Better Mobile App

tun driver for our hero

Hi!
For the ones interested in openvpn or vpnc I attach the tun.ko module.
Have fun.

Here is the tun driver package. Think you should have a rooted device to make use of it.
To install:
1. copy it to your <sdk>/tools folder
2. adb push hero-tun-module-signed.zip /sdcard/update.zip
3. Type 'adb shell reboot bootloader' to enter the bootloader.(or turn it off and then, holding back button, turn it on)
4. Type 'fastboot boot cm-hero-recovery.img' - the device will now boot into the recovery image.
5. Select the option to 'apply update.zip from SD card'. Let it complete.
6. select reboot

Hi!
Good idea and thanks for packaging it. I just made a quick shot ;-)

Will add this to 1.2.
P

get-a-robot-vpnc does not work using the tun driver included in
2.0-update-hero-modacocustomrom-enhanced-signed.zip
The message appears after entering the pasword for sign on.
The application VPN Connections (process org.codeandroid.vpnc_frontend) has stopped unexpectedly.
# insmod /system/lib/modules/tun.ko
insmod /system/lib/modules/tun.ko
insmod: can't insert '/system/lib/modules/tun.ko': invalid module format
whether tun.ko is fron the 2.0 zero,
or installed via update.zip from hero-tun-module-signed.zip - above.
dmesg says
tun: version magic '2.6.27-a5504199 preempt mod_unload ARMv6 ' should be '2.6.27-8dd6deee preempt mod_unload ARMv6 '
the /etc/net folder does not exist, neither does /etc/tun

tun for 2.6.27-8dd6deee
See attachment for tun driver kernel version: 2.6.27-8dd6deee
(MoDaCo 2.0)

Thanks gogh57,
insmod ran OK.
installed to /dev/tun
vpn is now Trying to connect...
I'll have to check the VPN parameters.
Will let you know.

Brilliant work, many thanks.
I've check and verified my vpn parameters, but get a failed to connect. I'll keep reading and trying and will let you all know.
For info, all I have done - just in case I have missed a fundamental step...
1. Installed VPN connections from the market
2. Configured a network to connect to
3. copied tun.ko to SD card
4. ran adb shell to get on phone then insmod tun.ko - no errors, and shows with lsmod
5. tried to connect.
Getting closer....!
Bryan

How to install it on my Hero?

Hi all,
I have the same problem. Currently using Modaco's 1.5.1 and I do not want to move to 2.0 as it seems that it does not offer any advantage and I am happy until now with 1.5.1.
I am trying to install tun.ko which exists in system/lib/modules (installed with Modaco's ROM). When installing the tun.ko, I get "Exec format error" with dmesg:
# dmesg | grep tun
<3>[152396.817749] tun: version magic '2.6.27-a5504199 preempt mod_unload ARMv6
' should be '2.6.27-44690c1a preempt mod_unload ARMv6 '
How can I find the 2.6.27-44690c1a version ?
Or else I will wait for Bryan's tests and if successful, I will move to 2.0
Thanks for any help
Yiannis
<EDIT> - Moved to Modaco 2.1, Insmod runs OK, VPN-Connect does not connect. I'll dig more and let u know

Newby question, but what can you do with it?

YiannisM said:
Hi all,
I have the same problem. Currently using Modaco's 1.5.1 and I do not want to move to 2.0 as it seems that it does not offer any advantage and I am happy until now with 1.5.1.
I am trying to install tun.ko which exists in system/lib/modules (installed with Modaco's ROM). When installing the tun.ko, I get "Exec format error" with dmesg:
# dmesg | grep tun
<3>[152396.817749] tun: version magic '2.6.27-a5504199 preempt mod_unload ARMv6
' should be '2.6.27-44690c1a preempt mod_unload ARMv6 '
How can I find the 2.6.27-44690c1a version ?
Or else I will wait for Bryan's tests and if successful, I will move to 2.0
Thanks for any help
Yiannis
<EDIT> - Moved to Modaco 2.1, Insmod runs OK, VPN-Connect does not connect. I'll dig more and let u know
Click to expand...
Click to collapse
I'm getting nowhere with this. I'll have to look on the phone to see if it logs anywhere to help diagnose
Let use know YiannisM if you get anywhere?!
Bryan

On my HTC Hero
Using Modaco 2.2
tun.zip included in above
VPN Connections installed
and modified scripts described here:
http://techha.us/2009/06/android-vpn-vpnc/
VPN works now,
stared via an adapted 'go' script. (but not using VPN Connections UI)
I use ConnectBot for terminal.
I'll post exact details tonight.

pvlagsma said:
I'll post exact details tonight.
Click to expand...
Click to collapse
Look forward to it, I had a quick go following the link you gave, but it *****ed (unsurprisingly) at the location of the tun device.
Well done for cracking it
So close now!

J-Zeus said:
Newby question, but what can you do with it?
Click to expand...
Click to collapse
From Wiki....
A virtual private network (VPN) is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger networks (such as the Internet), as opposed to running across a single private network. The Link Layer protocols of the virtual network are said to be tunneled through the transport network. One common application is to secure communications through the public Internet, but a VPN does not need to have explicit security features such as authentication or content encryption. For example, VPNs can also be used to separate the traffic of different user communities over an underlying network with strong security features, or to provide access to a network via customized or private routing mechanisms.
Simply put, for most people I imagine, it allows us to connect to work.
Bryan

pvlagsma said:
On my HTC Hero
Using Modaco 2.2
tun.zip included in above
VPN Connections installed
and modified scripts described here:
http://techha.us/2009/06/android-vpn-vpnc/
VPN works now,
stared via an adapted 'go' script. (but not using VPN Connections UI)
I use ConnectBot for terminal.
I'll post exact details tonight.
Click to expand...
Click to collapse
Also looking forward to this.

Installing VPN on the HTC Hero.
References:
----------
A: This thread - http://forum.xda-developers.com/showthread.php?p=4503502
B: vpnc details - http://techha.us/2009/06/android-vpn-vpnc/
C: ROM 2.2 - http://android.modaco.com/content/h...m-is-here-2-versions-based-on-the-new-update/
D: VPN_Connections: - http://code.google.com/p/get-a-robot-vpnc/downloads/list
E: ConnectBot - android market - the terminal app I use on my Hero. You can do all this from an 'adb shell' on your PC.
1. Flash the 2.2 ROM (others probably work, but the correct tun.ko for the linux build is included in the ROM) from Ref C.
2. Download the latest version (VPN_Connections_v09.apk at time of writing) from get-a-robot-vpnc (Ref D), and install on your Hero.
This provides the vpn modules that are needed.
However I could not get this UI to work on the Hero. It kept hanging, sometimes asking for the password, sometimes not.
Note: the android market version is still 0.6
3. Install the tun.ko module with a script, or manually. This needs to be done each time you boot the Hero.
The script is:
'prep' script ( the following 3 lines: )
-----------
insmod /system/lib/modules/tun.ko
mkdir /dev/net
ln -s /dev/tun /dev/net/tun
Install tun by typing:
sh /sdcard/prep
or typing the 3 commands. (you need to be root, to do this)
(I placed my script on the microSD card, /sdcard/prep)
You can call this script anything you like.
4. Make an 'vpn.conf' file .
IPSec gateway vpn.aa.bb.com
IPSec ID youroffice
IPSec secret yourofficepassword
Xauth username youruid
Place it on /sdcard/vpn.conf
See Ref B for details.
You can call this configuration file anything you like.
5. Make a 'go' script, like this (one long line)
/data/data/org.codeandroid.vpnc_frontend/files/vpnc /sdcard/vpn.conf --script /data/data/org.codeandroid.vpnc_frontend/files/vpnc-script --pid-file /sdcard/vpnc-pid --no-detach --debug 1
Put it in a file /sdcard/go .
N.B. The 'go' script refers to the 'vpn.conf' file which you created earlier.
See Ref B for details.
You can call this script anything you like.
(Note: VPN Connections (Ref D) installs its files to /data/data/org.codeandroid.vpnc_frontend )
6. Start VPN by typing:
sh /sdcard/go
hopefully you will see
# sh /sdcard/go
sh /sdcard/go
Enter password for [email protected]: <this is where you type in your password>
vpnc version ERSION
IKE SA selected psk+xauth-3des-sha1
NAT status: no NAT-T VID seen
got address 33.333.333.333
RTNETLINK answers: File exists
backing up dns and resolve.conf
cp: cannot stat '/etc/resolv.conf': No such file or directory
vpnc-script ran to completion
IPSEC SA selected 3des-sha1
VPNC started in foreground...
&. Start an ssh connection, or a browser to an internal website, or whatever

Brilliant, many thanks!!
couldn't find a /etc/resolv.conf have put a couple of address' into /etc/hosts so I can browse my intranet.
How are you doing DNS??
Bryan

Is it possible to configure for IPSec over tcp?

Just an update from me, the VPN Connect frontend does not work, I have used pvlagsm's instructions and worked for me.
Thanks

Problems with Transparent Proxy.

Hi, i have a folio 100 rooted with SuperOneClick, but when i try to connect me to a proxy with Transparent Proxy it says:
failed to start redirect.sh
permission denied

i find a solution and now i have root access with the app, but when I try to turn the proxy on, I get this error:
"Failed to start redirect.sh (FIX ME! implement
getprotobyname() bionic/libc/bionic/stubs.c:378
iptabels v1.3.7: can't initialize iptables table 'nat':iptables
who? (do you need to insmod?)
Perhaps iptables or your kernel need to be upgraded"
the message repeats.

Nobody has a solution?

gilms said:
Nobody has a solution?
Click to expand...
Click to collapse
I don't have a 'solution' but you can diagnose the problem more easily if you have the file /proc/config.gz on your device... copy it off and unzip, open and look for:
Code:
#
# IP: Netfilter Configuration
#
These are the ones that probably matter?
Code:
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REDIRECT=y
I have a lot more set to =y on my device (Atrix)
You probably also need to have the 'iptables' binary in /sbin
You'd probably do best to start from a newer kernel that some dev modded for your device, and already enabled netfilter... then all you need is iptables

[How-to] Set up EAP-TLS or other advanced Wifi connections on NT (root only!)

Hello all,
I figured this tutorial may come in handy to a few people out there since the documentation for getting this to work is quite atrocious.
What this tutorial is:
A step-by-step walkthrough of setting up wpa_supplicant.conf to access advanced networking protocols that we otherwise don't have access to (note, this will ONLY work with root at the moment).
What this tutorial is not:
A wireless troubleshooting thread for any wireless issues not related to wpa_supplicant, EAP-TLS, EAP-TTLS, etc.
Thanks ahead of time.
NOTE: This tutorial will be giving instructions for a Windows 7 machine, but 90% of the code I provide can easily be copied over to Linux/BSD/OSX, just replace with the Bash equivalents.
To begin, you will need a few things:
--ADB, with working drivers, though you don't NEED root access through it it is nice to have, since it cuts the typing in half, and the setup for that can be found here: [App]: ADB Root Hijack [ADB Runs as Root now]
--openSSL, for converting certificates to the proper formats.
Windows instructions: Requires Cygwin, see this link here. This will install several other useful tools, and you'll love Cygwin if you're a power user
Linux/BSD/OSX instructions: install using your favorite repositories or from binaries (in the case of OSX). For Ubuntu/Debian: sudo apt-get install openssl
--You will need access to the Development menu (use an app or the Any Cut app to make a shortcut), as well as Root Browser lite (or Root Explorer).
--Alot of patience, and a bit of time. This should be straightforward, but don't expect a perfect solution for everyone.
1) The most important step, since this will cause you no end of headaches for possibly an hour or two as you trace it down: Go into the Development menu, UNCHECK USB Debugging and RECHECK it, then UNCHECK Auto Mount. So, even if debugging is checked, uncheck and check it anyway. And make SURE Auto Mount is unchecked, otherwise this will automatically install the "normal" NT drivers and screw up the entire process.
2) Plug in the Nook, and bring up the command line (cmd.exe). Run:
Code:
adb devices
If this returns an alphanumeric string (or anything), your device is in and you're good to go. Otherwise, check the other forum topics for troubleshooting (link to come).
3) To begin, we need to convert our tickets to the correct format. For this we will use OpenSSL. To make this easy, I piled all of my working space into a folder in the root of the C: drive, called "certs". For this example, I will assume that you were given a root certificate named rootCA.crt and a private certificate names [email protected].p12 (because I was, for the eduroam worldwide network).
This example also assumes EAP-TLS authentication. To convert the files:
Code:
openssl x509 -in rootCA.crt -out rootCA.der -outform DER
openssl x509 -in rootCA.der -inform DER -out rootCA.pem -outform PEM
then
openssl pkcs12 -in [email protected] -out cert.pem -clcerts -nokeys
openssl pkcs12 -in [email protected] -out key.pem -nocerts
Note: even if your business/Uni doesn't use a separate hashed key normally (For example, the University of Alaska system), you will need it here. Normally a certificate app handles all of this (on AOSP and custom builds).
4) Thanks to good ol' FSTAB, we will have to remount /system so we can read/write to it:
Code:
adb shell
su
mount -o remount,rw /system /system
5) Now, we have three new files: rootCA.pem, cert.pem and key.pem in the C:\certs folder. We push them to their proper directory on the NT:
Code:
adb push rootCA.pem /system/etc/wifi/
adb push cert.pem /system/etc/wifi/
adb push key.pem /system/etc/wifi/
Note: This is where it gets tricky without root ADB access...the option is to push them to "/media/My Files/My Downloads/" (including quotes) and then use a terminal or root browser to move them to /system/etc/wifi/
6) Next, we get to pull wpa_supplicant finally!
Code:
adb pull /system/etc/wifi/wpa_supplicant.conf .
Note: Make sure to include the . at the end, this means 'copy it to the current directory'
7) Open wpa_supplicant.conf in Wordpad (NOT notepad, wrapping issues), and build a profile based on the examples located here.
Here is an edited version of mine, if you use EAP-TLS this will work for you:
Code:
network={
ssid="YourAPNameHere"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TLS
identity="[email protected]"
ca_cert="/system/etc/wifi/rootCA.pem"
client_cert="/system/etc/wifi/cert.pem"
private_key="/system/etc/wifi/key.pem"
private_key_passwd="yourPassHere"
priority=20
}
Change ssid, identity, and private_key_passwd to your respective information.
NOTE: priority, near the bottom, determines when it will connect to the network when others are around. Compare it to the values of the priority's set in /data/misc/wifi/wpa_supplicant.conf, the higher the value the higher the priority when they're all within range.
Now save and close the file.
8) Now, we push and reboot:
Code:
adb push wpa_supplicant.conf /system/etc/wifi/
then reboot the nook.
Now, after reboot, it should be good to go!
Notice, one bit of trouble I ran into, if you just get "error" when turning on the wireless after reboot, double-check that your certificates are correct and in the correct places, and wpa_supplicant.conf points at them. If thats fine, try erasing /data/misc/wifi/wpa_supplicant.conf, then reboot, and the list will be rebuilt and your AP will automatically connect.
Please let me know if there are any issues with the instructions, it's 6am and I haven't slept more than 8 hours in the last 3 days troubleshooting this, building kernels and playing Skyrim

reserved for future things
Also of note: I'm working on making this into scripts, don't worry everyone. And, if you bork your wifi, I will have a wireless fix in the works too.

Hi
First of all, thanks for this tutorial
I'm pretty sure this should be very straightforward but not to mess this thing up what do I need to change for a network with the following definitions:
Network SSID: eduroam
Security: 802.1x Enterprise
EAP method: PEAP
Phase 2 authentication: MSCHAPV2
Cheers

LacerdaPT said:
Hi
First of all, thanks for this tutorial
I'm pretty sure this should be very straightforward but not to mess this thing up what do I need to change for a network with the following definitions:
Network SSID: eduroam
Security: 802.1x Enterprise
EAP method: PEAP
Phase 2 authentication: MSCHAPV2
Cheers
Click to expand...
Click to collapse
Hey, it's not a problem at all. Pulled from the source here: NookDevs.com wpa_supplicant.conf I built this skeleton here:
Code:
network={
ssid="eduroam"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=PEAP
identity="[email protected]"
password="YOUR-PASSWORD"
ca_cert="/system/etc/wifi/cacert.pem"
phase1="peapver=0"
phase2="MSCHAPV2" }
As you can see, you'll need to enter your University email in the identity field and your password in the password field, and if you don't have the needed certificates/password/etc you can get that from your local IT office (I would ask to speak with your network technicians though, helpdesk may not have it). Make SURE to read the instructions in that link, the openssl bit is different than the guide above!

Thanks!
On monday I will try that and will report the outcome.
Cheers

Hi.
It worked like a charm! No problem at all.
Thanks!
Cheers

Awesome! Glad to hear it.

[Dev Help] USB/IP on android

I'm working on a project that requires an android port of the USB/IP project. I managed to build the required modules for the phone kernel (using the NDK) and build the user space application (using crosstool-ng for glibc requirements) but I cannot find any information on the net how to set the correct permissions for the usbip userland application. When I execute the usbip binary I get "sh: usbip: permission denied" although I'm logged in on the phone as root (su) and the permissions are correct.
Any help will be appreciated.

[Q] support openvpn binary development with ndk

friends I downloaded the binary opnevpn for use in android 2.3.6 the question is I downloaded the binary compile from linux, ubuntu.
using ndk, ndk-build a see compiled me tumulto a binary statico the tranfiero to the celulcar and use the settigns openvpn client to connect the server connects, but throw me a FATAL error Linux ip link set failed could not execute external program, and does not connect will put a screenshot of the error that happens when I compile the binary used binary by default works well , my goal by which compile the binary is to be able to add http custom headers, that only this habiliado on android 4.x on thank the assistance and/or sugernecia of this thank you. FOR YOUR ANSWER.
:crying::crying::crying:
my not allow upload image my error is := FATAL Linux ip link set failed could not execute external program :C

My guess is that it cannot execute /system/bin/ip or /system/xbin/ip (this is Android we're talking about, right?)
If I recalled correctly, that's a symlink to busybox, so try adding something like
#include [ipbinaryheader.h]
#include [busybox.h]
Into the c.
Replace [ ] with the sharp one
Disclaimer: I'm relatively new to programming, so please try it yourself and see if it works, I'm not sure.
I'll add more later when I have time.
Sent from my not-an-iPhone using Tapatalk

panpjp said:
My guess is that it cannot execute /system/bin/ip or /system/xbin/ip (this is Android we're talking about, right?)
If I recalled correctly, that's a symlink to busybox, so try adding something like
#include [ipbinaryheader.h]
#include [busybox.h]
Into the c.
Replace [ ] with the sharp one
Disclaimer: I'm relatively new to programming, so please try it yourself and see if it works, I'm not sure.
I'll add more later when I have time.
Sent from my not-an-iPhone using Tapatalk
Click to expand...
Click to collapse
If is so friend is android what am talking, but between as user root in system / bin / and look for, ip and if this in that directory I have a doubt I equal am new in ndk, in where added them header of c that you put excuse me my English and you agredezco always its helps