Got my prefered VPN installed. Attempted to activate. Pop-up with "No VPN api".Sigh... With no api, this isn't going to be solved until root/custom rom, right?
CaptHatch said:
Got my prefered VPN installed. Attempted to activate. Pop-up with "No VPN api".Sigh... With no api, this isn't going to be solved until root/custom rom, right?
Click to expand...
Click to collapse
it's possible the VPN api is even there, just that our user doesn't have enough privilege to access it...
so, yeah probably. something like Cisco AnyConnect Root or other flavors of rooted ones. or if Amazon gets enough requests/complaints or somehow finds the motivation to support vpn.
if that guy making xbmconfire has success getting amazon to accept his launcher screen, it's possible they would accept other developers submitting vpn support (or, usb mass storage support, lol) - I'd definitely pay money for stuff like that.
...
only other stuff I found was from p[oking around in the sideloaded Settings.apk, I can open VPN under the wireless "More..."
but it immediately says "You must set a lock screen PIN or password before you can use credential storage"
if I try a numeric PIN, it crashes back a screen, as soon as I enter the 4th digit
if I try a password, it crashes, as soon as I enter the 4th character or digit.
if I try a pattern, it crashes as soon as I press "Next"
router tunnel?
had an idea that should have occurred to me long ago
a place I used to work, we used to set up permanent site-to-site VPN tunnels between offices all over the world. and it worked really well. this was with business class switch/router hardware of course.
but routers with ddrwt/openwrt/tomato/etc. are now capable of a lot of the same functions - between/amongst each other, mostly (plus in my experience, tunnels behave better if you have the exact same device on each end anyway). and support all sorts of common flavors - l2tp/ipsec, pptp, openvpn...
I have never tried any of the paid public/popular VPN host services, so I don't know if they only support direct VPN clients from single devices, or if they support site-to-site tunnels too. I imagine if some did, they would advertise so on their website.
if tunnel connection is supported by providers, that might be a workaround. (possible annoyance: all traffic from behind your router would also be on VPN, unless maybe some fancy routing glue code is applied)
another way is if someone in UK has ddwrt router and has a friend in US with ddwrt router, you could totally set up site-to-site -- this is existing functionality. of course there still probably needs routing glue on both ends (mainly, knowing most/all of the amazon services IPs used by firetv apps)
probably too much time/work/testing, but...
Related
I have the latest Froyo6 build on my Froyo TP2 Rhod_100 UK
I have been trying to set up the VPN, but I can not get it working. Does anyone know why and how I can sort this out please?
PS. I also tried to run a VoIP (SIP) client (3CX) on the machine, but that too does not work.
My airtime provider is Vodafone UK and they have assured me that both are enabled on my account at a princely sum of £15 per month! Needless to say at that cost I am dead keen to make this work.
jonners59 said:
I have the latest Froyo6 build on my Froyo TP2 Rhod_100 UK
I have been trying to set up the VPN, but I can not get it working. Does anyone know why and how I can sort this out please?
PS. I also tried to run a VoIP (SIP) client (3CX) on the machine, but that too does not work.
My airtime provider is Vodafone UK and they have assured me that both are enabled on my account at a princely sum of £15 per month! Needless to say at that cost I am dead keen to make this work.
Click to expand...
Click to collapse
Can you get either to work on wifi?
I know there were some Chinese users trying to get the VPN to work, and couldn't.
I haven't tried, as I have no use for a VPN on my phone lol.
Also, I have known people to get SIP working, but it wasn't so great from what I heard...
Sorry I was not getting alerts and the thread was not showing up in my subs....
If I use WiFi then I am at home and do not need the VPN, but the SIP Phone DOES work and very well.
If I use the WM as a gateway for my laptop, then the laptop can run a VPN and SIP Phone via the phone. If that makes sense to you. Thus the Router running the VPN is working and the config works, and the mobile operator has set up the service. So this is just the phone settings - I believe.
jonners59 said:
Sorry I was not getting alerts and the thread was not showing up in my subs....
If I use WiFi then I am at home and do not need the VPN, but the SIP Phone DOES work and very well.
If I use the WM as a gateway for my laptop, then the laptop can run a VPN and SIP Phone via the phone. If that makes sense to you. Thus the Router running the VPN is working and the config works, and the mobile operator has set up the service. So this is just the phone settings - I believe.
Click to expand...
Click to collapse
If I had a VPN I could connect to I would test it out...
Maybe its a misconfiguration in Android? broken driver or config?
I do not know. It tells me nothing. The settings are as per the router config. How do I find out what is incorrect/broken etc...?
Can you give as many details as possible on the type of VPN I'm trying to connect to?
It's probably not working because none of the devs use that function - and can't debug it without trying to reproduce your setup.
I might play with it a little as it would potentially let me remotely schedule MythTV recordings safely, but it would be pretty low-pri for me.
I am using at this stage a simple PPTP setup for now. The Android settings are minimal - username and PW, and that is it.
But my laptop, which works has more settings o configure. I.e. MSCHAP and MSCHAPv2
Point to point MPPE
Security 128b and/or 40b
Allow BSD
Allow Deflate data comp
Allow TCP header comp
Does this help
OK, sometime in the next week or two I'll try to get PPTP up and running using similar parameters. I've been meaning to do it in general (not phone-related) for other reasons anyway - but it's been a low priority for a long time.
Entropy512 said:
OK, sometime in the next week or two I'll try to get PPTP up and running using similar parameters. I've been meaning to do it in general (not phone-related) for other reasons anyway - but it's been a low priority for a long time.
Click to expand...
Click to collapse
Why not OpenVPN? Seems like it would be easier/more standards-compliant that a craptacular PPTP VPN .
arrrghhh said:
Why not OpenVPN? Seems like it would be easier/more standards-compliant that a craptacular PPTP VPN .
Click to expand...
Click to collapse
I'll look into what VPN options Android supports - although for the OP, he may have specific reasons forcing PPTP.
arrrghhh said:
Why not OpenVPN? Seems like it would be easier/more standards-compliant that a craptacular PPTP VPN .
Click to expand...
Click to collapse
Because I am working with Draytek, my router. Vendor to set up the VPN and this was the. First config as it was the simplest. Seems everything else works, just. Not the. Phone. The phone too has PPTP as a standard setting.
Eh, I prefer to avoid PPTP like the plague if I have any choice. Most companies don't provide a choice, so I figured that's why you were locked in.
If you do have a choice, I would try something different. That's just me tho, I'd prefer open to closed any day if I had the choice .
Just a side note - the built-in Android VPN support uses pppd. The ril currently uses "killall pppd" to disable mobile data. If you're using both at once, then this will kill the VPN too. This is a stupid flaw in the current ril code, which is fixed in the "initpppd" branch of my ril repo. (But the initpppd branch depends on a number of rootfs fixes before it is usable, and stinebd has not merged any of it yet.)
highlandsun said:
Just a side note - the built-in Android VPN support uses pppd. The ril currently uses "killall pppd" to disable mobile data. If you're using both at once, then this will kill the VPN too. This is a stupid flaw in the current ril code, which is fixed in the "initpppd" branch of my ril repo. (But the initpppd branch depends on a number of rootfs fixes before it is usable, and stinebd has not merged any of it yet.)
Click to expand...
Click to collapse
Thanks for the reminder of that, I remember the discussions on the dev list.
I'm going to shelve poking at the VPN stuff until the RIL overhaul stabilizes and gets mainlined in this case.
Entropy512 said:
I'll look into what VPN options Android supports - although for the OP, he may have specific reasons forcing PPTP.
Click to expand...
Click to collapse
OK, please excuse slowness of response. As arrghh knows from another thread I am in transit across Europe. I reached my destination, Italy and have spent the past few days getting internet access *broadband virtually does not exist here unless you are in a City, so I have to use a very slow mobile broadband).
I am not a techie, but I am a willing player with some knowledge - dangerous, I know. I have been assisted by the manufacturer of my Router, a Draytek 2820 to set up a VPN. We may make it a more sophisticated VPN later, but pptp is the easiest. I have it working on all laptops and PCs, including this old banger here in Italy. What I can NOT do, is get it working on the phone. I think it is communicating with the router, but it is not getting through.
PS the PCs and Laptops are all Linux - Ubuntu 10.10
Hope this helps
I'm one of those Chinese who tried using VPNs on my Raphael, but failed of course. Actually, neither on WM, nor on Android, neither via pptp, nor via l2tp over ipsec. What I wanna remind is VPN on most Android roms on hd2 works fine, but some roms also cannot support vpn.
If you have enough time, I don't know how to pray for, would you please explore l2tp over ipsec? Because in many cities in China, pptp is also blocked by ISP. And I can provide a test account if anyone needs it.
Btw, I believe vpn is necessary when connecting a public wifi
Sent from my MSM using XDA Premium App
One more report, vpn in pptp could not work..
At this point - I'm going to hold off on poking at this until highlandsun's new RIL settles out and is officially committed. Some of the dev traffic correspondence indicates that the way we currently handle PPP is incompatible with VPNs. His new ril + rootfs combo that changes the pppd control architecture MIGHT solve some of the PPTP issues, I haven't tried them yet.
See it.
May your works come out soon~
Just updated my HD7 to the update with internet sharing. After this, I can confirm that every time I reboot my phone, I get a new mac address. Which prevents me from connecting to my MAC-address-filtered wifi. I've done it 6 times and gotten 6 unique MAC addresses.
Does this happen to anyone else's phone? HD7 specific? or all phones with internet sharing? My internet sharing is turned off.
That's strange, I've never heard of a device with a dynamic MAC address before. Does your phone have one printed under the battery?
Nope, just IMEI, SN and PN. No MAC address.
This must be related in internet sharing somehow.
silvertonesx24 said:
Does this happen to anyone else's phone? HD7 specific? or all phones with internet sharing? My internet sharing is turned off.
Click to expand...
Click to collapse
I can confirm this on my HD7.
MAC changes on every reboot.
I confirm too,i have the issue of mac adress changing every reboot
& my wifi is not visible since the update,My wifi is N and i can only see wifi G near me but not mine
hi
for me too : mac adress change after shutdown.
for time don't shutdown the phone to have same mac adress with my internet box.
htc support tell me that they will answer on monday.
but i think it's a big problem with this update...
Ben
That's a bit strange. Normally you can't change MAC's for yourself, only spoofing is possible. If WP is really changing the MAC adress with every reboot, WP needs a valid MAC adress block licensed from IEEE, otherwise it would be a violation against IEEE.
I thought mac address we're never aloud to change!?
Lol that's illegal as all hell, a dynamic mac address
Gotta be a glitch in the firmware surely? No way that's allowed. Your definitely sure it's not a dynamic IP address you're seeing?
Sent from my SGH-i917 using Board Express
ive also asked this question a couple of days ago right after applying the htc internet sharing update. and ive posted my question here (entry #38) and people provided good answers about it. hope this helps
Yes, mine also changes it's only when i read this thread and test my hd7 and i notice the changes.But I S is a breeze.
The issue is that some people assign static IPs to devices on their home networks, and this is done in most routers via MAC address coupling (MAC a always gets IP z and so forth). That way you can simply block all devices you and people in the residence do not own. I do it on all my machines for development reasons, cause I like knowing I can always use x IP address to get at a certain machine even if I turn it off or it's down for a while for repairs. The IP never changes as long as I continue to use that specific network card in the computer.
I don't know why they would do that. Perhaps for security reasons?
I have the same problem - cannot connect to my University WiFi network as the MAC address keeps on changing....
This is crazy!
They better get on that quick! They could get in a lot of **** for that
putting aside the weird WP7 behaviour for the moment...
MAC filtering is useless as a security measure. It's trivially spoofable by anyone who actually wants to attack your network, and causes a pain in the arse for yourself. do yourself a favour and disable it already. the only thing it might be good for is router-side internet access control of your technically challenged 8 year old who doesn't know how to use google.
just use a strong password i.e. 20+ characters alpha (upper & lower) + numeric + special characters, and proper wireless security (WPA-2 AES, or at least WPA AES) and you'll be just fine.
Confirming
That update was a bag full of $$$$ !Luckly I was able to restore through Zune,but my Bootloader (SPL) was also updated to 5.01 and no way of going back!
With regards to the missing WiFi network - make sure it's not using Channel 13. The new update seems to disable the use of Channel 13 for some reason.
There is also another issue with the changing MAC's - I believe that some "public" WiFi networks such as the cloud use the MAC to remember your device and allow it to connect...
primexx said:
putting aside the weird WP7 behaviour for the moment...
MAC filtering is useless as a security measure. It's trivially spoofable by anyone who actually wants to attack your network, and causes a pain in the arse for yourself. do yourself a favour and disable it already. the only thing it might be good for is router-side internet access control of your technically challenged 8 year old who doesn't know how to use google.
just use a strong password i.e. 20+ characters alpha (upper & lower) + numeric + special characters, and proper wireless security (WPA-2 AES, or at least WPA AES) and you'll be just fine.
Click to expand...
Click to collapse
Mac filtering is not useless as a security measure. It's not used by itself. It's used in conjunction with other methods, the same way businesses also hide their wireless network's SSID.
I'm not filtering on an Open Connection. That would be retarded.
Seriously...
GrahamWager said:
With regards to the missing WiFi network - make sure it's not using Channel 13. The new update seems to disable the use of Channel 13 for some reason.
There is also another issue with the changing MAC's - I believe that some "public" WiFi networks such as the cloud use the MAC to remember your device and allow it to connect...
Click to expand...
Click to collapse
im not sure though but im guessing so does other apps with secured log in parameters. i do have the bank of america app. right after i did the update, and after inluding the new mac to my networks allowed list of mac addresses, the boa app again posted a message saying that the device where im accessing boa has not been used previously to access the account. so im guessing that it saves all the mac addresses of devices that accessed a boa account.
If I try to use Google Now's voice search on the wifi at work, all I get after it listens to me speak is "Recognizing..." for about 5-10 seconds, then it just goes back to "Tap mic to start speaking." If I do this on cellular data, or my wifi at home, Google Now works fine, which makes me think this is a firewall issue at work. Anyone found any information yet for this new service yet about required ports or the like?
Cell reception is spotty in my building at work (that's why I use the wifi there), so I'd love to figure out the issue.
definitely a firewall issue
An update: I just put my GN on a subnet that has all ports open and Google Now's voice search worked fine. Put it back on the DHCP subnet, and were back to failure.
Anyone else seeing this?
more info
FYI: It's getting stuck on "Recognizing..." even though I have offline voice recognition installed. Obviously, searching won't work without internet access.
I ran into this too, on our work network (where we block almost everything). Works fine at home. Did some sniffing on our firewall and found that my phone was trying to connect to 74.125.142.192 (ie-in-f192.1e100.net - which is Google) on port 14259. I added a rule to our firewall to the connection and now Google Now works perfectly. I have nothing to confirm this is the exact IP and port it will always use, though. I'll keep testing it to see if it stops working.
Interestingly enough, when testing I found that if I left the phone on "Recognizing..." long enough, it eventually worked. I wasn't capturing packets at the time so I couldn't see how it did that.
I'll update if I find any new info...
628
Thanks! Opened that port and voila - voice search is fine now. Thanks!
Confirmed for me as well, and it took awhile and I needed to open up a few more ports.
Destination ports are 5228 and 14259, so I just put the whole range in.
5228:14259
Google server IP's are:
74.125.142.192
173.194.74.192
5228 is needed for push notifications from Google services. I think you could get away with only opening the two ports you mentioned. I do and everything seems to work.
Sent from my Galaxy Nexus using xda app-developers app
My firewall is blocking on port TCP 14259 to a slightly different IP address of 74.125.132.192 which resolves to wb-in-f192.1e100.net
I am accessing the service from the UK.
chugger93 said:
Confirmed for me as well, and it took awhile and I needed to open up a few more ports.
Destination ports are 5228 and 14259, so I just put the whole range in.
5228:14259
Google server IP's are:
74.125.142.192
173.194.74.192
Click to expand...
Click to collapse
Never ever create firewall rules for ip address ranges, unless those ranges are on a private network and you can guarantee exactly where they go. Google, like many major corporations, provides hosting services, and due to this, simply because an IP is registered to Google [or any other corporation], it does not mean it's actually Google who's using it.
The best practice is to allow host names only (urls) when creating firewall rules (most often by wildcard variables - i.e. the asterick * - https://*.googleapis.com for example). IP addresses are dynamically assigned, so just because a specific connection at a specific time resolves to 74.125.142.192 does not mean it will resolve to that IP tomorrow, let alone 10 minutes from now.
I want to prevent my carrier from knowing that I am using CM11's native Hotspot or Tethering features. I know that they can look at the TTL of packets or analyze the traffic (Windows Update, Steam) to detect this. I have a subscription to a VPN service, Private Internet Access, which has an app on Android. If I enable the VPN mode of this app, will all the Hotspot traffic be routed through it, completely invisible to the carrier?
Searching showed me some conflicting answers on this, with some people saying to run it on the tethered device, and others saying to run it on the phone. I am thinking running VPN on phone, as the packets should appear to originate from the phone, rather than something 1 hop behind it.
kcattakcaz said:
I want to prevent my carrier from knowing that I am using CM11's native Hotspot or Tethering features. I know that they can look at the TTL of packets or analyze the traffic (Windows Update, Steam) to detect this. I have a subscription to a VPN service, Private Internet Access, which has an app on Android. If I enable the VPN mode of this app, will all the Hotspot traffic be routed through it, completely invisible to the carrier?
Searching showed me some conflicting answers on this, with some people saying to run it on the tethered device, and others saying to run it on the phone. I am thinking running VPN on phone, as the packets should appear to originate from the phone, rather than something 1 hop behind it.
Click to expand...
Click to collapse
To the best of my knowledge, they could easily know that you are connecting to the VPN tunnel as it utilizes a certain ports. However if it's correctly set up and utilize a secure protocol, all your traffic will get through the VPN and your ISP won't be able to decipher your online activities and your connection type or make sense of your internet traffic.
In other words, you may be using the VPN to connect to websites A, B, and C and send all sorts of interesting information to those websites; or send email; or whatever. Your ISP can see none of that. All they can see is encrypted data that they can't decrypt. So they know you're using a VPN, but they don't know what you're using it for.
Hope it could help.
This may not be a phone specific question, but I have new (currently unrooted) Pixel 3XL thus thought I would post here.
Without naming particular apps, I am trying to see if it is any longer possible to connect remotely to my home server(s) to be able to watch and stream various live tv programming. There used to be a modified app that was able to bypass the vpn options.
I have both OpenVPN and Shadowsocks Socks5 connnections created and working, and I can connect with either to my home network. However, it appears both of these still rely on making use of the Android VPN service, and I think that is why certain apps will not work over VPN?
I had thought Shadowsocks would not use the android VPN, but it appears to still does.
I have not tried anything else yet regarding SSH tunnel, etc., and open to any ideas if/how you may be able hide or mask your vpn connection from select apps on your phone.
Thanks,