Database Users

Wifi access to internet via ISA firewall

I've just set up a small wireless network at home through which I intend to use several devices to connect to the internet through my LAN!
The LAN gateway is running ISA 2004 and my home computer is running the necessary Firewall client (a completely secure connection with username and password)!
Now everything's working fine... the pocket pc hooks up just right and i can browse the network and do what I could probably do using my own personal computer BUT the internet doesn't work!
It keeps asking me for a username and password (which like i usually provide in internet explorer on my personal computer) which i do supply... three times in a row after which it gives me an error saying that ISA cannot authenticate me!
The home computer doesn;t run the internet without the firewall client, and i'm supposing the pocket pc is facing the same dilemma! is there any way to circumvent this issue? perhaps a mobile version of the isa firewall client?
Please help. Thanks!

afaik there isn't a mobile version of the firewall client.
I set my ISA server to allow anonymous internet access ,and set all my machines up as secure nat clients (set isa servers ip as default gateway, I use a dhcp scope to do this). There is lots of info on this on microsofts ISA server website, I'd suggest a look there first, or try a google for secure nat.
Good luck, works well for me but ymmv.

i've looked everywhere, seriously. -remote desktop

any detailed how to guide?, i can do it, i'm fairly tech savvy, so i just need to kneed out a few things. maybe if you caould start from the beginning and i can see where i went wrong.
logmein.com works, but i want something more personal, just bewtween the computer and my phone. somerthing that looks good and scales full screen preferably.
please guys?, point me in the right direction.. all the posts just keep saying to search and there's lots of info, but there's no step by step guide.
thanks guys!

ok i got it going.
first go to the computer you want to connect to and go to control panel / system
click on remote, enable remote users
go to start menu, run. type cmd
in command write "ipconfig /all"
take note of your ip address
on your phone go to remote desktop,
computer = your ip address
username = (go to startmenu, control panel, user accounts) use one of those names.
password = blank unless you have a password.
domain = i left blank.
connect full color unless it doesnt work for you
if you can connect and you get a password error
type the error you get inot google and you should get a fix as your first link.
try that.
blam, remote desktop, it's awesome.

Nice how-to...
this is the most succinct tutorial on how to do this that I've seen. I'm still having trouble, though. I get the "Cannot connect. Likely reason are: 1 the remote comupter is not set up for this. 2. Reached the maximum number of connections. 3. A network error occurred while connecting."
I have set up the XP PC, & taken down all firewalls. I only have one user account and it has a password. I've even tried using Hamachi with one of their VPN ip addresses (awesome and free for pc2pc). I 've combed trhough my router settings too, and tried to clear everything there, too. I can RD from an XP laptop, so ti seems to be something on the unit, to me. I've also setup file sharing w/ Total Commander (it's served my purposes amply).
I really have googled & googled & googled. If anyone has any idea what is going on, I'd be grateful for some ideas.

Have you enabled the RDP on the host computer?
Right click my computer
Properties
Remote
Then enable allow user to connect remotely.

Will only work on XP Pro, or Vista if you choose to allow older clients which they scaremonger you against by saying it's less secure.

Danke!
I've been scared away from Vista for the usual "new" OS reasons, but perhaps it's getting to be time for me to haul my old conservative back-end into the modern world.
Thanks so much for taking the time!
(and to Biohead: yes, I followed the instructions I lauded so vehemently.... ???)

you're running vista?
and you haven't been able to connect still, right?
sorry i could walk you through xp, but man vista sucks, i wouldn't touch it with a 10 foot pole.

i'm setting up remote desktop on my iphone
hahaha totally referred to this guide

and it sucks, so i'm sticking with vnc
man, i miss my exec/universal

dutchschultz said:
any detailed how to guide?, i can do it, i'm fairly tech savvy, so i just need to kneed out a few things. maybe if you caould start from the beginning and i can see where i went wrong.
logmein.com works, but i want something more personal, just bewtween the computer and my phone. somerthing that looks good and scales full screen preferably.
please guys?, point me in the right direction.. all the posts just keep saying to search and there's lots of info, but there's no step by step guide.
thanks guys!
Click to expand...
Click to collapse
Hope this helps
http://forum.xda-developers.com/showthread.php?t=366312
http://forum.xda-developers.com/showthread.php?t=294524

orb3000 said:
Hope this helps
http://forum.xda-developers.com/showthread.php?t=366312
http://forum.xda-developers.com/showthread.php?t=294524
Click to expand...
Click to collapse
you, my friend, are awesome

A possible solution for those of us on T-Mobile's standard web n walk
Sorry to resurrect this thread, but I thought I'd post my experiences here in case anyone else (like me) searches for a solution to enabling RDP on T-Mobile (UK at least).
I was having the same problem with remote desktop, it saying that the server was not available. I phoned up T-Mobile's helpdesk as recommended here and after getting past first line support (who didn't know what remote desktop was, and tried sending new connection settings to my phone to resolve the issue) I got through to someone who knew what they were talking about. Turns out that I'm on T-Mobile's "basic" or "handset-only" web-n-walk package, and it's not possible to use RDP on this. I assume they block the relevant ports. They told me that I could pay an extra fiver a month to upgrade to a version of web-n-walk which can handle RDP.
Well I told them I would think about it, but instead tried to find a way around it as the one or two times I need to use RDP are certainly not worth a fiver a month. My solution is probably only suitable for the more techy of us, but without much work and with no prior experience I managed to set up a SSH tunnel using FreeSSHd as a server running on my windows server (although a normal windows box should work fine - http://www.freesshd.com/) and zaTunnel as a client on my phone (http://www.zatelnet.com/zatunnel/main.php). Both programs are free.
Basically my phone takes all RDP connections and tunnels them over SSH to my windows server, which then turns them back into RDP connections. T-Mobile have no idea I'm using RDP, and if they block the SSH port in the future I can always change FreeSSHd to run on port 80 (for web). This will also work for other protocols T-Mobile might be blocking (FTP springs to mind).
Just thought I'd post this in case anyone was in my situation of needing RDP on their standard web'n'walk.
Edit Sorry posted this in the wrong thread! Will leave this post up however just in case someone finds it useful

echolock
Many thanks for the above have been searching everywhere for a fix to this. I am the same as you T Mobile (UK) and can't connect.
Could you give some additional advice as how you got the RDP to work.
For the record I can connect by Wi-Fi and by using a PAYG sim from a different carrier. However, I am on a contract with T Mobile and don't want to carry a different sim just to use the RDP.
I have installed both apps. I can make a connection from zaTunnel on Port SSH:24 to the freeSSHD server (SSH - listening on port 24). Other than adding a User and changing the default port to 24 there are no other changes I have made in freeSSHD.
Under the connections tab in zaTunnel I have left Network: Automatic with the other settings relevant to make a connection.
Under the ports tab of zaTunnel I have
LP> 3389,
IP/URL . IP of the desktop I want to connect to of 192.168.1.10
>RP 3389
When I the start the Remote Desktop app under my Windows Mobile 6.1 it indicates connecting the fails as before.
Also forgot to mention freeSSHD is running on the desktop I want to connect to.

Sure thing.
When you run Remote Desktop under Windows Mobile, make sure you connect to "localhost" NOT to the IP of the desktop you want to connect to.
Your other settings seem correct to me.
To attempt to explain a little, basically what happens is as follows. For simplicity's sake I will have three machines, your phone, your SSH server and your RDP server (although the latter two can be the same).
On your phone:
1) Remote Desktop connects to localhost on port 3389.
2) zaTunnel is listening on localhost on port 3389. It echos all commands sent to this port out on port 22 over your cellular connection to your SSH server, also providing details of your RDP server and port.
On your SSH server:
3) FreeSSHd receives the commands sent over port 22 and is told by zaTunnel to convert them to commands sent to your RDP server using port 3389.
On your RDP server:
4) Remote Desktop receives a normal RDP request over the normal port from your SSH server.
5) Responses are sent to your SSH server.
On your SSH server:
6) FreeSSHd receives the RDP responses, and sends them back to your phone over port 22.
On your phone:
7) zaTunnel converts the commands sent over port 22 back into RDP commands sent over port 3389.
8) Remote desktop receives a response from zaTunnel and thinks it's connected directly to an RDP server on localhost. In actuality it's connected to your RDP server using an SSH tunnel provided by zaTunnel and FreeSSHd.
Hope this makes sense, I'm not very good at explaining this!

Ah found another problem. The IP of your desktop you say is 192.168.1.10 - this is a local IP address so will only work on your local network.
Go to a website like http://whatismyipaddress.com/ from the machine you run SSHd on to find out what your current "external" IP address is. Bear in mind that most home broadband connections have a "dynamic" address which is allocated to you and might change from time to time - you can always use something like http://www.dyndns.com/services/dns/dyndns/ to set yourself up with a static hostname, and run a program on your machine which updates your hostname with the correct IP address every time it changes. Some routers have this functionality built in.

Thanks for the quick response and explanation.
Between posting and reading your reply I had worked out the RDP app needs the localhost or the IP 127.0.0.1.
I had come back here to post, so others would know in future.
Your other point you raised about the desktop IP. I have used this only in the ports tab on zaTunnel. The connection tab has a proper mydomainname.com address. (Provides email and a webmail interface).
Anyway, can connect now and thank you again in solving this for me. (If your in Leeds I will buy you a beer).

Ah yeah the 192.* address would work on the ports tab, fair enough. Might be worth pointing out if others read this that this is only the case if the machine you're trying to RDP to is on the same local network (or the same machine) as the machine you have FreeSSHd running on.
But good to hear you got it working Now hopefully T-Mobile won't cotton-on and decide to block port 22 too...

T-Zones port forwarding ?

If using T-Zones services, you get access to only few ports. However, ports like SSL and FTP are blocked. Is it possible to use a personal proxy server to get access to all unblocked ports somehow? Just thinking of an idea.
- TKN

tariq_niazi said:
If using T-Zones services, you get access to only few ports. However, ports like SSL and FTP are blocked. Is it possible to use a personal proxy server to get access to all unblocked ports somehow? Just thinking of an idea.
- TKN
Click to expand...
Click to collapse
Well mate if you are referring to using the t-zones as a free connection or hacking it then it was done and t-mobile during a big upgrade all but closed that gap. I myself have been trying for a loop hole through this as well because if they want to give me t-zones for free why not be able to utilize it fully . I do pay my cell bill every month .. lol

T-zones ssh proxy forwarding
Yes there is a way to do this.
And yes I have got this to work. Now I run skype, AIM, Remote Dektop, etc. from my T-zones EDGE connection. It is kind of slow though for things like Skype.
This is not intended to be easy, however if you spend enough time, you should be able to get it to work.
Here is the concept (For Windows XP),
Host an ssh server and a proxy server on your home computer.
I use copSSH for an ssh server (google it) and squid for windows for a proxy server (again google it and read the documentation!)
Set the ssh server to run on port 80 or port 143 (valid t-zones ports).
Set the proxy server to run on port 8118 (I just like that port number).
Use an ssh client on your windows mobile phone (such as pocketputty dev build 2007-02-28) (again, google).
Configure the ssh client to connect to your home ssh server via port 80 or 143
On the tunnel tab of pocketputty, add the ports you need to get to and direct them to localhostortno
For example, Port 8118 is my proxy server so I have tunnelled port 8118 to localhost:8118
Now I manually connect to my EDGE T-Zones connection, I run pocketputty and connect to my home server. I then login with my user credentials to my ssh server and everything validates and I get a bash shell. Now I run Skype Mobile and change it's settings to connect using an https proxy of localhost with port 8118.
You can do this with any port, such as Remote Desktop (port 3389)
then you just open Remote Desktop client on your phone and connect to the the address localhost:3389 (or localhost)
I know this is a bit much but it's not exactly a point and click process for now, so only try this if you are pretty sure you know your way around ports, ssh, and tunneling. You could always read a lot about it online if you are not. That's what I did.

drkmfdm said:
Yes there is a way to do this.
And yes I have got this to work. Now I run skype, AIM, Remote Dektop, etc. from my T-zones EDGE connection. It is kind of slow though for things like Skype.
This is not intended to be easy, however if you spend enough time, you should be able to get it to work.
Here is the concept (For Windows XP),
Host an ssh server and a proxy server on your home computer.
I use copSSH for an ssh server (google it) and squid for windows for a proxy server (again google it and read the documentation!)
Set the ssh server to run on port 80 or port 143 (valid t-zones ports).
Set the proxy server to run on port 8118 (I just like that port number).
Use an ssh client on your windows mobile phone (such as pocketputty dev build 2007-02-28) (again, google).
Configure the ssh client to connect to your home ssh server via port 80 or 143
On the tunnel tab of pocketputty, add the ports you need to get to and direct them to localhostortno
For example, Port 8118 is my proxy server so I have tunnelled port 8118 to localhost:8118
Now I manually connect to my EDGE T-Zones connection, I run pocketputty and connect to my home server. I then login with my user credentials to my ssh server and everything validates and I get a bash shell. Now I run Skype Mobile and change it's settings to connect using an https proxy of localhost with port 8118.
You can do this with any port, such as Remote Desktop (port 3389)
then you just open Remote Desktop client on your phone and connect to the the address localhost:3389 (or localhost)
I know this is a bit much but it's not exactly a point and click process for now, so only try this if you are pretty sure you know your way around ports, ssh, and tunneling. You could always read a lot about it online if you are not. That's what I did.
Click to expand...
Click to collapse
It's relatively simple what you saying here ...but I can't understand what is the function of squid ...I don't know how you change the Skype(or other software like IM+, Agile messenger, Palringo, wmirc etc.) settings to connect using localhost port 8118 (or any other port).
Few month ago I tried something like this based on this tutorial http://forum.xda-developers.com/showthread.php?t=316890 ...but without succes ...

drkmfdm said:
Yes there is a way to do this.
And yes I have got this to work. Now I run skype, AIM, Remote Dektop, etc. from my T-zones EDGE connection. It is kind of slow though for things like Skype.
This is not intended to be easy, however if you spend enough time, you should be able to get it to work.
Here is the concept (For Windows XP),
Host an ssh server and a proxy server on your home computer.
I use copSSH for an ssh server (google it) and squid for windows for a proxy server (again google it and read the documentation!)
Set the ssh server to run on port 80 or port 143 (valid t-zones ports).
Set the proxy server to run on port 8118 (I just like that port number).
Use an ssh client on your windows mobile phone (such as pocketputty dev build 2007-02-28) (again, google).
Configure the ssh client to connect to your home ssh server via port 80 or 143
On the tunnel tab of pocketputty, add the ports you need to get to and direct them to localhostortno
For example, Port 8118 is my proxy server so I have tunnelled port 8118 to localhost:8118
Now I manually connect to my EDGE T-Zones connection, I run pocketputty and connect to my home server. I then login with my user credentials to my ssh server and everything validates and I get a bash shell. Now I run Skype Mobile and change it's settings to connect using an https proxy of localhost with port 8118.
You can do this with any port, such as Remote Desktop (port 3389)
then you just open Remote Desktop client on your phone and connect to the the address localhost:3389 (or localhost)
I know this is a bit much but it's not exactly a point and click process for now, so only try this if you are pretty sure you know your way around ports, ssh, and tunneling. You could always read a lot about it online if you are not. That's what I did.
Click to expand...
Click to collapse
One other advantage of doing it this way is that ll your activity goes down a secure encrypted tunnel and so is unsniffable.

breakx said:
It's relatively simple what you saying here ...but I can't understand what is the function of squid ...I don't know how you change the Skype(or other software like IM+, Agile messenger, Palringo, wmirc etc.) settings to connect using localhost port 8118 (or any other port).
Few month ago I tried something like this based on this tutorial http://forum.xda-developers.com/showthread.php?t=316890 ...but without succes ...
Click to expand...
Click to collapse
Yes it takes a while and some resources to make this work but it can save you a lot on T-mobile's slow EDGE network.
Squid is a caching proxy which runs under linux, windows, etc. I use it to have complete encrypted web access that is cached and I use it for remote pc connections as well as windows mobile. You could also use Privoxy to have an ad and spyware filtering proxy. I do not use Squid for any other apps such as Skype or Remote Desktop.
The forum link you included is a great example of how to setup this type of connection and it's a much better description. I wish I had found it a while ago.
I can't speak for every application and its ability to select a port, however here is how Skype works. After installing Skype you have to first login to Skype using a normal internet connection such as through ActiveSync or WiFi. After Skype login completes, you open the options menu and fill in the proxy port number. Then you can disconnect and use the pocketputty method. Remote desktop is even easier, you just open a new connection and goto the address "localhostortnumber".

Way beyond me. I wish I understood because this sounds like exactly what I have been looking for.

drkmfdm said:
Yes there is a way to do this.
And yes I have got this to work. Now I run skype, AIM, Remote Dektop, etc. from my T-zones EDGE connection. It is kind of slow though for things like Skype.
This is not intended to be easy, however if you spend enough time, you should be able to get it to work.
Here is the concept (For Windows XP),
Host an ssh server and a proxy server on your home computer.
I use copSSH for an ssh server (google it) and squid for windows for a proxy server (again google it and read the documentation!)
Set the ssh server to run on port 80 or port 143 (valid t-zones ports).
Set the proxy server to run on port 8118 (I just like that port number).
Use an ssh client on your windows mobile phone (such as pocketputty dev build 2007-02-28) (again, google).
Configure the ssh client to connect to your home ssh server via port 80 or 143
On the tunnel tab of pocketputty, add the ports you need to get to and direct them to localhostortno
For example, Port 8118 is my proxy server so I have tunnelled port 8118 to localhost:8118
Now I manually connect to my EDGE T-Zones connection, I run pocketputty and connect to my home server. I then login with my user credentials to my ssh server and everything validates and I get a bash shell. Now I run Skype Mobile and change it's settings to connect using an https proxy of localhost with port 8118.
You can do this with any port, such as Remote Desktop (port 3389)
then you just open Remote Desktop client on your phone and connect to the the address localhost:3389 (or localhost)
I know this is a bit much but it's not exactly a point and click process for now, so only try this if you are pretty sure you know your way around ports, ssh, and tunneling. You could always read a lot about it online if you are not. That's what I did.
Click to expand...
Click to collapse
Sounds wonderful ................
Now can you please add some pictures and make a sweet how-to . I am sure many on the site will be happy to see your work . And I for one an very interested in it.

i don't know what kind of application you use on your pocket. But if your applications (like skype, fetchmail ) are able to use a socket server, you can go through easily via restricted ports of your provider.
I installed a socks server listening on an opened port, so now i can use skype and read my mails via this server.
Socks server :
With linux install : "dante"
With XP I don't know, but you can use "socksproxy" for tests (found on xda...). Take care this software is not secure ( or intall a DMZ with a firewall)...

OpenVPN anomalies in CM7.2

tl;dr Google Talk/AndFTP/SIP can't connect over an OpenVPN connection in CM7.2
My OpenVPN configuration has worked for several months. But since 7.2 came out, I've been troubleshooting a problem with my phone's VPN connection to my home server. The symptom I'm seeing is that apps besides the web browser cannot connect to anything over the VPN, including the VPN host itself. When I use tcpdump to watch traffic going over my server's tun0 adapter, I don't see packets sent from AndFTP and SIP (the phone dialer's SIP) ever reach the server. Strangely, the web browser works just fine over the VPN. I'm able to view websites normal, and even connect to my webserver on port 8080.
Like you (probably), my first assumption is that a problem like this is due to misconfiguration somewhere. However I'm starting to think that's not the case this time. My VPN configuration is very simple, and I don't use any iptables netfilter rules anywhere (the server is behind a nat router). These apps work just fine over my VPN when I'm using the old CM7-12112011-nightly-olympus build. My Ubuntu laptop also has no issues using the VPN. I have observed the route table (# busybox route -n) after the VPN connection is made using the latest nightly, and the old build which works. Both routes are the same (for whatever reason, the default gateway isn't removed, but it works on the old build anyway).
So I have only seen this issue when I'm running CM7.2 RC1 or the latest nightly: update-cm-7-20120409-NIGHTLY-olympus-signed.zip
For now I'm back on the CM7-12112011-nightly build, and my apps work on my VPN again. But I wanted to post this here incase this issue affected anyone else. I'm not sure how to continue troubleshooting it, or whether it might even be related to a bug.

I can use Pandora just fine over VPN, as well as download stuff from the Market/Play and use GTalk.
Here's my server config if you want to compare it
Code:
$ cat /etc/openvpn/server.conf
port 12345
proto udp
dev tun
ca /etc/openvpn/blahblah.crt
cert /etc/openvpn/blahblah.crt
key /etc/openvpn/blahblah.key
dh /etc/openvpn/blahblah.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3

Ok if these builds are working for you, that does indicate it's just some misconfiguration on my end.
update: I did fresh installs of the last atrix-dev-team build and the latest cm7.2 nightly. On both builds apps are working over the VPN just fine. The only thing that doesn't work is the dialer's built in SIP, it won't connect over the VPN. It works when I'm on the same lan as the server, but not otherwise over the vpn. Watching tcdump, I never see packets coming from the phone when I enable "Receive incoming calls."
So I just gave up trying to get the SIP dialer to work on my VPN, and installed CSipSimple and SIPDroid. Both work just fine over VPN. While both these apps are popular, I was only avoiding using them since I didn't think they would be necessary. I've used the dialer's SIP to proxy calls over asterisk in the past with my original A855 Droid. Not sure why it doesn't work anymore, but not a big deal either.

I am also having some difficulty with openvpn. I am running CM7.2 RC3 on my Atrix. I have never had it working before on the Atrix (recent convert to CM7), but have had it working on laptops and an iphone. Was intrigued that it appears to be built in. I just cannot get it to work.
My issues are:
1) I cannot use the tun device. If I try, it appears to connect, then errors out.
Code:
N read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
If I select tap, it will connect, but then it tells me that there are fragment errors
Code:
FRAG_IN error flags=0xfa3333ff: FRAG_TEST not implemented
2) I cannot add the 'extra arguments' under the advanced settings. I try tp put "fragment 1400" and . I'd like to add mssfix as well, but cannot figure out how to use this input block. If I try "fragment 1400" same thing:
Code:
MANAGEMENT: Client disconnected
When I use tap and keep the extra arguments clear, it appears to connect, but I get nothing: andsmb cannot see smb shares, I cannot get to the router web page, etc.
I have also configured pptp and that will allow me to connect (access shares and see the router web interface (ddwrt). I would prefer openvpn, though. Any help appreciated.
My connect script with a laptop is:
Code:
remote xxxx.dyndns-office.com 1194
client
dev tap0
proto udp
mssfix 1400
fragment 1400
resolv-retry infinite
nobind
persist-key
persist-tun
float
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
Keith

[Q] SSH/VNC over SSH tunnel

Hello, I need to connect to a linux machine behind secure network from my mobile phone. I do this from my other computers by connecting to an ssh server on that network (its port is open), and forwarding ports (for SSH and VNC) with Bitvise client, or the openssh client. I tried to do the same from my phone, and got various different results from different apps:
1. SSH Tunnel did not manage to create the tunnel at all - complete failure, just freezes.
2. SSH Autotunnel created the tunnel properly, but after that, I could not connect any SSH/VNC client using the forwarded ports on localhost (tried both "localhost" and "127.0.0.1" since my hosts file is a mess and I am sure that the ports are correct - I am getting "Connection Refused").
3. ConnectBot manages to connect to the SSH server, but disconnects upon entering the absolutely correct password.
Is it possible to install openssh on android? Also, the need for VNC arises from the fact that I normally just forward X over ssh to another linux box, but android doesn't use X server.
Could the issue be that android has some firewall that blocks my attempts? I haven't installed any of my own.
Thanks in advance for any help.

Sounds like it's blocked. If you could make it work on port 80 instead of 22, then you might be able to get somewhere.