Archos 101IT G8 + UrukDroid 1.6.2.
In my logs I have many messages like this:
Code:
I//usr/bin/djmount(20626): [E] Error generating URL from 'http://192.168.1.1:49000/igddesc.xml' + 'http://fritz.box'
192.168.1.1 is my nameserver/router.
Any idea what djmount tries to do, and why?
At first glance, it seems to try to mount "something" from the UPNP of your router.
What does the 'fritz.box' resolve to? Maybe a computer on your lan?
frotz.box is the avm router.
Indeed, but it is not accessible by that name.
http://192.168.1.1:49000/igddesc.xml does return some information about this router.
Related
This mod take a couple of minutes to complete and allows for PEAP wifi connections. Requires root access and ADB knowledge.
I AM NOT RESPONSIBLE FOR ANY ISSUES YOU CREATE WITH THIS. IT IS A ROUGH GUIDE AND WORKS FOR ME. DO AT OWN RISK.
Tutorial For Adding LEAP/PEAP Wifi
1. Open Command prompt window in Windows.
2. Go to your directory that you have Android SDK in.
3. Change directory to Tools. So for eg. C:\Android\Tools
4. Type in adb devices. You should see your device. If not install ADB driver. Google it.
5. Type in adb pull /data/misc/wifi/wpa_supplicant .conf c:\wpa_supplicant.conf
6. This stores wpa_supplicant.conf on your C: drive.
7. Open file with wordpad.
8. Add the following to the files:
for PEAP add this code:
network={
ssid="Your SSID"
key_mgmt=WPA-EAP
identity="Your Username"
password="Your Password"
}
for LEAP use this:
network={
ssid="Your SSID"
scan_ssid=1
key_mgmt=IEEE8021X
auth_alg=OPEN SHARED LEAP
eap=LEAP
identity="Your Identity"
password="Your Password"
}
9. Save the file.
10. Type push c:\wpa_supplicant.conf /data/misc/wifi/wpa_supplicant .conf
11. Now the important part. If you miss this your wifi will not work after reboot.
12. Type adb shell
13. Should get # prompt.
14. Type su.
15. Type cd /data/misc/wifi
16. Type chown 1010 wpa*
17. Type chgrp 1010 wpa*
18. Close command prompt window and enjoy LEAP/PEAP wifi.
What is the difference between the two?
A question that might help the unacknowledged
EAP and LANs
EAP originated with the dial-up PPP protocol in order to support protocols beyond PAP and CHAP. For use on packet networks, EAP Over LAN (EAPOL) was created. EAPOL added new message types and allowed an Ethernet header to be prefixed onto EAP messages so they could be transmitted via Ethernet. Following are various EAP methods used mostly in wireless networks, but also in wired networks. See 802.1X, WPA and 802.11i.
EAP-TLS (EAP-Transport Layer Security)
Uses the handshake protocol in TLS, not its encryption method. Client and server authenticate each other using digital certificates. Client generates a pre-master secret key by encrypting a random number with the server's public key and sends it to the server. Both client and server use the pre-master to generate the same secret key.
EAP-TTLS (EAP-Tunneled TLS)
Like EAP-TLS above except only the server has a certificate to authenticate itself to the client first. As in EAP-TLS, a secure connection (the "tunnel") is established with secret keys, but that connection is used to continue the authentication process by authenticating the client and possibly the server again using any EAP method or legacy method such as PAP and CHAP.
PEAP (Protected EAP)
Similar to EAP-TTLS above except it does not support legacy methods. It only moves EAP frames. Windows XP natively supports PEAP.
LEAP (Light EAP, Cisco LEAP)
From Cisco, first implementation of EAP and 802.1X for wireless networks. Uses preshared keys and MS-CHAP protocol to authenticate client and server to each other. Server generates and sends session key to access point. Client computes session key independently based on data received in the CHAP challenge.
EAP-FAST
(EAP-Flexible Authentication via Secure Tunneling)
Enhancement to LEAP from Cisco that provides an encrypted tunnel to distribute preshared keys known as "Protected Access Credential" (PAC) keys. PAC keys may be continuously refreshed to prevent dictionary attacks. EAP-FAST is defined in Cisco's Cisco Compatible Extensions (see CCX).
EAP-SIM (GSM Cellphones)
For GSM phones that switch between cellular and Wi-Fi networks, depending on which is in range. The Subscriber Identity Module (SIM) smart card in the GSM phone (see GSM) contains the secret key used for challenge/response authentication and deriving session keys for encryption.
Click to expand...
Click to collapse
Source:www.pcmag.com/encyclopedia_term
thanks
Thanks for the help clarifying that for peoples.... its finally great to be able to use the WiFi at school... would be nice to implement it automatically, I can't write the code.... but if anyone would like too it would really add to the community....
Maybe I'm misunderstanding this but i know when i try to use LEAP at school, it already has options and what not for it on my phone, none of this is necessary for me
I know with my school which is (PEAP) you couldn't input a username just a password! so if you are having troubles connecting to a LEAP or PEAP connection this is a way to workaround and get it working. If you can already connect don't worry about it! this is for those who cant connect and get crappy data in class! haha
Does this work with MS-CHAP ? How do I define it?
Thanks!
MS-CHAP already works out of the box. At least I can connect at work with PEAP, MS-CHAPv2. Could be a CM 5 thing though.
Thanks for posting this! while it did not directly solve my problem, it made me redouble my efforts to get on my company's wlan with my N1. I have tried this many times over the years with various phones including UIQ3, WM6 and never got anywhere. I always assumed that there was some sort of certificate or windows domain stuff going on.
So this morning I did a wireshark trace and put my laptops drivers into debug logging to find out how my laptop connects.
A bit of googling for the stuff I found enabled me to get a working supplicant.conf on the third attempt and I am amazed!
Appear to be using WPA2 Enterprise with EAPOL LEAP with CCMP encryption on Cisco access points.
Here is the network part of my wpa_supplicant.conf in case it helps anyone:
network={
ssid="SSID"
scan_ssid=1
key_mgmt=WPA-EAP IEEE8021X
auth_alg=SHARED LEAP
group=CCMP
eap=LEAP
identity="DOMAIN\User"
password="Password"
}
maedox said:
MS-CHAP already works out of the box. At least I can connect at work with PEAP, MS-CHAPv2. Could be a CM 5 thing though.
Click to expand...
Click to collapse
Doesn't work for me on stock rom.
What works for PEAP with MSCHAPv2 in my school is:
network={
ssid="<ssid>"
scan_ssid=1
key_mgmt=IEEE8021X
eap=PEAP
identity="<userid>"
password="<password>"
phase2="auth=MSCHAPV2"
priority=2
}
(Previously posted on my blog at http://zitseng.com/archives/2729)
It works, Thanks!
There's a way of doing that without root access:
code.google.com/p/android/issues/detail?id=1871
Step 16 17
when i type
16. Type chown 1010 wpa*
17. Type chgrp 1010 wpa*
i get the error:
"no such user '1010'"
"chgrp: not found"
what is it mean?
Is there anything I may have done wrong?
tanks
Doesn't work for me for some reason. Do you think having CM6 RC3 would make a difference? Not that I could see it doing so.
I've tried a few of the above suggestions but none work for me
The worst thing is it worked fine before I updated my Nexus One to FroYo!
my current settings for the uni are:
network={
ssid="UoN-secure"
key_mgmt=WPA-EAP IEEE8021X
eap=PEAP
identity="username"
password="password"
phase2="auth=MSCHAPV2"
}
Any help would be appreciated
The problem I am having is that it will not keep the Phase 2 auth - MSCHAPV2 setting when I set it up. Every time I go back into the ssid settings (modify network) it has reverted back to "none". However the information above was pulled from the phone so it obviously is storing the MSCHAPV2 setting, just doesn't seem to be using it!
actually cm6 rc3 should have support for Leap/PEAP i have been using it for a while without this hack.... what type of connection are you trying to connect too?
Hello,
I'm trying to connect to a Cisco VPN client by using VPN Connections on an Archos 70 IT 250 GB, that is rooted.
I always get a "Connection failed" message, after which the app crashes.
Did anyone succeed in getting VPN Connections working on Archos 70 IT ?
Regards,
Tonny
TonnyVanmunster said:
Hello,
I'm trying to connect to a Cisco VPN client by using VPN Connections on an Archos 70 IT 250 GB, that is rooted.
I always get a "Connection failed" message, after which the app crashes.
Did anyone succeed in getting VPN Connections working on Archos 70 IT ?
Regards,
Tonny
Click to expand...
Click to collapse
Hi,
I used to have the same error on my Galaxy S, when trying to create a VPN tunnel to my companies CISCO gateway.
The problem seems to relate to the missing tun.ko library.
I'm not sure if the Samsung Galaxy files will work for Archos, but you might want to adapt and try the following how-to: http://forum.xda-developers.com/showthread.php?t=793712&highlight=tun.ko
Regards,
Patrick
TonnyVanmunster said:
Did anyone succeed in getting VPN Connections working on Archos 70 IT ?
Click to expand...
Click to collapse
I found a possible clue. After trying several free pptp vpn services and noticing that it seemed to resolve a url one time then just hang, I set up a vpn on my lan and tried the local coffee shop connection to access it. I found that if encryption was completely disabled on the lan vpn and unchecked on the 70 IT, it would connect and I could browse, check email, etc. As soon as I set the policy on the vpn server to enable any level of encryption it was back to the resolve 1 url and hang behavior. Of course an unencrypted vpn is about as worthless as t*ts on a bull but it's the only clue I've found. As a control, I tried an ip*d touch w/encryption on against the same vpn with all levels enabled and that worked.
If anybody else who's running a local vpn can duplicate and confirm this, it's a step in the right direction!
VPN Connections 0.99 (aka get-a-robot-vpnc) working on A101IT with urukdriod-0.6
I've managed to make get-a-robot-vpnc (aka VPN Connections 0.99) work on urukdroid0.6 on Archos 101 IT.
There are two issues with default vpnc.script, and one issue with output of 'ps' command needed by VPN Connections 0.99 GUI, to check is there a connected vpnc process.
Resolving vpnc.script issues:
1. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'which' command (cd /usr/local/bin; ln -s busybox which)
2. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'ip' command (cd /usr/local/bin; ln -s busybox ip)
$aur0n told me that this two commands/links will be included in urukdroid-0.7.
Resolving GUI 'ps' issue (a bit harder ):
VPN COnnections GUI do 'ps | grep 'vpnc$' to see is there active vpnc process (established connection), but output of 'ps' command(s) found on urukdroid is not what GUI expects, so it cannot find vpnc proccess even if it is running and VPN is established.
On urukdroid there is 2 versions of 'ps' command:
1st is /bin/ps which is symbolic link to /bin/busybox (very old version of busybox (1.7.2, I believe) and output of ps this command is not suitable for VPN Connections (GUI)
2nd is /usr/local/bin/ps which is native ps command, but its output is also not suitable for VPN Connections (GUI)
There is a (hidden ) 3rd 'ps' command in /usr/local/bin/busybox (that version of busybox is 1.17.2) - but also not suitable output for VPN Connections (GUI).
Experimenting a bit I've found that '/usr/local/bin/ps -A' gives an suitable output, so I:
1. renamed /usr/local/bin/ps to /usr/local/bin/ps.new
2. made a script /usr/local/bin/ps with:
Code:
#!/bin/sh
ps.new -A
exit $?
3. chown root:root /usr/local/bin/ps; chmod 755 /usr/local/bin/ps
After that, everything worked.
Hope this solves issues for some of you
P.S. Forgot to mention - urukdroid 0.7 will have its own vpnc service built-in.
Works in UD 1.5
nenadr said:
I've managed to make get-a-robot-vpnc (aka VPN Connections 0.99) work on urukdroid0.6 on Archos 101 IT.
There are two issues with default vpnc.script, and one issue with output of 'ps' command needed by VPN Connections 0.99 GUI, to check is there a connected vpnc process.
Resolving vpnc.script issues:
1. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'which' command (cd /usr/local/bin; ln -s busybox which)
2. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'ip' command (cd /usr/local/bin; ln -s busybox ip)
$aur0n told me that this two commands/links will be included in urukdroid-0.7.
Resolving GUI 'ps' issue (a bit harder ):
VPN COnnections GUI do 'ps | grep 'vpnc$' to see is there active vpnc process (established connection), but output of 'ps' command(s) found on urukdroid is not what GUI expects, so it cannot find vpnc proccess even if it is running and VPN is established.
On urukdroid there is 2 versions of 'ps' command:
1st is /bin/ps which is symbolic link to /bin/busybox (very old version of busybox (1.7.2, I believe) and output of ps this command is not suitable for VPN Connections (GUI)
2nd is /usr/local/bin/ps which is native ps command, but its output is also not suitable for VPN Connections (GUI)
There is a (hidden ) 3rd 'ps' command in /usr/local/bin/busybox (that version of busybox is 1.17.2) - but also not suitable output for VPN Connections (GUI).
Experimenting a bit I've found that '/usr/local/bin/ps -A' gives an suitable output, so I:
1. renamed /usr/local/bin/ps to /usr/local/bin/ps.new
2. made a script /usr/local/bin/ps with:
Code:
#!/bin/sh
ps.new -A
exit $?
3. chown root:root /usr/local/bin/ps; chmod 755 /usr/local/bin/ps
After that, everything worked.
Hope this solves issues for some of you
P.S. Forgot to mention - urukdroid 0.7 will have its own vpnc service built-in.
Click to expand...
Click to collapse
Just wanted to say thanks! I'm using Urukdroid 1.5 and had the same issue. Used your trick and now VPNC connects to my companies VPN ^_^
Hi,
Last week I received my Archos 101. In general it is great. Even better is this forum
I installed urukdroid (thanks to the project-team!). I tried to use openvpn but it failed and I am not sure about the reason.
The server-configuration is
...
ifconfig-pool 10.10.10.120 10.10.10.130
push "route 10.10.10.1"
route 10.10.10.0 255.255.255.0
ifconfig 10.10.10.1 255.255.255.0
push "route-gateway 10.10.10.1"
push "route 10.10.10.0 255.255.255.0"
...
As the Archos is the only device it would get IP 10.10.10.120.
BUT: ifconfig shows:
inet addr.: 10.10.10.255 Bcast: 10.255.255.255 Mask 255.0.0.0
That did (and cannot) work. No ping to home network possible.
When I called route it looked fine (I used redirect-gateway).
When I send the command
ifconfig tap0 10.10.10.120 broadcast 10.10.10.1 netmask 255.255.255.0
from Archos Terminal I had at least access to my home network. But all route entries are gone.
Who has an idea what I am doing wrong? I checked it in the last day again and again... If there is no solution: is it possible to 'save' the entries from route and restore it after my manual change of ifconfig? I would like to do it via script, as my home network I only reachable via dyndns.
Thanks and best regards!
I used the OpenVPN Howto Quickstart and had no problems.
macemoneta said:
I used the OpenVPN Howto Quickstart and had no problems.
Click to expand...
Click to collapse
Yes, I know the guide. I did the same with my ubuntu-netbook and it works directly.
And I think, it would work also on the Archos, if the openvpn/ifconfig on Archos accept the 10.10.10.120. But the IP is changed to 10.10.10.255 and that did not fit.
Where the h*** did the 255 instead of 120 come from?
I noticed the same problem...
No idea where it comes from, but as a workaround, you can put a script somewhere containing a suitable "ip addr add x.x.x.x/y dev z" statement, and reference that in the .conf file as "up scriptname".
Note that you need to add "--script-security 2" to the openvpn commandline to make that work. I added that to the OPENVPN_CFG variable in /etc/uruk.conf/openvpn.
regards
Patrick
This is the openvpn configuration I use for my Archos 101 (on the server). I'm not having any problems, using openvpn 2.1.1:
Code:
port 1194
dev tun
tls-server
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/[COLOR="Blue"]<my host>[/COLOR].crt
key /etc/openvpn/keys/[COLOR="blue"]<my host>[/COLOR].key
dh /etc/openvpn/keys/dh1024.pem
mode server
ifconfig 10.8.0.1 10.8.0.2
ifconfig-pool 10.8.0.4 10.8.0.255
push "route 10.8.0.1 255.255.255.255"
client-config-dir ccd
push "redirect-gateway def1"
push "dhcp-option DOMAIN [COLOR="Blue"]<my domain>[/COLOR]"
push "dhcp-option DNS [COLOR="blue"]<my dns server>[/COLOR]"
keepalive 10 60
inactive 3600
route 10.8.0.0 255.255.255.0
user openvpn
group openvpn
persist-tun
persist-key
verb 4
I examined the situation a bit further.
The problem comes from the ifconfig command that openvpn calls itself:
Code:
/system/bin/ifconfig myvpn \
192.168.x.41 \
netmask 255.255.255.0 \
mtu 1500 \
broadcast 192.168.x.255
This is only used when tap interfaces are involved, which is the case in my setup, but not in the setup macemoneta is showing. caesar68: do you also use tap interfaces?
I can reproduce the problem by just using that ifconfig command again.
When I list the IP-address-to-set as the last argument, instead, it works, i.e.
Code:
/system/bin/ifconfig myvpn \
netmask 255.255.255.0 \
mtu 1500 \
broadcast 192.168.x.255 \
192.168.x.41
A quick scanning of the openvpn manpage, does not suggest a way to override the ifconfig command that is used, but it does give an option --ifconfig-noexec which suppresses its calling.
Unfortuntely, when I just pack the is-working-after-the-interface-is-up ifconfig command into an up script with this option, it just gives me an error SIOCSIFNETMASK (Cannot assign requested address) - even if the same commandline works when I run it over an already upped interface... Probably because the interface then already had an IP address...
No problem, though, ifconfig is obsolete anyway, let us just use ip link and ip addr, which are fortunately available under Uruk.
So, caesar68, the clean solution would be to have
--script-security 2 on the openvpn commandline, e.g. via OPENVPN_CFG in /etc/uruk.conf/openvpn
in your myvpn.conf file:
Code:
ifconfig-noexec
up-delay
up-restart
up /etc/openvpn/myvpn-on-up
a corresponding script /etc/openvpn/myvpn-on-up, executable, with content
Code:
#! /system/bin/sh
ip link set $dev mtu $tun_mtu up
ip addr add $ifconfig_local/$ifconfig_netmask \
broadcast $ifconfig_broadcast \
dev $dev
Works For Me
Thanks for the explanation and the workaround, brian_o'fish. Why are you using tap though? Tap provides an Ethernet bridge, so you'll be transporting packets that really don't need to be sent to your Archos (reducing available bandwidth). Tun is layer 3 routed, so only traffic destined for either endpoint goes over the VPN connection.
macemoneta said:
Why are you using tap though?
Click to expand...
Click to collapse
That's what the server I'm using, is configured to do, as it provides transparant bridged LAN access via VPN, and that is what I want, as I am the admin of said LAN and VPN.
If the low level of broadcasts we have, ever increases or appears to be a problem to me, I'll set up an additional tun server, but for now it is simply not an issue.
Anyway, good hint in general!
Hi all!
Thanks a lot for your comments. Yes I am using tap. I would like to have access to my home network (storage etc.). Therefore I want to use the brigde functionality. And that works only when I changed the ifconfig manually afterwards. But the route is distroyed then and packages to the internet are not routed secure thru my home-network.
@ brian_o'fish: Thanks for the advise. I will try that the next days. In the moment I am happy to read, that I am not the only one with the problem (and maybe to stupid to use openvpn - but on the netbook it works).
I have never worked with tun. Maybe I could check, if that is also a workaround.
I will keep you informed, but I am on a trip the next days.
Thanks again!
*** Update ***:
I didn't work neither with tap nor with tun. Meanwhile I tried to run VPNC. I had some trouble, but it works now.
caesar68 said:
I didn't work neither with tap nor with tun.
Click to expand...
Click to collapse
Did you try the approach I described with tap, and can tell where / how it failed?
Hello All,
I have been searching for a solution to the below mentioned issue all over the net since last one month and finally referred to this forum by my vpn service provider 'cyberghostvpn'.
I am enclosing my config file (test.ovpn.txt), log file(log.txt) & sample password file for 'auth-user-pass' (pass.txt).
Following are the highlighted points regarding this issue :
While the same config file is working fine on my linux machine on android the same is stopping at the prompt "Enter Auth Username :". After entering username the connection sequence continues but the prompt "Enter Auth Password :" never comes like linux.
Hence my analysis is that the openvpn binary is unable to pass my the username-passowrd combination to my vpn server in the console input mode and an auth-failure control message is received shortly later terminating the connection.
If I pass the username-passord combination through the password file as 'auth-user-pass pass.txt' then also the same thing happens (an auth-failure control message is received terminating the connection).
In linux both of these methods are working successfully in establishing the connection proving that there is nothing wrong with cyberghostvpn.
One important point is though on android the openvpn binary is unable to read the config from the .ovpn file, it runs when the options are given as command line arguments as shown below and the enclosed log file is generated in this method.
# openvpn --client --ca ca.crt --cert my_user_name.crt --key my_user_name.key --remote ch.openvpn.cyberghostvpn.com 9081 ..........--tun-mtu 1500 --fragment 1300 --mssfix > log.txt
Anyone who can either help me resolving this issue or refer it to some expert developer on openvpn will be very much appreciated.
Kind regards,
kingsukm
Hi, I recently purchased the ZTE Open C and want to synchronize its calendar with my own Caldav server.
Firefox rejects the connection tough, because the server has an invalid (self signed) certificate.
So i tried adding my certificate to firefox.
I found this guide:
http : // wiki . mozfr . org / Adding_CA_to_FirefoxOS
(Sorry for inserted spaces, won't let me post a link in first post.)
However I fail in the very first steps.
Code:
adb shell ls /data/b2g/mozilla/
Returns: /data/b2g/mozilla/: Permission denied
This means I dont have reading rights in this directory.
How do I get those rights, or alternativeley is there a better way to achieve my Caldav-Server goal?
Mathews123 said:
Hi, I recently purchased the ZTE Open C and want to synchronize its calendar with my own Caldav server.
Firefox rejects the connection tough, because the server has an invalid (self signed) certificate.
So i tried adding my certificate to firefox.
I found this guide:
http : // wiki . mozfr . org / Adding_CA_to_FirefoxOS
(Sorry for inserted spaces, won't let me post a link in first post.)
However I fail in the very first steps.
Code:
adb shell ls /data/b2g/mozilla/
Returns: /data/b2g/mozilla/: Permission denied
This means I dont have reading rights in this directory.
How do I get those rights, or alternativeley is there a better way to achieve my Caldav-Server goal?
Click to expand...
Click to collapse
You cannot use that method unless your phone is rooted, BUT...
I had the same problem and solved it a lot easier. Just launch the browser and input your server's URL. Then you will be warned about the not valid cert, add a permanent exception and that's all, now calendars should sync over HTTPS.
BTW this worked for me until FFOS v1.4. Today I updated to FFOS 2.1 and this trick stopped working, so you have been warned.
Thank you for the suggestion.
I am not running v2.0, so I tried it.
I could add the certificate.
However, when trying to connect, I get:
"Unknown Error. Please try again later."
Any way to figure out what's wrong now?
Seems to be a problem with the server I used. (Baikal)
Using a different one (Owncloud - sadly quite a lot bigger), it works with your tip.
So thanks for the help.
to ged rid of the "unknown error" in Caldav (etc.?)
doragasu said:
I had the same problem and solved it a lot easier. Just launch the browser and input your server's URL. Then you will be warned about the not valid cert, add a permanent exception and that's all, now calendars should sync over HTTPS.
Click to expand...
Click to collapse
thank you so much :victory: