Related
Hello,
I'm trying to connect to a Cisco VPN client by using VPN Connections on an Archos 70 IT 250 GB, that is rooted.
I always get a "Connection failed" message, after which the app crashes.
Did anyone succeed in getting VPN Connections working on Archos 70 IT ?
Regards,
Tonny
TonnyVanmunster said:
Hello,
I'm trying to connect to a Cisco VPN client by using VPN Connections on an Archos 70 IT 250 GB, that is rooted.
I always get a "Connection failed" message, after which the app crashes.
Did anyone succeed in getting VPN Connections working on Archos 70 IT ?
Regards,
Tonny
Click to expand...
Click to collapse
Hi,
I used to have the same error on my Galaxy S, when trying to create a VPN tunnel to my companies CISCO gateway.
The problem seems to relate to the missing tun.ko library.
I'm not sure if the Samsung Galaxy files will work for Archos, but you might want to adapt and try the following how-to: http://forum.xda-developers.com/showthread.php?t=793712&highlight=tun.ko
Regards,
Patrick
TonnyVanmunster said:
Did anyone succeed in getting VPN Connections working on Archos 70 IT ?
Click to expand...
Click to collapse
I found a possible clue. After trying several free pptp vpn services and noticing that it seemed to resolve a url one time then just hang, I set up a vpn on my lan and tried the local coffee shop connection to access it. I found that if encryption was completely disabled on the lan vpn and unchecked on the 70 IT, it would connect and I could browse, check email, etc. As soon as I set the policy on the vpn server to enable any level of encryption it was back to the resolve 1 url and hang behavior. Of course an unencrypted vpn is about as worthless as t*ts on a bull but it's the only clue I've found. As a control, I tried an ip*d touch w/encryption on against the same vpn with all levels enabled and that worked.
If anybody else who's running a local vpn can duplicate and confirm this, it's a step in the right direction!
VPN Connections 0.99 (aka get-a-robot-vpnc) working on A101IT with urukdriod-0.6
I've managed to make get-a-robot-vpnc (aka VPN Connections 0.99) work on urukdroid0.6 on Archos 101 IT.
There are two issues with default vpnc.script, and one issue with output of 'ps' command needed by VPN Connections 0.99 GUI, to check is there a connected vpnc process.
Resolving vpnc.script issues:
1. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'which' command (cd /usr/local/bin; ln -s busybox which)
2. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'ip' command (cd /usr/local/bin; ln -s busybox ip)
$aur0n told me that this two commands/links will be included in urukdroid-0.7.
Resolving GUI 'ps' issue (a bit harder ):
VPN COnnections GUI do 'ps | grep 'vpnc$' to see is there active vpnc process (established connection), but output of 'ps' command(s) found on urukdroid is not what GUI expects, so it cannot find vpnc proccess even if it is running and VPN is established.
On urukdroid there is 2 versions of 'ps' command:
1st is /bin/ps which is symbolic link to /bin/busybox (very old version of busybox (1.7.2, I believe) and output of ps this command is not suitable for VPN Connections (GUI)
2nd is /usr/local/bin/ps which is native ps command, but its output is also not suitable for VPN Connections (GUI)
There is a (hidden ) 3rd 'ps' command in /usr/local/bin/busybox (that version of busybox is 1.17.2) - but also not suitable output for VPN Connections (GUI).
Experimenting a bit I've found that '/usr/local/bin/ps -A' gives an suitable output, so I:
1. renamed /usr/local/bin/ps to /usr/local/bin/ps.new
2. made a script /usr/local/bin/ps with:
Code:
#!/bin/sh
ps.new -A
exit $?
3. chown root:root /usr/local/bin/ps; chmod 755 /usr/local/bin/ps
After that, everything worked.
Hope this solves issues for some of you
P.S. Forgot to mention - urukdroid 0.7 will have its own vpnc service built-in.
Works in UD 1.5
nenadr said:
I've managed to make get-a-robot-vpnc (aka VPN Connections 0.99) work on urukdroid0.6 on Archos 101 IT.
There are two issues with default vpnc.script, and one issue with output of 'ps' command needed by VPN Connections 0.99 GUI, to check is there a connected vpnc process.
Resolving vpnc.script issues:
1. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'which' command (cd /usr/local/bin; ln -s busybox which)
2. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'ip' command (cd /usr/local/bin; ln -s busybox ip)
$aur0n told me that this two commands/links will be included in urukdroid-0.7.
Resolving GUI 'ps' issue (a bit harder ):
VPN COnnections GUI do 'ps | grep 'vpnc$' to see is there active vpnc process (established connection), but output of 'ps' command(s) found on urukdroid is not what GUI expects, so it cannot find vpnc proccess even if it is running and VPN is established.
On urukdroid there is 2 versions of 'ps' command:
1st is /bin/ps which is symbolic link to /bin/busybox (very old version of busybox (1.7.2, I believe) and output of ps this command is not suitable for VPN Connections (GUI)
2nd is /usr/local/bin/ps which is native ps command, but its output is also not suitable for VPN Connections (GUI)
There is a (hidden ) 3rd 'ps' command in /usr/local/bin/busybox (that version of busybox is 1.17.2) - but also not suitable output for VPN Connections (GUI).
Experimenting a bit I've found that '/usr/local/bin/ps -A' gives an suitable output, so I:
1. renamed /usr/local/bin/ps to /usr/local/bin/ps.new
2. made a script /usr/local/bin/ps with:
Code:
#!/bin/sh
ps.new -A
exit $?
3. chown root:root /usr/local/bin/ps; chmod 755 /usr/local/bin/ps
After that, everything worked.
Hope this solves issues for some of you
P.S. Forgot to mention - urukdroid 0.7 will have its own vpnc service built-in.
Click to expand...
Click to collapse
Just wanted to say thanks! I'm using Urukdroid 1.5 and had the same issue. Used your trick and now VPNC connects to my companies VPN ^_^
Hi,
Last week I received my Archos 101. In general it is great. Even better is this forum
I installed urukdroid (thanks to the project-team!). I tried to use openvpn but it failed and I am not sure about the reason.
The server-configuration is
...
ifconfig-pool 10.10.10.120 10.10.10.130
push "route 10.10.10.1"
route 10.10.10.0 255.255.255.0
ifconfig 10.10.10.1 255.255.255.0
push "route-gateway 10.10.10.1"
push "route 10.10.10.0 255.255.255.0"
...
As the Archos is the only device it would get IP 10.10.10.120.
BUT: ifconfig shows:
inet addr.: 10.10.10.255 Bcast: 10.255.255.255 Mask 255.0.0.0
That did (and cannot) work. No ping to home network possible.
When I called route it looked fine (I used redirect-gateway).
When I send the command
ifconfig tap0 10.10.10.120 broadcast 10.10.10.1 netmask 255.255.255.0
from Archos Terminal I had at least access to my home network. But all route entries are gone.
Who has an idea what I am doing wrong? I checked it in the last day again and again... If there is no solution: is it possible to 'save' the entries from route and restore it after my manual change of ifconfig? I would like to do it via script, as my home network I only reachable via dyndns.
Thanks and best regards!
I used the OpenVPN Howto Quickstart and had no problems.
macemoneta said:
I used the OpenVPN Howto Quickstart and had no problems.
Click to expand...
Click to collapse
Yes, I know the guide. I did the same with my ubuntu-netbook and it works directly.
And I think, it would work also on the Archos, if the openvpn/ifconfig on Archos accept the 10.10.10.120. But the IP is changed to 10.10.10.255 and that did not fit.
Where the h*** did the 255 instead of 120 come from?
I noticed the same problem...
No idea where it comes from, but as a workaround, you can put a script somewhere containing a suitable "ip addr add x.x.x.x/y dev z" statement, and reference that in the .conf file as "up scriptname".
Note that you need to add "--script-security 2" to the openvpn commandline to make that work. I added that to the OPENVPN_CFG variable in /etc/uruk.conf/openvpn.
regards
Patrick
This is the openvpn configuration I use for my Archos 101 (on the server). I'm not having any problems, using openvpn 2.1.1:
Code:
port 1194
dev tun
tls-server
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/[COLOR="Blue"]<my host>[/COLOR].crt
key /etc/openvpn/keys/[COLOR="blue"]<my host>[/COLOR].key
dh /etc/openvpn/keys/dh1024.pem
mode server
ifconfig 10.8.0.1 10.8.0.2
ifconfig-pool 10.8.0.4 10.8.0.255
push "route 10.8.0.1 255.255.255.255"
client-config-dir ccd
push "redirect-gateway def1"
push "dhcp-option DOMAIN [COLOR="Blue"]<my domain>[/COLOR]"
push "dhcp-option DNS [COLOR="blue"]<my dns server>[/COLOR]"
keepalive 10 60
inactive 3600
route 10.8.0.0 255.255.255.0
user openvpn
group openvpn
persist-tun
persist-key
verb 4
I examined the situation a bit further.
The problem comes from the ifconfig command that openvpn calls itself:
Code:
/system/bin/ifconfig myvpn \
192.168.x.41 \
netmask 255.255.255.0 \
mtu 1500 \
broadcast 192.168.x.255
This is only used when tap interfaces are involved, which is the case in my setup, but not in the setup macemoneta is showing. caesar68: do you also use tap interfaces?
I can reproduce the problem by just using that ifconfig command again.
When I list the IP-address-to-set as the last argument, instead, it works, i.e.
Code:
/system/bin/ifconfig myvpn \
netmask 255.255.255.0 \
mtu 1500 \
broadcast 192.168.x.255 \
192.168.x.41
A quick scanning of the openvpn manpage, does not suggest a way to override the ifconfig command that is used, but it does give an option --ifconfig-noexec which suppresses its calling.
Unfortuntely, when I just pack the is-working-after-the-interface-is-up ifconfig command into an up script with this option, it just gives me an error SIOCSIFNETMASK (Cannot assign requested address) - even if the same commandline works when I run it over an already upped interface... Probably because the interface then already had an IP address...
No problem, though, ifconfig is obsolete anyway, let us just use ip link and ip addr, which are fortunately available under Uruk.
So, caesar68, the clean solution would be to have
--script-security 2 on the openvpn commandline, e.g. via OPENVPN_CFG in /etc/uruk.conf/openvpn
in your myvpn.conf file:
Code:
ifconfig-noexec
up-delay
up-restart
up /etc/openvpn/myvpn-on-up
a corresponding script /etc/openvpn/myvpn-on-up, executable, with content
Code:
#! /system/bin/sh
ip link set $dev mtu $tun_mtu up
ip addr add $ifconfig_local/$ifconfig_netmask \
broadcast $ifconfig_broadcast \
dev $dev
Works For Me
Thanks for the explanation and the workaround, brian_o'fish. Why are you using tap though? Tap provides an Ethernet bridge, so you'll be transporting packets that really don't need to be sent to your Archos (reducing available bandwidth). Tun is layer 3 routed, so only traffic destined for either endpoint goes over the VPN connection.
macemoneta said:
Why are you using tap though?
Click to expand...
Click to collapse
That's what the server I'm using, is configured to do, as it provides transparant bridged LAN access via VPN, and that is what I want, as I am the admin of said LAN and VPN.
If the low level of broadcasts we have, ever increases or appears to be a problem to me, I'll set up an additional tun server, but for now it is simply not an issue.
Anyway, good hint in general!
Hi all!
Thanks a lot for your comments. Yes I am using tap. I would like to have access to my home network (storage etc.). Therefore I want to use the brigde functionality. And that works only when I changed the ifconfig manually afterwards. But the route is distroyed then and packages to the internet are not routed secure thru my home-network.
@ brian_o'fish: Thanks for the advise. I will try that the next days. In the moment I am happy to read, that I am not the only one with the problem (and maybe to stupid to use openvpn - but on the netbook it works).
I have never worked with tun. Maybe I could check, if that is also a workaround.
I will keep you informed, but I am on a trip the next days.
Thanks again!
*** Update ***:
I didn't work neither with tap nor with tun. Meanwhile I tried to run VPNC. I had some trouble, but it works now.
caesar68 said:
I didn't work neither with tap nor with tun.
Click to expand...
Click to collapse
Did you try the approach I described with tap, and can tell where / how it failed?
I have used adfree for a long time and never had any issues until the TB. For some reason the ads are still all over the place. I have updated host files and all I know to do... any suggestions?
i'm assuming that you're rooted, right? i'd verify that your hosts file in /etc has entries other than for the local host.
alternatively, you could try using dolphin hd with the ad-blocker add-on.
open the /system/etc/hosts file on your android phone via the command line or with a file explorer (must be rooted and have write permissions for /etc/system/hosts)
add the ad server list from http://pgl.yoyo.org/adservers/ to the file
(if you change the IPs to 0.0.0.0 instead of 127.0.0.1, the ads will be killed faster, since they wont die in the loopback with 127.0.0.1, since 0.0.0.0 is an invalid address)
If you find ad server lists from elsewhere, add it to the file and filter out extras doing a unique sort on it. I normally keep the same list on my desktop/laptop and phone and add to it as I go using something like live http headers in firefox to find new ad servers
On a linux box you can do a unique sort with:
sort -u oldFileName > newFileName
Here is my list of adservers I block from found lists and ones I added myself.
http://pastebin.com/pF1QNEm2
Hi,
i edited /system/etc/hosts file but it looks that my edit is ignored by Android.
In "hosts" file i added line with text "1.1.1.1 customdomain"
And then i used "ping customdomain" command in Terminal Emulator but i got error "unknown host am".
I doesn't ignore the hosts file, did you edit it with r/w permissions?
That's how some AdBlock apps on market are working.
They just download huge (700K) host file and most of ads are history. (also in ads based applications)
PS: try something with your local host 127.0.0.1 first... you have to reboot your device after modification.
evilkorn said:
I doesn't ignore the hosts file, did you edit it with r/w permissions?
Click to expand...
Click to collapse
AFAIK, i did. I edited it using "FS File Explorer" with r/w turned on... Then i restarted phone and my change is still there.
Vlad_z said:
That's how some AdBlock apps on market are working.
They just download huge (700K) host file and most of ads are history. (also in ads based applications)
PS: try something with your local host 127.0.0.1 first... you have to reboot your device after modification.
Click to expand...
Click to collapse
Yes, i found posts about these ad blocks when i read all these forums about this...
I can ping "localhost", but i cant ping this host i added there...
EDIT:
I added record "127.0.0.1 bbb", then i restarted phone and i tried to run "ping bbb", but i got error msg about unresolved hostname aswell...
I have Nexus S and latest CyanogenMod 7.0.3 if it can help...
I got it!
I was playing etc... And i found that i need to put 1 empty line at end of file to make system to reload file!
No need to restart phone at all, i can ping new hostname immediatelly.
Now i can ping new hostname. But when i open it in Android browser, i get new exciting error msg:
Sorry The requested server does not have a DNS entry!
Any ideas now?
mathdotrandom: Block ads on PC & Android with an uber HOSTS file!
oktam said:
AFAIK, i did. I edited it using "FS File Explorer" with r/w turned on... Then i restarted phone and my change is still there.
Yes, i found posts about these ad blocks when i read all these forums about this...
I can ping "localhost", but i cant ping this host i added there...
EDIT:
I added record "127.0.0.1 bbb", then i restarted phone and i tried to run "ping bbb", but i got error msg about unresolved hostname aswell...
I have Nexus S and latest CyanogenMod 7.0.3 if it can help...
Click to expand...
Click to collapse
This approach and file "Block ads on PC & Android with an uber HOSTS file!" has work flawlessly on multiple device all with various firmwares and versions of Android.
Hi, I've included some domains I want blocked in my hosts file so as to redirect them to "127.0.0.1" I've made sure the permissions are set correctly. I've made sure there is an extra linebreak at the end of the file. I've rebooted. In the terminal a PING request to the domain returns from the localhost. And yet I can still access the domain through the web browser.
What gives?
PS: I have a Nexus One 2.3.6 retail that I rooted using the DoomLord zerg rush exploit without unlocking the bootloader
And I have cleared the browser cache
Please use the Q&A Forum for questions Thanks
Moving to Q&A
have the same issue.
added an entry to etc/hosts (after remounting rw) rebooted. open a terminal... ping x.com goes to correct IP... browser (stock and others) goes to real dns resolved one.
android is full of brain [email protected]%
I can still access websites listed in the hosts file. Permission is -rw-r--r--
I'm using chrome beta for android.
This issue hasn't been fixed yet. Chrome still ignores the HOSTS file in \system\etc
Apparently the HOSTS file must be in UNIX file format. One way to do this is use Notepad++ and convert the file by going to EDIT --> EOL Conversion --> Unix.
If you ping a domain in the hosts file and it goes to 127.0.0.1 or 0.0.0.0 then your hosts file is formatted correctly.
But Chrome will ignore the domains in the hosts even if it's formatted correctly. Perhaps Google intentionally does this to prevent anyone from blocking their tracking tools?
I would bet there are millions of Android devices that have a hosts file but it's not working as everyone thinks it should be.
EDIT - Solution found: turn off "Reduce data usage" in Chrome
shizat63 said:
turn off "Reduce data usage" in Chrome
Click to expand...
Click to collapse
Wow. Any idea what does it trigger that affect that?
My problem is with stock browser on cyanogenmod gingerbread.
Sent from my Nexus One using xda app-developers app
chrome local domain fail
shizat63 said:
EDIT - Solution found: turn off "Reduce data usage" in Chrome
Click to expand...
Click to collapse
Unfortunately it does not work for me on my GT-I9305 (I9305XXUEML5).
For the record here is what I did:
Added domain.local to /system/etc/hosts:
Code:
[email protected]:/ # mount -o rw,remount -t ext4 /dev/block/mmcblk0p13 /system
[email protected]:/ # echo "127.0.0.1 domain.local" >> /system/etc/hosts
[email protected]:/ # mount -o ro,remount -t ext4 /dev/block/mmcblk0p13 /system
[email protected]:/ # grep domain.local /system/etc/hosts
127.0.0.1 domain.local
I can now ping domain.local:
Code:
[email protected]:/ # ping domain.local
PING domain.local (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.220 ms
64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.186 ms
64 bytes from 127.0.0.1: seq=2 ttl=64 time=0.242 ms
^C
--- domain.local ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.186/0.216/0.242 ms
Then I set up port forwarding in chrome: chrome://inspect/#devices -> Port forwarding... -> 8080 x.x.x.x:8080
After this I can telnet into domain.local from my GT-I9305:
Code:
[email protected]:/ # telnet domain.local 8080
GET / HTTP/1.0
HTTP/1.0 200 OK
Date: Mon, 28 Apr 2014 11:47:42 GMT
Server: openresty
X-Powered-By: PHP/5.4.12
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>
<html>
...
</html>
Connection closed by foreign host
So far so good.
Unfortunately if I open chrome on my mobile and enter domain.local:8080/ I get "Oops! Google Chrome could not connect to domain.local"
shizat63 said:
EDIT - Solution found: turn off "Reduce data usage" in Chrome
Click to expand...
Click to collapse
Worked! Thanks a lot. The fact, that adaware has stopped working was driving me crazy.
Howgie
shizat63 said:
turn off "Reduce data usage" in Chrome
Click to expand...
Click to collapse
It was turned on and turbo-mode in Opera was turned on. I've been sure hosts file is ignored!
The extra line was what I needed to fix my problem with my hosts file. As soon as I saved and refreshed it went to the site I needed it to.
oktam said:
I got it!
I was playing etc... And i found that i need to put 1 empty line at end of file to make system to reload file!
No need to restart phone at all, i can ping new hostname immediatelly.
Now i can ping new hostname. But when i open it in Android browser, i get new exciting error msg:
Sorry The requested server does not have a DNS entry!
Any ideas now?
Click to expand...
Click to collapse
Hosts file is working when i use directly from chrome and default browser, but when i use google app and then it is showing to choose chrome or internet browser it is not blocking site in hosts file after my chrome selection.
Plz.....i need help....
Was anyone able to get Android to read your hosts file? I can't even ping the site properly using the terminal emulator.
I've turned off Chrome data saver, made sure the file was saved with Unix line endings and left a blank line at the end of the /system/etc/hosts file.
I did. I copied the hosts file to my computer, edited it then pushed it back to android with rw permission.
It didn't work though until I added the blank line below my last entry (why?), just hit enter after adding your last/only domain name entry and then save.
How to change r/w permissions with Es file explorer.
hello guys,
i'm developing an automatic vulnerability scanner/exploiter for android.
i'm adding the cool feature of using the metasploit framework from our android phones, but i'm having a big issue.
i can start the MsfRpcd ( the metasploit daemon ) from a su shell an make it bind to the 127.0.0.1 address.
i can connect to the server using busybox netcat ( no Java though here ).
i can't connect to 127.0.0.1 from the android app! i got ECONNREFUSED.
uff!
after a bit of google i understood that JavaVM have a separate network and it filter out my connection to localhost/127.0.0.1.
how can i connect to a service bind to 127.0.0.1 on my phone from an android app?
this is a jail!
NOTES:
i gave a quick look at iptables -L output, maybe i can make some hack there, but probably i will break the JavaVM network.
thanks in advance!
-- tux_mind
PS:
binding on wifi ip is not an answer.
WORKAROUND:
do not use socket library, use URLConnection:
Code:
u = new URL("http", InetAddress.getLocalHost().getHostAddress(), mPort, "/api/");
huc = u.openConnection();
huc.setDoOutput(true);
huc.setDoInput(true);
huc.setUseCaches(false);
huc.setRequestProperty("Content-Type", "binary/message-pack");
huc.setReadTimeout(0);
huc.getOutputStream().close();
-1 for google