Related
-- SOLVED --> For those who care...
Initial issue/goal: Ports open or blocked over 3G/4g? Getting a reverse VNC connection working on an android phone.
Resolution: Ultra VNC SC basically allows someone behind a firewall or router to, without any configuration required, share their desktop with someone (you) for technical support or any other means. I use it for friends and family and such, and it works great, but the real question and purpose of this thread was about open ports on a 3G/4G connection and what VNC apps allow listening. This is what worked for me: Remote VNC Pro from the market (~$6), DynDNS from the market (free), a dynamic DNS account that is supported by the DynDNS application (like no-ip, dyndns, etc), and a personalized/configured version of Ultra VNC SC (linked below). Port 5900 works, as well as a few others, but 80, 8080, and 443 won't.
VNC Application: Remote VNC Pro (for the phone)
VNC Application: Ultra VNC SC (for the client)
Dynamic DNS: DynDNS (update agent)
Mods/Admins feel free to move this thread and/or lock delete if I am breaking any rules (like advertising?) or something.
Re: [HELP] Reverse VNC Connection
I know with 4G you definitely get a publicly accessible IP without any proxy in the middle. I imagine 3G would be the same so it should be fine in that regards.
As for open ports, any app worth its chops should let you choose which port it listens on so that shouldn't be an issue.
Why don't you just buy one of the apps and give it a try? If it doesn't work you can always return it within 24 hours for a full refund.
Trial and Error
---- ORIGINAL FIRST POST ----
Not sure if this should go here or not, but I'm trying to see if I can get a Reverse VNC Application going. Looking at existing VNC applications for Android, the only one that allows listen mode is Remote VNC Pro v1.7.7 and above. Unfortunately, since it is not free, I cannot test the listening capabilities. Listening aside, I suppose my biggest issue will be open ports. Given 3G/4G addresses (NAT, I assume?) are out of our control, does anyone know what ports are open and what ports are not?
Has anyone else tried? Interested? Suggestions? Here's what I have so far:
VNC Application: Looking at Remote VNC Pro (for the phone)
VNC Application: Ultra VNC SC (for the client)
Dynamic DNS: DynDNS (update agent)
---- END FIRST POST ----
rdude said:
Why don't you just buy one of the apps and give it a try? If it doesn't work you can always return it within 24 hours for a full refund.
Click to expand...
Click to collapse
Well the idea was to see if anyone had already tried this and/or had the application to save me time troubleshooting. Since there has been no response, save yours, I went ahead and purchased it.
rdude said:
As for open ports, any app worth its chops should let you choose which port it listens on so that shouldn't be an issue.
Click to expand...
Click to collapse
Oh, it has the option to specify ports, but which ports are open over a 3G/4G connection is what I wanted to know. I tried 443 and 80, and both gave me permission errors. Surprisingly 1723 (PPTP) works, but VNC Pro on the phone just sits on the 'please wait while listening on <ip address>' screen forever. The computer running the Single Click VNC server says that the connection was successfully acquired, but the icon never changes colors (suggesting I am completely connected). The interesting thing is that when I cancel or close the connection on the computer, VNC Pro on my EVO closes the 'listening' window and gives me a java exception error.
*sigh* any ideas? I'm guessing the connection is going through but other traffic is getting blocked or something. Not sure what other ports to try, but I will fiddle around with it in the mean time.
Edit: I tried the standard ports on a local WiFi connection. I gave the phone a static IP, port forwarded everything appropriately, and then received the same results. I'm going to take a few screenshots and send and e-mail to the developer for now.
Edit: It appears to be an issue with Ultra VNC SC. Ultra VNC and Real VNC both worked by manually adding the viewer client from the installed server while using port 5900. Sort of defeats the purpose for me, but the developer said he would try it out and (hopefully) get it working.
Edit: The dev got back to me really quickly and we figured out the issues and fixed it over the weekend. He pushed out a new version of the application on Sunday. First post has been updated for those who care.
Bumping the thread for those who are interested in what worked for me, now that everything is fixed.
Nice, been interested in this. How is the refresh rate when your phone is on WiFi and also how is it on 3G?
I tried Screencast (http://code.google.com/p/androidscreencast/), but it only runs at 3-5 FPS, so it was pretty unusable.
I've only had it working for a day, and nobody has really needed my help, so my testing of the application has only been to confirm it works. The best thing I can say, for now, is that the reviews all brag about the performance and pinch-zoom, that the developer is pretty cool and was willing to return the application well beyond the 24 hour limit, should the application not meet my needs, and finally that he fixed the issue I was having in less than 48 hours from the time I reported it to him. Overall, as far as the application is concerned, I am pretty satisfied. For example, I wrote (and edited) this post while using it over 3G from my phone. I saw all the text as I was typing, so I would say the frame rate is satisfactory.
Edit: Wait, after following your link, I think you might be misunderstanding the purpose of this application. This allows you to control a PC from your Android, not the other way around. The purpose is to supply people with a pre-configured portable application that allows you to connect to the computer without any port forwarding or security changes on their machine. The application (uVNC SC) also "uninstalls" itself from their computer after the connection is closed. To reiterate, the primary benefit is to allow you (the admin) to connect to someone else (the user) without them having to do anything but double-click on your connection.
You're right. I misunderstood, didn't know what "reverse vnc" really meant.
Sorry, I knew people confused the two, so I could have been more clear. On that note, I am also interested in a... remote connection to my Android phone. Recording, in particular, would be great for demo's and setup instructions, given so many people have android devices now-days. But yeah, this is not the setup for that. =/
brennen.exe said:
Bumping the thread for those who are interested in what worked for me, now that everything is fixed.
Click to expand...
Click to collapse
Glad to hear you got it working! I'll try installing it this week and see how it goes.
Looks to me that I want to do exactly the same. Sorry to bump the thread but seems the best thing to do.
I want to support people OTA, since I don't need high framerates, just a view at some PC settings.
I have Remote VNC Pro and it allows the phone to Listen for incoming VNC connections. But it listens on a 10.20.xxx adress, instead of my WAN 3G/4G ip-adress.
I want to use GITSO (awesome little program) for the http://code.google.com/p/gitso/ support issues.
It works flawless pc-to-pc where I have my own portforward setup, saves tons of hassle with the people I want to support.
I wanted to know if there is a way to set from what area your IP shows up as when you connect to the internet on your Android phone?
For instance, I have a T-mobile G2 and when I connect speedtest.net or an IP finding website, it shows the location of my IP address. Usually its close, sometimes its far away.
Is there any way to choose a static IP or range of IP's to narrow down where my IP is located? i.e. can I choose to spoof my IP to show me in another state? I'm rooted running CM6.1 so I'm down for things that need root access.
Thanks in advance for info/help. I'm gonna continue to research this as well.
Its going to show the location where the IP should be.
maxmind.com is a good lookup to see where the IP should be coming from. (background- they are designed for charging websites, your IP says you are in Nigeria, or Flordia, or wherever, but you are having your order shipped to Washington, so we need to check for fraud more carefully, or hulu and not allowing to be viewed outside US - but same applies to any country)
Especially on celluar, its going to depend on the cell network, your phone likely is behind their NAT. If the NAT is in the same city you are, its going to be really close.
Example Rogers in Canada has 2 cities as far as I can tell with equipment in Montreal and Toronto (when I was getting external DHCP addresses it was one of these 2 cities) Now that I have a static external address, I allways show as Montreal even when I'm on the West-Coast. When using the NATted addresses (10.x.x.x) it would allways show as Toronto (or Greater Toronto area) might have been Markham.
To spoof your IP to show you're in another state, I believe Giganews offers a VPN that will be comptable with just about everything, west coast US, east coast US, one in Asia and one in Europe.
This is going off memory, if I'm found incorrect, I'll edit the post.
Kevin
Thanks for the information. Makes a lot of sense. Now I just gotta figure out the proper way to set up the VPN on my phone. I've got to the VPN settings, I've just gotta figure out the proper setup
So basically the VPN settings on Android can accept any VPN address/info that I am signed up for? I don't really know if I wanna pay for a VPN and I know there are free alternatives, especially considering that I dont need any more services than what a free one offers.
Any and all of the free ones I've seen, are designed for computers, PC or Mac, they require software installed.
The reason I mentioned the Giganews VPN service, was because it is the PPTP standard vpn connection, so supported without a software application.
I am interested if you know of free ones that offer this.
Additionally, you also have to check to see if your provider blocks VPN connections on your phone. Rogers does unless you pay extra for a non-NATted IP. So its a trial and error. I know a few providers in the US have a VPN APN, which is designed for people using VPN services. I don't know which block VPN connections by default.
It should be compatible with PPTP and IPSEC VPN services.
Ok so I figured I would post my question here as this thread is already created and has keywords that pertain to my question/problem
Now I provide support for several end users and I need VPN access to their network/machine at a glance for the type of support I provide. I was thinking of something along the lines of something software based that would allow me to access their network (shared files mostly) but I cant think of anything that I can setup one time and not have to worry when they take the laptop/desktop home and their IP address changes or if their firewall is not properly configured.
Any solutions to this particular problem?
I was thinking of something Hamachi like but I do not need remote access I just need file sharing access and network access...
I know that Windows 7 and Server 2008r2 have a dial-less VPN that can be setup, the computer will connect to your VPN service, anytime it is on, and you would be able to share the files that way.
Or users dial the VPN whenever they log in, but that would stop you from connecting remotely after a reboot.
Ideally, they should be connecting to your server, and saving all their files there?
Not enough infomation to actually give you any other ideas, can PM me with what hardware and software you have to work with, mobile devices or not, ect.
I recently started looking into the data applications, especially the free ones send to the net.
I wanted to know if they leak personal data to their coders.
Therefore i decided to redirect connections through a proxy software on my computer.
I installed http://www.charlesproxy.com/ and added their ssl ca to the trusted certificates on my cellphone.
It was quite intresting to see what kind of requests certain apps make to the internet, especially when you look inside the ssl encrypted connections.
I then found out that some connections seemed to be missing from that analysis, not enough traffic showed up in the proxy compared to the network activity.
So i used https://play.google.com/store/apps/details?id=lv.n3o.shark and the resulting file was quite a few times bigger.
It contained connections to other ports than 80/443 which i saw in charles.
So my questions are: Does Android ignore the proxy for non http(s) requests?
How can i redirect EVERY request to my computer and strip the ssl from it to look inside?
I suspect some of the applications to use basic stuff like json, xmpp and xml but cannot proof it currently.
As a beginner, i might also be using the wrong tools.
You may be able to run tcpdump on your router to see what exactly your phone is connecting to, then see if it corresponds to your proxy traffic.
that does not help to look inside the ssl encrypted tunnel unfortunately
So you want to run your own server, eh? Whether you want to free yourself from data mining, commercialising, monetising, greedy be-tied-and-suited media moguls or from the spiritual successors of J. Edgar Hoover and Yuri Andropov does not matter. You want your data to be just that, *your* data. While this might seem extreme to some the idea is actually not far fetched, nor is it impossible to realise. After all, the 'net and the web were conceived as a decentralised network of services. This model, while good in allowing diversity and freedom, is less than ideal from a profitability standpoint so you should not expect those who stand to profit from hoarding your data to lend a helping hand here You're on your own here.
Well, not really on your own of course as there is a metric ton of information on this subject to be found on the 'net. Everything from how to turn that old laptop into a server through using single-board computers as servers through re-purposing whatever you happened to find dumpster-diving. Suffice to say that you need hardware, software and a network connection. A separate router, preferably one under your own control, running known software (OpenWRT, DD-WRT, Tomato, etc) on stable and not to anemic hardware so it can be used to run a VPN to your phone. You'll want your own domain name as well, either one from the free services which are (still) around or something more 'personal'.
Network connection and domain
Here you often don't have that much choice. If possible, choose a wired connection over a wireless one, both for the higher reliability as well as the usually more acceptable use policies and the fact that wireless connections often change IP address. Choose a connection without a traffic cap over one which has one. Choose the connection with the highest upload rate, even if this means settling on a lower download rate - servers send traffic up the net after all.
There are many ways to get a domain name. You can buy one, of course. For a personal server this might be overkill, but the choice is yours. One advantage of having your own domain is that it enables you to keep your mail/jabber/web/whatever addresses no matter what happens (as long as you pay the registrar, of course). You're totally free here as you can simply point your domain elsewhere if you happen to move to another ISP (and/or country...). Cheaper - as in 'free' - is to use one of the many free dynamic DNS services. As long as you have an address to feed your phone and other devices which will make use of your server you're fine.
Router
Best here is to use a router which is fully under your own control. While some ISP routers might be marginally usable, these devices are often at the whim of the ISP as they can be remotely controlled and configured. This is not what you want for your network, so just use the thing in bridge mode if possible, otherwise forward all traffic to your own router. With one of the free and open router firmwares on a reliable device you can do interesting things, ranging from port knocking on the router to VPN tunnels to your mobile devices.
Hardware, storage
Power consumption. heat- and noise production are of more importance than raw power here. There should be enough memory to keep the thing from paging (or 'swapping') on the intended work load on the chosen OS. The same goes for storage: If it fits in the box, fine. If it does not (external drives on laptops, Raspberries, etc) make sure the whole contraption is stable so you don't get any sudden 'disconnects'. For a personal server, power consumption, noise and heat production (which directly relates to reliability) are - again - more important than raw performance.
OS
Any 'unix' of choice is fine here. Linux, *BSD, doesn't matter. Even MacOS would do. Windows, not so much. It is not impossible to use Windows but it is more of a hassle given that a lot of the software is tailored to a unix environment. If you really insist on running Windows, at least make sure it is patched up to the hilt and that all - and that means all - unnecessary services have been switched off.
Software
This is the interesting bit, and the reason why this message is here in the first place. On one of the forum threads here someone was surprised by the fact that I don't run any of the Google apps on my devices, wondering how I got by without Google Play, GMail, contacts and calendar sync etc. Part of the answer to that question involves running your own server, part is covered by using alternatives for the Google-provided apps and services. I would have put this all in a table but it seems this silly forum does not support those...
Commercial service: Alternative (Remarks)
Google Play: F-Droid (The F-Droid store only contains free software. It does not provide a full alternative to the Play Store. If you really want to run the Play Store but still have a notion of privacy on your device, consider enabling Google Services only when required, disabling them afterwards. You can also designate one device as the one which gets to run the Play Store and side-load apps from this device to all others. Theoretically this should be possible using an emulator on your server as well, automating the whole process and creating a 'playstore by proxy'. I have not tried this.)
GMail: IMAP to your own server, eg the Debian standard dovecot daemon. K9 or the standard Android email client on your device.
Contacts: CardDav to your own server (service is provided by ownCloud, amongst others), DAVdroid on your phone or tablet.
Calendar: CalDav to your own server (service is provided by ownCloud, amongst others), DAVdroid on your phone or tablet.
Cloud storage (Dropbox, Google Drive, etc): WebDav to your own server (service is provided by ownCloud, amongst others), one of the many webdav clients on your phone. There is a specific ownCloud app as well.
Photo sharing (Flickr, Smugmug, etc): Trovebox to your own server, Trovebox app on phone
Streaming service (Spotify, Google Music, etc): subsonic on your own server, dSub or Subsonic app on phone (there is a rudimentary streaming service in ownCloud as well, based on Ampache)
More will follow...
If you get in the game on time you might be able to join the Reset the Net initiative!
Reserved #2
This position is reserved for a more thorough list of services
Reserved #3
This position is reserved for a more thorough list of services
YetAnotherForumUser said:
Commercial service: Alternative (Remarks)
Google Play: F-Droid (The F-Droid store only contains free software. It does not provide a full alternative to the Play Store. If you really want to run the Play Store but still have a notion of privacy on your device, consider enabling Google Services only when required, disabling them afterwards. You can also designate one device as the one which gets to run the Play Store and side-load apps from this device to all others. Theoretically this should be possible using an emulator on your server as well, automating the whole process and creating a 'playstore by proxy'. I have not tried this.)
GMail: IMAP to your own server, eg the Debian standard dovecot daemon. K9 or the standard Android email client on your device.
Contacts: CardDav to your own server (service is provided by ownCloud, amongst others), DAVdroid on your phone or tablet.
Calendar: CalDav to your own server (service is provided by ownCloud, amongst others), DAVdroid on your phone or tablet.
Cloud storage (Dropbox, Google Drive, etc): WebDav to your own server (service is provided by ownCloud, amongst others), one of the many webdav clients on your phone. There is a specific ownCloud app as well.
Photo sharing (Flickr, Smugmug, etc): Trovebox to your own server, Trovebox app on phone
Streaming service (Spotify, Google Music, etc): subsonic on your own server, dSub or Subsonic app on phone (there is a rudimentary streaming service in ownCloud as well, based on Ampache)
More will follow...
More later, no time now,
Click to expand...
Click to collapse
This is an interesting topic mainly because android has the potential to become non dependant of google services and I would be nice to keep personal data really personal.
Also there is a No Gapps project here in xda that is quite interesting.
YetAnotherForumUser said:
Router
Best here is to use a router which is fully under your own control. While some ISP routers might be marginally usable, these devices are often at the whim of the ISP as they can be remotely controlled and configured. This is not what you want for your network, so just use the thing in bridge mode if possible, otherwise forward all traffic to your own router. With one of the free and open router firmwares on a reliable device you can do interesting things, ranging from port knocking on the router to VPN tunnels to your mobile devices.
Click to expand...
Click to collapse
This reminded me of something that happened in my dad's office recently:
http://arstechnica.com/civis/viewtopic.php?f=10&t=1209257
The ISP guys configured it that way because dad wanted to run a webserver on one system, the one directly connected to the modem on bridged mode. They apparently didn't think it was necessary to also add a router betweenthe modem and the network of computers :/
Lessons:
1. Don't trust anything the ISP guys do
2. Always us a standalone router or firewall
3. Don't use XP. Seriously.
TJKV said:
This reminded me of something that happened in my dad's office recently:
http://arstechnica.com/civis/viewtopic.php?f=10&t=1209257
The ISP guys configured it that way because dad wanted to run a webserver on one system, the one directly connected to the modem on bridged mode. They apparently didn't think it was necessary to also add a router betweenthe modem and the network of computers :/
Lessons:
1. Don't trust anything the ISP guys do
2. Always us a standalone router or firewall
3. Don't use XP. Seriously.
Click to expand...
Click to collapse
I can recommend something like this. They come with web-face, but you need have atleast base knowledge of how network things work.
slph said:
I can recommend something like this. They come with web-face, but you need have atleast base knowledge of how network things work.
Click to expand...
Click to collapse
Nah when I realised what the ISP guys had done I bought a D-Link 2750U and set it up properly in NAT mode
Wifi also works now since it isn't bridged to a computer anymore
Open question to all, especially if you frequent establishments with open wifi --- What if any security do you use? I'd hope some kind of Firewall, possibly private VPN? And more importantly have you actually verified it provides you with any kind of security?
My issue is this - No matter what I do, cellphones leak data like a waterfall. Seems basically impossible to tell the damn devices to stop broadcasting to the world. Don't call home to clients1.google.com (or any incarnation thereof, and there are many). Don't enable bonjour / zeroconf. Etc.
I literally have no browser installed yet I noticed connecting to open Wifi with portals bring up some kind of browser. Does it store cookies? Does it leak my device id, model, serial # .. IMESI? (believe it or not some applications try to stuff that in an HTTP header).
One of the biggest reasons I ever rooted my phones is I've tried rootless firewalls, they do nothing but have a nice gui.
It's bloody infuriating.