Here is a compilation of different ways to change/set the DNS Server in Android Devices
In this thread, I'll be setting the DNS Servers to 8.8.88 & 8.8.4.4 (Google DNS).
You can use any DNS server of your wish.
FOR NON-ROOTED DEVICES:
Method 1: (by changing WiFi Settings)
Note: For some devices, this will work only if you can set a static IP.
1. Go Settings->WiFi
2. Long press the Network you're connected to, and tap 'Modify Network'.
3. Check 'Advanced'. (may not be required in some phones)
Switch the IP settings from DHCP to Static.
Add required DNS servers to the entries for DNS 1 and DNS 2.
4. Click 'Save'
(Don't worry about the editing the IP address as the Android device may fill in the IP address it has acquired through DHCP.)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Method 2: (Easiest Method using app)
You could just use any app like:
1. Engelsiz : DNS Changer
2. DNS Changer (NO ROOT)
3. DNS Changer (no root 3G/WiFi)
4. DNSet
5. DNS Changer
(or any other app in Play Store.)
(Some apps may require root access)
FOR ROOTED DEVICES:
Easiest way:
The best apps I would recommend to do this automatically are:
1. Override DNS (Root)
2. Set DNS
3. DNS + DNSCrypt Manager
4. DNS Forwarder
Method 3: (by editing DNS config)
1. Open the file 20-dns.conf from /etc/dhcpcd/dhcpcd-hooks/ using a Text Editor (I use ES File Explorer)
2. Add this line to the beggining & reboot device:
Code:
new_domain_name_servers="8.8.8.8 8.8.4.4 $new_domain_name_servers"
So, finally the script finally looks something like this:
Code:
##THIS CAN VARY slightly FOR DIFFERENT ROM BUILDS
# Set net.<iface>.dnsN properties that contain the
# DNS server addresses given by the DHCP server.
[B]new_domain_name_servers="[I]8.8.8.8[/I] [I]8.8.4.4[/I] $new_domain_name_servers"[/B]
if [[ $interface == p2p* ]]
then
intf=p2p
else
intf=$interface
fi
set_dns_props()
{
case "${new_domain_name_servers}" in
"") return 0;;
esac
count=1
for i in 1 2 3 4; do
setprop dhcp.${intf}.dns${i} ""
done
count=1
for dnsaddr in ${new_domain_name_servers}; do
setprop dhcp.${intf}.dns${count} ${dnsaddr}
count=$(($count + 1))
done
separator=" "
if [ -z "$new_domain_name" ]; then
separator=""
else
if [ -z "$new_domain_search" ]; then
separator=""
fi
fi
setprop dhcp.${interface}.domain "${new_domain_name}$separator${new_domain_search}"
}
unset_dns_props()
{
for i in 1 2 3 4; do
setprop dhcp.${intf}.dns${i} ""
done
setprop dhcp.${interface}.domain ""
}
case "${reason}" in
BOUND|INFORM|REBIND|REBOOT|RENEW|TIMEOUT) set_dns_props;;
EXPIRE|FAIL|IPV4LL|RELEASE|STOP) unset_dns_props;;
esac
This is a permanent change. (& sets only for WiFi)
Remove that added line to undo the changes.
(Source: http://forum.xda-developers.com/showpost.php?p=51650282&postcount=7 )
Method 4: (by changing DNS properties using Terminal Emulator)
Note: This may not work in Android 4.4 and above devices.
1. Open Terminal Emulator and type:
Code:
getprop | grep dns
2. Note down all the properties related to dns1, dns2.
These are the properties you need to set to change the DNS Server.
Use the following commands in Terminal Emulator to set them (using setprop):
Code:
su
setprop dhcp.wlan0.dns1 8.8.8.8
setprop dhcp.wlan0.dns2 8.8.4.4
setprop net.dns1 8.8.8.8
setprop net.dns2 8.8.4.4
Other optional properties for mobile networks (may vary with devices) (rmnet0 for 3G I guess)
Code:
setprop net.ppp0.dns1 8.8.8.8
setprop net.ppp0.dns2 8.8.4.4
setprop net.rmnet0.dns1 8.8.8.8
setprop net.rmnet0.dns2 8.8.4.4
setprop net.pdpbr1.dns1 8.8.8.8
setprop net.pdpbr1.dns2 8.8.4.4
Setting DNS for very older devices:
Code:
setprop ro.kernel.android.ndns 2
setprop dhcp.eth0.dns1 8.8.8.8
setprop dhcp.eth0.dns2 8.8.4.4
(You may similarly set dns3 & dns4, but that's not necessary)
These properties get reset to the original values upon reboot..
So, to keep these changes permanent, add the required commands to init.d
(Source: https://github.com/ukanth/afwall/wiki/DNS#changing-default-dns )
Method 5: (by using iptables command)
1. Open Terminal Emulator and type the following:
Code:
su
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53 || true
iptables -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53 || true
iptables -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
(you may also use this as AFWall+ Custom Script)
For more detailed info and better understanding, click here.
These properties get reset to the original values upon reboot..
So, to keep these changes permanent, add the required commands to init.d
Method 6: (by editing resolv.conf)
Note:
I think this method works only for old devices. Nothing wrong in trying
1. Open resolv.conf from /system/etc/ using a Text Editor (I use ES File Explorer)
(If there's no such file, create it and try.)
2. Modify the nameservers in the file to your desired DNS servers.
The file finally looks like this:
Code:
nameserver 8.8.8.8
nameserver 8.8.4.4
This change is permanent..
So, it's better to backup the original resolv.conf before editing.
(Source: https://butterflydroid.wordpress.com/2011/10/19/how-to-set-dns-server-on-android-phone/ )
Method 7: (by using ndc resolver command)
1. Open Terminal Emulator and type the following:
Code:
su
ndc resolver flushif [SIZE="1"][I]## to flush old DNS servers[/I][/SIZE]
ndc resolver flushdefaultif [SIZE="1"][I]## to flush resolver[/I][/SIZE]
ndc resolver setifdns <iface> <domains> <dns1> <dns2> ... [SIZE="1"][I]## Add the new servers[/I][/SIZE]
ndc resolver setdefaultif [SIZE="1"][I]## Set as the default device[/I][/SIZE]
This may vary for different Android Versions, so check this also..
These properties get reset to the original values upon reboot..
So, to keep these changes permanent, add the required commands to init.d
Method 8: (by using DNSCrypt command)
Install DNSCrpt on your Android Device with this instructions here.
Then check this answer here on Android Stack Exchange on how to set DNS using a script.
Hit the 'Thanks!' button if you found this helpful.
Leave a reply if you need any help
Do leave a reply if any of these methods worked on your device...
please tell me how to add init.d. I don't know.
rajarshi kundu said:
please tell me how to add init.d. I don't know.
Click to expand...
Click to collapse
This might help:
[GUIDE] How to use init.d scripts
Or try this app: Universal Init.d
method1
great list tks. re method 1, in my experience you have to give an ip address as otherwise you can't save the settings, which then turns out you have to give the device a static ip at your router.
Great list...
Now how about you tell us which versions of Android these work on?
Since Android 6.1.x you can only change the DNS for tethered devices and nothing else. Everything else is ignored, no matter what you set or which app you use.
Wartickler said:
Now how about you tell us which versions of Android these work on?
Since Android 6.1.x you can only change the DNS for tethered devices and nothing else. Everything else is ignored, no matter what you set or which app you use.
Click to expand...
Click to collapse
DNS + DNSCrypt Manager (root) worked for me in Android 7.1.1
Fast what is the fastest downloader for Android phone as cell phones and tablets also how do you use the DNS changer
S7 Nougat
seems after an upgrade to Nougat I cant view my DNS anymore is this true? Mine is nonrooted
i'm on Android 6.0.1 and the iptables method works!
setprop doesn't work.
Wartickler said:
Since Android 6.1.x you can only change the DNS for tethered devices and nothing else. Everything else is ignored, no matter what you set or which app you use.
Click to expand...
Click to collapse
Modifying the 20-dns.conf file worked for me on 7.0.
Help please,
Do u guys think dns changer app still needed if dns already change through build prop( kernel adiutor)? Or mod app like fly on mod?
Feels like its redundant
Is it possible to change dns host name permanently?
So it wont be changed to default after reboot..
@GokulNC
How to change the DNS ADDRESS with help of creating dumpy VPN service without help of any application .
With help of application -
U list out in non - root app list
Like
https://play.google.com/store/apps/details?id=com.burakgon.dnschanger
That app use dumpy vpn for dns change
But
why we app ??
Please try to discover the configuration of vpn..
Hi, I have a question.
Can you tell me if this changes will be applied also to DNS of Mobile Data?
Dns
I did change Dns regular interface for Android Tv but Dns leak test still shows Isp Dns. Why?
GokulNC said:
Here is a compilation of different ways to change/set the DNS Server in Android Devices
In this thread, I'll be setting the DNS Servers to 8.8.88 & 8.8.4.4 (Google DNS).
You can use any DNS server of your wish.
FOR NON-ROOTED DEVICES:
Method 1: (by changing WiFi Settings)
Note: For some devices, this will work only if you can set a static IP.
1. Go Settings->WiFi
2. Long press the Network you're connected to, and tap 'Modify Network'.
3. Check 'Advanced'. (may not be required in some phones)
Switch the IP settings from DHCP to Static.
Add required DNS servers to the entries for DNS 1 and DNS 2.
4. Click 'Save'
(Don't worry about the editing the IP address as the Android device may fill in the IP address it has acquired through DHCP.)
Method 2: (Easiest Method using app)
You could just use any app like:
1. Engelsiz : DNS Changer
2. DNS Changer (NO ROOT)
3. DNS Changer (no root 3G/WiFi)
4. DNSet
5. DNS Changer
(or any other app in Play Store.)
(Some apps may require root access)
FOR ROOTED DEVICES:
Easiest way:
The best apps I would recommend to do this automatically are:
1. Override DNS (Root)
2. Set DNS
3. DNS + DNSCrypt Manager
4. DNS Forwarder
Method 3: (by editing DNS config)
1. Open the file 20-dns.conf from /etc/dhcpcd/dhcpcd-hooks/ using a Text Editor (I use ES File Explorer)
2. Add this line to the beggining & reboot device:
Code:
new_domain_name_servers="8.8.8.8 8.8.4.4 $new_domain_name_servers"
So, finally the script finally looks something like this:
Code:
##THIS CAN VARY slightly FOR DIFFERENT ROM BUILDS
# Set net.<iface>.dnsN properties that contain the
# DNS server addresses given by the DHCP server.
[B]new_domain_name_servers="[I]8.8.8.8[/I] [I]8.8.4.4[/I] $new_domain_name_servers"[/B]
if [[ $interface == p2p* ]]
then
intf=p2p
else
intf=$interface
fi
set_dns_props()
{
case "${new_domain_name_servers}" in
"") return 0;;
esac
count=1
for i in 1 2 3 4; do
setprop dhcp.${intf}.dns${i} ""
done
count=1
for dnsaddr in ${new_domain_name_servers}; do
setprop dhcp.${intf}.dns${count} ${dnsaddr}
count=$(($count + 1))
done
separator=" "
if [ -z "$new_domain_name" ]; then
separator=""
else
if [ -z "$new_domain_search" ]; then
separator=""
fi
fi
setprop dhcp.${interface}.domain "${new_domain_name}$separator${new_domain_search}"
}
unset_dns_props()
{
for i in 1 2 3 4; do
setprop dhcp.${intf}.dns${i} ""
done
setprop dhcp.${interface}.domain ""
}
case "${reason}" in
BOUND|INFORM|REBIND|REBOOT|RENEW|TIMEOUT) set_dns_props;;
EXPIRE|FAIL|IPV4LL|RELEASE|STOP) unset_dns_props;;
esac
This is a permanent change. (& sets only for WiFi)
Remove that added line to undo the changes.
(Source: http://forum.xda-developers.com/showpost.php?p=51650282&postcount=7 )
Method 4: (by changing DNS properties using Terminal Emulator)
Note: This may not work in Android 4.4 and above devices.
1. Open Terminal Emulator and type:
Code:
getprop | grep dns
2. Note down all the properties related to dns1, dns2.
These are the properties you need to set to change the DNS Server.
Use the following commands in Terminal Emulator to set them (using setprop):
Code:
su
setprop dhcp.wlan0.dns1 8.8.8.8
setprop dhcp.wlan0.dns2 8.8.4.4
setprop net.dns1 8.8.8.8
setprop net.dns2 8.8.4.4
Other optional properties for mobile networks (may vary with devices) (rmnet0 for 3G I guess)
Code:
setprop net.ppp0.dns1 8.8.8.8
setprop net.ppp0.dns2 8.8.4.4
setprop net.rmnet0.dns1 8.8.8.8
setprop net.rmnet0.dns2 8.8.4.4
setprop net.pdpbr1.dns1 8.8.8.8
setprop net.pdpbr1.dns2 8.8.4.4
Setting DNS for very older devices:
Code:
setprop ro.kernel.android.ndns 2
setprop dhcp.eth0.dns1 8.8.8.8
setprop dhcp.eth0.dns2 8.8.4.4
(You may similarly set dns3 & dns4, but that's not necessary)
These properties get reset to the original values upon reboot..
So, to keep these changes permanent, add the required commands to init.d
(Source: https://github.com/ukanth/afwall/wiki/DNS#changing-default-dns )
Method 5: (by using iptables command)
1. Open Terminal Emulator and type the following:
Code:
su
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53 || true
iptables -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53 || true
iptables -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
(you may also use this as AFWall+ Custom Script)
For more detailed info and better understanding, click here.
These properties get reset to the original values upon reboot..
So, to keep these changes permanent, add the required commands to init.d
Method 6: (by editing resolv.conf)
Note:
I think this method works only for old devices. Nothing wrong in trying
1. Open resolv.conf from /system/etc/ using a Text Editor (I use ES File Explorer)
(If there's no such file, create it and try.)
2. Modify the nameservers in the file to your desired DNS servers.
The file finally looks like this:
Code:
nameserver 8.8.8.8
nameserver 8.8.4.4
This change is permanent..
So, it's better to backup the original resolv.conf before editing.
(Source: https://butterflydroid.wordpress.com/2011/10/19/how-to-set-dns-server-on-android-phone/ )
Method 7: (by using ndc resolver command)
1. Open Terminal Emulator and type the following:
Code:
su
ndc resolver flushif [SIZE="1"][I]## to flush old DNS servers[/I][/SIZE]
ndc resolver flushdefaultif [SIZE="1"][I]## to flush resolver[/I][/SIZE]
ndc resolver setifdns <iface> <domains> <dns1> <dns2> ... [SIZE="1"][I]## Add the new servers[/I][/SIZE]
ndc resolver setdefaultif [SIZE="1"][I]## Set as the default device[/I][/SIZE]
This may vary for different Android Versions, so check this also..
These properties get reset to the original values upon reboot..
So, to keep these changes permanent, add the required commands to init.d
Method 8: (by using DNSCrypt command)
Install DNSCrpt on your Android Device with this instructions here.
Then check this answer here on Android Stack Exchange on how to set DNS using a script.
Hit the 'Thanks!' button if you found this helpful.
Leave a reply if you need any help
Do leave a reply if any of these methods worked on your device...
Click to expand...
Click to collapse
I am trying to use method #3 but I dont have dhcpcd folder ... What to do? My device is rooted and in es manager root explore is checked...
Nice guide, if you have a Raspberry Pi install Pi-Hole on it, then set your home ip as DNS server on your phone/tablet and you'll have have adblocker on your phone/tablet.:good::good:
syamsoul said:
i'm on Android 6.0.1 and the iptables method works!
Click to expand...
Click to collapse
This thread has no other occurrence of "iptables" - would you mind including a reference.
I'm wasting far too much time reading solutions that don't work on CM13 - Android 6.0.1.
drummond said:
This thread has no other occurrence of "iptables" - would you mind including a reference.
I'm wasting far too much time reading solutions that don't work on CM13 - Android 6.0.1.
Click to expand...
Click to collapse
OP - Rooted Devices - Method 5 - it's right there, page 1.
There's an app too.
How much time can that waste?
(If it takes too long to go back one page, the OP is quoted just above your post)
Related
I have been trying to get the get-a-robot-vpnc (http://code.google.com/p/get-a-robot-vpnc/) package to work on my HTC Vogue for some time. I am currently running the eclair 2.1 mssmision build.
I have gotten pretty far I think.. but need some help. Here are the steps that I have followed up until now.
1. Compile tun.ko module for Vogue
I followed these instructions to get the vogue kernel locally: http://www.androidonhtc.com/get_involved
After step 5 in that list, make sure to select the "Device Drivers->Network Device Support->Universal TUN/TAP device driver support" (select as M for kernel module)
After step 6, build the kernel modules: "make modules ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabi-"
2. Put tun.ko onto the vogue permanently
Set the /system partition writable
Code:
adb -d shell
#su
#mount -o remount,rw /system
In a different terminal, push the tun.ko over to the /system/lib/modules dir
Code:
adb -d push ~/android-kernel/kernel/drivers/net/tun.ko /system/lib/modules
Back in the first terminal, set the system volume to read only again.
Code:
#mount -o remount,ro /system
3. Install the latest get-a-robot-vpnc package
Download from website and push to device:
Code:
adb -d install VPN_Connections_v097.apk
It is installed to /data/data/org.codeandroid.vpnc_frontend directory.
I put in the correct settings to connect to my companies vpn. (These same settings work perfectly on my ubuntu machine)
When I run the program I see on logcat:
Code:
D/VPN_Connections( 658): Password is numeric
D/VPN_Connections( 658): password **********
D/VPN_Connections( 658): done interacting with vpnc
D/VPN_Connections( 658): process stderr:
D/VPN_Connections( 658):
D/VPN_Connections( 658): Attempt to read vpnc process id did not return anything
D/VPN_Connections( 658): process had died, return as failed connection
But when i shell into the phone I see the process running:
Code:
/ # ps | grep vpnc
658 10049 107m S org.codeandroid.vpnc_frontend
710 0 1300 S /data/data/org.codeandroid.vpnc_frontend/files/vpnc -
At this point the network is hosed and in order to get it back I have to reboot.
Trying it manually
In order to see what is happening with vpnc, I shell into the phone and run the program manually.
First I need to ensure the tun.ko is loaded:
Code:
#su
#insmod /system/lib/modules/tun.ko
You can see the command string for vpnc in the /data/data/org.codeandroid.vpnc_frontend/files/lastConnection.txt file.
I run this command:
Code:
/data/data/org.codeandroid.vpnc_frontend/files/vpnc --script /data/data/org.codeandroid.vpnc_frontend/files/vpnc-script --no-detach --debug 1
Enter the correct vpn data and see this output: (i cut out my company specific info and ip addresses)
Code:
vpnc version ERSION
IKE SA selected psk+xauth-3des-md5
NAT status: NAT-T VID seen, no NAT device detected
IKE SA selected psk+xauth-3des-md5
NAT status: NAT-T VID seen, no NAT device detected
Enter Username and Password.
Banner: Welcome <cut> Remote Access User.
got address <xxx.xxx.xxx.xxx>
Connect Banner:
| Welcome <cut> Remote Access User.
backing up dns and resolve.conf
vpnc-script ran to completion
IPSEC SA selected aes128-sha1
VPNC started in foreground...
vpnc[582]: can't open pidfile /var/run/vpnc/pid for writing
At this point I seem to be connected.. but can't actually ping anything on my company network, or get to any websites.
I am not very strong with networking.. so I feel that maybe the routes are not being setup properly.. but I don't know:
Here is my routing table after the connection (took out company ip)
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
68.28.145.85 * 255.255.255.255 UH 0 0 0 ppp0
xxx.xxx.xxx.xx 68.28.145.85 255.255.255.255 UGH 0 0 0 ppp0
default * 0.0.0.0 U 0 0 0 tun0
Any help would be appreciated.
Hey - I posted a response in the vpnc thread:
http://forum.xda-developers.com/showpost.php?p=5625056&postcount=109
Also, to amend - if you try it manually again, try this:
/data/data/org.codeandroid.vpnc_frontend/files/vpnc --script /data/data/org.codeandroid.vpnc_frontend/files/vpnc-script --no-detach --natt-mode cisco-udp --debug 1
I have found that you can enable www access through a proxy server by inserting new iptables rules in Android. I have used it successfully to browse internet throughput the wifi at my office, it should be the same for school networks with proxy servers as well.
Requirements:
Root access
Kernel with iptable and netfilter support
Known working kernels:
Doomkernel v10
Have been tested on .368 firmware and Doomkernel v10, all iptable and netfilter modules are included in his kernel.
1. Open a terminal emulator or use a scripting app, I have been using ScriptManager.
2. Add iptables entry, root access is needed to manipulate the iptables.
Replace ip address and port in the --to parameter to match your own proxy server address
$ su
# iptables -t nat -A OUTPUT -p tcp -o wlan0 -d internal.ericsson.com -j ACCEPT
# iptables -t nat -A OUTPUT -p tcp -o wlan0 --dport 80 -j DNAT --to 153.140.40.150:3132
# iptables -t nat -L (to list newly added rule)
All apps will now connect to the proxy when accessing port 80
To remove iptables:
$ su
# iptables -t nat -F OUTPUT
You might see several error messages, they can be ignored
modprobe: module 'ip_tables' not found
getsocket for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378
Please let me know if you know how to improve the ruleset and if other kernels are working as well.
Updated ruleset:
Have added additional rule to configure iptales to bypass proxy for intranet web addresses, it would otherwise try to open up intranet web pages trough the proxy server.
The easy way
http://forum.xda-developers.com/showthread.php?t=766569
w1000i said:
The easy way
http://forum.xda-developers.com/showthread.php?t=766569
Click to expand...
Click to collapse
Thanks for the url, have you tried it? Might give it a try but is sounds like it is just a frontend to manipulating the iptables, I prefer to change it myselft, that gives full flexibility to do whatever I wish with the iptables
Did give DroidProxy a try from the android marked but it did not seem to work which is why I started to setup the proxy manually in iptables.
---------- Post added at 10:08 AM ---------- Previous post was at 09:43 AM ----------
w1000i said:
The easy way
http://forum.xda-developers.com/showthread.php?t=766569
Click to expand...
Click to collapse
Found out that, the transporxy project has been discontinued and replaced with autoproxy which according to the forum members should work very well.
http://forum.xda-developers.com/showthread.php?t=1083284
It should work as long as multiports are not used as this is not included in Doomkernel v10. This only mean that you will have to add a seperate rule for each port you wish to forward ie. one for port 80 and one for port 443 instead of having both included in the same rule.
I want to setup OpenVPN on my device, but the installer is saying that it needs a TAP/TUN module. After doing some research it looks like it's tun.ko that I'm looking for, but I'm not that famaliar with the android devices (this is my first droid, had it for about a month now) and would like some help or recommendations
I'm actually running an Bell branded XT860.
tun/tap is built in D3 stock kernel, so you need no module tun.ko.
Which OpenVPN Installer did you try? The app from the market? It worked fine for me, only shortcoming is the openvpn binary seems to have a bug on D3, the built-in route and ifconfig commands do not work. But no big deal for me, since I use a start script anyway and add these commands to this script.
Can you elaborate how your using the startup scripts? I'm using OpenVPN on CM7 on another device and it works well. My D3 is getting shipped to me and I'd like to also get OpenVPN running on it.
Thanks
How detailled do you need it? I can show you what I did, but you need some Linux / OpenVPN skills to alter it for your needs. Unfortunately, I currently don't have the time to write a failsave HowTo. But if you have further questions, feel free to ask.
1. remount /system read-write
2. mkdir -p /system/scripts/openvpn and copy your OpenVPN configfiles there
3. Create script /system/scripts/ovpn.sh:
#! /system/bin/sh
openvpn --cd /system/scripts/openvpn --config openvpn.conf --daemon
sleep 1
ifconfig tun0 172.31.254.10 pointopoint 172.31.254.9
/system/sbin/route add -net 10.0.0.0/8 dev tun0
exit 0
4. Make a widget with app Script Manager
5. remount /system read-only
EDIT: What I missed to mention before: I had some MTU problemes. Configuring "mssfix 1200" solved it.
So let me get this right.
I have openvpn settings and the binary installed.
config files are in /sdcard/openvpn/
both the -> swissvpn.ovpn and ca.crt
openvpn binary is in /system/xbin/openvpn
I modified script in /system/scripts/openvpn to read
openvpn.conf to swissvpn.ovpn
--------------------------------------
#! /system/bin/sh
openvpn --cd /system/scripts/openvpn --config swissvpn.ovpn --daemon
sleep 1
ifconfig tun0 172.31.254.10 pointopoint 172.31.254.9
/system/sbin/route add -net 10.0.0.0/8 dev tun0
exit 0
-----------------------------------
saved to /system/scripts/ovpn.sh
Questions
1.) Do I need to point openvpn to the config files in /system/scripts/openvpn or /sdcard/openvpn for it to work?
2.)Will this finally fix the routing problem with the browser not tunneling properly?
3.)Do I need to issue "Load tun kernel module" in "openvpn settings" or is this already solved with the stock kernel?
Regarding your first question, yes you have to, and this isn't your only mistake. You cannot just adopt my ifconfig and route settings.
OK, how could we start? I fear you are using a server-pushed configuration and I further fear this will just not work with this "broken" openvpn binary.
Could you please post your swissvpn.ovpn?
And please do the following, on command line as root:
openvpn --cd /sdcard/openvpn --config swissvpn.ovpn
... and please post the output.
output
-----------------------------------------------
export PATH=/data/local/bin:$PATH
[email protected]_solana:/$ export PATH=/data/local/bin:$PATH
[email protected]_solana:/$ su
[email protected]_solana:/# openvpn --cd /sdcard/openvpn --config swissvpn.ovpn
Tue Oct 11 17:19:08 2011 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb 2 2010
Enter Auth Username:
------------------------------------------
also config file swissvpn.ovpn contents
------------------------------------------
dev tun
client
proto tcp-client
remote connect-openvpn.swissvpn.net 443
ca ca.crt
auth-user-pass
reneg-sec 86400
ns-cert-type server
-----------------------------------------
I messed up on my last post.
I meant the ovpn.sh script is in /system/scripts/
the 2 config files swissvpn.opvn and ca.crt are in /system/scripts/openvpn/
The openvpn binary is in /system/xbin/openvpn/ and was installed by 'OpenVPN Installer' from the Market. "OpenVPN Settings" is the app I'm using to configure all of this.
also if I execute your ovpn.sh in script manager as root it just outputs this
--------------------------------------------
http ://oi51.tinypic.com/2n21vdx. jpg
http ://oi52.tinypic.com/2vw8bbt. jpg
http ://oi54.tinypic.com/c7vck. jpg
http ://oi52.tinypic.com/15hh4au. jpg
--------------------------------------------
You are obviously prompted for a Username. What happens when you type your username (and then password, I guess).
RE:
Well what it says in a message
this is with your script in there
Take note that I had clicked SwissVPN.ovpn
The green checkbox had turn off and displayed this message.
http ://oi52.tinypic.com/2a7cwzl.jpg
OK, it seams my workaround doesn't work for you because your ifconfig and route parameters are pushed by the server. There is more investigation needed, either in a new build of the openvpn binary or another workaround. I'll have a closer look at it, but really cannot promise you a timeline.
I was having your same problem with "FATAL:Linux ifconfig failed:could not execute external program."
There is a fix in this thread http://forum.xda-developers.com/archive/index.php/t-1074492.html
cd /system/xbin
ln -s /system/xbin /system/xbin/bb
this will create a correct link for ifconfig and route commands
Click to expand...
Click to collapse
I've got OpenVPN to connect successfully, yet no traffic routes through VPN.
This thread discusses the issue
http://forum.xda-developers.com/archive/index.php/t-1235954.html
Someone said
I can configure tun0 and the routing table manually and successfully pass traffic through the tunnel.
Click to expand...
Click to collapse
I don't understand the configuration he posted
vpnc work well with cisco vpn
download vpnc from market. works well with cisco vpn.
Hi there people. I recently found an article about using a VPN set up along with routing tables to get tethering going using the phone in Hotsopt mode. Every thing is working well, but the one thing that I can't get going is to have the userinit.sh run at boot automatically.
The original poster said to put this text in the userinit.sh, and nothing else.
========================================================
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
========================================================
As I say I can execute this manually via root explorer, but can't get it to run automatically on boot. Thanks for any help with this.
Get ROM toolbox or something that runs scripts at boot
Thank you for your help. I will have a look at this app later and give it a go.
Hi there I have had chance to install Rom toolbox. I did the following, but still no luck:
main menu - scripter - add script (plus icon) - hit my userinit.sh and pressed to "set at boot icon". I rebooted the phone but the script did not work. I saw "access to interactive shell" from Rom toolbox popup, so something must have happened. Thanks for any more help.
I used to be able to tether over wi-fi by connecting to an OpenVPN server, then activating the phone as a wi-fi hotspot, then running a script to route data traffic over the VPN. For some reason, this is not working anymore.
This is the script that used to work:
Code:
su -
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -A FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
When this didn't work I tried this script:
Code:
su -
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
But this isn't working either. If I connect the VPN, turn on the hotspot, and then run the script, I can't get the 2nd device to connect to wi-fi. If I connect the VPN, run the script, then turn on the hotspot, I'm able to connect, but the 2nd device does not get routed over the VPN (which defeats the purpose).
Is anybody doing this successfully and, if so, how are you doing it?
OK,
After some experimenting, I got this to work. For the benefit of anybody else trying to do this, here are the instructions that worked:
1. Turn on wi-fi hotspot on phone and connect from tethered device
2. Connect to your VPN (I use OpenVPN)
3. Using teminal emulator or other terminal program navigate to the location of the tether_routing .sh script
3. type su <cr>
4. type sh tether_routing.sh
Make sure you follow these steps in exactly this order!
Check to make sure your tethered device is actually connecting through the VPN (http://whatismyipaddress.com)
I changed the tether_routing.sh script slightly. For some reason, it seems to work better when 'su' is typed before running the script and not put in the script.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
Thank you for this! I have been trying to find a solution for a long time. I have an s6 now, but I'll try this weekend to see if it will work for me.
woody1 said:
OK,
After some experimenting, I got this to work. For the benefit of anybody else trying to do this, here are the instructions that worked:
1. Turn on wi-fi hotspot on phone and connect from tethered device
2. Connect to your VPN (I use OpenVPN)
3. Using teminal emulator or other terminal program navigate to the location of the tether_routing .sh script
3. type su <cr>
4. type sh tether_routing.sh
Make sure you follow these steps in exactly this order!
Check to make sure your tethered device is actually connecting through the VPN (http://whatismyipaddress.com)
I changed the tether_routing.sh script slightly. For some reason, it seems to work better when 'su' is typed before running the script and not put in the script.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
Click to expand...
Click to collapse
Thanks, I still couldn't get it to work. It is most likely user error, as I'm a bit of a newbie creating (copying/pasting/saving) scripts.
dave812 said:
Thanks, I still couldn't get it to work. It is most likely user error, as I'm a bit of a newbie creating (copying/pasting/saving) scripts.
Click to expand...
Click to collapse
You might try typing the commands into a terminal window one by one instead of putting them in a script. If you can get that to work, you can experiment with getting them to work in a script.
I found that in order for the script to work you need to convert the text file to unix format without the carriage return after each line. If you are creating the script in certain text editors in Windows there will be a carriage return.
Use this dos2unix utility to remove the carriage returns in the script and then it will work.
http://sourceforge.net/projects/dos2unix
uniphase said:
I found that in order for the script to work you need to convert the text file to unix format without the carriage return after each line. If you are creating the script in certain text editors in Windows there will be a carriage return.
Use this dos2unix utility to remove the carriage returns in the script and then it will work.
http://sourceforge.net/projects/dos2unix
Click to expand...
Click to collapse
You are correct about this script and this applies to any plain text file that's created in a Windows environment, then used on a Linux/Unix based system. I use Notepad++ on Windows which has an option to display and change the end-of-line style in use for a given file.
woody1 said:
OK,
After some experimenting, I got this to work. For the benefit of anybody else trying to do this, here are the instructions that worked:
1. Turn on wi-fi hotspot on phone and connect from tethered device
2. Connect to your VPN (I use OpenVPN)
3. Using teminal emulator or other terminal program navigate to the location of the tether_routing .sh script
3. type su <cr>
4. type sh tether_routing.sh
Make sure you follow these steps in exactly this order!
Check to make sure your tethered device is actually connecting through the VPN (http://whatismyipaddress.com)
I changed the tether_routing.sh script slightly. For some reason, it seems to work better when 'su' is typed before running the script and not put in the script.
Code:
#!/system/bin/sh
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
Click to expand...
Click to collapse
in this line>>>>> ip rule add from 192.168.43.0/24 lookup 61 <<<<<the ip is universal???
---------- Post added at 09:18 PM ---------- Previous post was at 08:48 PM ----------
I tried it with psiphon 113. I use ipleak.net btw and from my phone which is the device that share the connection it works as it should. But from the tablet which I connect through the phone I have DNS leak. The phone takes ip,dns from the vpn and the tablet gets only the ip but dns from Greece. It is also weird thst it doesn't take dns from Vodafone but generally dns from Greece... any ideas??