I'm using my transformer at school and the school is providing wifi to its students. But there are apparently some odd restrictions associated with it. No app of mine is allowed to access the internet with the exception of browsers and also I'm not allowed to download anything (it just says "download unsuccesful" no matter what I download or from where). I've tried to look for a reson for this and I found out that it might be some firewall settings on the computer that is hosting the wifi, I also asked the school's IT guy and he said that it's likely to be the reason. But the thing is that all the people with computers and iPhones can use applications that use the internet with no problems at all. This makes me think that the wifi host regards me as dangerous or suspicious for some reason, and because it does allow computers and iPhones to use apps that access the internet and are allowed to download files, I think that it might be fixable. Perhaps there are some particular settings that make the wifi host's security to regard me as dangerous and doesn't allow my apps to go to the internet. So what do I have to do for my apps to be able to access the internet and to be able to download files? I really want to know this, because many of the useful apps require internet and by not using them I'm not taking the full advantage of the device. I should also mention that my tablet is running 3.2.1.
But have you tried asking them about letting you use your "netbook" on their netbook. What's the worst they can do? say NO TABLETS ALLOWED? Because unless they know your exact MAC address, they probably won't be able to do anything about it. In my old school, I brought up that I would like to connect my windows mobile device to their network (when I was using it as an mp3 player) and they said sure (they had terrible firewalls which blocked most every site that was fun). Sometimes, the best kind of hackery is the social kind.
Dyskmaster said:
But have you tried asking them about letting you use your "netbook" on their netbook.
Click to expand...
Click to collapse
What do you mean by that?
norsul said:
What do you mean by that?
Click to expand...
Click to collapse
I guess his telling you to ask for permission to use your netbook on their network.
Well first of all I'm using a tablet running android 3.2.1. And I'm kind of confused by your use of the word network, because I said that I can use the school's wifi network for students, but only to some extent, meaning that none of my apps with the exception of the browser are not allowed to access the internet e. g. android market, google translate don't work, they just say that they are unable to connect to the network or something similar. Also downloading any file from anywhere is not allowed, it says download unsuccessful. But iPhone user's apps work perfectly fine. From this I concluded that there must be something about my tablet that makes their security think my apps are dangerous and therefore blocks them, and that because there is no such problem on iOS, I thought that the might be something wrong with my end, and that it it fixable. And my question was what do I need to do to fiz this? I hope that clarifies my point.
statsminister said:
I guess his telling you to ask for permission to use your netbook on their network.
Click to expand...
Click to collapse
yes, thanks, I was kinda in a hurry when I typed that
Ask your school's IT department. Network configurations can be quite complex, and without knowledge of how or what they're blocking- it's hard for us to help. IT would know the issue better, or at least give the explanation as to why it isn't working. For instance, last year at my college nothing but computers were allowed to connect to the wifi. Such control can be done on the network side, and it may not be your tablet's fault.
Have you any friends with an Android device, or better yet android tablet?
I did ask the IT guy and he said that he has no control over the security settings, because it's a network across all of the schools in the city, not just the school in which I am.
Hey, I've tried using dropbox at school and then it says "cache access denied", maybe that can somehow clarify my problem.
settings
Have you set your settings/applications to allow unknown sources (ie is it ticked).
Colin
colint3 said:
Have you set your settings/applications to allow unknown sources (ie is it ticked).
Colin
Click to expand...
Click to collapse
That's only to allow installing apps not from the Market (sideloading). It has nothing to do with an app working or not.
Haven't you ever heard of proxy and content filtering?
Schools often set up proxies to restrict certain sites and content from working on their networks. They do it for a variety of reason, including bandwidth conservation, content filtering, network security, etc.
More than likely, they have blocked anything that they deem unnecessary. That means that probably only port 80 is allowed (the http port), possibly a few others for https, pop3 and imap for email, etc.
However, if you're a more advanced user, you can probably bypass right past all of this stuff by setting up your own proxy, or using encapsulation (like nstx or icmptx) to bypass their proxy by encapsulating other services inside DNS or ICMP traffic which are usually allowed to bypass the proxy at school. Like I said though, these are advanced techniques and require you to research and set it up yourself.
a.mcdear said:
Haven't you ever heard of proxy and content filtering?
Schools often set up proxies to restrict certain sites and content from working on their networks. They do it for a variety of reason, including bandwidth conservation, content filtering, network security, etc.
More than likely, they have blocked anything that they deem unnecessary. That means that probably only port 80 is allowed (the http port), possibly a few others for https, pop3 and imap for email, etc.
However, if you're a more advanced user, you can probably bypass right past all of this stuff by setting up your own proxy, or using encapsulation (like nstx or icmptx) to bypass their proxy by encapsulating other services inside DNS or ICMP traffic which are usually allowed to bypass the proxy at school. Like I said though, these are advanced techniques and require you to research and set it up yourself.
Click to expand...
Click to collapse
No, I do not no anything about proxy or content filtering, but I remember when I was connecting to the wifi network of the school I was asked to configure the proxy settings by putting some ip address ( I presume that it is an ip adress because it looked like one) and writing 8080 in the port field. If I didn't configure it like that, the internet would simply not work. Could you please tell me where I could educate myself about bypassing proxies or is i a matter that would require a very long time to learn and a lot of prerequisite knowledge?
And by the way, are you sure that this could be done on a tablet? All of that fiddling around seems to require a considerable degree of control which android may lack, or would rooting give me that control?
norsul said:
No, I do not no anything about proxy or content filtering, but I remember when I was connecting to the wifi network of the school I was asked to configure the proxy settings by putting some ip address ( I presume that it is an ip adress because it looked like one) and writing 8080 in the port field. If I didn't configure it like that, the internet would simply not work. Could you please tell me where I could educate myself about bypassing proxies or is i a matter that would require a very long time to learn and a lot of prerequisite knowledge?
And by the way, are you sure that this could be done on a tablet? All of that fiddling around seems to require a considerable degree of control which android may lack, or would rooting give me that control?
Click to expand...
Click to collapse
OK yeah you are going through a proxy then. The good news is, that because you have to configure it manually, they probably aren't using transparent proxy which can make it easier to bypass.
Getting nstx or icmptx working natively on Android should be possible in theory as both are lightweight and designed to work in Linux... perhaps it can be made into a module that can be activated/deactivated with a shell script, or added to a custom kernel.. obviously this would require a rooted tablet to accomplish.
The other required part of the equation is a computer accessible from the internet, which you can set up install a DNS server and nstx on.
If you manage to get it all working correctly, set your home IP address as your proxy instead of your schools proxy, and you should be able to get through. It should also work to let you access the web for free at places like Starbucks or at hotels where the web is normally routed to a site where you have to pay for web access.
Good luck!
a.mcdear said:
OK yeah you are going through a proxy then. The good news is, that because you have to configure it manually, they probably aren't using transparent proxy which can make it easier to bypass.
Getting nstx or icmptx working natively on Android should be possible in theory as both are lightweight and designed to work in Linux... perhaps it can be made into a module that can be activated/deactivated with a shell script, or added to a custom kernel.. obviously this would require a rooted tablet to accomplish.
The other required part of the equation is a computer accessible from the internet, which you can set up install a DNS server and nstx on.
If you manage to get it all working correctly, set your home IP address as your proxy instead of your schools proxy, and you should be able to get through. It should also work to let you access the web for free at places like Starbucks or at hotels where the web is normally routed to a site where you have to pay for web access.
Good luck!
Click to expand...
Click to collapse
That sounds awesome maybe you could make the app id buy it
I found two apps on the android market : proxydroid and ssh tunnel, do you think they would help me to bypass the school's proxy?
And by the way, how legal is this business? I mean I doubt that the school would send be to jail for using google translate but I'm still curious.
Legal issues are a potential problem, but its doubtful it would ever be a problem at school. Setting this up on your tablet certainly isn't illegal in itself, but if you're stealing wifi that you would otherwise have to pay for, you CAN get yourself in quite a bit of trouble if you get caught.
a.mcdear said:
Legal issues are a potential problem, but its doubtful it would ever be a problem at school. Setting this up on your tablet certainly isn't illegal in itself, but if you're stealing wifi that you would otherwise have to pay for, you CAN get yourself in quite a bit of trouble if you get caught.
Click to expand...
Click to collapse
Ok thanks, wifi network in the school is free for all students so I should be ok. But what about those apps I mentioned before?
And how would I protect myself from geting caught and what is the likelyhood of me getting caught? Can they immediately notice it if someone's trying to bypass their firewall or not? I should point out that the it manager in our school knows quite little about the sexurity system or ao he told me when I asked him whether my problem is somehow connected to their security settings, but the network is not pwned by the school, it's owned by the city and it is present in many schools beside mine, so I think that they might take their security seriously. So basically what I am trying to say is that if I investigate this matter, come there and bypass the proxy so that the youtube app works, is it likely that I am going to get caught, and if yes then what are the ways of minimising the risk (please bear in mind that I have not experience in this)? I'm asking this because I think it's not a very good idea to just walk in and hack the network without any experience and expect that there is no possibility of getting caught.
No neither of those apps are really the solution to your problem. There isn't currently an app for Android that will set up encapsulation like I'm talking about.
And yes, your IT manager at school "might" be able to catch you, but only if he's specifically looking for it. What this basically does is encapsulate your regular IP traffic inside DNS packets (or pings for the icmptx method), which are generally allowed to pass through firewalls and content filters. Basically, it is detectable if your network administrator is looking in the right place and knows his stuff. There would either look like a constant stream of DNS requests from a particular IP on the school network, or a constrant stream of ICMP traffic (pings) being sent out. However both ICMP and DNS are normal for any network, so its also equally possible that the administrator never notices that anything is wrong at all...
Some more sophisticated networks may employ transparent DNS or transparent proxy, which would make these efforts much harder. Transparent proxy is able to intercept any traffic and force it through the proxy at school, while transparent DNS is able to intercept DNS traffic and force it to use a specific DNS server regardless of settings on your tablet.
Like I said in the beginning though, these are really advanced networking tricks that certainly aren't easy to set up, even when all the components are readily available.. its possible they haven't even been attempted yet on an Android device. That said, it shouldn't be difficult to port either icmptx or nstx over to Android for somebody with the requisite programming skills.
[APP][2.3.5+][1.14 - 12/21/2014] DnsQache: Custom DNS + HTTP(S) Proxy
Code:
*** Disclamer: Read the [URL="http://forum.xda-developers.com/showpost.php?p=48623656&postcount=2"]DISCLAIMER[/URL] file before committing to the use of this application.
Introduction
DnsQache is a custom DNS provider and content proxy manager for root enabled users. It enables the use of custom DNS name servers and content caching as well as HTTP/HTTPS Proxy and caching for Android Rooted phones. The serices provided by DnsQache can significantly accelerate Internet browsing and generally any access to network services, especially for those using tethering facilities provided by many ROMs.
Click to expand...
Click to collapse
Images
Coming soon ...
Click to expand...
Click to collapse
Installation instructions
** PREREQUISITES **
1) A rooted Android phone with busybox -- you should know how to, and have already, rooted your phone and get busybox operational on the same phone;
2) Your phone's kernel must be netfilter-enabled (most stock kernels support netfilter (IPTABLES), but it's a good idea to check to be sure);
3) If using Harry Mue's and Sofia Lemons' wifi tether application, assure you use a version released after July 18, 2013.
Custom DNS Provider and Query Caching
To use the program for just DNS caching and redirection, install and start the program. Thereafter, check the options in the "System|Settings: DNS" menu and tune to your liking.
The DNS cache is implemented via dnsmasq and is always active when DnsQache is active. For Android versions lower than Jelly Bean, the application manages the network settings (e.g., system properties and /etc/resolv.conf) so that all DNS requests resolve via the local dnsmasq server.
For Android versions Jelly Bean and higher, the application sets rules via IPTABLES (http://www.netfilter.org/projects/iptables/) to redirect all DNS requests to the local dnsmasq server. In that way, DNS caching is always active when DnsQache is active. This is true whether or not the phone is being used for tethering.
For users of the fantastic Android Wifi Tether application (https://code.google.com/p/android-wifi-tether), the authors of that application, on Jul 18, 2013, merged in code fixes submitted by the author of this program that prevents the wifi-tether application from listening on the
localhost interface, which is required for DNS caching and not used by wifi-tether. To assure you are using the version of code in which that 'fix' exists, you should be using wifi_tether_v3_4-experimental1.apk or higher (see https://code.google.com/p/android-wifi-tether/downloads/list). Tethered users gain the benefit of dns caching as well as proxy services provided by DnsQache.
At first, it may be a good idea to turn on 'Log Queries' in the DNS settings. That will allow you to view all DNS queries made by your phone and the endpoint to which the queries were redirected. To see those, you can use logcat (or an application that displays the same) or use the "System|View Log" menu, the latter of which will take a snapshot of the existing logcat log as it relates to dnsmasq and present the information. If no log shows (e.g., the log says the log file is not available), then it means you did not turn on Log Queries and restart the service, or the service failed due to bad settings. The most common issue there is if you use custom IP addresses for the DNS name servers and dnsmasq ultimately fails to start due to such configuration error.
Using the HTTP/HTTPS Proxy
Generally, for proxy use, clients (your laptop for example) can connect via wifi to your phone, when tethering, and get access to the internet using the mobile connection (4G, 3G, 2G) of your phone. That may occur through custom ROMs as native hotspot or via the wifi-tether application. When DnsQache is active, custom DNS name servers and caching is automatically enabled for tethered users as well as the phone.
To use proxy services, chech the values in the "System|Settings: Proxy" menu. Once saved, the options will take effect only after the service is (re)started. To restart, simply 'stop' and 'start' the DnsQache service. To do that, return to the main page of the app and the big 'DQ' will be either green or grey. If grey, it means the service is not currently running, so just touch the DQ to start it. If green (and you need to restart), just touch the DQ and give it time to shut down (goes grey) and touch it again (start).
The Proxy settings allow for the use of either polipo (http://www.pps.univ-paris-diderot.fr/~jch/software/polipo/) or tinyproxy (https://banu.com/tinyproxy/). Tinyproxy does not perform page caching, as does polipo, so the general preference ends up use of polipo.
The settings require that you to specify one or more CIDR ranges for client addresses allowed to connect to the proxy. The CIDRs of interest generally are the network addresses (e.g., 172.20.21.0/24) of your mobile hotspot (tether) network. You can view that in your phone settings, or the settings of your wifi-tether application. DnsQache sets the proxy connection port to 3128, so any client you want to proxy *must* set the proxy port to 3128. A later release will allow changing the port.
To have tethered users go through the proxy instead of directly NATed connection through the phone, the tethered user must set their device (computer, et al) to use a proxy. Set the proxy settings to use the IP address of your tethering gateway (the IP address of your wifi when tethering -- usually that is the ".1" address of the CIDR you specified for your client addresses for tethering or mobile hotspot application). As noted, when using the polipo proxy, proxy caching of content takes place on the phone, though secured pages (HTTPS) should not end up cached.
Click to expand...
Click to collapse
Download
Download links are below in the Disclaimer Post, after the disclaimer (which you should read). That post will be kept up to date and includes the legal necessities with distributing an application.
** Source Code **
The sources for the application are available on GitHub -- feel free to fork it and send pull requests as you see fit.
Click to expand...
Click to collapse
Changelog
Recent Updates -- see Changelog post below.
Click to expand...
Click to collapse
FAQ
Trying to figure out what to set for the maximum DNS cache size?
A nice rule of thumb is try 200 or 300 on JB and above, see how that works for you. On older Android (less than Jelly Bean), give it some room, like 1000, and see how that works, tune if necessary. The cache data is not all that much, so you're not stealing all that much RAM. Read more about that in this post if you're interested.
Click to expand...
Click to collapse
Thanks To/Credits
The author of this program would like to thank Harry Mue and Sofia Lemons for the fantastic Android Wifi Tether application for its use in both using that application and and in learning Android. Some of the code in DnsQache borrow from ideas and indeed implementation from Harry's and Sofia's code base, therefore this body of code carries his license and Copyright (duly noted in the DISCLAIMER.txt and the code, where appropriate).
The front page, and indeed the service layer code was inspired by, and to some extent, borrows from the venerable android-wifi-tether project originally authored by Harry Mue ([email protected]) and Sofia Lemons. While so inspired, obviously DnsQache is different in its nature and thus the code is quite different as a whole. Still -- reading and contributing to Harry's and Sofia's code was what got things rolling, so that body of work deserves significant mention, and that exists also in the sources.
Click to expand...
Click to collapse
XDA:DevDB Information
DnsQache, App for the Apps & Games
Contributors
tdhite
Source Code: https://github.com/Android-Apps/DnsQache
Version Information
Status: Stable
Current Stable Version: 1.14
Stable Release Date: 2014-12-21
Created 2014-12-21
Last Updated 2014-12-21
Reserved
Disclaimer and Download Link
*** Legal Disclaimer -- READ ALL OF THE FOLLOWING ***
The Download Links Are After This Disclaimer Information
If you use the software, or convey it to someone else, you and all subsequent conveyees are bound by the following:
This work is partially based on the work by Harry Mue and Sofia Lemons (mailto: [email protected]) as it relates to Service management Though only a minor basis, DnsQache none the less acknowledges that body of work, and carries all of the disclaimers also inherent therein. See https://code.google.com/p/android-wifi-tether/ for more.
LEGAL DISCLAIMERS AND ASSUMPTION OF THE RISK BY THE USER OF THIS PROGRAM
Assumption of the Risk of Use
YOU ASSUME, AND AGREE TO ASSUME, ALL THE RISK OF HARM BY USING THIS PROGRAM. THIS PROGRAM MAY VOID YOUR WARRANTY WITH A THIRD PARTY, IT MAY IMPROPERLY OPERATE AND DAMAGE YOUR DEVICE, IT MAY CAUSE ANY MYRIAD OF HARMFUL OUTCOMES REGARDING YOUR DEVICE OR THE USE OF THE DEVICE ON WHICH IT GETS INSTALLED. YOU ACKNOWLEDGE THAT YOU ARE AWARE OF THOSE RISKS, UNDERSTAND THOSE RISKS, AND VOLUNTARILY AND INTELLIGENTLY ELECT TO ENGAGE THOSE RISKS BY USING THE PROGRAM.
Disclaimer of Warranty
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME ALL LIABILITY AND AGREE THAT IN NO EVENT WILL YOU SEEK ANY FORM OF RECOMPENSE, WHETHER LEGAL OR EQUITABLE, INCLUDING BUT NOT LIMITED TO NECESSARY SERVICING, REPAIR, CORRECTION OR OTHERWISE.
Limitation of Liability
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM, PERMITTED OR NOT, BE LIABLE TO YOU FOR LEGAL DAMAGES OR EQUITABLE RELIEF, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Click to expand...
Click to collapse
DOWNLOAD LINKS:
DnsQache 1.14 - PIE (Lollipop) Support
MD5 Checksum: c4939d4a8f09e66ce9ea8645a6499f97
DnsQache 1.13
MD5 Checksum: 3549c7732613e3a0963f15efb0cf3562
Version 0.85 (for pre-Android 3.0 users): dnsqache.apk
MD5 Checksum: f05161d291ec47ca1fbed95a10356908 dnsqache.apk
Change Logs
DnsQache Version Notes
DICLAIMER (always read disclaimers)!
ChangLog:
Version: 1.14
Underlying service (native) apps now position independent executables (PIE) for Lollipop support.
If any of the services (dnsmasq, polipo, tinyproxy) fail to load, use v1.13 and please post a report of the problem and a logcat if possible.
Previous Releases:
Version: 1.13
Removed unnecessary DNS resetting for certain network connectivity changes. This drastically reduces su access Toast messages and restarts of the dns caching service.
Includes all other enhancements/fixes to date (click the button below to see historical change logs).
Use this version if you have problems with the latest PIE (Lollipop) supporting version.
Version: 1.12 Alpha
Fixed Custom DNS Preferences Settings to allow manual override of Multi-Country selection. Just select 'None" as the Country and then manually set the custom providers. Error checking lacks at this moment, so be careful to enter valid IP addresses.
Custom DNS Provider lists now sort based on city and secondarily by country. Note that not all entries have city data -- those will appear first so it's "anyone's guess" as to the city in which those DNS servers actually exist. Just scroll down to find specific cities if you prefer to know.
Includes all enhancements/fixes to date.
Version: 1.1 Alpha
New facilities to download world-wide DNS server lists for use as Custom DNS Setting.
Minor bug fixes (e.g., cosmetic).
All nhancements/fixes to date.
Version: 1.07
Includes all enhancements/fixes to date.
Added custom DNS Provider option.
Fixed DNS log display.
Version: 1.0 Beta (RC5)
Includes all enhancements/fixes from RC4.
Fixed cache size resetting to 200.
Version: 1.0 Beta (RC4)
Includes all enhancements/fixes from RC2 (RC3 was a bust!).
Fixed failures in setting DNS providers when changed.
Fixed text not syncing with status on main UI page.
Version: 1.0 Beta (RC2)
New version -- beta 1.0, release candidate 2.
Fixed failures to start on boot.
New UI (requires Android 3.x or above).
*Many* settings surfaced to tightly control Polipo and TinyProxy
Version: 0.81
Fixed polipo not starting with default settings.
Changed keyboard on proxy settings page when editing the allowed CIDRS. Now allows multiple CIDRS as comma separated. For example: 172.20.21.0/24, 192.168.1.0/24
Slipstreamed in a fix for the version bump (download link updated)
Version 0.82
Fixed bug where the DNS cache size was resetting to 0 (disabled cache)
Note: The reparation of this fix will likely cause a single reset of your cache size setting to change to 200 when you start the DnsQache service. Just reset the value to your liking, and stop/start the DnsQache service. After that initial 'reset' the program should operate normally in this regard.
Before sending a bug post on this issue, please assure you verify you have version 0.82 of the program, and also that you've cycled through the initial reset mentioned above.
Version 0.83
Modified IPTABLES and process model due to some ROMs killing dnsmasq processes other than the ROMs own, or otherwise refusing to start if another program is listening on port 53. DnsQache now listens on port 5353 for DNS requests and redirects all network interface requests destined for port 53 to DnsQache port 5353. DnsQache, of course, allows itself to send requests out port 53 to the custom DNS entries.
Before sending a bug post on this issue, please assure you verify you have version 0.83 of the program, and also that you've cycled through the initial reset mentioned above.
Version 0.84
Added About and Donate Views;
Fixed DNS cache size resetting to default on reboot of phone;
Note: Due to the nature of the cache resetting, in rare cases, the configuration files for the underlying dnsmasq may contain an invalid value, which can cause dnsmasq to fail to start. If you experience connection failures after updating, please do the following: stop the DnsQache service; clear the DnsQache applications data (to do that, go to your application manager and select "Clear Data." Another method is to simply uninstall the old version of DnsQache prior to installing this upgrade); run DnsQache and configure the settings to your liking; start the DnsQache service (hit that big DQ and make it go Green!).
Note: When upgrading with new dnsqache.apk files, you should (really, really should) stop the DnsQache service (the big DQ turns grey when the service is off); install the dnsqache.apk; then check settings (installs may overwrite some settings); finally restart the service.
whow!
android404 said:
whow!
Click to expand...
Click to collapse
Hope you like it. Let me know how it goes.
@tdhite first of all,great work! there is only oneappsimilar to yours.
i was using crossbreeder until now,i've been testing your app on my samsung galaxy y duos running stock 2.3.6. i've faced one bug,when i click about it does nothing.i am using opendns & polipo under dns & proxy settings. also i dont know wheather your app is working or not,so i've attached the logs from data/data/com.tdhite.dnsqache. plz tell me if it works or not.
i will suggest you should work on the app UI & icon.a holo dark look will be better.& plz make this app an foreground application & hide the notification bar icon or include an option to do it.
p.s. when i type 'su getprop net.dns1' it shows 127.0.0.1. & for 'su getprop net.dns2' it shows 119.30.37.10.
killoid said:
@tdhite first of all,great work! there is only oneappsimilar to yours.
i was using crossbreeder until now,i've been testing your app on my samsung galaxy y duos running stock 2.3.6. i've faced one bug,when i click about it does nothing.i am using opendns & polipo under dns & proxy settings. also i dont know wheather your app is working or not,so i've attached the logs from data/data/com.tdhite.dnsqache. plz tell me if it works or not.
i will suggest you should work on the app UI & icon.a holo dark look will be better.& plz make this app an foreground application & hide the notification bar icon or include an option to do it.
p.s. when i type 'su getprop net.dns1' it shows 127.0.0.1. & for 'su getprop net.dns2' it shows 119.30.37.10.
Click to expand...
Click to collapse
Given the logs, it appears the DNS caching / redirection is working quite well. You can also watch the DNS operations using a command (terminal emulator or similar):
logcat -s dnsmasq:*
That will let you watch the DNS queries -- of course assuming you have 'Log Queries' turned on in the settings.
As for the 'net.dns?' property settings, DnsQache will set the phone to use localhost (dnsmasq) as the primary, but if it were to blow away the secondary setting, no network at all would work if dnsmasq failed for any reason. So in the event port 53 on localhost is not listening, the secondary dns server would get used by Android so at least you get network. As another point, Jelly Bean and above don't even use those properties, so not to worry if you're not on an older Android version.
Polipo, however, appears to have a bad value for the CIDR settings. I surmise this might be a bug, I'll fix it if so. The issue, as a bet, is that without at least *one* click of the 'Set Allowed CIDRs' button in the Proxy settings, the default value somehow is getting missed in the configuration manager. The key log was "can't parse network null" so polipo refused to start. I need to surface that kind of error better -- will work on that. You can see the error in /data/data/com.tdhite.dnsqache/conf/polipo.conf where the line:
allowedClients=127.0.0.1, null
probably appears. That's because, for whatever reason, the default is not taking so the configuration is wrong.
So, can you try going to the 'Settings|Settingsroxy" menu and click the 'Set Allowed CIRDs' button it should properly set the configuration. Then restart the service (click the big DQ so it goes grey, give it a few secs to clear the messages that popup, then click the big DQ again to start it). That will then properly start polipo.
My apologies for the bug -- I have to attest I always set the CIDR differently than default because the tethering (native) usually is set differently for me. This is a bug and I'll fix it and re-upload a new version. I'll post here when it's fixed and uploaded (probably evening, I have work-work to do).
Finally -- polipo provides an internal status page (actually many). You can view that on your phone or on any device tethered (thus with an IP address in the allowed CIDR range). For instance, on your phone browser, go to http://localhost:3128/polipo/status? to see current status. See this page for more: http://www.pps.univ-paris-diderot.fr/~jch /software/polipo/polipo.html.
tdhite said:
So, can you try going to the 'Settings|Settingsroxy" menu and click the 'Set Allowed CIRDs' button it should properly set the configuration. Then restart the service (click the big DQ so it goes grey, give it a few secs to clear the messages that popup, then click the big DQ again to start it). That will then properly start polipo.
Click to expand...
Click to collapse
yes after trying your method polipo is seemed to be working ok.in the log now it says 'Established listening socket on port 3128.'
My apologies for the bug -- I have to attest I always set the CIDR differently than default because the tethering (native) usually is set differently for me. This is a bug and I'll fix it and re-upload a new version. I'll post here when it's fixed and uploaded (probably evening, I have work-work to do).
Click to expand...
Click to collapse
when you find enough time,you do it.no hurry! we all have a life.
Finally -- polipo provides an internal status page (actually many). You can view that on your phone or on any device tethered (thus with an IP address in the allowed CIDR range). For instance, on your phone browser, go to http://localhost:3128/polipo/status? to see current status. See this page for more: http://www.pps.univ-paris-diderot.fr/~jch /software/polipo/polipo.html.
Click to expand...
Click to collapse
i've tried to access to the address you mentioned with opera mini,but no success.it says in the page 'could not connect to remote server'.
killoid said:
yes after trying your method polipo is seemed to be working ok.in the log now it says 'Established listening socket on port 3128.'
when you find enough time,you do it.no hurry! we all have a life.
i've tried to access to the address you mentioned with opera mini,but no success.it says in the page 'could not connect to remote server'.
Click to expand...
Click to collapse
Check download link -- updated version with fixes. Attached is a screenshot of hitting localhost to see polipo status. As well, you can now enter multiple CIDRs by comma separating them. That way you can turn on your WiFi, include your WiFi CIDR in the 'allowed' settings, start DnsQache with polipo enables and then hit your device via the Wifi network (e.g., http://192.168.208.77:3128/polipo/status?).
tdhite said:
Check download link -- updated version with fixes. Attached is a screenshot of hitting localhost to see polipo status. As well, you can now enter multiple CIDRs by comma separating them. That way you can turn on your WiFi, include your WiFi CIDR in the 'allowed' settings, start DnsQache with polipo enables and then hit your device via the Wifi network (e.g., http://192.168.208.77:3128/polipo/status?).
Click to expand...
Click to collapse
download link is not working,giving 404 error.
killoid said:
download link is not working,giving 404 error.
Click to expand...
Click to collapse
fixed.
tdhite said:
Check download link -- updated version with fixes. Attached is a screenshot of hitting localhost to see polipo status. As well, you can now enter multiple CIDRs by comma separating them. That way you can turn on your WiFi, include your WiFi CIDR in the 'allowed' settings, start DnsQache with polipo enables and then hit your device via the Wifi network (e.g., http://192.168.208.77:3128/polipo/status?).
Click to expand...
Click to collapse
as i am currently not in any wifi network,i cant test the link u posted.but i am posting the logs from data/data/* . hope it helps. but when i installed the new app over the old & started it,in the polipo log it was showing null.i made it right using the method u told me before.& another thing,u said it is v0.81 but in the app it shows v1.0.
tdhite said:
fixed.
Click to expand...
Click to collapse
is the proxy setting right now? attached screenshot.
killoid said:
is the proxy setting right now? attached screenshot.
Click to expand...
Click to collapse
Hi, your logs look fine, polipo is also running. It's logs will be relatively benign when operating correctly. It looks like you turned off query logging on the DNS settings -- either that or you've just not made any DNS queries yet, but dnsmasq also logged that it's redirecting. Unless you turn on Log Queries, the DNS logs will be rather silent. Just look at logcat to see them when Log Queries is on (logcat -s dnsmasq:*) -- we don't have dnsmasq log to the file system as it would grow to much.
I'll explain the CIDR a little later this evening when I'm done working. It dawns on me you might not understand how the tethering networking works, and your CIDR for the proxy needs to match the CIDR you setup for the mobile hot stop or wifi-tether.
tdhite said:
I'll explain the CIDR a little later this evening when I'm done working. It dawns on me you might not understand how the tethering networking works, and your CIDR for the proxy needs to match the CIDR you setup for the mobile hot stop or wifi-tether.
Click to expand...
Click to collapse
Note -- I put up an updated (slipstream) release of the apk file in the upload link. It has the version number correctly stated (thanks for noticing). To install it, download it, turn off the DnsQache service, install the apk, verify you got v0.81 as the version of the app, then start the service again.
Let me explain the CIDR values now, as work is over (for a break, but I'm doing some very cool coreOS and mesos stuff later on Amazon).
Anyway -- the CIDR is a network specification that you also select in your mobile hotspot / wifi-tether application. For instance, in the Android Wifi Tether app, you go to settings and select from a list of networks it will support for supplying IP addresses to the tethered devices (laptops, etc.). That network is what is critical to polipo as a proxy service. To maintain security, you can set the "allowed CIDRs" in DnsQache to limit connections that polipo will serve as a proxy to the Internet.
When you set the allowed CIDRs in DnsMasq, it lets you specify one or more networks that you want polipo to serve as as a proxy. So, I have my mobile hotspot program (native as I run a custom ROM) set the tethering network as 172.20.21.0/24 -- meaning the hotspot program will sit on 172.20.21.1 and give out to tethered devices addresses from 172.20.21.2 up to 172.20.21.254. So, for a tethered device in that range to use polipo as a proxy, you have to tell polipo (via DnsMasq settings) to accept connections from devices with addresses from the "allowed CIDRs" -- namely 172.20.21.0/24. I often add another one -- my WiFi network so I can check out the phone from other computers on my network.
As an example, let's say you setup your tethering app to use the network 10.10.10.0/24 as your tethering network. But you also want to let your home computer open the stats page on the phone just to make sure stuff is to your liking (or even the polipo configuration page). Further, let's say that you have WiFi turned on on your phone, and your home WiFI network is 192.168.1.0/24, and your phone got an address of 192.168.1.110. You might setup the allowed CIDRs as:
10.10.10.0/24, 192.168.1.0/24
Then, restart the DnsQache service. After that, you should be able to see the polipo config page from your phone ( by going to http://localhost:3128/polipo/config? ) or any tethered device (by going to http://10.10.10.1:3128/polipo/config? ) or your home network (by going to http://192.168.1.110:3129/polipo/config? ).
Now remember also -- for your tethered devices devices to get proxied internet via polipo, you have to start the mobile hotspot (or wifi-tether) and that will kill your home network connection since the WiFi is used for the tethering network.
Does that help?
tdhite said:
Hi, your logs look fine, polipo is also running. It's logs will be relatively benign when operating correctly. It looks like you turned off query logging on the DNS settings -- either that or you've just not made any DNS queries yet, but dnsmasq also logged that it's redirecting. Unless you turn on Log Queries, the DNS logs will be rather silent. Just look at logcat to see them when Log Queries is on (logcat -s dnsmasq:*) -- we don't have dnsmasq log to the file system as it would grow to much.
Click to expand...
Click to collapse
well,hadn't made any dns queries then so it didnt show up in the log.but later i saw dns is lock & loaded.
---------- Post added at 11:39 AM ---------- Previous post was at 11:29 AM ----------
tdhite said:
Note -- I put up an updated (slipstream) release of the apk file in the upload link. It has the version number correctly stated (thanks for noticing). To install it, download it, turn off the DnsQache service, install the apk, verify you got v0.81 as the version of the app, then start the service again.
Click to expand...
Click to collapse
it is correct now. :good:
Let me explain the CIDR values now, as work is over (for a break, but I'm doing some very cool coreOS and mesos stuff later on Amazon).
Anyway -- the CIDR is a network specification that you also select in your mobile hotspot / wifi-tether application. For instance, in the Android Wifi Tether app, you go to settings and select from a list of networks it will support for supplying IP addresses to the tethered devices (laptops, etc.). That network is what is critical to polipo as a proxy service. To maintain security, you can set the "allowed CIDRs" in DnsQache to limit connections that polipo will serve as a proxy to the Internet.
When you set the allowed CIDRs in DnsMasq, it lets you specify one or more networks that you want polipo to serve as as a proxy. So, I have my mobile hotspot program (native as I run a custom ROM) set the tethering network as 172.20.21.0/24 -- meaning the hotspot program will sit on 172.20.21.1 and give out to tethered devices addresses from 172.20.21.2 up to 172.20.21.254. So, for a tethered device in that range to use polipo as a proxy, you have to tell polipo (via DnsMasq settings) to accept connections from devices with addresses from the "allowed CIDRs" -- namely 172.20.21.0/24. I often add another one -- my WiFi network so I can check out the phone from other computers on my network.
As an example, let's say you setup your tethering app to use the network 10.10.10.0/24 as your tethering network. But you also want to let your home computer open the stats page on the phone just to make sure stuff is to your liking (or even the polipo configuration page). Further, let's say that you have WiFi turned on on your phone, and your home WiFI network is 192.168.1.0/24, and your phone got an address of 192.168.1.110. You might setup the allowed CIDRs as:
10.10.10.0/24, 192.168.1.0/24
Then, restart the DnsQache service. After that, you should be able to see the polipo config page from your phone ( by going to http://localhost:3128/polipo/config? ) or any tethered device (by going to http://10.10.10.1:3128/polipo/config? ) or your home network (by going to http://192.168.1.110:3129/polipo/config? ).
Now remember also -- for your tethered devices devices to get proxied internet via polipo, you have to start the mobile hotspot (or wifi-tether) and that will kill your home network connection since the WiFi is used for the tethering network.
Does that help?
Click to expand...
Click to collapse
well that helped a lot! i've understood that whole CIDRS thing much better now.but as a noob i will req u to quote this explanation about CIDRS on the 1st page. people will quit asking about CIDRS then maybe.
Hi when I set cache to 1024 after reboot it's back to 0 any ideas please great app by the way seems to boost internet quite nicely thanks
Sent from my HTC One X using Tapatalk
smeejaytee said:
Hi when I set cache to 1024 after reboot it's back to 0 any ideas please great app by the way seems to boost internet quite nicely thanks
Sent from my HTC One X using Tapatalk
Click to expand...
Click to collapse
Can you tell me what version of Android you are on? Possibly recent changed introduced a persistence bug with newer Jelly Bean file structures and file system security. Not sure, but I'll hunt it down as soon as I can. Still would like to know the version of your Android, though.
Jb 4.2.2 thanks for the reply could I also ask which is the best dns server as your app has a few choices I've only ever used Google and I tried open dns once but don't know whenever it's better or not any advise would be appreciated thanks for your work
Sent from my HTC One X using Tapatalk
Is it possible to setup an ad blocker as part of my personal vpn server? I'm unsure of exactly how ad blocker vpns work (such as ad block plus/blokada), but I'm a little hesitant/untrusting of having this vpn connection always on and running all of my traffic through it.
What would I need to do set this up myself? Alternatively, maybe someone could explain what exactly I'm exposing by having [blokada] enabled all of the time?
Thank you
EvanVanVan said:
Is it possible to setup an ad blocker as part of my personal vpn server? I'm unsure of exactly how ad blocker vpns work (such as ad block plus/blokada), but I'm a little hesitant/untrusting of having this vpn connection always on and running all of my traffic through it.
What would I need to do set this up myself? Alternatively, maybe someone could explain what exactly I'm exposing by having [blokada] enabled all of the time?
Thank you
Click to expand...
Click to collapse
I'm kinda confused by your question in the first part. On what hardware do you intend to do the blocking? on your android device or on a remote/local server? if you intend to do that on android, then here are some things to consider:
There is the Root method, which I assume based on your question you don't want.
Then there is the rootless method, which is basically an exploit of a loophole in how android handles VPNs. Apps like Blokada and such supposedly establish a VPS locally and block DNS blacklisted requests by leveraging the VPN permission. you can use different apps to monitor them and see what goes out, but you most likely won't find anything suspect.
If you're that paranoid, I suggest using the web server feature in the Adaway app, which lets you use your own host list/DNS block list, sign it yourself for your phone to Trust (as trusted agent or CA certificate) and apply. Ofc doing it with adaway takes away (literally) the convenience of a self updated list, so you have to find your own lists and update it regularly for maximum block-ness.
Slim K said:
I'm kinda confused by your question in the first part. On what hardware do you intend to do the blocking? on your android device or on a remote/local server? if you intend to do that on android, then here are some things to consider:
There is the Root method, which I assume based on your question you don't want.
Then there is the rootless method, which is basically an exploit of a loophole in how android handles VPNs. Apps like Blokada and such supposedly establish a VPS locally and block DNS blacklisted requests by leveraging the VPN permission. you can use different apps to monitor them and see what goes out, but you most likely won't find anything suspect.
Click to expand...
Click to collapse
Thank you, that is super helpful information on how ad blockers work on non-rooted devices. I am not rooted (after Google started automatically updating Pixels I decided the hassle of manually flashing updates and the loss of Android Pay (at the time) wasn't worth it).
I have a Wireguard VPN server on a FreeNAS server at my house. I'm not sure what blokada can track and/or conceivably redirect my traffic using their own DNS server (?). If I can set up a "VPS" and DNS blocking using publicly available lists through my own VPN or a FreeNAS jail/port or my router, I'd prefer to do that.
Maybe I'm overthinking this though haha...
Thanks
EvanVanVan said:
Thank you, that is super helpful information on how ad blockers work on non-rooted devices. I am not rooted (after Google started automatically updating Pixels I decided the hassle of manually flashing updates and the loss of Android Pay (at the time) wasn't worth it).
I have a Wireguard VPN server on a FreeNAS server at my house. I'm not sure what blokada can track and/or conceivably redirect my traffic using their own DNS server (?). If I can set up a "VPS" and DNS blocking using publicly available lists through my own VPN or a FreeNAS jail/port or my router, I'd prefer to do that.
Maybe I'm overthinking this though haha...
Thanks
Click to expand...
Click to collapse
I can relate heavily on the google pay front, but I'm a power user through and through. not having total control freaks me out so root is a must for me, so i gave up using it.
Regarding the host/adblock setup, i do think you're overthinking it. A router with openwrt is basically 80% already pre-configured with dnscrypt and the tools necessary. Using FreeNAS jail, there are sooooo many tuts online for that, i won't even need to tell you how myself. Personally, I use a PI-hole in my home and wireguard/cha cha20 protocol on my router, the webserver feature from adaway on my phone and haven't seen an ad in almost 2 years now.
Slim K said:
I can relate heavily on the google pay front, but I'm a power user through and through. not having total control freaks me out so root is a must for me, so i gave up using it.
Regarding the host/adblock setup, i do think you're overthinking it. A router with openwrt is basically 80% already pre-configured with dnscrypt and the tools necessary. Using FreeNAS jail, there are sooooo many tuts online for that, i won't even need to tell you how myself. Personally, I use a PI-hole in my home and wireguard/cha cha20 protocol on my router, the webserver feature from adaway on my phone and haven't seen an ad in almost 2 years now.
Click to expand...
Click to collapse
Pi-Hole in a jail seems like it's exactly what I'm looking for. I'll look into getting that set up. Thank you!
EvanVanVan said:
Is it possible to setup an ad blocker as part of my personal vpn server? I'm unsure of exactly how ad blocker vpns work (such as ad block plus/blokada), but I'm a little hesitant/untrusting of having this vpn connection always on and running all of my traffic through it.
What would I need to do set this up myself? Alternatively, maybe someone could explain what exactly I'm exposing by having [blokada] enabled all of the time?
Thank you
Click to expand...
Click to collapse
All you need is to maintain the hosts file in Android's /system/etc.
Basically there's two things I'm trying to accomplish. The first thing is to be able to SAFELY access my pc when I'm not at home. The second is to be able to log onto my local network from the outside world and make it look as if the traffic originates from there.
At home on my local wifi I often access my PC using Remote Desktop. I'd like to safely be able to do the same thing from a phone or external PC. I'm under the impression that the best way to do this was with a VPN but the precise what and how eludes me. My best current guess is to setup a VPN Server on my wifi router but does that mean any generic VPN software I install on my phone can get through? I'm really just guessing but possibly this will accomplish both things I'm trying to do.
Additionally I could also setup a VPN Client on the wifi router which would provide VPN protection to any device logged onto my lan without having to install anything on every tablet in my household.
Added to this is that I've used Kaspersky antivirus for over 20 years on my pc's and VPN just became free with the package so I've used the 3 licenses I get on my PC and my and my wife's phones. Hopefully I can use my Kaspersky VPN to access the DDNS that I got free from ASUS to complete the circle.
It should be clear from this discussion that I'm grasping at straws, I've googled a bunch of confusing and potentially conflicting information along with everybody and his brother that wants to sell something VPN related.
I'm also posting this on the Windows 10 Help forum as here and there is where I get most of my technical advice.
Look inside here:
How to Build Your Own VPN (and Why You Might Want to)
Ever thought of creating a VPN from scratch but didn't know where to start? Get answers to all your questions in this comprehensive guide.
vpnoverview.com
As far as I know, there are many models of home router with built-in VPN server capabilities. Check your router's manual at first.
James_Watson said:
As far as I know, there are many models of home router with built-in VPN server capabilities. Check your router's manual at first.
Click to expand...
Click to collapse
I'm goimg forward on the basis that all I need to do what I want is the Router's built-in server, along with an Asus provided DDNS, to allow VPN connection from my outside devices and the Router's built-in VPN Client to give VPN protection to all devices within my local wifi. I bought the router with this capability in mind as well as speed improvements over my old router. It's the Asus RT-AC86U router and it "should" do the above as well as allow externally connected devices to act as if originating from my home system.
It may take me a bit to do this but I'll report back once I have an answer.
jwoegerbauer said:
Look inside here:
How to Build Your Own VPN (and Why You Might Want to)
Ever thought of creating a VPN from scratch but didn't know where to start? Get answers to all your questions in this comprehensive guide.
vpnoverview.com
Click to expand...
Click to collapse
Thanks for the response. I looked at a number of how to guides, the one I'm going forward with is how-to-easily-access-your-home-network-from-anywhere.
I have an issue with setting up the VPN Server Client on my router (Asus RT-AC86U) that I have a service call in with Asus for, so the VPN Client side is on hold for a bit.
I was able to successfully configure the VPN Server (at least the OpenVPN protocol section) and setup a DDNS. From what I read this should be sufficient to allow an external device to login to my home system but I've seen no guide that describes this final step.
Do I simply use Remote Desktop on the external device to logon to my PC through the DDNS while the VPN (in OpenVPN protocol in this case) is enabled?
That would mostly work but what I really would like would be for the external device appear to be on my local wifi and not on the local PC itself. How do I do that?
Can anyone point me in the correct direction?
I did just find another piece of information the may apply here. In one of the guides I read the following:
"save the OpenVPN configuration file which will be used by the remote device to access your router."
There was a client.ovpn file generated during the router's VPN Server setup. The above sentance implies that I need to somehow get the VPN software on the external device to use this file and then I'll be able to logon to my home system. Can anyone shed more light on this?
*** Update ***
I was able to setup the OpenVPN Server on my ASUS RT-AC86U router and it does allow me to safely access my home LAN from anywhere. I can login to my home router's user interface and use Remote Desktop to login to my PC. Also since the VPN changes my IP address to that of my home system everything works as it would if I was actually there.
The one thing I haven't been able to do is access my pc's shared drive.
Anyone have any clue how to fix that?
Finally I also tried to setup the VPN Client on the router to access the VPN Server. ASUS said you should be able to do that but it results in an IP conflict that their tech support hasn't yet solved.
The benefit of using the router's VPN client is that any device on my local wifi is automatically protected by a VPN without installing anything on the device. The point is somewhat moot since all each device needs is a free app and the config file created by the VPN Server.
I did look at setting up a VPN Server on my Win 10 PC, but it looked like too much work and too much chance of messing something up, to attempt.