IPv6 Privacy Extensions - Droid Incredible Android Development

I just tested Privacy Extensions successfully under Virtuous 3.2.0 using the following command:
sysctl -w net.ipv6.conf.default.use_tempaddr=2
However I'd like to make the change permanent. Would it be better to create /etc/sysctl.conf which currently does not exist on my device, or add it to the /sys/module/ipv6/parameters directory? I tried the later, but was unable to create the file. Any ideas?
# pwd
/sys/module/ipv6/parameters
# echo 2 > use_tempaddr
cannot create use_tempaddr: directory nonexistent
code.google.com/p/android/issues/detail?id=14013

I'm on a Galaxy S but it doesn't matter.
I used the command from there https://bugs.launchpad.net/ubuntu/+source/procps/+bug/176125
on adb:" echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr" but i get the erro:
"cannot create /proc/sys/net/ipv6/conf/all/use_tempaddr: directory nonexistent"
I made a textfile in windows and named it "use_tempaddr" and wrote "2" in the textfile. Removed the *.txt extension and copied it to /mnt/sdcard on my GalaxyS.
Then I made "busybox cp /mnt/sdcard/use_tempaddr /proc/sys/net/ipv6/conf/all/use_tempaddr" but I get the error: "cp: can't create '/proc/sys/net/ipv6/conf/all/use_tempaddr': No such file or directory"
Pls, help me how to get that file working.

You could use a sysctl.conf in /system/etc, just follow the steps here:
http://forum.xda-developers.com/showthread.php?t=814463
Very simple

failed to copy 'sysctl.conf' to '/system/etc/sysctl.conf': Permission denied
Why?
Can I do "adb shell" instead, then "su" to have access? But what is the command from inside adb shell instead of adb push?
EDIT: I pushed it to /mnt/sdcard but I can't copy it to /system/etc with Astro, the paste option is grayed out
EDIT2: Ok it worked. I downloaded "super manager" from the android market, and activated the root (rights) function of super manager.
Edit3: But going to for example http://test-ipv6.com on my Android device does show the MAC in the ipv6 address. So it didn't work
EDIT4: Another thing is, the Android Browser of Android 2.2 seems to only support ipv4

Polarfuchs said:
failed to copy 'sysctl.conf' to '/system/etc/sysctl.conf': Permission denied
Why?
Can I do "adb shell" instead, then "su" to have access? But what is the command from inside adb shell instead of adb push?
EDIT: I pushed it to /mnt/sdcard but I can't copy it to /system/etc with Astro, the paste option is grayed out
EDIT2: Ok it worked. I downloaded "super manager" from the android market, and activated the root (rights) function of super manager.
Edit3: But going to for example http://test-ipv6.com on my Android device does show the MAC in the ipv6 address. So it didn't work
Click to expand...
Click to collapse
You need root to modify the system partition.
Did you "sysctl -p" after the transfer? If not, open a terminal on your phone (or adb, whichever you prefer), and type that. The command should output the contents of your sysctl.conf
If that is successful, reboot, then try the website again.

If I enter sysctl -p it says sysctl:not found
if I enter sysctl.conf -p it says sysctl.conf: not found
But when I cd to /system/etc and do "ls" i can see the sysctl.conf file is present.
btw: I'm rooted.

Polarfuchs said:
If I enter sysctl -p it says sysctl:not found
if I enter sysctl.conf -p it says sysctl.conf: not found
But when I cd to /system/etc and do "ls" i can see the sysctl.conf file is present.
btw: I'm rooted.
Click to expand...
Click to collapse
Try:
Code:
busybox sysctl -p
Usually the update-script used to install roms will symlink this for you, but in this case, it's just one extra word lol.

Code:
$ export PATH=/data/local/bin:$PATH
$su
# busybox sysctl -p
sysctl: error: 'net.ipv6.conf.all.use_tempaddr' is an unknown key
#
hm.....

That's the extent of my knowledge sorry to say. Not too familiar with all of this
I hope someone can solve your issue!

Just for a sanity check, you could try looking at what is allowable in the context of your dinc: // I only looked at eth0, you can look at whatever you like using enough terms to get you into the neighborhood.
(from adb)
bash-3.2# sysctl -A | grep "net.ipv6.conf.eth0."
sysctl -A | grep "net.ipv6.conf.eth0."
sysctl: error reading key 'net.ipv4.route.flush': Permission denied
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.hop_limit = 64
net.ipv6.conf.eth0.mtu = 1500
net.ipv6.conf.eth0.accept_ra = 1
net.ipv6.conf.eth0.accept_redirects = 1
net.ipv6.conf.eth0.autoconf = 1
net.ipv6.conf.eth0.dad_transmits = 1
net.ipv6.conf.eth0.router_solicitations = 3
net.ipv6.conf.eth0.router_solicitation_interval = 4
net.ipv6.conf.eth0.router_solicitation_delay = 1
net.ipv6.conf.eth0.force_mld_version = 0
net.ipv6.conf.eth0.use_tempaddr = 0
net.ipv6.conf.eth0.temp_valid_lft = 604800
net.ipv6.conf.eth0.temp_prefered_lft = 86400
net.ipv6.conf.eth0.regen_max_retry = 5
net.ipv6.conf.eth0.max_desync_factor = 600
net.ipv6.conf.eth0.max_addresses = 16
net.ipv6.conf.eth0.accept_ra_defrtr = 1
net.ipv6.conf.eth0.accept_ra_pinfo = 1
net.ipv6.conf.eth0.accept_ra_rtr_pref = 1
net.ipv6.conf.eth0.router_probe_interval = 60
net.ipv6.conf.eth0.proxy_ndp = 0
net.ipv6.conf.eth0.accept_source_route = 0
net.ipv6.conf.eth0.optimistic_dad = 0
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.eth0.accept_dad = 1
sysctl: error reading key 'net.ipv6.route.flush': Permission denied
bash-3.2#
So, maybe this line is of interest::
net.ipv6.conf.eth0.use_tempaddr = 0
-- I could echo 1 into the /proc FS spot you were trying to, as well as setting tempaddr=2. I am just guessing that some of the kernels aren't using built in ipv6, so maybe you've got to load the module? "modprobe ipv6"?
I'm also guessing you've tested something easy like "# ping6 -c 4 ::1" just to be sure ipv6 is alive at all.
Just some thoughts - Hashi

ping6 does show that:
Code:
$ export PATH=/data/local/bin:$PATH
$su
# ping6 -c 4 ::1
ping6: not found
# busybox ping6 -c 4 ::1
PING ::1 (::1): 56 data bytes
64 bytes from ::1: seq=0 ttl=64 time=0.191 ms
64 bytes from ::1: seq=1 ttl=64 time=0.924 ms
64 bytes from ::1: seq=2 ttl=64 time=0.968 ms
64 bytes from ::1: seq=3 ttl=64 time=0.198 ms
--- ::1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.191/0.570/0.968 ms
#
grep doesn't exist on the phone:
Code:
export PATH=/data/local/bin:$PATH
$ $su
# busybox sysctl -a | grep "net.ipv6.conf"
grep: not found
sysctl: error reading key 'net.ipv4.route.flush': Permission denied
sysctl: error reading key 'net.ipv6.route.flush': Permission denied
#
And modprobe ipv6 gives:
Code:
export PATH=/system/xbin:$PATH
$ $busybox modprobe ipv6
modprobe: chdir(2.6.32.9): No such file or directory
$
EDIT: "lsmod" doesn't show ipv6
and "insmod ipv6" says "can't open 'ipv6'"

Just a couple things since I've got to run now:
1) No grep on phone: I think it's just another bit of busybox. If you type in busybox and <enter>, then you should see a huge list of verbs / cmds, and you can use "busybox" <verb> (or for grep busybox grep) instead of grep.
2) modprobe ipv6 fails:: I hadn't really studied android much yet, so now I see that ipv6 is most often compiled into the kernel, not a module, so my mistake. It is unlikely to be module except on some early kernel or if someone really wanted it to be.
3) ping6 ::1 returns, is a good, but very embryonic good sign.
4) What are you after? Stateless configuration (DHCP for IPv6 only unique?). Have you had IPv6 working after any fashion (say with a "2001::xxxx:yyyy::z" homebrewed unique address working at all yet? Another thing: Are you behind some IPv6 unfriendly firewall or are you using 3g? If you're on wifi and say, behind an ATT UVerse setup, you are going to have use 6to4 tunnel to get anywhere. (hey, what's another 30 ms? )
--- I'm an IPv6 fan, but only really know configuring it on Cisco routers and true linux boxes thus far. -----
If you're in what maybe is the best of worlds on wifi over a dd-wrt setup, then try to configure an IPv6 tunnel on the firewall on the Outside and see if you can hit that with IPv6. Gotta start somewhere.
Hashi

I use a AVM Fritzbox 7240 with freetz image.
My ISP doesn't use IPv6 yet but the fritzbox router automatically negotiates if 6to4 is necessary. And because my ISP still has no ipv6 the router uses 6to4.
Another setting in the router config is, that the router addresses 'unique local addresses' to the network device as far as no ipv6 connection is present.
That setting can be changed too.
I'm not a professional network administrator, but I wanted to test ipv6 for the router. And I want to use the privacy extensions on android, because without them the MAC is shown on for example www.test-ipv6.com. Ipv6 does work on android but without privacy extensions at default.
Ah yes, I connect my android device via wifi to the router.
So, if ipv6 is built into the kernel, is there a via to set the use_tempaddr setting? Maybe via a file like rc.custom or how these files are called that load things at boot up.

Polarfuchs said:
I use a AVM Fritzbox 7240 with freetz image.
My ISP doesn't use IPv6 yet but the fritzbox router automatically negotiates if 6to4 is necessary. And because my ISP still has no ipv6 the router uses 6to4.
Another setting in the router config is, that the router addresses 'unique local addresses' to the network device as far as no ipv6 connection is present.
That setting can be changed too.
I'm not a professional network administrator, but I wanted to test ipv6 for the router. And I want to use the privacy extensions on android, because without them the MAC is shown on for example www.test-ipv6.com. Ipv6 does work on android but without privacy extensions at default.
Ah yes, I connect my android device via wifi to the router.
So, if ipv6 is built into the kernel, is there a via to set the use_tempaddr setting? Maybe via a file like rc.custom or how these files are called that load things at boot up.
Click to expand...
Click to collapse
OK: It sounds like you made a lot more progress than me on the droid if you got it working with any outside site with IPv6. One thing I notice is that although it "appears" I can set use_tempaddr, I then realized that no matter what I type in, it is usually echoed back to me on the command line, so that I have no idea if it was really set. I'm too new to the Dinc to know what it'll do and won't re ipv6.
It turns out I wasn't setting it using sysctl, but I was able to echo 2 > /proc/*/.../use_tempaddr, and that would show up in a 'cat /proc/*' statement. I don't think it actually is working on my ROM or that I haven't yet figured out how to transform the linux statements I'm comfortable with into the watered down droid busybox equivalents. I'm really not seeing much indication other than a few little hopeful things, that ipv6 is fully enough supported on my rev of software to get anywhere.
However, now I'm pretty interested in this and will be working on an ipv6 setup (just got an actual /48 block at work) so will be keeping this in mind.
I'm curious now to know what series of statements you used to get far enough to hit www.test-ipv6.com with ping6? (or did I get that wrong?)
There is a bug filed in the google codebase that implies that ipv6 just isn't working yet, but it looks fairly old. It may be pre-2.2. It is an enhancement request that is still alive and asking for ipv6 support in android, so I'm really interested in what you did before to get it working.
By the way, my results from test-ipv6.com are pretty bleak. 10/10 for ipv4 and 0/14 (I'm forgetting the exact numbers). That was after a lot of setup and attempting to do this the way I'd do a linux box. I do believe it's in the kernel, and sysctl -a seems to bear that out.
I did manage to figure out how to make a dinc kernel tonight, so I can get a better look now at the ipv6.c code and make sure it's in the config. This little linux box is really confusing me right now
Thanks -- Hashi

I didn't do much.
I have android 2.2 which already supports ipv6 but no privacy extensions.
ipv6 worked from the start.
Ipv6 does show me a 7/10 on my win7 pc.
But with my galaxy S android device it shows 0 or 2 (I don't remember)
I think the installed browser of android 2.2 doesn't support ipv6 yet.
I have made screenshots to compare ipv6 on win7 and on the android device via wifi.
Do you think the results for my android device on test.ipv6.com appear like that, because the browser doesn't show ipv6 sites, or do the results mean that I have an ipv6 address through 6to4 but my android device doesn't accept ipv6 yet?

Polarfuchs said:
I didn't do much.
I have android 2.2 which already supports ipv6 but no privacy extensions.
ipv6 worked from the start.
Ipv6 does show me a 7/10 on my win7 pc.
But with my galaxy S android device it shows 0 or 2 (I don't remember)
I think the installed browser of android 2.2 doesn't support ipv6 yet.
I have made screenshots to compare ipv6 on win7 and on the android device via wifi.
Do you think the results for my android device on test.ipv6.com appear like that, because the browser doesn't show ipv6 sites, or do the results mean that I have an ipv6 address through 6to4 but my android device doesn't accept ipv6 yet?
Click to expand...
Click to collapse
I'll look around for the write-up(s) I found over the last day or two about various androids and ipv6, and they'll perhaps answer some of your questions, like the browser. This is the gist of what I got from reading.
Some 2.2+ androids support (marginally) the ipv6 stack, tunneled AND dual-stack. A couple people can get 'outside' using ipv6, and a couple more can 'browse' ipv6-only websites. The browser isn't the problem. At some low level on my Incredible, the stack doesn't "see" ipv6 addresses as "valid". I think that means it just has some holes left in it. You've got a 'newer' device (Samsung), so this may have been improved.
My scores are 10/10, ipv4, and 0/24? ipv6, and from a 0 score there's nothing it can tell you of use. It just doesn't work. Yours looks very promising.
One thing I'm wondering about is whether I've got a version of busybox that is sadly lacking in ipv6 functionality. All the network applets come out of that single executable. I've got busybox 1.16.0, and am curious which you've got. I could change busybox's version easily, in fact you can go to busybox.net, get source, fix it up, use toolchains and build it.
Also, life is easier if you just install it (./busybox --install .) since it'll make a symlink for each function in whatever folder it was in (like /system/xbin is pretty empty and on my path).
Let us know when you get it running. I'll do the same. Another thing missing in mine is ipv6 DNS. I have ipv6 DNS setup at work, and if I point it to that DNS server using "setprop x.y.sit1.DNS.*" (sorry, don't recall the exact setup procedure), than it still will not resolve ipv6 addresses. Nslookup (type=AAAA) doesn't work correctly either. Mine is heavily hacked stock 2.2 with a custom kernel. I just blew all the 'sense' layer away for the sake of battery life.
-- H

I use a cooked rom, not the official samsung 2.2
It has had busybox 1.16 installed.
But I went to the market and installed the app "BusyBox Installer" which then installed BusyBox 1.17.1 for me.

Sorry for not subscribing to my own thread, I had this problem licked back in January....at least on my Droid Inc. The problem is that /system is mounted as read-only. You need to remount with RW permissions and then copy or vi sysctl.conf to /system/etc/

skyblaster said:
Sorry for not subscribing to my own thread, I had this problem licked back in January....at least on my Droid Inc. The problem is that /system is mounted as read-only. You need to remount with RW permissions and then copy or vi sysctl.conf to /system/etc/
Click to expand...
Click to collapse
Thanks for checking back. I'd still like to get this working on my own Inc. The case I'm most interested in is probably using 3g rather than wifi. Do you have an idea whether the Verizon 3g supports ipv6? I know we should be able to get it working in , for example, a dd-wrt flashed router, but it would be nice to be able to use ipv6 when there's no handy wifi.
Thanks - Hashi

Thx for the feedback.
I remounted system rw (can be done easily with "SGS Toolbox", or manually)
Ifconfig shows as long as wifi is turned on, there is an interface called eth0.
I added to the sysctl.conf this: "net.ipv6.conf.eth0.use_tempaddr=2"
I rebooted and ifconfig shows an ipv4 and ipv6 address.
But www.test-ipv6.com shows 0/10 at the ipv6 rating.
EDIT: Does /system have to be kept rw or can I change it to Read-only after placing the sysctl.conf?

Related

get-a-robot-vpnc help

I have been trying to get the get-a-robot-vpnc (http://code.google.com/p/get-a-robot-vpnc/) package to work on my HTC Vogue for some time. I am currently running the eclair 2.1 mssmision build.
I have gotten pretty far I think.. but need some help. Here are the steps that I have followed up until now.
1. Compile tun.ko module for Vogue
I followed these instructions to get the vogue kernel locally: http://www.androidonhtc.com/get_involved
After step 5 in that list, make sure to select the "Device Drivers->Network Device Support->Universal TUN/TAP device driver support" (select as M for kernel module)
After step 6, build the kernel modules: "make modules ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabi-"
2. Put tun.ko onto the vogue permanently
Set the /system partition writable
Code:
adb -d shell
#su
#mount -o remount,rw /system
In a different terminal, push the tun.ko over to the /system/lib/modules dir
Code:
adb -d push ~/android-kernel/kernel/drivers/net/tun.ko /system/lib/modules
Back in the first terminal, set the system volume to read only again.
Code:
#mount -o remount,ro /system
3. Install the latest get-a-robot-vpnc package
Download from website and push to device:
Code:
adb -d install VPN_Connections_v097.apk
It is installed to /data/data/org.codeandroid.vpnc_frontend directory.
I put in the correct settings to connect to my companies vpn. (These same settings work perfectly on my ubuntu machine)
When I run the program I see on logcat:
Code:
D/VPN_Connections( 658): Password is numeric
D/VPN_Connections( 658): password **********
D/VPN_Connections( 658): done interacting with vpnc
D/VPN_Connections( 658): process stderr:
D/VPN_Connections( 658):
D/VPN_Connections( 658): Attempt to read vpnc process id did not return anything
D/VPN_Connections( 658): process had died, return as failed connection
But when i shell into the phone I see the process running:
Code:
/ # ps | grep vpnc
658 10049 107m S org.codeandroid.vpnc_frontend
710 0 1300 S /data/data/org.codeandroid.vpnc_frontend/files/vpnc -
At this point the network is hosed and in order to get it back I have to reboot.
Trying it manually
In order to see what is happening with vpnc, I shell into the phone and run the program manually.
First I need to ensure the tun.ko is loaded:
Code:
#su
#insmod /system/lib/modules/tun.ko
You can see the command string for vpnc in the /data/data/org.codeandroid.vpnc_frontend/files/lastConnection.txt file.
I run this command:
Code:
/data/data/org.codeandroid.vpnc_frontend/files/vpnc --script /data/data/org.codeandroid.vpnc_frontend/files/vpnc-script --no-detach --debug 1
Enter the correct vpn data and see this output: (i cut out my company specific info and ip addresses)
Code:
vpnc version ERSION
IKE SA selected psk+xauth-3des-md5
NAT status: NAT-T VID seen, no NAT device detected
IKE SA selected psk+xauth-3des-md5
NAT status: NAT-T VID seen, no NAT device detected
Enter Username and Password.
Banner: Welcome <cut> Remote Access User.
got address <xxx.xxx.xxx.xxx>
Connect Banner:
| Welcome <cut> Remote Access User.
backing up dns and resolve.conf
vpnc-script ran to completion
IPSEC SA selected aes128-sha1
VPNC started in foreground...
vpnc[582]: can't open pidfile /var/run/vpnc/pid for writing
At this point I seem to be connected.. but can't actually ping anything on my company network, or get to any websites.
I am not very strong with networking.. so I feel that maybe the routes are not being setup properly.. but I don't know:
Here is my routing table after the connection (took out company ip)
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
68.28.145.85 * 255.255.255.255 UH 0 0 0 ppp0
xxx.xxx.xxx.xx 68.28.145.85 255.255.255.255 UGH 0 0 0 ppp0
default * 0.0.0.0 U 0 0 0 tun0
Any help would be appreciated.
Hey - I posted a response in the vpnc thread:
http://forum.xda-developers.com/showpost.php?p=5625056&postcount=109
Also, to amend - if you try it manually again, try this:
/data/data/org.codeandroid.vpnc_frontend/files/vpnc --script /data/data/org.codeandroid.vpnc_frontend/files/vpnc-script --no-detach --natt-mode cisco-udp --debug 1

[How-To] Enable internet web access through proxy servers

I have found that you can enable www access through a proxy server by inserting new iptables rules in Android. I have used it successfully to browse internet throughput the wifi at my office, it should be the same for school networks with proxy servers as well.
Requirements:
Root access
Kernel with iptable and netfilter support
Known working kernels:
Doomkernel v10
Have been tested on .368 firmware and Doomkernel v10, all iptable and netfilter modules are included in his kernel.
1. Open a terminal emulator or use a scripting app, I have been using ScriptManager.
2. Add iptables entry, root access is needed to manipulate the iptables.
Replace ip address and port in the --to parameter to match your own proxy server address
$ su
# iptables -t nat -A OUTPUT -p tcp -o wlan0 -d internal.ericsson.com -j ACCEPT
# iptables -t nat -A OUTPUT -p tcp -o wlan0 --dport 80 -j DNAT --to 153.140.40.150:3132
# iptables -t nat -L (to list newly added rule)
All apps will now connect to the proxy when accessing port 80
To remove iptables:
$ su
# iptables -t nat -F OUTPUT
You might see several error messages, they can be ignored
modprobe: module 'ip_tables' not found
getsocket for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
Please let me know if you know how to improve the ruleset and if other kernels are working as well.
Updated ruleset:
Have added additional rule to configure iptales to bypass proxy for intranet web addresses, it would otherwise try to open up intranet web pages trough the proxy server.
The easy way
http://forum.xda-developers.com/showthread.php?t=766569
w1000i said:
The easy way
http://forum.xda-developers.com/showthread.php?t=766569
Click to expand...
Click to collapse
Thanks for the url, have you tried it? Might give it a try but is sounds like it is just a frontend to manipulating the iptables, I prefer to change it myselft, that gives full flexibility to do whatever I wish with the iptables
Did give DroidProxy a try from the android marked but it did not seem to work which is why I started to setup the proxy manually in iptables.
---------- Post added at 10:08 AM ---------- Previous post was at 09:43 AM ----------
w1000i said:
The easy way
http://forum.xda-developers.com/showthread.php?t=766569
Click to expand...
Click to collapse
Found out that, the transporxy project has been discontinued and replaced with autoproxy which according to the forum members should work very well.
http://forum.xda-developers.com/showthread.php?t=1083284
It should work as long as multiports are not used as this is not included in Doomkernel v10. This only mean that you will have to add a seperate rule for each port you wish to forward ie. one for port 80 and one for port 443 instead of having both included in the same rule.

[Q] OpenVPN on Droid3?

I want to setup OpenVPN on my device, but the installer is saying that it needs a TAP/TUN module. After doing some research it looks like it's tun.ko that I'm looking for, but I'm not that famaliar with the android devices (this is my first droid, had it for about a month now) and would like some help or recommendations
I'm actually running an Bell branded XT860.
tun/tap is built in D3 stock kernel, so you need no module tun.ko.
Which OpenVPN Installer did you try? The app from the market? It worked fine for me, only shortcoming is the openvpn binary seems to have a bug on D3, the built-in route and ifconfig commands do not work. But no big deal for me, since I use a start script anyway and add these commands to this script.
Can you elaborate how your using the startup scripts? I'm using OpenVPN on CM7 on another device and it works well. My D3 is getting shipped to me and I'd like to also get OpenVPN running on it.
Thanks
How detailled do you need it? I can show you what I did, but you need some Linux / OpenVPN skills to alter it for your needs. Unfortunately, I currently don't have the time to write a failsave HowTo. But if you have further questions, feel free to ask.
1. remount /system read-write
2. mkdir -p /system/scripts/openvpn and copy your OpenVPN configfiles there
3. Create script /system/scripts/ovpn.sh:
#! /system/bin/sh
openvpn --cd /system/scripts/openvpn --config openvpn.conf --daemon
sleep 1
ifconfig tun0 172.31.254.10 pointopoint 172.31.254.9
/system/sbin/route add -net 10.0.0.0/8 dev tun0
exit 0
4. Make a widget with app Script Manager
5. remount /system read-only
EDIT: What I missed to mention before: I had some MTU problemes. Configuring "mssfix 1200" solved it.
So let me get this right.
I have openvpn settings and the binary installed.
config files are in /sdcard/openvpn/
both the -> swissvpn.ovpn and ca.crt
openvpn binary is in /system/xbin/openvpn
I modified script in /system/scripts/openvpn to read
openvpn.conf to swissvpn.ovpn
--------------------------------------
#! /system/bin/sh
openvpn --cd /system/scripts/openvpn --config swissvpn.ovpn --daemon
sleep 1
ifconfig tun0 172.31.254.10 pointopoint 172.31.254.9
/system/sbin/route add -net 10.0.0.0/8 dev tun0
exit 0
-----------------------------------
saved to /system/scripts/ovpn.sh
Questions
1.) Do I need to point openvpn to the config files in /system/scripts/openvpn or /sdcard/openvpn for it to work?
2.)Will this finally fix the routing problem with the browser not tunneling properly?
3.)Do I need to issue "Load tun kernel module" in "openvpn settings" or is this already solved with the stock kernel?
Regarding your first question, yes you have to, and this isn't your only mistake. You cannot just adopt my ifconfig and route settings.
OK, how could we start? I fear you are using a server-pushed configuration and I further fear this will just not work with this "broken" openvpn binary.
Could you please post your swissvpn.ovpn?
And please do the following, on command line as root:
openvpn --cd /sdcard/openvpn --config swissvpn.ovpn
... and please post the output.
output
-----------------------------------------------
export PATH=/data/local/bin:$PATH
[email protected]_solana:/$ export PATH=/data/local/bin:$PATH
[email protected]_solana:/$ su
[email protected]_solana:/# openvpn --cd /sdcard/openvpn --config swissvpn.ovpn
Tue Oct 11 17:19:08 2011 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb 2 2010
Enter Auth Username:
------------------------------------------
also config file swissvpn.ovpn contents
------------------------------------------
dev tun
client
proto tcp-client
remote connect-openvpn.swissvpn.net 443
ca ca.crt
auth-user-pass
reneg-sec 86400
ns-cert-type server
-----------------------------------------
I messed up on my last post.
I meant the ovpn.sh script is in /system/scripts/
the 2 config files swissvpn.opvn and ca.crt are in /system/scripts/openvpn/
The openvpn binary is in /system/xbin/openvpn/ and was installed by 'OpenVPN Installer' from the Market. "OpenVPN Settings" is the app I'm using to configure all of this.
also if I execute your ovpn.sh in script manager as root it just outputs this
--------------------------------------------
http ://oi51.tinypic.com/2n21vdx. jpg
http ://oi52.tinypic.com/2vw8bbt. jpg
http ://oi54.tinypic.com/c7vck. jpg
http ://oi52.tinypic.com/15hh4au. jpg
--------------------------------------------
You are obviously prompted for a Username. What happens when you type your username (and then password, I guess).
RE:
Well what it says in a message
this is with your script in there
Take note that I had clicked SwissVPN.ovpn
The green checkbox had turn off and displayed this message.
http ://oi52.tinypic.com/2a7cwzl.jpg
OK, it seams my workaround doesn't work for you because your ifconfig and route parameters are pushed by the server. There is more investigation needed, either in a new build of the openvpn binary or another workaround. I'll have a closer look at it, but really cannot promise you a timeline.
I was having your same problem with "FATAL:Linux ifconfig failed:could not execute external program."
There is a fix in this thread http://forum.xda-developers.com/archive/index.php/t-1074492.html
cd /system/xbin
ln -s /system/xbin /system/xbin/bb
this will create a correct link for ifconfig and route commands
Click to expand...
Click to collapse
I've got OpenVPN to connect successfully, yet no traffic routes through VPN.
This thread discusses the issue
http://forum.xda-developers.com/archive/index.php/t-1235954.html
Someone said
I can configure tun0 and the routing table manually and successfully pass traffic through the tunnel.
Click to expand...
Click to collapse
I don't understand the configuration he posted
vpnc work well with cisco vpn
download vpnc from market. works well with cisco vpn.

ssh into the Note over USB

Anyone been able to ssh in through the USB connection?
I've done it with other Android phones, but here when I connect the USB cable, it doesn't even bring up the usb0 interface on my GNU/Linux PC, so don't know what's wrong...
Anyone doing it?
You need usb debugging active in settings. You will use adb shell command, not ssh (at least not without an android ssh server app).
Right, it does seem no android ssh server app is available to work over USB.
I was able to do, after redirecting ports from the local PC to the phone via adb, as per http://forum.xda-developers.com/showpost.php?p=20104928&postcount=71
However, interestingly, I cannot ssh in via wifi, as per symptoms in the above posts, i.e. the Galaxy Note will not initiate the connection, although using the same software on a Motorola Droid 3 will connect, so it must be some peculiar setup about the Note. In the thread many other users, notably it seems of Galaxy2 note the same inability to connect.
Anyone been able to connect through ssh via wifi? What am I missing?
any updates on this? I can't connect as well. I'm using sshdroid.
I gave up on SSH via USB, seems it's messed up under android. Just using the wifi method as per above.
There might be some hope with CM9, using the latest kernel, will see...
I tried using the earlier post by 白い熊 (!) which is basically noed's tip and it working beautifully. I think noed made a typo.
This is how it works for me :
1) Installed busybox/droidsshd
2) Connected to the windows pc which had drivers (kies)
3) Issued adb forward tcp:22 tcp:2222 (this is because droidsshd listens at 2222, when i changed that to 22, it worked also)
4) putty to 127.0.0.1 worked (I enabled root and set password in droidsshd prefernces -> Service and Authentication)
Due to busybox, i could run natural linux commands like ps, grep, find. top also worked showing what application bogging cpu - droidsshd for me
Yeah, the problem with this is the adb part... Running it in a Linux box, after a while adb consumes most of the memory, I have to kill it and restart, the connection gets dropped often too. Just a very poor experience, not the solidity you need for sshfs for instance...
Download a cyanogenmod 7 rom and extract dropbear, dropbearkey and dropbearconvert from the /system/xbin/ directory. Dropbear is a lightweight alternative to sshd. Copy them over to the phone, move them to /system/xbin/ and give them the permissions and ownership they had in the archive.
Generate an ssh key for your desktop if you don't have one already: ssh-keygen -t rsa
Copy the public key to the phone: adb push .ssh/id_rsa.pub /sdcard/authorized_keys
Set up your keys on your phone via adb shell:
mkdir /data/dropbear
chmod 755 /data/dropbear
mkdir /data/dropbear/.ssh
chmod 700 /data/dropbear/.ssh
mv /sdcard/authorized_keys /data/dropbear/.ssh/
chown root.root /data/dropbear/.ssh/authorized_keys
chmod 600 /data/dropbear/.ssh/authorized_keys
dropbearkey -t rsa -f /data/dropbear/dropbear_rsa_host_key
dropbearkey -t dss -f /data/dropbear/dropbear_dss_host_key
Run dropbear on your phone in a terminal or using adb shell: dropbear -s -F -v -p 2222
Connect from your desktop: ssh -i .ssh/id_rsa -p 2222 -l root 127.0.0.1

Custom *.rc (init.rc) scripts with Magisk. (Or running a script at network change.)

Hello, everyone.
In order to avoid an XY problem, I would like to introduce the actual problem first.
I need to run a script each time network changes. Android automatically changes quite a few settings when network changes, and because I need to have some of them set to specific values, I need to tweak them each time something happens.
How would I like to proceed:
There is a sysprop setting that changes each time network changes: sys.radio.cellular.netId.
Naturally, I would like to hook my script to that property change.
Android init system seems to provide such an option: init.rc syntax allows to subscribe to a property change using the
Code:
on property:propname=*
syntax.
Seems easy:
Add a custom_network.rc
Bash:
on property:sys.radio.cellular.netId=*
start custom_network
service custom_network /bin/custom_network.sh
user root
seclabel u:r:magisk:s0
oneshot
Add a file /bin/custom_network.sh:
Bash:
#/system/bin/sh
echo "TODO"
The above is essentially following this guide: https://android.stackexchange.com/q...run-an-executable-on-boot-and-keep-it-running
So, I created a magisk module, added the files above to the $MODDIR/system/etc/init, and $MODDIR/system/bin directories.
Then I added the following lines to the customize.sh:
Bash:
set_perm $MODPATH/system/bin/custom_network.sh 0 0 0755
set_perm $MODPATH/bin/custom_network.sh 0 0 0755
chown 0.0 $MODPATH/system/etc/init/custom_network.rc
chmod 0644 $MODPATH/system/etc/init/custom_network.rc
chcon u:object_r:system_file:s0 $MODPATH/system/etc/init/custom_network.rc
However, this does not work. The service custom_network does not appear in the getprop | grep svc list, and cannot be started with setprop ctl.start "custom_network".
Is it true that in order for _any_ custom rc files, the system boot image must be patched?
If yes, is there a manual how to do so?
If no, then what am I doing wrong here?
Furthermore, if patching the boot image cannot be avoided, is there a manual on how to do this with minimal pain?
On the other hand, is there a way to avoid adding a custom init service entirely, and add a network listener by some other means?
Did you figure it out?
I don't believe init services get a stdout.
You need to write to either /dev/kmsg or logcat.
You can test your service with start custom_network.
You could also listen for uevents:
Code:
s=socket(PF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT);
Although I'm not sure what you're looking for is there.
I was mostly looking for feedback by someone also wanting to patch the init.rc: I'm still trying to understand the cascade of events causing adbd to be started twice in boot, to find and modify the rc script responsible for the first time it's started and use instead a patched adbd
csdvrx said:
I was mostly looking for feedback by someone also wanting to patch the init.rc: I'm still trying to understand the cascade of events causing adbd to be started twice in boot, to find and modify the rc script responsible for the first time it's started and use instead a patched adbd
Click to expand...
Click to collapse
have you figured it out ? i have the same issue , i am trying to create a file at /system/etc/init folder

Categories

Resources