Some research into bypassing T-mobile’s tether restrictions reveals there are several things carriers can do to detect hotspot usage and block those packets:
-is hotspot data sent through a second anp?
-does carrier mark the packets coming through the wlan interface?
-do they filter by user agent strings?
-do they view the ttl?
-do they block urls that phones do not use?
-do they have a monitoring app pre-installed? (ex delete com.tmobile.pr via titanium backup)
Getting around these restrictions while using the native hotspot functionality requires work-arounds that I did not go far enough to successfully implement. One cannot by default edit the APNs for instance. I had to set up a duplicate, but theorize T-mobile was still routing to the hotspot APN I could not edit. With root access (which I have) it should be possible to achieve success, but I have found satisfactory non-root ways of achieving unlimited internet with MetroPCs (owned by T-mobile). I have, however, compiled a number of resources and may look back into what hacks must be used on the native app in the future. If anyone has a good guide on how you're getting hotspot with the Nougat LG V10 please post!
It stands to reason that one must use a non-native application to disguise the tether usage, or significantly modify the native one. After stalling with the mods, I pursued the non-native of attack and found (2) independent working ways to get unlimited tethered internet.
Wifi Tethering apps
I tried various wifi tether apps and without additional modifications or configuration I could not get them to work including:
-native hotspot (which works despite not having a hotspot plan, but t-mobile blocks)
-Wifi tether router by Fabio Grasso ($2.90) (requires root access)--(t-mobile was blocking the connection)—in discussion with developer on how to get working, will update. UPDATE: After back and forth with dev, he recommended using a VPN. His app does route the VPN through the hotspot connection if that feature is toggled. I have not tested. Potentially, changing the TTL of the computer may do something.
-Open Garden Wifi Tether—crashed when attempting to start service
Wifi Direct apps:
Wifi apps such as NetShare (red-themed play store entry is completely free, several paid versions) which use the native wifi direct functionality create a proxy server through which you can connect to via wifi. These DO WORK without additional modifications, but most native desktop apps on your computer cannot access the internet. All websites will load however. You have to set up your internet connection as through a proxy server on the client side but do not need to install additional software. A GOOD OPTION TO HAVE. I have found that one sometimes may need to stop and start the service to get it to give you internet access. The way I do it is start then quickly bring up the wifi menu, computer recognizes the network and connects quickly. If there is too much of a delay between starting and connecting via the client Netshare(Pro) doesn’t seem to work without a quick disable/enable afterwards.
USB tethering apps:
Rely on the phone’s native USB debugging feature in the hidden developer tools menu. (Go to about phone, software info, and tap on build repeatedly until enabled.) NO ROOT required. I tested Easy Tether ($9.99) and ClockWorkMod Tether ($4.99). Both worked well. PDAnet+ may also fall into this category but I have not researched. THIS IS MY PREFERRED METHOD so far. It is also possible to USB tether to certain types of wifi routers and thus get wifi for the home.
-There are PC, Mac, or Linux applications and drivers which must be installed on the computer side.
-Must have USB debugging enabled, and USB options set to Photo Transfer (Media Transfer does not work, and why I originally failed with ClockWorkMod…otherwise probably would have not pursued root!)
-These USB tether apps have the benefit of reducing the heat generated by your phone (no wifi signal generation), so runs cooler (think chips last longer) and uses less energy than when you have wifi hotspot enabled. For this reason, and for the phone being so handy when connected to my laptop, I actually prefer this method. Plus you have access to the pictures and DICM folders of internal storage so you can transfer stuff to the phone fairly immediately. To get full access, however, you’ll have to switch to MTTP mode, which on LG phones such as this V10 will break the internet connection. Other phones may not have this particular issue.
Bluetooth Tether apps:
Easy Tether and probably PDAnet+ support Bluetooth tether. With easy tether I wouldn’t suspect any issues at all using this.
Potential other methods WHICH SEEMED PROMISING, I sorted through a lot! For your inspiration:
-One youtuber mentioned using a desktop hospot application + PDAnet+ to get legit wifi hotspot functionality. The desktop PDAnet+ application apparently disguises the tethering operation. Video here: https://youtu.be/D98abWOkkQI
-Exposed framework and tether for rooted devices (did not try): https://highonandroid.com/android-a...n-rooted-android-att-t-mobile-sprint-verizon/
-Claims you’ll be able to tether any rooted android with this rooted wifi app and particular settings (similar to wifi tether router) https://highonandroid.com/android-a...android-smartphone-or-tablet-universal-guide/ (UPDATE: I tried, app is not compatible with the phone)
See comments section of this article for the below quotes: https://www.groovypost.com/howto/hide-data-usage-get-truly-unlimited-tethering-tmobile-one/
----------------------------------------------------------------------------
“The main issue I see people having is the lack of apn editing. This has been my setup for four years now
-Dd-wrt with iptables to edit the ttl value to 65 -Change TTL on windows PC to 65 so that it appears data is coming from the phone. (41 in hex = 65 in dec) https://social.technet.microsoft.co...o-live-ttl-in-windows?forum=w7itpronetworking
-Changed apn of hotspot to match the apn of normal mobile date. Doesn’t matter if you use fast.xxxx.com or alpha/beta BUT YOU CANT USE THE ORIGINAL HOTSPOT APN it’ll say mobile web or some ****. If you do you will be routed through their hotspot server and tracked. I’ve done this on iOS and android.
-FOR THE FOLKS THAT SAY THE VPN DOESNT WORK. Once again you MUST change the apn AND you have to make sure that your traffic is actually being routed through the VPN, in my experience on both android and iOS hotspot traffic bypass your phones VPN, and VPN on the router/computer traveling through the phone can be tracked if the phone isn’t the one using the VPN, to make it force traffic through the VPN I had to use the for data option in the tether me app on iOS. These things all work if you do it properly.”--Wifi tether router does have this VPN routing function but I have not tested.
"My COMBO works for me on T-Mobile unlimited.
Nexus 5x – rooted 6.01 with “settings put global tether_dun_required 0”
PLUS
Asus n31u router (w/ net.ipv4.ip_default_ttl = 65, bridge mod)
Works for Window 7 desktop and laptop, chromebook, and tablets. All about 80 Gigs last month”
“The TTLstands for “time to live” it is a counter on the data you send for its maximum hop count, or the number of devices it can travel through, for ever device it goes down by one, windows has a default TTL of 128, while Android has one of 64, if you change the TTL for windows to 65 when it gets to the phone the TTL will go down by one makeing it equal 64 the same as the phone. There are more adwanced way to do this so you can run a whole network off this by using a router with either DD-wrt, Tomatos or open-wrt or a dedicated pc running either pfsense, linux, or freebsd to act as a router and mangle the TTl on the fly, the benefits of this is it gets ALL of the data(windows seem to miss a small amount arohnd 5%) and its possible to edit the User agent in ways that dont mess up websites with squid and just appending the device.”
Reserved
For USB tether clients, ClockWorkMod seems to be programmed in a lower-level fashion and produce significantly less heat than running Easytether. I will be monitoring and update.
Arr123 said:
Some research into bypassing T-mobile’s tether restrictions reveals there are several things carriers can do to detect hotspot usage and block those packets:
-is hotspot data sent through a second anp?
-does carrier mark the packets coming through the wlan interface?
-do they filter by user agent strings?
-do they view the ttl?
-do they block urls that phones do not use?
-do they have a monitoring app pre-installed? (ex delete com.tmobile.pr via titanium backup)
Getting around these restrictions while using the native hotspot functionality requires work-arounds that I did not go far enough to successfully implement. One cannot by default edit the APNs for instance. I had to set up a duplicate, but theorize T-mobile was still routing to the hotspot APN I could not edit. With root access (which I have) it should be possible to achieve success, but I have found satisfactory non-root ways of achieving unlimited internet with MetroPCs (owned by T-mobile). I have, however, compiled a number of resources and may look back into what hacks must be used on the native app in the future. If anyone has a good guide on how you're getting hotspot with the Nougat LG V10 please post!
It stands to reason that one must use a non-native application to disguise the tether usage, or significantly modify the native one. After stalling with the mods, I pursued the non-native of attack and found (2) independent working ways to get unlimited tethered internet.
Wifi Tethering apps
I tried various wifi tether apps and without additional modifications or configuration I could not get them to work including:
-native hotspot (which works despite not having a hotspot plan, but t-mobile blocks)
-Wifi tether router by Fabio Grasso ($2.90) (requires root access)--(t-mobile was blocking the connection)—in discussion with developer on how to get working, will update. UPDATE: After back and forth with dev, he recommended using a VPN. His app does route the VPN through the hotspot connection if that feature is toggled. I have not tested. Potentially, changing the TTL of the computer may do something.
-Open Garden Wifi Tether—crashed when attempting to start service
Wifi Direct apps:
Wifi apps such as NetShare (red-themed play store entry is completely free, several paid versions) which use the native wifi direct functionality create a proxy server through which you can connect to via wifi. These DO WORK without additional modifications, but most native desktop apps on your computer cannot access the internet. All websites will load however. You have to set up your internet connection as through a proxy server on the client side but do not need to install additional software. A GOOD OPTION TO HAVE. I have found that one sometimes may need to stop and start the service to get it to give you internet access. The way I do it is start then quickly bring up the wifi menu, computer recognizes the network and connects quickly. If there is too much of a delay between starting and connecting via the client Netshare(Pro) doesn’t seem to work without a quick disable/enable afterwards.
USB tethering apps:
Rely on the phone’s native USB debugging feature in the hidden developer tools menu. (Go to about phone, software info, and tap on build repeatedly until enabled.) NO ROOT required. I tested Easy Tether ($9.99) and ClockWorkMod Tether ($4.99). Both worked well. PDAnet+ may also fall into this category but I have not researched. THIS IS MY PREFERRED METHOD so far. It is also possible to USB tether to certain types of wifi routers and thus get wifi for the home.
-There are PC, Mac, or Linux applications and drivers which must be installed on the computer side.
-Must have USB debugging enabled, and USB options set to Photo Transfer (Media Transfer does not work, and why I originally failed with ClockWorkMod…otherwise probably would have not pursued root!)
-These USB tether apps have the benefit of reducing the heat generated by your phone (no wifi signal generation), so runs cooler (think chips last longer) and uses less energy than when you have wifi hotspot enabled. For this reason, and for the phone being so handy when connected to my laptop, I actually prefer this method. Plus you have access to the pictures and DICM folders of internal storage so you can transfer stuff to the phone fairly immediately. To get full access, however, you’ll have to switch to MTTP mode, which on LG phones such as this V10 will break the internet connection. Other phones may not have this particular issue.
Bluetooth Tether apps:
Easy Tether and probably PDAnet+ support Bluetooth tether. With easy tether I wouldn’t suspect any issues at all using this.
Potential other methods WHICH SEEMED PROMISING, I sorted through a lot! For your inspiration:
-One youtuber mentioned using a desktop hospot application + PDAnet+ to get legit wifi hotspot functionality. The desktop PDAnet+ application apparently disguises the tethering operation. Video here: https://youtu.be/D98abWOkkQI
-Exposed framework and tether for rooted devices (did not try): https://highonandroid.com/android-a...n-rooted-android-att-t-mobile-sprint-verizon/
-Claims you’ll be able to tether any rooted android with this rooted wifi app and particular settings (similar to wifi tether router) https://highonandroid.com/android-a...android-smartphone-or-tablet-universal-guide/ (UPDATE: I tried, app is not compatible with the phone)
See comments section of this article for the below quotes: https://www.groovypost.com/howto/hide-data-usage-get-truly-unlimited-tethering-tmobile-one/
----------------------------------------------------------------------------
“The main issue I see people having is the lack of apn editing. This has been my setup for four years now
-Dd-wrt with iptables to edit the ttl value to 65 -Change TTL on windows PC to 65 so that it appears data is coming from the phone. (41 in hex = 65 in dec) https://social.technet.microsoft.co...o-live-ttl-in-windows?forum=w7itpronetworking
-Changed apn of hotspot to match the apn of normal mobile date. Doesn’t matter if you use fast.xxxx.com or alpha/beta BUT YOU CANT USE THE ORIGINAL HOTSPOT APN it’ll say mobile web or some ****. If you do you will be routed through their hotspot server and tracked. I’ve done this on iOS and android.
-FOR THE FOLKS THAT SAY THE VPN DOESNT WORK. Once again you MUST change the apn AND you have to make sure that your traffic is actually being routed through the VPN, in my experience on both android and iOS hotspot traffic bypass your phones VPN, and VPN on the router/computer traveling through the phone can be tracked if the phone isn’t the one using the VPN, to make it force traffic through the VPN I had to use the for data option in the tether me app on iOS. These things all work if you do it properly.”--Wifi tether router does have this VPN routing function but I have not tested.
"My COMBO works for me on T-Mobile unlimited.
Nexus 5x – rooted 6.01 with “settings put global tether_dun_required 0”
PLUS
Asus n31u router (w/ net.ipv4.ip_default_ttl = 65, bridge mod)
Works for Window 7 desktop and laptop, chromebook, and tablets. All about 80 Gigs last month”
“The TTLstands for “time to live” it is a counter on the data you send for its maximum hop count, or the number of devices it can travel through, for ever device it goes down by one, windows has a default TTL of 128, while Android has one of 64, if you change the TTL for windows to 65 when it gets to the phone the TTL will go down by one makeing it equal 64 the same as the phone. There are more adwanced way to do this so you can run a whole network off this by using a router with either DD-wrt, Tomatos or open-wrt or a dedicated pc running either pfsense, linux, or freebsd to act as a router and mangle the TTl on the fly, the benefits of this is it gets ALL of the data(windows seem to miss a small amount arohnd 5%) and its possible to edit the User agent in ways that dont mess up websites with squid and just appending the device.”
Click to expand...
Click to collapse
I recently been looking into this as well. I've currently been using the new pdanet with with wifi direct but it seem to be hit or miss when getting a internet connection when using the proxy method. I have a few devices where i cant install the interface so im looking for reliable method
Few scenarios im looking at. The first one you cover quite a bit, was wondering if your using IPV4 or IPV6 with your different apn settings? 2nd scenario is being able to tether when connected to wifi like from a hotel and being able to pass that to other devices and the 3rd is being able to pass along a vpn connection if connected to free wifi places
Sorry for the necropost, I just wanted to point out that currently the only method you can use to hide tethering from T-mo is PDANet with it's "Hide Tether Usage" feature.
All other methods are detected and if you have tethering, will count against your tethering allotment.
majikfox said:
Sorry for the necropost, I just wanted to point out that currently the only method you can use to hide tethering from T-mo is PDANet with it's "Hide Tether Usage" feature.
All other methods are detected and if you have tethering, will count against your tethering allotment.
Click to expand...
Click to collapse
Thanks for the heads up. Just wanted to make sure since I wanted to try the TTL method, but that is also blocked by T-Mobile correct?
TTL 65 didn't work on my computers, but 85 and 99 did. So don't be afraid to try different things.
However, the phone should be able to modify the TTL before it forwards the packet. How is there not an app that does this, or is there a setting or hack we can do to make it change the TTL as it passes through the phone?
edit: have searched more and learned some apps do, but they don't work on my phone. Not sure why.
I have metro pcs with 15gb of hotspot data.. i run out every month.. once my data runs out i use hotspotvpn. A free app on the google play store and it works for everything.. been doing it for months..never had any issues
CHEEF WALKING-FROG said:
I have metro pcs with 15gb of hotspot data.. i run out every month.. once my data runs out i use hotspotvpn. A free app on the google play store and it works for everything.. been doing it for months..never had any issues
Click to expand...
Click to collapse
Which one do you use? I saw a few that had the same name
Same here metro
13crigby said:
Which one do you use? I saw a few that had the same name
Click to expand...
Click to collapse
Im also wondering which app you're referring to. Theres quite a few with that name
CHEEF WALKING-FROG said:
I have metro pcs with 15gb of hotspot data.. i run out every month.. once my data runs out i use hotspotvpn. A free app on the google play store and it works for everything.. been doing it for months..never had any issues
Click to expand...
Click to collapse
Let me third the request. I just clocked through 8 or 9 different apps with that name. Who is the publisher?
Thanks!
Bypass With Termux
I've done this for ever and it's not going to be restricted to who you have but it will 100 percent get around any data throttling.
Download Termux app and install openssh-server on it. Go ahead and hotspot your phone, then run ifconfig inside Termux to get your current tethering local IP. It will be the only 192. spit out when you run ifconfig. Save this. Run sshd -dD inside Termux which starts an openssh server waiting to be connected to in debug mode to audit traffic. Now pop onto a PC or router you can SSH into, whatever and connect it to your hotspot from your phone. Now SSH tunnel all the traffic from the device back through the openssh server your running on the Termux app. Now that you are on the same local network you can SSH tunnel into that IP address you saved earlier. As long as you make sure all your traffic passes through the tunnel it 100 percent shows that all your internet is being used by Termux app not your hotspot app so you need no other spoofing of hops or anything because to your phone and carrier you are just using a bunch of data in termux, you do it right you will never be throttled I've used 150GB data multiple times.
Step by step > https://github.com/RiFi2k/unlimited-tethering
RiFi2k said:
I've done this for ever and it's not going to be restricted to who you have but it will 100 percent get around any data throttling.
Download Termux app and install openssh-server on it. Go ahead and hotspot your phone, then run ifconfig inside Termux to get your current tethering local IP. It will be the only 192. spit out when you run ifconfig. Save this. Run sshd -dD inside Termux which starts an openssh server waiting to be connected to in debug mode to audit traffic. Now pop onto a PC or router you can SSH into, whatever and connect it to your hotspot from your phone. Now SSH tunnel all the traffic from the device back through the openssh server your running on the Termux app. Now that you are on the same local network you can SSH tunnel into that IP address you saved earlier. As long as you make sure all your traffic passes through the tunnel it 100 percent shows that all your internet is being used by Termux app not your hotspot app so you need no other spoofing of hops or anything because to your phone and carrier you are just using a bunch of data in termux, you do it right you will never be throttled I've used 150GB data multiple times.
Click to expand...
Click to collapse
This is amazing. How do I use my Windows PC to connect to the openSSH server to create the traffic tunnel? Also, how do I force my Windows 10 traffic through the tunnel?
I am guessing with Putty and then setup SSH proxy in a browser to force traffic? Won't that only allow browser based traffic through the tunnel and not all traffic from the Windows computer?
VICosPhi said:
This is amazing. How do I use my Windows PC to connect to the openSSH server to create the traffic tunnel? Also, how do I force my Windows 10 traffic through the tunnel?
I am guessing with Putty and then setup SSH proxy in a browser to force traffic? Won't that only allow browser based traffic through the tunnel and not all traffic from the Windows computer?
Click to expand...
Click to collapse
So I am an everyday linux user and for me personally I use sshuttle to route everything back through the tunnel because it already handles the TCP over TCP problem because the guy that wrote it is a boss. This here explains that.
If I was on windows I would go with their vagrant solution because then you get the benefit of sshuttle and all your responsible for is making sure all traffic goes through the VM. Also you could use something like proxycap and putty works as well although I guess it's slow people have said.
Browser traffic can be handled with SOCKS proxies.
I feel like it's a pretty great solution overall and can benefit some people so I started a repo and I'll fully document how it works, I'm just too tired tonight so keep an eye out https://github.com/RiFi2k/unlimited-tethering and I'll step by step linux and windows for everyone as much as possible, plus if anyone else has scripts and whatnot feel free to contribute.
RiFi2k said:
So I am an everyday linux user and for me personally I use sshuttle to route everything back through the tunnel because it already handles the TCP over TCP problem because the guy that wrote it is a boss. This here explains that.
If I was on windows I would go with their vagrant solution because then you get the benefit of sshuttle and all your responsible for is making sure all traffic goes through the VM. Also you could use something like proxycap and putty works as well although I guess it's slow people have said.
Browser traffic can be handled with SOCKS proxies.
I feel like it's a pretty great solution overall and can benefit some people so I started a repo and I'll fully document how it works, I'm just too tired tonight so keep an eye out https://github.com/RiFi2k/unlimited-tethering and I'll step by step linux and windows for everyone as much as possible, plus if anyone else has scripts and whatnot feel free to contribute.
Click to expand...
Click to collapse
Thanks a lot, will read up on this. Adding your github to my bookmarks as well. :good:
RiFi2k said:
I've done this for ever and it's not going to be restricted to who you have but it will 100 percent get around any data throttling.
Download Termux app and install openssh-server on it. Go ahead and hotspot your phone, then run ifconfig inside Termux to get your current tethering local IP. It will be the only 192. spit out when you run ifconfig. Save this. Run sshd -dD inside Termux which starts an openssh server waiting to be connected to in debug mode to audit traffic. Now pop onto a PC or router you can SSH into, whatever and connect it to your hotspot from your phone. Now SSH tunnel all the traffic from the device back through the openssh server your running on the Termux app. Now that you are on the same local network you can SSH tunnel into that IP address you saved earlier. As long as you make sure all your traffic passes through the tunnel it 100 percent shows that all your internet is being used by Termux app not your hotspot app so you need no other spoofing of hops or anything because to your phone and carrier you are just using a bunch of data in termux, you do it right you will never be throttled I've used 150GB data multiple times.
Step by step > https://github.com/RiFi2k/unlimited-tethering
Click to expand...
Click to collapse
Had any user tried this already and confirm that it works with metropcs?
Pdanet+ documentation details that only usb tether+hide tether usage works with metropcs. It took me a while to go around all of it, but I haven't tested due to I want to switch carriers to metropcs.
RiFi2k said:
I've done this for ever and it's not going to be restricted to who you have but it will 100 percent get around any data throttling.
Download Termux app and install openssh-server on it. Go ahead and hotspot your phone, then run ifconfig inside Termux to get your current tethering local IP. It will be the only 192. spit out when you run ifconfig. Save this. Run sshd -dD inside Termux which starts an openssh server waiting to be connected to in debug mode to audit traffic. Now pop onto a PC or router you can SSH into, whatever and connect it to your hotspot from your phone. Now SSH tunnel all the traffic from the device back through the openssh server your running on the Termux app. Now that you are on the same local network you can SSH tunnel into that IP address you saved earlier. As long as you make sure all your traffic passes through the tunnel it 100 percent shows that all your internet is being used by Termux app not your hotspot app so you need no other spoofing of hops or anything because to your phone and carrier you are just using a bunch of data in termux, you do it right you will never be throttled I've used 150GB data multiple times.
Step by step > https://github.com/RiFi2k/unlimited-tethering
Click to expand...
Click to collapse
Hey bro!! Thank you !!
This is great idea, I would try it on my country to see if this works
myself379 said:
Hey bro!! Thank you !!
This is great idea, I would try it on my country to see if this works
Click to expand...
Click to collapse
For sure! See the nice thing about this method is that your phone doesn't register any of the data used as coming from the tethering app, it 100% all gets attributed to the Termux app because of the SSH tunnel. So basically there is no way for anyone at your carrier to know, or prove that you actually were tethering at all. If you open up the apps section and check out the part where it shows you how much data each app used you will see what I mean. So basically it really doesn't matter what country / carrier / phone you have, as long as you have access to be able to tether and you have a computer you can use for the SSH tunnel it's impossible for them to throttle you because they can't prove you actually used the data tethering. When you read the fine print about them throttling it basically says the same thing, if they can't definitively prove the data came from tethering it doesn't go on your tethering cap.
Hello RiFi2k,
OK, thanks for the information. I'm trying to translate this into a windows environment(Windows 10 phone and PC).
Here is what I have so far, but a few of your points are unclear. A little clarity would be fantastic.
Translation for Windows 10 phone
Since, I'm on a windows phone there is no Termux app. I guess Termux is used to install the SSH server and gain access to a command prompt, correct?
1. Ok since openssh server is built into the windows phone OS and I can access the command prompt via putty, I should be fine, right.
2. Generate key pair and stored public key on phone. Working fine.
3. Hotspot connection to phone.
4. Run ipconfig(windows) on phone or local machine. On local machine, gateway address is the needed ip, same as hotspot address on phone.
5. SSH Server is started on phone once the phone is placed in development mode.
Can't put server in debug mode on phone, but I'm pretty certain that it's hard coded to listen on port 22.
6. Your instructions on github.com have duplicated the step number 5, which should be 6 and I am having a little trouble sorting through it.
7. I guess the only way to tunnel to the phone is to run a putty session from the Windows machine configured per your instructions.
Are these commands executed on the device or phone?:
ssh -D 8123 -fqgN [email protected].1 -p 22 (ssh client)
sshuttle -r [email protected].1:22 0.0.0.0/0 0.0.0.0 (sock proxy)
Either way, I will need to use putty for the SSH Client portion. What are the switches in your example "-fqgN"? Are the switches concatenated?
-f Specifies a per-user configuration file.
-q Quiet mode
-g Allows remote hosts to connect to local forwarded ports.
-N ???
And finally, depending on where the above commands are run, I will need to find a sock proxy solution, if I want all traffic going through the tunnel.
Again, thanks for all your hard work.
davy4620 said:
Hello RiFi2k,
OK, thanks for the information. I'm trying to translate this into a windows environment(Windows 10 phone and PC).
Here is what I have so far, but a few of your points are unclear. A little clarity would be fantastic.
Translation for Windows 10 phone
Since, I'm on a windows phone there is no Termux app. I guess Termux is used to install the SSH server and gain access to a command prompt, correct?
1. Ok since openssh server is built into the windows phone OS and I can access the command prompt via putty, I should be fine, right.
2. Generate key pair and stored public key on phone. Working fine.
3. Hotspot connection to phone.
4. Run ipconfig(windows) on phone or local machine. On local machine, gateway address is the needed ip, same as hotspot address on phone.
5. SSH Server is started on phone once the phone is placed in development mode.
Can't put server in debug mode on phone, but I'm pretty certain that it's hard coded to listen on port 22.
6. Your instructions on github.com have duplicated the step number 5, which should be 6 and I am having a little trouble sorting through it.
7. I guess the only way to tunnel to the phone is to run a putty session from the Windows machine configured per your instructions.
Are these commands executed on the device or phone?:
ssh -D 8123 -fqgN [email protected].1 -p 22 (ssh client)
sshuttle -r [email protected].1:22 0.0.0.0/0 0.0.0.0 (sock proxy)
Either way, I will need to use putty for the SSH Client portion. What are the switches in your example "-fqgN"? Are the switches concatenated?
-f Specifies a per-user configuration file.
-q Quiet mode
-g Allows remote hosts to connect to local forwarded ports.
-N ???
And finally, depending on where the above commands are run, I will need to find a sock proxy solution, if I want all traffic going through the tunnel.
Again, thanks for all your hard work.
Click to expand...
Click to collapse
Ok, so the N is `-N Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only).` reference https://linux.die.net/man/1/ssh
It's completely fine if you don't have debug mode on when you start the sshd server on your phone, you actually don't technically need any flags. One is debug and one is detached so it runs in the background, which you are generally going to want.
Both those commands are run on your computer, but you only use one or the other. Follow my link to sshuttle they have information for using it on Windows, it will transparently route all your traffic through the tunnel for you already so it's way better than anything else.
So just to recap, you start the sshd (ssh server) on your phone and it will spit out a port. Then you go to your PC and ssh or sshuttle (ssh client) connect to your phone.
I'm around if you need more help!
---------- Post added at 12:44 AM ---------- Previous post was at 12:40 AM ----------
Also once you get it working on Windows with your phone if you don't mind letting me know what version of Windows and what model your phone is, and where the directions hung you up, because I'll mention it all to help the next person.
Thanks for the quick reply. I'm going to have to dig a little deeper. It looks as if Microsoft is doing some kind of filtering on the WiFi interface and blocking this approach. Again, thanks for the great start.
Related
I want to set my Mum's new tablet so that it can only access the Internet via the SSH server running on her Buffalo router (with Tomato firmware).
I've got the server working and accessible remotely and so far the only app I've found that has a Global Proxy setting to redirect everything via the SSH server is SSHTunnel, although I gather that it's not totally reliable when connections drop/change and I can't expect my Mum to cope with monitoring it and re-enabling it manually. When it's disabled, all traffic will just go over local connection unencrypted so that's a concern.
Ideally there'd be some way to setup the SSH settings at a system level, with no way to disable them and force all the traffic go out like this but I'm not sure if there is any way to achieve this.
The other part is setting a firewall (AFWall+ or Android Firewall seem to be the main ones) to only allow traffic via the SSH server. I'm not sure what whitelist rules would be required for this. For example, SSHTunnel connects to the server at x.x.x.x:x, so I presume I'd need a rule to allow connections to this address and this port (I had a quick play with the Avast firewall, which only allows creating custom rules for IP or port, so I'd need two rules with that and it doesn't allow entering the DynDNS name, only a IP address, so that's no good).
Then SSHTunnel has a Local Port (1984) and remote addressort (127.0.0.1:3128) so I presume I'd need rules to allow all of those as well (I'm not sure which of these need to be incoming/outgoing or both). Then there's the question of whether I need to allow other ports like DNS (53) and so on, or if that all goes over the SSH tunnel and doesn't require setting allow rules specifically.
It might be that a VPN server would be more suitable for what I'm trying to acheive than a SSH server and I think the Tomato firmware on the router has that facility (or if the version currently flashed doesn't, there's probably another version I could flash that does), so if that's the case, I'd appreciate advice on locking it down that way instead. Android has built-in VPN support, so it might be possible to use that but it depends on whether it will auto-connect and stay connected all the time or if it requires user intervention and I'll still need to setup firewall rules to prevent data being sent without the VPN in case it does get disabled.
Another issue is whether these firewall rules will prevent the device even being able to connect to any public Wi-Fi points before redirecting the traffic via the SSH/VPN server, which would obviously be no good.
OK, maybe there's another way
I was thinking of setting up a VPN on a Raspberry Pi installed at my parent's house, as they have reasonable broadband speeds, something like 100/10MB. Is there anyway that I could setup my Mum's tablet so that it passes everything through the VPN whether at home or away, so that she doesn't have to worry about toggling the VPN or firewall?
I can point it to the No-IP domain name I've setup but then I think every request would go out onto the Internet (albeit encrypted) before coming back in to the VPN, which would then have to go out again to retrieve whatever webpage, etc is being requested, which would obviously be stupid. If I point it to the LAN IP of 192.168.1.66, that will avoid doing that when at home but won't work when away.
So, any ideas?
New Nexus 5 (2 weeks old) and currently running Stock / Rooted. I have successfully connected my phone to my work VPN, and other VPN networks that I use but the issue is when tethering with USB (may be the same with wifi) my IP address is still my cell providers network. Everyone else at work has an app they use to tether with their blackberry and I had to be cool and switch to Android first with the Nexus.
Is it possible to route the VPN traffic on the phone through USB tethering to mac or pc?
reflekt said:
New Nexus 5 (2 weeks old) and currently running Stock / Rooted. I have successfully connected my phone to my work VPN, and other VPN networks that I use but the issue is when tethering with USB (may be the same with wifi) my IP address is still my cell providers network. Everyone else at work has an app they use to tether with their blackberry and I had to be cool and switch to Android first with the Nexus.
Is it possible to route the VPN traffic on the phone through USB tethering to mac or pc?
Click to expand...
Click to collapse
Yes, run VPN client on your MAC/PC, it goes through the tether to use you phone as modem, VPN layered begins in the PC through the tether.
The only thing I've ever had to worry about is Android and windows has different encryption defaults, you might have to toggle options til it works.
nigelhealy said:
Yes, run VPN client on your MAC/PC, it goes through the tether to use you phone as modem, VPN layered begins in the PC through the tether.
The only thing I've ever had to worry about is Android and windows has different encryption defaults, you might have to toggle options til it works.
Click to expand...
Click to collapse
Thanks. Yeah, I was hoping it was possible on the phone itself. Our PC's get reimaged everyday (stupidly strict with the work computers) and have to start fresh and input the settings again.. and again.. and again. It would have just been one less thing to worry about.
reflekt said:
Thanks. Yeah, I was hoping it was possible on the phone itself. Our PC's get reimaged everyday (stupidly strict with the work computers) and have to start fresh and input the settings again.. and again.. and again. It would have just been one less thing to worry about.
Click to expand...
Click to collapse
What exactly are you trying to accomplish?
nigelhealy said:
Yes, run VPN client on your MAC/PC, it goes through the tether to use you phone as modem, VPN layered begins in the PC through the tether.
The only thing I've ever had to worry about is Android and windows has different encryption defaults, you might have to toggle options til it works.
Click to expand...
Click to collapse
nigelhealy said:
What exactly are you trying to accomplish?
Click to expand...
Click to collapse
Connect to my work network over VPN through the phone (which works) & then tether that connection to my work pc (which has some crazy restrictions).
- I connected to my work VPN on my phone using the built in Android VPN.
- Everything on the phone acts like it is suppose to, I can get on the INTRAnet, browse network drives, etc...
- I can tether the phone through USB with no issue however none of the traffic is routed through the VPN connection.
I don't really care about any tethering limits with networks as we have unlimited (including tethering) with Verizon, AT&T and T-Mobile. I tried a couple of the tricks I am finding out but noting is letting me route my phones VPN traffic over the tether.
- Made sure changed the settings to IPv4/IPv6
- Tried out the tether hack by adding tether_dun_required 0 to the SQL
No luck so far I will keep hunting around this weekend. If nothing works I will just have to get the IT people to install some VPN app into the PC Image for me which will probably take a month or so.
reflekt said:
Connect to my work network over VPN through the phone (which works) & then tether that connection to my work pc (which has some crazy restrictions).
- I connected to my work VPN on my phone using the built in Android VPN.
- Everything on the phone acts like it is suppose to, I can get on the INTRAnet, browse network drives, etc...
- I can tether the phone through USB with no issue however none of the traffic is routed through the VPN connection.
I don't really care about any tethering limits with networks as we have unlimited (including tethering) with Verizon, AT&T and T-Mobile. I tried a couple of the tricks I am finding out but noting is letting me route my phones VPN traffic over the tether.
- Made sure changed the settings to IPv4/IPv6
- Tried out the tether hack by adding tether_dun_required 0 to the SQL
No luck so far I will keep hunting around this weekend. If nothing works I will just have to get the IT people to install some VPN app into the PC Image for me which will probably take a month or so.
Click to expand...
Click to collapse
Idea 1:
Bootable USB stick running Ubuntu 14.04, you put all your setting to your heart's content into that image, you can then use the desktop device just as a big keyboard/mouse/screen and bypass any software restrictions and leave no footprint. Ubuntu does VPN.
Then its just the F key to press, F12 say on a Lenovo and anything you save is in the USB stick so any re-imaging is irrelevant as you never use that re-imaged at all.
Idea 2:
Remote desktop capability, your remote end runs Remote Desktop servers (e.g.Citriix) then from the local PC you connect to the gateway.
Idea 3:
Try different VPN software in Android. So sounds like the VPN on the Android device is layered only ontop for the Android apps not the whole device, so you need to put the VPN layer lower down. Try instead of Android's builtin VPN capability (Settings, ....VPN) try the VPNRoot app
Idea 4:
(I got plenty more... probably you'll like Idea 3 as its easiest for you)
nigelhealy said:
Idea 1:
Bootable USB stick running Ubuntu 14.04, you put all your setting to your heart's content into that image, you can then use the desktop device just as a big keyboard/mouse/screen and bypass any software restrictions and leave no footprint. Ubuntu does VPN.
Then its just the F key to press, F12 say on a Lenovo and anything you save is in the USB stick so any re-imaging is irrelevant as you never use that re-imaged at all.
Click to expand...
Click to collapse
Thats exactly what I was thinking but I run into the issue of needing to use the proprietary work software on the PC. I might do this just for the hell of it anyway because its always fun but it will probably just add in another step not needed.
reflekt said:
Thats exactly what I was thinking but I run into the issue of needing to use the proprietary work software on the PC. I might do this just for the hell of it anyway because its always fun but it will probably just add in another step not needed.
Click to expand...
Click to collapse
Hit refresh I was mid-edit oops send, put in more ideas..... you reminded me of a related problem with PPP Widget and USB 4G dongle which is an Android issue with VPN I got a workaround.
USB bootable sticks are cool, they cost nothing really an old 2GB stick, and lets you turn any borrowed x86 device into what YOU want. Handy for if laptops have a bad boot drive or bad OS issue. Lifesafer, part of your kit. I mentioned 14.04 as it has out-the-box MMTP and knows Nexus without tweaks and it Bluetooth tethers well to Android. I'm running it
nigelhealy said:
Idea 1:
Bootable USB stick running Ubuntu 14.04, you put all your setting to your heart's content into that image, you can then use the desktop device just as a big keyboard/mouse/screen and bypass any software restrictions and leave no footprint. Ubuntu does VPN.
Then its just the F key to press, F12 say on a Lenovo and anything you save is in the USB stick so any re-imaging is irrelevant as you never use that re-imaged at all.
Idea 2:
Remote desktop capability, your remote end runs Remote Desktop servers (e.g.Citriix) then from the local PC you connect to the gateway.
Idea 3:
Try different VPN software in Android. So sounds like the VPN on the Android device is layered only ontop for the Android apps not the whole device, so you need to put the VPN layer lower down. Try instead of Android's builtin VPN capability (Settings, ....VPN) try the VPNRoot app
Idea 4:
(I got plenty more... probably you'll like Idea 3 as its easiest for you)
Click to expand...
Click to collapse
Ugh yeah, I should have tried a different VPN app as that might fix my issue. I will give VPNRoot a shot later tonight. Not that it matters for what I need done but the "hacks" I used actually shows all data I used was coming from the phone, nice to know if I ever have to pay for my own service again.
Hello everyone! Here's a nice little guide on how to tether your phone and use that ability to power a home internet network. I have done tons of trial and error to get this working with bits and pieces from numerous forums and google research. This has been working flawlessly for me and it's a "set it and forget it solution".
The reason why I wanted to do this is because I live in a rural area with no high speed ISP. My only option was to use a data capped satellite ISP that is extremely limited in ability and expensive. Without further ado my guide to achieve an unlimited, data cap free, tethered home network.
What you need:
Android phone you're willing to dedicate for full time use
Computer with windows and LAN port you're willing to dedicate for full time use
Wireless Router
A nice USB cord for your phone
A nice CAT cable
1) First thing to do is look around for an unlimited data (4glte preferred, no tethering plan needed) cellular plan. I know there are a few out there but I decided on MetroPCS due to the coverage I get and the price ($60 a month, no contract). I opted for just a sim card as I had an android phone laying around.
2) Make sure your android is unlocked if it's not on the same network you are trying to use. My phone was tied to AT&T and I had to call them to unlock it. Most carrier will do this if the phone in good standing. Meaning paid off. Or root it.
3) We will need to find out where your equipment will sit to receive the best speeds. I recommend putting your phone in "field test mode" and walk around the house. The lower number the better. I also ran a speed test in certain locations to give me a rough idea of what speeds I would be getting. If you are really serious about this set up there is equipment out there to boost cell signal in your house. I like WeBoost.
4) Download your tethering application. I have tried multiple apps but only one worked perfectly but with different hardware you might have other results. Clockworkmod Tether ($4.99) and PDAnet+ ($7.95) worked alright but I had issues with it talking to my router and clients so disconnects where frequent and frustrating. I ultimately went for EasyTether ($9.99) and it has been working fantastic. Mind you when using Clockwork and PDAnet I would be getting a DL speed of 6Mbs when my phone was 13Mbs. I don't know what would cause that but with EasyTether I am getting speeds very similar to my phone with no speed loss.
5) All three tethering applications require you to install a sister program on your computer to work. So install that on your "slave" machine. They are all about the same process, install an .exe and drivers for your phone.
6) Test that everything is working. The tethering application will have instructions on how to USB tether your phone. We need to check that it will give your slave machine an internet connection. Simply open a web browser and see if it is working.
7) Great! Now your are connected and able to surf the web! But wouldn't it be great if you could use this on all your devices? This is where the router comes in play.
8) Now I don't know what router you are using but mine is an ASUS RT-N56U and the principle should be the same. Plug your router into power and reset it with the button on the back (10 seconds). Unplug from power. Connect the CAT cable to the WAN port of the router (the one that usually connects a modem to the router) and the other end to the LAN port of your slave machine. Plug power to the router and allow it to boot up. Now on your slave machine go to Network and Sharing Center, View status on the tether connection, properties, sharing, check Allow other network users to connect through this computer's Internet connection, select the Home networking connection as the router. With everything done correctly you should be getting an internet connection to the router.
9) Now this is all fine and dandy but there are some settings in the router you can configure to make it more reliable. Our cases could be different but this is what has worked for me. I'm no networking genius by any means so my setting could not mean anything. In my experience things would work for a few mins but streaming to chromecast or connecting a mac to wireless mysteriously cut all connection. So here are my settings.
Disable MAC Filter
Disable Wireless Scheduler
Enable IGMP Snooping
Enable DHCP Server
Disable DHCP Routes
Disable Multicast routing (IGMP Proxy)
WAN Connection Type-Automatic IP
Enable UPnP
Connect to DNS Server automatically-NO
DNS Server1 8.8.8.8
DNS Server2 8.8.4.4
Everything else is default
I don't know about the NAT for all you gamers out there but I am sure there is some router configuration you can do. If anyone has ideas on how to achieve this please chime in.
10) Congratulations! You have now set up a home network with your phone and can use it like any other ISP. If you experience any issue with this process let me know and I will get back to you with an answer. I have had to do a lot of trouble shooting to get to this point.
So T-mobile is one of the most aggressive throttlers of hotspot usage out there. They basically utilize every single trick in the book to spy on your traffic and see if you are using hotspot.
User agent headers
TTL
Deep state packet
Basically the only way to get around this is to run a VPN from your phone that can tunnel traffic through the hotspot WLAN port so that any connected devices send their traffic through the VPN as a sort of proxy. Or you can use an app like PdaNet which masks all data by utilizing an endpoint client on your laptop to keep all the packet information originating from the phone.
I have tried everthing. I have root, i have edited build.prop, i have added every type of noprovisioning/DUN type command i can find through adb, I have installed magisk modules, I have edited windows TTL settings and used user agent spoofers to make it look like im browing on a mobile device.
Nothing.Ever.Works.
So I'm wonder if any of you have had any success getting unthrottled hotspot to work on t-mobile.
Hi, I am very familiar with methods for bypassing mobile data (T-mobile) throttling when hotspot is enabled.
I tried every single one of them. It doesn't work on my phone which doesn't have USB debugging enabled.
Please don't tell me to root my device or enable usb debugging. I will never do that.
I have found one solution which is kind of a pain to setup everything
And I have found one other half measure which is a bit easier to setup.
Solution one involves,
1) Downloading Termux
2) Type ifconfig to get the hotspot IP address
3) Set password with passwd
4) Type sshd -dD
5) Then over to the PC, open up my ssh client (I use bitvise)
6) Type in the hotspot IP address and the listening port from step 4
7) Go to services tab and enable socks/HTTP proxy forwarding. Set listen interface at 127.0.0.1:12345
8) Go to PC global proxy settings and type in 127.0.0.1:12345
9) Check the speed to see that it is not throttled
10) I was getting 10-50 mbps now
Solution two involves,
1) Downloading proxy server app
2) setup a shadowsocks server at hotspot ip:random port with aes-256-gcm encryption
3) Go to the PC and download shadowsocks program.
4) Add server ip as the hotspot ip. Add server port as the random port assigned in step 2, add password
5) Right click on the tray icon and set system proxy as global.
6) Check to see that speed is not throttled at 600kbps
7) I found out that it was now throttling at 3mpbs instead of 600kpbs
Problems I am facing.
1)DHCP assigns random IP to the hotspot IP whenever you turn on / off the hotspot.
There is no way to assign static IP without root. So I like solution 2 because the proxy server app automatically updates shows me the hotspot IP and I can simply click it to set it. With solution 1, I have to go to termux and ifconfig everytime to get my ip address.
2) The shadowsocks solution is slower at 3mbps max speed compared to solution 1. Although it's better than the 600kbps throttle, I still don't know why it is being throttled at 3mbps. Anyone know how to fix this?
3) I would like to mask my internet activity on my PC from my mobile provider with a VPN or something. Everytime I enable the VPN on the PC on top of everything, Then I'm back to being throttled at 600kbps.
If I enable VPN on phone before setting up shadowsocks, then it doesn't work. My end goal is to prevent my carrier from knowing what I'm browsing on my PC that is connected up to the shadowsocks being hosted on my phone using the mobile data. How to achieve this?
Thank you.