Hi,
Here’s my situation – at my office they use Cisco IronPort to monitor and filter all internet requests. A transparent proxy is used on the network switches to direct port 80 traffic to the IronPort server. Initially only the browser on my phone would work as that is the only app that passes the correct authentication. All other apps fail to reach the internet. But the IronPort server can be configured to pass through a type of device if it can be identified. Using the IP address of my phone to filter the traffic logs, it seems that some apps pass “Windows Phone OS” in the data packets. And by adding “Windows Phone OS” to the IronPort exception list, those apps now work. But most apps still don’t work because they don’t include any windows phone identifier in the data packets. Can anyone provide any additional info on this subject or a possible solution?
Thanks.
bump... any ideas... anyone?
Use cellular data instead of your corporate network?
Use apps that use the new socket APIs, or connect to HTTP servers running on a port other than 80?
Complain to your IT people (commoditization of IT being what it is, I'm actually surprised by this restriction)?
See if you can get them using proxy authentication instead of packet inspection for authentication purposes (WP7 supports proxy authentication on WiFi)?
Find a job with an IT infrastructure that doesn't suck?
Related
Hi there!
Maybe I'm just too stupid, but I've benn trying for weeks now to setup the network parameters for my University's Campus network and failed miserably, so could someone please explain to me how this darn "Internet Connection Manager" works?
What I need in brief:
How can I setup a proxy to use with and only with
- HTTP(S) and FTP(S)
for a WiFi-Network that
- is NOT encrypted
- does NOT require dialing a number / accessing a modem
- does NOT use a VPN
??
Whenever I try this it always results in the connection dying completely.
In other words: When I select my standard UMTS-uplink as "default connection for programs connecting automatically" and then manually establish a WiFi-connection I can reach all computers available on the campus network get ping responses and everything, but I cannot use a proxy, hence not load off-campus pages.
When I define a new connection and enter my settings (just WiFi-name and the proxy details) I can still establish a WiFi-connection, but get a ping timeout even on the access point and the intranet servers usually available through the WiFi. No SSH login, no intranet, nothing (but I do get an IP assigned & stuff)
Here's what I would like to do in theory:
=> Manually connect to a WiFi-Network called "tuwlan".
. -open network
. -no encryption
. -IP, netmask, gateway, nameserver etc provided automatically by DHCP
=> Establish a SSH2 (SecureShell) connection to our on-campus proxy server and tunnel some ports to get through the Subnets (extremely restrictive) firewall.
. -SSH including port forwarding done with PockeTTY, works like a charm
=> Use Opera Mobile to surf web pages and FTP Sites through the proxy "localhost:40081" (which is forwarded to our campus proxy server through SSH2).
=> The Proxy only knows HTTP(S) and FTP(S), so all other programs (ICQ, Skype etc) are not to use it!
This setup used to work great with older Opera versions, but they removed the proxy setting dialog in favor of directly using the ICM settings.
So now I'm stuck with Microsofts Internet Connection Manager
Can anyone please help me to get this working?
I want to set my Mum's new tablet so that it can only access the Internet via the SSH server running on her Buffalo router (with Tomato firmware).
I've got the server working and accessible remotely and so far the only app I've found that has a Global Proxy setting to redirect everything via the SSH server is SSHTunnel, although I gather that it's not totally reliable when connections drop/change and I can't expect my Mum to cope with monitoring it and re-enabling it manually. When it's disabled, all traffic will just go over local connection unencrypted so that's a concern.
Ideally there'd be some way to setup the SSH settings at a system level, with no way to disable them and force all the traffic go out like this but I'm not sure if there is any way to achieve this.
The other part is setting a firewall (AFWall+ or Android Firewall seem to be the main ones) to only allow traffic via the SSH server. I'm not sure what whitelist rules would be required for this. For example, SSHTunnel connects to the server at x.x.x.x:x, so I presume I'd need a rule to allow connections to this address and this port (I had a quick play with the Avast firewall, which only allows creating custom rules for IP or port, so I'd need two rules with that and it doesn't allow entering the DynDNS name, only a IP address, so that's no good).
Then SSHTunnel has a Local Port (1984) and remote addressort (127.0.0.1:3128) so I presume I'd need rules to allow all of those as well (I'm not sure which of these need to be incoming/outgoing or both). Then there's the question of whether I need to allow other ports like DNS (53) and so on, or if that all goes over the SSH tunnel and doesn't require setting allow rules specifically.
It might be that a VPN server would be more suitable for what I'm trying to acheive than a SSH server and I think the Tomato firmware on the router has that facility (or if the version currently flashed doesn't, there's probably another version I could flash that does), so if that's the case, I'd appreciate advice on locking it down that way instead. Android has built-in VPN support, so it might be possible to use that but it depends on whether it will auto-connect and stay connected all the time or if it requires user intervention and I'll still need to setup firewall rules to prevent data being sent without the VPN in case it does get disabled.
Another issue is whether these firewall rules will prevent the device even being able to connect to any public Wi-Fi points before redirecting the traffic via the SSH/VPN server, which would obviously be no good.
OK, maybe there's another way
I was thinking of setting up a VPN on a Raspberry Pi installed at my parent's house, as they have reasonable broadband speeds, something like 100/10MB. Is there anyway that I could setup my Mum's tablet so that it passes everything through the VPN whether at home or away, so that she doesn't have to worry about toggling the VPN or firewall?
I can point it to the No-IP domain name I've setup but then I think every request would go out onto the Internet (albeit encrypted) before coming back in to the VPN, which would then have to go out again to retrieve whatever webpage, etc is being requested, which would obviously be stupid. If I point it to the LAN IP of 192.168.1.66, that will avoid doing that when at home but won't work when away.
So, any ideas?
Hello all,
I normally don't really need to ask many questions on these forums but heck, when I'm going to there are only a few places I trust.
I have the MOTO DROID MAXX, I have the TWC - TV app for watching live TV. IF you were not aware, the Time Warner Cable TV app / website allows you to watch most of your line up from a mobile device. The caveat is that you have to be on your home network otherwise you're limited to pretty much home and gardening type shows. VPN is 100% blocked via the app. You also cannot have USB debugging enabled on the current app.
I found a thread that had the apk of the app that doesn't check for these "handy" features being enabled.
My system is as follows.
Wingate is hosting a proxy service on a port that is properly forwarded and working correctly on my static assigned pc. DDNS is setup for name resolution to my server. Since Wingate will be internet facing, I set up client access rules to block access from any non authenticated users.
My issue. On PC if I connect via proxy I can properly authenticate and see an authenticated session on Wingate. On my phone, I can connect to my proxy and if access rules are off I can browse just fine. However, if I try to put in the NTLM authentication on either ProxyDroid or AutoProxyLite, I show up as an unknown user!! I have tried everything and cannot figure this out!! I know the settings CAN work because the same ones previously authenticated on my old windows install.
Thoughts?
Hi All,
I am currently working on something, which sounds simple in some respects.
I need my spare android phone to act as an FTP Server - Easy enough done on a LAN, but I need to make it accessible across the internet, as I need to get a service I use to send files to my phone via FTP (its a long story, but the service can only email large files automatically, and they exceed the average 25mb size limit - or they can FTP - no other transfer method is available). I also need to use my mobile, as all the internet access I have whilst on the move is via my mobile, and I cannot setup the network at home to do port redirect, so its basically the phone has to be the ftp server (and seemingly the router)
Rather than buying an FTP and webspace, I have read up on a few things that can be done. I have downloaded "My FTP Server" and set that up on my device, which is accessible over the LAN. I then downloaded Port Forwarder, and configured the incoming port, redirect outgoing port and the loopback IP of my phone to direct traffic.
I then signed up to http://freedns.afraid.org/ and created a subdomain, which when I input the current IP Address of my device on the Internet, resolves correctly, so it can see the IP correctly.
Theoretically, I can see no reason why this is failing. I appreciate the limitations are the network will by default disable ICMP Ping requests, and the IP address is Dynamic (though I can change it on demand as and when I need the files!) but beyond that, I cannot see what to do here.
Anyone got any suggestions?
The device is as follows:
Landvo L900
Dual Sim, 3G and 2G
Android 4.2.2
Device is rooted
I appreciate any advice you can offer!
A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. Everyone is using VPN according to their needs. Businesses use VPNs to connect remote datacenters, and individuals can use VPNs to get access to network resources when they’re not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they’re using an untrusted public network.
How it works
A VPN works by routing your device’s internet connection through your chosen VPN’s private server rather than your internet service provider (ISP) so that when your data is transmitted to the internet, it comes from the VPN rather than your system. The VPN acts as an intermediary of sorts as you connect to the internet, thereby hiding your IP address – the string of numbers your ISP assigns your device – and protecting your identity. Furthermore, if your data is somehow intercepted, it will be unreadable until it reaches its final destination.
A VPN creates a private “tunnel” from your device to the internet and hides your vital data through something that is known as encryption.
syncmedia1 said:
Spoiler
A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. Everyone is using VPN according to their needs. Businesses use VPNs to connect remote datacenters, and individuals can use VPNs to get access to network resources when they’re not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they’re using an untrusted public network.
How it works
A VPN works by routing your device’s internet connection through your chosen VPN’s private server rather than your internet service provider (ISP) so that when your data is transmitted to the internet, it comes from the VPN rather than your system. The VPN acts as an intermediary of sorts as you connect to the internet, thereby hiding your IP address – the string of numbers your ISP assigns your device – and protecting your identity. Furthermore, if your data is somehow intercepted, it will be unreadable until it reaches its final destination.
A VPN creates a private “tunnel” from your device to the internet and hides your vital data through something that is known as encryption.
Click to expand...
Click to collapse
@syncmedia1 Please check your private messages / conversations. Thanks very much!
Regards
Oswald Boelcke