Hi,
I wrote small app which makes using IPTABLES some small functionality to teeher vpn. If you have de.blinkd.openvpn and yor device is rooted, you may use my app and use Openvpn connection by access point from your phone.
My app called autorun takes connection from openvpn client mentioned above, and uses openvpn to make connection automaticly, and then executes iptables to masquerade local network to the vpn connection.
It works on H60-L12 wtith Kitkat and lolipop too.
If you will be interested in, I may publish source conde.
App is in polish and english language.
I'll be very glad if you take some time and try to test it.
It's my first app for android, so any suggestions will be appreciated.
Ling for the app: https://play.google.com/apps/testing/eu.grzegorzstepien.autorun
Best regards
GrzesiekS7
Related
Anybody out there successfully doing IPsec VPN on a windows mobile device ?
I'm having a devil of a time getting anything working.
Thanks,
DLD
OK how about IPsec VPN with ANYTHING [email protected]#$?
DLD
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)
can you share sir what app you used for us to use? i have and S3 also and we have a Watchguard XTM 5
End_Bringer said:
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)
Click to expand...
Click to collapse
The only available client that I have been able to get work is ncp vpn client with a mobile user ipsec tunnel to connect to my watchguard x515
Ran trial for a week and just pulled the trigger.. Very happy.
Sent from my SAMSUNG-SGH-I747 using xda premium
Hey all,
i have a Cisco VPN profile consisting of the following:
VPN HOST
VPN Groupname
VPN Grouppassword
VPN Username
VPN Userpassword
Search Domain
On my Nexus i use CM RC3 with Open VPN, BUT:
Where do i enter those credentials in the OpenVPN settings exactly?
Can anyone guide me through?
THANX
Tigger
You could try this app:
http://code.google.com/p/get-a-robot-vpnc/
I haven't had much luck with it, the domain setting doesn't seem to work for me.
I'll post more detail later when I'm near a full size keyboard.
Sent from my Nexus One using XDA App
THX, gonna try this
Edit:
i was able to establish a connection, but only via WiFi, not via EDGE
What can i do about this issue?
Also, this whole thing is totally unstable...
Edit 2:
i was able to set up a connection ONCE... but never again =(
There is an app called vpn connections that I'm use fairly regularly to connect to a cisco vpn. It might be worth a try.
i did. the result is above your post -.-
no one to help me with this? =/
**UP**
still noone?
recently i installed the last eclair kernel from Dalingrin (2/25/11), which among other great things, implements netfilter/iptables
i was able to install both TransProxy and AsProxy, but since i need ntlm authentication to connect to the internet in my office, only AsProxy would be useful for me, but when i hit the start button, it says that the iptables were not found.
has anyone been able to connect to the internet thru a proxy server (in my case an ISA Server), with any of the above mentioned programs or another one?
Have you gotten your iptables to show up yet?
I havent gone the route of ROM yet but I probably will have too. I have asproxy and Orbot (TOR client) installed but without iptables they are useless.
wrenchneck said:
Have you gotten your iptables to show up yet?
I havent gone the route of ROM yet but I probably will have too. I have asproxy and Orbot (TOR client) installed but without iptables they are useless.
Click to expand...
Click to collapse
I have the same issue too. Peharps Dal could compile the Kernet to support iptables.
What I had to do for this is set up OpenVPN... Violates my work policy, but oh well. Couldn't figure out how to get it set up any other way.
Technically I did set up an access point on a CentOS box with a transparent proxy, but that doesn't handle syncing which I need at work as I use my tablet during meetings and need to have my schedule up to date etc..
Did you heard about Honeycomb 3.1? Now you can set up proxy and user/psw on the wifi configuration. Nice.. It should be very nice if CM7 got this too...
now a day i m in hostle and new to android
in hostle i have to use proxy server over wifi
i have searched but could not find a better solution
if any one using it plzzzzzzzzzzzz help me
have used trans proxy for this there is a requirement for iptables/netfilter and rooted device i have rooted the g1 but i dont know how to use iptables/netfilter
suugest me any rom which gives wifi option in contex menu or support iptables/netfilter
why dont you use encrypted VPN instead?
gyugyujol said:
why dont you use encrypted VPN instead?
Click to expand...
Click to collapse
wht is that how to use it????
well..
it is in the Wireless settings section. i guess you should use L2 IPSec.
briefly: have to set up a VPN server/connection point at home or wherever, and you'll connect to that from anywhere given that there's an open outbound port to the internet where you are currently. than a connection will be built up creating a "tunnel" through which your packets will be transferred to the VPN host where itt could be routed and NAT-ed to the internet unrestricted.
adding IPSec or other methods of encryptions will make your connection secure.
i've never tried it on my phone but since its based on linux it must be the same way as at desktop system.
you should check documents and howtos on the internet and check for apps at Market if the androids builtin is not satisfying!
gyugyujol said:
well..
it is in the Wireless settings section. i guess you should use L2 IPSec.
briefly: have to set up a VPN server/connection point at home or wherever, and you'll connect to that from anywhere given that there's an open outbound port to the internet where you are currently. than a connection will be built up creating a "tunnel" through which your packets will be transferred to the VPN host where itt could be routed and NAT-ed to the internet unrestricted.
adding IPSec or other methods of encryptions will make your connection secure.
i've never tried it on my phone but since its based on linux it must be the same way as at desktop system.
you should check documents and howtos on the internet and check for apps at Market if the androids builtin is not satisfying!
Click to expand...
Click to collapse
i am unble to use that
i dont know how to set all these things
Use Froyo by Laszlo it supports proxy over wifi
Ok so a while back I discovered that after you gain root access to the BIONIC (probably works with other too. idk...) you can make changes to iptables. For those who don't know what that is: It's a built in firewall that handles packets as they come in and leave your phone. This is pretty much the defacto standard for any Linux machine to date (please enlighten me if I'm wrong). Anyhow, after discovering this I came up with an idea to see if I could pipe my hotspot directly into my openvpn tunnel. Well, after a bit of web research on how iptables works I was able to get it up and running. HOWEVER I'm not an expert at this yet, and my config definitely has a flaw in the fact that I leave the phone completely vulnerable on the "rmnetX" interface, as I completely flush the old tables to add mine, leavign the firewall WIDE OPEN. I'll post a fix as soon as I can come up with one. In the mean time here's the steps to take to get your phone to be a hotspot access point to your openvpn network!
**PHONE MUST HAVE ROOT!!!!***
1) Follow along and setup an OpenVPN server http://openvpn.net/howto.html
2) Install "OpenVPN Installer" and "OpenVPN settings" from Google Play marketplace (both are free)
3) Run OpenVPN Installer and install OpenVPN client to your phone. The defaults should be fine.
4) Create a folder called "openvpn" ont he root of your INTERNAL sdcard. IE "/sdcard/openvpn
5) Copy your client keys that you made during your OpenVPN setup to your phone into the /sdcard/openvpn directory (client.crt, client.key, ca.crt, and ta.key)
6) Copy over the client.conf file as well. You will need to tweek this a bit to call your certs from the /sdcard/openvpn file as well as putting in the public IP to connect to. Keep in mind if you are doing this at home you will need to PAT/NAT this connection accross your firewall on udp port 1194.
7)Ok, at this point you just want to make sure your OpenVPN connection works. So open up OpenVPN settings and try and connect to your VPN, if you can connect and brows to shares inside your network over the 4g connection EXCELENT! MOVE ON! If not refer to the OpenVPN HOW TO!!!
8) After that's done you neet to get the Verizon HotSpot Tether working, There's a hack for it on the web. Google "BIONIC Hotspot SQLite Editor"... in the mean time I'll try and walk you through it.
a) get SQLite Editor from Google Play
b) open it and scroll down to "Settings Storage" (the one with the hammer icon), open "settings.db", then click settings. You should see a long list of database entries. Click the magnifying glass and under "Filter Value" type "check".
c) you should then see 4 results, one being "entitlement_check". Long press on the "1" next to "entitlement_check". Click "Edit Field" and change the "1" to a "0".
d) Reboot and try running the stock "Hotspot" app, it should work now!
9) Run the Hotspot app and confirm it works properly and can connect clients.
10) After you have a working Hotspot and a work OpenVPN you can then start the iptables magic!!!
**This is fairly safe, no need to worry about bricking just reboot if you screw up!***
11) Download and install "Android Terminal Emulator" and run it.
12) at the prompt type in "su" to gain super user access
13) you should now be at a root shell ("#") NOT $
14) at the prompt(#) type this: iptables -S <-This shows you the entire iptables rules, as you can see it's crazy complicated!
15) Run OpenVPN and Hotspot and confirm both are connected and runnign before issuing rule changes in iptables. So run both applications now.
16) Confirm VPN is connected and Hotspot is runnign by issuing the command "busybox ifconfig". If your VPN is up you will have a "tun0" interface and if the Hotspot is up there should be a "wlan1" interface.
17) If both are up then all you need to do in order to give hotspot clients access to your VPN resources is this:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A FORWARD -i tun0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan1 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i wlan1 -o tun0 -j ACCEPT
The first 10 commands flush your old iptables, and the last 3 commands masqarade your wlan1 interface to your tun0 interface, funneling your clients down the VPN. Keep in mind that you will have to allow this via your openvpn server.conf file. See HOWTO For OpenVPN.
Enjoy!!!
I am confused and would like to know why we want net on VPN if we have WiFi hack for a router
Could Could we link a com port on bochs emulated windows xp?
With the WiFi hack edit or tether for root user you can use this IP addr add like below to add router capabilities, or change wlan0 to your phone's 4g rmnet or tun0 to add router to any connection, can you tell us what we would use VPN for give an example
su
ip addr add 192.168.1.0/24 dev wlan0
http://www.filedropper.com/comgooglecodeandroidwifitether-1
I use this apk to wifi tether, same as wifi router, will probably need root to use it I am not sure, but you dont need to type: ip addr add 192168.1.0/24 dev wlan0, I do just because it helps make good connections for most wifi devices
This will make your WiFi capable of being used as a router, you still need root WiFi tether or the hotspot hack like you posted but this makes wlan0 a router
I mainly use this to share files that I have on my NAS at home with friends at work. First I create a hot spot, then I connect my VPN, then I masquerade the traffic. On the server side my openvpn configuration is set up so that it trusts a specific subnet coming from behind the openvpn host (IE my phone's hotspot subnet) This provides a nice and easy means of giving friends controlled access via your mobile hotspot without needing to generate RSA keys for each of your friends. Another thing I like to use it for is when I travel I just set it up in the corner and watch movies from home on my laptop over the VPN through the hotspot.
-Ed
DroidisLINUX said:
I am confused and would like to know why we want net on VPN if we have WiFi hack for a router
Could Could we link a com port on bochs emulated windows xp?
With the WiFi hack edit or tether for root user you can use this IP addr add like below to add router capabilities, or change wlan0 to your phone's 4g rmnet or tun0 to add router to any connection, can you tell us what we would use VPN for give an example
su
ip addr add 192.168.1.0/24 dev wlan0
http://www.filedropper.com/comgooglecodeandroidwifitether-1
I use this apk to wifi tether, same as wifi router, will probably need root to use it I am not sure, but you dont need to type: ip addr add 192168.1.0/24 dev wlan0, I do just because it helps make good connections for most wifi devices
This will make your WiFi capable of being used as a router, you still need root WiFi tether or the hotspot hack like you posted but this makes wlan0 a router
Click to expand...
Click to collapse
edw00rd said:
I mainly use this to share files that I have on my NAS at home with friends at work. First I create a hot spot, then I connect my VPN, then I masquerade the traffic. On the server side my openvpn configuration is set up so that it trusts a specific subnet coming from behind the openvpn host (IE my phone's hotspot subnet) This provides a nice and easy means of giving friends controlled access via your mobile hotspot without needing to generate RSA keys for each of your friends. Another thing I like to use it for is when I travel I just set it up in the corner and watch movies from home on my laptop over the VPN through the hotspot.
-Ed
Click to expand...
Click to collapse
Or you could get Qloud Media Server, and be able to assign access to different sets of folders in your home network using username/passwords. And it costs $3.00 or $0.00 if you have a getjar pass.
This is a really cool idea, thanks for sharing.
On a somewhat unrelated note, is the VirtualBox method still the preferred means of rooting a Bionic on 4.1.2 (98.72.22)? Trying to figure out how easily I can root a friend's phone but I can't really find any consolidated source of up-to-date information. =\
TweakerL said:
Or you could get Qloud Media Server, and be able to assign access to different sets of folders in your home network using username/passwords. And it costs $3.00 or $0.00 if you have a getjar pass.
Click to expand...
Click to collapse
I think you might be confusing folder access/authentication with network access/authentication. The VPN would give you access to your network remotely via 4g/3g and yes i suppose you could use the Qloud Media Server to provide access to folders. I'm not really sure what that is, never used it but it sounds like something that provides a service via 3rd party to get access to you remotely. The third party is avoided all together witht he VPN solution. You don't have to give any sort of ingress access to any third party app. You're phone will think it's part of your home network. Also someone asked about having network bridged when you have a wifi hack... it would be purely up to you weather or not you'd want your HTTP traffic to go through the VPN or not... that's different than what I'm providing here. This is strictly for using your phone as a WiFi hotspot router that forwards all of your traffic to your VPN connection (IE your house) so that connected wifi clients would be accessable via your home network and visa versa. You could also just make a VPN hotspot and generate RSA keys for each host connecting to the hotspot.... your choice. Mine works better in a way that I maintain constant view over every device including the phone that is acting as the VPN mifi hotspot.:silly:
how to undo this? i cant connect my hotspot.