So I now have a rooted RC33 and the handy little command line ssh (as well as connectbot). Now the only thing I need is a vpn client.
Certainly vpn clients exist for linux, so it should be possible to compile one to work on the G1, no?
I'm looking for a vpn client that works with the cisco vpn 3000 endpoint. Not sure of the details beyond that.
Can anyone point me in the right direction?
UPDATE: did some further poking around. I think what I want is a command-line linux ipsec vpn client that could be compiled to run on the g1. If I could find some open-source client and figure out how to build it for the g1, that would be great Who can point me to a tutorial for that?
Oh, I see that someone smarter than I is working on it:
http://groups.google.com/group/android-platform/browse_thread/thread/3beb70c46d237bd5
Hi,
I had a wild idea... is it possible to run Cisco Anyconnect within a chroot Ubuntu install and then setup the andrioid side of things to route all its IP traffic through to Ubuntu... and then out through the secure tunnel (and vice versa)? Essentially using the chroot Ubuntu as a proxy server for incoming/outgoing vpn traffic.
It seams like this could be quite a light weight solution, or even have vpnc running inside a stripped down lightweight (non-gui) ubuntu.
I'm guessing this might work if NAT is allowed by the vpn server, but I have no idea how to go about doing it... iptable manipulation on both the the ubuntu and android side of things I guess. This all assumes that ubuntu is trully being multitasked and not suspended.... sorry bit of a new comer to android so not entirely sure how it all works yet.
As I say, a wild idea.... no cisco vpn support is a bit of a show stopper for my xoom adoption (note I spent a couple of days trying to get vpnc running but it dies with library issues).
I was under the impression that OpenVPN connected to Cisco Anyconnect devices. If so, someone has that working already:
http://forum.xda-developers.com/showthread.php?t=972550&highlight=vpn
Cisco IPSEC VPNs are still not working, the tun.ko module in the above link either doesn't work with VPNConnections or VPNConnections doesn't work with the Xoom.
Thanks for the reply!
Yep, I installed OpenVPN and the tun.ko on Saturday... then I hit a brick wall working out how to configure openvpn for my coropoate VPN. I use Cisco AnyConnect on both Linux and Windows to connect to their radius server. My iPhone connects just fine as well.... over IPSEC __with__ a group id.
After doing quite a bit of web searching I came to the conclusion that OpenVPN doesn't work well with Cisco VPN?!? Hence the reason I was looking at vpnc and subsequently wondering about the chrooted linux vpn bridge type solution.
rinsewin said:
Thanks for the reply!
Yep, I installed OpenVPN and the tun.ko on Saturday... then I hit a brick wall working out how to configure openvpn for my coropoate VPN. I use Cisco AnyConnect on both Linux and Windows to connect to their radius server. My iPhone connects just fine as well.... over IPSEC __with__ a group id.
After doing quite a bit of web searching I came to the conclusion that OpenVPN doesn't work well with Cisco VPN?!? Hence the reason I was looking at vpnc and subsequently wondering about the chrooted linux vpn bridge type solution.
Click to expand...
Click to collapse
I've gotten OpenVPN to work on my Motorola Droid using VPN connections and a Cisco VPN. You just have to get the configuration settings right but it will work.
Just thought I'd share....
My idea definitely won't work for cisco anyconnect since it is compiled for i386.... kind of stupid of me not to think that one through .
I tried running vpnc in a chroot ubuntu on the xoom and apparently the tun device can't be found. I did an apt-get on openvpn and I see "tun" referenced in various places but for some reason it just isn't setup correcting doing apt-get install in this ubuntu image.
So, unfortunately I think I'll be flashing my poor little xoom back to stock and taking it back :-(. Really wanted to keep this little guy, with all its future potential but with no _easy_ workable cisco vpn solution... and no solid plans (i.e. date!) from google/cisco for supporting IPSEC vpn (with group id) out of the box my dreams of a thin client in meetings are dead. Looks like an iPAD 2 is my best bet, definitely not my first choice but oh well the android is what it is.
Carl C.
rinsewin said:
Just thought I'd share....
My idea definitely won't work for cisco anyconnect since it is compiled for i386.... kind of stupid of me not to think that one through .
I tried running vpnc in a chroot ubuntu on the xoom and apparently the tun device can't be found. I did an apt-get on openvpn and I see "tun" referenced in various places but for some reason it just isn't setup correcting doing apt-get install in this ubuntu image.
So, unfortunately I think I'll be flashing my poor little xoom back to stock and taking it back :-(. Really wanted to keep this little guy, with all its future potential but with no _easy_ workable cisco vpn solution... and no solid plans (i.e. date!) from google/cisco for supporting IPSEC vpn (with group id) out of the box my dreams of a thin client in meetings are dead. Looks like an iPAD 2 is my best bet, definitely not my first choice but oh well the android is what it is.
Carl C.
Click to expand...
Click to collapse
Look up ssh tunneling, you could do like you wanted in the first post really easily I bet. The ssh command can be run to tunnel any port or ports you want through another machine very easily. I don't have the setup on hand, but googling ssh tunnel should be enough to get you going.
Hi all,
I have been tinkering with connectivity into my corporate network and so far been able to get a connection to our Office Communicator server via ASProxy and a secure wireless connection. However I am looking for a solution that works across my 3G connection via a VPN.
I have looked at the market place versions of OpenVpn and I cannot get it to work with our Cisco Gateway. I got stuck at the tun and adb part, so not sure what I need to do at this point so though I would ask the experts on here ;-) There has been much work on a very important missing part which was a user authentication proxy, so the next bit for me would be a means of connecting to an IPSec/UDP Cisco VPN Gateway that works with my Domain username and then a fob generated password.
Any help from you guys would be most appreciated and perhaps I can share my ASProxy configuration for anyone wishing to get their's working....
Thanks
Avalon
Hi,
you can't use an OpenVPN client to connect to a Cisco (IPsec) VPN server.
If you want to connect to an OpenVPN server then you can use OpenVPN Installer and OpenVPN Settings from the market.
If you want to connect to an IPsec server then use the built-in android VPN client or even some proprietary Cisco client from the market... (don't know about these as I only use OpenVPN)
Hi, thanks for the reply, however the built in VPN client will not work with our server. There is a Cisco anyconnect client that does connect, but we need a license for it which we dont currently have.
I will keep trying....
For anyone interested in data security the ability to encrypt network traffic is obviously important-- especially in light of the myriad of recent well publicized reports of private and government electronic snooping. It is also relevant to mention that to date no one has come close to cracking "TwoFish" encryption which can be used by SSH. With this in mind, consider the following tutorial which describes a method for encrypting all 3g, 4g, and Wi-Fi data, thus beefing up phone and personal data security.
Setting up a global SSH Tunnel on Android phones
This tutorial assumes the reader possesses a fully configured SSH server and rooted phone. In lieu of a server, (eg., the reader only has only a Windows-based operating system), research into CYGWIN is recommended. I use CYGWIN to run my SSH server and I have found that it is the most robust option for Windows users; however, setting this up on Windows can be a daunting task.
Setting up global SSH Tunnel on Android
1. Download 2 apps from the Google Playstore: ConnectBot and ProxyDroid
2. Install ConnectBot and ProxyDroid on your phone.
3. In ConnectBot set up Port forwards for your SSH connection. For "Type" field use "Dynamic (SOCKS)." For “Source Port” use 56001 or any local port not being used. The reasoning behind using port 56001 is this: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535)
4. Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001 (or the port you chose to use in step 3)
Proxy Type: SOCKS5
Global Proxy: Check the box
The above procedure accomplishes several things. First, ConnectBot remotely connects to your SSH server. Next, the ConnectBot connection forwards to the local port 56001. ProxyDroid then redirects all network traffic through the localhost on port 56001. Once you are connected through ConnectBot and ProxyDroid is activated all of your data will be tunneled through the encrypted ConnectBot session. This is an excellent way to set up a global proxy because it does not require manual configuration of any applications to connect through the proxy. You can test the functionality of the connection by opening up your phone browser and performing the Google search: What is my IP. If the proxy is functional you will see the WAN IP of the network of your SSH server. Additional and more thorough testing can be done with packet sniffers such as WireShark.
An application called "SSH Tunnel" is an alternative to accomplishing the above. However, I find ConnectBot and ProxyDroid is more elegant and gives better control-- not to mention being more sophisticated/chic. When correctly performed the ConnectBot and ProxyDroid method encrypts all 3g, 4g and Wi-Fi data on your phone. This is obviously useful for phone access of sensitive materials especially using unfamiliar or alien network connections. With the current proliferation of identity theft via electronic snooping on mobile devices I do not advocate using cellular phones for any banking or electronic transactions without setting up a robust and reliable encrypted connection.
I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this
Android 4.3?
strifej said:
I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this
Click to expand...
Click to collapse
Unfortunately, I have not done any testing with android 4.3 yet so I'm not sure why the dns request wouldn't be proxied. I'll look into it and get back to you.
DNS proxy on android 4.3
strifej said:
I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.
Any ideas?
SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this
Click to expand...
Click to collapse
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983
4.4
Dr.Tautology said:
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983
Click to expand...
Click to collapse
Tested on kitkat and is working fine. Ssh tunnel app not working however.
Dr.Tautology said:
So I finally had a chance to upgrade to 4.3 this week. I tested the dns proxy with proxydroid and it seems to be working fine. What rom are you using? I'm on Sacs rom and I would highly recommend it. Heres the link:
http://forum.xda-developers.com/showthread.php?t=2512983
Click to expand...
Click to collapse
I use pacman rom on nexus 4.
thank you for this tutorial!
I have been looking for a new way to setup SSH tunneling since the app "ssh tunnel" from the Google Play store stopped working with Android 4.2+
I can't wait to try this out..
I have two phones both SGS4's one running CM 10.2 and the other stock on 4.3 so i will try both of them out and report back here how it works out.
Thanks again for the tutorial!
-droidshadow
Thank you Dr.Tautology
Thank you Dr.Tautology
I was searching a big time for the solution you gave me.
First I was using SSHtunnel app from google play and it worked on my note 3 SM-N9005 (rooted) with jb 4.3. After upgrade to 4.4.2 kitkat (rooted) I could connect but there was no changing to my home ip in the browsers that I use with surfing by example to whatmyip . I also have a tablet "nexus 7" 2012 version upgraded also to 4.4.2 and on this device SSHTunnel is functional and the ip is changing??? I did not understand. Now I was searching for alternatives for my galaxy note 3 and I've found ssh connectbot and proxydroid. After I added the settings that I always used with dyn socks5 port 11723 on both programs.... -> connection to my DD-WRT router (with connectbot) was also possible. I also booted proxydroid and again after running chrome or firefox I still had the same ip so it didn't work.... Now I've found your post and read that the socks5 port must be above 49152. I changed the ports on both programs to 56001 in ('connectbot and proxydroid) and BAM! Connected with my home IP from outside my home :laugh:
The weird thing is that it worked on JB 4.3 with socks5 port 11723.
Now my woking SSH tunnel config -> Host = home-ip:7500 (default port = 22 in DDWRT)
user to connect to DD-WRT router = Root
password = Router password
dyn proxy socks5 port = 56001 as you suggest.
I have an app from my isp that I only can use with my home ip so I had to be home and connect by wifi. Now it's possible again with tunneling
Now the only thing that I have to do is thank you. :victory:
Never thought that the port number should be the problem.
Best regards DWroadrunner
I managed to set this up using SSH Tunnel for android. However I would like to use SSH Autotunnel as it's supposed to handle network changes better and is also more light weight. Does anybody know what type of private key this programm accepts? I have had no luck using putty keygen and the id_rsa I created in ubuntu does not seem to work either.
Glad to help!
DWroadrunner said:
Thank you Dr.Tautology
I was searching a big time for the solution you gave me.
First I was using SSHtunnel app from google play and it worked on my note 3 SM-N9005 (rooted) with jb 4.3. After upgrade to 4.4.2 kitkat (rooted) I could connect but there was no changing to my home ip in the browsers that I use with surfing by example to whatmyip . I also have a tablet "nexus 7" 2012 version upgraded also to 4.4.2 and on this device SSHTunnel is functional and the ip is changing??? I did not understand. Now I was searching for alternatives for my galaxy note 3 and I've found ssh connectbot and proxydroid. After I added the settings that I always used with dyn socks5 port 11723 on both programs.... -> connection to my DD-WRT router (with connectbot) was also possible. I also booted proxydroid and again after running chrome or firefox I still had the same ip so it didn't work.... Now I've found your post and read that the socks5 port must be above 49152. I changed the ports on both programs to 56001 in ('connectbot and proxydroid) and BAM! Connected with my home IP from outside my home :laugh:
The weird thing is that it worked on JB 4.3 with socks5 port 11723.
Now my woking SSH tunnel config -> Host = home-ip:7500 (default port = 22 in DDWRT)
user to connect to DD-WRT router = Root
password = Router password
dyn proxy socks5 port = 56001 as you suggest.
I have an app from my isp that I only can use with my home ip so I had to be home and connect by wifi. Now it's possible again with tunneling
Now the only thing that I have to do is thank you. :victory:
Never thought that the port number should be the problem.
Best regards DWroadrunner
Click to expand...
Click to collapse
Hey DWroadrunner,
That's great news! I'm very happy that my post helped you, as my intention was to provide all the necessary information to do this in one place. It's not always the case that a user port wont work, but unless you are big on port level security it's not easy to determine if/when the port is being used. This is probably why 11723 did work for you, however it's always better to go with a dynamic/private port range. Also, if you want a simple way to improve the security of your ssh server change the default port from 22 to something else. You'd be surprised how many attempts to connect will be made by attackers on a daily basis.
Regards,
DocTaut
droidshadow said:
I have been looking for a new way to setup SSH tunneling since the app "ssh tunnel" from the Google Play store stopped working with Android 4.2+
I can't wait to try this out..
I have two phones both SGS4's one running CM 10.2 and the other stock on 4.3 so i will try both of them out and report back here how it works out.
Thanks again for the tutorial!
-droidshadow
Click to expand...
Click to collapse
Let me know if this is working on CM. I have tested on stock 4.3 with no issues.
Any luck yet?
rintinfinn said:
I managed to set this up using SSH Tunnel for android. However I would like to use SSH Autotunnel as it's supposed to handle network changes better and is also more light weight. Does anybody know what type of private key this programm accepts? I have had no luck using putty keygen and the id_rsa I created in ubuntu does not seem to work either.
Click to expand...
Click to collapse
Hello,
I've used auto tunnel a handful of times. Just wanted to check to see if you figured out what key it accepts. I will test it out when I get a chance.
Dr.Tautology said:
Hello,
I've used auto tunnel a handful of times. Just wanted to check to see if you figured out what key it accepts. I will test it out when I get a chance.
Click to expand...
Click to collapse
Hi, the developer send me a mail saying that autotunnel should accept both private key types. None of them worked for me, though. He also suggested to try and paste the content of the private key into the bracket. I might give that a try. Edit: I can confirm copying and pasting the private key works. But it does not seem to transfer traffic via the the server, at least not the 3g traffic while using chrome. Edit 2: Turns out SSH Autotunnel does not use a socks proxy. Therefore secure browsing is not an option. The app is for secure pop3/ftp-server/smtp-server connections only. Thanks go to Matej for his kind support.
I've been using OpenVPN but I'd prefer to use ssh, as I have several ssh servers around the world, plus their pipes are bigger than my home line I have openvpn running on.
I have yet to get SSH Tunnel (apk) to work reliably; it randomly stops working and it's just a dead connection.
Using ProxyDroid unfortunately requires me to launch ConnectBot, connect ssh, then start the proxy. It'd be nice if ConnectBot could bring up the connection automatically, or ProxyDroid could do it. What I do right now is VPN unknown wifi connections and I can automate that with Tasker. I might look to see if I can automate connecting with ConnectBot then enable the ProxyDroid connection.
You can use ssh tunnels also with Drony if some proxy with authentication is involved. Works also on non rooted devices.
Automation
khaytsus said:
I've been using OpenVPN but I'd prefer to use ssh, as I have several ssh servers around the world, plus their pipes are bigger than my home line I have openvpn running on.
I have yet to get SSH Tunnel (apk) to work reliably; it randomly stops working and it's just a dead connection.
Using ProxyDroid unfortunately requires me to launch ConnectBot, connect ssh, then start the proxy. It'd be nice if ConnectBot could bring up the connection automatically, or ProxyDroid could do it. What I do right now is VPN unknown wifi connections and I can automate that with Tasker. I might look to see if I can automate connecting with ConnectBot then enable the ProxyDroid connection.
Click to expand...
Click to collapse
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.
Dr.Tautology said:
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.
Click to expand...
Click to collapse
I think so, it's just firewall settings etc.. Unfortunately for me, I need stuff that doesn't support SOCKS so I've gone back to looking into a faster OpenVPN service.
But this is good for browsing and things that use http etc.
Dr.Tautology said:
I think a simple bash script could be used to automate this task. I'm going to look into it; seems like an interesting/useful project.
Click to expand...
Click to collapse
hi have you figured out an automated script for this task via tasker, iv tried to create something but ended up no where lol.
Hi my collage wifi connection is proxy based
Whenever i surfed internet on that connection only some basic application are connected through that connection
But many 3rd party apps doses't connect by that connection like games
Any solution like connection tunnel apps or else
I don't want to root my device
Thanks
sam.jaat said:
Hi my collage wifi connection is proxy based
Whenever i surfed internet on that connection only some basic application are connected through that connection
But many 3rd party apps doses't connect by that connection like games
Any solution like connection tunnel apps or else
I don't want to root my device
Thanks
Click to expand...
Click to collapse
Do you have to login to the proxy or is it an open proxy? If it's open, you could see if you can find a OpenVPN server that listens on 80 or 443. Then use any OpenVPN client on Android and you can add/update config to match the directions here: https://openvpn.net/index.php/open-source/documentation/howto.html#http