hello lads, I am interested in making Android application that can be use as VPN server, any tips where I can start from ? Is it possible ? I have not see any good topic about this in net
I just wonder why you consider an Android app as a VPN server.
Is it just a portal for a specific LAN? Or do you need a general VPN server for encrypted internet connections?
Even if you can implement basic functions of this VPN server, don't you worry about its concurrent & load capacity as a 'server'? ......
Its definitely possible but you'll have to likely root the phone first.
I turned a rooted Android phone into a VPN server by using the Linux Deploy app and UNIX tools "busy box app" then running CentOS on Linux Deploy. I installed SoftEther VPN Server on CentOS through SSH on the phone.
I wrote about it in a forum. If you google "Turn a flashed to verizon phone into vpn server" it will come up in Aspkin forum and you can see me work through it.
This way is 100% free and SoftEther will tunnel straight through a firewall using port 443 unlike any paid app so you can leave the phone hidden anywhere connected to WiFi and as long as you use SoftEther Client and the DNS host name to connect to the server. It wont work if you use a openVPN or L2TP/IPsec client without opening ports on the router of the wifi connection, or the server IP address (which would be a local ip if connected to wifi hidden somewhere).
Click to expand...
Click to collapse
James_Watson said:
I just wonder why you consider an Android app as a VPN server.
Is it just a portal for a specific LAN? Or do you need a general VPN server for encrypted internet connections?
Even if you can implement basic functions of this VPN server, don't you worry about its concurrent & load capacity as a 'server'? ......
Click to expand...
Click to collapse
Thank you for your reply. I just want to make a VPN server that uses a mobile network and accepts connection from 1 device(concurrent or load capacity or encryption does not matter). It is a small part of my application and not for commercial use. so, everything is possible, to root a device or another way to do my goal.
Related
I have created an SOCKS proxy server application to run on Windows Mobile phones. A SOCKS proxy is a proxy server that is capable of forwarding nearly all types of network traffic, similar to a NAT router. It is very simple to use. Simply type in the port you would like the proxy server to listen on (defaults is 1080), then click the large "Start Proxy" button.
In order to run this application you will need the .NET Compact Framework 3.5 installed on your device.
Some applications are SOCKS-ready and others are not. You can use FreeCap (freeware) to SOCKS enable any Windows application. ** FreeCap seems to have problems connecting to SocksProxy. Let me know if it works or doesn't work for you. **
I am *NOT* responsible for any fees charged to anyone for the use of this software. There is no warranty and no guarantee.
[UPDATE 2/25/2009]
I've completed the new version of SocksProxy. It implements socks version 4a. There is no security, so it will allow anyone to connect with any user id.
Please let me know of any issues you find.
[UPDATE 2/24/2009]
SocksProxy v1.0 Reboot
--------------------------------------------------------------------------------
I've completed the new proxy server. It looks pretty much like the old one, but I've anchored the controls to the edges so it should scale properly with VGA devices.
I've written a new Socks 4a proxy from scratch and completed ditched all the old code. It seems to be working pretty well, though a bit slow. I think I need to increase the size of my read buffers. I will have to write a smarter heuristic for determining the size of the buffer per connection though. I have them at 128 Kb now. I need to grow each buffer dynamically according to how it's being used, that way I don't create large buffers for connections that are only transfering small amounts before closing (downloading a small gif or javascript file, for example).
I'll probably release it tomorrow after some more testing.
BTW: I'm posting this through the proxy right now!
[UPDATE 2/24/2009]
I've decided not to move forward with the J2ME version of SocksProxy. I will however be writing a new .NET CF version. The current version's proxy is based on code I ported from a proxy targeted to the standard .NET framework. Some features in the standard framework are absent in the compact framework. When porting the proxy I pretty much just did it as quick and dirty as I could because I really wanted something that just got the job done. I didn't care how stable or 'good' it was because I hadn't even intended on releasing it to anyone. Since it looks like there's still a lot of interest I will be writing a new one from scratch. Don't expect too much; It'll be the simplest thing that possibly works, but it'll be stable and reliable.
I'll be naming this version SocksProxy 1.0 Reboot. I'm not upping the version number because I'm really not going to be adding any new features.
[UPDATE 11/4/2008]
I am working on a J2ME version of this application. I will no longer be maintaining the .NET version of the application. The SVN repository for the .NET version will continue to be available. I have no plans on taking it down.
I have decided to switch to J2ME because I will be able to reuse source code in a future Android release -- that is, if Google or someone adds the ability for Android to have more than one IP address.
[UPDATE 10/27/2008]
There is a usage issue with the application with certain configurations of Windows Mobile and Activesync. It seems that when the Activesync host (your PC) has a connection to the internet the handheld device will prefer to connect to the internet via the PC's connection rather than its cellular connection. This completely eliminates any benefit to using the proxy. Does anyone know how to prevent the handheld from routing its internet traffic back through Activesync? Note that this is NOT solved by setting the "Allow data connections" setting in Activesync.
[UPDATE 10/27/2008]
I have updated the SVN respository (https://pchasco.homedns.org/svn/SocksProxy/trunk). Here are the changes:
* Changed "Listening on" box to list all IPs on the handheld
* Added an IP box. Enter an IP to listen on that IP or leave blank to listen on all.
* Rearranged form
* Added "Use selected IP" button to insert into the IP box the IP selected in the list of available IP addresses.
You can enter any IP address in the IP box, but the proxy will fail to start if the IP is not valid for your device.
Hi pchasco,
Could you explain a bit more what this does (and how it works)?
The reason I ask is that I'm looking for an application for the PPC which allows me to share its internet connection by pointing the Desktop browser' proxy to the PPC.
This allows me to be connected to the wired network and using this proxied browser to browse even the blocked sites ...
Can your application be used for this?
If so could you also explain how it works..
I've ran the App on my PPC, and clicked start, this gave me an IP address
next i hooked it up to USB and pointed IE's proxy to that address...didn't work
I also tried to activate the 3G first and/or with ICS activated
but both times I didn't see a IP address...
I'm probably doing something wrong..
Thanks
This is a SOCKS proxy, so it does not work in quite the same way that a normal HTTP proxy does. For internet explorer you'll have to open the advanced proxy options and fill in the information for the SOCKS hostort entry.
Can someone please explain a sample usage of this software on Windows Mobile?
pchasco said:
This is a SOCKS proxy, so it does not work in quite the same way that a normal HTTP proxy does. For internet explorer you'll have to open the advanced proxy options and fill in the information for the SOCKS hostort entry.
Click to expand...
Click to collapse
Have you used this with ICS? In other words, share your internet connection with a computer and then have the computer connect via your sock proxy to the internet?
abdulzis said:
Can someone please explain a sample usage of this software on Windows Mobile?
Click to expand...
Click to collapse
I'm not sure what you mean. An example of how to use it or an example describing why someone would want to use it?
hoopsbwc34 said:
Have you used this with ICS? In other words, share your internet connection with a computer and then have the computer connect via your sock proxy to the internet?
Click to expand...
Click to collapse
I am not sure why you would need to use both SOCKS proxy and ICS at the same time. They are both means to provide internet connectivity through your phone to another device. If ICS were an option on my phone, I would use it over SOCKS unless the client device did not support it.
pchasco said:
I am not sure why you would need to use both SOCKS proxy and ICS at the same time. They are both means to provide internet connectivity through your phone to another device. If ICS were an option on my phone, I would use it over SOCKS unless the client device did not support it.
Click to expand...
Click to collapse
Basically, I'm trying to allow access to two networks at the same time. So I want to adjust my settings in firefox to point to my WM phone and your socks proxy. Then my other applications and IE can use my LAN. Otherwise, to get my WM ICS to work I have to disable my LAN connection which I need for certain apps.
edit... I'm good with using it without ICS, but that doesn't seem to work either. No matter when I click start proxy, I get an IP of 0.0.0.0 and if I connect my computer via USB I can't ping that address.
hoopsbwc34 said:
Basically, I'm trying to allow access to two networks at the same time. So I want to adjust my settings in firefox to point to my WM phone and your socks proxy. Then my other applications and IE can use my LAN. Otherwise, to get my WM ICS to work I have to disable my LAN connection which I need for certain apps.
Click to expand...
Click to collapse
Then setting the SOCKS proxy setting without setting any other proxy settings should work in Internet Explorer. I've been trying to test it, but my phone refuses to access the internet through the cellular connection right now; it's always going through my PC while activesync is connected. I can't get it to stop! The funny thing is IE on my PC is making its HTTP requests through my phone, then my phone is going right back through my PC to the internet!
pchasco said:
Then setting the SOCKS proxy setting without setting any other proxy settings should work in Internet Explorer. I've been trying to test it, but my phone refuses to access the internet through the cellular connection right now; it's always going through my PC while activesync is connected. I can't get it to stop! The funny thing is IE on my PC is making its HTTP requests through my phone, then my phone is going right back through my PC to the internet!
Click to expand...
Click to collapse
That's what I tried... but the IP address I get is 0.0.0.0 from your app. What IP do you usually get back when you run it? Do you just connect via USB? If ActiveSync is running is that an issue?
pchasco said:
Then setting the SOCKS proxy setting without setting any other proxy settings should work in Internet Explorer. I've been trying to test it, but my phone refuses to access the internet through the cellular connection right now; it's always going through my PC while activesync is connected. I can't get it to stop! The funny thing is IE on my PC is making its HTTP requests through my phone, then my phone is going right back through my PC to the internet!
Click to expand...
Click to collapse
I think there is a setting in ActiveSync that says "allow wireless connections when connected" sounds like that might be your problem.
Mr_Gee said:
Hi pchasco,
Could you explain a bit more what this does (and how it works)?
The reason I ask is that I'm looking for an application for the PPC which allows me to share its internet connection by pointing the Desktop browser' proxy to the PPC.
This allows me to be connected to the wired network and using this proxied browser to browse even the blocked sites ...
Can your application be used for this?
If so could you also explain how it works..
I've ran the App on my PPC, and clicked start, this gave me an IP address
next i hooked it up to USB and pointed IE's proxy to that address...didn't work
I also tried to activate the 3G first and/or with ICS activated
but both times I didn't see a IP address...
I'm probably doing something wrong..
Thanks
Click to expand...
Click to collapse
Sounds like the same thing that is happening to me. I finally got it to give me an IP address, but only if my data connection is inactive. As soon as the data connection is active it becomes a 0.0.0.0 IP address. Bug?
I tried to establish the IP, then activate the data connection... still doesn't work when I enter the IPort into my proxy list for firefox.
hoopsbwc34 said:
That's what I tried... but the IP address I get is 0.0.0.0 from your app. What IP do you usually get back when you run it? Do you just connect via USB? If ActiveSync is running is that an issue?
Click to expand...
Click to collapse
I am not sure why you are receiving 0 as your IP address. Check in Settings->Connections->USB to PC that "Enable advanced network functionality" is selected.
Gave it another try
Connected to ActiveSync (AS) loaded the application
removed the AS connection, started the application
It showed me the IP address op 127.0.0.1 (localhost)
Stopped the App, initiated the gprs and started the App again.
now i'm getting an IP of 0.0.0.0, I restarted the App a couple of times but no dice
I also checked if the advanced network functionality was enabled and it was..
Mr_Gee said:
Gave it another try
Connected to ActiveSync (AS) loaded the application
removed the AS connection, started the application
It showed me the IP address op 127.0.0.1 (localhost)
Stopped the App, initiated the gprs and started the App again.
now i'm getting an IP of 0.0.0.0, I restarted the App a couple of times but no dice
I also checked if the advanced network functionality was enabled and it was..
Click to expand...
Click to collapse
Hmm... I'm not sure what's going on here. 127.0.0.1 is the loopback interface-- It is only valid for your phone to connect to itself. If your computer attempted to connect to 127.0.0.1 it would connect to itself, not your phone.
pchasco said:
Hmm... I'm not sure what's going on here. 127.0.0.1 is the loopback interface-- It is only valid for your phone to connect to itself. If your computer attempted to connect to 127.0.0.1 it would connect to itself, not your phone.
Click to expand...
Click to collapse
Yes I know... :-/
Well, if I have time in the next few days I will take a look and see whether there is anything I can do. Maybe there is another IP address available on your device but for whatever reason I'm displaying the loopback instead of the external interface.
What happens when you set your proxy client up to go to 169.254.2.1:1080?
Mr_Gee said:
Gave it another try
Connected to ActiveSync (AS) loaded the application
removed the AS connection, started the application
It showed me the IP address op 127.0.0.1 (localhost)
Stopped the App, initiated the gprs and started the App again.
now i'm getting an IP of 0.0.0.0, I restarted the App a couple of times but no dice
I also checked if the advanced network functionality was enabled and it was..
Click to expand...
Click to collapse
Sounds like the same bug I am getting.
An example describing why someone would want to use it?
abdulzis said:
An example describing why someone would want to use it?
Click to expand...
Click to collapse
If you can't use ICS and want to connect to the internet from your desktop, you can connect your phone using USB and start this proxy, then you can setup your desktop connection to use the proxy to get internet access.
I would like to connect my android phone/tablet to my work connection. Is there any easy enough way to do this?
Im looking for a ssl vpn client
SSL VPN , Android VPN
here is two vpn solution
purevpn.com
Android vpn - SSL VPN
Enjoy!
Which did you pick?
and How's it working?
I'm looking for the same.
did you try Juniper Pulse?
I'd say talk to your system admin.
sajavid said:
did you try Juniper Pulse?
I'd say talk to your system admin.
Click to expand...
Click to collapse
Junos Pulse only allow to access to the bookmarked web site on the remote site (company). You cannot use Junos Pulse to access to the other PC on the company's LAN. While I can full access to the company's LAN from home's PC.
Is there any app that allow Android phone to fully connect to the company's LAN (using SSL VPN)?
I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!
typhoonikan said:
I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!
Click to expand...
Click to collapse
On a public wifi all data you do is unencrypted, the only way to protect it, is doing some encrypting yourself.
On the apps that support it you should enable SSL encrpytion, that way, only your device and the receiving service can parse whats going on.
Not all apps support this, so if you come over an app that doesnt, but is really afraid of someone taking it, you need to do some more advanced stuff, and take use of a VPN.
This applies to both laptops and phones, but ssl support is usually less used on laptops
typhoonikan said:
I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!
Click to expand...
Click to collapse
Use "SSH Tunnel" app from Play Store to encrypt all of Internet traffic. You'll need just an internet server having root access or SSH access for that. There's no need of complex configuration on server at all.
All VPNs except OpenVPN have limited encryption level, but that's not the case of SSH Tunneling. When it comes to OpenVPN, its configuration is complex. And, little mistake can pose security risk. Plus, most of stock ROMs don't have OpenVPN client. Installing it is also more complex than installing SSH Tunnel.
SachinShekhar said:
Use "SSH Tunnel" app from Play Store to encrypt all of Internet traffic. You'll need just an internet server having root access or SSH access for that. There's no need of complex configuration on server at all.
All VPNs except OpenVPN have limited encryption level, but that's not the case of SSH Tunneling. When it comes to OpenVPN, its configuration is complex. And, little mistake can pose security risk. Plus, most of stock ROMs don't have OpenVPN client. Installing it is also more complex than installing SSH Tunnel.
Click to expand...
Click to collapse
This is great and what I had in mind- an app that secures the connection.
Though, walking into a starbucks or public wifi location where they have this kind of requisite (the server requirements)... isn't it doubtful they will have that set up?
Personally, I use OpenVPN. I would recommend using TUN, and at least 128 AES encryption. You need to have an always on internet connection somewhere. You set up a server there (dedicated computer, or buy a $40 linksys router and flash with dd-wrt or tomato vpn) and use a dynamic dns service to forward to that server's IP (such as DynDNS).
Most of that information is available on google.
You can find the OpenVPN HOWTO here:
openvpn.net/howto.html
Yes, as mentioned it is fairly complex, however worth the payoff in security in my opinion.
Hope that helps.
Tom
I appreciate the responses, but I think you're missing my point.
I'm talking about joining public wifi. Not a wifi spot where I can manage their server settings.
Yes, we are as well. VPN and SSH tunneling are used primarily to encrypt traffic. You want to do that to protect your data from Man in the Middle attacks. These types of encryption do not require any sort of administrative access to the wireless access point. That's the idea. You encrypt your data on your computer and send it over unsecured wifi to a server that is hard-wired to the internet, where the traffic is decrypted and send out to the internet as normal. The return traffic will then also be encrypted until it is decrypted by your computer. I would look into these two options for securing your data on unsecured wifi networks...
Tom
tomg09 said:
Yes, we are as well. VPN and SSH tunneling are used primarily to encrypt traffic. You want to do that to protect your data from Man in the Middle attacks. These types of encryption do not require any sort of administrative access to the wireless access point. That's the idea. You encrypt your data on your computer and send it over unsecured wifi to a server that is hard-wired to the internet, where the traffic is decrypted and send out to the internet as normal. The return traffic will then also be encrypted until it is decrypted by your computer. I would look into these two options for securing your data on unsecured wifi networks...
Tom
Click to expand...
Click to collapse
Thank you !
Sent from my EVO using xda premium
typhoonikan said:
This is great and what I had in mind- an app that secures the connection.
Though, walking into a starbucks or public wifi location where they have this kind of requisite (the server requirements)... isn't it doubtful they will have that set up?
Click to expand...
Click to collapse
Server will be your own outside public wifi. It may reside in your home. Or, you may purchase a VPS from Linode, RackSpace etc.
The concept: Your Android device will create an encrypted SSH tunnel to server at home... all over insecure wifi network. If a black hat guy traps your traffic in the middle, he will not get usable data from that because of encrypted tunnel.
So I'm trying to do some research in the server requests and responses of some apps I work with, and for various reasons need a hotspot because of incompatibility with a corporate proxy.
Are there any apps that can decode/record web traffic as it's passed to AP clients through Wi-Fi tether?
I certainly recognize the possibility for espionage / inherent security concerns, but they have similar apps for desktops like "Charles proxy" or "fiddler" to do research in packet analysis.
I googled a little, but most examples were from the 2.2-2.3 days, and didn't seem updated at all.
Thanks!
Hi,
Maybe SandroProxy will help you out.
https://play.google.com/store/apps/details?id=org.sandroproxy
Not sure about working on wifi thether...
Mix3d said:
So I'm trying to do some research in the server requests and responses of some apps I work with, and for various reasons need a hotspot because of incompatibility with a corporate proxy.
Are there any apps that can decode/record web traffic as it's passed to AP clients through Wi-Fi tether?
I certainly recognize the possibility for espionage / inherent security concerns, but they have similar apps for desktops like "Charles proxy" or "fiddler" to do research in packet analysis.
I googled a little, but most examples were from the 2.2-2.3 days, and didn't seem updated at all.
Thanks!
Click to expand...
Click to collapse
SandroBSupp said:
Hi,
Maybe SandroProxy will help you out.
https://play.google.com/store/apps/details?id=org.sandroproxy
Not sure about working on wifi thether...
Click to expand...
Click to collapse
Yeah, that's the wrong type of proxy. I need the *phone* to act as the proxy, or at least decrypt ssl traffic between the phone and tethered device; this one is more of a "hide my traffic" proxy between the phone and the internet.
But this is exactly what SandroProxy do. It acts as local proxy accepting requests.
For SSL you need also to use Menu->Export CA to store.
It can also connect to your corporate proxy (basic/digest/ntlm) so you do not need to use thether mode.
http://forum.xda-developers.com/showthread.php?t=1737138
Mix3d said:
Yeah, that's the wrong type of proxy. I need the *phone* to act as the proxy, or at least decrypt ssl traffic between the phone and tethered device; this one is more of a "hide my traffic" proxy between the phone and the internet.
Click to expand...
Click to collapse
You're totally right. Just tried it out and it's working splendidly.
You the man!
I need a local SOCKS5 proxy server that doesn't use the Android VPN service. Why? Because I want to chain it with the no-root firewall NetGuard. NetGuard already uses the Android VPN service. Therefore, no other app can use the Android VPN service at the same time. NetGuard, however, supports chaining apps via SOCKS5. Unfortunately, I have trouble finding a suitable app which I can chain it with. Ideally, I would be able to connect then to my Streisand server through the local SOCKS5 proxy server. A SSH tunnel would be an added bonus.
I'm on a non-rooted phone with Android 7.1.1 and don't want to root because that breaks, for example, my banking app. I'm happy to provide more information if needed. Thanks for your help!