Related
I've been struggling with OpenVPN on my Vario III on T-Mobile and hope someone can throw me a bit of a lifeline.
I can connect to my OpenVPN (running on my WRT54GS router) via wifi but the problem is when I try over 3G. Even when I've specified the provider and ticked "exclusive", it manages to connect to my OpenVPN server but I get no further connectivity (to webpages etc).
As said, via wifi this config on my Kaiser works perfectly...
Code:
remote xxxxxx.homeip.net
port 22
dev tap
secret "\\Program files\\OpenVPN\\config\\secret.key"
proto tcp-client
resolv-retry infinite
nobind
comp-lzo
cipher AES-256-CBC
route gateway 192.168.xxx.xxx
redirect-gateway
dhcp-option DNS 192.168.xxx.xxx
but when tried via 3G it seems to have a problem with setting the routing..
Code:
Mon Oct 22 21:58:00 2007 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.
Just wondering if there is something either with the T-Mobile network or the Vario III which is specifically stopping me from using OpenVPN
Or are my settings misconfigured?
I've also attached a full copy of the log.
Thanks for any help you can give (Give generously)
CP
Sounds suspiciously like a NAT traversal or proxy issue to me. On the HSDPA network, there's a proxy in the picture. I don't believe that's the case for the Edge network. That could easily be the cause of the problem.
Surely once the connection has been established the NAT issue shouldn't be a problem?
TBH I thought the route addition problem was due to the software being unable to update the local routing table?
NAT traversal issues often manifest themselves as connections that look like they're established, then die immediately. The VPN participants have to know the actual IP addresses of the devices involved, and understand that NAT is happening. Proxies also need to play a role in that process since they're effectively "standing in" for your device. And they may be configured not to permit IPSec traffic at all.
What you've described sounds exactly like NAT traversal issues - the negotiation appears to go just fine, but the actual connection dies on the vine. Since the end points don't have the right data from the negotiation (actual valid addresses to build the tunnel around), the route they try to build is invalid and fails.
In your log, it's impossible to tell since the IP addresses have been all translated to xxx.xxx.xxx.xxx. But I suspect that the ones up until the "TCP connection established with..." message are all displaying valid public IP addresses, and somewhere very shortly after that they start displaying private RFC 1918 addresses.
Proxies + NAT +IPSec = small nightmares. This is one of the reasons SSL VPNs have gained significantly in popularity.
Try Hamachi vpn
https://secure.logmein.com/products/hamachi/vpn.asp
Surur
PerfAlbion said:
In your log, it's impossible to tell since the IP addresses have been all translated to xxx.xxx.xxx.xxx. But I suspect that the ones up until the "TCP connection established with..." message are all displaying valid public IP addresses, and somewhere very shortly after that they start displaying private RFC 1918 addresses.
Click to expand...
Click to collapse
You have PM
Quick update:
I've just connected my Laptop to the internet via my Kaiser using 3G.
Ran OpenVPN and it connected without a problem.
Technically this would suggest that I should be able to connect with my kaiser but theres either a problem with my config or a bug in the PPC openvpn software :S
I haven't tried on UDP yet which will be my next test....
Any ideas?
Blimey, I didn't know there was a PPC client! I'll try it to see if it works with my setup.
Well I can't even get it to talk to my server so won't be able to help !
Fire up the card in your laptop and take a look at the IP address assigned to your machine. Since it's a different service, they may not be passing you through the proxy that's in place for the Kaiser. If you've received a public address, then you're on a "different network" even though both are 3G services.
PerfAlbion said:
Fire up the card in your laptop and take a look at the IP address assigned to your machine. Since it's a different service, they may not be passing you through the proxy that's in place for the Kaiser. If you've received a public address, then you're on a "different network" even though both are 3G services.
Click to expand...
Click to collapse
?? When you connect a laptop via BT to the kaiser, (using internet sharing) it creates a NAT which the traffic is passed over through the 3G service. Essentially using the same service..
Unless you mean the "service" between the windows software & the PPC/WM software is different?
Plus how'd you mean fire up the card in my laptop?
Cheers for your help on this btw.
I'm assuming that the Laptop data service and the PDA data service are treated differently within the AT&T network. While the PDA passes through a proxy, I suspect the laptop does not.
When I say "fire up the laptop card," I mean establish a connection and look at your IP address (ipconfig from a command prompt will show it). It may be a different IP address range than the PDA receives (which you could see using VxIPConfig or VxUtils). Even if it's within the same range, it may be bypassing the proxy.
So while you're using essentially the same technology, I suspect the services are implemented very differently, and that's what we're trying to sort out.
I dont believe it!!!
I downloaded VM Net Brower checked what IP addresses were being assigned and connected successfully! Loaded up www.whatismyip.org and it came up with the proxy of my PC at home.
Unfortunately, my phone was running incredibly slow and thought it best to do a soft reset... afterwards no matter what I do, I can't connect. I just cant figure out why or replicate what I did
Argh.. this is getting to me now... next on the agenda is to try changing the port number from 22 to 8080 or 80 and see what happens.
I searched the forums but found nothing so far regarding this subject.
AT&T is rolling out a new system as of February 1st which will capture the MAC address of devices. The purpose of this system is to keep people from illegally tethering their devices with a PC in order to use the data service. AT&T is also looking to lock customers into specific data plans depending on the type of device a person has. At this time AT&T cannot tell what type of device a person has until this new system is in place.
Does anyone know of a program which can mask or hide the MAC address for the Kaiser/Tilt/etc?
Any help would be appreciated
Keith
newbie with a Tilt
What proof do you have of this? I have never heard of it.
I would be curious as to how this will work. When tethered, your phone is, in essence, a router, and MAC addresses do not pass through a router. When a router passes traffic through it, it rewrites the data packets with its own MAC address so it can identify them coming back.
Unless I'm missing something...
Not sure.... but at least in Windows XP mac addys can be easily spoofed via a registry edit. You have me curious so I'm looking into it.
Initial research indicates MAC addys are not held in the clear. That makes spoofing more difficult than a simple registry edit. I'm open to suggestions.
All the info are completely non-sense.
1. MAC address has nothing to do w/ tethering.
2. ATT does not (and cannot) need MAC to figure out what device is using the network. They can use IMEI and I believe they are using it already.
jackleung said:
All the info are completely non-sense.
1. MAC address has nothing to do w/ tethering.
2. ATT does not (and cannot) need MAC to figure out what device is using the network. They can use IMEI and I believe they are using it already.
Click to expand...
Click to collapse
Purely academic inquiry....
Why do you say they cannot read the MAC addy?
They could probably get your IP address using ARP, but more than likely just use your device's IMEI number
jackleung said:
All the info are completely non-sense.
1. MAC address has nothing to do w/ tethering.
2. ATT does not (and cannot) need MAC to figure out what device is using the network. They can use IMEI and I believe they are using it already.
Click to expand...
Click to collapse
Of COURSE they're using your IMEI. That's how they know that your phone is on their network. That has nothing to do with what the OP was posting about.
MAC addresses have everything to do with tethering because if you had any clue about the OSI model, you would know that Layer 1 is the physical layer and Layer 2 is the data-link layer. That is where the MAC addresses are. Layer 3 is the network layer, which is where the IP addresses live.
Now, since you're transmitting TCP/IP packets across AT&T's network, you're using all 7 layers, but more importantly, you are definitely using MAC and IP addresses (layers 2 and 3).
So yes, it is important, but HOW important has yet to be determined. I doubt AT&T has the ability to track that, but I'm waiting for proof from the OP.
Well I was advised by a friend who works at the corporate headquarters in GA.
AT&T is using IMEI and the MAC address as of February. They will also be rolling out a new unlimited data plan for $30/month. Currently I have the $20 business unlimited data plan which will be no more. Depending on the type of data plan you have (PDA/Business/Smartphone) and device, your internet may be inturrupted due to the new system. For example my current $20 unlimited business2mobile data plan will no longer work on my Tilt once the new system is in place. At that point I will need to call AT&T to upgrade my data package to the new $30/month plan since older unlimited data packages will be discontinued and/or incompatible with my Tilt. From what I was told, my current data plan will not be allowed on the Tilt as it will be restricted by the IMEI of the device. Unlimited data family plans (all phones under your plan) will also be offered seperate from txt msging packages. Not sure of the pricing for the Unlimited Family data plan.
All these restrictions on the supposed "Unlimited" data plans is bull crap. If I'm paying for "unlimited" data it should not matter whether I am tethering or not, the TOS can eat me.
Sorry if I rambled, just trying to clarify the reason I started this thread.
Thanks
Lidberg said:
MAC addresses have everything to do with tethering because if you had any clue about the OSI model, you would know that Layer 1 is the physical layer and Layer 2 is the data-link layer. That is where the MAC addresses are. Layer 3 is the network layer, which is where the IP addresses live.
Now, since you're transmitting TCP/IP packets across AT&T's network, you're using all 7 layers, but more importantly, you are definitely using MAC and IP addresses (layers 2 and 3).
So yes, it is important, but HOW important has yet to be determined. I doubt AT&T has the ability to track that, but I'm waiting for proof from the OP.
Click to expand...
Click to collapse
I am working in the networking field and of course I do understand what OSI or datalink layer is about.
But if you really read the question of thread, it is asking tethering which I will assume the poster asking about if ATT able to figure out the MAC address of PC which is sharing the internet behind our Tilt. Then the answer is no, because MAC address is the physical address of next hub. From ATT network point of view, they will found Tilt mac address but not our PC. Our Tilt is like our home router, ISP can only sees it's MAC address but not the the MAC address of the internal network. That's why I said MAC address has nothing to do w/ tethering analysis.
jackleung said:
I am working in the networking field and of course I do understand what OSI or datalink layer is about.
But if you really read the question of thread, it is asking tethering which I will assume the poster asking about if ATT able to figure out the MAC address of PC which is sharing the internet behind our Tilt. Then the answer is no, because MAC address is the physical address of next hub. From ATT network point of view, they will found Tilt mac address but not our PC. Our Tilt is like our home router, ISP can only sees it's MAC address but not the the MAC address of the internal network. That's why I said MAC address has nothing to do w/ tethering analysis.
Click to expand...
Click to collapse
Perhaps I was reading too much into the OP's question. I was thinking the intention was to spoof the MAC addy presented to ATT to perhaps subvert restrictions on the data network. If the IMEA needs to be spoofed as well, then <shrug> I dunno.
I have the 19.99 media net max plan with 200 text messages and unlimited data. are they getting rid of that plan?
They have already, look:
http://www.wireless.att.com/cell-phone-service/services/services-list.jsp?LOSGId=4002301919
Keep it. Don't change it at all.
Since I already had this plan, they cant force me to change it..
They can force us to change our data plans because of the type of phone we have. They will tell use the data plan we currently have is no longer compatible with the Tilt. Sucks I know.
It worked yesterday but now won't. If I enter proxy settings into orangeinternet acp the same as orangewap then it works for http traffic but not email.
I have done a lot of setting up on the phone since it arrived yesterday but I can't think what I can have altered in the gprs settings.
I had the same issue with my Touch Cruise on the newer ROMs and it went away when I reverted to the official HTC Cruise 6.1 ROM.
Any ideas anyone?
You could always try running the network setup wizard again?
You could always try running the network setup wizard again?
Click to expand...
Click to collapse
I tried that several times - it doesn't work. I think it must be a screwed setting from setting up something like exchange server in activesync.
Everything works under wifi.
I am really hoping I don't have to do a hard reset and start all over again.
Try putting a different operator's sim in and let it set everything up for it, then put your orange sim back in and go through the auto setup again. If that doesn't work then a hardreset might be your only option. Going from your other posts in the themes, applications and software it looks like your phone is really playing up so a hardreset might be best all round, only install one thing at a time and test everything after every install and customisation until you find out what you're doing to break it, then don't do that step again.
Have you messed around at all under the network advanced options where you set things like HSDPA etc
Thanks for all the replies. I've ended up hard resetting and re-customising one thing at a time.
The thing that breaks it seems to be when I change the wifi settings. I have a non-standard wireless network at home and I have to specifiy the IP address and default gateway in the "network adaptors" settings for wifi. Once I access the network with these settings it breaks the cellular data connection!
Like I said earlier, my Cruise did this as well with the later ROM such as Udk's and C_Shekhar's. When I went back to the official HTC 6.1 ROM everything worked fine.
I have now reverted my wireless settings to standard (i.e. DHCP) and it has restored the cellular connection but, obviously the wifi doesn't work.
If I can't sort this I'll have to rethink my home network.
Sounds like you're using set IP addresses on your home network for port forwarding or something of that nature. Have another look in your router's settings as most decent ones will allow you to reserve IPs from the DHCP range for specific MAC addresses, that way when the computers or other devices ask for an IP they get given the same one every time. Things really do work much more smoothly as far as networking goes when DHCP is working. If you really do need to specify IP addresses manually then just let the router hand out addresses by DCHP from a restricted range, e.g. if you manually specify addresses from 192.168.1.2 to 192.168.1.10 then set the start address for DHCP to 192.168.1.11.
Thanks, shuflie. It's actually to do with the default gateway. I have an orange livebox doing the adsl work so I can plug a telephone in to it to get free calls. However, the wireless is useless on the livebox so I have a netgear wireless router on the network as well. The trouble is, DHCP won't work that way so I have to set each wireless device up with a dedicated IP address and direct it to the livebox as the gateway.
For some unknown reason, this breaks cellular data on winmo devices.
Anyway, until I find a solution I have removed the orange livebox from my system. I'll just have to live without the broadband phonecalls which is no big deal tbh.
I actually run a non standard network here too, a SKY ADSL router to provide the broadband access and a Netgear router which all my computers attach to. Both router are set up as DCHP servers, but the SKY box only gives out an address to the Netgear router, the Netgear hands out the IP addresses for everything else. The only drawback I've seen so far is that it seems impossible to initiate a connection from the outside world to any of the computers on my network because of the dual NAT that is happening, but that isn't necessarily a bad thing as it makes it harder to hack in from outside. I don't have to point the computer and other devices to the SKY box as the gateway, I just let the Netgear router think that the connection it is getting from the SKY box is a direct connection to the outside world. Everything seems to work just fine, no problems with network gaming on the playstation network and torrents, skype, web etc. seem to work just fine. If you can't live without the broadband calls you could give it a go.
Should have said that the SKY and Netgear routers are on different subnets, 192.168.0.x for the SKY and 192.168.1.x for the netgear.
I have a rooted N1 with cyanogen 5.0.4.1 on it.
I'm studying abroad this semester, and the university I'm at seems to have done everything they could to prevent me from connecting my phone to the internet on their network.
There is a wireless network, but it doesn't reach my room, and there's a proxy; I haven't been able to get any of the various proxy apps to work with it, at all. On a somewhat related note, since moving to cyanogen I'm not able to connect to that network anymore (wpa enterprise, tls/pap/user+pass). No real loss, since it didn't work as I couldn't get the proxy going.
The rooms have ethernet, with a static IP and mac filtering, and of course the same proxy. In addition, on the wired network in the rooms you have to connect to a vpn in order get anything other than the school's intranet
With cyanogen's rom, I have been able to connect my phone to my computer's ad-hoc network by giving it the parameters (IP, gateway, netmask, dns), that were provided to me, but I can't download anything. My only guess as to why that's not working is their static IP/mac filtering combo is not playing nicely.
I haven't ever delved very deeply into networking type stuff such as proxies, ssh tunnels, etc, so these two ideas of mine could be completely unworkable, but what I've been able to come up with is:
1. Is there a way to have my laptop keep handling all the proxy/ip/vpn nonsense, and just route http data to and from my phone? I've never dealt with ssh or anything of that sort, but I run linux so it should be pretty trivial to get it set up on the laptop's side of the equation.
2. Failing that, I'm allowed to have 3 devices with 3 different mac addresses, each of which is given a separate IP address, so I give the people in charge of the network the mac address for my phone and get an IP address for it. Then, connect to my laptop's ad-hoc network, which is on IP #1, and go to the advanced wifi settings on my N1 and set up a static IP with IP #2. Does that work, at all? This of course doesn't account for the vpn at all, but if it does in fact work I'd then move on to that.
What a ****ing brain-buster. Goodluck!
As an update, I can use cyanogen's included tethering ability, in conjunction with ConnectBot, to ssh from my phone to my computer (got that working after a bit of work, and learned something new). However, when I try to set up port forwarding in ConnectBot, it doesn't work; I don't know which ones to forward, whether to choose local or remote, and if I try to forward something below 1024 it gives me an error because of that. Does anybody know what ports I need to forward, and how to do that properly with ConnectBot?
I'm hoping somebody here can help me. I'm running cm7 on my nook color off of an sd card. For the most part, it's been great. I've been having problems recently connecting to my law school's wifi network.
I can see the network I my wifi settings -- it's listed as having 802.1x EAP authentication. I pull it up and select PEAP authentication (which is what my school says it uses) and then I enter my credentials. At this point, the Nook will connect to the network and get an IP. But that's it. No internet access. If I try to use the browser or dolphin to go to a page it'll just sort of hang there without moving.
Anyone have any ideas?
Try pinging your gateway and beyond, see if your packets are actually getting anywhere. I would think if you're getting an IP address you're okay, but who knows.
And are you sure you don't have a required proxy? There's nowhere to specify a proxy in Android, although I believe Opera it has settings for it.
So for our work Wi-Fi you have to sign in with what you already stated, but then after that I have to open up my web browser to sign in there as well.
Not sure if you have a similar situation or not.
khaytsus said:
Try pinging your gateway and beyond, see if your packets are actually getting anywhere. I would think if you're getting an IP address you're okay, but who knows.
And are you sure you don't have a required proxy? There's nowhere to specify a proxy in Android, although I believe Opera it has settings for it.
Click to expand...
Click to collapse
I don't know about cm7 but cm9 does have a menu item to specify proxy setting in the advanced menu.
Depending on the type of device providing the wireless, I've also noticed that it helps to make sure your device name doesn't have a "-" in it.
It took me quite a while troubleshooting my sisters to figure that out. In her case it was a d-link wireless that was the issue.
There was a pretty good thread on this a while back that listed a bunch of troubleshooting steps.