This is my first thread on the questions board.
In researching the localhost connecting back to port 7771 spamming logcat issue with 4G all EVO users who turn 4G on/off experience, I came across this file.
/data/wimax/wimax_properties
inside it stores sprintpcs username and password:
ls -l /data/wimax/wimax_properties
-r--r----- root root 262144 2010-09-24 09:52 wimax_properties
this will return your sprintpcs login name:
cat /data/wimax/wimax_properties | busybox grep @sprintpcs
the next line after that contains a clear text password. it starts with persist.wimax.0.PASSWORD.
I understand this file is not accessible w/o root. In theory, root exploits are always appearing and for the time being, ragc hasn't been patched so any program could use that to gain root (bypass superuser.apk) and read this file.
I also understand there is an RSA encryption key stored on the wimax partition itself, which I'm pretty sure is required to establish a connection.
Does the RSA encryption tie into this clear text password?
Anybody else notice this? Is there any reason to be concerned?
Any one know how to access internet (ie 'packet data' not wifi or usb) from a terminal in android?
I am also waiting for its answer.......
Short Version:
Got an OpenVPN server on my NAS. GN connects & works fine; remote resources are reachable. I now want to know how I can route all traffic through the tunnel. (Is this possible?)
Long Version:
For those times when I'm traveling (domestically and internationally) and/or using a questionable Internet connection, I'd like to secure the connection.
I've got a [stock] rooted GN running Jelly Bean with BusyBox installed. My NAS has two built-in VPN solutions one of which being OpenVPN so I got that setup which created an .ovpn file containing the following configuration:
Code:
dev tun
tls-client
remote YOUR_SERVER_IP 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
proto udp
script-security 2
ca ca.crt
comp-lzo
reneg-sec 0
auth-user-pass
After installing OpenVPN Installer & OpenVPN Settings, I had to manually symlink busybox, ifconfig, and route from /system/bin to /system/xbin in order for OpenVPN to run properly.
Code:
#Note: In an attempt to be thorough, and for any Googlers or forum searchers (+1)...
#First I had to mount /system as read/write via:
mount -o -rw,remount /system
#Then create the symlinks via:
ln -s /system/bin/busybox /system/xbin/busybox
ln -s /system/bin/ifconfig /system/xbin/ifconfig
ln -s /system/bin/route /system/xbin/route
#Then remount /system as read-only via:
mount -o ro,remount /system
Once all of the above was setup, I initiated the connection, successfully authenticated, and was able to reach remote resources without issue.
What I would like to do at this point is get it setup so that I can have a second profile that routes all traffic through the VPN. I assume its a client-side configuration change but I really don't know at this juncture.
Many thanks!
Doesn't CyanogenMod ROM have native OpenVPN support? I think the OpenVPN client on CM has an option to route all traffic through the VPN. I think for what you want to do you should need a custom ROM or kernel that supports iptables.
iptables is a system file that allows the system to redirect network traffic usually for apps like tethering, firewalls, and proxies.
Sent from my Galaxy Nexus using Tapatalk 2
Thanks for taking the time to reply KemikalElite.
I've got BusyBox 1.20.2 installed and I do have an iptables binary (v1.4.11.1). With solutions like Hotspot Shield VPN that don't require root yet supports encryption for all traffic, I figured root + OpenVPN + BusyBox + iptables would be sufficient.
My initial assumption was that I would need to make some changes to my OpenVPN configuration to encrypt & route all traffic through the tunnel. But maybe I've been thinking about this all wrong and its less about OpenVPN and more about running a custom script once connected to route everything through the tunnel; and vice versa when I disconnect to restore the original configuration.
Perhaps I should be scouring OpenVPN forums?
Phylum said:
Thanks for taking the time to reply KemikalElite.
I've got BusyBox 1.20.2 installed and I do have an iptables binary (v1.4.11.1). With solutions like Hotspot Shield VPN that don't require root yet supports encryption for all traffic, I figured root + OpenVPN + BusyBox + iptables would be sufficient.
My initial assumption was that I would need to make some changes to my OpenVPN configuration to encrypt & route all traffic through the tunnel. But maybe I've been thinking about this all wrong and its less about OpenVPN and more about running a custom script once connected to route everything through the tunnel; and vice versa when I disconnect to restore the original configuration.
Perhaps I should be scouring OpenVPN forums?
Click to expand...
Click to collapse
You have the tun module as well right?
code.google.com/p/android-openvpn-settings/issues/list
Check through some of those issues. Something did say that the DNS servers may need to be manually set.
OpenVPN is so complex because of the config options. I find it easier to use native PPTP connections since there's no config only authentication and it routes all traffic automatically.
Sent from my Galaxy Nexus using Tapatalk 2
You need to enter "redirect-gateway" into your ovpn config file.... Just remove the # in the your config
Thanks for the reply ZiCoN!
I should have mentioned this sooner - terribly sorry for omitting this.
Once I got the VPN connected, I did the old 'what is my ip' to verify the route. It was still using the provider's network, but I could reach my NAS and other remote devices in the 192.168.x.x range - so the VPN itself was working. After reading the mini explanation in the config file I enabled 'redirect-gateway' and after reconnecting I could no longer access the Internet. I checked the OpenVPN Manual I added 'def1' after the 'redirect-gateway' statement, reconnected but still no go: I can no longer access the Internet. Remote resources are still accessible in both scenarios.
KemikalElite said:
You have the tun module as well right?
code.google.com/p/android-openvpn-settings/issues/list
Check through some of those issues. Something did say that the DNS servers may need to be manually set.
OpenVPN is so complex because of the config options. I find it easier to use native PPTP connections since there's no config only authentication and it routes all traffic automatically.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
I somehow missed this when drafting my last reply. I think you're right about it being a DNS problem. I made a change to the config file (adding a few lines for 'dhcp-option DNS x.x.x.x') and within OpenVPN used the 'Fix DNS' button.
Thanks all for your time, thoughts, opinions and instructions!
Phylum said:
Thanks for the reply ZiCoN!
I should have mentioned this sooner - terribly sorry for omitting this.
Once I got the VPN connected, I did the old 'what is my ip' to verify the route. It was still using the provider's network, but I could reach my NAS and other remote devices in the 192.168.x.x range - so the VPN itself was working. After reading the mini explanation in the config file I enabled 'redirect-gateway' and after reconnecting I could no longer access the Internet. I checked the OpenVPN Manual I added 'def1' after the 'redirect-gateway' statement, reconnected but still no go: I can no longer access the Internet. Remote resources are still accessible in both scenarios.
Click to expand...
Click to collapse
You probably need to allow traffic to route back along the vpn film the internet. On your gateway, route vpn addresses to the VPN server and make sure forwarding is enabled on the vpn server.
Questions go in Q&A
Read forum rules and stickies before posting
Thread moved
FNM
Hi
I got a new AFTV as my existing one is non-rootable. I had blocked below sites on my router
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
firs-ta-g7g.amazon.com
With the above sites, I couldn't even sign-in to my Amazon account. Then I unblocked the firs* site and could sign-in. The good news is the FW is *_user_510055620 (Which is rootable)
Now, when I try to connect w/ AFTV Ultility v0.27 it says connection denied at IP-Address:5555
I was hoping to install the pre-rooted FW, but I am not even able to connect. What am I missing? Any pointers would be appreciated.
Legolas2 said:
Hi
I got a new AFTV as my existing one is non-rootable. I had blocked below sites on my router
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
firs-ta-g7g.amazon.com
With the above sites, I couldn't even sign-in to my Amazon account. Then I unblocked the firs* site and could sign-in. The good news is the FW is *_user_510055620 (Which is rootable)
Now, when I try to connect w/ AFTV Ultility v0.27 it says connection denied at IP-Address:5555
I was hoping to install the pre-rooted FW, but I am not even able to connect. What am I missing? Any pointers would be appreciated.
Click to expand...
Click to collapse
First of all you need to only block the following two addresses.
http://www.aftvnews.com/how-to-setup-a-new-fire-tv-without-blocking-root/
Method 1: Domain blocking with Router – Recommended Method
1. Before powering on the Fire TV, go into your router’s settings and block access to the following two domains:
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
If you do not know how to do this, you can refer to my guide or search the internet for instruction for your particular router.
NOTE: Do NOT block firs-ta-g7g.amazon.com as it is unnecessary for blocking updates and will cause problems during the initial setup if blocked.
Click to expand...
Click to collapse
You are lucky to still be able to root.
Also to work the AFTV Utility needs you to input the internal IP address your router has assigned to your FTV. Hit File/Settings and just input the IP address. Example: 192.168.1.123
You only need method one to block the updates before root. But make sure you always keep those two address blocked. Then make sure your read & understand this to root = http://www.aftvnews.com/how-to-root-the-amazon-fire-tv/
Once rooted you can use the AFTV Utility to disable OTA updates. And once you install a custom recovery aka CWM that will be the next level of protection for root.
Yes, I am inputting the IP address, So the exact address is 10.0.0.26. Will try another power-cycle/reboot and gave it another go...
same result...
Code:
C:\FTV>adb connect 10.0.0.26
unable to connect to 10.0.0.26:5555
C:\FTV>ping 10.0.0.26
Pinging 10.0.0.26 with 32 bytes of data:
Reply from 10.0.0.26: bytes=32 time=137ms TTL=64
Reply from 10.0.0.26: bytes=32 time=140ms TTL=64
Reply from 10.0.0.26: bytes=32 time=3ms TTL=64
Reply from 10.0.0.26: bytes=32 time=243ms TTL=64
Ping statistics for 10.0.0.26:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 243ms, Average = 130ms
Aarg!!, I missed enabling Debug on ATV!!. Once I had that enabled, I am able to root my ATV
Now to upgrade to the latest version.
Hi there,
Is there any way to change my MAC address in this phone Whether it temporarily or permanently?
I tried some apps that requires root access, it successfully changed it but I could not connect to any wifi? Any ideas?