[Q] Help with VPN with Mac 10.8 OS X Server - Android Q&A, Help & Troubleshooting

I have a Mac mini running OS X 10.8.2 with the OS X Server 2.2.1 from the app store, and I have set up the VPN using L2TP in the Server.app interface. I have tested this VPN connection using a Macbook, which works, but I can't figure out how to get Android's built-in VPN to work.
Current set-up:
I have opened ports 500, 1701, 1723, and 4500 on my router.
I am using a dynamic DNS from no-ip.com, we'll say hostname.no-ip.org
I have set a "Shared Secret", we'll say 1234567890
I have set up an account for my android phone on the server, let's say the user name is "nexus" and the password is "google"
On the Macbook, I simply use the DNS, the secret, and credentials that I have set up on the server, and it connects.
On my Android device (Nexus 4 4.2.2) I am using the following settings:
Name: Mac Server
Type: L2TP/IPSec PSK
Server address: hostname.no-ip.org
LT2TP secret: (not used)
IPSec identifier: (not used)
IPSec pre-shared key: 1234567890
When I try to connect using these settings, it prompts for the username and password, so I enter "nexus" and "google". It sits there saying "Connecting..." for maybe 30 seconds and then it just goes back to "Disconnected" with no error or other message. I have also tried putting the "Shared Secret" in the L2TP secret field, but with the same result.
Is the built-in Android VPN simply incompatible with OS X Server's VPN? Or have I misconfigured something?
Note: I would strongly prefer to continue using L2TP, and not the less-secure PPTP VPN

Ok, so I have managed to connect to the VPN when doing it INSIDE the network to the IP of the server (lets say 192.168.1.2). If I change the address to hostname.no-ip.org it won't connect, although it is working for everything else (such as web, etc).
I have tried on my iPad and I can connect just fine either from inside the network or over 3G connection.
On the Nexus I have tried to change the hostname.no-ip.org to my public IP address but it will not work either.
The funny thing is that when I try to make it work outside the server, the mac server log will show nothing, while every other test I run it logs it perfectly.
I think something is very broken in the way VPN is implemented in Android. Am I the only one finding himself in this situation?

....your missing a very large part.....
FORWARD YOUR PORTS ON YOUR ROUTER
Also in your router look for anything relating to VPN.
Also some routers will not alow you to conect from the external ip internally. I hate routers like that..
and why run osx server on a macbook?
if you want a secure home vpn, go find a old windows computer any p4 will do and install linux and install vpn services on it.

Related

[UPDATED 2/25/2009] SocksProxy v1.0: Free SOCKS proxy for internet sharing

I have created an SOCKS proxy server application to run on Windows Mobile phones. A SOCKS proxy is a proxy server that is capable of forwarding nearly all types of network traffic, similar to a NAT router. It is very simple to use. Simply type in the port you would like the proxy server to listen on (defaults is 1080), then click the large "Start Proxy" button.
In order to run this application you will need the .NET Compact Framework 3.5 installed on your device.
Some applications are SOCKS-ready and others are not. You can use FreeCap (freeware) to SOCKS enable any Windows application. ** FreeCap seems to have problems connecting to SocksProxy. Let me know if it works or doesn't work for you. **
I am *NOT* responsible for any fees charged to anyone for the use of this software. There is no warranty and no guarantee.
[UPDATE 2/25/2009]
I've completed the new version of SocksProxy. It implements socks version 4a. There is no security, so it will allow anyone to connect with any user id.
Please let me know of any issues you find.
[UPDATE 2/24/2009]
SocksProxy v1.0 Reboot
--------------------------------------------------------------------------------
I've completed the new proxy server. It looks pretty much like the old one, but I've anchored the controls to the edges so it should scale properly with VGA devices.
I've written a new Socks 4a proxy from scratch and completed ditched all the old code. It seems to be working pretty well, though a bit slow. I think I need to increase the size of my read buffers. I will have to write a smarter heuristic for determining the size of the buffer per connection though. I have them at 128 Kb now. I need to grow each buffer dynamically according to how it's being used, that way I don't create large buffers for connections that are only transfering small amounts before closing (downloading a small gif or javascript file, for example).
I'll probably release it tomorrow after some more testing.
BTW: I'm posting this through the proxy right now!
[UPDATE 2/24/2009]
I've decided not to move forward with the J2ME version of SocksProxy. I will however be writing a new .NET CF version. The current version's proxy is based on code I ported from a proxy targeted to the standard .NET framework. Some features in the standard framework are absent in the compact framework. When porting the proxy I pretty much just did it as quick and dirty as I could because I really wanted something that just got the job done. I didn't care how stable or 'good' it was because I hadn't even intended on releasing it to anyone. Since it looks like there's still a lot of interest I will be writing a new one from scratch. Don't expect too much; It'll be the simplest thing that possibly works, but it'll be stable and reliable.
I'll be naming this version SocksProxy 1.0 Reboot. I'm not upping the version number because I'm really not going to be adding any new features.
[UPDATE 11/4/2008]
I am working on a J2ME version of this application. I will no longer be maintaining the .NET version of the application. The SVN repository for the .NET version will continue to be available. I have no plans on taking it down.
I have decided to switch to J2ME because I will be able to reuse source code in a future Android release -- that is, if Google or someone adds the ability for Android to have more than one IP address.
[UPDATE 10/27/2008]
There is a usage issue with the application with certain configurations of Windows Mobile and Activesync. It seems that when the Activesync host (your PC) has a connection to the internet the handheld device will prefer to connect to the internet via the PC's connection rather than its cellular connection. This completely eliminates any benefit to using the proxy. Does anyone know how to prevent the handheld from routing its internet traffic back through Activesync? Note that this is NOT solved by setting the "Allow data connections" setting in Activesync.
[UPDATE 10/27/2008]
I have updated the SVN respository (https://pchasco.homedns.org/svn/SocksProxy/trunk). Here are the changes:
* Changed "Listening on" box to list all IPs on the handheld
* Added an IP box. Enter an IP to listen on that IP or leave blank to listen on all.
* Rearranged form
* Added "Use selected IP" button to insert into the IP box the IP selected in the list of available IP addresses.
You can enter any IP address in the IP box, but the proxy will fail to start if the IP is not valid for your device.
Hi pchasco,
Could you explain a bit more what this does (and how it works)?
The reason I ask is that I'm looking for an application for the PPC which allows me to share its internet connection by pointing the Desktop browser' proxy to the PPC.
This allows me to be connected to the wired network and using this proxied browser to browse even the blocked sites ...
Can your application be used for this?
If so could you also explain how it works..
I've ran the App on my PPC, and clicked start, this gave me an IP address
next i hooked it up to USB and pointed IE's proxy to that address...didn't work
I also tried to activate the 3G first and/or with ICS activated
but both times I didn't see a IP address...
I'm probably doing something wrong..
Thanks
This is a SOCKS proxy, so it does not work in quite the same way that a normal HTTP proxy does. For internet explorer you'll have to open the advanced proxy options and fill in the information for the SOCKS hostort entry.
Can someone please explain a sample usage of this software on Windows Mobile?
pchasco said:
This is a SOCKS proxy, so it does not work in quite the same way that a normal HTTP proxy does. For internet explorer you'll have to open the advanced proxy options and fill in the information for the SOCKS hostort entry.
Click to expand...
Click to collapse
Have you used this with ICS? In other words, share your internet connection with a computer and then have the computer connect via your sock proxy to the internet?
abdulzis said:
Can someone please explain a sample usage of this software on Windows Mobile?
Click to expand...
Click to collapse
I'm not sure what you mean. An example of how to use it or an example describing why someone would want to use it?
hoopsbwc34 said:
Have you used this with ICS? In other words, share your internet connection with a computer and then have the computer connect via your sock proxy to the internet?
Click to expand...
Click to collapse
I am not sure why you would need to use both SOCKS proxy and ICS at the same time. They are both means to provide internet connectivity through your phone to another device. If ICS were an option on my phone, I would use it over SOCKS unless the client device did not support it.
pchasco said:
I am not sure why you would need to use both SOCKS proxy and ICS at the same time. They are both means to provide internet connectivity through your phone to another device. If ICS were an option on my phone, I would use it over SOCKS unless the client device did not support it.
Click to expand...
Click to collapse
Basically, I'm trying to allow access to two networks at the same time. So I want to adjust my settings in firefox to point to my WM phone and your socks proxy. Then my other applications and IE can use my LAN. Otherwise, to get my WM ICS to work I have to disable my LAN connection which I need for certain apps.
edit... I'm good with using it without ICS, but that doesn't seem to work either. No matter when I click start proxy, I get an IP of 0.0.0.0 and if I connect my computer via USB I can't ping that address.
hoopsbwc34 said:
Basically, I'm trying to allow access to two networks at the same time. So I want to adjust my settings in firefox to point to my WM phone and your socks proxy. Then my other applications and IE can use my LAN. Otherwise, to get my WM ICS to work I have to disable my LAN connection which I need for certain apps.
Click to expand...
Click to collapse
Then setting the SOCKS proxy setting without setting any other proxy settings should work in Internet Explorer. I've been trying to test it, but my phone refuses to access the internet through the cellular connection right now; it's always going through my PC while activesync is connected. I can't get it to stop! The funny thing is IE on my PC is making its HTTP requests through my phone, then my phone is going right back through my PC to the internet!
pchasco said:
Then setting the SOCKS proxy setting without setting any other proxy settings should work in Internet Explorer. I've been trying to test it, but my phone refuses to access the internet through the cellular connection right now; it's always going through my PC while activesync is connected. I can't get it to stop! The funny thing is IE on my PC is making its HTTP requests through my phone, then my phone is going right back through my PC to the internet!
Click to expand...
Click to collapse
That's what I tried... but the IP address I get is 0.0.0.0 from your app. What IP do you usually get back when you run it? Do you just connect via USB? If ActiveSync is running is that an issue?
pchasco said:
Then setting the SOCKS proxy setting without setting any other proxy settings should work in Internet Explorer. I've been trying to test it, but my phone refuses to access the internet through the cellular connection right now; it's always going through my PC while activesync is connected. I can't get it to stop! The funny thing is IE on my PC is making its HTTP requests through my phone, then my phone is going right back through my PC to the internet!
Click to expand...
Click to collapse
I think there is a setting in ActiveSync that says "allow wireless connections when connected" sounds like that might be your problem.
Mr_Gee said:
Hi pchasco,
Could you explain a bit more what this does (and how it works)?
The reason I ask is that I'm looking for an application for the PPC which allows me to share its internet connection by pointing the Desktop browser' proxy to the PPC.
This allows me to be connected to the wired network and using this proxied browser to browse even the blocked sites ...
Can your application be used for this?
If so could you also explain how it works..
I've ran the App on my PPC, and clicked start, this gave me an IP address
next i hooked it up to USB and pointed IE's proxy to that address...didn't work
I also tried to activate the 3G first and/or with ICS activated
but both times I didn't see a IP address...
I'm probably doing something wrong..
Thanks
Click to expand...
Click to collapse
Sounds like the same thing that is happening to me. I finally got it to give me an IP address, but only if my data connection is inactive. As soon as the data connection is active it becomes a 0.0.0.0 IP address. Bug?
I tried to establish the IP, then activate the data connection... still doesn't work when I enter the IPort into my proxy list for firefox.
hoopsbwc34 said:
That's what I tried... but the IP address I get is 0.0.0.0 from your app. What IP do you usually get back when you run it? Do you just connect via USB? If ActiveSync is running is that an issue?
Click to expand...
Click to collapse
I am not sure why you are receiving 0 as your IP address. Check in Settings->Connections->USB to PC that "Enable advanced network functionality" is selected.
Gave it another try
Connected to ActiveSync (AS) loaded the application
removed the AS connection, started the application
It showed me the IP address op 127.0.0.1 (localhost)
Stopped the App, initiated the gprs and started the App again.
now i'm getting an IP of 0.0.0.0, I restarted the App a couple of times but no dice
I also checked if the advanced network functionality was enabled and it was..
Mr_Gee said:
Gave it another try
Connected to ActiveSync (AS) loaded the application
removed the AS connection, started the application
It showed me the IP address op 127.0.0.1 (localhost)
Stopped the App, initiated the gprs and started the App again.
now i'm getting an IP of 0.0.0.0, I restarted the App a couple of times but no dice
I also checked if the advanced network functionality was enabled and it was..
Click to expand...
Click to collapse
Hmm... I'm not sure what's going on here. 127.0.0.1 is the loopback interface-- It is only valid for your phone to connect to itself. If your computer attempted to connect to 127.0.0.1 it would connect to itself, not your phone.
pchasco said:
Hmm... I'm not sure what's going on here. 127.0.0.1 is the loopback interface-- It is only valid for your phone to connect to itself. If your computer attempted to connect to 127.0.0.1 it would connect to itself, not your phone.
Click to expand...
Click to collapse
Yes I know... :-/
Well, if I have time in the next few days I will take a look and see whether there is anything I can do. Maybe there is another IP address available on your device but for whatever reason I'm displaying the loopback instead of the external interface.
What happens when you set your proxy client up to go to 169.254.2.1:1080?
Mr_Gee said:
Gave it another try
Connected to ActiveSync (AS) loaded the application
removed the AS connection, started the application
It showed me the IP address op 127.0.0.1 (localhost)
Stopped the App, initiated the gprs and started the App again.
now i'm getting an IP of 0.0.0.0, I restarted the App a couple of times but no dice
I also checked if the advanced network functionality was enabled and it was..
Click to expand...
Click to collapse
Sounds like the same bug I am getting.
An example describing why someone would want to use it?
abdulzis said:
An example describing why someone would want to use it?
Click to expand...
Click to collapse
If you can't use ICS and want to connect to the internet from your desktop, you can connect your phone using USB and start this proxy, then you can setup your desktop connection to use the proxy to get internet access.

CyanogenMod 7 openVPN

Hi everyone,
I have a little problem that I don't know how to solve, nor diagnose as I lack some knowledge.
I have a linksys E3000 router. I installed one of the many Tomato firmware flavors that has bundled VPN server. I managed to configure the server, generated the keys ca,client etc. Everything seems to work fine from a PC. I also run the latest cyanogenmod nightly on my Hero. I managed to solve or let's say find out how to install the certificates onto the system (add the ca.crt, client.crt, client.key into a .pk12 openssl package). Then I used the default CM configuration assitant to configure the connection and it works, or at least it connects and I can see that the conection was succesful on my router GUI.
Now, the problem is that even if it says connected (a small key at status bar), I can't do anything, no web browsing, no android market connection, nothing that involves traffic. I don't know what is the problem, or how to diagnose, log or something. Any help would be apreciated.
Thank you.
My router vpn server configuration:
Interface Type TAP
Protocol UDP
Port 1194
Firewall Automatic
Authorization Mode TLS
Extra HMAC authorization (tls-auth) Disabled
Client address pool DHCP
--------------------------------
Direct clients to redirect Internet traffic (tick)
Encryption cipher Default
Manage Client-Specific Options (tick)
Allow Client<->Client (tick)
My HTC Hero configuration:
-Basic
Name (some i chose)
VPN server (a dyndns host, the router updates the ip automatically)
User authentication (unticked)
CA certificate (the pk12 file i created)
CLIENT certificate (the pk12 file i created)
DNS search domains (unchanged)
-Advanced:
Server port 1194
Protocol to use udp
Device to use tap
LZO compression (unticked)
Redirect gateway (ticked)
Remote Sets Adresses (ticked)
Local IP Adress (faded)
Remote IP Adress (faded)
Chipher algorithm default
Size of cipher key default
Extra arguments unchanged

[Q] Wireless tether for root users - DNS redirect

I'm running a Piratebox web server on my phone - Does anyone know if there's a way to adjust DNS and re-direct everyone to my phones web server when they are tethering from my phone?
+1 to this question.
I am currently trying to find a way to get some android devices, which are working as AdHoc clients), and I want an app running on them to connect to a "server" address instead of using a specific, fixed IP address. I meant to do this programatically, by creating a socket to an InetAddress resolution of the "server" address. I assume InetAddress will use the DNS defined on the wireless interface to make this translation, but its Java, and that assumption really depends on the low level impl. of InetAddress.
So yeah, DNS redirect from the DNS server running on the AdHoc host, which by association also runs Wireless Tether for root users. How can we do it?
I have tried some redirections from the hosts file (zone file), location in "system/etc/hosts". My device, like many others, comes preloaded with a bunch of IP-hostname redirections, but these only seem to work locally, e.g.:
gugle.com redirects to 127.0.0.1 (in the hosts: "gugle.com 127.0.0.1")
If I input this address on the AdHoc host, gugle.com will redirect to my http port 80 landing (I have a web server running on the device to test this).
If I input this address on an AdHoc client, it doesnt return anything. I'm guessing the DNS server running on the host does not use the zone file from the OS.
So the question remains - where can we define a redirection from the DNS server that runs on the Wireless Tethering for root users device.

[Q] Samsung Galaxy S2 not resolving particular host names to IP

Hi, guys, here's my problem.
My Galaxy S2 using my own WiFi is unable to retrieve some content from web. This content is:
apps icons in Android Market,
Picasa images,
Accuweather forecasts
and some others.
Other devices using the same WiFi has no problems with it. S2 switched to other ISP than my WiFI also has no problems with it.
While trying to narrow possible causes I've picked an example image, which is problematic to my S2+WiFI combination:
https://lh3.ggpht.com/NpoJbnyQbI1kEIlrWhP_t7lj9lN519RkPB3mxQS2z6pTFjh01R3ISeyYnj4AccBSsQ=w788 (an icon of an app from Adroid Maret, remove space from url).
It won't open on my phone using WiFi, so I checked host availability. I've run on my phone following command:
Code:
[email protected]:/ $ ping lh3.ggpht.com
ping: unknown host lh3.ggpht.com
But on my PC using the very same WiFi:
Code:
C:\Users\Grzegorz>ping lh3.ggpht.com
Badanie photos-ugc.l.google.com [173.194.70.132] z 32 bajtami danych:
Odpowiedź z 173.194.70.132: bajtów=32 czas=27ms TTL=47
Odpowiedź z 173.194.70.132: bajtów=32 czas=25ms TTL=47
I'm stuck, what should I do now?
Have you any ad blockers or DNS stuff running ???
jje
Nope, it's clean Android 4.0.3.
Echo request for lh3.ggpht.com on your phone does not work. On your PC you get a response from 173.194.70.132. Just to make sure your problem is related to DNS (and not to some lower service): did you try to ping the IP address 173.194.70.132 from your phone? Do you get a response?
Yes, the host is reachable from phone using IP dot address, only name resolving does not work.
Ok, looks definitely like some DNS problem. As you already confirmed that your hosts file is fine the only thing I can imagine is your phone using some 'wrong' DNS server for address lookup.
To make (almost) sure you use a set of different DNS servers you could disconnect your phone from the wifi and enable a 3G data connection. Make absolutely sure you are not connected to your wifi. Now again run 'ping lh3.ggpht.com'; do you get a response?
Yes, that is the case.
Another weird thing is that phone on 3G resolves lh3.ggpht.com as 173.194.35.139, while PC on WiFi as 209.85.148.132. My 'hosts' file contains only localhost reference.
When I switch to WiFi while pinging that host, pings keep successful, unless I restart terminal session — after that I get 'unknown host' message.
Is there DNS configuration in Android somewhere?
OK, it seems I fixed it.
My WiFi works in a bigger subnet and hides all connected WiFi devices as as single computer.
I've installed on my Phone app called Set DNS from former Android Market, which allowed me to change both primary and secondary DNS. Initally both addresses were pointing to WiFi router itself which seems to work fine for my PC. I've changed it to DNSes of that bigger subnet I'm connected to. And it did the trick. Hopefully it won't mess settings for other WiFis I use to connect.
Thanks for showing me right direction!

Always-ON VPN limits all access to gateway services

Hi!
I've got Nokia 7.2 with android 10 and I have interesting issue with android's VPN functionality.
My VPN is l2tp/ipsec PSK. It is working well, but with one interesting aspect.
My VPN server has another services on it's ip (http and etc).
If VPN is used on-demand (manual activating) - all is ok, I can use server's other services.
But if I switch VPN to "always-on" state - server's other services become unavailable.
Browser showing Error "ERR_NETWORK_ACCESS_DENIED"
What is interesting also - i can't ping vpn server's ip from phone. Ping command brings error message "do you want to ping broadcast". It seems like an error in netmask, but ifconfigs between 'on-demand' and 'always-on' are similar.
Phone is not rooted, so I can't check routes (or i don't know how to do it w\o root)
What can advice more experienced users? Where should i look into.
Thanks for any response in advance.

Categories

Resources