Synopsis:
Need to bypass corporate web proxy for unfiltered Internet access. Google Chrome is the preferred and tested browser, but Firefox should work as well. Corporate environment utilizes an automated global proxy setting, which must be bypassed using run-time arguments. Since I have a Squid proxy running at home on my cable connection, all I need to do is establish a port-forwarding tunnel from my phone to my house, then another from my laptop to my phone. This will allow me to browse the web and proxy any traffic through my phone to my proxy server at home, around our corporate proxy and firewall. The phone utilizes a DSL connection typically used for testing and other non-business traffic and is isolated from the corporate LAN.
Requirements:
A Web Proxy (Squid instance or other third-party available)
Atrix 2 Rooted (others not tested)
SSHDroid from Google Play
BusyBox (with ssh binary)
Google Chrome or Firefox
Putty SSH Client for Windows or other SSH client software AND a familiarization with SSH tunneling.
Procedure
On the Atrix 2, be sure 'Motorola Phone Portal' mode is configured for the USB connection. This will tell the phone to assign an IP address to the USB interface of the phone. In my case, it is 192.168.16.2. Once that is done, connect your phone to your PC via the USB cable. This may auto-launch IE on your desktop to your phone to the web portal on port 8080 and is not necessary.
On the Atrix 2, launch SSHDroid to enable inbound SSH connections. No special settings were configured in that app for any of this to work.
On your PC, manipulate your Chrome shortcut to use different proxy settings than the default. By default Chrome utilizes the Internet Settings on the PC, so this is necessary if you already have a proxy defined at the OS level. To do this, you must create a new shortcut to Chrome, then right-click on that shortcut, go to properties, and change the 'Target' field to include this information:
--proxy-server="localhost:3128" (don't forget the quotes)
Be sure to use this shortcut to launch Chrome or you will continue to use the OS-level Internet Settings.
Now, launch the Putty SSH client and create a new SSH session to your Android device. Enter the appropriate connection information, and under the Connection/SSH/tunnel section, define the port forward information for the web proxy. In my case I set it to port 3128 forwarding to 192.168.16.2:3128. Save this session. This will tell your PC when the SSH session is established to set up local TCP port 3128 to listen for requests, then forward them to the Android phone across the USB connection on the same port.
Try to connect to your SSH server on your phone. By default, the username is 'root' and password is 'admin' for SSHdroid. You should now be successfully logged into your phone.
In the Putty SSH session on your phone, you will now have to launch a command-line SSH session where you will establish the real tunnel to the real proxy server. Enter 'ssh <REMOTE SSH USERNAME>@<REMOTE SSH HOST> -L <IP OR HOSTNAME OF PROXY>:<PROXYPORT>:<USB NETWORK IP ADDRESS>:<LOCAL PROXY PORT>' (without quotes) to establish the SSH tunnel. Here is what my connection (sanitized) looks like. You can also run 'ssh -?' to get an idea of command-line options for the ssh binary.
ssh [email protected] -L 192.168.1.1:3128:192.168.16.2:3128
This will set your phone to listen on TCP port 3128 on the 192.168.16.2 interface and forward any requests to 192.168.1.1 on the same port. It is important to specify the USB interface as by default it will only set up connections on the localhost (127.0.0.1) interface, which won't accept connections from other remote hosts.
Finally, launch Chrome using the shortcut you created and you should now be sending all web traffic out the USB interface and through your phone to your remote proxy server. You can verify this by connecting to a resource such as your home Internet router on the LAN interface to verify. If you are running Squid at home, you should also be able to view your /var/log/squid/access.log and see your requests.
I have not tested remote web proxies or other methods, but in principle it should work.
Feedback and ideas for improvement are welcome!
I just USB tether and use Tunnelier (because putty does not have auto reconnect) and Proxifier (so I don't have to set the proxy settings in each application I want proxied)
Related
Hi there!
Maybe I'm just too stupid, but I've benn trying for weeks now to setup the network parameters for my University's Campus network and failed miserably, so could someone please explain to me how this darn "Internet Connection Manager" works?
What I need in brief:
How can I setup a proxy to use with and only with
- HTTP(S) and FTP(S)
for a WiFi-Network that
- is NOT encrypted
- does NOT require dialing a number / accessing a modem
- does NOT use a VPN
??
Whenever I try this it always results in the connection dying completely.
In other words: When I select my standard UMTS-uplink as "default connection for programs connecting automatically" and then manually establish a WiFi-connection I can reach all computers available on the campus network get ping responses and everything, but I cannot use a proxy, hence not load off-campus pages.
When I define a new connection and enter my settings (just WiFi-name and the proxy details) I can still establish a WiFi-connection, but get a ping timeout even on the access point and the intranet servers usually available through the WiFi. No SSH login, no intranet, nothing (but I do get an IP assigned & stuff)
Here's what I would like to do in theory:
=> Manually connect to a WiFi-Network called "tuwlan".
. -open network
. -no encryption
. -IP, netmask, gateway, nameserver etc provided automatically by DHCP
=> Establish a SSH2 (SecureShell) connection to our on-campus proxy server and tunnel some ports to get through the Subnets (extremely restrictive) firewall.
. -SSH including port forwarding done with PockeTTY, works like a charm
=> Use Opera Mobile to surf web pages and FTP Sites through the proxy "localhost:40081" (which is forwarded to our campus proxy server through SSH2).
=> The Proxy only knows HTTP(S) and FTP(S), so all other programs (ICQ, Skype etc) are not to use it!
This setup used to work great with older Opera versions, but they removed the proxy setting dialog in favor of directly using the ICM settings.
So now I'm stuck with Microsofts Internet Connection Manager
Can anyone please help me to get this working?
Creating an incoming VPN connection on Host Computer
1. Go to Control Panel and open Network and Sharing Center.
2. Click on Change adapter settings
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
3. Press Alt+F and select New Incoming connection…
4. Put a check on who you’d like to give access to this computer or you can configure a new account by clicking on Add someone… Click on Next.
Click this bar to view the full image.
5. Put a check mark on Through the Internet. Click on Next.
6. Select the protocols you want to enable for this connection. Click on Allow access.
Tip: Default selections (Recommended): Internet Protocol Version 4 (TCP/IPv4), File and Printer Sharing for Microsoft Networks and QoS Packet Scheduler. You should have at least TCP/IPv4 selected to successfully accept connections. Highlight the protocols for their descriptions.
A) To allow the client access your LAN resources, highlight Internet Protocol Version 4 (TCP/IPv4) and click on Properties. Put a check mark on Allow all callers to access my local area network. Here you can have the IP assigned automatically, assign IPs following your LAN segment format or let the client assign its own IP address.
7. Take note of the Computer name as this will be used by the client to connect to this computer. Click on Close.
8. You will now have the Incoming Connections icon in Network Connections. Your computer is now ready to accept incoming VPN connections.
Important: Configure your firewall to allow access to TCP port 1723 to allow incoming Point-to-Point Tunneling Protocol (PPTP) connection for VPN.
Router Configuration: Enable PPTP and Generic Route Encapsulation (GRE) on the Router. Depending on the type of router, you need to either enable PPTP or create a port forward to port 1723. If you’re router has an additional setting for PPTP or VPN, make sure it’s enabled. It’s usually called a “pass-through” setting (i.e. PPTP pass-through or VPN pass-through)
Creating an outgoing VPN connection on Client Computer
1. Go to Control Panel and open Network and Sharing Center.
2. Click on Set up a new connection or network.
3. Select Connect to a workplace then click on Next.
4. Select Use my internet connection (VPN)
5. Type the IP address or computer name where you wish to connect and your connection name under the Destination name field.
A) If connecting on a local resource or a LAN computer, you can type its computer name or IP address. The computer name shown here is taken from the previous tutorial Virtual Private Network (VPN) - Enable Incoming VPN Connections.
B) If connection to a computer behind a router and DNS is enabled using the computer’s name, put that in the Internet address field. If no DNS has been configured, type in your router’s IP address.
C) This section allows you to enable the use of a smart card, allow other users of your computer to access this connection and an option to disable immediate connection upon finishing the client setup.
6. Enter a User name and password that has been granted access to the host computer. If you put a check mark on the Show password field, it will display your password instead of dots. You can also choose to save your password and enter a Domain.
A) If you did not put a check mark on Don’t connect now, just set it up so I can connect later in Step 5, you will see a Connect button. Clicking on Cancel will discard all your settings. Clicking on Connect initiates the connection and you will see the following screens
Then…
NOTE: Upon successful connection, you will be prompted to classify the VPN connection as a Home, Work or Public Connection.
B) If you did place a check mark on Don’t connect now, just set it up so I can connect later in Step 5, you will see a Create button. Clicking on Cancel will discard all your settings. Click on Create.
7. To connect to using the created VPN connection, you can either right-click on the Network icon in the system tray and select Network and Sharing Center or go to Control Panel and open Network and Sharing Center, and click on Connect to a network.
A) This will bring up a window on the lower right hand corner of your monitor, just above the system tray. Click on VPN Connection and a Connect button will be shown. Click on Connect.
8. Connect VPN Connection windows appears. Clicking on Connect initiates the connection. Clicking on Properities allows you to modify the VPN Connection Properties as well as configure connection sharing.
Creating an outgoing VPN connection on Client PDA
1. Go to Start/Settings/Connection
2. Add a new VPN connection
3. Click on the VPN tab (incase you missed it in step 2 )
4. Create a new VPN Connection and supply the VPN's name and IP Adress.
5. Choose the Protocol
6. Supply the Username and Password you created earlier on the Host computer
7. click Finish
8. Now click-hold on the connection you created and click Connect (you can check the connection status on the Host Computer to see the VPN connection works).
Creating a Remote Desktop Host on Host Computer
1. Go to Start/Control Panel/System/Remote Settings
2. Choose the 3rd option.. "Allow only users..."
3. Click on Select Users
4. Now, you can either add a new User with a new password to connect from
or you can add a password to your existing user. Anyways, you'll have to have a password to one of the users on your comp, otherwise you won't be able to connect. You should also remember that the user should be an admin so that you can read/write using remote desktop.
A. to add a new user go to Start/Control Panel/User Accounts and select Manage Another Account and then Create a New Account (don't forget a password).
B. to add a password to your existing User Account go to Start/Control Panel/User Accounts and select Create a password...
5. Now that you've created a user and a password, you can go back to Select Users (Step 3) and select the user you've created.
Go to Add and write the name of the user you created and click on Check Names. Choose the user and apply all changes.
(Of course, you will have to be connected to the VPN first in both cases (Mobile and PC).. but since you already created the VPN connection.. it's all good )
Cheers
Connecting to the Host Remote Desktop from Client Computer
The Easy Part.
1. Go to Start/All Programs/Accessories/Remote Desktop Connection
2. Write the user name and password for the user you've created and click Connect.
Connecting to the Host Remote Desktop from Client PDA
1. Go to Start/Programs and run Remote Desktop Mobile
2. Put in the required IP inside the LAN and the user name and password set for the right users and click connect.
Great info, thanks a lot!
my HTC HD don't connects
I dont see why creating a VPN connection between the client and the host is necessarry at all. You can simply connect to the host PC via an RDP client if both machines are connected to the internet (or are on the same LAN), incoming remote connections are enabled on the host, and the host accepts connections on port 3389 (i.e. not blocked by the router).
NightLord said:
I dont see why creating a VPN connection between the client and the host is necessarry at all. You can simply connect to the host PC via an RDP client if both machines are connected to the internet (or are on the same LAN), incoming remote connections are enabled on the host, and the host accepts connections on port 3389 (i.e. not blocked by the router).
Click to expand...
Click to collapse
this is meant to be more a business type of connection, considering a lot of companies require connecting to the domain before being able to use RDP.
The VPN setup is superfluous, all that's needed is to make sure remote desktop is enabled and port 3389 is punched through on the router and system firewall.
No real business, especially one with a domain, is going to run a VPN server off a client operating system such as Windows 7. If a VPN server exists it's off a dedicated hardware device or server operating system. Client OSes limit themselves to 10 unique connections, hardly suitable for any sizable business.
I personally run an OpenVPN server on a Server 2008 computer. OpenVPN is a very robust and powerful VPN that can work over port 443 SSL which makes it ideal for connection from locations that may have outgoing ports blocked, since as far as the firewall is concerned the VPN connection is just regular HTTPS traffic. And yes, there's a free OpenVPN client for Windows Mobile that works just fine.
Any way to make this work via bluetooth?
Ok. I tried this but some how it's not working for me.
NightLord said:
I dont see why creating a VPN connection between the client and the host is necessarry at all. You can simply connect to the host PC via an RDP client if both machines are connected to the internet (or are on the same LAN), incoming remote connections are enabled on the host, and the host accepts connections on port 3389 (i.e. not blocked by the router).
Click to expand...
Click to collapse
Basically Win 7 Home Premium, which is what most have, does not allow for remote desktop hosting. It was purposly removed you can only use it as a client, thus able to control another pc, but not able to control your win 7hp one. i will test this later might be a work around that can work using vpn.
Thanks. I tried the remote desktop. Very nice.
This is very good Tutorial, thanks
A dumb question... What the router settings should be?
External Port: ?
Internal Port: 1723
To IP Address: my local network IP?
Thanks for a hint.
P.S. ATM I have a port forwarding set 80 -> 9080 due to Remote Potato Server (MCE 7W remote access)
Anyone pls?
coolVariable said:
Any way to make this work via bluetooth?
Click to expand...
Click to collapse
only if you have PAN - see my dedicated articles.
thank you for the tuturial its realy helped me with my hd2
Nice... This working for me Thanks
Need some help,
I have a HTC HD2 and its connected by Wifi.. and i wanna access my Laptop wich is connected on the same wifi by the remote desktop
Using a Win 7 Ultimate
I have done this
1. Go to Start/Control Panel/System/Remote Settings
2. Choose the 3rd option.. "Allow only users..."
Then add a user
Username: htc
Pass: hd2
Now here is the tricky part?!
1: Go to Start/Programs and run Remote Desktop Mobile
2. Put in the required IP inside the LAN and the user name and password set for the right users and click connect
WHat Should i Write in the HD2 Remote desktop
In Computer what should i Write ? Pc name ?
User: htc
pass: hd2
Domain ?? What should i write there ? i tried pc ip and it didnt work!
Hi everybody,
I am tring to debug an android app. I need to pass all the http trafic of my htc desire s through a proxy server( Paros, WebScarab, etc.) that i have on my pc. I need to intercept the http messages.
I have rooted the phone and installed a proxy on it. I have connected the phone and the pc to the same wifi so that they will be in the same network. After this i have put the pc's ip in the Proxy Host: "192.168.1.2" and the port "8080" on the Proxy Port field because Paros Proxy uses 8080.
I cant find a way to do make this work.. can someone help me? Is there another way or am i doing it wrong?
If you just need to intercept messages, why don't you run a sniffer directly on the phone ? There are a lot, and most use the tcpdump binary, that is very handy ! They output a .pcap file that can be handled by programs like Wireshark, NetMiner, ...
Otherwise you could sniff the traffic with a pc that has a wireless card that can be put in monitor mode (old eeepc FTW !). Then filter out only the traffic from<->to device.
If you really need to pass thru a proxy... well, have you tried connecting your own pc to the proxy, or any other pc in your lan? Does it work ? I don't know if Paros has this feature, but have you checked that the relay is open for all hosts on LAN or just loopback connection ?
The purpose of this post is to explain how to tether with openvpn, which will hopefully avoid ATT's all seeing eyes, as well as prevent any detection during tethering.
All ATT will ever see is encrypted traffic between a connection that is initiated from my phone and ends at my vpn server. So the only way they would be able to determine if you are tethering, is if they are spying on you ala CIQ directly on your device, or your device phones home and tattles on you. That would open up a different can of worms and a **** storm would ensue.
This method requires a number of things.
* Openvpn server (preferably running on a static address, but will work with dynamic DNS services) with a reliable connection. I use a VPS server for $25 a month, but it is fast and reliable.
* Openvpn on your phone (any will work as long as it has the tun driver or tun built into the kernel(
* Some sort of gateway (your openvpn server can be running on it as well, or a seperate host), I use Freebsd/Openbsd. For linux, your on your own to figure out NAT and gateway functions.
Really, that is about it.
My Openvpn server config, you can set it up any way you like, but certain statements are required, specifically those in the hashed out box if you want your subnets to talk to each other, and route the traffic
Code:
port ****
proto tcp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/vps.server.crt
key /usr/local/etc/openvpn/keys/vps.server.key
dh /usr/local/etc/openvpn/keys/dh2048.pem
server 192.168.150.0 255.255.255.0
ifconfig-pool-persist ipp.txt
mode server
client-to-client
client-config-dir ccd
###############################################
# my phone and home subnets, can be any RFC1918 address space
# Advertise and note your home subnets in this section, unless you
# do not want the various subnets to talk to each other, then you
# can also remove the client-to-client statements
###############################################
push "route 192.168.15.0 255.255.255.0"
push "route 192.168.43.0 255.255.255.0"
route 192.168.15.0 255.255.255.0
route 192.168.43.0 255.255.255.0
###############################################
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 4
My client config on my phone (change the remote statement to match your openvpn server host and port)
Code:
client
proto tcp
dev tun
remote vpn.example.com 1234
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
/usr/local/etc/openvpn/ccd is where I have my client specific configs (match the location to that identified in the server.conf file for your vpn server). I also use certificates unique to each host that connects to my vpn, the names of the files in the "ccd" directory must match the name you gave the device when you created your certificates. I use easy-ssl to manage my certs.
for my phone, which I named "galaxy_s" I have the following (note the DNS option is optional, I was having problems with it so I just hardcoded 8.8.8.8, googles dns server into my network settings on my laptop)
/usr/local/etc/openvpn/ccd/galaxy_s
The iroute statement just tells the openvpn server what subnets you have behind your device, in this case the phone. I am guessing all of the android phones use 192.168.43.x as the NAT'd subnet, otherwise change it to whatever your phone is assigning.
Code:
push "redirect-gateway"
push "dhcp-option DNS 192.168.15.1"
iroute 192.168.43.0 255.255.255.0
The rest of the configurations are related to your primary gateway, which in my case also runs the openvpn server. I am using freebsd and pf, the configs needed for that are essentially natting statements, and firewall rules.
for pf, the following rules are what I use
I also trust all the traffic on my tun0 device, so I told pf to ignore it and pass all traffic
Code:
nat on $int from 192.168.150.0/24 to any -> $int/32
nat on $int from 192.168.43.0/24 to any -> $int/32
set skip on tun0
Hopefully this is useful to other folks, if not, let it be buried
THanks for an EXCELLENT guide!
Quick question. When I use this server conf file, my ssh on my local network hangs up and goes down.
In other words:
I am running openvpn on a home linux server. It is connected through a home router to the internet and has a network set up at 192.168.1.0.
Router is 192.168.1.1,
vpn server is on 192.168.1.51.
If I start openvpn, I cannot ssh from a local network (192.168.1.81) laptop. If I turn off openvpn I can. I changed your 192.168.15.0 addresses in server conf file to 192.168.1.0. I have a feeling it has to do with that.
Well, yes, you will need to modify the configs to suit your own address scheme. As for why you cannot ssh, I am not sure, is that .81 device on the same network as the openvpn server, or are you coming from a different network.
My setup has the gateway the same as the openvpn server simply due to the fact that I am using a Virtual Private Server (VPS) and I only have that as the 1 external static system.
I would check the route statements, I'm not sure, but you might have a routing loop that would be causing the problem, can you traceroute or ping, or use any other protocol/application to see if you can connect). If you set the default gateway of the openvpn server as the .1 address, and then you are trying to connect to another internal address, the .81, when you ssh from whatever device is connected to the openvpn server, it may attempt to connect to the gateway at .1 and then return back into your network to .81.
I could be wrong, it is hard to tell when you are not sitting at the actual systems.
Got it to work! Here's some tips for others
Thanks again for your help jvanbrecht. Last night I was able to sit down, get a better understanding of how it worked via openvpn's HOWTO, and get it running.
I did need to make a few mods for it to work in my configuration (as is expected since very few network configs are the same).
My configuration:
Single home network, say on 192.168.15.0.
Single router, at 192.168.15.1.
Home server hosting VPN on 192.168.15.51. It is running Ubuntu Maverick.
Skyrocket on subnet 192.168.43.0
My modifications:
Since I don't need direct access between VPN clients and my home subnetwork, in the server config I commented out:
Code:
#push "route 192.168.1.0 255.255.255.0"
#route 192.168.1.0 255.255.255.0
It was giving me some problems SSHing into my home server from a local network machine so this was the quick fix.
Initially it wasn't routing ALL traffic, just that directed from VPN client to the VPN server. So I added this to the server conf:
Code:
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.150.1"
In my home (tomato) router, I just port forwarded any TCP traffic on 1194 to the home server (192.168.15.51)
I think openvpn does this already. But just in case, I added an iptable nat entry to forward packet from VPN network to eth0 (my NIC). As root:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
And I added the following entry to /etc/rc.local so it persists on restart.
Code:
iptables -t nat -A POSTROUTING -s 192.168.150.0/24 -o eth0 -j MASQUERADE
Some debugging tips for others
Simplest way to verify HTTP traffic is being forwarded is, after connecting to vpn from phone, go to www.whatismyip.com. Make sure it matches your phone.
If you are having trouble connecting to the VPN, watch the openvpn log for errors. "tail -f /var/log/openvpn/openvpn.conf"
After connecting, make sure you can ping from your home server to the phone.
From Server: "ping 192.168.150.10"
From Phone: Open Terminal Emulator and type "ping 192.168.150.1"
You can also validate the traffic is forwarding through VPN by using traceroute. You can test both forwarding and DNS
From Phone: Open Terminal Emulator, type
Code:
su
For no-DNS test first:
Code:
traceroute 74.125.115.104
For DNS test:
Code:
traceroute www.google.com
For each, do your tests on the cell network (NOT home wifi) and verify that the route passes through your vpn server and doesn't bypass it completely.
Lastly to make sure traffic is being piped, you can monitor VPN traffic from your openvpn server by typing:
Code:
tcpdump -i tun0
jvanbrecht:
Do you have any recommendations about dropped connections? I noticed while testing that sometimes my openvpn connection would drop and my phone browsing would immediately default to the direct default cell provider connection.
Of course if tethering, this could be very bad.
Any tips on ensuring that if VPN is enabled, but no connection, that it won't ever try and route around it?
would using any vpn do the same thing? or something making this special ? any one tested this ?
It's been a few weeks since I tried the openvpn app. Back then everything seemed to be working well. But I tried again today and am having problems.
- I can access everything fine via vpn if my phone is connected to my local wifi where the vpn server resides.
- I can access IP addresses (e.g. the ip address of google.com) if connected to vpn via AT&T's 3G network
- I CANNOT access websites by their name (e.g. www.google.com) anymore.
It seems the DNS forwarding over VNC is messed up. Any tips on what the problem could be?
I still have the same settings as above, e.g. push "dhcp-option DNS 192.168.150.1"
Is it possible I need to do any additional configuration on my phone?
Is it possible to replace my router DNS address with a public one like google's "8.8.8.8" or "4.2.2.2"?
Any tips greatly appreciated!
Deleted. Please ignore. Still having issues.
So I had the opportunity to play around with my config (listed above) a bit more this evening. I was at a location where I had good external WiFi (Panera) along with 3G.
If I connect from my phone to my home VPN server over EXTERNAL WIFI (Panera), I have no problems with VPN. everything works flawlessly.
If I connect from my phone to my home VPN server over AT&T 3G network, it fails. Essentially it can't resolve any DNS queries. I can type in a website's IP address and surf that way, but I can't say type in "www.cnn.com" and get a page to load.
For the latter, when I watch the web queries using "tcpdump -i tun0", I see the requests go out from my phone to the websites, but they don't come back. For example, I see:
"192.168.150.10 > a.b.c.d (www.cnn.com)",
but I don't see:
"a.b.c.d (www.cnn.com) > 192.168.150.10"
Is it possible that AT&T is somehow blocking VPN via DNS? At first I thought my openvpn dns settings were messed up ... but it works across external wifi no problem.
---------- Post added at 01:24 AM ---------- Previous post was at 01:07 AM ----------
For those that are interested in the future, I think I narrowed down the issue:
It seems VPN connectivity is dependent on the AT&T Access Point Network (APN)
By default for my Skyrocket I was on the AT&T PTA APN wit settings:
Code:
APN: pta
MMSC: http://mmsc.mobile.att.net
MMS proxy: proxy.mobile.att.net
MMS Port: 80
...
I then switched to what is called the "AT&T Expanded" APN with settings:
Code:
APN: wap.cingular
User Name: [email protected]
(rest of settings somewhere here on xda ...)
... and that one worked perfectly.
I switched back and forth a few tiimes to confirm. It seems on pta, I can't resolve DNS over VPN. For the wap.cingular, I have no problems.
Anyone else can confirm this is most likely the issue I am seeing and that it can possibly make sense?
Hi guys.
I'm using my Nexus S as WiFi hotspot. It creates a WiFi LAN, 192.168.43.0/24 subnet.
Phone gets of course two IP: internal IP 192.168.43.1 which serves as gateway for connected clients, and external IP from my ISP.
When I start an SSH server (such as SSHDroid or Dropbear SSH Server), it is listening on external IP,
but I want it to listen only on internal IP (192.168.43.1), so I can connect only from a LAN client.
In the apps settings I didn't found anything related to this, so I ask you.. Is there any way to get an SSH server listening on 192.168.43.1 ?
Thanks
Check the dropbear and sshdroid documentation. You might be able to set this up in a config file, pushed to the phone with adb. Dropbear open_wrt example. If the internal address is tied to a virtual interface, you might be able to have sshd only listen on that interface.