[SOLVED][Problem and Solution] RAZR XT910 tethering. - Motorola Droid RAZR

Problem:
Tethering problem with my RAZR XT910,PSHAsiaRetail.en
Findings:
Not NAT rule enabled in netfilter.
Solution: This is my simple solution.
0)
Code:
adb shell
1) Get root access.
Code:
$ su
2) Enable NAT in netfilter using iptables, by inserting the rule.
Code:
# iptables -t nat -F
# iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE
3) Check with # iptables -t nat -nvL
Example
Code:
# iptables -t nat -nvL
0 0 MASQUERADE all -- * qmi0 0.0.0.0/0 0.0.0.0/0
Conclusion:
Very bad/immature tethering implementation by Motorola.
Updates: 2012--07-13
For ICS 4.0.4 Motorola had changed the FORWAD chain to DROP, and we need change it back to ACCPET to make successful tethering.
Code:
adb shell 'su -c "iptables -F; iptables -P FORWARD ACCEPT; iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE"'
Update 2 2012-07-13
Finally ... the CORRECT way to set up tethering... goto post #21
http://forum.xda-developers.com/showpost.php?p=28698646&postcount=21
Thank you.

Thanks for this! Works well.

Hello to both of you,
this tip is very interesting!
Is there a way to make the same thing under Windows?
Thanks for your help!

Windows? You even can run the commands without connecting to PC/Laptop.
If you want to use Windows, get adb and related driver for windows.
1) Connect your RAZR and let windows 'see' and install driver
2) Start-> Run -> cmd
3) cd \to\path\where\you\put\the\adb.exe
4) adb.exe shell
Now you should get command prompt $ and ready to run commands.
5) $ su
The prompt will change to #, which mean you are going to run commands using 'root' or supervisor power/authority.
6) Type or copy the commands in my previous post.
You also can use Andriod terminal emulator, such as Connectbot in local mode, and continue from step 5)
Good luck.
Thank you.

Hello Bahathir,
I didn't remember the very useful android terminal emulator!
Your tip worked great! Thanks a lot man!
I wonder how Motorola can forget something like that...
Sent from my XT910 using XDA Premium App

the problem turns back by restarting
Hi,
Thanks for your tip, it works very well but after I restart the phone same problem and I need to reenter the codes!
any comments?
Cheers,
Ardal

Yes, I forgot to mention that, this method is temporary. You need to run the commands after reboot. But, it's still better than nothing.
Sent from my XT910 using XDA App

unbelievable bug it this motorola (( hey, I have an idea but dont know how to make it (working on it):
to put these two line commands somewhere like autoexec.bat (I don't know what is equivalent in android)
So you guys know better than me about android, what do you think?
Cheers,
Ardal

Yes ,and it's called init.d or rc.d.
Sent from my XT910 using XDA App

Already done, by help of script manager. Set your commands as a script in etc/init.d/ with SU permission, boot.
I have also sent an email to Motorola Australia and asked them to release an update to solve this problem.

Thank you for the follow up with Motorola. Please update and share us their responses.
Actually, the commands should be invoke when we start tethering ,and should be removed when we stop tethering for enhanced security.
Sent from my XT910 using XDA App

Hi fellow!
Thanks for the tip! It really helped!
I don't know if Motorola "forgot" it, I think it was a way to block Tethering...
Anyway, I managed to permanently apply these modifications without need permanent root. BUT I'M NOT RESPONSIBLE FOR ANY DAMAGE YOUR DEVICE SHOULD HAVE! YOU MUST HAVE A MINIMUM LINUX KNOWLEDGE TO SAFELY EXECUTE THESE STEPS!
1) You will need adb working and the zip file with the scripts necessary to root Droid Razr on Linux / MAC (you can easily find it...)
2) From that zip, take zergRush and extract to a folder.
3) Plug the phone with USB debugging enable and execute:
adb shell 'cd /data/local/tmp/; rm *'
adb push zergRush /data/local/tmp/
adb shell './data/local/tmp/zergRush'
At this point, zergRush will try to obtain root.
After the execution, enter in shell (adb shell), you will see that you will be logged as root! The good point is that it is temporary, if you reboot your device and delete everything on /data/local/tmp/ your device will be exactly the same as it was before root.
4) So, with root access, get rc.local:
adb pull /etc/rc.local
REMEMBER TO BACKUP THIS FILE!
5) Be careful now: edit rc.local and add the following lines:
# Enable Tethering
# http://forum.xda-developers.com/showthread.php?t=1435619
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o qmi0 -j MASQUERADE
at the end of file, just before:
exit 0
OBS.: look that I have modified the original rule and added '-s 192.168.42.0/24'. Here, all devices connected to my RAZR in tethering mode has an ip from LAN 192.168.42.0/24. So, the masquerading will only work when package is coming from this LAN. I think it should increase security and avoid some problems. But remember, if you set up wifi router to assign an IP from another LAN you will have to add another rule!
6) Save and push it back:
adb push rc.local /etc/
7) Enter in shell and gives rc.local permission to be executed:
adb shell
cd /etc
chmod 755 rc.local
exit
8) After it, reboot and the change should be persistent.
I have tested it and, even after a factory reset, the changes are persistent!
Now I can successfully use Wifi and USB tethering.
Thanks one more time for these great information!
Also, I want to thanks tophyr from freenode #android-dev, myn from EFnet #android, and rob0 from freenode #Netfilter.
Ronan

Hi fellows,
EDITED: the problem was gone after I repositioned my router
I'm having a big trouble.
When I enable this, my Wifi connection becomes very unstable. It keeps disconnecting if I heavily use it. Any ideas?

Ronis_BR said:
Hi fellows,
EDITED: the problem was gone after I repositioned my router
I'm having a big trouble.
When I enable this, my Wifi connection becomes very unstable. It keeps disconnecting if I heavily use it. Any ideas?
Click to expand...
Click to collapse
Android Wifi Tether 3.1-beta11, now available for download... http://android-wifi-tether.googlecode.com
Requires root, though... Don't you need root to run iptables anyway? Definitely needed to edit the rc file.

tekahuna said:
Android Wifi Tether 3.1-beta11, now available for download... http://android-wifi-tether.googlecode.com
Requires root, though... Don't you need root to run iptables anyway? Definitely needed to edit the rc file.
Click to expand...
Click to collapse
Yes, you need root to edit rc.local, but, after pushing it back, you don't need it anymore.

Ronis_BR said:
Hi fellow!
Thanks for the tip! It really helped!
I don't know if Motorola "forgot" it, I think it was a way to block Tethering...
Click to expand...
Click to collapse
FYI, my RAZR XT910 is contract free and not from VZW. It also has Hotspot and tethering features. That why I said, the it is the bad implementation at the first place.
# Enable Tethering
# http://forum.xda-developers.com/showthread.php?t=1435619
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o qmi0 -j MASQUERADE
Click to expand...
Click to collapse
Yes, but, to be sure the FORWARDING is enabled, add this line
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
# Enable IP Forwarding in kernel
The ip_forward is 1, when you enabled the Hotspot/tethering, but just in case, if Motorola also disable the IP Forwarding in kernel. Yes, the netfilter's rules NEEDs the ip_froward value to be 1, to make the NATting to works.
BTW, I did not add the '-s 192.168.2.0/24' because, the NATting will not work if user change the hotspot default IP to other than 192.168.2.xxx.
Thank you and great job. I think this is not only for RAZR, but also for most Android smartphones which has 'iptables' command.
Good luck.

Great
bahathir said:
Problem:
Tethering problem with my RAZR XT910,PSHAsiaRetail.en
Findings:
Not NAT rule enabled in netfilter.
Solution: This is my simple solution.
1) Get root access.
2) Enable NAT in netfilter using iptables, by inserting the rule.
Code:
# iptables -t nat -F
# iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE
3) Check with # iptables -t nat -nvL
Example
Code:
# iptables -t nat -nvL
0 0 MASQUERADE all -- * qmi0 0.0.0.0/0 0.0.0.0/0
Conclusion:
Very bad/immature tethering implementation by Motorola.
Thank you.
Click to expand...
Click to collapse
Working great on 2.3.6 Stock, thank you!!!!!

ichi go said:
Hello Bahathir,
I didn't remember the very useful android terminal emulator!
Your tip worked great! Thanks a lot man!
I wonder how Motorola can forget something like that...
Sent from my XT910 using XDA Premium App
Click to expand...
Click to collapse
you can save to a shell script, let say mytether and execute ./mytether.sh later on...
but the init file is much convenient.

Any idea why doesn't work on Asia.03 ICS was what fixed issue in Asia.03 GB.
Sent from my XT910 using xda premium

Yes.
It is because Motorla had changed the default FORWARD chain policy to DROP, and all packets which going out from other IPs going through it will be dropped and ignored. So no connections for client's.
Here is the default rules.
Code:
$ adb shell 'su -c "iptables -nvL"'
Chain INPUT (policy ACCEPT 460 packets, 282K bytes)
pkts bytes target prot opt in out source destination
0 0 all -- !lo+ * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
145 8251 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
343 270K all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 325 packets, 34323 bytes)
pkts bytes target prot opt in out source destination
0 0 all -- * !lo+ 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
145 8251 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
319 34011 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
Chain costly_shared (0 references)
pkts bytes target prot opt in out source destination
0 0 penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain penalty_box (1 references)
pkts bytes target prot opt in out source destination
Look at the FORWARD chain and other bizarre rules. We can change it to a more cleaner rules.
Code:
adb shell 'su -c "iptables -F; iptables -P FORWARD ACCEPT; iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE"'
1) iptables -F : Flush/remove all rules
2) iptables -P FORWARD ACCEPT : Change the default FORWARD chain policy to ACCEPT, which allow all traffic goes through
3) iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE : Enable the NAT rule.
Enjoy the tethering and good luck.
Thank you.

Related

[Q] autostart.sh and u2nl to init.d

How can I add u2nl to init.d? I have an HTC Evo 4g LTE and need to make android 4.3 Viper4g Rom run my script on boot. I've tried to use Root Explorer and Root Browser apps to manually add them to the init.d folder, set permissions and changed owner and group to root. But my phone won't boot after I've added my script. The name of my script file is autostart.sh and this is what it contains.
#!/system/bin/sh
export PATH="$PATH:/system/bin"
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -A OUTPUT -o rmnet0 -p 6 ! -d 10.132.25.254 -j REDIRECT --to-port 1025
u2nl 10.132.25.254 8080 127.0.0.1 1025 >/dev/null 2>&1 &
sh -c "sleep 5;kill `ps|grep nk.bla.android.autostart|grep -v grep|awk '{print $2}'`" &
exit 0
I know someone here has the knowledge to make this happen. Please advise and assist. Thanks. P.S. I have tried to rename the script to 99data and placed it init.d directory so it would run last but phone won't boot.?
solcam said:
How can I add u2nl to init.d? I have an HTC Evo 4g LTE and need to make android 4.3 Viper4g Rom run my script on boot. I've tried to use Root Explorer and Root Browser apps to manually add them to the init.d folder, set permissions and changed owner and group to root. But my phone won't boot after I've added my script. The name of my script file is autostart.sh and this is what it contains.
#!/system/bin/sh
export PATH="$PATH:/system/bin"
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -A OUTPUT -o rmnet0 -p 6 ! -d 10.132.25.254 -j REDIRECT --to-port 1025
u2nl 10.132.25.254 8080 127.0.0.1 1025 >/dev/null 2>&1 &
sh -c "sleep 5;kill `ps|grep nk.bla.android.autostart|grep -v grep|awk '{print $2}'`" &
exit 0
I know someone here has the knowledge to make this happen. Please advise and assist. Thanks. P.S. I have tried to rename the script to 99data and placed it init.d directory so it would run last but phone won't boot.?
Click to expand...
Click to collapse
have you tried a dummy test script that just echos a number to the sdcard file?
Thanks for replying. The script term-init.sh that I found elsewhere on XDA, had a test and set perms output file that can be found in /data/Test.log. I have solved the problem on my Evo 4g LTE but, not on my Sprint Galaxy S3. Turns out that I couldn't use Root Explorer to manually add the file! I had to REALLY MANUALLY add the file using the terminal emulator. That worked on the Evo but not the S3. I had placed the scripts in one postboot.rc files on S3 and it worked fine but, my battery seemed to be draining a lot faster, which was not acceptable. So I guess my problem is half solved. So, do you know how to make it work on the S3? Thanks in advance to anyone that can help me.

DNScrypt proxy for Android install

Hello,
I want to install DNScrypt proxy 1.4 on my android phone. You can get it here : download.dnscrypt.org/dnscrypt-proxy/
Could someone please make a tutorial an tell me how to install this? I want it to work with following DNS server: https://dnscrypt.eu/
It is a great enhancement in security and I would be glad if someone can get it to work and tell us.
Regards
Is nobody interested in this? [emoji20]
Can't believe there is no response. Is no one of the XDA members who looked at this able to install DNScrypt on there phone?
Do you prefer flappy bird clones over such a security enhancement?
Bump again then.
Bump
Another bump for all secureless xda members
XDA members are not able to install a tar.gz package on their android phone? Aww, really guys?!
B u m p
Seriously, no one...?
How to install dnscrypt on android
Requirements:
rooted phone
installed busybox
some handy tools like terminal emulator or ssh daemon for testing purpose, file explorer with acces to system partition
dnscrypt: https://copy.com/M6r38z6g3iyj (thanks to GitHub esp. @daddybr, KionLi...) - files for arm7
About:
We need to run dnscrypt every time phone is booted - for this purpose is necessary to add script "dnscrypt" into "init.d" directory In this script-file you can also change parameters like used resolver/provider etc.
dnscrypt-proxy is main binary file which will provide dnscrypt service for us. There is also script to start/stop dnscrypt-proxy service anytime we need and made some other usefull things for us...
How to:
check if directory "init.d" in /system/etc/ exist - if there is not such directory use program "Universal Init.d" and create it - otherwise follow bellow
extract downloaded files and put it into same directories they are, just to system partition (u can use any file browser with access to system partition, eg. Solid Explorer)
check if there is file "resolv.conf in /system/etc/ directory
​- if there is not such file create it and put this into it "nameserver 127.0.0.1"
​- if there is such file check if "nameserver 127.0.0.1"and delete else
all files putted in directory /system/xbin/ should have right permission to work correctly
Checking functionality:
Easiest way is to visit "www.opendns.com/welcome"
If it is working you will get something like "Your Internet is safer, faster, and smarter..."
If it is not working you will get something like "OOPS..."
Other way is to run nslookup in terminal emulator and check if you get 127.0.0.1 and name, eg "nslookup 8.8.8.8"
The hardest way is to use wireshark or tcpdump and analyze traffic while browsing on the phone..., eg. http://askubuntu.com/questions/105366/how-to-check-if-dns-is-encrypted
Also you can check if dnscrypt-proxy is running in terminal , eg. "ps w |grep dnscrypt"
DNS setting
Did anyone got this one to work? I did all the steps mentioned but it seems that the resolv.conf is not being checked. I even try with apps to change dns settings (dnset, dnschanger..) it just seems that the dynamic dns assigment takes precedence, it keeps going to the dynamically assigned DNS server when on wifi and LTE. Aside from that I did not have any issues, dnscrypt runs fine with all arguments. I'm trying this on a Verizon Galaxy S5.
<dexter> said:
Did anyone got this one to work? I did all the steps mentioned but it seems that the resolv.conf is not being checked. I even try with apps to change dns settings (dnset, dnschanger..) it just seems that the dynamic dns assigment takes precedence, it keeps going to the dynamically assigned DNS server when on wifi and LTE. Aside from that I did not have any issues, dnscrypt runs fine with all arguments. I'm trying this on a Verizon Galaxy S5.
Click to expand...
Click to collapse
Yes, working here.
Had trouble with afwall though, but this post http://forum.xda-developers.com/showpost.php?p=54263022&postcount=8 helped me.
Script i've used:
Code:
$IPTABLES -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -A "afwall" --destination "208.67.220.220" -j RETURN
You can restrict the last line to only UDP 443 if you want.
Confirmed packets with tcpdump, blocked UDP 53 at my router.
piscoo said:
Yes, working here.
Had trouble with afwall though, but this post http://forum.xda-developers.com/showpost.php?p=54263022&postcount=8 helped me.
Script i've used:
Code:
$IPTABLES -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -A "afwall" --destination "208.67.220.220" -j RETURN
You can restrict the last line to only UDP 443 if you want.
Confirmed packets with tcpdump, blocked UDP 53 at my router.
Click to expand...
Click to collapse
Could you please write a small, complete guide for the installation of DNScrypt? I still can't get it to work.
Draygon said:
Could you please write a small, complete guide for the installation of DNScrypt? I still can't get it to work.
Click to expand...
Click to collapse
Flash this zip from recovery. It works
Do you have any source for this?
How can I enter the IP address of the service I want to use?
Draygon said:
How can I enter the IP address of the service I want to use?
Click to expand...
Click to collapse
Edit /etc/init.d/dnscrypt and see here
So you compiled DNScrypt for Android from this source at github?
Draygon said:
So you compiled DNScrypt for Android from this source at github?
Click to expand...
Click to collapse
No. I just flashed zip file and investigated on it
Anyone flash this zip besides the guy who posted it? Can't find much reference to this file name anywhere dnscrypt-5-armv7-opendns.zip
lamero1 said:
No. I just flashed zip file and investigated on it
Click to expand...
Click to collapse
How do you set your phones global DNS setting for any dynamic IPs on any network? I cannot figure out how to point my phone to 127.0.0.1
Draygon said:
So you compiled DNScrypt for Android from this source at github?
Click to expand...
Click to collapse
Assuming you have the Android NDK installed (no idea how to do it under Windows; Cygwin has never been my forte... Under Arch all you need to do is install the packages from the AUR), it's insanely easy to do yourself, thanks to the build scripts in the libsodium and dnscrypt packages.
Code:
export ANDROID_NDK_HOME=${ANDROID_NDK} # Or wherever your NDK dump happens to be residing
mkdir ~/dnsc && pushd ~/dnsc
This part deals with signature verification, used to determine we have not received a tampered-with copy of DNSCrypt. This page is being delivered over unsecured HTTP, so don't necessarily trust what's being written here.
Again: REMEMBER THAT THIS PAGE IS UNSECURE (granted, I imagine a person intending to cause malice would remove these warnings but, hey, it's not like I have alternatives). I'm also not a security expert in the slightest, so it wouldn't be surprising if it transpired I was giving bad advice.
Read http://doc.libsodium.org/installation/README.html for instructions on how to get libsodium's SHA256 hashsum (which you can verify against the file you've got downloaded by running sha256sum) and for the public key used to sign the downloaded files. It can be imported by copying it, pasting it into a Notepad etc. instance, saving it and running gpg --import <whatever.gpg>.
Use your own judgement, other keyservers and Google to determine whether you have jedisct1's real key.
Download dnscrypt's dependency, libsodium:
Code:
curl -O https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz -O https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz.sig
Verify the file's signature:
Code:
gpg --verify libsodium-1.0.2.tar.gz.sig libsodium-1.0.2.tar.gz
I get the following (the warning can be ignored -- unless you've managed to verify the key with jedisct1 in person):
Code:
gpg: Signature made Tue 10 Feb 2015 10:59:17 AM GMT using RSA key ID 2B6F76DA
gpg: Good signature from "Frank Denis (Jedi/Sector One) <redacted>" [unknown]
gpg: aka "Frank Denis (Jedi/Sector One) <redacted>" [unknown]
gpg: aka "Frank Denis <redacted>" [unknown]
gpg: aka "Frank Denis <redacted>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 54A2 B889 2CC3 D6A5 97B9 2B6C 2106 27AA BA70 9FE1
Subkey fingerprint: 0C79 83A8 FD9A 104C 6231 72CB 62F2 5B59 2B6F 76DA
If everything looks OK, then continue. Conversely, if anything is out of place, then abort. Seriously.
Untar and go to the directory with the libsodium code:
Code:
tar xf libsodium-1.0.2.tar.gz && pushd libsodium-1.0.2
It's not in the tarball yet, so download this into the dist-build folder and chmod 0755 it.
If running into problems, edit aandroid-armv7-a.sh and do the following:
change TARGET_ARCH to arm
set the march value to armv7-a
Start building libsodium:
Code:
./dist-build/android-armv7-a.sh
I get the following dumped:
Code:
[email protected] ~/dnsc/libsodium-1.0.0 % ./dist-build/android-arm.sh
<configure output removed>
libsodium has been installed into /home/faheem/dnsc/libsodium-1.0.0/libsodium-android-arm
./dist-build/android-arm.sh 21.97s user 2.72s system 165% cpu 14.927 total
Note the line saying where libsodium has been installed. Let its value be stored in the environment:
Code:
export SODIUM_ANDROID_PREFIX=<folder where libsodium has been installed, as reported by android-arm.sh>
Consider removing debugging symbols to reduce the size of the file:
Code:
./android-toolchain-arm/arm-linux-androideabi/bin/strip $SODIUM_ANDROID_PREFIX/lib/libsodium.so
I won't repeat what's on the main dnscrypt.org site or, really, what I've already written.
popd back to the ~/dnsc folder and download the latest version of dnscrypt and its signature. Follow the instructions on the website to verify the tarball's SHA256SUM and run gpg like above to verify the tarball against the signature. If everything is OK, untar dnscrypt like we did libsodium.
Run to build:
Code:
./dist-build/android-armv7.sh
If running on Lollipop, make the changes below, as per alihassani:
add -fPIE to the end of the CFLAGS
place export LDFLAGS="-fPIE -pie" under the CFLAGS line
If running into problems running android-armv7.sh, make the applicable changes above again.
After it's been built, you'll get this:
Code:
[email protected] ~/dnsc/dnscrypt-proxy-1.4.1 % SODIUM_ANDROID_PREFIX="$HOME/dnsc/libsodium-1.0.0/libsodium-android-arm/" dist-build/android-armv7.sh
<configure output snipped>
dnscrypt-proxy has been installed into /home/faheem/dnsc/dnscrypt-proxy-1.4.1/dnscrypt-proxy-android-armv7
Again, consider stripping the resulting binary. Transfer, fix permissions etc.
Some notes:
The binary is dynamically linked to libsodium. If installing, you'll need to copy libsodium.so to /system/lib. If you're just testing you can put libsodium.so in the same folder as the dnscrypt-proxy binary and invoke dnscrypt-proxy as such: LD_LIBRARY_PATH=<path to current folder> ./dnscrypt-proxy
The prefix is weirdly set by the android-build script. You'll need to point dnscrypt to the resolver list manually (I recommend putting it somewhere on the system partition as a file on the [internal] SD card is too easy to change): https://github.com/jedisct1/dnscrypt-proxy/issues/123

[Q] Networking question

Hi All,
I have a stupid Juniper VPN device at work which does not support 64 bit linux clients using netconnect. I have found ways around this previously, but now we are setting up 2 factor auth which throws a lot of javascript into the mix, making the scripts I used pretty much obsolete. The Junos pulse client works well for android, so I am thinking I want to use an android device as a router. Connecting to the VPN and using wifi tethering does not work, same with USB tethering does not work, and those are not exactly what I want anyway.
So basically I want to be able to connect my android device to my wifi here at home, connect to the VPN on it, run a script to do my setup on the Android device, lastly add a route on my client pc to tunnel through the android device. here is what I tried so far on the device:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -P FORWARD ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.0/16 -d 10.0.0.0/8 -j MASQUERADE
ip rule add from all to 10.0.0.0/8 fwmark 0x3c lookup 60
and on the client PC:
Code:
route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.29
where 192.168.1.29 is the IP of my android device, and 10.0.0.0/8(I know its lazy) is the IP range I want to go through tun0 on the device. This is however not working.
The only thing I need to do on a standard linux box to do this would be:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -I POSTROUTING -s 192.168.0.0/16 -d 10.0.0.0/8 -j MASQUERADE
And setup the same route command on the client but point it at the linux box instead. This currently works, but when we decide to flip the switch and use the 2 factor auth only I will not be able to make it work on a standard linux box, but 2 factor does work on android via the Junos app.
I fear I am missing something simple in Android land, please help...

[Q] [ask a question]how to add a iptable rules in android?

Hi, all,
I want to add a iptable ruler in android phone. I use iptables -t nat -A PREROUTING -p 6 -d 192.168.66.1 --dport 80 -j DNAT --to 192.168.66.1:8080 after run su in my rooted phone
This ruler can be checked in adb shell: iptables -t nat -nL
hain PREROUTING (policy ACCEPT) target prot opt source destination idletimer_nat_PREROUTING all -- 0.0.0.0/0 0.0.0.0/0 DNAT tcp -- 0.0.0.0/0 192.168.66.1 tcp dpt:80 to:192.168.66.1:8080 I want to keep this information after phone reset. So I add an iptables file in /etc/sysconfig (the path information come from pc linux system)
Its content is:-t nat -A PREROUTING -p 6 -d 192.168.66.1 --dport 80 -j DNAT --to 192.168.66.1:8080
Ater phone reset, no rules is added.
I don't know whether android support this path: /etc/sysconfig/iptables. This path come from pc linux. (/etc/iptables/rules.v4 is tested too, not work)
At the same time, I also don't know whether its content is right.
My testing phone cannot be rooted in the future. We only can custom our Rom.
So if you know how to add this rule in no rooted phone, that is ok for me too.
Anyone can help me about this?
Thanks very much in advance.

[SOLVED] Weird NAT issues when trying to tether via VPN

Hi, I recently wrote a program in C/C++ which allows me to tunnel over ICMP (my carrier stupidly allows ICMP traffic over 3g with the right APN )
All works fine if im using it from the phone, using the NDK compiled binary.
Also works fine if im not running the tunnel from my phone and just tethering via usb/wifi/bt and running the tunnelling program on the device tethered to my s3
What I'm trying to achieve is: run the tunnelling prog on the phone, and set up some iptables rules to forward rndis0/wlan0/bt-pan to tun0 so that I can use the tunnelled connection simultaneously on the phone and on whatever other devices are tethered to the phone.
Problem is, whilst running the program on the phone, I can access all sites/ips fine, but the connection provided to the tethered devices with the iptables rules is flaky at best, and simply will not connect to some sites at all
Possibly netmask issue?
Assuming my default gateway on the phone is set to the tunnel endpoint, here are the iptables rules I am using to NAT the tetherable interfaces:
iptables -F natctrl_FORWARD
iptables -A FORWARD -o tun0 -i bt-pan -s 192.168.44.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -o tun0 -i wlan0 -s 192.168.43.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -o tun0 -i rndis0 -s 192.168.42.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
strangely I can ping ok, and access sites like google and facebook but most other sites will not load.
Have done tracepath so I know the packets are going through the tunnel.
Anyone able to shed any light on this?
Alternatively, could it be possible to edit the default tethering scripts on the s3 to use the tun0 device instead of rmnet0 ? Will search them and try
Going to roll my NDK executable into a shared library and make it into a paid app.
Used 10gb in 2 days on a SIM which has never and will never have credit. Also works whilst roaming!
Jamie
Issue was that the MTU of wlan0/bt-pan/rndis0 was larger than that of the tunnel, causing packets to fragment. Lowered mtu and problem solved, working beautifully now

Categories

Resources