I have no problems with VPN. everything works flawlessly.
If I connect from my phone to my home VPN server over AT&T 3G network, it fails. Essentially it can't resolve any DNS queries. I can type in a website's IP address and surf that way, but I can't say type in "www.cnn.com" and get a page to load.
For the latter, when I watch the web queries using "tcpdump -i tun0", I see the requests go out from my phone to the websites, but they don't come back. For example, I see:
"192.168.150.10 > a.b.c.d (www.cnn.com)",
but I don't see:
"a.b.c.d (www.cnn.com) > 192.168.150.10"
Is it possible that AT&T is somehow blocking VPN via DNS? At first I thought my openvpn dns settings were messed up ... but it works across external wifi no problem.
---------- Post added at 01:24 AM ---------- Previous post was at 01:07 AM ----------
For those that are interested in the future, I think I narrowed down the issue:
It seems VPN connectivity is dependent on the AT&T Access Point Network (APN)
By default for my Skyrocket I was on the AT&T PTA APN wit settings:
Code:
APN: pta
MMSC: http://mmsc.mobile.att.net
MMS proxy: proxy.mobile.att.net
MMS Port: 80
...
I then switched to what is called the "AT&T Expanded" APN with settings:
Code:
APN: wap.cingular
User Name: [email protected]
(rest of settings somewhere here on xda ...)
... and that one worked perfectly.
I switched back and forth a few tiimes to confirm. It seems on pta, I can't resolve DNS over VPN. For the wap.cingular, I have no problems.
Anyone else can confirm this is most likely the issue I am seeing and that it can possibly make sense?
I was previously using a stock rooted Nexus 4 (with 4.3) with "OpenVPN Connect" (net.openvpn.openvpn) and android built-in wifi tethering to tunnel tethered clients through the OpenVPN connection. This required some iptables modifications but worked fine.
With a stock rooted Nexus 5 (with 4.4.0) and OpenVPN Connect 1.1.12, this stopped working and that was really annoying.
Part of the issue was the one described here
But it was more complicated. It seems that there are routing table issues that I had to research a bunch.
Here are the iptables commands that I already had to run even on the Nexus 4 (with 4.3), which I got from here
Code:
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
These (above) are somewhat liberal firewall rules that you may what to refine for more security.
But below are additional routing entries that I needed to add specifically for the Nexus 5 (with 4.4.0). They force tethered clients to route through the VPN, unless their traffic is a broadcast or designated for the wifi LAN. Those exceptions are required for DHCP to work on the tethered client. They assume the tethered LAN is 192.168.43.XYZ and the OpenVPN interface is tun0.
Code:
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
This seems to all work best if I start OpenVPN after activating tethering, not before.
I'm not entirely clear whether this is a result of some change/bug in KitKat, or an incompatibility in "OpenVPN Connect", or both. I wonder if it would work ok with other OpenVPN clients like "OpenVPN for Android" (de.blinkt.openvpn)
Other Notes:
* Server is OpenVPN 2.3.2
* Server has this line set in its config:
Code:
push "redirect-gateway autolocal def1"
Running android 4.4.2 google stock image with SuperSU on LG Nexus 4. These routing commands worked great and allowed me to tunnel all WiFi tethered traffic through my VPN. Thanks for figuring this out it was bugging me!
Im stock 4.4.2 no root or anything just pure stock i download install openvpn from google play and imported my config files click connect then open PDAnet connect and the Ip is changed.
OK, so I'm having a bit of trouble understanding and implementing the fix for my nexus 5. I've already got WiFi tethering working through the sqlite db fix but now I can't get my connection to work when my VPN (PIA official app) is broadcasting. These commands you're sending, are they done on the phone terminal or computer and is that EXACTLY how theyre being entered. For rules in red where would I find the IP I would use. Thanks guys Id really appreciate any help given.
Worked!
scootley said:
This seems to all work best if I start OpenVPN after activating tethering, not before.
Click to expand...
Click to collapse
Thanks scootley! These worked me on 4.3. I activated my hotspot before OpenVPN, but I used
Code:
iptables --flush
first before entering your commands. Seems to help. My OpenVPN server config also has the following in addition to push redirect:
Code:
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway autolocal def1"
Jrock2t5 said:
OK, so I'm having a bit of trouble understanding and implementing the fix for my nexus 5. I've already got WiFi tethering working through the sqlite db fix but now I can't get my connection to work when my VPN (PIA official app) is broadcasting. These commands you're sending, are they done on the phone terminal or computer and is that EXACTLY how theyre being entered. For rules in red where would I find the IP I would use. Thanks guys Id really appreciate any help given.
Click to expand...
Click to collapse
These commands are entered on the phone. You can download Terminal Emulator or something similar through the app store.
First make sure you're connect to your hotspot from your computer. Next, let's find your local IP address. Here are the instructions for Windows:
Click on the Start menu and type cmd. When you see the cmd applications in Start menu panel, click it or just press enter.
A command line window will open. Type ipconfig and press enter.
You'll see a bunch of information, but the line you want to look for is "IPv4 Address." The number across from that text is your local IP address.
Here's how to do the same thing on a Mac:
Open System Preferences (via the Apple menu at the top lefthand corner of your screen).
When System Preferences opens, click on the icon labeled Network.
You should see a few options on the left with labels like Wi-Fi, Ethernet, Bluetooth, etc. The ones with green dots have IP addresses assigned to them. Click the one on top (if it isn't already selected) and look to the right. There should be a sentence that reads something like "Wi-Fi is connected to Chocolate and has the IP address 192.168.1.102." The number at the end of that sentence is your local IP address.
Thanks for this thread, I've nearly got tethering working through Private Internet Access/Open VPN.
When running the commands
Code:
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
i get an error "RTNETLINK answers: File exists"
I tethered up while connected to the VPN and could ping out to external IP addresses but no DNS resolution. So in my windows settings I manually specified DNS settings and can now browse the web through the VPN on my Galaxy s4!
But how do I fix the DNS issue? I want the clients that connect to pick up the DNS settings that actually work, without having to manually specify.
Thanks for any help
Vpn problem
Hi I havent tried the above options..yet
I have a sgs3 sgh-t999 . a comercial vpn account with the xxx.ovpn cert files.
after getting the details entered into open vpn and importing the cert file all is good untill I go to connect [see attachment]
phone is v4.3, baseband mjc, kernel v 3.0.31, rom S3rx v3.0 1-27-14
any suggestions on how to proceed?
RXP said:
Thanks for this thread, I've nearly got tethering working through Private Internet Access/Open VPN.
When running the commands
Code:
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
i get an error "RTNETLINK answers: File exists"
I tethered up while connected to the VPN and could ping out to external IP addresses but no DNS resolution. So in my windows settings I manually specified DNS settings and can now browse the web through the VPN on my Galaxy s4!
But how do I fix the DNS issue? I want the clients that connect to pick up the DNS settings that actually work, without having to manually specify.
Thanks for any help
Click to expand...
Click to collapse
1) RTNETLINK answers: File exists
This just means you already ran the command before during this reboot session and it's saved into the route table. If you restart your phone, and run the commands again, it will go through first time, but repeated commands will yield same error. Should be normal. Table clears on reboot.
2) Please see the thread at http://forum.xda-developers.com/galaxy-s2/help/solved-wifi-hotspot-issue-samsung-t1689242
It seems like in order for OpenVPN DNS push to work, you have to change your APN settings on your phone to have it automatically register and push out to your other devices. I had the same problem and came across this during a search.
Massive thanks to the OP for posting this here and to everyone helping out in this thread.
The above rules route wifi tethered traffic via the vpn but I was wondering if there are similar rules to route usb tether too?
Cheers
It seems to work once, but when Data connection is lost or openvpn reconnects, wifi tathering stops working, need to do everything again (switch all off, connect to 3G, vpn, create wifi hotspot and apply fix script). And somehow DNS doesn't work. Tryed on Galaxy S5, LG L70, both on 4.4.2
But in general, this workaround is working, just needs a little bit of tweaking
This is fantastic.
For those of you using VPN on your phone as well, does it seem to stay connected? My VPN (OpenVPN) was flawless on 4.3 ... I mean smooth as ice with no disconnects.
When I upgraded to Kitkat, I wanted to immediately hide in a hole from embarrassment. Only after trying to connect and stay connected did I start to read around to check what the heck was going on. Biggest mistake ever. But then again, who would have thought right? I mean come on...who would have thought it would make using VPN a nightmare after an update that's suppose to be improved? Whatever...
Anyhow, lesson learned. Now I'm waiting desperately for someone to figure out how to downgrade from 4.4 back to 4.3 and/or to find a patch/fix for this issue so we don't have to run a script on every boot or reset.
At the end of the day, at least there is a solution thanks to folks like you. Kudos to the OP and everyone else who has contributed to the work around...for the time being lets hope...
:good:
For anyone interested, I played with the commands to have it work over a USB tether instead of Wifi. Why? Because my battery life stinks and this way my phone is charging also. What the heck. works great.
The only change was in the two spots where it has "wlan0" change them to "usb0". Another change was that the subnet of the USB connection is 192.168.42.0/24 (versus 192.168.43.0/24 on wifi). I get it working in this order:
1) reboot phone (to make sure to other lingering route tables are wiped out
2) turn off wifi
3) establish VPN connection
4) start USB tethering (and have your phone usb connected to your computer
5) After eveything is hooked up, open a terminal window, make sure you have superuser access (su) and execute the commands below. I just have them saved in a text file on my phone's sd card, copy them and just paste them all at once into the terminal window. Haven't figured out how to get this to run automatically using init.d (yet - assuming you can because upon phone reboot, I have to assuming that it will spit out errors because the tun0 and usb0 devices will not exist!)
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.42.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.42.0/24 dev usb0 scope link table 61
ip route add broadcast 255.255.255.255 dev usb0 scope link table 61
Vpn api delete route joy downgraded
@grogargh
Have you tried Tasker, run shell
To run after booting [or from widget or otherwise]
http://forum.xda-developers.com/showthread.php?t=1110775
Hello, I'm attempting to setup up ethernet on my G920F using bobjgear usb 2.0 ethernet adapter.
Here is my progress:
1. Rooted with Xtrestolite 5.1.1, Vindicator kernel, busybox.
2. app to turn on eth0 is called "Ethernet Droid":
-assigned IP (within range) (192.168.1.67)
-assigned default gateway (192.168.1.254)
-assigned subnetmask (255.255.255.0)
-NOT assigned DNS
3. terminal emulator shows eth0 as UP with the IP assigned.
4. my ATT U-verse router shows a device connected with the assigned IP.
in terminal emulator when typing:
# netcfg eth0 dhcp
I get:
# action 'dhcp' failed (operation not permitted)
in terminal emulator when typing:
# ifconfig eth0
I get:
# eth0: ip 192.168.1.254 mask 255.255.255.0 flags [up broadcast running multicast]
in terminal emulator when typing:
# ping -c 4 192.168.1.254
I get:
# connect: Network is unreachable
-----------------------------------------
This is as far as I've been able to get, any further progress would be greatly appreciated, as I'm really trying to set up ethernet chromecast with a portable router for display out. A lot of people have complained of the lack of MHL and HDMI support which was really a shock to me when I found out...
I'm not a coder, nor an export on linux, so any help please keep the instructions simple and clear, thank you really truly.
sergeivich said:
# ping -c 4 192.168.1.254
I get:
# connect: Network is unreachable
Click to expand...
Click to collapse
I guess this is a Android 5.x bug or missing permission.
Please try the following:
1. su (in your terminal)
2. netcfg eth0 dhcp (this should work as superuser)
3. exit
4. ping your IP of your mobile phone ping -c4 192.168.1.XXX (this should work)
5. su
6. ping your gateway ip ping -c 4 192.168.1.YYY (this should work as superuser)
7. exit
8. ping your gateway ip ping -c 4 192.168.1.YYY (do you get now: android connect network is unreachable ?)
Until CM11 (Android 4.4.4) I could use my eth0 interface as normal user for everything. In oder to switch between wlan0 and eth0 you can use the ethernet-2.XX.apk. Some APPs absolutely want wlan0. For these APPs you could install one of the xposed framework modules HACK CONNECTIVITY SERVICE 1.4 or Fake Wifi Connection
BUT obviously since CM12 (Android 5.x) I have the same problem as you:
BUG/missing permissions? eth0 (USB->LAN) interface only usable as root user in terminal since CM12
When I try to ping my router ping 192.168.1.1 or any internet IP I get a android connect network is unreachable.
The only IP-adrress I can ping as normal user is my own IP-adress of the eth0 interface (for expample 192.168.1.XX).
After login as root with the su command in the terminal I can ping the router IP and every internet IP.
Even disabling the iptables filters/firewall did not help.
When I switch to the wlan0 interface I can ping everything with my normal user and the internet connection is available for every app.
My configuration:
S3 i9300, asix USB-LAN adapter, kernel: boeffla 4.0-alpha-11-CM12.1, cm-12.1-20150825-UNOFFICIAL-i9300.zip
Hello, any progress on the ethernet connectivity? Would any of the M or N roms support this?
Try this:
Hi
Have you tried this (for Lollipop):
Code:
ndc resolver setnetdns eth0 "" 8.8.8.8 8.8.4.4
I had the same problem as you and this solved the problem on Galaxy Note 4 with 5.1.1 (was able to ping 8.8.8.8 and 8.8.4.4 but not google.com. after typing this in the terminal, the ping worked !)
However, I am stuck at a step further: Even with this, it seems all apps do not recognize the internet connection through ethernet (no problem with WiFi).
I am pretty sure that it's not a matter of ConnectivityHackService or Fake Wifi (that I have installed by the way), since I have the problem for all the apps I was able to check (many).
Does anyone know how to solve this ?