Possible to implement SOCKS5 proxy for tunneling SSH traffic? - Desire Q&A, Help & Troubleshooting

I'm still not able to use my SSH tunnel connecting to my server at home to tunnel Http web traffic on the browser. First the proxy settings in wireless/network doesn't work even on WIFI, I don't think it is the correct type of proxy, and secondly it doesn't work on 3G.
Although my work uses a VPN(Cisco) and that works fine with VPN connections app. So I'm wondering if it's possible to have an app that makes proxy settings same way?
I really don't want to open up a VPN server at home, I like SSH with it's public/private key to be more secure, especially with a 8192bit key.

Related

Wi-Fi proxy servers

I have looked through various posts on this topic from the search but not found any conclusive answers.
When I am connected via Wi-Fi I cannot set any proxy servers. Particularly I'm interested in HTTP proxying. If I browse Internet Explorer to a print environment variables CGI script I can see it's not using the proxy I have set in my 'Work' connection. What I'm a bit confused about is whether 'Work' is the correct place to put it as it has no modem connections listed there [only non-Wi-Fi options are listed such as Bluetooth and irDA].
Is this the correct place to put the proxies? If so why is my MDAIII [WM2003SE] ignoring them?
If this proxy server is in your work environment, you can set it up in 'work' in Connections.
You also have to set the phone up to use 'work' for internet addresses, as well as work-related (intrAnet) addresses. Otherwise, all external addresses will bypass your 'Work' settings.
When U say I have to set up 'work' for internet addresses what do U mean? I am connected via Wi-Fi at the moment at work and I have the proxies configured, yet I still go directly to websites in Internet Explorer without touching the HTTP proxy.
In my 'Work' network I have no modems defined. In 'My ISP' I have both GPRS and WAP setup for T-Mobile UK. My connection rules say use 'My ISP' for internet addresses, and 'Work' for private work addresses. If I change internet addresses to 'Work' as well it still ignores my proxies. I have not yet found a combination that works.
Edit:
Sorry I just realised that even though I have nothing listed in my intranet address list the MDAIII has guessed my local cgi environment script is on my intranet and has bypassed my proxy. When I use a remote cgi script out there in the wilderness it successfully reports the proxy IP instead of the MDAIII one.

Guide - ALL PORTS opened through carrier proxy 3G/HSDPA

Notice - This topic is for the very advanced computer users.
I will need help from WM6 developers and SUPER advanced users for a variant of this. Please go to the COMPLETE bottom to read what I need for help.
What is it for? : Gain full access to TCP ports while using carrier's WAP/GPRS/HTTP proxy. Access IMAP/POP3/Internet Radio/Streaming TV/Skype while still using your carrier's cheap/free GPRS APN.
(currently only works on tethered, but I am working on making it work directly from the phone, I need help from those in the know-how)
Summary: The PC is tethered to the phone for GPRS/3G internet. PuTTY client connects to a SSH server THROUGH the carrier's proxy and opens up a SSH tunnel with dynamic forwarding on port 1080.
What you need :
- PC with Windows or Linux
- PuTTY http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- A simple SSH server directly connected to the internet (could be a modified Linksys WRT54G/GS/GL router with OpenWRT, no need for a PC)
optional - ProxyCap or SocksCap (commercial, look on bittorrent). They force softwares that required DIRECT internet acess to work with this guide
Settings:
1- Your SSH server needs to listen to port 443
2- In Windows go to Control Panel / Internet Options / Connections / LAN Settings / Proxy Server /
-Check the box "Use a Proxy Server for your LAN"
-Click advanced under SOCKS: , write: localhost" with port: 1080
3- In PuTTY
-Session TAB
Hostname = IPaddressOfYourSSHServer
port = 443
-Connection / Proxy
Proxy Type = HTTP
Proxy hostname = YourCarrierProxyAddress
Port = 80 or 8080 (whatever your carrier tells you to put)
-Connection / SSH / Tunnels
At the bottom, select Dynamic & IPv4
Source port = 1080
Click ADD
You should see "4D1080" appear in the white box under "forwarded ports"
-Session
Type any name you want under Saved Sessions
Click "Save" so that anytime you reload Putty, you click ony your sessions and load to restore all the above settings.
Final Step
- Disconnect your PC from any internet access
- Connect your PC to your phone's GPRS/3G internet
- In Putty, load the session and click on OPEN (This should open up a black window with no text)
- Wait a few seconds, you should see a new window asking you if you accept a new KEY for the new host you are connecting to. Click YES
NOTE: this will only happen the first time you connect to the SSH server through GPRS. It will never appear again
- You'll be asked to enter your username and password (those are the ones from your SSH server). You'll then gain SSH terminal access to your SSH server.
- type and enter "top" in your SSH terminal
WHY? : Your carrier's PROXY closes any IDLE connections. "top" makes the SSH server send you the server status every few seconds, keeping the connection active.
- Open internet explorer and see if you can load web pages.
- Congrats, you got non-carrier-proxied non-carrier-cached internet access.
TROUBLESHOOTING
Problem: PuTTY times out when I open my session
Diagnostic: PuTTY cant connect to your SSH server, this could be due to :
- Check if you got the right SSH server IP address
- SSH Server does not listen to TCP port 443
- SSH Server is behind a firewall that blocks port 443
- Your ISP may block port 443 (mine blocks port 80)
- Your wireless carrier may not allow SSL connections, test by loading a HTTPS web page while using their HTTP proxy (find a web page such as ebay, paypal, or whatever that requires an encrypted login, see if HTTPS is in the address bar). You're screwed if its blocked
- Your wireless carrier's proxy might not be on port 80/8080, please check
- Double check your Putty settings for your session.
Problem: PuTTY says "connection not allowed" "permission denied" or something
Diagnostic - Your wireless carrier probably does not allow SSL on 443, or scans your packets to see if it is TRUELY SSL. You're screwed in that case.
Problem: When I type my username and password, I get denied
Diagnostic: you don't know your OWN SSH server's access information, moron
Problem: Im connected to my SSH server, but IE won't load pages
Diagnostic: Either you forgot to set the dynamic port forwarding (review step 3 in settings) or you didn't set the proxy settings in IE (review step 2)
Please make sure you got NO other proxies entered other than in the SOCKS section of IE
WHAT I NEED FOR HELP
As you can see, this is only for using GPRS/3G on a PC/Laptop
Im very close to getting this to work directly on the phone.
PocketPutty is a conversion of PuTTY for WM5/6
http://www.pocketputty.net/
There is no Proxy tab in PocketPutty, but go in the registry
HKEY_current_user/Software/SimonTatham/Putty/Sessions/YourSessionName
This is IDENTICAL to what you'll find on your windows PC if you create a session. Create the proper session on your PC and copy the registry entries onto your phone's registry.
I got it to connect to my SSH server the same way you do on a PC, however, I can't get Pocket IE or any other software to use localhost:1080 socks proxy.
I've tried the obvious "proxy settings" in the connections manager, but IE still tries to connect directly unless I specify a HTTP proxy. Putty cannot do HTTP proxy so I can't just open up a second dynamic port on 80.
I tried in the registry to manually enter data. I noticed that even if you got NO proxy settings, you still got two proxy entries in the registry
HTTP , which uses "new-inet" on 1118
null-corp, which uses "new-corp" on 1118
I've made some tests and come to the conclusion that IE will only listen to the HTTP proxy entry in the registry. However, it will not use it if the "type" is set to "0". Setting it to "4" (SOCKS) gives me an error that IE cannot use my GPRS connection.
Im at loss here since im not a programmer or anything. Im wondering if any programmer/developper/professionals knew anything on the matter. It's only a matter of dynamic forwarding. I know PocketPutty can do it.
I was wondering if this was possible myself... I run a linux server at home and when I am at school/work/etc. I like to use my server as a socks proxy (using the method you stated) in order to get around those pesky firewalls and content filters. I've found that in general I like to tunnel everything through my home ISP's connection. It just 'feels' more secure, albeit a lot slower due to roadrunner's poor upstream bandwidth.
Pocket IE apparently did leave out the SOCKS proxy feature, and I don't know if it's even possible to tunnel through SOCKS on a WinMo phone.
This ancient guide from 1999 says that SOCKS is not implemented on WinCE, but surely this is outdated and useless information, right?
So I ask: Does anyone out there know how to use a SOCKS proxy on a PocketPC?
I don't know how much this will help you, I'm not nearly as advanced, but I saw the word SOCKS and a bell rang. Under Settings > Connections > Connections, when you setup or edit the proxy server, the SOCKS option is at the bottom. I always manually put in the AT&T proxy settings when I need to so it sounded familiar. Hope that helps.
Hey alkizmo !
I think that your idea is not really good, because there is an easier solution, with OpenVPN. This vpn allows you to do HTTP encapsulation, like PuTTY ...
And OpenVPN server/client is faster to install.
TKz said:
Hey alkizmo !
I think that your idea is not really good, because there is an easier solution, with OpenVPN. This vpn allows you to do HTTP encapsulation, like PuTTY ...
And OpenVPN server/client is faster to install.
Click to expand...
Click to collapse
A VPN connection cannot be initiated through a proxy where all ports are blocked except 8080/80/443
VPN is not the solution to proxy bypass.
Then again, go ahead, try to prove me wrong and you'd have found a much simpler solution.
oh and this thread is outdated, I did finalize this project and have it working now.
http://forum.xda-developers.com/showthread.php?t=316890
alkizmo said:
A VPN connection cannot be initiated through a proxy where all ports are blocked except 8080/80/443
VPN is not the solution to proxy bypass.
Then again, go ahead, try to prove me wrong and you'd have found a much simpler solution.
oh and this thread is outdated, I did finalize this project and have it working now.
http://forum.xda-developers.com/showthread.php?t=316890
Click to expand...
Click to collapse
Ok, i know your solution work, but three things :
1. Mine too (sorry, I bypass proxy through vpn)
2. Mine is easier ... that's all !
3. http://ovpnppc.ziggurat29.com/ovpnppc-main.htm
Personaly, I think the problem inlies with the way Pocket PC use proxys. If there was a way to make the Phone use the same proxy for everything it would work. but from what I can tell, the phone choses the right proxy for the right thing. by looking at the proxy settings it has a for Http wap, etc.
Well, the other programs don't work with these proxies, as far as I can tell. The best wayt, IMHO, would be to make a program that routes all connections to one proxy, and maybe then the prxys would work correctly.
TKz said:
Ok, i know your solution work, but three things :
1. Mine too (sorry, I bypass proxy through vpn)
2. Mine is easier ... that's all !
3. (deleted link, no url posting privileges for new members)
Click to expand...
Click to collapse
excellent.
As of this writing, the link is still alive. And the latest release of openvpn ppc is 2.1 released December 10/2009. Or, about a month ago.
see:
the changelog

How to force the use of proxy ?

I want to connect to internet via a wifi proxy running on another computer. I have configured the network as 'Work'. Also configured the proxy at Start->Settings->Connections->Proxy . Also did PIE->Menu->Tool->Options->Connections Select (i.e check) "Automatically Detect Settings".
But PIE keeps connecting directly to internet via wifi. The direct connection also alows the internet access but I want to go via proxy. The setting in PIE "Automatically Detect Setting" uses proxy if there is no direct access to inetrnet.
Any idea how I can force PIE to use proxy instead of direct Wifi access.
Thanks
I do not think it is possible by the sounding of it, it does not seems possible but I could be wrong.
It seems that the use of proxy is dependent on the application implementation. Some application do use proxy and some do not. e.g. PIE uses it but messaging do not.
The behavior is similar to desktop applications. There also each application has its own proxy setting. In WM, apps do not have individual proxy setting, but they chose whether to use proxy or not.
http://msdn.microsoft.com/en-us/library/bb840031.aspx#EstablishingaConnection
Look into function ConnMgrEstablishConnection and dwflags (flags to request proxy)
Now to answer my own question. How to force apps to not to use proxy. There are three ways.
1. Delete all proxy.
2. All set up connection as "work" connection but set up work URL exceptions as */* or *
3. Set up connection as "internet".
Now to force the connection to use proxy. I do not think there is any way to do this. And this is what I wanted to do.

[Q] Has anyone tunneled PPTP VPN connections over a SSH connection?

I'm using CM9 on my galaxy nexus.
I can connect to my PPTP VPN server (my router running tomato) fine without tunneling, both inside my lan, and outside it.
I can connect to my SSH server (again my router), both inside my lan and outside it. And have successfuly forwarded ports before w/ connect bot and remote desktop apps.
But everything I try results in my VPN connection timing out when I try to do it over the SSH tunnel. I have it connecting to localhost on the VPN settings side. And on the connect bot side i am forwarding port 1723 to 192.168.1.1:1723 (which is my routers lan IP).... but it still times out.
Does anyone have any ideas? is this even possible?
bump - so no one has tried to do this?
edit: nevermind, not possible with PPTP http://www.webhostingtalk.com/showthread.php?t=666728
PPTP requires the GRE protocol, which you can't tunnel over SSH. I've googled this extensively and have tried it repeatedly without any success. You could do PPP over SSH, but it's not very easy to set up, and depending on what OSes you're running, it might be out of your reach.
Check out OpenVPN; it runs on both Windows and Linux, uses a single configurable port for communications, and does everything over that port; as long as you can find an unblocked port on your network to use it on, you should be fine.
Click to expand...
Click to collapse

[GUIDE] SSH Proxy with ConnectBot and ProxyDroid

For anyone interested in data security the ability to encrypt network traffic is obviously important-- especially in light of the myriad of recent well publicized reports of private and government electronic snooping. It is also relevant to mention that to date no one has come close to cracking "TwoFish" encryption which can be used by SSH. With this in mind, consider the following tutorial which describes a method for encrypting all 3g, 4g, and Wi-Fi data, thus beefing up phone and personal data security.
Setting up a global SSH Tunnel on Android phones
This tutorial assumes the reader possesses a fully configured SSH server and rooted phone. In lieu of a server, (eg., the reader only has only a Windows-based operating system), research into CYGWIN is recommended. I use CYGWIN to run my SSH server and I have found that it is the most robust option for Windows users; however, setting this up on Windows can be a daunting task.
Setting up global SSH Tunnel on Android
1. Download 2 apps from the Google Playstore: ConnectBot and ProxyDroid
2. Install ConnectBot and ProxyDroid on your phone.
3. In ConnectBot set up Port forwards for your SSH connection. For "Type" field use "Dynamic (SOCKS)." For “Source Port” use 56001 or any local port not being used. The reasoning behind using port 56001 is this: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535)
4. Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001 (or the port you chose to use in step 3)
Proxy Type: SOCKS5
Global Proxy: Check the box
The above procedure accomplishes several things. First, ConnectBot remotely connects to your SSH server. Next, the ConnectBot connection forwards to the local port 56001. ProxyDroid then redirects all network traffic through the localhost on port 56001. Once you are connected through ConnectBot and ProxyDroid is activated all of your data will be tunneled through the encrypted ConnectBot session. This is an excellent way to set up a global proxy because it does not require manual configuration of any applications to connect through the proxy. You can test the functionality of the connection by opening up your phone browser and performing the Google search: What is my IP. If the proxy is functional you will see the WAN IP of the network of your SSH server. Additional and more thorough testing can be done with packet sniffers such as WireShark.
An application called "SSH Tunnel" is an alternative to accomplishing the above. However, I find ConnectBot and ProxyDroid is more elegant and gives better control-- not to mention being more sophisticated/chic. When correctly performed the ConnectBot and ProxyDroid method encrypts all 3g, 4g and Wi-Fi data on your phone. This is obviously useful for phone access of sensitive materials especially using unfamiliar or alien network connections. With the current proliferation of identity theft via electronic snooping on mobile devices I do not advocate using cellular phones for any banking or electronic transactions without setting up a robust and reliable encrypted connection.
I would also add that you need to run connectbot first then run ProxyDroid. If you do it in reverse Connectbot will have problems connecting.
Dr.Tautology said:
For anyone interested in data security the ability to encrypt network traffic is obviously important-- especially in light of the myriad of recent well publicized reports of private and government electronic snooping. It is also relevant to mention that to date no one has come close to cracking "TwoFish" encryption which can be used by SSH. With this in mind, consider the following tutorial which describes a method for encrypting all 3g, 4g, and Wi-Fi data, thus beefing up phone and personal data security.
Setting up a global SSH Tunnel on Android phones
This tutorial assumes the reader possesses a fully configured SSH server and rooted phone. In lieu of a server, (eg., the reader only has only a Windows-based operating system), research into CYGWIN is recommended. I use CYGWIN to run my SSH server and I have found that it is the most robust option for Windows users; however, setting this up on Windows can be a daunting task.
Setting up global SSH Tunnel on Android
1. Download 2 apps from the Google Playstore: ConnectBot and ProxyDroid
2. Install ConnectBot and ProxyDroid on your phone.
3. In ConnectBot set up Port forwards for your SSH connection. For "Type" field use "Dynamic (SOCKS)." For “Source Port” use 56001 or any local port not being used. The reasoning behind using port 56001 is this: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535)
4. Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001 (or the port you chose to use in step 3)
Proxy Type: SOCKS5
Global Proxy: Check the box
The above procedure accomplishes several things. First, ConnectBot remotely connects to your SSH server. Next, the ConnectBot connection forwards to the local port 56001. ProxyDroid then redirects all network traffic through the localhost on port 56001. Once you are connected through ConnectBot and ProxyDroid is activated all of your data will be tunneled through the encrypted ConnectBot session. This is an excellent way to set up a global proxy because it does not require manual configuration of any applications to connect through the proxy. You can test the functionality of the connection by opening up your phone browser and performing the Google search: What is my IP. If the proxy is functional you will see the WAN IP of the network of your SSH server. Additional and more thorough testing can be done with packet sniffers such as WireShark.
An application called "SSH Tunnel" is an alternative to accomplishing the above. However, I find ConnectBot and ProxyDroid is more elegant and gives better control-- not to mention being more sophisticated/chic. When correctly performed the ConnectBot and ProxyDroid method encrypts all 3g, 4g and Wi-Fi data on your phone. This is obviously useful for phone access of sensitive materials especially using unfamiliar or alien network connections. With the current proliferation of identity theft via electronic snooping on mobile devices I do not advocate using cellular phones for any banking or electronic transactions without setting up a robust and reliable encrypted connection.
Click to expand...
Click to collapse
I know that this is an old thread but is there any way to ssh-tunnel wifi traffic only ? Especially "untrusted wifi" traffic only?
Thanks
how to set up connect bot? please can you provide the information in detail?
Okay so I was using this setup of connect-bot and proxy-droid on kit kat. It was working great. I upgraded my phone to lollipop and connectbot would not port forward (the port data would be crossed out after connecting)
I decided to replace connectbot with ssh tunnel in this config
https://play.google.com/store/apps/details?id=org.sshtunnel
it did not work with global proxy in ssh-tunnel so I used proxy-droid like the OP did and it worked.
so basically substituting connect-bot with ssh-tunnel from the OP
setup:
root required
instead of connect-bot configure ssh-tunnel
host= ip address of ssh server
port= 22
user=ssh username
password=ssh passworrd
check use socks proxy box
set proxy port to 56001
do not check global proxy
now configure Proxy droid same as mentioned by OP
Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001
Proxy Type: SOCKS5
Global Proxy: Check the box
this should work great for devices absent of vpn files but have root access
launch and connect ssh-tunnel the proxy-droid. then use a browser to connect to local lan.
I have tested using a rasberry pi running ssh and in sshd_config allowed root access and maybe also tcp forwarding.
I have also tested on dd-wrt 3.0beta with tcp forwarding checked. (ssh is mostly broken/disabled in v2.4)
is there any other option instead of proxy droid ...because proxydroid is not working on Youwave..
Could an app like SSH Tunnel be used without ProxyDroid? I noticed that with ProxyDroid I was able to cloak my IP address at an IP reveal website, but couldn't do so without it. Unfortunately ProxyDroid requires root, which my current phone does not have. What good would SSH Tunnel be without ProxyDroid?
Not solve the problem, when ConnectBot connects first, and I enable SocksDroid second. ConnectBot will drop the SSH connection.
It's tool late, but the problem solved:
On SocksDroid, need select: Per-App proxy and select BypassMode, and add org.connectbot (NOT only ConnectBot) to the App List. With this settings, ConnectBot ALWAYS bypass the proxy.
Tesetd, working satble.

Categories

Resources