After many months of searching to find out why my mobile broadband connection was so slow alot of the time yet downlaods were fine.i finaly found out that hdspa/gprs name servers can be terribly slow. So i changed them to opendns and now its all fast.
So, im wondering if its possible to do the same with the G1. I know you can do it with windows mobile.
This could improve the G1's possibly, as i have noticed that sometimes web page response slows down alot, just like my mobile broadband. Both are tmobile. G1 on tmobole, and usb modem on tmoble
you can try "setprop net.dns1 [ip]" in the terminal. this will work as long as the network state stays the same. if the phone did a dhcp, those settings will be overwritten.
you can change the nameserver in /etc/resolv.conf
Sounds like a good opportunity for another Root app.
sweet ill give that ago, only trouble is, root terminal cant access su, complains about the super user process cannot be found.
running haykuros h build which i reckon has somthing to do with it, running the super user program just brings up a black scree, hmmm
The problem of dns changing notwithstanding, I would not recommend using opendns in conjunction with 3G or any other system where multiple users share one public gateway. The reason is dns poisoning.
Opendns provides a service where you can manually set dns resolves for your ips accessing opendns. Meaning I could say, change www.yahoo.com to redirect to www.google.com for all users in my home network. The problem is that i've seen malicious users registering themselves as the administrators of the ips of some T-mo gateways. This would in effect give them control of dns for G1 users using opendns as their resolver.
Related
Does anyone know of an app that allows your phone to become a web proxy?
Let me explain my situation... I work for a corporation that filters all their internet connections through a web proxy, which sucks cuz I can't visit any of the fun sites... one way around this I've found was to use ICS on my phone but that interferes with the default gateway on the current network.
All traffic on the network by default goes to an internal gateway on the local intranet and it really needs to stay this way because there are too many work ip's and ports to be able to statically route all of them through a specific destination and leave the default gateway as the ICS 192.168.1.1.
I have been able to create static routes to specific ip addresses (like my home computer) which override the default gateway and use ICS instead.. this is great but obviously not that great for web browsing and masking my use on the internet... what I would like to be able to do is set the HTTP proxy to my phone and have it handle all of the redirection... that would allow me to have a single route in the routing tables but span out to wherever I want on the web...
Oh, and yes, I have thought of just setting up a proxy on my home comp and routing through the phone -> home comp -> back through phone but that obviously limits me to the upstream bandwidth of my home network... which isn't TERRIBLE, and is feasible but obviously if I could eliminate the extra jump it would be much much better.
I can handle the routing tables np, they're easy to add from command-line.. problem is I need some kind of a proxy application on the phone that will handle all of the HTTP calls... anyone know of an application such as this?
Thanks
Hm can't say I know of an app that does this... it is planned for one of the upcoming releases of WMWifiRouter but that's still a while away and may give you the gateway issue again.
Chainfire said:
Hm can't say I know of an app that does this... it is planned for one of the upcoming releases of WMWifiRouter but that's still a while away and may give you the gateway issue again.
Click to expand...
Click to collapse
Ya I did more googling and still can't find anything... I just setup dante server on my linux vm at home and got a good socks proxy going.. seems to be working very well.. my upstream on cable is 80k/sec so that's not too bad I guess.
I'll keep an eye on wmwifirouter release notes though thanks
Hello,
If I connect via wap.cingular (my account cannot connect on isp.cingular) I am having major issues using outlook web access, rapidshare, and a few other web apps. this is apparently due to ATT rolling my IP address every few seconds.
If I go on my phone (HTC FUZE/RAPHAEL) to http://whatismyip.com/ and refresh the page a few times, I get a different IP almost every time. it is always in the same subnet, so far (only the last numbers change ie, aaa.bbb.ccc.xxx, where xxx changes all the time, and a, b, and c, don't).
I use a huge load of data. Have they put me on some blacklist because I stream media all the time? This actually doesn't affect streaming media, but it screws up legitimate work usage.
Is there some keepalive utility I could use that would fix this as a countermeasure? Is anyone else running into this, or am I just special?
Thanks in advance for your help
wwwes said:
Hello,
If I connect via wap.cingular (my account cannot connect on isp.cingular) I am having major issues using outlook web access, rapidshare, and a few other web apps. this is apparently due to ATT rolling my IP address every few seconds.
If I go on my phone (HTC FUZE/RAPHAEL) to http://whatismyip.com/ and refresh the page a few times, I get a different IP almost every time. it is always in the same subnet, so far (only the last numbers change ie, aaa.bbb.ccc.xxx, where xxx changes all the time, and a, b, and c, don't).
I use a huge load of data. Have they put me on some blacklist because I stream media all the time? This actually doesn't affect streaming media, but it screws up legitimate work usage.
Is there some keepalive utility I could use that would fix this as a countermeasure? Is anyone else running into this, or am I just special?
Thanks in advance for your help
Click to expand...
Click to collapse
I'll plead ignorance on this, but I always switch off the proxy for the media net and get great usage for doing that. I don't know if you have tried it yet, but here is what I do.
Start/settings/connections/connections
Once it brings up the page, click advanced on the bottom.
Select networks
I use media net for both drop down. Click on edit. Select Proxy Settings on the bottom. Uncheck this network uses a proxy server to connect to the internet.
If you cannot get to the edit because it is not available, all you need to do is install the HTC Connection Setup and run it. Soft reset and the settings are available. It just rewrites the information but undoes what AT&T did to the phone.
Hope this helps.
Thanks for the reply.
I also use media net without the proxy. I only have issues with timeouts on my outlook web access server, and sites like rapidshare that make you wait 30 seconds to download a file and then complain of session timeouts.
With the proxy I get an IP address range in the 162.xxx.xxx.xxx family, which interestingly enough whois reports to be a verizon dsl modem address.
Without the proxy I get an IP address range in the 32.xxx.xxx.xxx family, which is ATT.
Either way, the address rolls every few seconds.
one workaround I have found is that Opera mini apparently uses an opera-run proxy server to access the internet, and opera mini does not have this logout issue on my outlook web access server even when the IP address rolls, since the proxy is not changing.
I believe the ISP.cingular APN would also fix this issue, but I have yet to find anyone at ATT willing to add it to my account so I can try it out, since they sell it with a tethering plan as an extra feature. I would have to convince my employer to add this to my plan, which is not likely.
How could I get the IP address to my G1? thats the Ip my phone uses for internet not the ip when its connect via wifi
You have a couple options. Using Terminal Emulator you can use the netstat command or you can use the easy way and go to www.ip-address.com. What do you need your uip address for anyway? You can't remote in through edge or 3g like you can wifi though telnetd.
thanks...................
aad4321 said:
now i dont know the name of the app which was released last week in the market, but it uses dynamic dns and updates your G1's IP address automaticly to a domain name.
Click to expand...
Click to collapse
You're referring to DynDNS and you can also find it in some routers. Unfortunatly, I believe there is a service charge for it. I use no-ip instead because it works just as well. But as far as I know DynDNS is the only app that offers this. But again... why do you need it??? I noticed that when I go to whatismyipaddress.com and when I do Netstat in Terminal Emulator I get two different ip addresses. I don't know what's up with that but I'm thinking that the netstat is the ACTUAL ip address and the ip address shown on the web site is a proxy. I would imagine that T-Mobile would not be stupid enough to leave their subscribers phones open to everyone else. It's very simple to get someone elses ip address if you're a host of a web server since all ip addresses are logged and without security (such as a proxy) it could leave all users vunerable. So my conclusion... if you had your real ip address... what do you plan on doing with it? You can only access your G1 through WiFi as far as I know. But correct me if I'm wrong.
I have a stock Samsung Vibrant. It connects to my home wifi network just fine and is very fast.
At my school we have to register the mac address' of devices we have on their Clean Access servers. I have registered many devices that work fine.
I registered the mac address of my Vibrant, and it can connect to the wifi, but it will not load a web page. Does anyone have any idea of what is wrong.
I also registered my roommates Vibrant. His does not work either.
I work at the Schools Tech Support so I have access to register and edit my phone on their Clean Access servers.
Does anyone have any solutions?
are you using WPA/WPAv2 or WEP + RADIUS authentication? Does your vibrant obtain an IP address successfully? Can you ping the default router?
The wifi that works at my apartment is WPA2.
The wifi at school is an open network. I can fully connect to their wifi.
Status Connected
Speed 48Mbps
Signal Strength Good
Security Open
IP address (a real IP address)
Im going out on a limb here. I am going to say its the Clean access and your "open network". I assume on your schools computer you use your student ID and some password. Your phone would need the same thing if that is the case. I know at my school, iphones are the only phones that can access our clean access. If its not the case then i am sorry.
my school runs clean access and it works fine. but they have two networks a guest and a login. i use the guest cause i don't want to waste the time to login. but i can try it on monday. typically with linux (i.e. android) you have a web portal and have to agree to some antivirus bs by clicking a button and that's it (and login for the non guest network). one thing i have noticed, though, is that typically i have to turn wifi on, connect to the network, try to load a page, it doesn't work, then i turn wifi off then immediately back on and try to load a page and it takes me to the login/terms portal page.
GTASouthPark said:
The wifi that works at my apartment is WPA2.
The wifi at school is an open network. I can fully connect to their wifi.
Status Connected
Speed 48Mbps
Signal Strength Good
Security Open
IP address 140.209.21.68
Click to expand...
Click to collapse
You should remove the IP from post. Anyways, it seems like the handshake is good. Note down the address of redirected terms and conditions page you get when trying to go online from a laptop. Then enter the same address in vibrant's browser once you are connected through Wifi ( or set it as homepage) and see if that lets it through.
Probably an issue with Android's lack of native NTLM support. AFAIK this is still unresolved. Have you tried using Fennec rather than the stock browser? I've heard you can authenticate properly using it.
Siks said:
Probably an issue with Android's lack of native NTLM support. AFAIK this is still unresolved. Have you tried using Fennec rather than the stock browser? I've heard you can authenticate properly using it.
Click to expand...
Click to collapse
interesting. i use dolphin hd and it works for the clean access web authentication page.
Could be, if your school does not have a guest account login for devices, that you are getting on the segregated network because CA cannot verify the "cleanliness" of your device. When I setup CA it verified patch levels and such on the non-guest network, so unless CA comes out with a Android client/access list, it may not work.
watcher64 said:
Could be, if your school does not have a guest account login for devices, that you are getting on the segregated network because CA cannot verify the "cleanliness" of your device. When I setup CA it verified patch levels and such on the non-guest network, so unless CA comes out with a Android client/access list, it may not work.
Click to expand...
Click to collapse
except then it wouldn't allow osx or linux. clean access requires an app for windows to verify service pack and av and whatever, but for linux and osx it doesn't. it wouldn't be able to (at least for linux).
funeralthirst said:
except then it wouldn't allow osx or linux. clean access requires an app for windows to verify service pack and av and whatever, but for linux and osx it doesn't. it wouldn't be able to (at least for linux).
Click to expand...
Click to collapse
That is correct but it can ID the operating system and has exceptions for those flavors ...
Hey it's me again.
I don't think it's an android thing because I had my G1 on the servers.
Normally what happens if you aren't registered on Clean Access is, if you open a web browser, you will be automatically redirected to an authentication page where you put in your school ID and password. This would work fine and allow me to get on the wifi, but it never came up on the web browser, it just tries to load the page for awhile and goes to a 'Page cannot be displayed' page.
Also I have tried using different browsers, including Dolphin HD.
If I can just get to the authentication page even it will be fine, I could work with that.
Also the school does have a guest login, but you have to get to the authentication page, and I wouldnt want guest access since it limits time, bandwidth, and features.
That is exactly what I said my last reply...Try putting https infront of your authentication URL, and make sure the java-script etc. is on in your browser...Try clearing cache and hit refresh as well. Also, see what happens if you set that URL as homepage...
GTASouthPark said:
Hey it's me again.
I don't think it's an android thing because I had my G1 on the servers.
Normally what happens if you aren't registered on Clean Access is, if you open a web browser, you will be automatically redirected to an authentication page where you put in your school ID and password. This would work fine and allow me to get on the wifi, but it never came up on the web browser, it just tries to load the page for awhile and goes to a 'Page cannot be displayed' page.
Also I have tried using different browsers, including Dolphin HD.
If I can just get to the authentication page even it will be fine, I could work with that.
Also the school does have a guest login, but you have to get to the authentication page, and I wouldnt want guest access since it limits time, bandwidth, and features.
Click to expand...
Click to collapse
did you try turning on wifi, wait for it to connect, try to load a page (any page because it will redirect you), wait for it to time out, pull down the notification bar, turn wifi off, turn it back on and then reload the page? i know it sounds dumb, but this is the only way i've got it to work at my school and it works every time...
watcher64 said:
That is correct but it can ID the operating system and has exceptions for those flavors ...
Click to expand...
Click to collapse
to what flavors? i'm guessing android will show as linux since it's based off a linux kernel. more than likely it checks for windows, and if false goes to the default linux/osx page because to clean access those aren't threat os's.
VICosPhi said:
That is exactly what I said my last reply...Try putting https infront of your authentication URL, and make sure the java-script etc. is on in your browser...Try clearing cache and hit refresh as well. Also, see what happens if you set that URL as homepage...
Click to expand...
Click to collapse
they don't have the authentication URL on their homepage so I don't know what it is, it should automatically redirect me to it.
Also when I connect to wifi, try to load a page, let it time out, turn off wifi, turn it back on and connect again, and then refresh the page.. nothing happens it times out again.
Ok so I did find out the authentication page URL. Typed it into my phone. I had high hopes when a page saying "You are being redirected to the network authentication page. If you are not redirected automatically, then please click HERE".
Anyway it did redirect me, to a "Web page not available"... etc.
In the default browser it gave me the error... "Data connectivity problem. A secure connection could not be established". umm wtf?
Can you communicate with other protocols/ports? I used to be able to exploit a bug with our school's CCA servers where I could just connect unauthenticated and use SSH. (Maybe it was a feature?)
I can't use any other web protocols.
Bump. Okay. I've figured out how to do this . '
it's a t mobile vibrant either kernel or rom problem. My phone connected the very first time I tried to use it at an argosy site, then never ever ever again.
so. I used wifi manager to find out what the ip, gateway, subnet mask, and dns 1 and 2 were. I went to settings, wifi, options key to go to advanced options, from there selected static ip and entered all the info I gathered
bam! ! Connected every time.
Oh and btw, the reason I say its a tmobile vibrant rom or kernel problem is that on fusion, Eugene's and bionix final, I was able to connect right away, every time . And on my f friends att fascinate and verizon captivate, they never had to enter the static ip like I did. They connected right away every time . Yet everyone I know that had s vibrant kept having the same proble. m i did .
Tmobile. What a piece of ****. Anyway I figured nobody had this figured out so I'd jump in.
Hope this helps out some people. GL
This is a simple tutorial to allow you to connect to the internet using VPN through your home router.
:NOTE: At present, the steps here are sparse. They assume some technical capability to set things up yourself, this is just kindof a guide as to WHAT you'll need to setup.
Why, you ask? Security. Using a VPN will essentially encrypt your communications though a tunnel back to your home computer. Not going into all that here, basically a simple guide. I assume we're all smart here, so the basics.
Prerequisites
1. DD-WRT V24 Capable router. If you don't have this, then you will need to instead use a different method involving installing software on your PC that I won't cover here. The advantage of the DD-WRT router is ease of setup on the router, and not having to have your computer turned on.
2) Capable Android Phone & Provider. I can't troubleshoot your ROM or provider. Some Android Roms don't support VPN, and it's broken in some. Some providers apparently block it. If your Rom is good and your provider doesn't block it, you're golden. In some cases (such as on the G2X) custom kernels (such as Faux123's) will add the necessary TUN support. Or you may need to add a TUN.KO file if it doesn't... again, device specific, refer to appropriate device forums.
3) If you don't have a static IP (I assume you don't) you'll need a dynamic DNS provider compatible with DD-WRT. I prefer freedns.afraid.org, but you can use any o these: dyndns.org, zoneedit.com, No-Ip.com, 3322.org, easydns.com tzo.com or dynsip.org.
Got all that? Great!
Okay, here's the fun bit.
STEP 1
First, you need to hack your router. It's a LOT like rooting your Android phone. How to do it is BEYOND the scope of what I can write here, but what you need to do is visit http://www.dd-wrt.com and have a look around. Or, you can actually purchase routers with DD-WRT pre-installed. Basically you have to flash a custom ROM onto your router. It needs to support VPN, and be at least version "v24 SP1". Older versions may have a DIFFERENT VPN setup that's not as easy. Don't say I didn't warn you. I flashed the full-featured VOIP version to my router, a Buffalo WHR-G54S.
Unlocking (if necessary) and flashing your router with DD-WRT is a topic as broad as rooting/flashing Android - so I can't help you here. But once it is done, you are ready for....
STEP 2
Setup your dynamic DNS provider. I used http://freedns.afraid.org/ to do this. Basically you go to the site and sign up for the free "subdomain" services. You can pick a name that will be on a number of different domains, such as "us.to", where you could maybe pick something like "kick.us.to" if it isn't taken yet. All that matters is you remember the name.
Next, in DD-WRT, go to the Setup->DDNS tab and select the proper DDNS service and enter the information it asks for -- your service used, username, password and hostname usually. You can usually leave update interval at the default, and normally you don't need to use external IP check.
NOTE: You need to make sure you are not "Double NAT-ed".. this means two routers stacked is a nono. If you have a router connected to a cable/dsl router (instead of a cable/dsl modem), then it needs to be set to BRIDGE mode. Again.. complicated and really a topic best dealt with on its own.
Once you've setup your Dynamic DNS, you're well on your way. You can actually use that hostname for all sorts of things, such as always being able to get Audiogalaxy to connect to the right host without having to know a numeric IP that could change.
STEP 3
You're on a roll... Now, time to setup the VPN in the router. This is done under the Services->VPN tab. If that tab doesn't exist, then you got the wrong version of DD-WRT and need to go back to Step 1.
Enable PPTP Server, Broadcast Support, MPPE Encryption. Under Server IP enter your ROUTER's IP address (usually 192.168.1.1, or whatever you use to connect to your router). Under Client IP's, enter the range of clients on your local network in the format: 192.168.1.100-149 (where 100-149 represents possible IP addresses I've set in DD-WRT for my LAN)... this doesn't seem as important since we'll be connecting from outside.. Just do it.
Under CHAP-Secrets enter in your preferred username and password in the format:
username * password *
that is, the username, a space, *, a space, the password, a space and then *
Save and apply settings. (You need to click both SAVE and APPLY, DD-WRT is weird like this)
STEP 4
Back to Android! Yay! This part of the procedure may vary by phone, but this is how it is on my Gingerbread T-Mobile G2X with faux123's kernel.
Goto Settings->Wireless & Networks->VPN Settings->Add VPN->Add PPTP VPN
VPN Name=whatever you want
VPN server= your dynamic IP name you selected in Step 2
Enable encryption = Yes
now, hit Menu->Save
You should now see your VPN listed under VPNs. Click on it, and select CONNECT. Type in your username and password you selected at the end of Step 3.
It should connect. CONGRATULATIONS!
You should also have a notification in your taskbar that will now let you disconnect from the VPN.
STEP 5
Enjoy! .. wait, what? It didn't work? It did for me!!!
I guess.... ask questions here, or if it appears to be a phone issue, ask in your device's appropriate forum (and link to this thread so people know what guide you're following)
And, if anybody reading this is a better expert in setting this stuff up than I am, feel free to critique/laugh/criticize/constructively comment on this little howto and I'll correct anything I Rick Perry'd.
Nice tutorial! Would have been better if you also included more details in hacking our router
DroidVPN said:
Nice tutorial! Would have been better if you also included more details in hacking our router
Click to expand...
Click to collapse
I would have, but like I said, that's a topic as big as phone hacking itself. Every model of router is going to be different! There may be models that support VPN in the router as well without DD-WRT, but I'm not familiar with that setup.
DD-WRT's website has a pretty huge forum on what routers are compatible and how to set it all up.
The optimal speed can be achieved by the compression of traffic and by minimizing server loads. Web acceleration will enable you bring about a drastic improvement in the web page response time. This kind of acceleration usually come in lesser costs and offers the best web application performance.
So Wat does this do? Keeps u secured from the eyes of the ISP?.. harder for others to hack u?...
Sent from my HTC Desire using xda premium
evilgenius00 said:
So Wat does this do? Keeps u secured from the eyes of the ISP?.. harder for others to hack u?...
Sent from my HTC Desire using xda premium
Click to expand...
Click to collapse
lotherius said:
Security. Using a VPN will essentially encrypt your communications though a tunnel back to your home computer.
Click to expand...
Click to collapse
Yeah, that.
...
10char.
Nice TUT, VPN working
Thanks. I mostly appreciated the idea of using afraid.org.
For some reason, Dyndns and no-ip wouldn't work with ICS as client.
thanks for this tut, keep it up
nice.. thanks for sharing
The cool thing is, once you start hacking your router, you open up all sorts of fun. Like using a virtual wireless network to bridge the open wifi network that gets 1 bar of signal in one little corner of your apartment to be a full strength WPA protected network with your own SSID and subnet that all of your devices can use ... not like I would do such a thing. Now, I *am* a bit afraid to try to set up a VPN on the bridged virtual network..... that could get complicated.
Will this also work with OpenDNS?
Already running DDWRT v24 on WRT600N, and trying to figure this VPN stuff to connect my Atrix running CM10. Thanks for any help
katinatez said:
Will this also work with OpenDNS?
Already running DDWRT v24 on WRT600N, and trying to figure this VPN stuff to connect my Atrix running CM10. Thanks for any help
Click to expand...
Click to collapse
Any service which gives you a stable hostname to the outside network should work.
If you have a higher end router that supports the mega builds (8MB flash), then you can opt for OpenVPN which is more secure than PPTP. Setup is more complicated though.
australix said:
If you have a higher end router that supports the mega builds (8MB flash), then you can opt for OpenVPN which is more secure than PPTP. Setup is more complicated though.
Click to expand...
Click to collapse
Still using a (now antiquated) Buffalo WHR-G54S which has 4MB flash and 16MB Ram... so while it has a lot of features, OpenVPN is lacking... so I can't test that method personally.
This Buffalo is the best router I've ever owned, though. I still can do without gigabit or N networking, so I'm not upgrading. I went through 5 or 6 bad routers (even a Linksys WRT-54G that crashed constantly) before I got this one.
Thanks for all the info here. I've deleted the post because I think my issue is with something else.
Thanks..
p
very...helpfull..!!!
Very easy guide! Thanks!
455
nice cool...
bumpin this because i have a question regarding this, i just set this up and it works great
there are mainly two types of auth vpn servers use, certificate authentication and username/password
i tried to set up password one, and you still need the server public certificate along with username/password, but you don't need client public and private keys unlike with cert auth.
now, i placed the server key, ca.crt, on my internal storage and together with username/password, works great, my concern is security of this file. this file needs to be accessible right, so you can't put it in /etc or /system, having it in internal storage, any app with storage permission can read it... isn't this a security risk? how is this solved? where do i put the file?
thanks
edit: also, how do i *prevent* network traffic without vpn? i know there is always on option and start on boot, but i did, and when the boot finnishes there is a brief moment when the phone connects on mobile network just before initializing vpn and in that brief moment android probably sends all sorts of passwords and data through the network ... how do i delay this until vpn is initialized?