First, let me apologize if solutions to this problem have already been posted on this forum and elsewhere. I developed this solution completely independently, and I am sharing it here in hopes that it may prove useful to someone else.
This pair of scripts will allow you to share your phone's Internet connection with a computer via a USB cable. It definitely works when the computer is running Linux (assuming you have RNDIS support in your kernel), and it should work as well when the computer is running Windows. However, it will not work with Mac, as OS X does not have an RNDIS driver.
First, upload these two scripts to your /sdcard:
/sdcard/usb_tether_start.sh:
Code:
#!/system/bin/sh
prevconfig=$(getprop sys.usb.config)
if [ "${prevconfig}" != "${prevconfig#rndis}" ] ; then
echo 'Is tethering already active?' >&2
exit 1
fi
echo "${prevconfig}" > /cache/usb_tether_prevconfig
setprop sys.usb.config 'rndis,adb'
until [ "$(getprop sys.usb.state)" = 'rndis,adb' ] ; do sleep 1 ; done
ip rule add from all lookup main
ip addr flush dev rndis0
ip addr add 192.168.2.1/24 dev rndis0
ip link set rndis0 up
iptables -t nat -I POSTROUTING 1 -o rmnet0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
dnsmasq --pid-file=/cache/usb_tether_dnsmasq.pid --interface=rndis0 --bind-interfaces --bogus-priv --filterwin2k --no-resolv --domain-needed --server=8.8.8.8 --server=8.8.4.4 --cache-size=1000 --dhcp-range=192.168.2.2,192.168.2.254,255.255.255.0,192.168.2.255 --dhcp-lease-max=253 --dhcp-authoritative --dhcp-leasefile=/cache/usb_tether_dnsmasq.leases < /dev/null
/sdcard/usb_tether_stop.sh:
Code:
#!/system/bin/sh
if [ ! -f /cache/usb_tether_prevconfig ] ; then
echo '/cache/usb_tether_prevconfig not found. Is tethering really active?' >&2
exit 1
fi
if [ -f /cache/usb_tether_dnsmasq.pid ] ; then
kill "$(cat /cache/usb_tether_dnsmasq.pid)"
rm /cache/usb_tether_dnsmasq.pid
fi
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -D POSTROUTING 1
ip link set rndis0 down
ip addr flush dev rndis0
ip rule del from all lookup main
setprop sys.usb.config "$(cat /cache/usb_tether_prevconfig)"
rm /cache/usb_tether_prevconfig
while [ "$(getprop sys.usb.state)" = 'rndis,adb' ] ; do sleep 1 ; done
To start USB tethering:
Code:
adb shell "su -c 'sh /sdcard/usb_tether_start.sh'"
Grant the superuser request on the phone if one appears.
If you're on Linux, you'll see a new network interface appear (probably called "usb0"). Bring the link up on that interface (ip link set usb0 up), run a DHCP client, and you're all set!
If you're on Windows, it will probably Just Work™.
To stop USB tethering:
Code:
adb shell "su -c 'sh /sdcard/usb_tether_stop.sh'"
Again, grant the superuser request on the phone if one appears.
That's it!
OMG !!!!
You rock ! This solution is the FIRST one which works on my international i9300 device (not a 'Sprint' version) with cm10.1.
I can't understand why ... but i'll keep your script on my ext SDCard.
I'll prupose this script to french cm10.1 users.
Thank you!
OS X does not have an RNDIS driver? really?
...OS X does not have an RNDIS driver...
Click to expand...
Click to collapse
Please have a look at HoRNDIS: USB tethering driver for Mac OSX (it even supports modern/recent OSX versions!) @ hxxp://joshuawise.com/horndis (unable to embed inline URL link due to new user restriction)
whitslack said:
First, let me apologize if solutions to this problem have already been posted on this forum and elsewhere. I developed this solution completely independently, and I am sharing it here in hopes that it may prove useful to someone else.
This pair of scripts will allow you to share your phone's Internet connection with a computer via a USB cable. It definitely works when the computer is running Linux (assuming you have RNDIS support in your kernel), and it should work as well when the computer is running Windows. However, it will not work with Mac, as OS X does not have an RNDIS driver.
First, upload these two scripts to your /sdcard:
/sdcard/usb_tether_start.sh:
Code:
#!/system/bin/sh
prevconfig=$(getprop sys.usb.config)
if [ "${prevconfig}" != "${prevconfig#rndis}" ] ; then
echo 'Is tethering already active?' >&2
exit 1
fi
echo "${prevconfig}" > /cache/usb_tether_prevconfig
setprop sys.usb.config 'rndis,adb'
until [ "$(getprop sys.usb.state)" = 'rndis,adb' ] ; do sleep 1 ; done
ip rule add from all lookup main
ip addr flush dev rndis0
ip addr add 192.168.2.1/24 dev rndis0
ip link set rndis0 up
iptables -t nat -I POSTROUTING 1 -o rmnet0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
dnsmasq --pid-file=/cache/usb_tether_dnsmasq.pid --interface=rndis0 --bind-interfaces --bogus-priv --filterwin2k --no-resolv --domain-needed --server=8.8.8.8 --server=8.8.4.4 --cache-size=1000 --dhcp-range=192.168.2.2,192.168.2.254,255.255.255.0,192.168.2.255 --dhcp-lease-max=253 --dhcp-authoritative --dhcp-leasefile=/cache/usb_tether_dnsmasq.leases < /dev/null
/sdcard/usb_tether_stop.sh:
Code:
#!/system/bin/sh
if [ ! -f /cache/usb_tether_prevconfig ] ; then
echo '/cache/usb_tether_prevconfig not found. Is tethering really active?' >&2
exit 1
fi
if [ -f /cache/usb_tether_dnsmasq.pid ] ; then
kill "$(cat /cache/usb_tether_dnsmasq.pid)"
rm /cache/usb_tether_dnsmasq.pid
fi
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -D POSTROUTING 1
ip link set rndis0 down
ip addr flush dev rndis0
ip rule del from all lookup main
setprop sys.usb.config "$(cat /cache/usb_tether_prevconfig)"
rm /cache/usb_tether_prevconfig
while [ "$(getprop sys.usb.state)" = 'rndis,adb' ] ; do sleep 1 ; done
To start USB tethering:
Code:
adb shell "su -c 'sh /sdcard/usb_tether_start.sh'"
Grant the superuser request on the phone if one appears.
If you're on Linux, you'll see a new network interface appear (probably called "usb0"). Bring the link up on that interface (ip link set usb0 up), run a DHCP client, and you're all set!
If you're on Windows, it will probably Just Work™.
To stop USB tethering:
Code:
adb shell "su -c 'sh /sdcard/usb_tether_stop.sh'"
Again, grant the superuser request on the phone if one appears.
That's it!
Click to expand...
Click to collapse
what is the difference between this and native tethering?
for rooted stock roms
http://forum.xda-developers.com/showthread.php?t=2224083
this is the by far the easiest..
Related
HOW TO MAKE A OPENVPN CONNECTION
(you must use latest kernel - since 2010-08-18 it is integrated (tun module must be integrated in kernel mdules)
-> system/lib/modules/tun.ko)
kernel: htc-msm-linux-20100818_135751-package.tar or newer needed (because there the tun module is included)
1.) install of "openvpn" binary.
we do this manually
a) download openvpn.zip and copy the file: "openvpn" to directory "/sdcard/openvpn"
b) then set the execute writes via:
chmod +x /system/bin/openvpn
2.) some special settings - i do it via a start script -> /sdcard/conf/froyo.user.conf
(see there for the custom_shells part ...)
Code:
# custom shell commands, these commands run last
custom_shells{
#openvpn (ifconfig and route is needed)
mkdir /system/xbin/bb
ln -s /bin/busybox /system/xbin/ifconfig
ln -s /bin/busybox /system/xbin/bb/ifconfig
ln -s /system/bin/route /system/xbin/route
ln -s /system/bin/route /system/xbin/bb/route
#modprobe
modprobe tun
}
3.) copy your openvpn config files to directory /sdcard/openvpn
( my config file looks like: (for the client))
Code:
dev tap
dev-node /dev/tun
proto tcp-client
tls-client
#your server ip + port
remote 123.123.123.123 443
tls-auth /sdcard/openvpn/srv3.xxx.com_ta.key 1
ca /sdcard/openvpn/srv3.xxx.com_ca.crt
cert /sdcard/openvpn/srv3.xxx.com_rlt3.crt
key /sdcard/openvpn/srv3.xxx.com_rlt3.key
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
redirect-gateway
comp-lzo
verb 3
status /sdcard/openvpn/srv3.xxx.com_rlt3_status.log
log-append /sdcard/openvpn/srv3.xxx.com_rlt3.log
only for your info (my server config)
Code:
port 443
dev tap0
proto tcp-server
mode server
tls-server
tls-auth /etc/openvpn/srv3.xxx.com_ta.key 0
ca /etc/openvpn/srv3.xxx.com_ca.crt
cert /etc/openvpn/srv3.xxx.com.crt
key /etc/openvpn/srv3.xxx.com.key
dh /etc/openvpn/srv3.xxx.com_dh1024.pem
crl-verify /etc/openvpn/srv3.xxx.com_crl.pem
client-config-dir client-config
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
keepalive 10 60
ping-timer-rem
persist-key
persist-tun
push "ping 10"
push "ping-restart 60"
push "ping-timer-rem"
mute 50
comp-lzo
status-version 2
status /var/log/openvpn/srv3.xxx.com_openvpn-status.log
log /var/log/openvpn/srv3.xxx.com_openvpn.log
verb 3
ifconfig 192.168.23.1 255.255.255.0
ifconfig-pool 192.168.23.2 192.168.23.9
push "route 192.168.23.0 255.255.255.0"
push "dhcp-option DNS 192.168.23.1"
push "dhcp-option DOMAIN vpn.xxx.com"
#Turn this on, if you want that all traffic goes over VPN
#push "route-gateway 192.168.23.1"
#push "redirect-gateway"
client-to-client
#using multiple cn's (no limited to single access via one cert files)
duplicate-cn
4.) install of "openvpn settings" from market place
then start app: "openvpn settings"
then configure there:
-> Load tun kernel adapter -> OFF
-> TUN modules settings: (not needed)
-> load module using -> modprobe (not needed)
-> path to tun module -> tun (not needed)
-> Path to configuration -> /sdcard/openvpn
-> Path to openvpn binary -> /sdcard/openvpn/openvpn
5.) Then you should see your config file and you can click it to start.
That's it
EDIT on 23.08.2010 + 30.08.2010
good article!
pride2 said:
good article!
Click to expand...
Click to collapse
maybe it should not iunder HTC HD, but anyhow ... if someone need it, he will find it -> search function is your friend
pride2 said:
good article!
Click to expand...
Click to collapse
Yeah it is a quite good article...
But there is one thing I don't understand... Or two...
Firstly... Why we have to link "route" and "ifconfig" twice?
Secondly... Why we have to link "/system/xbin/route" to "/system/xbin/route"?
In my opinion this will cause something like a loop which makes the command not executable... Could that be right?
Many regards
Crusoe86 said:
Yeah it is a quite good article...
But there is one thing I don't understand... Or two...
Firstly... Why we have to link "route" and "ifconfig" twice?
Secondly... Why we have to link "/system/xbin/route" to "/system/xbin/route"?
In my opinion this will cause something like a loop which makes the command not executable... Could that be right?
Many regards
Click to expand...
Click to collapse
the route is used by hardcoded path "/system/xbin/bb" from static "openvpn"
so, i was not sure if it is system/xbin or /system/xbin/bb, so i prefer to make both lnk's.
but addtional - i madea mistake, it is changed on first posting.
the mistakes are:
1.) openvpn-installer doesn't install conrrectly -> so, i did it manually
now.work
2.) ln was wrong: now the correct lnk's are:
ln -s /bin/busybox /system/xbin/ifconfig
ln -s /bin/busybox /system/xbin/bb/ifconfig
ln -s /system/bin/route /system/xbin/route
ln -s /system/bin/route /system/xbin/bb/route
cu camel
I have the leaked 2.2 stock Froyo on my Incredible.
I get this after it authenticates:
FATAL: Cannot allocate TUN/TAP dev dynamically
Any ideas? I'm guessing it doesn't have the tun driver.
PokerMunkee said:
I have the leaked 2.2 stock Froyo on my Incredible.
I get this after it authenticates:
FATAL: Cannot allocate TUN/TAP dev dynamically
Any ideas? I'm guessing it doesn't have the tun driver.
Click to expand...
Click to collapse
EDIT:
please check my first posting (updated ...)
also as i can see - often the problem is to install the openvpn as executable, and also to "modprobe tun".
therefoore you can also add to your /sdcard/conf/froyo.user.conf like me:
(see there for the custom_shells part ...)
# custom shell commands, these commands run last
custom_shells{
#openvpn (ifconfig and route is needed)
mkdir /system/xbin/bb
ln -s /bin/busybox /system/xbin/ifconfig
ln -s /bin/busybox /system/xbin/bb/ifconfig
ln -s /system/bin/route /system/xbin/route
ln -s /system/bin/route /system/xbin/bb/route
#modprobe
modprobe tun
#map the executable openvpn file to /system/xbin or bin
mount --bind /sdcard/openvpn/openvpn /system/xbin/openvpn
}
############
sure maybe some links are not needed - not sure what you have set ..
and of course - you can make it more cleaner as me ... but it is working fine enough for me.
cu camel
I just compiled a tun.ko and got OpenVPN working on the Tmobile Gslate! so I thought I would share:
1- Rooted (thanks to Chandon)
http://forum.xda-developers.com/showthread.php?t=1065882
2- Install tun.ko (Attached below)
download and unzip
Code:
adb remount
adb push tun.ko /system/lib/modules
adb shell
chmod 755 /system/lib/modules/tun.ko
Note: This tun module was built for kernel 2.6.36.3+
3- Install BusyBox using BusyBox Installer (from Market)
Install to /system/xbin
4- Install OpenVPN using OpenVPN Installer (from Market)
Install binary to /system/xbin
Install route to /system/xbin/bb
5- Install OpenVPN Settings (from Market)
6- Install OpenVPN static binary:
Download Static openvpn
Un-bz2 the file (7-Zip on Windows | bunzip2 on linux)
Code:
adb remount
adb push openvpn-static /system/xbin/openvpn
adb shell
chmod 555 /system/xbin/openvpn
7- Link Busybox ifconfig and route to /system/xbin/bb
Code:
adb shell
su
mkdir /system/xbin/bb
ln -s /system/xbin/ifconfig /system/xbin/bb/ifconfig
ln -s /system/xbin/route /system/xbin/bb/route
8- Setup OpenVPN Settings (from Market)
OpenVPN settings > Advanced > Load tun kernel module <- turn ON
OpenVPN settings > Advanced > TUN module settings
Load module using - insmod
Path to tun module - /system/lib/modules/tun.ko
9- copy your .conf files to /sdcard/openvpn
REBOOT
CONNECT!~
Extra for SMB mounters : Cifs.ko ! - Attached!
Edit: June 5 '11 - Extra for Asian users : nls_utf8.ko - Attached!
Well, I'm able to connect to my OpenVPN server now, but there must be something different in the binary..."client.conf: Connected" keeps spamming the notification area. Are you having this problem?
On a related note - I've got a couple other options, if I can get my cross-compiling tools set up correctly...I could use SonicWALL's NetExtender app, but that needs ppp_async and ppp_synctty built. I also wanted to be able to talk to a Windows-friendly PoPToP VPN server, but I suspect I'd need the ppp_mppe.ko built for that.
I tried compiling the whole kernel with the options I've mentioned, but I don't think I did it right...the make went all the way through, but I was using the gcc 4.4.3 eabi set in the SDK/NDK toolset. Since then, I've been trying to set things up according notes I found at K's Cluttered loft ( at triple-w dot (noob html limitation workaround) ailis.de/~k/archives/19-ARM-cross-compiling-howto dot HyperText Markup Language ) but start encountering problems when I try to build glibc...do you know of any instructions/tutorials which might help to educate this n00b (aye, that be me) in the fine art of ARM cross compiling?
bealesbane said:
Well, I'm able to connect to my OpenVPN server now, but there must be something different in the binary..."client.conf: Connected" keeps spamming the notification area. Are you having this problem?
On a related note - I've got a couple other options, if I can get my cross-compiling tools set up correctly...I could use SonicWALL's NetExtender app, but that needs ppp_async and ppp_synctty built. I also wanted to be able to talk to a Windows-friendly PoPToP VPN server, but I suspect I'd need the ppp_mppe.ko built for that.
I tried compiling the whole kernel with the options I've mentioned, but I don't think I did it right...the make went all the way through, but I was using the gcc 4.4.3 eabi set in the SDK/NDK toolset. Since then, I've been trying to set things up according notes I found at K's Cluttered loft ( at triple-w dot (noob html limitation workaround) ailis.de/~k/archives/19-ARM-cross-compiling-howto dot HyperText Markup Language ) but start encountering problems when I try to build glibc...do you know of any instructions/tutorials which might help to educate this n00b (aye, that be me) in the fine art of ARM cross compiling?
Click to expand...
Click to collapse
Yeah I have that spamming problem too .. always have with the honeycomb tablets.
I used 4.4.0 eabi, and had to hard code the localversion in the setlocalversion file and absolute path to the eabi modules in the makefile to get it to cross compile
I built and attached the ppp_async.ko , ppp_synctty.ko , ppp_mppe.ko for you (I did not test a insmod as I built and tested the cifs and tun on a friends tablet - do let me know if these work!)
That's great! Thanks for putting those together. All of the modules you created insert fine with insmod (this version of busybox still has an issue with modprobe running on this tablet, suspect may be related to self-referring parameter, but hope to experiment more later) with the exception of mppe. That one comes back with "insmod: init_module '/system/lib/modules/ppp_mppe.ko' failed (File exists)".
This, however, may not be due to the module itself, strictly speaking. The other two, which are presented by SonicWALL as a workaround to their proprietary VPN app, inserted fine, but still produce an I/O error when a connection is attempted...closer inspection of the app's log reveals a similar complaint under the hood:
06-01 08:01:36.848 I/NetExtender.ppp( 8207): Nxhelper: start pppd main routine
06-01 08:01:36.858 D/NetExtender.ppp( 8207): using channel 1
06-01 08:01:36.858 E/NetExtender.ppp( 8207): Couldn't create new ppp unit: File exists
06-01 08:01:36.858 I/NetExtender.ppp( 8207): Nxhelper: pppd hung up, notify the service
My off the wall guess, pending further investigation, is that inserting mppe, or trying to initialize the other two, results in an attempt to create a device handle which is not being properly enumerated? ( i.e., attempting to create an instance of /dev/ppp, which already exists, instead of a new handle, say, /dev/ppp0, ppp1, etc.) Again, just theorizing blindly at this point - but you've certainly given me a great deal to work with, and I say thank ya big big.
I'll update you with any progress I make here, but at least for the time being I still have basic connectivity to one of my networks, and I can do much with that. And the cifs module works a treat as well!
In the meantime, a simple script allows me to toggle the VPN on and off without being annoyed by the spamming...then I add a widget to the script using ScriptManager (from the market) and viola! Look ma, no hands!
Code:
#!/system/bin/sh
BB="/system/xbin/busybox"
VPN="/system/xbin/openvpn"
TUNDTL=`$BB ifconfig tun0 2>&1`
RESULT=$?
if [ $((RESULT)) -eq 1 ]; then
$VPN --config /mnt/sdcard/openvpn/client.conf --daemon MYVPN
else
VPNPID=`ps openvpn | grep "^root"`
VPNPID=`echo $VPNPID | cut -d" " -f2`
if [ $((VPNPID)) -gt 99 ]; then
$BB kill -KILL $VPNPID
fi
fi
exit
(Just for anyone who doesn't want to wait until OpenVPN Settings gets a bugfix for Honeycomb. Obviously, adjust locations as needed. Oh, and don't give the script a name that starts with "openvpn"...unless you WANT a kamikaze script. This simple script obviously wouldn't work for multiple tunnels, (if they're even supported), but it does ya fine for the basic config.)
awesome idea for the spamming .. sadly I have 8 openVPN servers I switch between so i have to put up with the spamming.. any idea what the reason of the spamming is? maybe contact the dev?
The source for the app is available at 'code.google.com/p/android-openvpn-settings'. The issue has been reported already by a few people (issue 70), but it looks like there are quite a few other issues reported, so no telling if or when Mr. Schäuffelhut will have a chance to review it. It seems like it would be a good starter project for a would-be contributor...I haven't done any java developing, but it seems like it would be easier to isolate our issue and tweak it than bloat my simple script to allow multiple PIDs to be tracked and toggled...though the latter is certainly possible, and after I get my second OpenVPN server online (Audiogalaxy offline for better part of day yesterday, need to make myself independent of that), if the Java is too daunting I just may do so. So many tempting projects, so little time.
Simple VPN handler script to tide us over until 0.4.8 or more in OpenVPN-Settings
Ok, since you were so kind as to compile those extra modules for me, I figure the least I can do is give you something in return. Here's a simple VPN handler to manage multiple tunnels. Filenames for config files are entered relative to the CFGS folder, and module load/remove is manual rather than auto...and I put in connection sharing, as I'm using it this way...but it'll certainly let you use as many tunnels as the kernel will let you work with.
As always, the standard, 'you take your life into your own hands if you use this code, not responsible for problems up to and including user death' disclaimer applies. It seems to be working for me, though I'm only using 2 VPN's ATM.
Good luck! (Will still let you know if I make any progress in Java Dev)
Code:
[email protected]: /data/local/bin > cat ./vpnhandler
#!/system/bin/sh
export BB="/system/xbin/busybox"
export VPN="/system/xbin/openvpn"
export MODS="/system/lib/modules"
export CFGS="/mnt/sdcard/openvpn"
export SPACES=" "
LOOPBACK=0
while [ $((LOOPBACK)) -eq 0 ]; do
LOOPBACK=1
CIFMOD=`$BB lsmod | grep -c "^cifs"`
if [ $((CIFMOD)) -eq 0 ]; then CIFMOD="Load"; else CIFMOD="Remove"; fi
TUNMOD=`$BB lsmod | grep -c "^tun"`
if [ $((TUNMOD)) -eq 0 ]; then TUNMOD="Load"; else TUNMOD="Remove"; fi
clear
echo "Simple VPN Handler"
echo "=================="
echo
echo "ACT # Tunnel Name Configuration File "
echo "--- --- -------------------- ------------------------------"
while read vpndefs; do
TUNNO=`echo "${vpndefs}" | cut -d"~" -f1`
TUNNAME=`echo "${vpndefs}" | cut -d"~" -f2`
TUNCFG=`echo "${vpndefs}" | cut -d"~" -f3`
TUNSTAT=`$BB ps w | grep openvpn | grep -c "\-\-daemon ${TUNNAME}\$"`
if [ $((TUNSTAT)) -eq 1 ]; then TUNSTAT="*"; else TUNSTAT=" "; fi
DISPLINE=" ${TUNSTAT} ${SPACES:0:$((3-${#TUNNO}))}${TUNNO} ${TUNNAME}${SPACES:0:$((22-${#TUNNAME}))}${TUNCFG}"
echo "${DISPLINE}"
done < "${CFGS}/cfglist"
echo
echo "_______________________________________________________________"
echo
echo " A - Add a new tunnel definition"
echo " D - Delete an existing tunnel "
echo " C - ${CIFMOD} CIFS Module "
echo " T - ${TUNMOD} TUN Module "
echo " S - Share tap0 to eth0 traffic "
echo " X - Break traffic forwarding "
echo " Q - Quit "
echo
echo -n " Select action, or a tunnel number to toggle on or off : "
read actkey
if [ "$actkey" = "C" -o "$actkey" = "c" ]; then
LOOPBACK=0
if [ "$CIFMOD" = "Load" ]; then
LOADMOD=`$BB insmod ${MODS}/cifs.ko 2>&1`
else LOADMOD=`/system/bin/toolbox rmmod cifs.ko 2>&1`
fi
fi
if [ "$actkey" = "T" -o "$actkey" = "t" ]; then
LOOPBACK=0
if [ "$TUNMOD" = "Load" ]; then
LOADMOD=`$BB insmod ${MODS}/tun.ko 2>&1`
else LOADMOD=`/system/bin/toolbox rmmod tun.ko 2>&1`
fi
fi
if [ "$actkey" = "S" -o "$actkey" = "s" ]; then
LOOPBACK=0
iptables -F; iptables -t nat -F; iptables -X; iptables -t nat -X
echo 1 | tee /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
iptables -A FORWARD -i eth0 -j ACCEPT
fi
if [ "$actkey" = "X" -o "$actkey" = "x" ]; then
LOOPBACK=0
iptables -F; iptables -t nat -F; iptables -X; iptables -t nat -X
echo 0 | tee /proc/sys/net/ipv4/ip_forward
fi
if [ "$actkey" = "A" -o "$actkey" = "a" ]; then
LOOPBACK=0
echo; echo -n " Enter tunnel number to assign : "; read TUNNO
TUNCHK=`cat "${CFGS}/cfglist" | grep -c "^${TUNNO}~"`
if [ $((TUNCHK)) -eq 0 ]; then
echo; echo -n " Enter a name for the tunnel : "; read TUNNAME
echo; echo -n " Enter filepath/name for config file (relative to ${CFGS}) : "; read TUNCFG
echo "${TUNNO}~${TUNNAME}~${TUNCFG}" >> "${CFGS}/cfglist"
else echo -n " That number is already in use. "; read TUNNO
fi
fi
if [ "$actkey" = "D" -o "$actkey" = "d" ]; then
LOOPBACK=0
echo; echo -n " Enter tunnel number to delete : "; read TUNNO
TUNCHK=`cat "${CFGS}/cfglist" | grep -c "^${TUNNO}~"`
if [ $((TUNCHK)) -eq 0 ]; then
echo -n " That number is not currently in use. "; read TUNNO
else vpndefs=`cat "${CFGS}/cfglist" | grep "^${TUNNO}~"`
TUNNAME=`echo "${vpndefs}" | cut -d"~" -f2`
TUNSTAT=`$BB ps w | grep openvpn | grep -c "\-\-daemon ${TUNNAME}\$"`
if [ $((TUNSTAT)) -gt 0 ]; then
echo; echo -n " Tunnel is active. Turn off before deleting."; read TUNNO
else RESULT=`cat "${CFGS}/cfglist" | egrep -v "^${TUNNO}~" > "${CFGS}/cfglist.tmp"`
$BB mv -f "${CFGS}/cfglist.tmp" "${CFGS}/cfglist"
fi
fi
fi
if [ "$actkey" = "Q" -o "$actkey" = "q" ]; then LOOPBACK=0; fi
if [ $((LOOPBACK)) -eq 1 ]; then
TUNCHK=`cat "${CFGS}/cfglist" | grep -c "^${actkey}~"`
LOOPBACK=0
if [ $((TUNCHK)) -eq 0 ]; then
echo -n " That number is not currently in use. "; read TUNNO
else TUNNO="${actkey}"
vpndefs=`cat "${CFGS}/cfglist" | grep "^${TUNNO}~"`
TUNNAME=`echo "${vpndefs}" | cut -d"~" -f2`
TUNCFG=`echo "${vpndefs}" | cut -d"~" -f3`
TUNSTAT=`$BB ps w | grep openvpn | grep -c "\-\-daemon ${TUNNAME}\$"`
if [ $((TUNSTAT)) -gt 0 ]; then
VPNPID=`$BB ps w | grep openvpn | grep "\-\-daemon ${TUNNAME}"`
VPNPID=`echo $VPNPID | cut -d" " -f1`
if [ $((VPNPID)) -gt 99 ]; then
RESULT=`$BB kill -KILL $VPNPID`
fi
else RESULT=`$VPN --config "${CFGS}/${TUNCFG}" --daemon "${TUNNAME}"`
fi
fi
fi
if [ "$actkey" = "Q" -o "$actkey" = "q" ]; then LOOPBACK=1; fi
done
exit
Note: It'll throw out some screen errors if you don't have a zero length file in $CFGS/cfglist, but it'll let you add your first tunnel anyway. (Didn't bother to trap for that.)
Oh, and ScriptManager doesn't seem to like digging for scripts in /data/local/bin, but doesn't appear to have a problem executing things in /mnt/sdcard, even though I don't seem to be able to set the execute bit on any file in that fs. There's reference in Google of known glitch in some kernels that cause fs' mounted with the 'default_permissions,allow_other' flags to behave strangely. If they ever fix that, you may need to relocate, that's all.
Note also that the "ACT" column which denotes 'active' tunnels with an '*' only verifies that there is a process running with the designated label name. At this time, actual connectivity is left to you to determine.
it's very helpful, thanks very much!!
but could you compile nls_utf8.ko too? please
You should try and come up with a working recovery!
Sent from my LG-V909 using XDA Premium App
bealesbane said:
Ok, since you were so kind as to compile those extra modules for me, I figure the least I can do is give you something in return. Here's a simple VPN handler to manage multiple tunnels. Filenames for config files are entered relative to the CFGS folder, and module load/remove is manual rather than auto...and I put in connection sharing, as I'm using it this way...but it'll certainly let you use as many tunnels as the kernel will let you work with.
As always, the standard, 'you take your life into your own hands if you use this code, not responsible for problems up to and including user death' disclaimer applies. It seems to be working for me, though I'm only using 2 VPN's ATM.
Good luck! (Will still let you know if I make any progress in Java Dev....
Click to expand...
Click to collapse
Bealsbane way to go man, that is far more code than I could figure out! now i feel like i owe you a beer! haha .. I tried the code but it helps to have a gui currently .. i although do have alot of Java experience and possibly you and I could get a new OpenVPN Settings/Installer for gingerbread/honeycomb based devices!
once again thanks!
aureole999 said:
it's very helpful, thanks very much!!
but could you compile nls_utf8.ko too? please
Click to expand...
Click to collapse
Added to the first Post .. please test it and let me know if it works! good luck!
edit: tested by aureole999 and confirmed working
Excellent work ru1dev. I just added this thread to the G-Slate XDA bit.ly bundle. Would you mind if I posted a link to it over on G-SlateFans?
Bling_Diggity said:
Excellent work ru1dev. I just added this thread to the G-Slate XDA bit.ly bundle. Would you mind if I posted a link to it over on G-SlateFans?
Click to expand...
Click to collapse
Go ahead as long as it is a link back to the OP. Thanks for spreading the knowledge
please dont bash me as i know im a little off topic but hi everyone i have a major issue with my rooted gslate.if anyone can help it would be greatly appreciated. i downloaded cw from the market and when it askes you for compatibility i accedently chose the option (lg optimus 3d) thinking it was for my gslate and now after i turned off the gslate and go to turn it back on its stuck on LG blackscreen and says
[HasValidKernelImage] Magic value mismatch:
[DetectOperatingSystems]kernel image is invalid !!!
Starting Fastboot USB download protocol
Ive looked all over the internet and cant find anything to help me out so please can someone help me.
maybe a way to nvflash the proper kernel back.
tun.ko checksum
Hi guys, can anybody please post the md5sum output of the tun.ko? even though im using the same kernel, i cannot load the module on my g-slate. thanks
jomnoc said:
Hi guys, can anybody please post the md5sum output of the tun.ko? even though im using the same kernel, i cannot load the module on my g-slate. thanks
Click to expand...
Click to collapse
md5 - 3daf2d134dc2ae6c4a40fe3d8ac49344
Thanks! I have 6707fd6a79cc849d13e8dd4016f96028 .... ideas? can you upload your file? Thanks again
jomnoc said:
Thanks! I have 6707fd6a79cc849d13e8dd4016f96028 .... ideas? can you upload your file? Thanks again
Click to expand...
Click to collapse
yes that is the md5 for the tun.ko .. in a rush i gave you the md5 for the zip of the tun.ko previously. are you sure you are running kernel 2.6.36.3+
it has to be exactly that kernel..with the '+' on the end
yes i am. or i was haha.. it was a friend's tablet. but it certainly had that kernel version. thanks for the help. if i get it again i may ask for help
hello,I am using tigra rom android 4.3...I can't change my dns with the usual method,both apps and manual in advanced setting ,,anyone can help me with this?
rulsfabre said:
hello,I am using tigra rom android 4.3...I can't change my dns with the usual method,both apps and manual in advanced setting ,,anyone can help me with this?
Click to expand...
Click to collapse
An article say, The Dns part of the 4.3 OS has been changed significantly, so the usual methode not working anynore
change Dns without root
ayahmayra said:
An article say, The Dns part of the 4.3 OS has been changed significantly, so the usual methode not working anynore
Click to expand...
Click to collapse
There is this app that without root change dns:
set google's dns
play.google.com/store/apps/details?id=com.dnset
pro user set dns:
play.google.com/store/apps/details?id=com.dnsetpro
adfadf89 said:
There is this app that without root change dns:
set google's dns
play.google.com/store/apps/details?id=com.dnset
pro user set dns:
play.google.com/store/apps/details?id=com.dnsetpro
Click to expand...
Click to collapse
thank bro!!!! it's working for me
Change your DNS servers in Android.
You can change the same thing on your rooted Android Device.
[email protected]:/ # ndc resolver flushif -- flushes old DNS servers
[email protected]:/ # ndc resolver flushdefaultif -- flush resolver
[email protected]:/ # ndc resolver setifdns <iface> <domains> <dns1> <dns2> ... -- Add the new servers
[email protected]:/ # ndc resolver setdefaultif -- Set as the default device
rulsfabre said:
hello,I am using tigra rom android 4.3...I can't change my dns with the usual method,both apps and manual in advanced setting ,,anyone can help me with this?
Click to expand...
Click to collapse
Change your DNS servers in Android.
You can change the same thing on your rooted Android Device.
With root privileges and a terminal app or (adb shell):
[email protected]:/ # ndc resolver flushif -- flushes old DNS servers
[email protected]:/ # ndc resolver flushdefaultif -- flush resolver
[email protected]:/ # ndc resolver setifdns <iface> <domains> <dns1> <dns2> ... -- Add the new servers
[email protected]:/ # ndc resolver setdefaultif -- Set as the default device
---
If you liked my post, then don't hesitate to hit the thanks button
I've been struggling with this issue in these days.
As you said, something is significantly changed in Android 4.3+
None of programs I tried so far worked.
This is my solution, not noob friendly!
adb shell
su
mount -o remount,rw /system
vi /etc/dhcpcd/dhcpcd-hooks/20-dns.conf
in vi editor you'll see set_dns_props() funtion which sets up dns servers when a wifi connection is established.
Code:
set_dns_props()
{
case "${new_domain_name_servers}" in
"") return 0;;
esac
count=1
for i in 1 2 3 4; do
setprop dhcp.${intf}.dns${i} ""
done
count=1
for dnsaddr in ${new_domain_name_servers}; do
setprop dhcp.${intf}.dns${count} ${dnsaddr}
count=$(($count + 1))
done
separator=" "
if [ -z "$new_domain_name" ]; then
separator=""
else
if [ -z "$new_domain_search" ]; then
separator=""
fi
fi
setprop dhcp.${interface}.domain "${new_domain_name}$separator${new_domain_search}"
}
as you see new_domain_name_servers contains dns servers array
add this line
Code:
new_domain_name_servers="8.8.4.4 8.8.8.8 $new_domain_name_servers"
function will be like below
Code:
set_dns_props()
{
new_domain_name_servers="8.8.4.4 8.8.8.8 $new_domain_name_servers"
case "${new_domain_name_servers}" in
"") return 0;;
esac
count=1
for i in 1 2 3 4; do
setprop dhcp.${intf}.dns${i} ""
done
count=1
for dnsaddr in ${new_domain_name_servers}; do
setprop dhcp.${intf}.dns${count} ${dnsaddr}
count=$(($count + 1))
done
separator=" "
if [ -z "$new_domain_name" ]; then
separator=""
else
if [ -z "$new_domain_search" ]; then
separator=""
fi
fi
setprop dhcp.${interface}.domain "${new_domain_name}$separator${new_domain_search}"
}
Edit: in vi editor
press i to edit mode. Make your changes then press esc. type :wq to write/exit
@ [email protected]:
Thank you very much, works in 4.4.2 on a LG G2, too.
(And if you use Root-Explorer, you don't need adb and vi, the File-Editor of Root-Explorer is easier IMHO.)
Needed that to use a home dnsmasq Server to access an internal owncloud Server with a router without NAT-Loopback.
PS:
A reboot is needed to make that work.
Override DNS for KitKat
bazon said:
@ [email protected]:
Thank you very much, works in 4.4.2 on a LG G2, too.
(And if you use Root-Explorer, you don't need adb and vi, the File-Editor of Root-Explorer is easier IMHO.)
Needed that to use a home dnsmasq Server to access an internal owncloud Server with a router without NAT-Loopback.
PS:
A reboot is needed to make that work.
Click to expand...
Click to collapse
Does it reliably work on 4.4.2? I'm surprised because I wrote an application which use the "ndc" command to override the DNS values.
I thought it was the only way...
P.S. My application is called "Override DNS for KitKat" and it's on the Play Store.
bazon said:
@ [email protected]:
Thank you very much, works in 4.4.2 on a LG G2, too.
(And if you use Root-Explorer, you don't need adb and vi, the File-Editor of Root-Explorer is easier IMHO.)
Needed that to use a home dnsmasq Server to access an internal owncloud Server with a router without NAT-Loopback.
PS:
A reboot is needed to make that work.
Click to expand...
Click to collapse
I am a terminal guy
Reboot is not required, just restart your wifi.
m.chinni said:
Does it reliably work on 4.4.2? I'm surprised because I wrote an application which use the "ndc" command to override the DNS values.
I thought it was the only way...
P.S. My application is called "Override DNS for KitKat" and it's on the Play Store.
Click to expand...
Click to collapse
Yes it does work on 4.4.2
Two additions:
1. IMPORTANT!
If you - as I proposed before - use Root Explorer to edit the 20-dns.conf file, Root Explorer will create a backup file called 20-dns.conf-bak. This file is parsed as well! So you have to delete that backup file if you don't want to have double definitions..
(I notices this, as my own DNSMASQ Server 192.168.2.222 was dns1 and dns2 as well...)
2. In order to avoid waiting for a timeout in another WLAN than my home WLAN, I wanted this custom DNS settings only to be applied in my own WLAN. So I wanted to include an if-condition that is only applied in my home-WLAN. As 20-dns.conf is some sort of bash file, I used the getprop function to find out how I could identify my own network. Unfortunately, there is no way to get the SSID, but something nearly as good: the Domain!
Type in a terminal on your android device:
Code:
$ getprop | grep domain
[dhcp.wlan0.domain]: [Speedport_W_921V_1_35_000]
(in my case.)
So I changed my /etc/dhcpcd/dhcpcd-hooks/20-dns.conf to only apply a custom DNS for that domain:
Code:
# Set net.<iface>.dnsN properties that contain the
# DNS server addresses given by the DHCP server.
if [[ $interface == p2p* ]]
then
intf=p2p
else
intf=$interface
fi
set_dns_props()
{
if [ "$new_domain_name" == "Speedport_W_921V_1_35_000" ]
then new_domain_name_servers="192.168.2.222 ${new_domain_name_servers}"
fi
case "${new_domain_name_servers}" in
"") return 0;;
esac
count=1
for i in 1 2 3 4; do
setprop dhcp.${intf}.dns${i} ""
done
count=1
for dnsaddr in ${new_domain_name_servers}; do
setprop dhcp.${intf}.dns${count} ${dnsaddr}
count=$(($count + 1))
done
separator=" "
if [ -z "$new_domain_name" ]; then
separator=""
else
if [ -z "$new_domain_search" ]; then
separator=""
fi
fi
setprop dhcp.${interface}.domain "${new_domain_name}$separator${new_domain_search}"
}
unset_dns_props()
{
for i in 1 2 3 4; do
setprop dhcp.${intf}.dns${i} ""
done
setprop dhcp.${interface}.domain ""
}
case "${reason}" in
BOUND|INFORM|REBIND|REBOOT|RENEW|TIMEOUT) set_dns_props;;
EXPIRE|FAIL|IPV4LL|RELEASE|STOP) unset_dns_props;;
esac
(you see the if-condition with the domain added...)
You can watch the settings with
Code:
$ getprop | grep dns
The settings are applied after a connection change, as [email protected] stated right.
PS: I don't use a Galaxy Note, but a LG G2, and not Android 4.3, but 4.4.
This seems to work in general, maybe the thread is better located in a general section than in a device-specific section?
Change DNS on kk 4.4.2 on 3G or 4G
Hello guys
i have been searching for a way to change my dns on kk 4.4.2 while on mobile date network but no luck is that anyone can help me to do that plz.
Thanks
Any methods that work for lollipop?
The script worked for my Samsung GS2 but my Moto XT1644 doesn't have a system/etc/dhcpcd directory. Is it OK to create the directory tree and copy a downloaded 20-dns.conf script into it? If so, would I need to set permissions for the modified script?
Hi, i have a SM-T211 (Tab3 7.0 3G) and I cant set any working firewall for 2G/3G. All these firewalls (Avast, Droidwall, Android Firewall) work perfectly with WLAN/Wifi but dont react on 3G/2G. All Rules in Iptables (and Ip6tables) are inserted correctly, but they seem not to work....
Has anyone a working firewall set (for 3G) with this Tablet? Could anyone with this tablet test if he has the same behaviour? Many thanks!
Interesting. I had been using Droidwall and was under the impression it was working. But I just unchecked Dolphin, and it turns out it isn't working.
I am also interested in this one. I would love to block Google Services Framework from detecting my internet connection.
I haven't tested on wi-fi.
thref23 said:
Interesting. I had been using Droidwall and was under the impression it was working. But I just unchecked Dolphin, and it turns out it isn't working.
I am also interested in this one. I would love to block Google Services Framework from detecting my internet connection.
I haven't tested on wi-fi.
Click to expand...
Click to collapse
I found out, that the interface-name of the common scripts does not match. So these Apps insert lines in "iptables" and "ip6tables", but they insert Lines with targets depending on interface-name. Seems our Interface-name (for 3G) is different, so no matching rule for 3G found. Same with Wifi works correctly.
So we have to find out Interface-name for 3g for iptables, after that our firewalls would be working...
OK found it, the interface-name is "ccinet0". This interface isnt used in scripts from Android Firewall or Avast or others.
Two Options so far:
1. You have to modify their scripts and add (u should find the right position for inserting) the following lines (xxx stands for your name of firewall):
iptables -A xxxwall -o ccinet+ -j xxxwall-3g
ip6tables -A xxxwall -o ccinet+ -j xxxwall-3g
2. You use an Script like the following (at the moment manually, may be automatic by a script-system):
#!/system/bin/sh
# Avast Rules extended
iptables -N cvtwall
iptables -D OUTPUT -j cvtwall
iptables -A OUTPUT -j cvtwall
iptables -N avastwall-3g
ip6tables -N cvtwall
ip6tables -D OUTPUT -j cvtwall
ip6tables -A OUTPUT -j cvtwall
ip6tables -N avastwall-3g
iptables -A cvtwall -o ccinet+ -j avastwall-3g
ip6tables -A cvtwall -o ccinet+ -j avastwall-3g
You will have to modify the names in Bold to your specific Firewall-Names...
You can also use it as init.d script, if u have a kernel with init.d Support...
Hello my friends!
*** You should have ROOT access ***
*** This steps is not contains details so is not for newbies ***
1- Install AFWall (https://github.com/ukanth/afwall)
2- Install dnscrypt-proxy for Android (https://github.com/adit/dnscrypt-proxy)
3- Install NTP & GPS Clock [ROOT] (https://play.google.com/store/apps/details?id=jp.xrea.poca.clocksync&hl=en&gl=US)
4- Run AfWall and:
write thiscustom script:
HTML:
iptables -t nat -A OUTPUT -p tcp ! -d 8.8.8.8 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p udp ! -d 8.8.8.8 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p tcp ! -d 8.8.8.8 --dport 853 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p udp ! -d 8.8.8.8 --dport 853 -j DNAT --to-destination 127.0.0.1:5354
and this shutdown script
HTML:
iptables -t nat -D OUTPUT -p tcp ! -d 8.8.8.8 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -D OUTPUT -p udp ! -d 8.8.8.8 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -D OUTPUT -p tcp ! -d 8.8.8.8 --dport 853 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -D OUTPUT -p udp ! -d 8.8.8.8 --dport 853 -j DNAT --to-destination 127.0.0.1:5354
5- Run AFWall and make sure all apps has access to Internet and start Firewall.
6- Turn Off Automatic Date&Time from settings.
7- Run "NTP & GPS Clock" app Sync device Date&Time. (try ntp-server: 132.163.97.5 or 132.163.96.5 or 129.6.15.32)
HTML:
#dcp stop
#dcp disable
#dcp start
8- Done! all DNS request redirect to dnscrypt-proxy (Magisk-Module)
Note: You can play around more with AfWall and dnscrypt to gain much more security.