Hi guys,
Here is a tutorial to get OpenVPN working on a p500 with mik's 6.5.7 (latest stable release). This works.
how to get OpenVPN configured, running, and connected:
required: config files from your openvpn server (eg.. ca.crt, ca.key, etc) located in /sdcard/openvpn
Create symlinks to ifconfig and route
open SSHdroid (or adb, terminal emulator, etc.)
type this:
su (press enter adn this will prompt for root access just grant)
mount -o remount,rw -t yaffs2 /dev/block/mtdblock2 /system
chmod 700 /system/xbin/openvpn
mkdir /system/xbin/bb
busybox ln -s /system/xbin/busybox /system/xbin/bb/ifconfig
busybox ln -s /system/xbin/busybox /system/xbin/bb/route
reboot
Download OpenVPN Installer from the Market
when installing choose:
/system/xbin
and then
/system/xbin/bb
Copy your client config files from your VPN server to:
/sdcard/openvpn
then
cd /sdcard/openvpn
chmod 755 *
Download and install OpenVPN Settings from the Market
press Menu button
>Advanced
>TUN module settings
Set "Load module using" to insmod.
Set "Path to tun module" to /system/lib/modules/tun.ko
Reboot your phone and open OpenVPN Settings.
checkbox the 1st option to turn on OpenVPN
checkbox the second option to connect
Bump
Any help? I am so close!
[SOLVED]
Turns out that I had to add this rule in iptables on my server. Although openvpn was working from my pc (on limited ports) it would not work at all with my phone. The fix was:
iptables -t nat -A POSTROUTING -j SNAT --to-source [ip of server]
sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables
/etc/init.d/iptables save
Problem:
Tethering problem with my RAZR XT910,PSHAsiaRetail.en
Findings:
Not NAT rule enabled in netfilter.
Solution: This is my simple solution.
0)
Code:
adb shell
1) Get root access.
Code:
$ su
2) Enable NAT in netfilter using iptables, by inserting the rule.
Code:
# iptables -t nat -F
# iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE
3) Check with # iptables -t nat -nvL
Example
Code:
# iptables -t nat -nvL
0 0 MASQUERADE all -- * qmi0 0.0.0.0/0 0.0.0.0/0
Conclusion:
Very bad/immature tethering implementation by Motorola.
Updates: 2012--07-13
For ICS 4.0.4 Motorola had changed the FORWAD chain to DROP, and we need change it back to ACCPET to make successful tethering.
Code:
adb shell 'su -c "iptables -F; iptables -P FORWARD ACCEPT; iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE"'
Update 2 2012-07-13
Finally ... the CORRECT way to set up tethering... goto post #21
http://forum.xda-developers.com/showpost.php?p=28698646&postcount=21
Thank you.
Thanks for this! Works well.
Hello to both of you,
this tip is very interesting!
Is there a way to make the same thing under Windows?
Thanks for your help!
Windows? You even can run the commands without connecting to PC/Laptop.
If you want to use Windows, get adb and related driver for windows.
1) Connect your RAZR and let windows 'see' and install driver
2) Start-> Run -> cmd
3) cd \to\path\where\you\put\the\adb.exe
4) adb.exe shell
Now you should get command prompt $ and ready to run commands.
5) $ su
The prompt will change to #, which mean you are going to run commands using 'root' or supervisor power/authority.
6) Type or copy the commands in my previous post.
You also can use Andriod terminal emulator, such as Connectbot in local mode, and continue from step 5)
Good luck.
Thank you.
Hello Bahathir,
I didn't remember the very useful android terminal emulator!
Your tip worked great! Thanks a lot man!
I wonder how Motorola can forget something like that...
Sent from my XT910 using XDA Premium App
the problem turns back by restarting
Hi,
Thanks for your tip, it works very well but after I restart the phone same problem and I need to reenter the codes!
any comments?
Cheers,
Ardal
Yes, I forgot to mention that, this method is temporary. You need to run the commands after reboot. But, it's still better than nothing.
Sent from my XT910 using XDA App
unbelievable bug it this motorola (( hey, I have an idea but dont know how to make it (working on it):
to put these two line commands somewhere like autoexec.bat (I don't know what is equivalent in android)
So you guys know better than me about android, what do you think?
Cheers,
Ardal
Yes ,and it's called init.d or rc.d.
Sent from my XT910 using XDA App
Already done, by help of script manager. Set your commands as a script in etc/init.d/ with SU permission, boot.
I have also sent an email to Motorola Australia and asked them to release an update to solve this problem.
Thank you for the follow up with Motorola. Please update and share us their responses.
Actually, the commands should be invoke when we start tethering ,and should be removed when we stop tethering for enhanced security.
Sent from my XT910 using XDA App
Hi fellow!
Thanks for the tip! It really helped!
I don't know if Motorola "forgot" it, I think it was a way to block Tethering...
Anyway, I managed to permanently apply these modifications without need permanent root. BUT I'M NOT RESPONSIBLE FOR ANY DAMAGE YOUR DEVICE SHOULD HAVE! YOU MUST HAVE A MINIMUM LINUX KNOWLEDGE TO SAFELY EXECUTE THESE STEPS!
1) You will need adb working and the zip file with the scripts necessary to root Droid Razr on Linux / MAC (you can easily find it...)
2) From that zip, take zergRush and extract to a folder.
3) Plug the phone with USB debugging enable and execute:
adb shell 'cd /data/local/tmp/; rm *'
adb push zergRush /data/local/tmp/
adb shell './data/local/tmp/zergRush'
At this point, zergRush will try to obtain root.
After the execution, enter in shell (adb shell), you will see that you will be logged as root! The good point is that it is temporary, if you reboot your device and delete everything on /data/local/tmp/ your device will be exactly the same as it was before root.
4) So, with root access, get rc.local:
adb pull /etc/rc.local
REMEMBER TO BACKUP THIS FILE!
5) Be careful now: edit rc.local and add the following lines:
# Enable Tethering
# http://forum.xda-developers.com/showthread.php?t=1435619
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o qmi0 -j MASQUERADE
at the end of file, just before:
exit 0
OBS.: look that I have modified the original rule and added '-s 192.168.42.0/24'. Here, all devices connected to my RAZR in tethering mode has an ip from LAN 192.168.42.0/24. So, the masquerading will only work when package is coming from this LAN. I think it should increase security and avoid some problems. But remember, if you set up wifi router to assign an IP from another LAN you will have to add another rule!
6) Save and push it back:
adb push rc.local /etc/
7) Enter in shell and gives rc.local permission to be executed:
adb shell
cd /etc
chmod 755 rc.local
exit
8) After it, reboot and the change should be persistent.
I have tested it and, even after a factory reset, the changes are persistent!
Now I can successfully use Wifi and USB tethering.
Thanks one more time for these great information!
Also, I want to thanks tophyr from freenode #android-dev, myn from EFnet #android, and rob0 from freenode #Netfilter.
Ronan
Hi fellows,
EDITED: the problem was gone after I repositioned my router
I'm having a big trouble.
When I enable this, my Wifi connection becomes very unstable. It keeps disconnecting if I heavily use it. Any ideas?
Ronis_BR said:
Hi fellows,
EDITED: the problem was gone after I repositioned my router
I'm having a big trouble.
When I enable this, my Wifi connection becomes very unstable. It keeps disconnecting if I heavily use it. Any ideas?
Click to expand...
Click to collapse
Android Wifi Tether 3.1-beta11, now available for download... http://android-wifi-tether.googlecode.com
Requires root, though... Don't you need root to run iptables anyway? Definitely needed to edit the rc file.
tekahuna said:
Android Wifi Tether 3.1-beta11, now available for download... http://android-wifi-tether.googlecode.com
Requires root, though... Don't you need root to run iptables anyway? Definitely needed to edit the rc file.
Click to expand...
Click to collapse
Yes, you need root to edit rc.local, but, after pushing it back, you don't need it anymore.
Ronis_BR said:
Hi fellow!
Thanks for the tip! It really helped!
I don't know if Motorola "forgot" it, I think it was a way to block Tethering...
Click to expand...
Click to collapse
FYI, my RAZR XT910 is contract free and not from VZW. It also has Hotspot and tethering features. That why I said, the it is the bad implementation at the first place.
# Enable Tethering
# http://forum.xda-developers.com/showthread.php?t=1435619
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o qmi0 -j MASQUERADE
Click to expand...
Click to collapse
Yes, but, to be sure the FORWARDING is enabled, add this line
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
# Enable IP Forwarding in kernel
The ip_forward is 1, when you enabled the Hotspot/tethering, but just in case, if Motorola also disable the IP Forwarding in kernel. Yes, the netfilter's rules NEEDs the ip_froward value to be 1, to make the NATting to works.
BTW, I did not add the '-s 192.168.2.0/24' because, the NATting will not work if user change the hotspot default IP to other than 192.168.2.xxx.
Thank you and great job. I think this is not only for RAZR, but also for most Android smartphones which has 'iptables' command.
Good luck.
Great
bahathir said:
Problem:
Tethering problem with my RAZR XT910,PSHAsiaRetail.en
Findings:
Not NAT rule enabled in netfilter.
Solution: This is my simple solution.
1) Get root access.
2) Enable NAT in netfilter using iptables, by inserting the rule.
Code:
# iptables -t nat -F
# iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE
3) Check with # iptables -t nat -nvL
Example
Code:
# iptables -t nat -nvL
0 0 MASQUERADE all -- * qmi0 0.0.0.0/0 0.0.0.0/0
Conclusion:
Very bad/immature tethering implementation by Motorola.
Thank you.
Click to expand...
Click to collapse
Working great on 2.3.6 Stock, thank you!!!!!
ichi go said:
Hello Bahathir,
I didn't remember the very useful android terminal emulator!
Your tip worked great! Thanks a lot man!
I wonder how Motorola can forget something like that...
Sent from my XT910 using XDA Premium App
Click to expand...
Click to collapse
you can save to a shell script, let say mytether and execute ./mytether.sh later on...
but the init file is much convenient.
Any idea why doesn't work on Asia.03 ICS was what fixed issue in Asia.03 GB.
Sent from my XT910 using xda premium
Yes.
It is because Motorla had changed the default FORWARD chain policy to DROP, and all packets which going out from other IPs going through it will be dropped and ignored. So no connections for client's.
Here is the default rules.
Code:
$ adb shell 'su -c "iptables -nvL"'
Chain INPUT (policy ACCEPT 460 packets, 282K bytes)
pkts bytes target prot opt in out source destination
0 0 all -- !lo+ * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
145 8251 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
343 270K all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 325 packets, 34323 bytes)
pkts bytes target prot opt in out source destination
0 0 all -- * !lo+ 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
145 8251 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
319 34011 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
Chain costly_shared (0 references)
pkts bytes target prot opt in out source destination
0 0 penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain penalty_box (1 references)
pkts bytes target prot opt in out source destination
Look at the FORWARD chain and other bizarre rules. We can change it to a more cleaner rules.
Code:
adb shell 'su -c "iptables -F; iptables -P FORWARD ACCEPT; iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE"'
1) iptables -F : Flush/remove all rules
2) iptables -P FORWARD ACCEPT : Change the default FORWARD chain policy to ACCEPT, which allow all traffic goes through
3) iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE : Enable the NAT rule.
Enjoy the tethering and good luck.
Thank you.
I have Treema installed and the latest version of AfWall+
I use this custom script: http://forum.xda-developers.com/showpost.php?p=40513649&postcount=852 to allow GCM for push notifications from Threema.
But this not work. I still have problems with pushnotifications from threema. Now i see in the AfWall+ Log that Kernel want to Connect to a IP from threema.
What must i write in the custom script to allow Kernel to connect to a specidic ip like 109.205.171.171 ?
My current Custom Script is this:
Code:
$IPTABLES -I "afwall" -p udp --dport 5228:5230 -j RETURN || exit
$IPTABLES -I "afwall" -p tcp --dport 5228:5230 -j RETURN || exit
Perhaps something like the owner uid match option. Look up the man pages for iptables and iptables-extensions, should provide you with some more insight.
Code:
$IPTABLES -A OUTPUT -d 109.205.171.171 -m owner --uid-owner 0-999999999 -j ACCEPT
Sorry my knowing about iptables are zero
Kernel have the app id -1
Should this correct?:
Code:
$IPTABLES -A OUTPUT -d 109.205.171.171 -m owner --uid-owner -1 -j ACCEPT
i dont want to allow the kernel for all. only for one ip.
Hi,
I have a Radxa Rock on which I am running Android 4.2.2, I am trying to get cron working to schedule some scripts to run.
I have got init.d working to launch a script at boot but I can't seem to be able to start crond from it. I have installed SSHDroid on the unit so I can putty to it, if I putty to the device and run
Code:
crond -b -c /data/crontab
cron starts and everything is running fine.
But when I add
Code:
crond -b -c /data/crontab
to my init.d script nothing happends and I can't seem to figure out why.
This is the full contents of my init.d script:
Code:
#!/system/bin/sh
# Init.d test
if [ -e /data/Test.log ]; then
rm /data/Test.log
fi
echo Init.d is indeed working !!! >> /data/Test.log
echo "excecuted on $(date +"%d-%m-%Y %r" )" >> /data/Test.log
crond -b -c /data/crontab
What am I doing wrong?
Can't say this is my forte, but maybe something from this thread can get you pointed in the right direction: http://forum.xda-developers.com/showthread.php?t=2090284
Thank you for your answer
I tried updating and using the full path to the crond but that wasn't working either. Then I realized that it wasn't working via putty either with full path. My conclusion was that I was using the wrong path, found out I could run "which crond" to find the correct path which was completely different. In my case "/data/data/berserker.android.apps.sshdroid/home/.bin/crond -b -c /data/crontab" was the full path and now it's working just fine.
Cool. Glad you're on the right track!
How can I add u2nl to init.d? I have an HTC Evo 4g LTE and need to make android 4.3 Viper4g Rom run my script on boot. I've tried to use Root Explorer and Root Browser apps to manually add them to the init.d folder, set permissions and changed owner and group to root. But my phone won't boot after I've added my script. The name of my script file is autostart.sh and this is what it contains.
#!/system/bin/sh
export PATH="$PATH:/system/bin"
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -A OUTPUT -o rmnet0 -p 6 ! -d 10.132.25.254 -j REDIRECT --to-port 1025
u2nl 10.132.25.254 8080 127.0.0.1 1025 >/dev/null 2>&1 &
sh -c "sleep 5;kill `ps|grep nk.bla.android.autostart|grep -v grep|awk '{print $2}'`" &
exit 0
I know someone here has the knowledge to make this happen. Please advise and assist. Thanks. P.S. I have tried to rename the script to 99data and placed it init.d directory so it would run last but phone won't boot.?
solcam said:
How can I add u2nl to init.d? I have an HTC Evo 4g LTE and need to make android 4.3 Viper4g Rom run my script on boot. I've tried to use Root Explorer and Root Browser apps to manually add them to the init.d folder, set permissions and changed owner and group to root. But my phone won't boot after I've added my script. The name of my script file is autostart.sh and this is what it contains.
#!/system/bin/sh
export PATH="$PATH:/system/bin"
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -A OUTPUT -o rmnet0 -p 6 ! -d 10.132.25.254 -j REDIRECT --to-port 1025
u2nl 10.132.25.254 8080 127.0.0.1 1025 >/dev/null 2>&1 &
sh -c "sleep 5;kill `ps|grep nk.bla.android.autostart|grep -v grep|awk '{print $2}'`" &
exit 0
I know someone here has the knowledge to make this happen. Please advise and assist. Thanks. P.S. I have tried to rename the script to 99data and placed it init.d directory so it would run last but phone won't boot.?
Click to expand...
Click to collapse
have you tried a dummy test script that just echos a number to the sdcard file?
Thanks for replying. The script term-init.sh that I found elsewhere on XDA, had a test and set perms output file that can be found in /data/Test.log. I have solved the problem on my Evo 4g LTE but, not on my Sprint Galaxy S3. Turns out that I couldn't use Root Explorer to manually add the file! I had to REALLY MANUALLY add the file using the terminal emulator. That worked on the Evo but not the S3. I had placed the scripts in one postboot.rc files on S3 and it worked fine but, my battery seemed to be draining a lot faster, which was not acceptable. So I guess my problem is half solved. So, do you know how to make it work on the S3? Thanks in advance to anyone that can help me.