now a day i m in hostle and new to android
in hostle i have to use proxy server over wifi
i have searched but could not find a better solution
if any one using it plzzzzzzzzzzzz help me
have used trans proxy for this there is a requirement for iptables/netfilter and rooted device i have rooted the g1 but i dont know how to use iptables/netfilter
suugest me any rom which gives wifi option in contex menu or support iptables/netfilter
why dont you use encrypted VPN instead?
gyugyujol said:
why dont you use encrypted VPN instead?
Click to expand...
Click to collapse
wht is that how to use it????
well..
it is in the Wireless settings section. i guess you should use L2 IPSec.
briefly: have to set up a VPN server/connection point at home or wherever, and you'll connect to that from anywhere given that there's an open outbound port to the internet where you are currently. than a connection will be built up creating a "tunnel" through which your packets will be transferred to the VPN host where itt could be routed and NAT-ed to the internet unrestricted.
adding IPSec or other methods of encryptions will make your connection secure.
i've never tried it on my phone but since its based on linux it must be the same way as at desktop system.
you should check documents and howtos on the internet and check for apps at Market if the androids builtin is not satisfying!
gyugyujol said:
well..
it is in the Wireless settings section. i guess you should use L2 IPSec.
briefly: have to set up a VPN server/connection point at home or wherever, and you'll connect to that from anywhere given that there's an open outbound port to the internet where you are currently. than a connection will be built up creating a "tunnel" through which your packets will be transferred to the VPN host where itt could be routed and NAT-ed to the internet unrestricted.
adding IPSec or other methods of encryptions will make your connection secure.
i've never tried it on my phone but since its based on linux it must be the same way as at desktop system.
you should check documents and howtos on the internet and check for apps at Market if the androids builtin is not satisfying!
Click to expand...
Click to collapse
i am unble to use that
i dont know how to set all these things
Use Froyo by Laszlo it supports proxy over wifi
PIAF (PBX in a flash) + AWS (Amazon Web Service) EC2
If you are making free GV calls using data, then you probably know that setting up an asterisk server is the best but also quite complicated. Thankfully, it just got a little easier because the PIAF team made the PIAF image available on AWS EC2 (a cloud based virtual machine).
Advantages over other asterisk/pbxes methods:
1. very small audio lag. Amazon servers have less latency than any other servers.
2. Since Amazon hosts your server, you don't pay any electricity cost. FYI, a PC running 24/7 costs about $15-20 a month.
3. The PIAF image (AMI) is already optimized: 1000MHZ + pre-installed asterisk and others. If you have used PIAF before, the whole setup process will take less than 30 minutes to complete.
4. You can create a backup image at any time and restore it later.
Disadvantages:
1. EC2 is only free for the 1st year. See the terms carefully to understand what is truly free. Use http://mikekhristo.com/ec2-ondemand-vs-reserved-instance-savings-calculator/ to estimate the cost after the 1st year. After the 1st free year is up, you can port the image to another AWS account.
2. Added security risk. Since EC2 is not in your network, it needs to open 22 (SSH), 80 (WEB) ports for you to access the server to configure. To overcome this issue, restrict who can gain access by known IP addresses from AWS.
3. In addition to some linux knowledge (PIAF runs on CentOS), you also need to learn how AWS works. Personally, I consider this as a plus.
Instructions (estimated minutes to complete in parenthesis, if you have used PIAF before):
1. Launch PIAF image in AWS EC2. (10 minutes)
Detailed instruction: http://nerdvittles.com/?p=5060
updated: there are 2 versions of PIAF: purple uses asterisk 1.8 and green uses asterisk 11 (beta). I am using PIAF-Green which supports silk codec.
2. Configure PIAF using Web GUI. (10 minutes)
Once PIAF is up and running, from your web browser, enter the Elastic IP address (given by AWS) to access web GUI.
2.1. Settings>Asterisk SIP settings>NAT settings. Click "Auto Configure" It will fill out the IP addresses. If you reboot, localnet address may change. You may use "10.0.0.0/8" instead.
* Whenever you make a change in Web GUI, scroll down and click submit. Then "Apply Config" red button will appear at the top. Click it occasionally to reload newly submitted configurations.
2.2. Settings>Asterisk SIP settings>Audio codecs. Select the codecs and reorder. (SILK codec will not show up here.)
2.3. Applications>Extensions. Add new SIP extensions. User extension and the secret are the username and the password you will use in your sip client to register with PIAF. Select nat=yes.
2.4. Other>Google Voice. Fill out your GV information. Asterisk must be restarted to take it into effect. In Web GUI, Admin>Asterisk CLI, execute "core restart gracefully" Once restarted, you can start making outbound GV calls from a registered phone. (Alternatively, you can use "simonics GVGW" service and add it as a sip trunk.)
2.5. Connectivity>Inbound routes. Add your GV number as DID number. Scroll down and set destination as your extension you created in #2.3.
2.6. From Google Voice webpage, confirm that Google Voice forwards all the incoming calls to gchat.
2.7. Register your sip client (such as csipsimple) with your PIAF server. The server address is the "elastic IP" address assigned by AWS.
Test in/out calls before going to the next step.
3. (optional) Add G729 codec. (5 minutes) (See post #2 for adding silk codec, which I'm now using for both wifi/3g.)
G729 codec is one of the best codecs for mobile connection. SSH to your PIAF EC2. In linux CLI, execute
Code:
cd /usr/lib/asterisk/modules
wget http://asterisk.hosting.lv/bin/codec_g729-ast18-icc-glibc-x86_64-core2.so
amportal restart
To check whether you added G729 properly, execute in asterisk CLI
Code:
core show translation recalc 100
Look for G729 line and check they are not blanks.
Source: http://asterisk.hosting.lv/
4. (optional) Enable TCP transport to save phone battery. (5 minutes)
In my informal testing, TCP battery consumption is half of UDP's.
From Web GUI, asterisk SIP settings>Other SIP settings, add the following 2 lines.
Code:
tcpenable = yes
tcpbindaddr = 0.0.0.0
Go Applications>Extensions and change transport to "TCP."
Next, you need to open TCP port 5060 in both EC2 and linux. For EC2, modify the security group. For linux, SSH to your PIAF
Code:
nano /etc/sysconfig/iptables
add the following line and save (ctrl-o) and exit (ctrl-x).
Code:
iptables -A INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
restart iptables in linux CLI
Code:
service iptables restart
Use TCP transport in your sip client to connect to PIAF.
Tips/Tricks and Troubleshooting will be in the next posts.
If you couldn't understand the installation steps, check out a fellow's post. He provided several installation tips. http://forum.xda-developers.com/showpost.php?p=41412908&postcount=184
Tips/Tricks
Tips/Tricks
1. Use ring group to ring all the extensions, if you have multiple sip phones.
2. Add more GV numbers
My family have 3 GV numbers + 6 phones. I added all 3 gtalk trunks to PIAF. OTOH, pbxes doesn't allow you to add more than 1 gtalk trunk. Since all 6 phones are in the same PBX, I can call my wife's phone by her extension number (or her ring group) instead of her GV number. If you do this, you need to modify outbound routes such that certain extensions use specific GV trunk. Otherwise, all the phones will use the first GV trunk to make outgoing calls and display the same CID.
3. Call forward to external phones.
In the ring group, you can have PIAF call regular phone number such as your cell phone. Just list the phone number followed by #. One problem is gtalk trunk doesn't allow CID spoofing so the external phone will show your GV# as CID.
4. Delayed call forwarding
Create 2 ring groups and put the number for delay in the 2nd group. Set 1st ring group's destination if no answer as the 2nd group and specify the ring time. I do this for my office phone because it goes to voicemail in 20 seconds (before GV voicemail answers). Now my office phone starts ringing after 7 seconds so it will never answer before GV voicemail does. You can also use this strategy with your cell phone such that your cell number rings after you have a chance to answer internet calls.
5. Secure your PIAF
If you followed pbxinaflash.com guide, then you opened port 80 and 22 to the world. Hackers can brute force using username = root. You should limit who can access these ports by IP address. Additionally, you can disable root SSH login and create a sudoer.
http://www.howtogeek.com/howto/linux/security-tip-disable-root-ssh-login-on-linux/
http://wiki.centos.org/TipsAndTricks/BecomingRoot
6. Add SILK codec
If you are on PIAF-green (asterisk 11), then you can add SILK codec. This is the codec that Skype uses so you may get the same excellent quality as Skype. From linux CLI,
Code:
wget http://downloads.digium.com/pub/telephony/codec_silk/asterisk-11.0/x86-64/codec_silk-11.0_1.0.0-core2_64.tar.gz
tar -zxvf codec_silk-11.0_1.0.0-core2_64.tar.gz
cd codec_silk-11.0_1.0.0-core2_64
cp codec_silk.so /usr/lib/asterisk/modules/codec_silk.so
Restart asterisk and from asterisk CLI, core show codecs and confirm that 4 silk codecs (silk8, silk12, silk16, silk24) are added. If not, read http://forum.xda-developers.com/showpost.php?p=38398737&postcount=71.
To use SILK codec, From extension, set
disallow=all
allow=silk12
7. Eliminate echo
ryuker has posted a method to eliminate the echo.
http://forum.xda-developers.com/showpost.php?p=42740388&postcount=306
Troubleshooting
There are many many reasons why GV calling fails. This means you will probably not get any help, unless you provide more information such as asterisk log. If you want to troubleshoot by yourself, try these first.
1. csip / piaf registration: Try a different sip client or use UDP connection.
2. GV: See whether you can make GV calls using GrooveIP. GV calling may not work for new accounts until you initiate a call from gmail.
3. Restart asterisk. If you add a GV trunk, it must be restarted to take into effect.
2. piaf / GV link: Add simonics GVGW as a sip trunk. https://simonics.com/gvgw/
If you have been following my iLBC thread, then here's a comparison between the 2 methods (PIAF vs iLBC, hereafter).
1. PIAF supports more codecs such as G722 and G729.
2. Less latency issue because of less call routing. PIAF route: caller>GV>PIAF>phone. iLBC method involves caller>GV>callcentric>pbxes>phone.
3. You can add more than 1 GV trunk w/ PIAF. pbxes only allows 1. This is handy, if your family use several GV numbers.
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
Good discussion, I was running it on my raspberry pi until I repurposed it for a media center. I may have to look at it again, please post your setup once you have things working....
Thanks
Sent from my Nexus 7 using Tapatalk HD
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
acegolfer said:
Here's basically what I did so far.
1. Follow nerdvittle's guide (link in OP) to install IncrediblePBX on my home PC.
2. Enable TCP and changed TCP signaling port from default 5060.
3. In router, forward signaling port and RTP ports (10000-20000) to PBX.
4. Use csipsimple as Android sip client.
I understand it's too brief. Once I am completely satisfied with my setup, I'll write a detailed instruction.
If you have 0 clue about what these mean, then I'm afraid you should look for an alternative setup such as GrooveIP or http://forum.xda-developers.com/showthread.php?t=2057887
If you have been following my iLBC thread, then here's a comparison between the 2 methods (PIAF vs iLBC, hereafter).
1. PIAF gives you more codec options such as G722 and G729.
2. Less latency issue because of less call routing. If you are at home, it's caller>GV>PBX=phone. iLBC method involves caller>GV>callcentric>pbxes>phone.
3. Hangup issues when ending a call with csip/TCP/3g/SPI firewall combination. If I change one of these 4, I can end a call normally.
Click to expand...
Click to collapse
I had tried a setup and got through all the nerdvittles guides setting up piaf purple with travelinman 3. Everything worked great with csipsimple when I was on WiFi. As soon as I disconnected from wifi and got on the cell network I could not connect. I ensured my phone ip was in the iptables and all the proper ports were forwarded through the router. I used dyndns for both my router and phone to ensure that ip tables had the right ip addresses. Never figured out the problem. If anyone has any ideas for what the problem could be I'll give it another try.
Sent from my Nexus 4 using xda premium
whahn1983 said:
I had tried a setup and got through all the nerdvittles guides setting up piaf purple with travelinman 3. Everything worked great with csipsimple when I was on WiFi. As soon as I disconnected from wifi and got on the cell network I could not connect. I ensured my phone ip was in the iptables and all the proper ports were forwarded through the router. I used dyndns for both my router and phone to ensure that ip tables had the right ip addresses. Never figured out the problem. If anyone has any ideas for what the problem could be I'll give it another try.
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
I think using dyndns for your phone is pointless and can actually pose a great security risk. If you are on Tmobile 3g, your phone is behind NAT. This means the IP of your phone actually belongs to the Tmo's router and not unique to your phone.
So including that IP address in iptables is a huge security risk. All the Tmo phones sharing the same IP address with your phone will have full access to your PBX.
The biggest challenge that you are facing is the fact that both your PBX and your phone are behind 2 different NATs. I know it's crazy. My guess is NAT settings. In nerdvittle's guide, there's an instruction on how to give access to remote clients. In addition, here is another good guide: http://www.freepbx.org/support/documentation/howtos/howto-setup-a-remote-sip-extension
Here are the instructions on how to enable TCP and change TCP port from default 5060 to something other such as 5055.
1. Settings>Asterisk SIP settings>Other SIP settings
tcpenable = yes
tcpbindaddr = 0.0.0.0:5055
2. Applications>Extensions>your extension, transport = TCP only.
3. From your router, port forward 5055 to PBX machine.
4. From PBX linux command, adjust firewall settings
iptables -A INPUT -p tcp -m tcp –dport 5055 -j ACCEPT
(You can also do this from PIAF linux webmin.)
5. From sip clients, server/proxy = your IP:5055.
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
acegolfer said:
I think using dyndns for your phone is pointless and can actually pose a great security risk. If you are on Tmobile 3g, your phone is behind NAT. This means the IP of your phone actually belongs to the Tmo's router and not unique to your phone.
So including that IP address in iptables is a huge security risk. All the Tmo phones sharing the same IP address with your phone will have full access to your PBX.
The biggest challenge that you need to solve is both your PBX and your phones are behind 2 different NATs. I know it's crazy.
Click to expand...
Click to collapse
Yea that sounds like a big problem. The sad thing is when I am on my piaf network the voice quality is pristine. It actually works great but most of my calling is done away from home. I ended up switching off of the tmo $30 plan and onto straight talk tmo until I figure out a better solution. I've tried everything out there from pbxes to groove, almost every available codec and app combo. Just too many complaints from callers about quality and 100 minutes is not enough lol.
Sent from my Nexus 4 using xda premium
You can eliminate almost all risks by using Travelin' man; which is basically an IP whitelist. You can read about it over at nerdvittles. That being said, I've been lucky, and I haven't had any attacks on my personal PIAF server. I have banned all of Asia, and Russia using IP tables, and I'm sure that's helped. All ports are closed behind my firewall except for 5060, and a few for RTP. It is also a good idea to run "update-programs" and then "update-fixes" via the CLI periodically. This will install crucial patches.
Another issue that I found.
Can't use G722 codec over TCP when registered remotely. G722 works if UDP or within LAN.
Not sure whether this is a csip specific issue because I don't know other free sip clients with G722 codec.
acegolfer said:
Another issue that I found.
Can't use G722 codec over TCP when registered remotely. G722 works if UDP or within LAN.
Not sure whether this is a csip specific issue because I don't know other free sip clients with G722 codec.
Click to expand...
Click to collapse
Post your issue on the CSipSimple Google Code page. The dev is normally very helpful. Also, I would look through the Asterisk log to see exactly what's going on. You can do this via FreePBX or you can go to to your server's CLI, and type "asterisk -rvvv" This will give you a debug CLI. Then try to place a call using G722, and view the results. If you post over at the PIAF forums, you will probably need a log, or you may be ignored.
Why not just use a TCP VPN (like Open VPN) to get back to your house, and then run this like you are on your LAN with UDP?
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
bluespire said:
Why not just use a TCP VPN (like Open VPN) to get back to your house, and then run this like you are on your LAN with UDP?
Click to expand...
Click to collapse
That is an interesting approach. Provided there is no data lag it may work.
Sent from my Nexus 4 using xda premium
whahn1983 said:
That is an interesting approach. Provided there is no data lag it may work.
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
Yeah, I always kept wondering why no one mentioned it as a solution. I don't know if it will solve the battery problem, as that may still be problem with using UDP itself. I suppose changing the timeout on UDP to something really high would work, since the VPN will maintain the TCP connection. On the other hand, you could also run the VPN on UDP, and I would bet that it would be better at staying connected than trusting CSS to keep its connection.
What the VPN does do really well, is eliminate all issue of allowing the PBX to face the internet. Just force it to accept connection only on its VPN port, and require a key file. Done.
You should update the thread. TCP can be used on Asterisk 1.8, and PIAF on 1.8 is very stable.
osi13 said:
You should update the thread. TCP can be used on Asterisk 1.8, and PIAF on 1.8 is very stable.
Click to expand...
Click to collapse
I didn't say TCP cannot be used in 1.8 in OP. In fact, I have no doubt asterisk 1.8 supports TCP.
I was stating your guide wasn't written for TCP. Let me know if you have updated your guide with TCP.
If there's no hangup issues and G722 works with 1.8 when TCP/remote, then I'll ditch 11 in a heartbeat.
bluespire said:
Yeah, I always kept wondering why no one mentioned it as a solution. I don't know if it will solve the battery problem, as that may still be problem with using UDP itself. I suppose changing the timeout on UDP to something really high would work, since the VPN will maintain the TCP connection. On the other hand, you could also run the VPN on UDP, and I would bet that it would be better at staying connected than trusting CSS to keep its connection.
What the VPN does do really well, is eliminate all issue of allowing the PBX to face the internet. Just force it to accept connection only on its VPN port, and require a key file. Done.
Click to expand...
Click to collapse
I haven't had time to test this. But if my understanding of sip technology is correct, VPN will not solve UDP battery drain issue. For example, even if I use UDP within LAN, I have to set KA interval = 40 or qualifyfreq = 60. Otherwise, my phone will lose connection to the sip server until the next registration (which is less frequent than KA intervals).
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
I was using my rpi for awhile on my home net. I switched to an amazon ec2 micro instance. much better speeds, reliability, and quality.
errorcod3 said:
I was using my rpi for awhile on my home net. I switched to an amazon ec2 micro instance. much better speeds, reliability, and quality.
Click to expand...
Click to collapse
1. Is AWS EC2 behind NAT?
2. Anyone has an updated guide for installing asterisk 1.8 or 11 on EC2.
errorcod3 said:
I was using my rpi for awhile on my home net. I switched to an amazon ec2 micro instance. much better speeds, reliability, and quality.
Click to expand...
Click to collapse
That is an awesome idea, but how much does it cost to keep it up 24/7?
Here is my scenario:
I have several locations that expose resources to over the public network for the purpose of monitoring (cameras, networks, etc.).
I secure access using multiple layers. In addition to the standard user name and login, I also do a reverse DNS check on my firewall to make sure the traffic is coming from either another one of my locations or my mobile phone. To accomplish this on my phone, I would need a dynamic DNS update client for my phone.
I know I can accomplish this by visiting the website and forcing an update, but I would rather have it automated.
Thanks in advance for your help,
Mike
The protocol isn't very complicated, so you could whip up such an app pretty easily if there isn't already one in the store. On the other hand, it's not the kind of thing most people would find useful. Even leaving aside the fact that Dyn just killed their free accounts, it's usually aimed at servers (game servers, remote desktop/ssh servers, VPN servers, home web servers, etc.) and one doesn't generally run a server on their phone.
Hi everybody,
Let's say I have 20 RPis each located in different cities. I want to be able to monitor them, transfer files to/from them, control them, etc. remotely and securely from my office.
I searched for possible solutions in the past few days, and found the following solutions:
1. Port Forwarding
2. VPN
3. Using some 3rd party websites like RealVNC, Remote3.it, TeamViewer, etc.
As I've understood, the port forwarding is the least secure solution in this list. Also, 3rd party websites have limits on the number of Pis you can access in free versions. Besides, they are not open source, so you cannot design your desired monitoring system/interface based on them. Hence, the VPN seems a better solution all in all.
As for the VPN, I searched the net a lot, but in most of the relevant tutorials, the RPi is the server, and the PC is the client. There's no problem in being so, until you have only 1 RPi to remotely access to.
Now here are my questions:
1. If I want to remotely access to 20 RPis in different locations and monitor them from 1 PC, what configuration shall I use !? 20 VPN servers + 1 client !? How is this possible !? Or shall I change the configuration to 1 server + 20 clients !? If so, how shall I do that !?
2. Are there any other methods for remote access to RPis securely from the office!? (else than those 3 ones listed above)?
Thanks.
RealVNC works pretty good, im using it on a couple of my Pi's running Raspbian Jessie to monitor cameras.
I'd prefer port forwarding with password-login disabled and only use key-based login. Then config all the Pi's in your ssh config file to login via ssh [email protected], ssh [email protected] and so on.
If port forwarding is a problem I fancy the solution of using autossh to connect all your Pi's to a central server. You can then use this central server as a reverse SSH proxy to connect to each Pi using ports local to the central server. This works even if you have no access to port forwarding and even if the IPs to the Pi's are changed.
Well look here! There's an existing thread covering this
https://forum.xda-developers.com/showthread.php?t=2195040
What about Teamviewer on RPI?
pages.teamviewer.com/published/raspberrypi