Database Develop

[MOD] Enabling tethering without paying for apps

Blatantly ripped off from richhed's thread. I'm a cheap [email protected]$#^&* so I wanted to enable wifi hotspot without paying for apps. Here's how.
I'm writing these instructions for Win7 x64, and assuming that your USB drivers and busybox are working. YMMV. No, I won't help you fix your phone if you brick it, and won't be responsible if it doesn't work for you.
1. Download Superoneclick 1.6.5 for rooting your phone. Your phone needs to be rooted, if you haven't done this yet you need to do it now.
2. Download SQLite database browser on your PC and unzip to some folder. Remember where this is.
3. Plug phone into PC and turn airplane mode on.
4. Open a command prompt as administrator (right-click, open as administrator)
5. Navigate in the command prompt to where your Superoneclick is unzipped (for me, it's in a folder on my desktop)
6. Run 'adb shell'
** note** all commands from step 7 to step 12 are in the ADB shell
7. su (if you rooted in step 1, you may have to allow access, watch your phone as it may ask)
8. mv /data/data/com.android.providers.telephony/databases/telephony.db /data/data/com.android.providers.telephony/databases/telephony.old
9. chmod 777 /data/data/com.android.providers.telephony/databases
10. chmod 664 /data/data/com.android.providers.telephony/databases/telephony.old
11. exit
12. exit
13. in the same command window which your second 'exit' command dropped you to, type 'adb pull /data/data/com.android.providers.telephony/databases/telephony.old ./telephony.db'
14. Run SQLite database browser and open the telephony.db file that you downloaded to the Superoneclick folder in the last step.
15. Click 'browse data' and select table 'Carriers'
16. You should see a long list of APN settings for various carriers, the ones you are interested in are rows 4, 6, and 7. Highlight row 4, named 'AT&T US HSDPA'. Scroll ALL THE WAY TO THE RIGHT where the title of the last column says "preloaded." Double-click the field that says 'true', and in the resulting dialog box change the "true" to "false" and click "Apply Changes". Repeat this step for rows 6 and 7.
17. Edit the 'type' (3rd last) field of row 6. Right now the field says 'tether'. Double-click and change it so that it says 'default,agps,fota,supl,tether' and apply changes.
18. Change the 'apn' (6th) field in row 6 from 'broadband' to 'wap.cingular' and apply changes.
19. Click 'save' and exit the DB browser.
20. Back in the command window, type 'adb push ./telephony.db /data/data/com.android.providers.telephony/databases/telephony.new'
21. Run 'adb shell'
** note** all commands from step 22 to step 32 are in the ADB shell
22. su
23. cd /data/data/com.android.providers.telephony/databases
24. su radio
25. cp telephony.new telephony.db
26. chmod 660 telephony.db
27. rm telephony.new
28. exit
29. cd ..
30. chmod 771 databases
31. exit
32. exit
33. Disable airplane mode
34. Go to Settings>Wireless + Networks>Mobile Networks>Access Point Names. Select radio button for AT&T Tether.
35. Reboot phone.
36. Mobile Hotspot will still validate but will turn on when using this APN. You might have to switch APN's after a reboot, I've had to and at least one other user has had to.
If you ever want to revert, we saved the file as /data/data/com.android.providers.telephony/databases/telephony.old in step 10. Just 'su' and 'cp' that puppy overtop of the existing telephony.db, remembering of course to enable airplane mode.

Not trying to start anything, but theres already a pretty good thread on this bro.
Sent from my MB860 using Tapatalk

http://code.google.com/p/android-wifi-tether/downloads/list
2.07 works flawless

lsxrx7 said:
http://code.google.com/p/android-wifi-tether/downloads/list
2.07 works flawless
Click to expand...
Click to collapse
for me as well

lsxrx7 said:
http://code.google.com/p/android-wifi-tether/downloads/list
2.07 works flawless
Click to expand...
Click to collapse
is this without modifying the sql db's??

stop linking android-wifi-tether.
Infrastructure AP (what this and richhed's method and others enable) > Adhoc (what android-wifi-tether enables)
Google the differences. Ill give you a couple reasons to start
1) a lot of corporate laptops disable adhoc connections
2) Adhoc only allows WEP - crackable in 30 seconds, a huge security risk. Infrastructure allows WPA2...
so if you dont care about any of those, then yes, android-wifi-tether is fine... and much simpler.

andy2na said:
stop linking android-wifi-tether.
Infrastructure AP (what this and richhed's method and others enable) > Adhoc (what android-wifi-tether enables)
Google the differences. Ill give you a couple reasons to start
1) a lot of corporate laptops disable adhoc connections
2) Adhoc only allows WEP - crackable in 30 seconds, a huge security risk. Infrastructure allows WPA2...
so if you dont care about any of those, then yes, android-wifi-tether is fine... and much simpler.
Click to expand...
Click to collapse
sweet. thanks bro

andy2na said:
stop linking android-wifi-tether.
Infrastructure AP (what this and richhed's method and others enable) > Adhoc (what android-wifi-tether enables)
Google the differences. Ill give you a couple reasons to start
1) a lot of corporate laptops disable adhoc connections
2) Adhoc only allows WEP - crackable in 30 seconds, a huge security risk. Infrastructure allows WPA2...
so if you dont care about any of those, then yes, android-wifi-tether is fine... and much simpler.
Click to expand...
Click to collapse
Number 2 is kinda a mute point as if your using your phone to tether i doubt its going to be your primary connection. Also the fact that your not even going to see your phone after about a 100ft for tethering it would be pretty easy to narrow down someone hacking into your wep

LancerV said:
Number 2 is kinda a mute point as if your using your phone to tether i doubt its going to be your primary connection. Also the fact that your not even going to see your phone after about a 100ft for tethering it would be pretty easy to narrow down someone hacking into your wep
Click to expand...
Click to collapse
Number 2 is pretty important; it only takes about a minute to hack through WEP when the connection is in use.

Yea think you missed it completely
Sent from my MB860 using XDA Premium App

Thanks for this, I will try this out this weekend.

Bakano said:
is this without modifying the sql db's??
Click to expand...
Click to collapse
Yes. I flashed Motorola Atrix 4G U4_1.5.2 last night, restore my apps with mybackuppro this morning and this was the first thing I tried.
Just loaded it. Didnt have to do jack. Changed SSID, changed encryption. Not letting me change password, wanking the 13 character requirement when I enter a 16 character ASCII password is too short.
But the app worked beautifully. I have tried the other methods, modding db's. That didn't work until I added this below.
Tether without at&t tethering plan: (thanks to Fixter)
http://forum.xda-developers.com/show...&postcount=193

after doing this. mobile hotspot is still greyed out in settings. It says 'high speed coverage required'. granted i am on edge with no way to test 3g atm. I am wondering if this is normal and if there is a way to enable the hotspot over edge? (yes i know it would be impractically slow)

Finally got around to doing this and it worked great.
A few corrections to your steps.
Step 3. Plug phone into PC. (I know stupid explanation, but some people may forget.)
Step 15. Select Table 'Carriers'
Step 34. 34. Go to Settings>Wireless + Networks>Mobile Networks>Access Point Names. Select radio button for AT&T Tether.
Finally, I had a ton of APNs listed in my phone. Something like 80. The ATT ones were listed near the bottom. I am not sure if this is because who I purchased my phone from, Walmart, but maybe you should give some description of rows 4,5, and 6 so that people will not get confused. I figured it out fine, but you never know.
Finally, this works in webtop, but it appears that on every reboot of the phone you have to change the APN setting when you first use webtop. It doesnt seem to matter if you are already in tethering, you have toswitch away and then switch back. After you do this once everything works fine until the next reboot.
Thanks again.

andy2na said:
2) Adhoc only allows WEP - crackable in 30 seconds, a huge security risk. Infrastructure allows WPA2...
Click to expand...
Click to collapse
It isn't so much someone could access your wifi tether, but more that the data can be captured and easily decrypted. Anything you do over that connection may as well be broadcast for all to see. (Unless you're using https etc for everything)
I use the android-wifi-tether app on bluetooth only, unfortunately it also sucks battery more than the usb port on my mac can supply so the battery depletes in a few hours.
Thank you to the OP for providing a way to enable the built-in tethering.

krkeegan said:
A few corrections to your steps.
Click to expand...
Click to collapse
Thanks, OP fixed.

Thanks for the step by step

I am not sure if it made any difference to it working, but as I'm with Telstra (Australia) I added 'default,agps,fota,supl,tether' to the entry for "Telstra Internet" and it works perfectly.

Not sure if this has been beaten to death yet, but do we for sure know that AT&T cannot track this? How are connection speeds?
I've read a few posts expressing concerns about AT&T automatically switching people to the tether/4GB plan (I have the 2GB plan), and also slow (<1mbit) download speeds. Can someone shed some light on this?

i think they can tell when we swtich from "phone" to "wap.cingular," it showed a record of me switching between the two. I also looked up my data usage and got 2 reports of usage rather than just one. still my data plan has remained unchanged. this also happened when i would switch out my sim card b/w my windows 7 samsung focus and my dell streak, and att didn't do anything. i figure if they contact me about this i can just say i've been swapping my sim card between phones. don't think they can tell the difference there (may be wrong).

[GUIDE] Reverse Tethering Wildfire --> Internet Pass Through

My First Guide. Hope it Helps..
HOW TO REVERSE TETHER YOUR PHONE / INTERNET PASS THROUGH​
Reverse Tethering / Internet Pass through is the method in which you can make your android phone use the internet connection of your computer without a WIFI and by using a usb cable. It is helpful for those people who don’t have a WIFI at their place and for those who don’t have a good internet plan for their mobile.
BASIC REQUIREMENTS​
Rooted Phone With S-OFF
SuperUser [QR Code]
BusyBox [QR Code]
Terminal Emulator [QR Code]
Windows O.S. [I am using Win-7]
USB Cable for your phone
THE PROCESS​
Connect Your Android Phone to your PC. Make sure you are rooted and have terminal emulator installed. Turn on USB Tethering from
SETTINGS -> WIRELESS AND NETWOKRS -> TETHERING AND PORTABLE HOTSPOT -> USB TETHERING.
Screen
Next you will get a new connection in your PC. Open Networking and Sharing Center from
CONTROL PANEL -> NETWORK AND SHARING CENTER
You get a scene in a similar manner.
Screen
Now There will be one connection which will be your Main Net Connection and the Other one will be your Android Phone’s Created Connection for tethering. Click on your main net connection i.e. the one you use for Connecting to net Local Area Connection(in my case).
You will get the following screen.
Screen
Now click on Properties.After this click on sharing and tick on Allow other network users to connect through this computer’s internet connection and click ok for any dialog box shown and click ok to come back to the main networking screen.
Screen
Now click on the new connection made by the android phone Local Area Connection 2 (in my case)
You will get the following screen
Screen
Click on properties. Then go to Internet Protocol version 4(TCP/IPv4) and click on properties.
Screen
Now You need to enter 192.168.2.1 in IP address and enter 255.255.255.0 in Subnet mask and keep remaining things empty.
Screen
PART ON THE PHONE​
NOTE:- ALL CODES HAVE TO BE WRITTEN WITHOUT QUOTES
Open Android Terminal on the Phone and type "su". Provide it superuser permissions.
Screen
Now type “ifconfig usb0 192.168.2.2 netmask 255.255.255.0”
Screen
“busybox route delete default”
Screen
You may get an error here but it does not matter.
Now type “iptables –F –t nat”(* -F in caps is must)
Then type “busybox route add default gw 192.168.2.1”
Screen
“setprop net.dns1 8.8.8.8”
Next (setprop “net.gprs.http-proxy” “” ) [*Note :- here the code is written in bracket to avoid confusion.. The quotes(“”) are required.
Screen
CONGRATS.... YOU ARE DONE!!
RESULTS​
Works on Android Browser.(FOR ME)
Works on Opera & Opera Mini.
Works on XDA Premium App.
DOES NOT Work on Android Market.(Finding a Solution... if anyone gets it working please tell)
You may need to repeat this process each time you connect the phone to PC.
Works even without a SIM inserted.

Nice guide
To enable the market click settings under the sharing tab and add a new service called market with the port number 5228.

how use other app for internet

No resolution
currently m using a wildfire and cannot switch on USB tethering until mobile network is connected followed all the steps but no luck

I am also a wildfire user. I did so many searching for reverse usb tethering, what I searched for were similar to the script of this thread. I follow all the steps but also not success.
I did do some searching, I just GUESS the main problem is the router at my home. My computer access the modem via router, maybe the router cannot give my WF a IP so my WF cannot access the internet? I dunno.
I didn't try access the internet with my computer connecting directly via modem without router since my home wire connection is so so so so complicated, but I believe that it will success. Would somebody try it and share your experience?

I think you can write a batch file for this. Using netsh and adb it would be easily done just from PC

thanks for the guide worked for me.
Problem though is that after i turned off the tethering and disconnected my phone from the pc then reconnect it again just to check if it works the 2nd time, if found that usb tethering is having an error and does not turn on.
question is how to disable this or how i disconnect my phone from pc the right way? well after restarting, tethering is again ok and

I did it on linux!
The configuration on the PC is next:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
ifconfig usb0 192.168.2.1 netmask 255.255.255.0
iptables -A POSTROUTING -t nat -s 192.168.2.1/24 -o wlan0 -j MASQUERADE
On the phone same az you did, but I had to edit
Code:
setprop net.dns1 8.8.8.8
to match my DNS server i.e.
Code:
setprop net.dns1 87.120.131.2

worked !!!!!!!!!!!!!

After about two months of searching I finally found this guide which makes it work. Thanks a lot! Surfing everything is fine but downloads just don't start (market or browser) I'm using G2x by the way so I guess this should work for most people.
meknb said:
Nice guide
To enable the market click settings under the sharing tab and add a new service called market with the port number 5228.
Click to expand...
Click to collapse
I did this which enabled me to browse the market. It won't download anything. I even forwarded the port on my broadband modem and the downloads don't start. Just keep saying "Starting downloading..."

How to make a script for apps like script manager so we do not have to keep typing the configs everytime we restart our phone?

URLs instead of QR Codes, please.
rahuliyer95 said:
[*]SuperUser [QR Code]
[*]BusyBox [QR Code]
[*]Terminal Emulator [QR Code]
Click to expand...
Click to collapse
Anyone with URLs to the above, please? I don't have a QR code scanner

mnongkhlaw said:
Anyone with URLs to the above, please? I don't have a QR code scanner
Click to expand...
Click to collapse
https://market.android.com/details?...wsMSwxLDEsImNvbS5ub3NodWZvdS5hbmRyb2lkLnN1Il0.
https://market.android.com/details?...t=W251bGwsMSwxLDEsInN0ZXJpY3Nvbi5idXN5Ym94Il0.
https://market.android.com/details?...251bGwsMSwxLDEsImphY2twYWwuYW5kcm9pZHRlcm0iXQ..

Thank you!
rahulparekh said:
https://market.android.com/details?...wsMSwxLDEsImNvbS5ub3NodWZvdS5hbmRyb2lkLnN1Il0.
https://market.android.com/details?...t=W251bGwsMSwxLDEsInN0ZXJpY3Nvbi5idXN5Ym94Il0.
https://market.android.com/details?...251bGwsMSwxLDEsImphY2twYWwuYW5kcm9pZHRlcm0iXQ..
Click to expand...
Click to collapse
Thanks, does it work with Market, email etc? Have you used it with Samsung Galaxy S2?

mnongkhlaw said:
Thanks, does it work with Market, email etc? Have you used it with Samsung Galaxy S2?
Click to expand...
Click to collapse
This method actually stopped working for me after I reflashed CM7 on my phone. (TMobile G2X). It doesn't work with market but I think ASProxy makes it work.

rahulparekh said:
It doesn't work with market but I think ASProxy makes it work.
Click to expand...
Click to collapse
What is ASProxy ?

method worked good all apps working...
i can browse through market also but when select download option downloading and freezes.. what could be problem ??

mnongkhlaw said:
What is ASProxy ?
Click to expand...
Click to collapse
It's a proxy app which supposedly allows all Google apps to work on reverse tethering and such. Search the market for it.

rahulparekh said:
It's a proxy app which supposedly allows all Google apps to work on reverse tethering and such. Search the market for it.
Click to expand...
Click to collapse
Do you mind a tutorial on how to get ASProxy to work?

mudkipstar said:
Do you mind a tutorial on how to get ASProxy to work?
Click to expand...
Click to collapse
I haven't had a chance to use the app as reverse tethering stopped working for me before I got the app.

[GUIDE] PBX in a Flash (PIAF) on Amazon EC2 with Free GV calling + SILK codec

PIAF (PBX in a flash) + AWS (Amazon Web Service) EC2
If you are making free GV calls using data, then you probably know that setting up an asterisk server is the best but also quite complicated. Thankfully, it just got a little easier because the PIAF team made the PIAF image available on AWS EC2 (a cloud based virtual machine).
Advantages over other asterisk/pbxes methods:
1. very small audio lag. Amazon servers have less latency than any other servers.
2. Since Amazon hosts your server, you don't pay any electricity cost. FYI, a PC running 24/7 costs about $15-20 a month.
3. The PIAF image (AMI) is already optimized: 1000MHZ + pre-installed asterisk and others. If you have used PIAF before, the whole setup process will take less than 30 minutes to complete.
4. You can create a backup image at any time and restore it later.
Disadvantages:
1. EC2 is only free for the 1st year. See the terms carefully to understand what is truly free. Use http://mikekhristo.com/ec2-ondemand-vs-reserved-instance-savings-calculator/ to estimate the cost after the 1st year. After the 1st free year is up, you can port the image to another AWS account.
2. Added security risk. Since EC2 is not in your network, it needs to open 22 (SSH), 80 (WEB) ports for you to access the server to configure. To overcome this issue, restrict who can gain access by known IP addresses from AWS.
3. In addition to some linux knowledge (PIAF runs on CentOS), you also need to learn how AWS works. Personally, I consider this as a plus.
Instructions (estimated minutes to complete in parenthesis, if you have used PIAF before):
1. Launch PIAF image in AWS EC2. (10 minutes)
Detailed instruction: http://nerdvittles.com/?p=5060
updated: there are 2 versions of PIAF: purple uses asterisk 1.8 and green uses asterisk 11 (beta). I am using PIAF-Green which supports silk codec.
2. Configure PIAF using Web GUI. (10 minutes)
Once PIAF is up and running, from your web browser, enter the Elastic IP address (given by AWS) to access web GUI.
2.1. Settings>Asterisk SIP settings>NAT settings. Click "Auto Configure" It will fill out the IP addresses. If you reboot, localnet address may change. You may use "10.0.0.0/8" instead.
* Whenever you make a change in Web GUI, scroll down and click submit. Then "Apply Config" red button will appear at the top. Click it occasionally to reload newly submitted configurations.
2.2. Settings>Asterisk SIP settings>Audio codecs. Select the codecs and reorder. (SILK codec will not show up here.)
2.3. Applications>Extensions. Add new SIP extensions. User extension and the secret are the username and the password you will use in your sip client to register with PIAF. Select nat=yes.
2.4. Other>Google Voice. Fill out your GV information. Asterisk must be restarted to take it into effect. In Web GUI, Admin>Asterisk CLI, execute "core restart gracefully" Once restarted, you can start making outbound GV calls from a registered phone. (Alternatively, you can use "simonics GVGW" service and add it as a sip trunk.)
2.5. Connectivity>Inbound routes. Add your GV number as DID number. Scroll down and set destination as your extension you created in #2.3.
2.6. From Google Voice webpage, confirm that Google Voice forwards all the incoming calls to gchat.
2.7. Register your sip client (such as csipsimple) with your PIAF server. The server address is the "elastic IP" address assigned by AWS.
Test in/out calls before going to the next step.
3. (optional) Add G729 codec. (5 minutes) (See post #2 for adding silk codec, which I'm now using for both wifi/3g.)
G729 codec is one of the best codecs for mobile connection. SSH to your PIAF EC2. In linux CLI, execute
Code:
cd /usr/lib/asterisk/modules
wget http://asterisk.hosting.lv/bin/codec_g729-ast18-icc-glibc-x86_64-core2.so
amportal restart
To check whether you added G729 properly, execute in asterisk CLI
Code:
core show translation recalc 100
Look for G729 line and check they are not blanks.
Source: http://asterisk.hosting.lv/
4. (optional) Enable TCP transport to save phone battery. (5 minutes)
In my informal testing, TCP battery consumption is half of UDP's.
From Web GUI, asterisk SIP settings>Other SIP settings, add the following 2 lines.
Code:
tcpenable = yes
tcpbindaddr = 0.0.0.0
Go Applications>Extensions and change transport to "TCP."
Next, you need to open TCP port 5060 in both EC2 and linux. For EC2, modify the security group. For linux, SSH to your PIAF
Code:
nano /etc/sysconfig/iptables
add the following line and save (ctrl-o) and exit (ctrl-x).
Code:
iptables -A INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
restart iptables in linux CLI
Code:
service iptables restart
Use TCP transport in your sip client to connect to PIAF.
Tips/Tricks and Troubleshooting will be in the next posts.
If you couldn't understand the installation steps, check out a fellow's post. He provided several installation tips. http://forum.xda-developers.com/showpost.php?p=41412908&postcount=184

Tips/Tricks
Tips/Tricks
1. Use ring group to ring all the extensions, if you have multiple sip phones.
2. Add more GV numbers
My family have 3 GV numbers + 6 phones. I added all 3 gtalk trunks to PIAF. OTOH, pbxes doesn't allow you to add more than 1 gtalk trunk. Since all 6 phones are in the same PBX, I can call my wife's phone by her extension number (or her ring group) instead of her GV number. If you do this, you need to modify outbound routes such that certain extensions use specific GV trunk. Otherwise, all the phones will use the first GV trunk to make outgoing calls and display the same CID.
3. Call forward to external phones.
In the ring group, you can have PIAF call regular phone number such as your cell phone. Just list the phone number followed by #. One problem is gtalk trunk doesn't allow CID spoofing so the external phone will show your GV# as CID.
4. Delayed call forwarding
Create 2 ring groups and put the number for delay in the 2nd group. Set 1st ring group's destination if no answer as the 2nd group and specify the ring time. I do this for my office phone because it goes to voicemail in 20 seconds (before GV voicemail answers). Now my office phone starts ringing after 7 seconds so it will never answer before GV voicemail does. You can also use this strategy with your cell phone such that your cell number rings after you have a chance to answer internet calls.
5. Secure your PIAF
If you followed pbxinaflash.com guide, then you opened port 80 and 22 to the world. Hackers can brute force using username = root. You should limit who can access these ports by IP address. Additionally, you can disable root SSH login and create a sudoer.
http://www.howtogeek.com/howto/linux/security-tip-disable-root-ssh-login-on-linux/
http://wiki.centos.org/TipsAndTricks/BecomingRoot
6. Add SILK codec
If you are on PIAF-green (asterisk 11), then you can add SILK codec. This is the codec that Skype uses so you may get the same excellent quality as Skype. From linux CLI,
Code:
wget http://downloads.digium.com/pub/telephony/codec_silk/asterisk-11.0/x86-64/codec_silk-11.0_1.0.0-core2_64.tar.gz
tar -zxvf codec_silk-11.0_1.0.0-core2_64.tar.gz
cd codec_silk-11.0_1.0.0-core2_64
cp codec_silk.so /usr/lib/asterisk/modules/codec_silk.so
Restart asterisk and from asterisk CLI, core show codecs and confirm that 4 silk codecs (silk8, silk12, silk16, silk24) are added. If not, read http://forum.xda-developers.com/showpost.php?p=38398737&postcount=71.
To use SILK codec, From extension, set
disallow=all
allow=silk12
7. Eliminate echo
ryuker has posted a method to eliminate the echo.
http://forum.xda-developers.com/showpost.php?p=42740388&postcount=306
Troubleshooting
There are many many reasons why GV calling fails. This means you will probably not get any help, unless you provide more information such as asterisk log. If you want to troubleshoot by yourself, try these first.
1. csip / piaf registration: Try a different sip client or use UDP connection.
2. GV: See whether you can make GV calls using GrooveIP. GV calling may not work for new accounts until you initiate a call from gmail.
3. Restart asterisk. If you add a GV trunk, it must be restarted to take into effect.
2. piaf / GV link: Add simonics GVGW as a sip trunk. https://simonics.com/gvgw/

If you have been following my iLBC thread, then here's a comparison between the 2 methods (PIAF vs iLBC, hereafter).
1. PIAF supports more codecs such as G722 and G729.
2. Less latency issue because of less call routing. PIAF route: caller>GV>PIAF>phone. iLBC method involves caller>GV>callcentric>pbxes>phone.
3. You can add more than 1 GV trunk w/ PIAF. pbxes only allows 1. This is handy, if your family use several GV numbers.

Re: [DISCUSSION] Asterisk/FreePBX/PIAF
Good discussion, I was running it on my raspberry pi until I repurposed it for a media center. I may have to look at it again, please post your setup once you have things working....
Thanks
Sent from my Nexus 7 using Tapatalk HD

Re: [DISCUSSION] Asterisk/FreePBX/PIAF
acegolfer said:
Here's basically what I did so far.
1. Follow nerdvittle's guide (link in OP) to install IncrediblePBX on my home PC.
2. Enable TCP and changed TCP signaling port from default 5060.
3. In router, forward signaling port and RTP ports (10000-20000) to PBX.
4. Use csipsimple as Android sip client.
I understand it's too brief. Once I am completely satisfied with my setup, I'll write a detailed instruction.
If you have 0 clue about what these mean, then I'm afraid you should look for an alternative setup such as GrooveIP or http://forum.xda-developers.com/showthread.php?t=2057887
If you have been following my iLBC thread, then here's a comparison between the 2 methods (PIAF vs iLBC, hereafter).
1. PIAF gives you more codec options such as G722 and G729.
2. Less latency issue because of less call routing. If you are at home, it's caller>GV>PBX=phone. iLBC method involves caller>GV>callcentric>pbxes>phone.
3. Hangup issues when ending a call with csip/TCP/3g/SPI firewall combination. If I change one of these 4, I can end a call normally.
Click to expand...
Click to collapse
I had tried a setup and got through all the nerdvittles guides setting up piaf purple with travelinman 3. Everything worked great with csipsimple when I was on WiFi. As soon as I disconnected from wifi and got on the cell network I could not connect. I ensured my phone ip was in the iptables and all the proper ports were forwarded through the router. I used dyndns for both my router and phone to ensure that ip tables had the right ip addresses. Never figured out the problem. If anyone has any ideas for what the problem could be I'll give it another try.
Sent from my Nexus 4 using xda premium

whahn1983 said:
I had tried a setup and got through all the nerdvittles guides setting up piaf purple with travelinman 3. Everything worked great with csipsimple when I was on WiFi. As soon as I disconnected from wifi and got on the cell network I could not connect. I ensured my phone ip was in the iptables and all the proper ports were forwarded through the router. I used dyndns for both my router and phone to ensure that ip tables had the right ip addresses. Never figured out the problem. If anyone has any ideas for what the problem could be I'll give it another try.
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
I think using dyndns for your phone is pointless and can actually pose a great security risk. If you are on Tmobile 3g, your phone is behind NAT. This means the IP of your phone actually belongs to the Tmo's router and not unique to your phone.
So including that IP address in iptables is a huge security risk. All the Tmo phones sharing the same IP address with your phone will have full access to your PBX.
The biggest challenge that you are facing is the fact that both your PBX and your phone are behind 2 different NATs. I know it's crazy. My guess is NAT settings. In nerdvittle's guide, there's an instruction on how to give access to remote clients. In addition, here is another good guide: http://www.freepbx.org/support/documentation/howtos/howto-setup-a-remote-sip-extension

Here are the instructions on how to enable TCP and change TCP port from default 5060 to something other such as 5055.
1. Settings>Asterisk SIP settings>Other SIP settings
tcpenable = yes
tcpbindaddr = 0.0.0.0:5055
2. Applications>Extensions>your extension, transport = TCP only.
3. From your router, port forward 5055 to PBX machine.
4. From PBX linux command, adjust firewall settings
iptables -A INPUT -p tcp -m tcp –dport 5055 -j ACCEPT
(You can also do this from PIAF linux webmin.)
5. From sip clients, server/proxy = your IP:5055.

Re: [DISCUSSION] Asterisk/FreePBX/PIAF
acegolfer said:
I think using dyndns for your phone is pointless and can actually pose a great security risk. If you are on Tmobile 3g, your phone is behind NAT. This means the IP of your phone actually belongs to the Tmo's router and not unique to your phone.
So including that IP address in iptables is a huge security risk. All the Tmo phones sharing the same IP address with your phone will have full access to your PBX.
The biggest challenge that you need to solve is both your PBX and your phones are behind 2 different NATs. I know it's crazy.
Click to expand...
Click to collapse
Yea that sounds like a big problem. The sad thing is when I am on my piaf network the voice quality is pristine. It actually works great but most of my calling is done away from home. I ended up switching off of the tmo $30 plan and onto straight talk tmo until I figure out a better solution. I've tried everything out there from pbxes to groove, almost every available codec and app combo. Just too many complaints from callers about quality and 100 minutes is not enough lol.
Sent from my Nexus 4 using xda premium

You can eliminate almost all risks by using Travelin' man; which is basically an IP whitelist. You can read about it over at nerdvittles. That being said, I've been lucky, and I haven't had any attacks on my personal PIAF server. I have banned all of Asia, and Russia using IP tables, and I'm sure that's helped. All ports are closed behind my firewall except for 5060, and a few for RTP. It is also a good idea to run "update-programs" and then "update-fixes" via the CLI periodically. This will install crucial patches.

Another issue that I found.
Can't use G722 codec over TCP when registered remotely. G722 works if UDP or within LAN.
Not sure whether this is a csip specific issue because I don't know other free sip clients with G722 codec.

acegolfer said:
Another issue that I found.
Can't use G722 codec over TCP when registered remotely. G722 works if UDP or within LAN.
Not sure whether this is a csip specific issue because I don't know other free sip clients with G722 codec.
Click to expand...
Click to collapse
Post your issue on the CSipSimple Google Code page. The dev is normally very helpful. Also, I would look through the Asterisk log to see exactly what's going on. You can do this via FreePBX or you can go to to your server's CLI, and type "asterisk -rvvv" This will give you a debug CLI. Then try to place a call using G722, and view the results. If you post over at the PIAF forums, you will probably need a log, or you may be ignored.

Why not just use a TCP VPN (like Open VPN) to get back to your house, and then run this like you are on your LAN with UDP?

Re: [DISCUSSION] Asterisk/FreePBX/PIAF
bluespire said:
Why not just use a TCP VPN (like Open VPN) to get back to your house, and then run this like you are on your LAN with UDP?
Click to expand...
Click to collapse
That is an interesting approach. Provided there is no data lag it may work.
Sent from my Nexus 4 using xda premium

whahn1983 said:
That is an interesting approach. Provided there is no data lag it may work.
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
Yeah, I always kept wondering why no one mentioned it as a solution. I don't know if it will solve the battery problem, as that may still be problem with using UDP itself. I suppose changing the timeout on UDP to something really high would work, since the VPN will maintain the TCP connection. On the other hand, you could also run the VPN on UDP, and I would bet that it would be better at staying connected than trusting CSS to keep its connection.
What the VPN does do really well, is eliminate all issue of allowing the PBX to face the internet. Just force it to accept connection only on its VPN port, and require a key file. Done.

You should update the thread. TCP can be used on Asterisk 1.8, and PIAF on 1.8 is very stable.

osi13 said:
You should update the thread. TCP can be used on Asterisk 1.8, and PIAF on 1.8 is very stable.
Click to expand...
Click to collapse
I didn't say TCP cannot be used in 1.8 in OP. In fact, I have no doubt asterisk 1.8 supports TCP.
I was stating your guide wasn't written for TCP. Let me know if you have updated your guide with TCP.
If there's no hangup issues and G722 works with 1.8 when TCP/remote, then I'll ditch 11 in a heartbeat.

bluespire said:
Yeah, I always kept wondering why no one mentioned it as a solution. I don't know if it will solve the battery problem, as that may still be problem with using UDP itself. I suppose changing the timeout on UDP to something really high would work, since the VPN will maintain the TCP connection. On the other hand, you could also run the VPN on UDP, and I would bet that it would be better at staying connected than trusting CSS to keep its connection.
What the VPN does do really well, is eliminate all issue of allowing the PBX to face the internet. Just force it to accept connection only on its VPN port, and require a key file. Done.
Click to expand...
Click to collapse
I haven't had time to test this. But if my understanding of sip technology is correct, VPN will not solve UDP battery drain issue. For example, even if I use UDP within LAN, I have to set KA interval = 40 or qualifyfreq = 60. Otherwise, my phone will lose connection to the sip server until the next registration (which is less frequent than KA intervals).

Re: [DISCUSSION] Asterisk/FreePBX/PIAF
I was using my rpi for awhile on my home net. I switched to an amazon ec2 micro instance. much better speeds, reliability, and quality.

errorcod3 said:
I was using my rpi for awhile on my home net. I switched to an amazon ec2 micro instance. much better speeds, reliability, and quality.
Click to expand...
Click to collapse
1. Is AWS EC2 behind NAT?
2. Anyone has an updated guide for installing asterisk 1.8 or 11 on EC2.

errorcod3 said:
I was using my rpi for awhile on my home net. I switched to an amazon ec2 micro instance. much better speeds, reliability, and quality.
Click to expand...
Click to collapse
That is an awesome idea, but how much does it cost to keep it up 24/7?

VPN + Hotspot = AWESOME!

Ok so a while back I discovered that after you gain root access to the BIONIC (probably works with other too. idk...) you can make changes to iptables. For those who don't know what that is: It's a built in firewall that handles packets as they come in and leave your phone. This is pretty much the defacto standard for any Linux machine to date (please enlighten me if I'm wrong). Anyhow, after discovering this I came up with an idea to see if I could pipe my hotspot directly into my openvpn tunnel. Well, after a bit of web research on how iptables works I was able to get it up and running. HOWEVER I'm not an expert at this yet, and my config definitely has a flaw in the fact that I leave the phone completely vulnerable on the "rmnetX" interface, as I completely flush the old tables to add mine, leavign the firewall WIDE OPEN. I'll post a fix as soon as I can come up with one. In the mean time here's the steps to take to get your phone to be a hotspot access point to your openvpn network!
**PHONE MUST HAVE ROOT!!!!***
1) Follow along and setup an OpenVPN server http://openvpn.net/howto.html
2) Install "OpenVPN Installer" and "OpenVPN settings" from Google Play marketplace (both are free)
3) Run OpenVPN Installer and install OpenVPN client to your phone. The defaults should be fine.
4) Create a folder called "openvpn" ont he root of your INTERNAL sdcard. IE "/sdcard/openvpn
5) Copy your client keys that you made during your OpenVPN setup to your phone into the /sdcard/openvpn directory (client.crt, client.key, ca.crt, and ta.key)
6) Copy over the client.conf file as well. You will need to tweek this a bit to call your certs from the /sdcard/openvpn file as well as putting in the public IP to connect to. Keep in mind if you are doing this at home you will need to PAT/NAT this connection accross your firewall on udp port 1194.
7)Ok, at this point you just want to make sure your OpenVPN connection works. So open up OpenVPN settings and try and connect to your VPN, if you can connect and brows to shares inside your network over the 4g connection EXCELENT! MOVE ON! If not refer to the OpenVPN HOW TO!!!
8) After that's done you neet to get the Verizon HotSpot Tether working, There's a hack for it on the web. Google "BIONIC Hotspot SQLite Editor"... in the mean time I'll try and walk you through it.
a) get SQLite Editor from Google Play
b) open it and scroll down to "Settings Storage" (the one with the hammer icon), open "settings.db", then click settings. You should see a long list of database entries. Click the magnifying glass and under "Filter Value" type "check".
c) you should then see 4 results, one being "entitlement_check". Long press on the "1" next to "entitlement_check". Click "Edit Field" and change the "1" to a "0".
d) Reboot and try running the stock "Hotspot" app, it should work now!
9) Run the Hotspot app and confirm it works properly and can connect clients.
10) After you have a working Hotspot and a work OpenVPN you can then start the iptables magic!!!
**This is fairly safe, no need to worry about bricking just reboot if you screw up!***
11) Download and install "Android Terminal Emulator" and run it.
12) at the prompt type in "su" to gain super user access
13) you should now be at a root shell ("#") NOT $
14) at the prompt(#) type this: iptables -S <-This shows you the entire iptables rules, as you can see it's crazy complicated!
15) Run OpenVPN and Hotspot and confirm both are connected and runnign before issuing rule changes in iptables. So run both applications now.
16) Confirm VPN is connected and Hotspot is runnign by issuing the command "busybox ifconfig". If your VPN is up you will have a "tun0" interface and if the Hotspot is up there should be a "wlan1" interface.
17) If both are up then all you need to do in order to give hotspot clients access to your VPN resources is this:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A FORWARD -i tun0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan1 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i wlan1 -o tun0 -j ACCEPT
The first 10 commands flush your old iptables, and the last 3 commands masqarade your wlan1 interface to your tun0 interface, funneling your clients down the VPN. Keep in mind that you will have to allow this via your openvpn server.conf file. See HOWTO For OpenVPN.
Enjoy!!!

I am confused and would like to know why we want net on VPN if we have WiFi hack for a router
Could Could we link a com port on bochs emulated windows xp?
With the WiFi hack edit or tether for root user you can use this IP addr add like below to add router capabilities, or change wlan0 to your phone's 4g rmnet or tun0 to add router to any connection, can you tell us what we would use VPN for give an example
su
ip addr add 192.168.1.0/24 dev wlan0
http://www.filedropper.com/comgooglecodeandroidwifitether-1
I use this apk to wifi tether, same as wifi router, will probably need root to use it I am not sure, but you dont need to type: ip addr add 192168.1.0/24 dev wlan0, I do just because it helps make good connections for most wifi devices
This will make your WiFi capable of being used as a router, you still need root WiFi tether or the hotspot hack like you posted but this makes wlan0 a router

I mainly use this to share files that I have on my NAS at home with friends at work. First I create a hot spot, then I connect my VPN, then I masquerade the traffic. On the server side my openvpn configuration is set up so that it trusts a specific subnet coming from behind the openvpn host (IE my phone's hotspot subnet) This provides a nice and easy means of giving friends controlled access via your mobile hotspot without needing to generate RSA keys for each of your friends. Another thing I like to use it for is when I travel I just set it up in the corner and watch movies from home on my laptop over the VPN through the hotspot.
-Ed
DroidisLINUX said:
I am confused and would like to know why we want net on VPN if we have WiFi hack for a router
Could Could we link a com port on bochs emulated windows xp?
With the WiFi hack edit or tether for root user you can use this IP addr add like below to add router capabilities, or change wlan0 to your phone's 4g rmnet or tun0 to add router to any connection, can you tell us what we would use VPN for give an example
su
ip addr add 192.168.1.0/24 dev wlan0
http://www.filedropper.com/comgooglecodeandroidwifitether-1
I use this apk to wifi tether, same as wifi router, will probably need root to use it I am not sure, but you dont need to type: ip addr add 192168.1.0/24 dev wlan0, I do just because it helps make good connections for most wifi devices
This will make your WiFi capable of being used as a router, you still need root WiFi tether or the hotspot hack like you posted but this makes wlan0 a router
Click to expand...
Click to collapse

edw00rd said:
I mainly use this to share files that I have on my NAS at home with friends at work. First I create a hot spot, then I connect my VPN, then I masquerade the traffic. On the server side my openvpn configuration is set up so that it trusts a specific subnet coming from behind the openvpn host (IE my phone's hotspot subnet) This provides a nice and easy means of giving friends controlled access via your mobile hotspot without needing to generate RSA keys for each of your friends. Another thing I like to use it for is when I travel I just set it up in the corner and watch movies from home on my laptop over the VPN through the hotspot.
-Ed
Click to expand...
Click to collapse
Or you could get Qloud Media Server, and be able to assign access to different sets of folders in your home network using username/passwords. And it costs $3.00 or $0.00 if you have a getjar pass.

This is a really cool idea, thanks for sharing.
On a somewhat unrelated note, is the VirtualBox method still the preferred means of rooting a Bionic on 4.1.2 (98.72.22)? Trying to figure out how easily I can root a friend's phone but I can't really find any consolidated source of up-to-date information. =\

TweakerL said:
Or you could get Qloud Media Server, and be able to assign access to different sets of folders in your home network using username/passwords. And it costs $3.00 or $0.00 if you have a getjar pass.
Click to expand...
Click to collapse
I think you might be confusing folder access/authentication with network access/authentication. The VPN would give you access to your network remotely via 4g/3g and yes i suppose you could use the Qloud Media Server to provide access to folders. I'm not really sure what that is, never used it but it sounds like something that provides a service via 3rd party to get access to you remotely. The third party is avoided all together witht he VPN solution. You don't have to give any sort of ingress access to any third party app. You're phone will think it's part of your home network. Also someone asked about having network bridged when you have a wifi hack... it would be purely up to you weather or not you'd want your HTTP traffic to go through the VPN or not... that's different than what I'm providing here. This is strictly for using your phone as a WiFi hotspot router that forwards all of your traffic to your VPN connection (IE your house) so that connected wifi clients would be accessable via your home network and visa versa. You could also just make a VPN hotspot and generate RSA keys for each host connecting to the hotspot.... your choice. Mine works better in a way that I maintain constant view over every device including the phone that is acting as the VPN mifi hotspot.:silly:

how to undo this? i cant connect my hotspot.

Is MAC Filtering Supported?

I have a rooted Samsung Galaxy Exhibit II (SGH-T679) and I am attempting to do some MAC filtering, but opposite of what most people do.
I want to prevent my phone from accessing a specific router (I have the router BSSID). I downloaded "Android Terminal Emulator" and typed
Code:
su
and pressed enter. I enabled access to superuser. Then I typed
Code:
iptables -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP
(obviously substituting the mac address for the BSSID of the router). It just went to a new line (no message or anything). Then I typed
Code:
iptables -A FORWARD -m mac --mac-source 00:00:00:00:00:00 -j DROP
and pressed enter. Still the same thing (new line; no message). I opened another app to see if it would connect to the internet. I still had a internet connection. I want the connection to drop for that specific router.
What is going on? Does my phone even support MAC address filtering? Especially the way in which I'm trying to do it? I even tried downloading AFWall+, Android Firewall and DroidWall, and entered the iptables in them. Still won't block me off of the internet for that specific BSSID.
Is this even possible?
P.S. The reason why I am trying to do this is that I'm testing this on my own phone and router before I implement it for a friend. I have set up Tomato with Access Restrictions and OpenDNS on my friend's router, but his son has been using his neighbour's wifi in the middle of the night to get online. I have the BSSID of the neighbour's router (thanks to Tomato's Wireless Survey). Maybe someone has another idea of how I can prevent him from accessing the neighbour's router? (and no, we don't want to ask the neighbour to change the password, because the neighbour's son will likely just give the password to my friend's son again).

That command updates the firewall rules, which has nothing to do with whether the phone connects to a particular wifi connection.
Other than not trying to connect to begin with, I'm not sure there is a way to do that. But it may depend on the rom you have.
Sent from my SGH-T679 using xda app-developers app
---------- Post added at 03:32 PM ---------- Previous post was at 03:18 PM ----------
Found an app that does what you are looking for.
https://market.android.com/details?id=com.hogdex.WifiRuler
Haven't tried it myself, as I just don't connect automatically and don't manually connect very often outside of a few places.
Sent from my SGH-T679 using xda app-developers app

I figured things out. For one, after I added the iptable rule, I needed to REBOOT my phone for it to apply (which I wasn't doing). Secondly, I needed to use the LAN Mac Address (NOT the BSSID/Wireless MAC address) in order for the iptable rule to work.
Thirdly, I downloaded AFWall+. It allowed me to set it as administrator to prevent uninstallation. The only thing missing is that the developer needs to password protect removing the app as administrator.
Then I downloaded Android Terminal Emulator. In order to find the LAN MAC address for the connection that I am looking to block, I typed this into the emulator:
Code:
arp -n
Then I used the MAC address that was given in the terminal and put that into this rule here to be place in "custom scripts" in the firewall:
Code:
$IPTABLES -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP