Hi,
Anyway to lock down the proxy settings in the connection manager?
At work we have a different proxy to access the internet via a pc than the one we use on the mobile devices.
When the device is synched up, it will pull in the proxy setting from the pc, resulting in the user not being able to access the internet.
Any way to stop it picking up the setting on sync?
Cheers
Notice - This topic is for the very advanced computer users.
I will need help from WM6 developers and SUPER advanced users for a variant of this. Please go to the COMPLETE bottom to read what I need for help.
What is it for? : Gain full access to TCP ports while using carrier's WAP/GPRS/HTTP proxy. Access IMAP/POP3/Internet Radio/Streaming TV/Skype while still using your carrier's cheap/free GPRS APN.
(currently only works on tethered, but I am working on making it work directly from the phone, I need help from those in the know-how)
Summary: The PC is tethered to the phone for GPRS/3G internet. PuTTY client connects to a SSH server THROUGH the carrier's proxy and opens up a SSH tunnel with dynamic forwarding on port 1080.
What you need :
- PC with Windows or Linux
- PuTTY http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- A simple SSH server directly connected to the internet (could be a modified Linksys WRT54G/GS/GL router with OpenWRT, no need for a PC)
optional - ProxyCap or SocksCap (commercial, look on bittorrent). They force softwares that required DIRECT internet acess to work with this guide
Settings:
1- Your SSH server needs to listen to port 443
2- In Windows go to Control Panel / Internet Options / Connections / LAN Settings / Proxy Server /
-Check the box "Use a Proxy Server for your LAN"
-Click advanced under SOCKS: , write: localhost" with port: 1080
3- In PuTTY
-Session TAB
Hostname = IPaddressOfYourSSHServer
port = 443
-Connection / Proxy
Proxy Type = HTTP
Proxy hostname = YourCarrierProxyAddress
Port = 80 or 8080 (whatever your carrier tells you to put)
-Connection / SSH / Tunnels
At the bottom, select Dynamic & IPv4
Source port = 1080
Click ADD
You should see "4D1080" appear in the white box under "forwarded ports"
-Session
Type any name you want under Saved Sessions
Click "Save" so that anytime you reload Putty, you click ony your sessions and load to restore all the above settings.
Final Step
- Disconnect your PC from any internet access
- Connect your PC to your phone's GPRS/3G internet
- In Putty, load the session and click on OPEN (This should open up a black window with no text)
- Wait a few seconds, you should see a new window asking you if you accept a new KEY for the new host you are connecting to. Click YES
NOTE: this will only happen the first time you connect to the SSH server through GPRS. It will never appear again
- You'll be asked to enter your username and password (those are the ones from your SSH server). You'll then gain SSH terminal access to your SSH server.
- type and enter "top" in your SSH terminal
WHY? : Your carrier's PROXY closes any IDLE connections. "top" makes the SSH server send you the server status every few seconds, keeping the connection active.
- Open internet explorer and see if you can load web pages.
- Congrats, you got non-carrier-proxied non-carrier-cached internet access.
TROUBLESHOOTING
Problem: PuTTY times out when I open my session
Diagnostic: PuTTY cant connect to your SSH server, this could be due to :
- Check if you got the right SSH server IP address
- SSH Server does not listen to TCP port 443
- SSH Server is behind a firewall that blocks port 443
- Your ISP may block port 443 (mine blocks port 80)
- Your wireless carrier may not allow SSL connections, test by loading a HTTPS web page while using their HTTP proxy (find a web page such as ebay, paypal, or whatever that requires an encrypted login, see if HTTPS is in the address bar). You're screwed if its blocked
- Your wireless carrier's proxy might not be on port 80/8080, please check
- Double check your Putty settings for your session.
Problem: PuTTY says "connection not allowed" "permission denied" or something
Diagnostic - Your wireless carrier probably does not allow SSL on 443, or scans your packets to see if it is TRUELY SSL. You're screwed in that case.
Problem: When I type my username and password, I get denied
Diagnostic: you don't know your OWN SSH server's access information, moron
Problem: Im connected to my SSH server, but IE won't load pages
Diagnostic: Either you forgot to set the dynamic port forwarding (review step 3 in settings) or you didn't set the proxy settings in IE (review step 2)
Please make sure you got NO other proxies entered other than in the SOCKS section of IE
WHAT I NEED FOR HELP
As you can see, this is only for using GPRS/3G on a PC/Laptop
Im very close to getting this to work directly on the phone.
PocketPutty is a conversion of PuTTY for WM5/6
http://www.pocketputty.net/
There is no Proxy tab in PocketPutty, but go in the registry
HKEY_current_user/Software/SimonTatham/Putty/Sessions/YourSessionName
This is IDENTICAL to what you'll find on your windows PC if you create a session. Create the proper session on your PC and copy the registry entries onto your phone's registry.
I got it to connect to my SSH server the same way you do on a PC, however, I can't get Pocket IE or any other software to use localhost:1080 socks proxy.
I've tried the obvious "proxy settings" in the connections manager, but IE still tries to connect directly unless I specify a HTTP proxy. Putty cannot do HTTP proxy so I can't just open up a second dynamic port on 80.
I tried in the registry to manually enter data. I noticed that even if you got NO proxy settings, you still got two proxy entries in the registry
HTTP , which uses "new-inet" on 1118
null-corp, which uses "new-corp" on 1118
I've made some tests and come to the conclusion that IE will only listen to the HTTP proxy entry in the registry. However, it will not use it if the "type" is set to "0". Setting it to "4" (SOCKS) gives me an error that IE cannot use my GPRS connection.
Im at loss here since im not a programmer or anything. Im wondering if any programmer/developper/professionals knew anything on the matter. It's only a matter of dynamic forwarding. I know PocketPutty can do it.
I was wondering if this was possible myself... I run a linux server at home and when I am at school/work/etc. I like to use my server as a socks proxy (using the method you stated) in order to get around those pesky firewalls and content filters. I've found that in general I like to tunnel everything through my home ISP's connection. It just 'feels' more secure, albeit a lot slower due to roadrunner's poor upstream bandwidth.
Pocket IE apparently did leave out the SOCKS proxy feature, and I don't know if it's even possible to tunnel through SOCKS on a WinMo phone.
This ancient guide from 1999 says that SOCKS is not implemented on WinCE, but surely this is outdated and useless information, right?
So I ask: Does anyone out there know how to use a SOCKS proxy on a PocketPC?
I don't know how much this will help you, I'm not nearly as advanced, but I saw the word SOCKS and a bell rang. Under Settings > Connections > Connections, when you setup or edit the proxy server, the SOCKS option is at the bottom. I always manually put in the AT&T proxy settings when I need to so it sounded familiar. Hope that helps.
Hey alkizmo !
I think that your idea is not really good, because there is an easier solution, with OpenVPN. This vpn allows you to do HTTP encapsulation, like PuTTY ...
And OpenVPN server/client is faster to install.
TKz said:
Hey alkizmo !
I think that your idea is not really good, because there is an easier solution, with OpenVPN. This vpn allows you to do HTTP encapsulation, like PuTTY ...
And OpenVPN server/client is faster to install.
Click to expand...
Click to collapse
A VPN connection cannot be initiated through a proxy where all ports are blocked except 8080/80/443
VPN is not the solution to proxy bypass.
Then again, go ahead, try to prove me wrong and you'd have found a much simpler solution.
oh and this thread is outdated, I did finalize this project and have it working now.
http://forum.xda-developers.com/showthread.php?t=316890
alkizmo said:
A VPN connection cannot be initiated through a proxy where all ports are blocked except 8080/80/443
VPN is not the solution to proxy bypass.
Then again, go ahead, try to prove me wrong and you'd have found a much simpler solution.
oh and this thread is outdated, I did finalize this project and have it working now.
http://forum.xda-developers.com/showthread.php?t=316890
Click to expand...
Click to collapse
Ok, i know your solution work, but three things :
1. Mine too (sorry, I bypass proxy through vpn)
2. Mine is easier ... that's all !
3. http://ovpnppc.ziggurat29.com/ovpnppc-main.htm
Personaly, I think the problem inlies with the way Pocket PC use proxys. If there was a way to make the Phone use the same proxy for everything it would work. but from what I can tell, the phone choses the right proxy for the right thing. by looking at the proxy settings it has a for Http wap, etc.
Well, the other programs don't work with these proxies, as far as I can tell. The best wayt, IMHO, would be to make a program that routes all connections to one proxy, and maybe then the prxys would work correctly.
TKz said:
Ok, i know your solution work, but three things :
1. Mine too (sorry, I bypass proxy through vpn)
2. Mine is easier ... that's all !
3. (deleted link, no url posting privileges for new members)
Click to expand...
Click to collapse
excellent.
As of this writing, the link is still alive. And the latest release of openvpn ppc is 2.1 released December 10/2009. Or, about a month ago.
see:
the changelog
The network where I work uses ISA and has all workstations setup to go through the GATEWAY in order to access the WWW. They have a unsecured wireless network, and my Trinity can connect perfectly fine. I'm running Windows Mobile 6.1 and can connect to the wireless AP with no problem. When I launch Internet Explorer Mobile, it shows the default page, but complains that the page cannot be displayed when I try to go to any website - my guess is because Internet Explorer needs to be setup to use the gateway/proxy (just like the workstations are). But I do not see any options to type in the name and port of the gateway/proxy. Do i need a seperate proxy application for the phone/IE or are there registry settings or some other settings elsewhere that I cant find that need setting?
Any ideas?
Nevermind, ignore me... i forgot that there was a proxy settings section under Settings > Connections. my bad.
Hi,
I wonder if anyone has encounter this issue with WM6.1:
The Comm Manager has no option to set a default for the defined Wireless Server.
Say if there are 3 "defined" profiles for wireless server available (Wifi detection), at home or as work for example, the device will connect to one of them, but we cannot set a default one.
There is no-way to set a "don't-detect this server anymore" either, so delete it will make it reappears after wifi detection.
So has anyone found a way, in WM6.1, to set a default Wireless server to connect the WIFI to, when there are several Wireless Access Points available ?
Say if I have several wireless modems all running, and I all setup a profile for each.
How do you set a Default ?
Thanks very much.
I'm still not able to use my SSH tunnel connecting to my server at home to tunnel Http web traffic on the browser. First the proxy settings in wireless/network doesn't work even on WIFI, I don't think it is the correct type of proxy, and secondly it doesn't work on 3G.
Although my work uses a VPN(Cisco) and that works fine with VPN connections app. So I'm wondering if it's possible to have an app that makes proxy settings same way?
I really don't want to open up a VPN server at home, I like SSH with it's public/private key to be more secure, especially with a 8192bit key.