I don't know if its this new ****ty 3in1 router Comcast has forced on us recently or what but I cannot connect to my external IP on my phone while on my own wifi network. For example Transdroid; I use my external IP as the server so that when I'm swapping in and out of 3G/wifi I'm not having to keep changing it. However now, it will only connect to the server when I'm on 3G, not wifi. If I change the IP to a local address, then it connects on wifi but obviously not 3G. Not really sure what the deal is and it's not only Transdroid that has this problem. Emit, my VNC applications and a couple others are having the same issue. Just doesn't want to connect to my own external ip address while I'm on my network. Makes no sense. Any ideas?
Your router probably doesn't support NAT reflection (or it's disabled). NAT reflection is basically a set a firewall rules that redirects connections to your external IP to the respective internal IP. For example:
Your external IP is 111.222.333.444
Your internal IP is 192.168.0.10
Your forwarded port is, say, 80
1) When you connect from your own WIFI with NAT reflection enabled (by default on most routers), this is what happens:
You connect to 111.222.333.444 on port 80. Your router tells your phone that the actual IP is 192.168.0.10 and it should connect to that instead.
2) When you connect from your own WIFI with NAT reflection disabled, this is what happens:
You connect to 111.222.333.444 on port 80. Your router tries to connect to that IP and as you know, when you connect to anything on the internet, only the external IP is visible. So, the router sees that both the source IP and the destination IP are 111.222.333.444. The router doesn't know how to handle this.
Try to see if there's a configuration option for this in the router's web interface. You may need to unplug the router afterwards. I hope this helps
I just noticed that my moto E (running CM11) is not correctly routing my traffic to my openvpn server. I noticed when I was looking at the current connections on my OpenWRT router that I could see the VPN's local IP address, and the remote connection:
IPV4 TCP 10.9.0.20:56657 157.166.xx.xx:80
Where 10.9.0.20 is my local VPN address, the other represents any remote address I connect to.
I could see all this in Luci's connection graphs, which means that OpenVPN is not sending my traffic over the tunnel at all, despite the reports from sites like ipleak.net and similar sites that tell me I have no leak . But if I can see the connections from my router, that means that when I connect over mobile data, my carrier can likely see all of my traffic. This is not what I want, I am having a hard time fixing it. Also, how is it even possible that my router is detecting the IP of my tun interface??
I tried two different OpenVPN frontends, tweaking the firewall on the phone (afwall+) and also playing around with the 'redirect-gateway' directives. I am not sure if this a DNS leak or total disobiedience on Android's part of my routing rules. The fact that I can see these connections from the router makes me think that the traffic is not even being encrypted before it's sent over the internet. My firewall rules are set so that every app is supposed to route over the VPN. These are my configurations:
Server Config:
mode server
tls-server
local x.x.x.x
port 35777
proto udp
dev tun0
ca /etc/openvpnca.crt
cert /etc/openvpn/randomcn.crt
key /etc/openvpn/randomcn.key
dh /etc/openvpn/dh.pem
topology p2p
server 10.8.0.0 255.255.255.0
;topology subnet
ifconfig-pool-persist ipp.txt
client-config-dir clients
;client-to-client
keepalive 7 80
tls-auth /etc/openvpn/ta.key 0
cipher AES-128-CBC
comp-lzo
max-clients 3
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
In my client directory, I have these settings. On my PC I do not have this IP leak problem despite the settings being the same:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
I have dnscrypt running with unbound on the server, serving the clients. This configuration works on my PC, but it seems no matter what I do I still can see the vpn local IP and all of my remote connections with Luci on openwrt.
I have tried using both OpenVPN connect, Openvpn for Android, and I am currently trying to use the ICS binary as well. Can anyone help me solve this problem? My goal is to tunnel all my phones traffic over the VPN and prevent IP or DNS leaks.
Hey guys,
So I have a bluetooth pan on a raspberry pi which gives an ip and Internet connection to an android, in this case the S6 edge. I am given an ip address, however I can't communicate with other devices on the network. I do receive Internet though. It seems the android is assigning itself a dns hostname, which separates itself from the rest of the network. I could be wrong, but when laptops connect to the same pan network, they are given the dhcp information from the router and they can communicate over the network with the ip's being given to them from the bluetooth access point.
The laptops have a hostname of TP-link_D5DE and the android has android_9xxxxxx
Can the android adopt dhcp hostname info via Bluetooth pan? Can I change this name? Is it possible without root if so?
I understand there was somewhat of an issue with dhcp "hooks" back in the day where the bluetooth controller couldn't retrieve this information but I read that on a forum which was a few years old and also read it was fixed on newer versions of android.
I plan on have an app with a webview client call on this IP resource as you would in a web browser. Is it possible to have this app issue a dns name?
Thanks!
I need persistent SSH access to my Android device from Internet. There are many apps that can listen ports on device external IP, but main problem is that most of Russian (and, I think, many other countries) cellular providers (GPRS, 3G, LTE, etc) close all ports from external access, even if device have white IP address. So via cellular network there are no way directly connect to device, and I can get direct access device only via WiFi neworks.
I want find any way for organize persistent access to my device via static address and port. The way where I don't need to check current wifi ip address of each network and type it for give access, but use something stable like myphone.somehost.com:12345.
Popular way for this is organize SSH Tunnel via external ssh server with white IP address. I have the server and already try this way (SSHDroid app as SSH server with bind to localhost:2222 port; SSH Autotunnel app for organize tunnel), but the problem is with too slow reconnecting after Android device change IP address (got reconnect on cellular network, or swith to/from WiFi) - problem with establishing new connection can continue about 10-30 minutes - this is too long.
So the Question: Is there any way to organize stable direct TCP/IP access to custom port on Android device, that work normally and reconnects quickly on unstable network with often reconnects and switch wifi/3g network.
Programs like Airdroid and Webkey provide direct access to device via http protocol, and works good via unstable connection. But I need to connect via SSH and other open protocols, not via some web interface.
Murz said:
I need persistent SSH access to my Android device from Internet. There are many apps that can listen ports on device external IP, but main problem is that most of Russian (and, I think, many other countries) cellular providers (GPRS, 3G, LTE, etc) close all ports from external access, even if device have white IP address. So via cellular network there are no way directly connect to device, and I can get direct access device only via WiFi neworks.
I want find any way for organize persistent access to my device via static address and port. The way where I don't need to check current wifi ip address of each network and type it for give access, but use something stable like myphone.somehost.com:12345.
Popular way for this is organize SSH Tunnel via external ssh server with white IP address. I have the server and already try this way (SSHDroid app as SSH server with bind to localhost:2222 port; SSH Autotunnel app for organize tunnel), but the problem is with too slow reconnecting after Android device change IP address (got reconnect on cellular network, or swith to/from WiFi) - problem with establishing new connection can continue about 10-30 minutes - this is too long.
So the Question: Is there any way to organize stable direct TCP/IP access to custom port on Android device, that work normally and reconnects quickly on unstable network with often reconnects and switch wifi/3g network.
Click to expand...
Click to collapse
I've managed this thing in the past with:
A continuously running server with a static IP address running SSHd with the option "GatewayPorts on". Let's say the server is at ssh.example.com.
You have to run an sshd daemon on your Android device.
You can then run the following script on your Android device:
Code:
#!/system/bin/sh
REMOTE_HOSTNAME=ssh.example.com
FORWARDED_PORT=2000
while :
do
ssh -R " $FORWARDED_PORT:127.0.0.1:22" "$REMOTE_HOSTNAMEā "sleep 86400"
sleep 60
done
You'd have to change FORWARDED_PORT for every Android device and strange for authentication.
Once you have this set up you will be able to connect from anywhere by sshing to ssh to ssh.example.com port 2000.
Fif_ said:
Once you have this set up you will be able to connect from anywhere by sshing to ssh to ssh.example.com port 2000.
Click to expand...
Click to collapse
Fif_, thanks, I already try this way via SSHDroid and SSH Autotunnel, but after each disconnect (device change IP) I got lost connection abut 5-20 munites - new port forward cannot be established, because old session is still active and waiting timeout, and after 10-20 retries timeout is end and new ssh tunnel established normally.
If I decrease SSH timeouts to 5 seconds, I got very often disconnects and reconnects, that eats traffic and device battery. And after each disconnect I got dropped session on client side and need to connect again for continue working.
So SSH Tunnelling is bad way for non-stable and slow internet connection with dynamic IP address.
At now very popular is websocket protocol, that seems works well on bad connection and quickly restore session after disconnecting and changing IP (without aborting processes). But I can't understand how I can use it to proxy SSH session.
Murz said:
Fif_, thanks, I already try this way via SSHDroid and SSH Autotunnel, but after each disconnect (device change IP) I got lost connection abut 5-20 munites - new port forward cannot be established, because old session is still active and waiting timeout, and after 10-20 retries timeout is end and new ssh tunnel established normally.
Click to expand...
Click to collapse
You can mitigate that issue by checking that the reverse tunnel is up and running on the server.
If you create the following as checkssh:
Code:
#!/bin/bash
set -eu
while :
do
coproc nc localhost "$1" || exit 1
banner=''
read -t 30 banner <&${COPROC[0]} || exit 1
case "$banner" in
SSH-*) ;;
*) exit 1;;
esac
eval "exec ${COPROC[1]}>&-"
wait || :
sleep 30
done
Then change that line in the script I sent before:
Code:
ssh -R "$FORWARDED_PORT:127.0.0.1:22" "$REMOTE_HOSTNAME" "/path/to/checkssh $FORWARDED_PORT"
You should have much more luck keeping the connection up.
You may want to tweak timeouts to conserve battery.
Murz said:
If I decrease SSH timeouts to 5 seconds, I got very often disconnects and reconnects, that eats traffic and device battery. And after each disconnect I got dropped session on client side and need to connect again for continue working.
So SSH Tunnelling is bad way for non-stable and slow internet connection with dynamic IP address.
At now very popular is websocket protocol, that seems works well on bad connection and quickly restore session after disconnecting and changing IP (without aborting processes). But I can't understand how I can use it to proxy SSH session.
Click to expand...
Click to collapse
Have you thought about running an always-on VPN?
If say you run an always on VPN from your phone to a target machine, then with a little bit of iptables trickery you can achieve what you want.
This is interesting. So I changed TTL to 66 (not 65) in hopes that it would speed up through a router, bouncing the packet twice. It throttles through router but not through direct connect to computer. I would think direct connect would throttle too. I'm not sure if IPV6 disable apps are doing anything, shows public IP IPV4 through the hotspot but through phone directly shows a IPV6 address.
I think VPN would work, but besides VPN would the packet reduce twice through a router? They must be able to detect a router somehow. VPN should solve that but was wondering if my reasoning is correct.
I'd like to set up a permanent VPN in the router so looking into that also. I have a cradlepoint MRB1200 and I cannot get it to work with VPN unlimited.