Related
Hi, I'm doing some porting for the phone.
Everything goes fine but except...
# iptables -A INPUT -p tcp --sport 80 --tcp-flags FIN,SYN,RST,ACK SYN,ACK -m state --state ESTABLISHED -m set --match-set NOCLIP src -j ZHANG
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables v1.3.7: Couldn't find match `set'
A patched ipset works and the kernel modules of it seems to be loaded correctly and I can define sets.
# ipset -L GOOGLE
Name: GOOGLE
Type: nethash
References: 1
Header: hashsize: 225 probes: 1 resize: 50
Members:
64.233.160.0/19
8.6.48.0/21
64.68.88.0/21
4.3.2.0/24
66.249.64.0/19
173.194.0.0/16
8.8.8.0/24
74.125.0.0/16
8.8.4.0/24
216.239.32.0/19
209.85.128.0/17
66.102.0.0/20
72.14.192.0/18
64.68.80.0/21
So there are problems with iptables.
I've looked into external/iptables/Android.mk and found that set is not enabled, and, this version of iptables seems don't know --match-set. Abort.
And I also tried the latest one which version number is 1.4.7 on github but I can't get it compiled.
And if you are Chinese and you are interested in FanQiang(f***ing GFW) contact me and let's do it together. As far as I know now only tor works on Android phone except VPN.
Is there a way to change the MAC address functionally, so that other devices think it has that address?
I have tried these methods (tiwlan0 corresponds to the wifi mac, no, it's not eth0)
In ADB: # ip link set tiwlan0 address 00:12:f0:dd:cc:dc
error: ip: SIOCSIFHWADDR: Operation not supported on transport endpoint
In terminal emulator on the phone: ip link set tiwlan0 address 00:12:f0:dd:cc:dc
error: ip: socket: operation not permitted
I have heard that some do change it but it reverts when communicating with a device.
It is working via fastboot.. There was a method somewhere in the Hero section.
Does this work on the G1?
Yes, it works flawlessly.
forum dot xda-developers dot com/showthread dot php?t=686789&highlight=mac+address+fastboot
Or search for mac fastboot in hero development forum.
On demand!
But how to do it on demand?
I usually can't launch fastboot in the airport
Removed...
I don't know why or how but my mac address changes everytime I turn on the wifi to random mac address from texas instruments instead of motorola mobility
Sent from my XT720 using xda premium
take a look here:
http://forum.xda-developers.com/showthread.php?t=1244982&highlight=mac
probably the offending part is here:
Code:
service wlan_loader /system/bin/wlan_loader \
-f /system/etc/wifi/fw_wlan1271.bin -i /system/etc/wifi/tiwlan.ini \
[b] -e /pds/wifi/nvs_map.bin [/b]
class post-zygote_services
disabled
oneshot
and more preciously in pds/wifi/nvs_map.bin
probably the wlan_loader doesn't look there, or doesn't interpret it right ..
but without additional info it is just speculation ...
basically when the wireless module is unloaded, you don't have wlan0 interface.
when you (actually the phone services) load the module, then wlan0 appears, but with 00:00:00:00:00:00 mac address (if the module is the stock one)
after wlan_loader do his job, the mac address is changed to the one specified in the nvs_map.bin file
p.s. I did not check the above statement now, it is from my memories, when i had trouble with my phone mac ....
I also posted this on the OpenVPN forums but figured someone here may have experienced a similar problem or at least have ideas for what to do next.
My goal is to be able to connect my android phone via OpenVPN to my home network.
I started by installing OpenVPN 2.2.2
my config folder looks like this
Code:
ca.crt
dh1024.pem
server.crt
server.key
server.ovpn
My Server.ovpn contains.
Code:
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
;push "redirect-gateway def1 bypass-dhcp"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# The addresses below refer to the public
# DNS servers provided by opendns.com.
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
;user nobody
;group nobody
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log openvpn.log
;log-append openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 6
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
I used this to generate a .p12 for my phone.
Code:
openssl.exe pkcs12 -export -in phone.crt -inkey phone.key -certfile ca.crt -name phone -out phone.p12
My port is forwarded correctly and software firewall is disabled.
This is what I get in the log.
pastebin: gPCBwWE1
And then the connection reset by peer will simply repeat.
I have tried tcp, different ports, recreating keys and directly connecting my comp to the internet.
Any suggestions on where to go from here would be helpful.
I have tried Googling quite a bit but there isn't much out there.
Thanks.
Hi All,
It is know that IP exclusion is almost impossible using Android VPN Service API in NON ROOTED Device.
But I have rooted device . So I first connect VPN ( openvpn ).
After than from ADB ROOT SHELL - I run following command
./route add -net <<DESTINATION_IP>> netmask 255.255.255.255 gw 192.168.1.1
For example if I run following command
./route add -net 141.101.120.15 netmask 255.255.255.255 gw 192.168.1.1
All traffic to whatismyip DOT com/ go directly ( Not passing through VPN )
Hence whatismyip.com reports my Local ISP IP in Its home page.
By these way I could exclude IPs from VPN path. This is working fine in ICS and Jelly without any issue.
But this same procedure not working in KITKAT. I tested both in 4.4.2 and 4.4.4
If I modify route, traffic still goes through VPN path. Whatismyip.com displaying VPN Server IP in its home page.
My KITKAT routing table shows following same as ICS and jelly. Command is successfully executed in routing table..But just not working..
Can anybody please point out what changes I need to make for KITKAT.
Thank you
----Fresh Routing Table -----
Code:
ip route
default via 192.168.1.1 dev wlan0
default via 192.168.1.1 dev wlan0 metric 324
192.168.1.0/24 dev wlan0 scope link
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.2 metric 324
192.168.1.1 dev wlan0 scope link
----- After VPN Connected------
Code:
ip route
default via 192.168.1.1 dev wlan0
default via 192.168.1.1 dev wlan0 metric 324
172.22.1.4/30 dev tun0 proto kernel scope link src 172.22.1.6
192.168.1.0/24 dev wlan0 scope link
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.2 metric 324
192.168.1.1 dev wlan0 scope link
------ After whatismyip dot com [141.101.120.15] exclusion ------
Code:
ip route
default via 192.168.1.1 dev wlan0
default via 192.168.1.1 dev wlan0 metric 324
[B]141.101.120.15 via 192.168.1.1 dev wlan0[/B]
172.22.1.4/30 dev tun1 proto kernel scope link src 172.22.1.6
192.168.1.0/24 dev wlan0 scope link
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.2 metric 324
192.168.1.1 dev wlan0 scope link