[Q] Any way to lock down to SSH/VPN traffic only? - General Questions and Answers

I want to set my Mum's new tablet so that it can only access the Internet via the SSH server running on her Buffalo router (with Tomato firmware).
I've got the server working and accessible remotely and so far the only app I've found that has a Global Proxy setting to redirect everything via the SSH server is SSHTunnel, although I gather that it's not totally reliable when connections drop/change and I can't expect my Mum to cope with monitoring it and re-enabling it manually. When it's disabled, all traffic will just go over local connection unencrypted so that's a concern.
Ideally there'd be some way to setup the SSH settings at a system level, with no way to disable them and force all the traffic go out like this but I'm not sure if there is any way to achieve this.
The other part is setting a firewall (AFWall+ or Android Firewall seem to be the main ones) to only allow traffic via the SSH server. I'm not sure what whitelist rules would be required for this. For example, SSHTunnel connects to the server at x.x.x.x:x, so I presume I'd need a rule to allow connections to this address and this port (I had a quick play with the Avast firewall, which only allows creating custom rules for IP or port, so I'd need two rules with that and it doesn't allow entering the DynDNS name, only a IP address, so that's no good).
Then SSHTunnel has a Local Port (1984) and remote addressort (127.0.0.1:3128) so I presume I'd need rules to allow all of those as well (I'm not sure which of these need to be incoming/outgoing or both). Then there's the question of whether I need to allow other ports like DNS (53) and so on, or if that all goes over the SSH tunnel and doesn't require setting allow rules specifically.
It might be that a VPN server would be more suitable for what I'm trying to acheive than a SSH server and I think the Tomato firmware on the router has that facility (or if the version currently flashed doesn't, there's probably another version I could flash that does), so if that's the case, I'd appreciate advice on locking it down that way instead. Android has built-in VPN support, so it might be possible to use that but it depends on whether it will auto-connect and stay connected all the time or if it requires user intervention and I'll still need to setup firewall rules to prevent data being sent without the VPN in case it does get disabled.
Another issue is whether these firewall rules will prevent the device even being able to connect to any public Wi-Fi points before redirecting the traffic via the SSH/VPN server, which would obviously be no good.

OK, maybe there's another way
I was thinking of setting up a VPN on a Raspberry Pi installed at my parent's house, as they have reasonable broadband speeds, something like 100/10MB. Is there anyway that I could setup my Mum's tablet so that it passes everything through the VPN whether at home or away, so that she doesn't have to worry about toggling the VPN or firewall?
I can point it to the No-IP domain name I've setup but then I think every request would go out onto the Internet (albeit encrypted) before coming back in to the VPN, which would then have to go out again to retrieve whatever webpage, etc is being requested, which would obviously be stupid. If I point it to the LAN IP of 192.168.1.66, that will avoid doing that when at home but won't work when away.
So, any ideas?

Related

[Q] ConnectBot Port Tunneling

I have given up on working out VPN to my home network so I am giving SSH with ConnectBot a go. I can SSH to my home PC through my modem firewall ok now using key passwordless login (safest I understand) but I can't work out port forwarding.
Is it even possible to tunnel certain ports through my home Ubuntu PC using SSH? I want to access local web servers without opening them out on the Internet, for example sanzbd using the nzbair app or my other home media devices, web cams, etc.
I don't feel comfortable opening anything out on the Internet, even SSH makes me nervous although I understand it is fairly secure using key based log combined with a modem firewall and IDS, so I'd like to access my home network but securely.
I understand SSH is the next best option to VPN. But I can't find any guides.
I also have dyndns set up on my modem so (once that propagates I assume) I should be able to reliably SSH to my home PC.
I am very tired, so I'm sorry if this post is absolutely wrong.
I'm 90% certain you'd want to setup squid on your ubuntu box, so you can proxy through. Then connect with connectbot and then set up a portforward to send all port 80 traffic through on whatever port you got squid running on.
I think that should be at least a decent starting place.
Yeah I agree. I have the port tunelling working for sabnzbd now even if it's a bit flakey (drops out sometimes or the port forward can't be created).
So I'll read up on Squid and enable that on my home PC. That may cover a lot of general traffic from my phone too. I imagine a lot of apps use HTTP.

Connecting to your Android Phone Anywhere Anytime

Objective: To be able to get atleast a shell anytime you want.
Summary: I want to be able to control my phone from anywhere. Mainly, for the case that the phone is stolen, I want to be able to track it through GPS, operate the camera, download my files, wipe the phone, and make it explode (just kidding )
The Problems: The main issue here is to get a connection to the phone. In both WiFi and 3G. In both cases, the phone can be behind a NAT which will not accept any incoming connections so having a server on the phone will not help.
Secondly, you may also be behind a NAT (and also you do not know where you will be), so a reverse ssh or vnc will not work.
You can attempt a punchthrough, but you need a server, and you need your phone's IP address at the server.
I have tried PAW webserver and WebKey but when running on mobile networks, I am again behind some NAT or some ports are blocked, so I cannot get it to work.
I just want some discussion/research/opinions on how to deal with this and how I can have a constant connection with my phone.
So far, I can see the only way is to have a server somewhere, which can either do a punchthrough, or provide the phone with an IP to which a reverse ssh is opened. But the phone will then need to periodically check the webserver.
What do you guys think?

[Q] Cisco IronPort blocks internet access for all apps – help?

Hi,
Here’s my situation – at my office they use Cisco IronPort to monitor and filter all internet requests. A transparent proxy is used on the network switches to direct port 80 traffic to the IronPort server. Initially only the browser on my phone would work as that is the only app that passes the correct authentication. All other apps fail to reach the internet. But the IronPort server can be configured to pass through a type of device if it can be identified. Using the IP address of my phone to filter the traffic logs, it seems that some apps pass “Windows Phone OS” in the data packets. And by adding “Windows Phone OS” to the IronPort exception list, those apps now work. But most apps still don’t work because they don’t include any windows phone identifier in the data packets. Can anyone provide any additional info on this subject or a possible solution?
Thanks.
bump... any ideas... anyone?
Use cellular data instead of your corporate network?
Use apps that use the new socket APIs, or connect to HTTP servers running on a port other than 80?
Complain to your IT people (commoditization of IT being what it is, I'm actually surprised by this restriction)?
See if you can get them using proxy authentication instead of packet inspection for authentication purposes (WP7 supports proxy authentication on WiFi)?
Find a job with an IT infrastructure that doesn't suck?

[Q] Long-range Wifi repeater with auto hotspot authentication?

Hi All,
At this point, I'm just brainstorming, and would like some input. (I hope this thread is in the right place)
I'm trying to find a setup to connect to free wifi hotspots that are far away, and share that connection to a group of devices locally. For example, this solution may be useful in a boat or an RV, when you're not particularly close to a free access point.
There are commercial solutions like the Rogue Wave however, this doesn't do anything to authenticate through the Terms of Service (TOS) pages that are frequently used at free access points.
This is what brings me to using Android. There are Android apps which automate the process of accepting the terms of service. My favorite right now is WebWifiLogin (I'm familiar with the security risks involved in using public wifi; and may also have the Android device to also establish a VPN connection when doing this.) (I can't find an equivalent macro-authentication solution that will run on a PC, which would make this much easier.)
So here's my proposed solution:
1. Start with a powerful omnidirectional wifi antenna (Possibly add an in-line amp if needed. Also perhaps a directional antenna may be better for non-mobile use.)
2. Connect the antenna to any Android device that supports an external Wifi antenna. I found several Android TV devices which should work. Like This, or possibly this.
3. Set up some kind of local access point/bridge. One option may be to use fqrouter2 which supposedly uses the same Wifi radio for the local WLAN, while it also connects to the remote one. Another option may be to USB or Ethernet tether to a DD-WRT Router.
Result:
The Android device has a range to connect to a free hotspot up to a mile or two away, then automatically accepts the TOS using the WebWifiLogin app, and shares that connection locally to a handful of devices.
So am I crazy? Is this too complex to work correctly? Is there a simpler solution that I'm missing?
Can anyone confirm whether I've posted this in the correct sub-forum?
Thanks.
I use a slightly different method which yields the same results.
I have a Linksys WRT54GL router (with high gain antennas) which runs DD-WRT and a script called AutoAP. The script scans for unencrypted WIFI access points, makes sure they're live, and automatically connects to the strongest one in range.
I set up a second WPA2 encrypted WIFI SSID in the router which I connect to with my Android tablet. Once WebWifiLogin on the tablet handles the TOS login, the remote access point allows web access for any device that connects to the WRT54GL router (either by WIFI to the secondary SSID or through one of the ports)! This happens because the remote access point usually checks/remembers TOS acceptance by the MAC address of the connected device. Since it only sees the MAC address of my router, anything behind the router now gets access.
ssenemosewa said:
Once WebWifiLogin on the tablet handles the TOS login, the remote access point allows web access for any device that connects to the WRT54GL router
Click to expand...
Click to collapse
This is great information; thanks!
I would not have thought WebWifiLogin would work when connecting through another router. When WebWifiLogin is running, its status says "Listening for WiFi events" (Or something similar) so I was under the impression that WebWifiLogin would only work if the connection to the AP is made directly by the Android WiFi interface, and not through a intermediary router.
This makes things much easier.

Working Options for Unlimited Tetherting, Hotspot, Carrier Check Bypass Methods

Some research into bypassing T-mobile’s tether restrictions reveals there are several things carriers can do to detect hotspot usage and block those packets:
-is hotspot data sent through a second anp?
-does carrier mark the packets coming through the wlan interface?
-do they filter by user agent strings?
-do they view the ttl?
-do they block urls that phones do not use?
-do they have a monitoring app pre-installed? (ex delete com.tmobile.pr via titanium backup)
Getting around these restrictions while using the native hotspot functionality requires work-arounds that I did not go far enough to successfully implement. One cannot by default edit the APNs for instance. I had to set up a duplicate, but theorize T-mobile was still routing to the hotspot APN I could not edit. With root access (which I have) it should be possible to achieve success, but I have found satisfactory non-root ways of achieving unlimited internet with MetroPCs (owned by T-mobile). I have, however, compiled a number of resources and may look back into what hacks must be used on the native app in the future. If anyone has a good guide on how you're getting hotspot with the Nougat LG V10 please post!
It stands to reason that one must use a non-native application to disguise the tether usage, or significantly modify the native one. After stalling with the mods, I pursued the non-native of attack and found (2) independent working ways to get unlimited tethered internet.
Wifi Tethering apps
I tried various wifi tether apps and without additional modifications or configuration I could not get them to work including:
-native hotspot (which works despite not having a hotspot plan, but t-mobile blocks)
-Wifi tether router by Fabio Grasso ($2.90) (requires root access)--(t-mobile was blocking the connection)—in discussion with developer on how to get working, will update. UPDATE: After back and forth with dev, he recommended using a VPN. His app does route the VPN through the hotspot connection if that feature is toggled. I have not tested. Potentially, changing the TTL of the computer may do something.
-Open Garden Wifi Tether—crashed when attempting to start service
Wifi Direct apps:
Wifi apps such as NetShare (red-themed play store entry is completely free, several paid versions) which use the native wifi direct functionality create a proxy server through which you can connect to via wifi. These DO WORK without additional modifications, but most native desktop apps on your computer cannot access the internet. All websites will load however. You have to set up your internet connection as through a proxy server on the client side but do not need to install additional software. A GOOD OPTION TO HAVE. I have found that one sometimes may need to stop and start the service to get it to give you internet access. The way I do it is start then quickly bring up the wifi menu, computer recognizes the network and connects quickly. If there is too much of a delay between starting and connecting via the client Netshare(Pro) doesn’t seem to work without a quick disable/enable afterwards.
USB tethering apps:
Rely on the phone’s native USB debugging feature in the hidden developer tools menu. (Go to about phone, software info, and tap on build repeatedly until enabled.) NO ROOT required. I tested Easy Tether ($9.99) and ClockWorkMod Tether ($4.99). Both worked well. PDAnet+ may also fall into this category but I have not researched. THIS IS MY PREFERRED METHOD so far. It is also possible to USB tether to certain types of wifi routers and thus get wifi for the home.
-There are PC, Mac, or Linux applications and drivers which must be installed on the computer side.
-Must have USB debugging enabled, and USB options set to Photo Transfer (Media Transfer does not work, and why I originally failed with ClockWorkMod…otherwise probably would have not pursued root!)
-These USB tether apps have the benefit of reducing the heat generated by your phone (no wifi signal generation), so runs cooler (think chips last longer) and uses less energy than when you have wifi hotspot enabled. For this reason, and for the phone being so handy when connected to my laptop, I actually prefer this method. Plus you have access to the pictures and DICM folders of internal storage so you can transfer stuff to the phone fairly immediately. To get full access, however, you’ll have to switch to MTTP mode, which on LG phones such as this V10 will break the internet connection. Other phones may not have this particular issue.
Bluetooth Tether apps:
Easy Tether and probably PDAnet+ support Bluetooth tether. With easy tether I wouldn’t suspect any issues at all using this.
Potential other methods WHICH SEEMED PROMISING, I sorted through a lot! For your inspiration:
-One youtuber mentioned using a desktop hospot application + PDAnet+ to get legit wifi hotspot functionality. The desktop PDAnet+ application apparently disguises the tethering operation. Video here: https://youtu.be/D98abWOkkQI
-Exposed framework and tether for rooted devices (did not try): https://highonandroid.com/android-a...n-rooted-android-att-t-mobile-sprint-verizon/
-Claims you’ll be able to tether any rooted android with this rooted wifi app and particular settings (similar to wifi tether router) https://highonandroid.com/android-a...android-smartphone-or-tablet-universal-guide/ (UPDATE: I tried, app is not compatible with the phone)
See comments section of this article for the below quotes: https://www.groovypost.com/howto/hide-data-usage-get-truly-unlimited-tethering-tmobile-one/
----------------------------------------------------------------------------
“The main issue I see people having is the lack of apn editing. This has been my setup for four years now
-Dd-wrt with iptables to edit the ttl value to 65 -Change TTL on windows PC to 65 so that it appears data is coming from the phone. (41 in hex = 65 in dec) https://social.technet.microsoft.co...o-live-ttl-in-windows?forum=w7itpronetworking
-Changed apn of hotspot to match the apn of normal mobile date. Doesn’t matter if you use fast.xxxx.com or alpha/beta BUT YOU CANT USE THE ORIGINAL HOTSPOT APN it’ll say mobile web or some ****. If you do you will be routed through their hotspot server and tracked. I’ve done this on iOS and android.
-FOR THE FOLKS THAT SAY THE VPN DOESNT WORK. Once again you MUST change the apn AND you have to make sure that your traffic is actually being routed through the VPN, in my experience on both android and iOS hotspot traffic bypass your phones VPN, and VPN on the router/computer traveling through the phone can be tracked if the phone isn’t the one using the VPN, to make it force traffic through the VPN I had to use the for data option in the tether me app on iOS. These things all work if you do it properly.”--Wifi tether router does have this VPN routing function but I have not tested.
"My COMBO works for me on T-Mobile unlimited.
Nexus 5x – rooted 6.01 with “settings put global tether_dun_required 0”
PLUS
Asus n31u router (w/ net.ipv4.ip_default_ttl = 65, bridge mod)
Works for Window 7 desktop and laptop, chromebook, and tablets. All about 80 Gigs last month”
“The TTLstands for “time to live” it is a counter on the data you send for its maximum hop count, or the number of devices it can travel through, for ever device it goes down by one, windows has a default TTL of 128, while Android has one of 64, if you change the TTL for windows to 65 when it gets to the phone the TTL will go down by one makeing it equal 64 the same as the phone. There are more adwanced way to do this so you can run a whole network off this by using a router with either DD-wrt, Tomatos or open-wrt or a dedicated pc running either pfsense, linux, or freebsd to act as a router and mangle the TTl on the fly, the benefits of this is it gets ALL of the data(windows seem to miss a small amount arohnd 5%) and its possible to edit the User agent in ways that dont mess up websites with squid and just appending the device.”
Reserved
For USB tether clients, ClockWorkMod seems to be programmed in a lower-level fashion and produce significantly less heat than running Easytether. I will be monitoring and update.
Arr123 said:
Some research into bypassing T-mobile’s tether restrictions reveals there are several things carriers can do to detect hotspot usage and block those packets:
-is hotspot data sent through a second anp?
-does carrier mark the packets coming through the wlan interface?
-do they filter by user agent strings?
-do they view the ttl?
-do they block urls that phones do not use?
-do they have a monitoring app pre-installed? (ex delete com.tmobile.pr via titanium backup)
Getting around these restrictions while using the native hotspot functionality requires work-arounds that I did not go far enough to successfully implement. One cannot by default edit the APNs for instance. I had to set up a duplicate, but theorize T-mobile was still routing to the hotspot APN I could not edit. With root access (which I have) it should be possible to achieve success, but I have found satisfactory non-root ways of achieving unlimited internet with MetroPCs (owned by T-mobile). I have, however, compiled a number of resources and may look back into what hacks must be used on the native app in the future. If anyone has a good guide on how you're getting hotspot with the Nougat LG V10 please post!
It stands to reason that one must use a non-native application to disguise the tether usage, or significantly modify the native one. After stalling with the mods, I pursued the non-native of attack and found (2) independent working ways to get unlimited tethered internet.
Wifi Tethering apps
I tried various wifi tether apps and without additional modifications or configuration I could not get them to work including:
-native hotspot (which works despite not having a hotspot plan, but t-mobile blocks)
-Wifi tether router by Fabio Grasso ($2.90) (requires root access)--(t-mobile was blocking the connection)—in discussion with developer on how to get working, will update. UPDATE: After back and forth with dev, he recommended using a VPN. His app does route the VPN through the hotspot connection if that feature is toggled. I have not tested. Potentially, changing the TTL of the computer may do something.
-Open Garden Wifi Tether—crashed when attempting to start service
Wifi Direct apps:
Wifi apps such as NetShare (red-themed play store entry is completely free, several paid versions) which use the native wifi direct functionality create a proxy server through which you can connect to via wifi. These DO WORK without additional modifications, but most native desktop apps on your computer cannot access the internet. All websites will load however. You have to set up your internet connection as through a proxy server on the client side but do not need to install additional software. A GOOD OPTION TO HAVE. I have found that one sometimes may need to stop and start the service to get it to give you internet access. The way I do it is start then quickly bring up the wifi menu, computer recognizes the network and connects quickly. If there is too much of a delay between starting and connecting via the client Netshare(Pro) doesn’t seem to work without a quick disable/enable afterwards.
USB tethering apps:
Rely on the phone’s native USB debugging feature in the hidden developer tools menu. (Go to about phone, software info, and tap on build repeatedly until enabled.) NO ROOT required. I tested Easy Tether ($9.99) and ClockWorkMod Tether ($4.99). Both worked well. PDAnet+ may also fall into this category but I have not researched. THIS IS MY PREFERRED METHOD so far. It is also possible to USB tether to certain types of wifi routers and thus get wifi for the home.
-There are PC, Mac, or Linux applications and drivers which must be installed on the computer side.
-Must have USB debugging enabled, and USB options set to Photo Transfer (Media Transfer does not work, and why I originally failed with ClockWorkMod…otherwise probably would have not pursued root!)
-These USB tether apps have the benefit of reducing the heat generated by your phone (no wifi signal generation), so runs cooler (think chips last longer) and uses less energy than when you have wifi hotspot enabled. For this reason, and for the phone being so handy when connected to my laptop, I actually prefer this method. Plus you have access to the pictures and DICM folders of internal storage so you can transfer stuff to the phone fairly immediately. To get full access, however, you’ll have to switch to MTTP mode, which on LG phones such as this V10 will break the internet connection. Other phones may not have this particular issue.
Bluetooth Tether apps:
Easy Tether and probably PDAnet+ support Bluetooth tether. With easy tether I wouldn’t suspect any issues at all using this.
Potential other methods WHICH SEEMED PROMISING, I sorted through a lot! For your inspiration:
-One youtuber mentioned using a desktop hospot application + PDAnet+ to get legit wifi hotspot functionality. The desktop PDAnet+ application apparently disguises the tethering operation. Video here: https://youtu.be/D98abWOkkQI
-Exposed framework and tether for rooted devices (did not try): https://highonandroid.com/android-a...n-rooted-android-att-t-mobile-sprint-verizon/
-Claims you’ll be able to tether any rooted android with this rooted wifi app and particular settings (similar to wifi tether router) https://highonandroid.com/android-a...android-smartphone-or-tablet-universal-guide/ (UPDATE: I tried, app is not compatible with the phone)
See comments section of this article for the below quotes: https://www.groovypost.com/howto/hide-data-usage-get-truly-unlimited-tethering-tmobile-one/
----------------------------------------------------------------------------
“The main issue I see people having is the lack of apn editing. This has been my setup for four years now
-Dd-wrt with iptables to edit the ttl value to 65 -Change TTL on windows PC to 65 so that it appears data is coming from the phone. (41 in hex = 65 in dec) https://social.technet.microsoft.co...o-live-ttl-in-windows?forum=w7itpronetworking
-Changed apn of hotspot to match the apn of normal mobile date. Doesn’t matter if you use fast.xxxx.com or alpha/beta BUT YOU CANT USE THE ORIGINAL HOTSPOT APN it’ll say mobile web or some ****. If you do you will be routed through their hotspot server and tracked. I’ve done this on iOS and android.
-FOR THE FOLKS THAT SAY THE VPN DOESNT WORK. Once again you MUST change the apn AND you have to make sure that your traffic is actually being routed through the VPN, in my experience on both android and iOS hotspot traffic bypass your phones VPN, and VPN on the router/computer traveling through the phone can be tracked if the phone isn’t the one using the VPN, to make it force traffic through the VPN I had to use the for data option in the tether me app on iOS. These things all work if you do it properly.”--Wifi tether router does have this VPN routing function but I have not tested.
"My COMBO works for me on T-Mobile unlimited.
Nexus 5x – rooted 6.01 with “settings put global tether_dun_required 0”
PLUS
Asus n31u router (w/ net.ipv4.ip_default_ttl = 65, bridge mod)
Works for Window 7 desktop and laptop, chromebook, and tablets. All about 80 Gigs last month”
“The TTLstands for “time to live” it is a counter on the data you send for its maximum hop count, or the number of devices it can travel through, for ever device it goes down by one, windows has a default TTL of 128, while Android has one of 64, if you change the TTL for windows to 65 when it gets to the phone the TTL will go down by one makeing it equal 64 the same as the phone. There are more adwanced way to do this so you can run a whole network off this by using a router with either DD-wrt, Tomatos or open-wrt or a dedicated pc running either pfsense, linux, or freebsd to act as a router and mangle the TTl on the fly, the benefits of this is it gets ALL of the data(windows seem to miss a small amount arohnd 5%) and its possible to edit the User agent in ways that dont mess up websites with squid and just appending the device.”
Click to expand...
Click to collapse
I recently been looking into this as well. I've currently been using the new pdanet with with wifi direct but it seem to be hit or miss when getting a internet connection when using the proxy method. I have a few devices where i cant install the interface so im looking for reliable method
Few scenarios im looking at. The first one you cover quite a bit, was wondering if your using IPV4 or IPV6 with your different apn settings? 2nd scenario is being able to tether when connected to wifi like from a hotel and being able to pass that to other devices and the 3rd is being able to pass along a vpn connection if connected to free wifi places
Sorry for the necropost, I just wanted to point out that currently the only method you can use to hide tethering from T-mo is PDANet with it's "Hide Tether Usage" feature.
All other methods are detected and if you have tethering, will count against your tethering allotment.
majikfox said:
Sorry for the necropost, I just wanted to point out that currently the only method you can use to hide tethering from T-mo is PDANet with it's "Hide Tether Usage" feature.
All other methods are detected and if you have tethering, will count against your tethering allotment.
Click to expand...
Click to collapse
Thanks for the heads up. Just wanted to make sure since I wanted to try the TTL method, but that is also blocked by T-Mobile correct?
TTL 65 didn't work on my computers, but 85 and 99 did. So don't be afraid to try different things.
However, the phone should be able to modify the TTL before it forwards the packet. How is there not an app that does this, or is there a setting or hack we can do to make it change the TTL as it passes through the phone?
edit: have searched more and learned some apps do, but they don't work on my phone. Not sure why.
I have metro pcs with 15gb of hotspot data.. i run out every month.. once my data runs out i use hotspotvpn. A free app on the google play store and it works for everything.. been doing it for months..never had any issues
CHEEF WALKING-FROG said:
I have metro pcs with 15gb of hotspot data.. i run out every month.. once my data runs out i use hotspotvpn. A free app on the google play store and it works for everything.. been doing it for months..never had any issues
Click to expand...
Click to collapse
Which one do you use? I saw a few that had the same name
Same here metro
13crigby said:
Which one do you use? I saw a few that had the same name
Click to expand...
Click to collapse
Im also wondering which app you're referring to. Theres quite a few with that name
CHEEF WALKING-FROG said:
I have metro pcs with 15gb of hotspot data.. i run out every month.. once my data runs out i use hotspotvpn. A free app on the google play store and it works for everything.. been doing it for months..never had any issues
Click to expand...
Click to collapse
Let me third the request. I just clocked through 8 or 9 different apps with that name. Who is the publisher?
Thanks!
Bypass With Termux
I've done this for ever and it's not going to be restricted to who you have but it will 100 percent get around any data throttling.
Download Termux app and install openssh-server on it. Go ahead and hotspot your phone, then run ifconfig inside Termux to get your current tethering local IP. It will be the only 192. spit out when you run ifconfig. Save this. Run sshd -dD inside Termux which starts an openssh server waiting to be connected to in debug mode to audit traffic. Now pop onto a PC or router you can SSH into, whatever and connect it to your hotspot from your phone. Now SSH tunnel all the traffic from the device back through the openssh server your running on the Termux app. Now that you are on the same local network you can SSH tunnel into that IP address you saved earlier. As long as you make sure all your traffic passes through the tunnel it 100 percent shows that all your internet is being used by Termux app not your hotspot app so you need no other spoofing of hops or anything because to your phone and carrier you are just using a bunch of data in termux, you do it right you will never be throttled I've used 150GB data multiple times.
Step by step > https://github.com/RiFi2k/unlimited-tethering
RiFi2k said:
I've done this for ever and it's not going to be restricted to who you have but it will 100 percent get around any data throttling.
Download Termux app and install openssh-server on it. Go ahead and hotspot your phone, then run ifconfig inside Termux to get your current tethering local IP. It will be the only 192. spit out when you run ifconfig. Save this. Run sshd -dD inside Termux which starts an openssh server waiting to be connected to in debug mode to audit traffic. Now pop onto a PC or router you can SSH into, whatever and connect it to your hotspot from your phone. Now SSH tunnel all the traffic from the device back through the openssh server your running on the Termux app. Now that you are on the same local network you can SSH tunnel into that IP address you saved earlier. As long as you make sure all your traffic passes through the tunnel it 100 percent shows that all your internet is being used by Termux app not your hotspot app so you need no other spoofing of hops or anything because to your phone and carrier you are just using a bunch of data in termux, you do it right you will never be throttled I've used 150GB data multiple times.
Click to expand...
Click to collapse
This is amazing. How do I use my Windows PC to connect to the openSSH server to create the traffic tunnel? Also, how do I force my Windows 10 traffic through the tunnel?
I am guessing with Putty and then setup SSH proxy in a browser to force traffic? Won't that only allow browser based traffic through the tunnel and not all traffic from the Windows computer?
VICosPhi said:
This is amazing. How do I use my Windows PC to connect to the openSSH server to create the traffic tunnel? Also, how do I force my Windows 10 traffic through the tunnel?
I am guessing with Putty and then setup SSH proxy in a browser to force traffic? Won't that only allow browser based traffic through the tunnel and not all traffic from the Windows computer?
Click to expand...
Click to collapse
So I am an everyday linux user and for me personally I use sshuttle to route everything back through the tunnel because it already handles the TCP over TCP problem because the guy that wrote it is a boss. This here explains that.
If I was on windows I would go with their vagrant solution because then you get the benefit of sshuttle and all your responsible for is making sure all traffic goes through the VM. Also you could use something like proxycap and putty works as well although I guess it's slow people have said.
Browser traffic can be handled with SOCKS proxies.
I feel like it's a pretty great solution overall and can benefit some people so I started a repo and I'll fully document how it works, I'm just too tired tonight so keep an eye out https://github.com/RiFi2k/unlimited-tethering and I'll step by step linux and windows for everyone as much as possible, plus if anyone else has scripts and whatnot feel free to contribute.
RiFi2k said:
So I am an everyday linux user and for me personally I use sshuttle to route everything back through the tunnel because it already handles the TCP over TCP problem because the guy that wrote it is a boss. This here explains that.
If I was on windows I would go with their vagrant solution because then you get the benefit of sshuttle and all your responsible for is making sure all traffic goes through the VM. Also you could use something like proxycap and putty works as well although I guess it's slow people have said.
Browser traffic can be handled with SOCKS proxies.
I feel like it's a pretty great solution overall and can benefit some people so I started a repo and I'll fully document how it works, I'm just too tired tonight so keep an eye out https://github.com/RiFi2k/unlimited-tethering and I'll step by step linux and windows for everyone as much as possible, plus if anyone else has scripts and whatnot feel free to contribute.
Click to expand...
Click to collapse
Thanks a lot, will read up on this. Adding your github to my bookmarks as well. :good:
RiFi2k said:
I've done this for ever and it's not going to be restricted to who you have but it will 100 percent get around any data throttling.
Download Termux app and install openssh-server on it. Go ahead and hotspot your phone, then run ifconfig inside Termux to get your current tethering local IP. It will be the only 192. spit out when you run ifconfig. Save this. Run sshd -dD inside Termux which starts an openssh server waiting to be connected to in debug mode to audit traffic. Now pop onto a PC or router you can SSH into, whatever and connect it to your hotspot from your phone. Now SSH tunnel all the traffic from the device back through the openssh server your running on the Termux app. Now that you are on the same local network you can SSH tunnel into that IP address you saved earlier. As long as you make sure all your traffic passes through the tunnel it 100 percent shows that all your internet is being used by Termux app not your hotspot app so you need no other spoofing of hops or anything because to your phone and carrier you are just using a bunch of data in termux, you do it right you will never be throttled I've used 150GB data multiple times.
Step by step > https://github.com/RiFi2k/unlimited-tethering
Click to expand...
Click to collapse
Had any user tried this already and confirm that it works with metropcs?
Pdanet+ documentation details that only usb tether+hide tether usage works with metropcs. It took me a while to go around all of it, but I haven't tested due to I want to switch carriers to metropcs.
RiFi2k said:
I've done this for ever and it's not going to be restricted to who you have but it will 100 percent get around any data throttling.
Download Termux app and install openssh-server on it. Go ahead and hotspot your phone, then run ifconfig inside Termux to get your current tethering local IP. It will be the only 192. spit out when you run ifconfig. Save this. Run sshd -dD inside Termux which starts an openssh server waiting to be connected to in debug mode to audit traffic. Now pop onto a PC or router you can SSH into, whatever and connect it to your hotspot from your phone. Now SSH tunnel all the traffic from the device back through the openssh server your running on the Termux app. Now that you are on the same local network you can SSH tunnel into that IP address you saved earlier. As long as you make sure all your traffic passes through the tunnel it 100 percent shows that all your internet is being used by Termux app not your hotspot app so you need no other spoofing of hops or anything because to your phone and carrier you are just using a bunch of data in termux, you do it right you will never be throttled I've used 150GB data multiple times.
Step by step > https://github.com/RiFi2k/unlimited-tethering
Click to expand...
Click to collapse
Hey bro!! Thank you !!
This is great idea, I would try it on my country to see if this works
myself379 said:
Hey bro!! Thank you !!
This is great idea, I would try it on my country to see if this works
Click to expand...
Click to collapse
For sure! See the nice thing about this method is that your phone doesn't register any of the data used as coming from the tethering app, it 100% all gets attributed to the Termux app because of the SSH tunnel. So basically there is no way for anyone at your carrier to know, or prove that you actually were tethering at all. If you open up the apps section and check out the part where it shows you how much data each app used you will see what I mean. So basically it really doesn't matter what country / carrier / phone you have, as long as you have access to be able to tether and you have a computer you can use for the SSH tunnel it's impossible for them to throttle you because they can't prove you actually used the data tethering. When you read the fine print about them throttling it basically says the same thing, if they can't definitively prove the data came from tethering it doesn't go on your tethering cap.
Hello RiFi2k,
OK, thanks for the information. I'm trying to translate this into a windows environment(Windows 10 phone and PC).
Here is what I have so far, but a few of your points are unclear. A little clarity would be fantastic.
Translation for Windows 10 phone
Since, I'm on a windows phone there is no Termux app. I guess Termux is used to install the SSH server and gain access to a command prompt, correct?
1. Ok since openssh server is built into the windows phone OS and I can access the command prompt via putty, I should be fine, right.
2. Generate key pair and stored public key on phone. Working fine.
3. Hotspot connection to phone.
4. Run ipconfig(windows) on phone or local machine. On local machine, gateway address is the needed ip, same as hotspot address on phone.
5. SSH Server is started on phone once the phone is placed in development mode.
Can't put server in debug mode on phone, but I'm pretty certain that it's hard coded to listen on port 22.
6. Your instructions on github.com have duplicated the step number 5, which should be 6 and I am having a little trouble sorting through it.
7. I guess the only way to tunnel to the phone is to run a putty session from the Windows machine configured per your instructions.
Are these commands executed on the device or phone?:
ssh -D 8123 -fqgN [email protected].1 -p 22 (ssh client)
sshuttle -r [email protected].1:22 0.0.0.0/0 0.0.0.0 (sock proxy)
Either way, I will need to use putty for the SSH Client portion. What are the switches in your example "-fqgN"? Are the switches concatenated?
-f Specifies a per-user configuration file.
-q Quiet mode
-g Allows remote hosts to connect to local forwarded ports.
-N ???
And finally, depending on where the above commands are run, I will need to find a sock proxy solution, if I want all traffic going through the tunnel.
Again, thanks for all your hard work.
davy4620 said:
Hello RiFi2k,
OK, thanks for the information. I'm trying to translate this into a windows environment(Windows 10 phone and PC).
Here is what I have so far, but a few of your points are unclear. A little clarity would be fantastic.
Translation for Windows 10 phone
Since, I'm on a windows phone there is no Termux app. I guess Termux is used to install the SSH server and gain access to a command prompt, correct?
1. Ok since openssh server is built into the windows phone OS and I can access the command prompt via putty, I should be fine, right.
2. Generate key pair and stored public key on phone. Working fine.
3. Hotspot connection to phone.
4. Run ipconfig(windows) on phone or local machine. On local machine, gateway address is the needed ip, same as hotspot address on phone.
5. SSH Server is started on phone once the phone is placed in development mode.
Can't put server in debug mode on phone, but I'm pretty certain that it's hard coded to listen on port 22.
6. Your instructions on github.com have duplicated the step number 5, which should be 6 and I am having a little trouble sorting through it.
7. I guess the only way to tunnel to the phone is to run a putty session from the Windows machine configured per your instructions.
Are these commands executed on the device or phone?:
ssh -D 8123 -fqgN [email protected].1 -p 22 (ssh client)
sshuttle -r [email protected].1:22 0.0.0.0/0 0.0.0.0 (sock proxy)
Either way, I will need to use putty for the SSH Client portion. What are the switches in your example "-fqgN"? Are the switches concatenated?
-f Specifies a per-user configuration file.
-q Quiet mode
-g Allows remote hosts to connect to local forwarded ports.
-N ???
And finally, depending on where the above commands are run, I will need to find a sock proxy solution, if I want all traffic going through the tunnel.
Again, thanks for all your hard work.
Click to expand...
Click to collapse
Ok, so the N is `-N Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only).` reference https://linux.die.net/man/1/ssh
It's completely fine if you don't have debug mode on when you start the sshd server on your phone, you actually don't technically need any flags. One is debug and one is detached so it runs in the background, which you are generally going to want.
Both those commands are run on your computer, but you only use one or the other. Follow my link to sshuttle they have information for using it on Windows, it will transparently route all your traffic through the tunnel for you already so it's way better than anything else.
So just to recap, you start the sshd (ssh server) on your phone and it will spit out a port. Then you go to your PC and ssh or sshuttle (ssh client) connect to your phone.
I'm around if you need more help!
---------- Post added at 12:44 AM ---------- Previous post was at 12:40 AM ----------
Also once you get it working on Windows with your phone if you don't mind letting me know what version of Windows and what model your phone is, and where the directions hung you up, because I'll mention it all to help the next person.
Thanks for the quick reply. I'm going to have to dig a little deeper. It looks as if Microsoft is doing some kind of filtering on the WiFi interface and blocking this approach. Again, thanks for the great start.

Categories

Resources