Related
I'm using my transformer at school and the school is providing wifi to its students. But there are apparently some odd restrictions associated with it. No app of mine is allowed to access the internet with the exception of browsers and also I'm not allowed to download anything (it just says "download unsuccesful" no matter what I download or from where). I've tried to look for a reson for this and I found out that it might be some firewall settings on the computer that is hosting the wifi, I also asked the school's IT guy and he said that it's likely to be the reason. But the thing is that all the people with computers and iPhones can use applications that use the internet with no problems at all. This makes me think that the wifi host regards me as dangerous or suspicious for some reason, and because it does allow computers and iPhones to use apps that access the internet and are allowed to download files, I think that it might be fixable. Perhaps there are some particular settings that make the wifi host's security to regard me as dangerous and doesn't allow my apps to go to the internet. So what do I have to do for my apps to be able to access the internet and to be able to download files? I really want to know this, because many of the useful apps require internet and by not using them I'm not taking the full advantage of the device. I should also mention that my tablet is running 3.2.1.
But have you tried asking them about letting you use your "netbook" on their netbook. What's the worst they can do? say NO TABLETS ALLOWED? Because unless they know your exact MAC address, they probably won't be able to do anything about it. In my old school, I brought up that I would like to connect my windows mobile device to their network (when I was using it as an mp3 player) and they said sure (they had terrible firewalls which blocked most every site that was fun). Sometimes, the best kind of hackery is the social kind.
Dyskmaster said:
But have you tried asking them about letting you use your "netbook" on their netbook.
Click to expand...
Click to collapse
What do you mean by that?
norsul said:
What do you mean by that?
Click to expand...
Click to collapse
I guess his telling you to ask for permission to use your netbook on their network.
Well first of all I'm using a tablet running android 3.2.1. And I'm kind of confused by your use of the word network, because I said that I can use the school's wifi network for students, but only to some extent, meaning that none of my apps with the exception of the browser are not allowed to access the internet e. g. android market, google translate don't work, they just say that they are unable to connect to the network or something similar. Also downloading any file from anywhere is not allowed, it says download unsuccessful. But iPhone user's apps work perfectly fine. From this I concluded that there must be something about my tablet that makes their security think my apps are dangerous and therefore blocks them, and that because there is no such problem on iOS, I thought that the might be something wrong with my end, and that it it fixable. And my question was what do I need to do to fiz this? I hope that clarifies my point.
statsminister said:
I guess his telling you to ask for permission to use your netbook on their network.
Click to expand...
Click to collapse
yes, thanks, I was kinda in a hurry when I typed that
Ask your school's IT department. Network configurations can be quite complex, and without knowledge of how or what they're blocking- it's hard for us to help. IT would know the issue better, or at least give the explanation as to why it isn't working. For instance, last year at my college nothing but computers were allowed to connect to the wifi. Such control can be done on the network side, and it may not be your tablet's fault.
Have you any friends with an Android device, or better yet android tablet?
I did ask the IT guy and he said that he has no control over the security settings, because it's a network across all of the schools in the city, not just the school in which I am.
Hey, I've tried using dropbox at school and then it says "cache access denied", maybe that can somehow clarify my problem.
settings
Have you set your settings/applications to allow unknown sources (ie is it ticked).
Colin
colint3 said:
Have you set your settings/applications to allow unknown sources (ie is it ticked).
Colin
Click to expand...
Click to collapse
That's only to allow installing apps not from the Market (sideloading). It has nothing to do with an app working or not.
Haven't you ever heard of proxy and content filtering?
Schools often set up proxies to restrict certain sites and content from working on their networks. They do it for a variety of reason, including bandwidth conservation, content filtering, network security, etc.
More than likely, they have blocked anything that they deem unnecessary. That means that probably only port 80 is allowed (the http port), possibly a few others for https, pop3 and imap for email, etc.
However, if you're a more advanced user, you can probably bypass right past all of this stuff by setting up your own proxy, or using encapsulation (like nstx or icmptx) to bypass their proxy by encapsulating other services inside DNS or ICMP traffic which are usually allowed to bypass the proxy at school. Like I said though, these are advanced techniques and require you to research and set it up yourself.
a.mcdear said:
Haven't you ever heard of proxy and content filtering?
Schools often set up proxies to restrict certain sites and content from working on their networks. They do it for a variety of reason, including bandwidth conservation, content filtering, network security, etc.
More than likely, they have blocked anything that they deem unnecessary. That means that probably only port 80 is allowed (the http port), possibly a few others for https, pop3 and imap for email, etc.
However, if you're a more advanced user, you can probably bypass right past all of this stuff by setting up your own proxy, or using encapsulation (like nstx or icmptx) to bypass their proxy by encapsulating other services inside DNS or ICMP traffic which are usually allowed to bypass the proxy at school. Like I said though, these are advanced techniques and require you to research and set it up yourself.
Click to expand...
Click to collapse
No, I do not no anything about proxy or content filtering, but I remember when I was connecting to the wifi network of the school I was asked to configure the proxy settings by putting some ip address ( I presume that it is an ip adress because it looked like one) and writing 8080 in the port field. If I didn't configure it like that, the internet would simply not work. Could you please tell me where I could educate myself about bypassing proxies or is i a matter that would require a very long time to learn and a lot of prerequisite knowledge?
And by the way, are you sure that this could be done on a tablet? All of that fiddling around seems to require a considerable degree of control which android may lack, or would rooting give me that control?
norsul said:
No, I do not no anything about proxy or content filtering, but I remember when I was connecting to the wifi network of the school I was asked to configure the proxy settings by putting some ip address ( I presume that it is an ip adress because it looked like one) and writing 8080 in the port field. If I didn't configure it like that, the internet would simply not work. Could you please tell me where I could educate myself about bypassing proxies or is i a matter that would require a very long time to learn and a lot of prerequisite knowledge?
And by the way, are you sure that this could be done on a tablet? All of that fiddling around seems to require a considerable degree of control which android may lack, or would rooting give me that control?
Click to expand...
Click to collapse
OK yeah you are going through a proxy then. The good news is, that because you have to configure it manually, they probably aren't using transparent proxy which can make it easier to bypass.
Getting nstx or icmptx working natively on Android should be possible in theory as both are lightweight and designed to work in Linux... perhaps it can be made into a module that can be activated/deactivated with a shell script, or added to a custom kernel.. obviously this would require a rooted tablet to accomplish.
The other required part of the equation is a computer accessible from the internet, which you can set up install a DNS server and nstx on.
If you manage to get it all working correctly, set your home IP address as your proxy instead of your schools proxy, and you should be able to get through. It should also work to let you access the web for free at places like Starbucks or at hotels where the web is normally routed to a site where you have to pay for web access.
Good luck!
a.mcdear said:
OK yeah you are going through a proxy then. The good news is, that because you have to configure it manually, they probably aren't using transparent proxy which can make it easier to bypass.
Getting nstx or icmptx working natively on Android should be possible in theory as both are lightweight and designed to work in Linux... perhaps it can be made into a module that can be activated/deactivated with a shell script, or added to a custom kernel.. obviously this would require a rooted tablet to accomplish.
The other required part of the equation is a computer accessible from the internet, which you can set up install a DNS server and nstx on.
If you manage to get it all working correctly, set your home IP address as your proxy instead of your schools proxy, and you should be able to get through. It should also work to let you access the web for free at places like Starbucks or at hotels where the web is normally routed to a site where you have to pay for web access.
Good luck!
Click to expand...
Click to collapse
That sounds awesome maybe you could make the app id buy it
I found two apps on the android market : proxydroid and ssh tunnel, do you think they would help me to bypass the school's proxy?
And by the way, how legal is this business? I mean I doubt that the school would send be to jail for using google translate but I'm still curious.
Legal issues are a potential problem, but its doubtful it would ever be a problem at school. Setting this up on your tablet certainly isn't illegal in itself, but if you're stealing wifi that you would otherwise have to pay for, you CAN get yourself in quite a bit of trouble if you get caught.
a.mcdear said:
Legal issues are a potential problem, but its doubtful it would ever be a problem at school. Setting this up on your tablet certainly isn't illegal in itself, but if you're stealing wifi that you would otherwise have to pay for, you CAN get yourself in quite a bit of trouble if you get caught.
Click to expand...
Click to collapse
Ok thanks, wifi network in the school is free for all students so I should be ok. But what about those apps I mentioned before?
And how would I protect myself from geting caught and what is the likelyhood of me getting caught? Can they immediately notice it if someone's trying to bypass their firewall or not? I should point out that the it manager in our school knows quite little about the sexurity system or ao he told me when I asked him whether my problem is somehow connected to their security settings, but the network is not pwned by the school, it's owned by the city and it is present in many schools beside mine, so I think that they might take their security seriously. So basically what I am trying to say is that if I investigate this matter, come there and bypass the proxy so that the youtube app works, is it likely that I am going to get caught, and if yes then what are the ways of minimising the risk (please bear in mind that I have not experience in this)? I'm asking this because I think it's not a very good idea to just walk in and hack the network without any experience and expect that there is no possibility of getting caught.
No neither of those apps are really the solution to your problem. There isn't currently an app for Android that will set up encapsulation like I'm talking about.
And yes, your IT manager at school "might" be able to catch you, but only if he's specifically looking for it. What this basically does is encapsulate your regular IP traffic inside DNS packets (or pings for the icmptx method), which are generally allowed to pass through firewalls and content filters. Basically, it is detectable if your network administrator is looking in the right place and knows his stuff. There would either look like a constant stream of DNS requests from a particular IP on the school network, or a constrant stream of ICMP traffic (pings) being sent out. However both ICMP and DNS are normal for any network, so its also equally possible that the administrator never notices that anything is wrong at all...
Some more sophisticated networks may employ transparent DNS or transparent proxy, which would make these efforts much harder. Transparent proxy is able to intercept any traffic and force it through the proxy at school, while transparent DNS is able to intercept DNS traffic and force it to use a specific DNS server regardless of settings on your tablet.
Like I said in the beginning though, these are really advanced networking tricks that certainly aren't easy to set up, even when all the components are readily available.. its possible they haven't even been attempted yet on an Android device. That said, it shouldn't be difficult to port either icmptx or nstx over to Android for somebody with the requisite programming skills.
I'd love to use this app but feel like I'm in over my head trying to configure it. Can this be walked thru?
Firstly, do you have a hosted server (typically configured with sshd and nginx / squid), which is accessible from the Internet?
promiseofcake said:
Firstly, do you have a hosted server (typically configured with sshd and nginx / squid), which is accessible from the Internet?
Click to expand...
Click to collapse
I DL'd the SSH Tunnel app (top 10 rooted app recommendation on a random site) and was hoping someone could help me with the necessary parameters to set it up. Is that possible? If promiseofcake's question is any indicator, I'll assume SSH isnt for me?
gadgetball said:
I DL'd the SSH Tunnel app (top 10 rooted app recommendation on a random site) and was hoping someone could help me with the necessary parameters to set it up. Is that possible? If promiseofcake's question is any indicator, I'll assume SSH isnt for me?
Click to expand...
Click to collapse
SSH is a protocol which allows one machine to securely connect to another remote machine, and in this situation, use the remote machine's internet connection. The benefit of this is that all of the data transferred to your phone appears to be originating from this remote machine of yours, and not all of the sites and services you are in turn using, Google, Facebook, torrent services, etc. Now if this server was hosted at home, your home internet would be the one which Google, Facebook, and torrent services would see using their services. Imagine that as a baseline.
In order for the above example to work, one will need a remote machine to use as a gateway for this traffic. Therefore, unless you have a computer setup and configured properly with a semblance of a "static" connection, there will be nothing for your phone to SSH tunnel into.
I would look into paid services so you don't have to deal with the hassle of setting something like this up.
Thank you very much for clearing that up!
Sent from my SAMSUNG-SGH-I727 using XDA App
Just another noob that hasnt studied up enough
Sent from my SAMSUNG-SGH-I727 using XDA App
Yeah, I use SSHTunnel everyday, the benefit besides the fact that everything is appearing to come from the remote machine you're running SSH on is that everything is encrypted, so the carrier or wifi lan you're using can't see what you're doing either other then sending encrypted traffic to your remote machine, this can protect against droidsheep attacks and if you're using your providers 3g/4G and you tether the traffic is masked as encrypted and your provider can't really tell what you're doing, SSHTunnel IS a good program if you have an SSH shell to tunnel the traffic through.
I have problems with this app too. It connects successfully to my server but the "Individual Proxy" option does not work. I sent a mail to the author asking if iptables needs any specific options enabled (such as --uid-owner) for this to work but did not get any replies. I don't know how different the iptables on android is compared to that on desktop distributions.
I'm using CM9 and tested this the default kernel and Siyah kernel.
I am hoping someone can help me, since I am having a problem. The problem is that I am bored with the current "regular" section of apps on the market. I want to find something that is useful (even revolutionary!) but I cant find anything. I dont care about games, photo editing apps, music apps, "juice savers", or any of the other crap available on the market. I am looking for a really cool developer type app that typical users dont care about. My phone is rooted so basically the sky is the limit. Does anyone have any suggestions for me??
Hmmm.. maybe make your own I'll test out for you.. I'm is same boat bored with all the apps. I have all the required software to make apps just not sure where to begin..
I wouldnt be opposed to writing my own, but I am looking for inspiration first. Thats why I want to see some of the innovative apps out there. The problem is there is nothing particularly exciting, from what I can find at least. I am sure there are people who have developed something cool I just need to find it!
Im currently doing some learning ARM/x86 assembly for embedded stuff. Im also currently working with the android kernel. Sometimes i like to sit with my phone instead of a laptop here is a list of apps and stuff i use on the phone to make things go smooth.
(market) droidedit pro - this is the best easiest code editor ive used so far, its light it supports a ton of languages and has sftp and ssh command support. The ssh makes it easy to build stuff on your main remote machine.
(market)x-plore - pretty sweet file manager. it is a double tree view that can connect to the lan ftp and picassa. It also has total root access. I can basically work with any files even on typically read only directorys.
(market)ideterminal - basically the android sdk on your phone along with java compilers and ton of command line goodies.
Add a debian chroot to your phone this opens up so many possibilitys like to vnc into an x server on the phone and compile natively without the hassle of small screen no keyboard.
ssh combined with dropbox is also your friend.
Sent from my LG-VM670 using XDA App
I also mess around with embedded ARM devices for fun. My current project is FreePBX (Asterisk VoIP system) that I installed on a SheevaPlug "plug computer". At the moment I am trying to figure out the best way for me to incorporate my Android devices with that platform. The two apps I like am currently using a lot are:
1) FING. Its basically a network analyzing program that tells you about all devices attached to a network. If you are familiar with the older PC program called [email protected] this is essentially the Android version of that.
2) ConnectBot. A fairly straight forward SSH/Telnet client with a few extras.
I am really on the lookout for these kinds of apps. If you can think of others that might be interesting I would love to know. We have someone similar interests so I am curious what else you like.
If you are at all interested in my PlugPBX deployment you can check it out at the following thread.
http://www.broadbandreports.com/forum/r24405430-Asterisk-PlugPBX-system-unboxing-and-updates-
I actually had downloaded fing but it wont work on my phone i have no idea what the deal is when i from command line or any program need to ping i get an error like ICMP operation failed, i dont have a problem with any networking software i.e ssh, VNC, remote web desktop (this is a cool toy, makes sms on pc simple also).
Oh ya there is also a dynamic DNS app to so you can use something like no-ip.com and to get a static host name for your phone, for free. Like mike.no-ip.com would connect you to your phone from anywhere, the client program on the phone updates the DNS server that provides your dynamic DNS name. I guess the app is generic and works with most if not all dynamic dns hosts!
Im not really into voip, i just havent ever done anything with it. although i only have 300 minutes and unlimited data so voip may be a good idea, i just dont know any free service.
rwgast said:
I actually had downloaded fing but it wont work on my phone i have no idea what the deal is when i from command line or any program need to ping i get an error like ICMP operation failed, i dont have a problem with any networking software i.e ssh, VNC, remote web desktop (this is a cool toy, makes sms on pc simple also).
Oh ya there is also a dynamic DNS app to so you can use something like no-ip.com and to get a static host name for your phone, for free. Like mike.no-ip.com would connect you to your phone from anywhere, the client program on the phone updates the DNS server that provides your dynamic DNS name. I guess the app is generic and works with most if not all dynamic dns hosts!
Im not really into voip, i just havent ever done anything with it. although i only have 300 minutes and unlimited data so voip may be a good idea, i just dont know any free service.
Click to expand...
Click to collapse
That Dynamic DNS app seems interesting, thanks for sharing!
rwgast said:
I actually had downloaded fing but it wont work on my phone i have no idea what the deal is when i from command line or any program need to ping i get an error like ICMP operation failed, i dont have a problem with any networking software i.e ssh, VNC, remote web desktop (this is a cool toy, makes sms on pc simple also).
Oh ya there is also a dynamic DNS app to so you can use something like no-ip.com and to get a static host name for your phone, for free. Like mike.no-ip.com would connect you to your phone from anywhere, the client program on the phone updates the DNS server that provides your dynamic DNS name. I guess the app is generic and works with most if not all dynamic dns hosts!
Im not really into voip, i just havent ever done anything with it. although i only have 300 minutes and unlimited data so voip may be a good idea, i just dont know any free service.
Click to expand...
Click to collapse
Which DYDNS app are you using? I have tried a few and none work. Which carrier do you have?
there are many apps being added to the market everday.. u might want to explore them keenly..
Dev @anonify came up with a seemingly awesome app called Orxy, with paid add-on Orxify; together they integregrate your droid's built in VPN capabilities with the IP-scrambling, onion accessing power of Orbot. It's quick, its easy, its very fast.
However, many hours of searching and I still can't tell if this is really a secure way to access the Deep Web.
For a start, you have to buy a monthly subscription through the Play Store in order to tunnel your data and hide the fact you are using Orbot. So Orxy has your Google details (who evidently have your bank/personal information) right off the bat. That's OK, I guess, theres nothing inherently wrong with that.
However, the difficulty for me arose when saw this article - www.deepdotweb.com/2014/07/08/is-your-vpn-legit-or-****
So - if you use this app, will your IP addresses, logon/off times, or bandwidth usage be logged somewhere? Is that possible with the native Android VPN, whether locally or by Orxy? Can, as in the above article, someone be subpoenaed to give up said information? Or worse, can it be found locally on your machine if it fell into the wrong hands?
Basically, if you want good privacy and security on the Deep Web, will you be OK using this app, or is it infinitely better to use a third party VPN which takes Bitcoin payments and stores absolutely nothing?
Personally, why use a phone for it? Just pay for a vpn, run tor, tweak other settings and viola, explore freely. Your isp will see encrypted traffic coming for your IP but not see you using tor
Sent from my Oneplus One using Tapatalk
I would also recommend using a computer
Lähetetty minun A0001 laitteesta Tapatalkilla
Well I wanna be able to look at an AK-47 for sale on the way to or from work, cos that's when I most feel like owning one (joke)
But seriously. For the same reasons we use a phone instead of a computer for so many things - portability. Smaller, better battery life - cheaper. All these things.
Also I believe there to be far more security flaws with the major OS's, so in theory Android is more secure. Or might be. That's what I'm trying to find out, anyway
When using just orxy/orxify, everything (in terms of traffic) happens locally on your phone. The app doesn't store anything or contact any external service. Just routes traffic through tor running locally on your phone. Security here depends on what you have running on your phone and who has access to it. With tunneling, the app contacts an external proxy with the outgoing tor traffic with an extra layer of encryption. I made a diagram here:
http://forum.xda-developers.com/showpost.php?p=65332501&postcount=366
The proxy does not log IPs. It only sees encrypted tor traffic, so it can't know the data or the destination. At most, someone with access to the proxy would know that a connecting IP is accessing Tor. If they know that IP is yours, then they would know you were connecting to tor, but not what you were doing (within the limits of tor security). They would have to gain access to the proxy while you were actively tunneling tor to do this.
Basically there's two things I'm trying to accomplish. The first thing is to be able to SAFELY access my pc when I'm not at home. The second is to be able to log onto my local network from the outside world and make it look as if the traffic originates from there.
At home on my local wifi I often access my PC using Remote Desktop. I'd like to safely be able to do the same thing from a phone or external PC. I'm under the impression that the best way to do this was with a VPN but the precise what and how eludes me. My best current guess is to setup a VPN Server on my wifi router but does that mean any generic VPN software I install on my phone can get through? I'm really just guessing but possibly this will accomplish both things I'm trying to do.
Additionally I could also setup a VPN Client on the wifi router which would provide VPN protection to any device logged onto my lan without having to install anything on every tablet in my household.
Added to this is that I've used Kaspersky antivirus for over 20 years on my pc's and VPN just became free with the package so I've used the 3 licenses I get on my PC and my and my wife's phones. Hopefully I can use my Kaspersky VPN to access the DDNS that I got free from ASUS to complete the circle.
It should be clear from this discussion that I'm grasping at straws, I've googled a bunch of confusing and potentially conflicting information along with everybody and his brother that wants to sell something VPN related.
I'm also posting this on the Windows 10 Help forum as here and there is where I get most of my technical advice.
Look inside here:
How to Build Your Own VPN (and Why You Might Want to)
Ever thought of creating a VPN from scratch but didn't know where to start? Get answers to all your questions in this comprehensive guide.
vpnoverview.com
As far as I know, there are many models of home router with built-in VPN server capabilities. Check your router's manual at first.
James_Watson said:
As far as I know, there are many models of home router with built-in VPN server capabilities. Check your router's manual at first.
Click to expand...
Click to collapse
I'm goimg forward on the basis that all I need to do what I want is the Router's built-in server, along with an Asus provided DDNS, to allow VPN connection from my outside devices and the Router's built-in VPN Client to give VPN protection to all devices within my local wifi. I bought the router with this capability in mind as well as speed improvements over my old router. It's the Asus RT-AC86U router and it "should" do the above as well as allow externally connected devices to act as if originating from my home system.
It may take me a bit to do this but I'll report back once I have an answer.
jwoegerbauer said:
Look inside here:
How to Build Your Own VPN (and Why You Might Want to)
Ever thought of creating a VPN from scratch but didn't know where to start? Get answers to all your questions in this comprehensive guide.
vpnoverview.com
Click to expand...
Click to collapse
Thanks for the response. I looked at a number of how to guides, the one I'm going forward with is how-to-easily-access-your-home-network-from-anywhere.
I have an issue with setting up the VPN Server Client on my router (Asus RT-AC86U) that I have a service call in with Asus for, so the VPN Client side is on hold for a bit.
I was able to successfully configure the VPN Server (at least the OpenVPN protocol section) and setup a DDNS. From what I read this should be sufficient to allow an external device to login to my home system but I've seen no guide that describes this final step.
Do I simply use Remote Desktop on the external device to logon to my PC through the DDNS while the VPN (in OpenVPN protocol in this case) is enabled?
That would mostly work but what I really would like would be for the external device appear to be on my local wifi and not on the local PC itself. How do I do that?
Can anyone point me in the correct direction?
I did just find another piece of information the may apply here. In one of the guides I read the following:
"save the OpenVPN configuration file which will be used by the remote device to access your router."
There was a client.ovpn file generated during the router's VPN Server setup. The above sentance implies that I need to somehow get the VPN software on the external device to use this file and then I'll be able to logon to my home system. Can anyone shed more light on this?
*** Update ***
I was able to setup the OpenVPN Server on my ASUS RT-AC86U router and it does allow me to safely access my home LAN from anywhere. I can login to my home router's user interface and use Remote Desktop to login to my PC. Also since the VPN changes my IP address to that of my home system everything works as it would if I was actually there.
The one thing I haven't been able to do is access my pc's shared drive.
Anyone have any clue how to fix that?
Finally I also tried to setup the VPN Client on the router to access the VPN Server. ASUS said you should be able to do that but it results in an IP conflict that their tech support hasn't yet solved.
The benefit of using the router's VPN client is that any device on my local wifi is automatically protected by a VPN without installing anything on the device. The point is somewhat moot since all each device needs is a free app and the config file created by the VPN Server.
I did look at setting up a VPN Server on my Win 10 PC, but it looked like too much work and too much chance of messing something up, to attempt.