Develop Bugs

Guide - ALL PORTS opened through carrier proxy 3G/HSDPA

Notice - This topic is for the very advanced computer users.
I will need help from WM6 developers and SUPER advanced users for a variant of this. Please go to the COMPLETE bottom to read what I need for help.
What is it for? : Gain full access to TCP ports while using carrier's WAP/GPRS/HTTP proxy. Access IMAP/POP3/Internet Radio/Streaming TV/Skype while still using your carrier's cheap/free GPRS APN.
(currently only works on tethered, but I am working on making it work directly from the phone, I need help from those in the know-how)
Summary: The PC is tethered to the phone for GPRS/3G internet. PuTTY client connects to a SSH server THROUGH the carrier's proxy and opens up a SSH tunnel with dynamic forwarding on port 1080.
What you need :
- PC with Windows or Linux
- PuTTY http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- A simple SSH server directly connected to the internet (could be a modified Linksys WRT54G/GS/GL router with OpenWRT, no need for a PC)
optional - ProxyCap or SocksCap (commercial, look on bittorrent). They force softwares that required DIRECT internet acess to work with this guide
Settings:
1- Your SSH server needs to listen to port 443
2- In Windows go to Control Panel / Internet Options / Connections / LAN Settings / Proxy Server /
-Check the box "Use a Proxy Server for your LAN"
-Click advanced under SOCKS: , write: localhost" with port: 1080
3- In PuTTY
-Session TAB
Hostname = IPaddressOfYourSSHServer
port = 443
-Connection / Proxy
Proxy Type = HTTP
Proxy hostname = YourCarrierProxyAddress
Port = 80 or 8080 (whatever your carrier tells you to put)
-Connection / SSH / Tunnels
At the bottom, select Dynamic & IPv4
Source port = 1080
Click ADD
You should see "4D1080" appear in the white box under "forwarded ports"
-Session
Type any name you want under Saved Sessions
Click "Save" so that anytime you reload Putty, you click ony your sessions and load to restore all the above settings.
Final Step
- Disconnect your PC from any internet access
- Connect your PC to your phone's GPRS/3G internet
- In Putty, load the session and click on OPEN (This should open up a black window with no text)
- Wait a few seconds, you should see a new window asking you if you accept a new KEY for the new host you are connecting to. Click YES
NOTE: this will only happen the first time you connect to the SSH server through GPRS. It will never appear again
- You'll be asked to enter your username and password (those are the ones from your SSH server). You'll then gain SSH terminal access to your SSH server.
- type and enter "top" in your SSH terminal
WHY? : Your carrier's PROXY closes any IDLE connections. "top" makes the SSH server send you the server status every few seconds, keeping the connection active.
- Open internet explorer and see if you can load web pages.
- Congrats, you got non-carrier-proxied non-carrier-cached internet access.
TROUBLESHOOTING
Problem: PuTTY times out when I open my session
Diagnostic: PuTTY cant connect to your SSH server, this could be due to :
- Check if you got the right SSH server IP address
- SSH Server does not listen to TCP port 443
- SSH Server is behind a firewall that blocks port 443
- Your ISP may block port 443 (mine blocks port 80)
- Your wireless carrier may not allow SSL connections, test by loading a HTTPS web page while using their HTTP proxy (find a web page such as ebay, paypal, or whatever that requires an encrypted login, see if HTTPS is in the address bar). You're screwed if its blocked
- Your wireless carrier's proxy might not be on port 80/8080, please check
- Double check your Putty settings for your session.
Problem: PuTTY says "connection not allowed" "permission denied" or something
Diagnostic - Your wireless carrier probably does not allow SSL on 443, or scans your packets to see if it is TRUELY SSL. You're screwed in that case.
Problem: When I type my username and password, I get denied
Diagnostic: you don't know your OWN SSH server's access information, moron
Problem: Im connected to my SSH server, but IE won't load pages
Diagnostic: Either you forgot to set the dynamic port forwarding (review step 3 in settings) or you didn't set the proxy settings in IE (review step 2)
Please make sure you got NO other proxies entered other than in the SOCKS section of IE
WHAT I NEED FOR HELP
As you can see, this is only for using GPRS/3G on a PC/Laptop
Im very close to getting this to work directly on the phone.
PocketPutty is a conversion of PuTTY for WM5/6
http://www.pocketputty.net/
There is no Proxy tab in PocketPutty, but go in the registry
HKEY_current_user/Software/SimonTatham/Putty/Sessions/YourSessionName
This is IDENTICAL to what you'll find on your windows PC if you create a session. Create the proper session on your PC and copy the registry entries onto your phone's registry.
I got it to connect to my SSH server the same way you do on a PC, however, I can't get Pocket IE or any other software to use localhost:1080 socks proxy.
I've tried the obvious "proxy settings" in the connections manager, but IE still tries to connect directly unless I specify a HTTP proxy. Putty cannot do HTTP proxy so I can't just open up a second dynamic port on 80.
I tried in the registry to manually enter data. I noticed that even if you got NO proxy settings, you still got two proxy entries in the registry
HTTP , which uses "new-inet" on 1118
null-corp, which uses "new-corp" on 1118
I've made some tests and come to the conclusion that IE will only listen to the HTTP proxy entry in the registry. However, it will not use it if the "type" is set to "0". Setting it to "4" (SOCKS) gives me an error that IE cannot use my GPRS connection.
Im at loss here since im not a programmer or anything. Im wondering if any programmer/developper/professionals knew anything on the matter. It's only a matter of dynamic forwarding. I know PocketPutty can do it.

I was wondering if this was possible myself... I run a linux server at home and when I am at school/work/etc. I like to use my server as a socks proxy (using the method you stated) in order to get around those pesky firewalls and content filters. I've found that in general I like to tunnel everything through my home ISP's connection. It just 'feels' more secure, albeit a lot slower due to roadrunner's poor upstream bandwidth.
Pocket IE apparently did leave out the SOCKS proxy feature, and I don't know if it's even possible to tunnel through SOCKS on a WinMo phone.
This ancient guide from 1999 says that SOCKS is not implemented on WinCE, but surely this is outdated and useless information, right?
So I ask: Does anyone out there know how to use a SOCKS proxy on a PocketPC?

I don't know how much this will help you, I'm not nearly as advanced, but I saw the word SOCKS and a bell rang. Under Settings > Connections > Connections, when you setup or edit the proxy server, the SOCKS option is at the bottom. I always manually put in the AT&T proxy settings when I need to so it sounded familiar. Hope that helps.

Hey alkizmo !
I think that your idea is not really good, because there is an easier solution, with OpenVPN. This vpn allows you to do HTTP encapsulation, like PuTTY ...
And OpenVPN server/client is faster to install.

TKz said:
Hey alkizmo !
I think that your idea is not really good, because there is an easier solution, with OpenVPN. This vpn allows you to do HTTP encapsulation, like PuTTY ...
And OpenVPN server/client is faster to install.
Click to expand...
Click to collapse
A VPN connection cannot be initiated through a proxy where all ports are blocked except 8080/80/443
VPN is not the solution to proxy bypass.
Then again, go ahead, try to prove me wrong and you'd have found a much simpler solution.
oh and this thread is outdated, I did finalize this project and have it working now.
http://forum.xda-developers.com/showthread.php?t=316890

alkizmo said:
A VPN connection cannot be initiated through a proxy where all ports are blocked except 8080/80/443
VPN is not the solution to proxy bypass.
Then again, go ahead, try to prove me wrong and you'd have found a much simpler solution.
oh and this thread is outdated, I did finalize this project and have it working now.
http://forum.xda-developers.com/showthread.php?t=316890
Click to expand...
Click to collapse
Ok, i know your solution work, but three things :
1. Mine too (sorry, I bypass proxy through vpn)
2. Mine is easier ... that's all !
3. http://ovpnppc.ziggurat29.com/ovpnppc-main.htm

Personaly, I think the problem inlies with the way Pocket PC use proxys. If there was a way to make the Phone use the same proxy for everything it would work. but from what I can tell, the phone choses the right proxy for the right thing. by looking at the proxy settings it has a for Http wap, etc.
Well, the other programs don't work with these proxies, as far as I can tell. The best wayt, IMHO, would be to make a program that routes all connections to one proxy, and maybe then the prxys would work correctly.

TKz said:
Ok, i know your solution work, but three things :
1. Mine too (sorry, I bypass proxy through vpn)
2. Mine is easier ... that's all !
3. (deleted link, no url posting privileges for new members)
Click to expand...
Click to collapse
excellent.
As of this writing, the link is still alive. And the latest release of openvpn ppc is 2.1 released December 10/2009. Or, about a month ago.
see:
the changelog

Server Running over Cellular on Rhodium?

Hello everyone,
I am looking into the idea of being able to run an SSH or VNC server on the Windows Mobile, specifically our Rhodium, platform over cellular (3G). I know for a fact Tmobile can assign a 'route-able' IP address to a phone here in the USA (this has been tested). I can ping this IP address from any computer on the internet (albeit with some substantial latency). Perhaps there is a way to use the Tmobile allowed "pinging your device" to tunnel SSH or VNC traffic.
I would like to figure out a way to reach an SSH or VNC server on my phone using this method. We would need to somehow "open" an inbound port to the phone (this would function like basic port forwarding).
All of this works perfectly over WiFi, of course, but the goal is to get this working over cellular 3G (in particular, Tmobile). I see this as a technical challenge we can overcome as a group.
Does anyone have any ideas on this?

Folks, someone must have some ideas on this!
Here's a few links I came across:
http://kar1107.blogspot.com/2006/03/running-servers-on-cell-phones.html
http://digg.com/software/Run_a_web_server_from_your_phone

it isnt possible they close all ports except if you use port 80 on your phone for the server then you can run vnc server mobile

Antonius123,
So you're saying I can run a vnc server on port 80 on Tmobile? I have tried to run a web server on port 80 with no success.
Which mobile VNC server allows you to set the listening port?

its a program that is in alpha mode.
you can get your ip adress from your mobile phone trough php it is sending the real ip and not the fake.
But you must be aware that ip changes every time you get tro a difrent tower (gsm tower).
create a php page on a webserver with this code
PHP:
<?php
echo $_SERVER['REMOTE_ADDR'];
?>

Thanks for your reply, but I have additional questions.
I am able to get my real IP address from the phone by using VxUtil. This application tells me my IP address. Remember, I am able to have Tmobile assign me a 'route-able' IP address.
What is this program you speak of, which is in "alpha mode"?
The PHP code you provided, as I understand it, will simply give me my IP address, which VxUtil is able to do.
Were you able to somehow successfully access your device using the cellular connection? Which VNC software did you use, or did you use a different protocol?
It's interesting to note that when I check connectivity to my phone by doing "telnet IP_ADDRESS_HERE 80" I do not get a failure, the screen does hang as expected (Telnet can be used to see if ports are open without having a Telnet service running on my phone).
Can anyone please provide input?

Desire share LAN internet access in office

Below is my experience. I hope this can help you.
WiFi LAN
phone<------------------> laptop <-------> Proxy<----->Internet
10.1.1.10 10.1.1.1 NATed
Prerequisite:
1. laptop or pc has wireless adapter that support configured as AP.
2. OS that support NAT (LAN as public network, wifi as private network).
My laptop is Windows XP SP3
3. A DHCP/DNS server. I use DualServer
Steps:
1. Configure wireless adapter as AP mode and give a static IP. (10.1.1.1, netmask is 255.255.255.0
2. Configure DualServer in laptop.
I just modified DualServer.ini with following line based on defalut installation.
[LISTEN-ON]
10.1.1.1 # only listen this interface, not affect office network
[DHCP-RANGE]
DHCP_Range=10.1.1.100-10.1.1.119
DNS_Server=10.1.1.1 # all phone's DNS query request will be forwarded to latptop
Router=10.1.1.1 # all phone's traffic will be routed to laptop
[xx:xx:xx:ea:a5:8d] # phone's wifi interface MAC Address, in order to given fixed IP.
IP_Addr=10.1.1.10
DNS_Server=10.1.1.1
Router=10.1.1.1
3. Configure NAT on XP laptop
In command window:
a). net stop remoteaccess
b). netsh routing ip nat install
c). netsh routing ip nat delete interface "Local Area Connection" full
d). netsh routing ip nat add interface "Wireless Network Connection 5" private
e). netsh routing ip nat add interface Internal private
f). net start remoteaccess
Please replace your interface name on step c) and d).
4. Start wireless AP on laptop. Make sure laptop can access internet.
Open wifi on phone, find laptop's AP and link to. Then phone will be allocated a IP (10.1.1.10).
You can configure some security protocol on phone and laptop.
5. In most case, Your office internet access is via proxy.
You should also install a proxy app called TransProxy in phone.
Then configure your proxy info to TransProxy.
6. Does not work?
Install Android SDK if not. run "abd shell"
ping 10.1.1.1, It should be OK, other You have wireless configuration error.
ping address1 is OK (address1 is IP address of your LAN interface),
Other Your NAT configuration contains error.
Now you can surf internet on phone now.
If your wireless adapter does not support AP mode.
Please refer to another thread, (forum.xda-developers.com/showpost.php?p=8686601&postcount=17)
It still can share laptop's internet.

How does DNS work?
I am trying to use transproxy but I have not idea how the DNS could work. My understanding is all the traffic will go through transproxy. But my phone doesn't know anything about it, right? The iptables redirects the traffic from port 80, 443, etc. to redsocks. If my phone's applications don't know the proxy, how can they use GET http instead of DNS query?

Possible to implement SOCKS5 proxy for tunneling SSH traffic?

I'm still not able to use my SSH tunnel connecting to my server at home to tunnel Http web traffic on the browser. First the proxy settings in wireless/network doesn't work even on WIFI, I don't think it is the correct type of proxy, and secondly it doesn't work on 3G.
Although my work uses a VPN(Cisco) and that works fine with VPN connections app. So I'm wondering if it's possible to have an app that makes proxy settings same way?
I really don't want to open up a VPN server at home, I like SSH with it's public/private key to be more secure, especially with a 8192bit key.

[Q] Internet Passthrough through a proxy server

I'm trying to use internet passthrough at work. The problem is that we have a proxy that requires NTLM authentication. So I tried setting up an intermediate proxy on my windows xp machine, then I setup DHD to use the intermidate proxy (using Proxy Settings from the market).
This only works with the browser as it has built in support for communicating with proxy servers. other application don't work.
I'm wondering if any of the following is possible:
1- setup proxy in dhd in a way that is invisible to most applications and don't have to rely of application support for using a proxy server.
2- use some program/setting on my computer that manages connections with the proxy server in a way that is invisible to HTC Sync and DHD

+1 for the same question.
I hope someone know the procedure and I hope even more it's possible.
It would be a shame that shuch device doesn't offer that feature.

hatemk said:
I'm trying to use internet passthrough at work. The problem is that we have a proxy that requires NTLM authentication. So I tried setting up an intermediate proxy on my windows xp machine, then I setup DHD to use the intermidate proxy (using Proxy Settings from the market).
This only works with the browser as it has built in support for communicating with proxy servers. other application don't work.
I'm wondering if any of the following is possible:
1- setup proxy in dhd in a way that is invisible to most applications and don't have to rely of application support for using a proxy server.
2- use some program/setting on my computer that manages connections with the proxy server in a way that is invisible to HTC Sync and DHD
Click to expand...
Click to collapse
+1 for that!!

I'm in the same boat, anyone have a solution to this yet?

+1
still no solution?

+1 too.
Kind of glad to see I'm not the only one looking for a solution

i tried with no luck with widecap to proxify the process htcnat.exe adb.exe and another 2 but it's a really overwhelming configuration, furthermore the service in windows is run by the SYSTEM user and it should be changed to the user running widecap to have it trying recognizing it.
unfortunately even with all configured i think in the correct way i was not able to use the proxy, widecap was still refusing to proxify internet pass trhough.
there is another product called freecap on which is based widecap but i still havn't tried it (and the next week i will be on holidays so i won't try it soon ^^' )

solved by installing TransProxy 3.0.8 beta on android
http://forum.xda-developers.com/showthread.php?t=766569

ProxyDroid
I used ProxyDroid (needs root). It also supports NTLM authentication.

hatemk said:
I'm trying to use internet passthrough at work. The problem is that we have a proxy that requires NTLM authentication. So I tried setting up an intermediate proxy on my windows xp machine, then I setup DHD to use the intermidate proxy (using Proxy Settings from the market).
This only works with the browser as it has built in support for communicating with proxy servers. other application don't work.
I'm wondering if any of the following is possible:
1- setup proxy in dhd in a way that is invisible to most applications and don't have to rely of application support for using a proxy server.
2- use some program/setting on my computer that manages connections with the proxy server in a way that is invisible to HTC Sync and DHD
Click to expand...
Click to collapse
Hey did you find a solution? I'm facing the same issue for a long time !!!