Like many other people, my carrier filters all my GPRS through their HTTP Proxy.
- POP/SMTP email can't be polled
- Windows Live Messenger won't connect
- Streaming whatever is obviously impossible
- Whatever other network you want won't work
- All you can do is browse web pages and update RSS news

I wrote a very unpopular thread in the past about how to bypass your carrier's GPRS Proxy server
in order to access blocked ports for emails & other services. It was unpopular probably because
it only worked on a PC

http://forum.xda-developers.com/showthread.php?t=314757

Now I made it work ON your phone.


Basic Guide - This post
Tip to autoload everything once setup - Bottom of first post
Make a SSH server - Second Post
Setup your email settings - Third Post




~~~~~~STEP BY STEP GUIDE ~~~~~~~~~~

1 - Setup a SSH server to listen to port 443. Port 443 being opened to the internet OBVIOUSLy.

Linux users will have no issue with this.
However, Windows XP users need to install a SSH server, so please see my second post for how to do this.

2 - Download Pocketputty for your phone (http://www.pocketputty.net/files/PocketPuTTY_WM2k3_release_2007-02-28.zip)
3 - In your phone, go to: settings / system / About / Device ID (tab) | Write something unique, but in a single word, such as your username.
4 - Go in Settings / Connections / Connections / Advanced / Select Networks | Select "My Work Network" for both options.
It might not be named "My work Network" but it has to be the network which you can add a proxy server to the settings.

5 - Add your GPRS information for the "My Work Network".
6 - Go to "Edit my proxy server"
7 - Check the two boxes in proxy settings, then click on "Advanced"
HTTP : add your carrier's HTTP proxy address. Pocket IE cannot work any other way.
WAP : Useless (unless you NEED this working, add your carrier's proxy, or the same information SOCKS proxy under)
Secure WAP : useless
SOCKS : write your phone's "about" name from step 2, port is 1080

8 - Click Ok,Ok,Ok etc until you get back to "today"
9 - Load PocketPutty
TAB - Session
Hostname : your SSH server's external IP address
Port : 443

TAB - Tunnel
Source : 1080
Destination : (nothing)
Check circle "Dynamic"
Click Add (top right)

Go back to Tab - Session
Stored Session : proxy
Click Save
Click Cancel

10 - Use a registry editor & Edit the following Values (MAKE SURE IT IS DECIMAL VALUES)
HKEY_CURRENT_USER / SOFTWARE / SIMONTATHAM / PUTTY / SESSIONS / PROXY

LocalPortAcceptAll = 1
ProxyHost = (your cellphone carrier's HTTP proxy server)
ProxyPort = (Your cellphone carrier's HTTP Proxy server port, should be 80 or 8080)
ProxyMethod = 3
RemoteCommand = top

12 - Initiate a GPRS connection (Settings / Connections / Connections / Manage Existing Connections /
Select your GPRS connection, Tap & hold, click on connect)

13 - Load Putty
14 - Load settion "Proxy"
15 - Click Open & A black terminal window will appear
16 - go back to the "today" screen as soon as possible (it's the only way it will connect, while in the background,
I think it's a bug or something)
17 - Wait a few seconds, suddenly a window will appear asking you if you wish to save an encryption key. Click yes
(note : this will only happen on the first time you connect)
18 - Go back into Putty (DO NOT LOAD A NEW PUTTY WINDOW, use the task manager to bring back the ongoing session)
19 - It should ask your username then password, fill in the obvious information requirements.
20 - Once you are logged into your SSH server, type "top" and press enter, it will allow you to keep your connection alive.
21 - Go back to the "Today" screen and try loading Windows Live Messenger, for the first time, while using the proxy, it should connect!




~~~~~~TIP~~~~~
With Total Command, you can make a shortcut that will load putty and log you in AUTOMATICALLY
Find Putty.exe
Click on File, then >>>>>>>>>>>>> (A) >
Create Shortcut
Place it in \windows\start menu\programs\
Then browse to that folder with total command
find Putty.exe.ink
Tap/Hold and open properties
tab SHORTCUT
Assuming putty.exe is located in "\" write this in target:
\PUTTY.EXE" -load proxy -l yourusername -pw yourpassword
Then click on ok, tadaa, simply start up Putty fro that shortcut and go back to the today screen.
It will log you on automatically without your intervention.
You still need to initate a GPRS connection first though.

For running a SSH server in Windows

Part 1
1 - Download & Run http://www.cygwin.com/setup.exe
2 - Click - Install from the Internet / NEXT
3 - Root directory : c:\cygwin / NEXT
4 - Local Package Directory : c:\cygwin / NEXT
5 - Direct Connection / NEXT
6 - Select any download site / NEXT
7 - Click on "VIEW" on top right
8 - Click on the column title "Package" (to sort alphabetically) and find "Openssh: The OpenSSH server and client programs"
http://img232.imageshack.us/img232/2431/sshdpackagett8.gif
9 - Click on Skip on the far left column, on that row.
http://img59.imageshack.us/img59/4001/sshdpackage2xp2.gif[/IMG}
10 - Repeat step 8 & 10 for packages tcp_wrappers, procps & zlib (might already be selected)
11 - Click NEXT & wait (about 40-50MB download)
12 - Click on Finish (check or uncheck Create Icon & Add Icon to your discretion)


Part 2
1 - Go to your Control panel, then go into System (This is in Windows XP, not cygwin)
2 - Click on "Advanced" tab, then click on Environment Variables at the bottom
3 - Under "System Variables" click on "New"
4 - Name = CYGWIN / Variable Value = ntsec tty CLICK OK
5 - Back into "Environment Variables", look for the variable "Path"
6 - Click on EDIT, then WRITE EXACTLY at the END of the line: ;C:\cygwin\bin
7 - Here is my complete value for example: %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\Sy stem32\Wbem;C:\cygwin\bin
8 - Click OK,OK,OK etc until you get out completely of the Control Panel and System


Part 3
1 - Go in your C:\cygwin\ folder
2 - Double-click: cygwin.bat | You'll see this window appear (with your computer name instead of alk)
[IMG]http://img182.imageshack.us/img182/273/terminalki1.gif
3 - type "ssh-host-config" then press enter
4 - "privilege separation", answer yes (not just "y")
5 - "create local user sshd", answer yes
6 - "install sshd as a service", answer yes
7 - When the script stops and asks you for "CYGWIN=" your answer is ntsec tty
8 - Type "chmod 0777 /etc/shhd_config" and enter
9 - In Windows, go to the file C:\cygwin\etc\sshd_config
10 - Open it with NOTEPAD
11 - Where it says "Port 22", replace it so it says "Port 443" and save the changes
12 - Back in the terminal, type "chmod 0644 /etc/sshd_config" and enter
13 - type "net start sshd"
14 - It should say the SSHD service has started
15 - Test out your server by connecting to your server with putty
httpp://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
16 - In putty, enter "127.0.0.1" as hostname and "443" as port, then click on "Open"
17 - It will ask you if you want to save the key, click "Yes"
18 - Enter your windows XP username, enter, then your XP password, enter.
19 - You should then see something like username@username:
20 - Success, you have a running SSH server for your phone to connect to.



Notice - Make sure that if your Windows machine is behind a router or firewall, that the port 443 is
forwarded to your computer. Otherwise, nobody on the internet would be able to connect to your
SSH server on port 443, including your phone.

POP/SMTP EMAIL SERVER ACCESS

Im going to write an example for using GMAIL. You can guess the rest for different services.

1 - Load your Proxy session, but dont connect yet.
2 - Go to the Tunnel tab

Local : 35553 (or any big unused port number)
Remote : pop.googlemail.com:993
Select "local"
Click add

Again

Local : 35554 (different from above)
Remote : smtp.googlemail.com:465
Click add

Go back to session and save the new settings

Now connect to your SSH server

Go to your Messaging
Add a new Email account

Email address : yourusername@gmail.com
UNCHECK : Try to get your email settings directly from the internet
Select Provider : Internet Email
Fill everything yourself until "Incoming Mail Server"

Incoming mail server : alkizmotytn:35553 (that's MY PHONE's name, type in YOURS!!!)
Account type : pop3

Enter your gmail username & password

Outgoing Mail Server : alkizmotytn:35554 (dont be an idiot)
Check box : Outgoing server requires authentification

Click "Advanced Settings"
Check box : Require SSL for incoming
Check Box : Require SSL for outgoing
Network Connections : Work

It should be able to download/send emails now, while using Putty.

ok, so I can connect but when it does it says

Fatal error....

in the terminal it says

Bash: Top: Command not found

BTW! Thanks for this, If this works your my hero. If not well. Your still my hero. lol

Ohhh I know exactly what's wrong.

Here's how to fix it :
1 - Run "setup.exe" that you downloaded from cygwin
2 - Repeat the same steps of installation (you'll notice, it's taking your previous settings already)
3 - Find "Procps" package, click on "skip" just like you did with OpenSSH, Zlib, etc.
4 - Click next, and it will install "procps" on top of your SSH server.
5 - Reconnect, TOP will now work.

Here's WHY this happened

"top" command is a command that is sent automatically. It is added in Step 10.
"top" is ALWAYS part of a Linux system, but aparently not for the SSH server for windows.
I didnt think to check this since I run a small linux server.
now it should work

GOOD NEWS THOUGH : YOU HAVE PASSED THE HARDEST PART! TOP WAS A TINY ISSUE!!! :D :D :D


edit - I edited the SSH Server setup to include "procps" in the package installation list. I hope people read this thread. This is a major improvement for those stuck behind a HTTP proxy.

~~~~~~ TO RUN A SSH SERVER WITHOUT A COMPUTER ~~~~~~~

If you dont like the idea of running a PC 24/7 at home, you can turn your wireless router into a SSH server.

Look at the hardware list here
http://wiki.openwrt.org/TableOfHardware

If your router's model number and revision has "SUPPORTED" under status, you might just be in luck!!!

You can install a linux based firmware operating system on your wireless router. It will replace your router's OS completely with a MUCH MUCH more powerful one.

I recommend X-WRT since it is VERY userfriendly

http://x-wrt.org/

But OpenWRT is good for advanced linux users
http://wiki.openwrt.org/OpenWrtDocs/Installing

There's also DD-WRT for the complete n00b
http://www.dd-wrt.com/dd-wrtv2/index.php

All of them, once installed, have a SSH server right out of the box.

So your server is your router.

Thanks, I will try this.

~~~~~~ TO RUN A SSH SERVER WITHOUT A COMPUTER ~~~~~~~

If you dont like the idea of running a PC 24/7 at home, you can turn your wireless router into a SSH server.

Look at the hardware list here
http://wiki.openwrt.org/TableOfHardware

If your router's model number and revision has "SUPPORTED" under status, you might just be in luck!!!

You can install a linux based firmware operating system on your wireless router. It will replace your router's OS completely with a MUCH MUCH more powerful one.

I recommend X-WRT since it is VERY userfriendly

http://x-wrt.org/

But OpenWRT is good for advanced linux users
http://wiki.openwrt.org/OpenWrtDocs/Installing

There's also DD-WRT for the complete n00b
http://www.dd-wrt.com/dd-wrtv2/index.php

All of them, once installed, have a SSH server right out of the box.

So your server is your router.

If I remember correctly there are FON routers on Ebay for dirt cheap that can use this DWRT thingy.

Thanks, I will try this.



If I remember correctly there are FON routers on Ebay for dirt cheap that can use this DWRT thingy.


I'd recommend a Linksys WRT54GL if you are going to dish out the cash for a new router. Might as well buy a POWERFUL router. The WRT54GL can be overclocked to 250mhz (mine runs at 262mhz stable) and you can mod it to add a flash SD card to it to expand the memory to install OTHER applications.

You can run a small HTTP server with 1-2GB of storage with the SD mod.
I run an Asterisk VoIP server + HTTP + the SSH tunnel thing + router can become a relay access point (the router is a WIFI CLIENT!!) and a bunch of other linux applications.


WRT54G and WRT54GS are good too, but you need to find an older revision number.

FON routers are... meh...



edit - Im out for the night, Ill check back in the morning for questions and problems.

PLEASE READ!!!!

I forgot a VERY important registry setting for PocketPutty in Step 10

LocalPortAcceptAll = 1

VERY IMPORTANT!!!! ok? ;)

sorry for the mistakes

Hmm SSH server has given me lots of trouble. I think I would rather use an HTTP proxy if this made things work.

Nothing really works, and my internet connection is messed up when I use the SSH server.

I won't give up though. THIS IS A GREAT GUIDE.

If this is the way to kick T-Mo's Butt, I'm going to drive this into the ground!

Please try this, and post your results.

Alkizmo and I will hopefully get time to get this to work.

More Alkizmo than I, I'll be the guinea pig :-)

Alkizmo thanks for the great guide!

I got almost everything to work.. but I guess there's something still missing..

Pocketputty correctly connects to the SSH server with the correct tunnel settings (checked many times). Registry settings for Pocketputty are set correctly as well (also checked..). By the way, Pocketputty doesn't seem to know how to start EDGE/GPRS connection on demand, so I either manually connect, or start Opera browser and go to a random website to start the connection.

The proxy settings changed under the T-Mobile Data network, with HTTP proxy pointing to the T-Mobile well-known proxy server, and the SOCKS proxy (tried both SOCKS4 and SOCKS5) pointing to the localhost:1080 (tried 127.0.0.1, tried the id of the phone).

No luck... Windows Live Messenger still cannot connect.

Let's try to find out the missing piece!

Thank you!


p.s. using AT&T Tilt, with Dutty's hybrid ROM.

sorry for the late reply. It's been a while since i've roamed these forums.

So, you should try the SSH tunnel on another computer with the PC version of Putty and see if you can tunnel through sock4, so you can eliminate the server as a fault.


Second, you can do another test to see if it's pocketputty's fault or T-Mobile's proxy being very strange.

You test it by changing pocketputty's proxy settings to be very specific with a pop3 email server as explained in the guide. Then create a pop3 email account on your phone to connect through the pocketputty proxy.

If that doesnt work, then im thinking that there's something else at work to prevent you from tunneling. I had someone else with t-mobile that couldnt SSH tunnel for some reason.

I found your MISTAKE mmoroz!

You enter in the SOCKS proxy - localhost:1080

however, as specified in the step #3, you have to first give a unique ID name to your phone. Name it : mmoroz

Settings / System / About / Device ID / Device Name : mmoroz

THEN in SOCKS proxy, you enter - mmoroz:1080


WM5/6 dont seem to understand localhost or 127.0.0.1, that's why you got to specify your phone's Device ID as the localhost address.

Does windows live mail (hotmail) works with this method? The instruction looks complicated, but I'm willing to do it if it works with live mail with push feature. By the way, do I need static ip address for the server?

Thank a lot! This is a great guide!

Does windows live mail (hotmail) works with this method? The instruction looks complicated, but I'm willing to do it if it works with live mail with push feature. By the way, do I need static ip address for the server?

Thank a lot! This is a great guide!

Hotmail push email will work. The moment you're connected to messenger, all the other services will follow.

You dont need a static IP, but you'd need to have a system to either update your DNS address with your new IP every time, or manually change it yourself.

I got a dynamic IP, but since im on broadband, the connection is active all the time, so my IP pretty much never changes.

Hotmail push email will work. The moment you're connected to messenger, all the other services will follow.


Thanks A LOT! I'm working hard to get this work (no xbox for past 48 hrs). I'm using dd-wrt router to do the SSH server, but i have to change my verizon router to bridge mode first & i'm still trying to change it. Anyway, i will keep you update w/ my progress.

Guys, I STRONGLY recommend you setup a TEMPORARY SSH server before making all this effort to setup a permanent one. You can do this on your computer directly connected to the internet.

You should TEST with your phone BEFORE making a permanent server. That way, if your carrier blocks something special prevent SSH access, then you wouldn't have wasted your time setting up the server.

Hi,

I set up a SSH server on my Buffalo router with DD-WRT firmware. Instead of just use password, I used a private key for SSH server authorization. I did load/save the private on to the client on my phone. I got this error msg. on my phone when I try to connect to the SSH server.

PuTTY Fatal Error
"Server unexpectedly closed network connection"

I check the firewall log on the router, it confirmed that it accepted the connection from my phone. I did double check the IP address of the phone and confirmed that it's the same IP address from log:

Source IP------Protocol------Destination Port Number-----Rule
66.94.XX.XX------TCP ---------------------https------Accepted

By the way, I'm using T-Mobile USA service. Please see the attached picture for the SSH setting on my router (I did exactly as show on the picture, but I copied the pic from the web). I also enabled SSH remove management on my router.

I have been reading a lot of information regarding SSH. I can't figure out the problems yet. Please offer any suggestions.

~~~~~~ TO RUN A SSH SERVER WITHOUT A COMPUTER ~~~~~~~

If you dont like the idea of running a PC 24/7 at home, you can turn your wireless router into a SSH server.


I wouldn't suggest leaving any router, whether it be DD-WRT, OpenWRT or etc... open to SSH for an extended period of time... you're going to open up a bad can of worms security-wise. It's cool to do it for a short amount of time for testing, but when your done... close the hole and shut it down :cool:

Hi,

I set up a SSH server on my Buffalo router with DD-WRT firmware. Instead of just use password, I used a private key for SSH server authorization. I did load/save the private on to the client on my phone. I got this error msg. on my phone when I try to connect to the SSH server.

PuTTY Fatal Error
"Server unexpectedly closed network connection"

I check the firewall log on the router, it confirmed that it accepted the connection from my phone. I did double check the IP address of the phone and confirmed that it's the same IP address from log:

Source IP------Protocol------Destination Port Number-----Rule
66.94.XX.XX------TCP ---------------------https------Accepted

By the way, I'm using T-Mobile USA service. Please see the attached picture for the SSH setting on my router (I did exactly as show on the picture, but I copied the pic from the web). I also enabled SSH remove management on my router.

I have been reading a lot of information regarding SSH. I can't figure out the problems yet. Please offer any suggestions.



You're not using port 443. You need to use port 443, that's one of the only ports opened by the T-Mobile proxy.

Also, im not sure if SSHD will work with my trick. I only tested with SSH


I wouldn't suggest leaving any router, whether it be DD-WRT, OpenWRT or etc... open to SSH for an extended period of time... you're going to open up a bad can of worms security-wise. It's cool to do it for a short amount of time for testing, but when your done... close the hole and shut it down :cool:


Make the password extra extra long and block your router from responding to ping requests and you'll be fine. SSH is a very very very secure protocol.

Any idea on how to get this working for a smartphone? There is a SSH program called zaTunnel that works great on smartphones, I just don't understand this all enough to make it work.

The connection menu is different on PPC/Smartphone so that is throwing me off.

I have the ssh server up and running.

Thanks alot alki!!! I were doing the same today.. figuring how tunneling a connection because of my provider limitation until i foud this wonderfull thread! :D

Now to the problems (argh!) ...it is partially working here, i have checked each step many times just to be sure everything is setup properly but it still won't work.

I can connect on my PC via SSH and login smoothly, so apparently the connection is working (over 443 port) but apart that the rest isn't.

I've setup the dynamic port on Putty (1080) then the two ports forwarding (local) used by gmail with the respective servers, so i have:

D1080
L35995@pop.gmail.com:995 (<< you wrote 993 here.. is it a mistyping?)
L35465@smtp.gmail.com:465

So i've configure the email client to connect to mymobile:35995 ...but well the connection just timeout and it seems it won't initiate the connection via the ssh tunneling.
There's any way to check if the "request" arrived to my local PC or any other way to easily debug the process and figure what's wrong here?

Thanks again!

There's any way to check if the "request" arrived to my local PC or any other way to easily debug the process and figure what's wrong here?

Thanks again!

If you have a firewall, you can check the incoming log of the firewall.

Solved.. well not really solved, but i've changed the approach, im now using OpenVPN and it runs great! No ports and forwarding to configure and all the traffic is routed via remote machine. Hurra!

Solved.. well not really solved, but i've changed the approach, im now using OpenVPN and it runs great! No ports and forwarding to configure and all the traffic is routed via remote machine. Hurra!

can you give me some details? by the way, do u have tmobile usa?

I am able to connect to the SSH server if I don't modify the registry setting on my phone. Once I modified the registry setting, I'm not able to connect to the SSH server. "Network error: Connection reset by peer"

Thanks

can you give me some details? by the way, do u have tmobile usa?

Hi navy, im using Vodafone Italy ...that offer a very limitate WAP connection (it's the basic one) with only 80 (HTTP) and 443 (HTTPS) ports open and behind a firewall! So if it works with it... i believe it would work with any carrier (assuming that your carrier doesn't block even the HTTPS connections! lol).

I've prepped a guide (it doesn't go into "deep", it is for advanced users...) but it is in italian, so it wouldn't help you.

Talking about some details:

I'm using a PC with Windows XP Pro as server, connected to a ADSL Router via ethernet.
I'm using a PocketPC (Touch Cruise) as client connected via WAP GPRS (WAP or not, it's pretty fast since i'm covered by HDSPA).
On both machines i'm using OpenVPN.
The server is configured using "tap" and the NIC's are *BRIDGED* (the phisical network card of the server is bridged with the TAP virtual adapter of OpenVPN), and it's using a normal IP address of my LAN (same router/gateway subnet). Eg: router 192.168.0.1 ..then the bridge address would be 192.168.0.2.
The client is using a pretty standard "tap" configuration but using a HTTP Proxy (see OpenVPN documentation) since my provider doesn't allow to reach directly a public address. The TAP adpter has manually assigned a IP address on the *SAME* class of my remote lan. On the example above: IP: 192.168.0.3/24 and with 192.168.0.1 (my remote router!) as gateway, and 192.168.0.1 ad DNS server (again my router serves as DNS server as well).
As soon the tunnel starts, the PocketPC is projected into my remote LAN with the IP: 192.168.0.3 and it is *effective* a client of that lan, so it can surf the LAN and accessing to the internet like any other local client.

An important step (that made me lost my weekend to figure it out) is that the IP address and Default Gateway of the PocketPC *MUST* be assigned manually to the TAP interface (Connection > WiFi > Network Cards), it seems that the "redirect-gateway" directive (local or pushed via server) doesn't work on PocketPC! Another problem is about the DNS servers: they must be pushed via server because it seems that the manual configuration (to the TAP interface) doesn't work good, so to be safe: you assign em on the TAP interface (Connection > WiFi > Network Cards), then you push em via OpenVPN server directive: push "dhcp-option DNS 192.168.0.1"
...how i managed to figure this out? Well doing XXXX tests... and trying any possible combination until i found where the problem was. I see that all the people that are trying a "tunnel passtrought" on a PocketPC are having that exact same problem: the client apparently works, can ping the LAN etc., but the applications (connecting in example to a local webserver or even surfing the internet) doesn't work at all, that's because the default gateway isn't assigned and the traffic is not routed correctly!
And now the config files (change em according to your settings):


proto tcp
port 443
dev tap
dev-node OpenVPN # this is the tap interface name, nor the tunnel!

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0

ifconfig-pool-persist ipp.txt

server-bridge 192.168.0.4 255.255.255.0 192.168.0.31 192.168.0.41

push "dhcp-option DNS 192.168.0.1"

keepalive 10 120

comp-lzo
cipher AES-256-CBC

max-clients 10

persist-key
persist-tun


and the client:


client
dev tap
proto tcp

remote myip.dyndns.org 443 #i use dyndns to publish my dynamic IP

resolv-retry infinite

nobind

persist-key
persist-tun

ca "\\Scheda di memoria\\Programmi\\OpenVPN\\config\\ca.crt"
cert "\\Scheda di memoria\\Programmi\\OpenVPN\\config\\client.crt"
key "\\Scheda di memoria\\Programmi\\OpenVPN\\config\\client.key"
tls-auth "\\Scheda di memoria\\Programmi\\OpenVPN\\config\\ta.key" 1

cipher AES-256-CBC

comp-lzo

http-proxy-retry 1
http-proxy 10.128.201.76 80 #this is the vodafone proxy and port


Good luck... cause u'll need some. :D

Any idea on how to get this working for a smartphone? There is a SSH program called zaTunnel that works great on smartphones, I just don't understand this all enough to make it work.

The connection menu is different on PPC/Smartphone so that is throwing me off.

I have the ssh server up and running.

No, zaTunnel won't work. You need Putty for PPC, it should work on a smartphone though (I think).




L35995@pop.gmail.com:995 (<< you wrote 993 here.. is it a mistyping?)


No, it's 993

http://mail.google.com/support/bin/answer.py?answer=78799



I am able to connect to the SSH server if I don't modify the registry setting on my phone. Once I modified the registry setting, I'm not able to connect to the SSH server. "Network error: Connection reset by peer"

Thanks


I am able to connect to the SSH server if I don't modify the registry setting on my phone. Once I modified the registry setting, I'm not able to connect to the SSH server. "Network error: Connection reset by peer"

Thanks

If you can connect without the registry settings, it means you're connecting without using your cellphone carrier's proxy. Meaning you arent forced to use their proxy....

meaning you dont need this guide at all.


Solved.. well not really solved, but i've changed the approach, im now using OpenVPN and it runs great! No ports and forwarding to configure and all the traffic is routed via remote machine. Hurra!

Good job!
I actually started my tunneling attempts with SSH because I was more familiar with it. Also because when I started my researching in google to bypass a http proxy, most results were about using putty on a PC :p


Here are misconceptions I started off with :

- I thought the HTTP proxy would sniff out that the connection on port 443 wasnt used for SSL unless I used SSH.

- I thought using Putty was going to be simple like on the PC

- I thought VPN on PPC required a direct connection, thus couldnt connect through a HTTP proxy

- I had trouble with OpenVPN already on my PC to start with :p






I dropped this project a while ago since I moved to China. GPRS is cheap there, no proxy to bypass. I used my SSH tunnel only to get to websites blocked by the Chinese government ;) ( Can you believe they block wikipedia?!?!?!?!? :O )

I'll try to do OpenVPN one day on my PPC for the heck of it. However, if I screw something up on my router back in Canada, I can't connect to it anymore and the people residing where my router is don't know how to fix it :|

No, it's 993

I'm confused, 993 it is the "imap" port (imap.gmail.com) ...the pop3 port it is 995 (pop.gmail.com).


Good job!
I actually started my tunneling attempts with SSH because I was more familiar with it. Also because when I started my researching in google to bypass a http proxy, most results were about using putty on a PC

Me too.. and it's because you effort that i start to investigate a more reliable solution and ended on OpenVPN. It is alot less simple to configure but alot more solid that a SSH tunnelling that isn't (originally) designed for durability. Anyway as i said, if it wasn't for you i would probably never finished my project (different approach but the "concept" would be the same).

- I thought the HTTP proxy would sniff out that the connection on port 443 wasnt used for SSL unless I used SSH.

That's not the case, since the traffic runs on 443 that is intended for HTTPS (SSL) usage and OpenVPN uses SSL too (and encrypted), so the traffic is impossible to distinguish from each other. The only way to figure it out, it is with a "manual" investigation: the provider must connect to the end point to figure the service that is running there it is a OpenVPN instead of a HTTP(s) server. But this problem remains even using a SSH tunnel... but i cannot believe that a "guy" comes to check your endpoint manually over tenth thousand of other customers. Plus they cannot block it! Since they cannot HTTPs traffic happening, and they cannot blacklist your IP (it is public and dynamic so it wouldn't work), they only cease your connectivity contract.. and all this effort for some buks in a month.

- I thought using Putty was going to be simple like on the PC

That's correct, your solution took me 10 minutes to setup and have it working... OpenVPN took off my weekend (and no sleeping at all!).

- I thought VPN on PPC required a direct connection, thus couldnt connect through a HTTP proxy

We figured it works. :)

- I had trouble with OpenVPN already on my PC to start with :p

Me too.. initially, i were a bit disoriented, but i learned alot in 2 days. :)


( Can you believe they block wikipedia?!?!?!?!? :O )

Yes i can, here in Italy there's a paper article about china censorship almost every week. ;)

I'll try to do OpenVPN one day on my PPC for the heck of it. However, if I screw something up on my router back in Canada, I can't connect to it anymore and the people residing where my router is don't know how to fix it :|

You'll not touch the router (apart the port forwarding)... but surely you will touch the network (or at least a client there that will serve as openvpn server). Actually i'm getting more ambitous: instead having a server (PC) running h24 and loaded with the software (you know.. a power failure, or a OS error would be fatal if you're not around to adjust it.. and you'll be NOT around since it is supposed that you'll used it outside) i would like to connect a router with a modded firmware and a unix soapbox to my network (those fonera routers are perfect for this pourpose) and install OpenVPN there, so i will have my tunnel working h24 without care about PC's.

I'm confused, 993 it is the "imap" port (imap.gmail.com) ...the pop3 port it is 995 (pop.gmail.com).

Oh they changed the page (very slightly so I dont notice). It used to be pop.gmail.com showing there instead of imap. They added imap but didnt keep the pop.gmail.com settings.

Anyway, 993 still works for pop as well (using outlook that was setup more than a year ago)


You'll not touch the router (apart the port forwarding)... but surely you will touch the network (or at least a client there that will serve as openvpn server).


oh, I'm not worried about "touching" the router. I'm worried about losing remote control of it by messing around with OpenVPN. It happened to me a lot while testing for OpenVPN a long long time ago.

If I lose remote control of it, I can't physically connect to it. Router's in Canada, I'm in China



Actually i'm getting more ambitous: instead having a server (PC) running h24 and loaded with the software (you know.. a power failure, or a OS error would be fatal if you're not around to adjust it.. and you'll be NOT around since it is supposed that you'll used it outside) i would like to connect a router with a modded firmware and a unix soapbox to my network (those fonera routers are perfect for this pourpose) and install OpenVPN there, so i will have my tunnel working h24 without care about PC's.


You just reminded me of another reason why I dropped OpenVPN. I DONT have a PC that I can just leave there, turned on 24/7. I'm limited to my linksys router with the modified firmware. The CPU in it is only 250mhz and a minuscule amount of RAM. When I got OpenVPN working on it and connected via my PC, the router would slow down to a crawl, making it unusable.

However, I think a mobile phone wouldn't tax the router's processing power too much. As long as you dont use HSDPA type speeds on it with streaming radio or bittorrent :p



I'm just glad my project/guide has inspired people to continue the work. I spent a boat load of time on finding out how to do this. Had to figure out something that was never ever designed for a cellphone. I almost gave up until I realized that the very old/oudated/unstable Pocket Putty was in core the same thing as Putty for PC. No GUI options, but the registry keys were there :p

Then spent another boat load of time figuring out what the hell was the localhost address of the phone. Localhost and 127.0.0.1 don't work, can you believe that?


Anyway, when I go back to Canada, I'll definitively use OpenVPN ;) Would be fun to give my phone internal network access too.

You just reminded me of another reason why I dropped OpenVPN. I DONT have a PC that I can just leave there, turned on 24/7. I'm limited to my linksys router with the modified firmware. The CPU in it is only 250mhz and a minuscule amount of RAM. When I got OpenVPN working on it and connected via my PC, the router would slow down to a crawl, making it unusable.

Hmm.. i've seen guys running OpenVPN (in different configuration) on similar CPU's speed.. anyway you may just link a second router (or any other device capable of running a minimal linux installation...) to the main one and use it exclusively for your OpenVPN.

However, I think a mobile phone wouldn't tax the router's processing power too much. As long as you dont use HSDPA type speeds on it with streaming radio or bittorrent :p

Well it depends.. yeah, use your VoIP watch sh*t on youtube, to not talk about pr0n ("hey watch this!" to your friend) and you'll fill a 10mbit. :D

Then spent another boat load of time figuring out what the hell was the localhost address of the phone. Localhost and 127.0.0.1 don't work, can you believe that?

eheh.. they fixed it in wm6, your solution worked with localhost and 127.0.0.1 on my phone.

Anyway, when I go back to Canada, I'll definitively use OpenVPN ;) Would be fun to give my phone internal network access too.

Until you try to fit (that's happened to me yesterday) a 1920x1200 screen res into a QVGA and you forget to disable the option "fit into the screen"... when i've returned at home i've found all my windows and desktop icons squeeeeezed into a 320x200 piece of desktop at the left top corner screen. argh!

Hi there, i've put up a web page with some nice stuff:

http://arctic-things.blogspot.com/2008/01/internet-gateway-openvpn-openwrt-on.html

...it's not teoric, it is actually working. ;)

[QUOTE=
Good luck... cause u'll need some. :D[/QUOTE]

Thanks a lot. It's working now. I also figured out that I can set up to sync with my exchange server without it. Oh, well. At least I learned something need!

nice guide alkizmo ...but I have a problem ...I can't connect to the ssh server "Putty Fatal Error Proxy error: 403 Tunnel or SSL Forbidden"

I have solved the problem ...I have made a mistake in registri settings. The connection is ok now and I have tested it like this: I configured the local port to 35888 and the destination to google.com:80 then I typed in web browser http://WMbreakx:35888 and google web page is loaded.
My problem is now that I don't know how to set port forwarding for using YMSG protocol with IM+ or agile mes

I have solved the problem ...I have made a mistake in registri settings. The connection is ok now and I have tested it like this: I configured the local port to 35888 and the destination to google.com:80 then I typed in web browser http://WMbreakx:35888 and google web page is loaded.
My problem is now that I don't know how to set port forwarding for using YMSG protocol with IM+ or agile messenger( i know the port used by ymsg is 5050) ...but i don't know what destination I can use
Another questions is what function have the socks proxy configured to userID:1080

I followed the tutorial. Everything works great! I can TSE on my server, etc etc.
But, I can't seem to manage to connect to Windows Live Messenger. I got all the config screens, and it fails to synchyronize on the last one ("Please check your connection blah blah blah). Tried both socks4 and socks5... no frelling luck.
Can't we use a dynamic port in putty directly instead of using the socks proxy?

dynamic port is the socks proxy

so, if you do dynamic port forwarding on local port 1080, then you got to setup your phone to use socks proxy on 1080

and it's socks4, not 5.

Be sure to identify the socks proxy address as "phone name" : port

so, in "settings \ About \ Device ID" if your Device name is : mytytn

then socks4 address would be : mytytn on port 1080

Thanks for the answers alkizmo!

Now putty works seamlessly, I've been trying to set up the same VPN I use at work to connect at home. The config is ok, i can connect, blablabla.

But I can't seem to find anything that allows us to mes with the routing table of the phone. Route.exe anyone? : )=

thank you VERY much. it's JUST what I've been looking for SOOO LONG!!
however, I still have a small problem that - I guess - will be resolved in time.
"I'm still using dial up"!!:( cuz it's almost impossible to get an ADSL here:(:(:( at least for now...

I've followed all the steps, but when I arrive at putty, 127.0.0.1 port 443 it says "Server Unexpectedly Closed Network Connection".

What did I do wrong? :/

somehow I redid it and it worked - but how do you check your SSH's outgoing ip address? :D

Ok, I read this and thought "this is a great way to make use of the unlimited data plan that comes with Tmob's Blackberry plan", because if I run everything through the BES/MDS service, it is part of the BlackBerry data, and thus "free"... :D

Sounded like a good plan, but as soon as I installed OpenVPN on my phone (a Kaiser/TytnII/Vario III, but as it runs WinMob it is the same difference...) the BBC client no longer connected... :eek:

Has anybody tried OpenVPN and BlackBerry Connect on the same device before?... :confused:

Blackberry connect uses a DIRECT connection with your carrier (Tmobile). You cant proxy connect considering that you would be connecting as if you were coming through your VPN server (outside the cellphone network).

Same reason you cant do BBC through home WiFi.


http://img443.imageshack.us/img443/6386/pathpf7.gif


See red path going back to the BBC network? The line from unrestricted external internet to BBC is not allowed by T-Mob. They restrict access only to those within the wireless network.

IMHO you forgot a few lines in that graph... ;)

The BES (MDS, or as you named it BBC) server is reached by PIE for Internet Access through a proxy. If you use other apps that can use a proxy, and direct them to the same proxy as PIE, it will use MDS.

OpenVPN has the possibility to use proxies too. So if I point it at my OpenVPN server through the BBC Proxy, I should be able to do unlimited Internet...
So that would be something like:
Me [- Open VPN] -> BBC Client proxy -> BBC/MDS -> VPN Gateway -> "free" unlimited (albeit somewhat slow) Internet

The real problem (I think) is that as soon as I have OpenVPN installed, the BBC on my WinMob phone no longer wants to connect... :(

Anyway, it is worth some more experimenting when I have the time... :D

I posted a question about a simillar situation a couple of months ago in the section networking in this forum but unfortunately i had no reply since then. Here's the original message:
--------------------------------------------------------------------------
First of all congratulations to all users for this excellent forum.

Here's the situation:

In my country one specific carrier provider has a data plan with only 3,5 euros/month which offer unlimited browsing to internet (port 80 i assume) and unlimited downloads with the restriction that the file youre downloading does not exceed 1 MB.

The point in this story is that you cant work with applications that works in other port than the ports that they have open (eg voip).

They also have a proxy server to set up on your mobile device which is at 192.168.200.10 at port 9401.

The obvious question is if theres a possibility to establish a vpn connection between my mobile and a home server in order to "pass" all the traffic through their 9401 port so to conclude to use this service as truly unlimited (i mean "port free")?!?

Can anybody suggest the necessary software (vpn etc) to set up in both machines to give it a try? What kind of configuration is required in the vpn software you will suggest?Is there a point that i am missing?

My mobile device is an htc touch diamond.

Thank you!!
--------------------------------------------------------------------------

I've tried Alkizmo's method (putty-cygwin) with the explained configurations and so far i managed to establish a ssh connection between ppc and pc ONLY. The rest of the programs (messenger , youtube streaming etc) does not work.

I suppose the problem is somewere in the mysterious port 9401 my provider uses in its proxy.
Please give me some help to get this working and CONGRATULATIONS again for the tutorials.

I posted a question about a simillar situation a couple of months ago in the section networking in this forum but unfortunately i had no reply since then. Here's the original message:
--------------------------------------------------------------------------
First of all congratulations to all users for this excellent forum.

Here's the situation:

In my country one specific carrier provider has a data plan with only 3,5 euros/month which offer unlimited browsing to internet (port 80 i assume) and unlimited downloads with the restriction that the file youre downloading does not exceed 1 MB.

The point in this story is that you cant work with applications that works in other port than the ports that they have open (eg voip).

They also have a proxy server to set up on your mobile device which is at 192.168.200.10 at port 9401.

The obvious question is if theres a possibility to establish a vpn connection between my mobile and a home server in order to "pass" all the traffic through their 9401 port so to conclude to use this service as truly unlimited (i mean "port free")?!?

Can anybody suggest the necessary software (vpn etc) to set up in both machines to give it a try? What kind of configuration is required in the vpn software you will suggest?Is there a point that i am missing?

My mobile device is an htc touch diamond.

Thank you!!
--------------------------------------------------------------------------

I've tried Alkizmo's method (putty-cygwin) with the explained configurations and so far i managed to establish a ssh connection between ppc and pc ONLY. The rest of the programs (messenger , youtube streaming etc) does not work.

I suppose the problem is somewere in the mysterious port 9401 my provider uses in its proxy.
Please give me some help to get this working and CONGRATULATIONS again for the tutorials.

You can view the post #27 in this thread for vpn, it's a tutorial about Openvpn ...give it a chance ....I tried it but without resoults because there were a lots of problems with openvpn on windows xp (when I will have more time maybe I will try from a linux machine).

3.5 euros/month unlimited browsing and download sounds like Orange Romania ...it's true?
I don't understand what's wrong with port 9401 .... 192.168.x.x it's a private IP adress for LAN/WLAN or how it's named ...how you did realize this port 9401 is open?

I've tried Alkizmo's method but with similar results like you ...

Breakx , no the provider is Greek. The configuration (http) 192.168.200.10:9401 for the proxy is the one given by the provider in their website ,also the configuration all of us use to connect. There is not a mistyping. Maybe i'll give a try the openvpn method. you never know..

Hello,

I managed to set the SSH server under windows :); many thanks for the good guide!

I unfortunately cannot figure out any proxy information concerning my carrier that work.

Maybe someone can help or better: someone got it working in Germany

German T-Mobile, web n walk
APN ist internet.t-mobile

Many thanks!

Ok i tried your method to pass the traffic through vpn to bypass carriers proxy (proxy 192.168.200.10:9401) with open vpn on both sides (server pc - ppc). The result so far : i cant even connect to the server. (With the other guys method with putty i managed to connect but no applications running). I ask you to give me some help here because i am confused regarding the IP's gateways etc on the NIC's.I made a diagram to help us insert the exact data. The field IP auto/manual represends DHCP assigned IP/ Manual assigned IP. Also S/M = Subnet mask , G/W = Gateway. Lets clear this up i think it will help many people.. If you have any additional comment please post it here. Thank you for the usefull information anyway

Oh i forgot! To which ip should the 443 port be forwarded?

Is anyone currently using this trick with US T-Mobile and the T-Zones plan? If I try and use port 443 through the carrier proxy (as detailed in guide), I get "Server unexpectedly closed network connection." I can connect to my SSH server with my phone over wifi (without the registry edits) as well as with my laptop. I tried using other known open ports to tunnel out (tried 25, 110, 465, and 995) but Putty throws a "Proxy error 403 Tunnel or SSL Forbidden error" when it tries to connect through one of those.

Ok after some days of experimentation with the proxy bypass story i finally managed to bypass it in both ways ((a) alikzmo's method putty-cygwin , (b) npole's method openvpn).

The conclusions are that:

with the (a) method the setup is easier (thanks to the excellent tutorial in the first page) BUT it is difficult sometimes even impossible to make all the internet applications running on phone to bypass the proxy.The email application described in the first page is in the "easy side".

with the (b) method the setup is a bit more difficult (no detailed explanations in this topic).BUT if you manage to get this work then 80% of your phone's applications will work INSTANTLY. Hopefully Npole has more detailed explanations in the url: http://arctic-things.blogspot.com/2008/01/wap-openvnp-adsl-internet.html but it is in italian language that i dont understand so i post here the explanation translated in english (via systran :-()...it helped me although the translation is awfull..
--------------------------------------------------------------------------
Guide to the creation of a Tunnel VPN for remote logons firewallate/nattate aka “Like you bypasso the proxy”. Rev.c (update 17/01/2008)
by ARCTiC -

Premised 1: to go around the limitations of a net of third parts could violare policy and the TOS of the manager of the net.

Premised 2: the following guide previews a sure preparation and acquaintance, is not for neophytes, the operations to complete is not complex, but you could trovarvi in difficolta' in points little clear (or not explained at all perche' given for discounted) and not to be able piu' to continue, this could compromise the functionalities of net of your domestic PC and of that remote (no logon to Internet).

To what it serves?
The “tunnel” serves to go around the limitations taxes from the service provider (net under NAT, doors TCP “sluices”), instradando the Internet traffic towards an external gateway. Our remote device will become therefore a client of a connected net to Internet through “a not filtered” public address and sara'.

How it works?
The tunnel is made up of two points, client (that it is the remote device, in this guide our PocketPC), and the serveur (than in this guide sara' our PC of house/office connected to Internet through router an ADSL). The logon happens through OpenVPN (to freeware: www.openvpn.net) in configuration client for the mobile phone, and in serveur-bridged configuration for the fixed PC.


Necessary instruments:
- A connected machine physically to Internet with I KNOW that it allows the installation of OpenVPN (es: Windows, Linux). In this guide the installation and the configuration avverra' on a machine Windows XP Professional.
- An other machine with the same characteristics that functions from “client”. In this guide verra' used a PocketPC with Windows Mobile 6 (HTC P3650).
- The OpenVPN software.
- “A not narrow” Internet logon for the serveur. In this guide verra' used an ADSL Alice 7mbit.
- “A narrow” Internet logon for the client. In this guide verra' used a logon Vodafone WAP Internet (rate 9 euros).

Naturally the instruments listed over are “generic”, are possible to use any Internet logon for the serveur, thus as the guide is adaptable to other managers furnish (with the due adjustments), not being able to make the moment an exaustive guide has preferred to concentrate to me in particular on a configuration. Holding moreover present that the setup demands a minimum of acquaintance of the operation of a net, confido that who is interested this guide sapra' to modify the formulations second own requirements.

Like explained in the introduction: this is not guide “step-step”, therefore me soffermero' on the relative explanation to the installation of the software (in net is not present numerous guides), but passero' directly to the explanation of the configuration of the net and OpenVPN (than finalizzera' in the preparation of the files of configuration).

IP and subnet used (the IP and the subnet is obviously those of my net, goes therefore adapted to yours):

Public IP of the serveur: myip.dyndns.org (is indispensable to use a service of publication IP if the IP, as in the majority of the cases, is not static; I send back to you to www.dyndns.org for the relative configuration)
Physical IP of router/the gateway on the domestic net: 192.168.0.1
Physical IP of the serveur: 192.168.0.3 (after the bridging, to see after)
Physical IP of the client remote: 192.168.0.31 (to notice that it is on the same one sottorete)

Installation and Configuration:

- We install OpenVPN on the serveur;

Al term of the installation verra' created a card of “virtual” net (TAP), rinominiamola “OpenVPN” for comodita'. We select it with to the card of physical net of our PC (selecting them both with the mouse or adding holding them held key CTRL), with both the cards of net selected, we choose from the menu (skillful key) > “Logons with bridging”. Created Verra' a new adapter. To this point bridge diverra' the only controlable member of the net, assegnamo to the same (key destor > proprieta' > Protocol TCP/IP) an IP static (in this 192.168.0.4 guide) with 255.255.255.0 subnet mask, default gateway (in my case the router: 192.168.0.1) and DNS (in my case use the router like serveur DNS, therefore always: 192.168.0.1).

- We create the necessary keys for net VPN. This passage is not essential but highly recommendable! Moreover this guide makes uses of the keys, therefore in the event she is not wanted to be used, the files of configuration go opportunely modified. For to the creation I send back the official guide of OpenVPN, the instruments for their creation are found in the folder “easy-rsa” of OpenVPN (after the installation). At the end we will have 7 files (between certificates and keys), than I have rinominato in this way:

ca.crt
ta.key
server.crt
server.key
client.crt
client.key
dh1024.pem

we copy them in the directory “config” of OpenVPN on the serveur.

- We install OpenVPN on the client;

Al term in the installation (as we have made previously for the bridge) we assign to the card of virtual net as soon as created (in Windows Mobile 6: Start > Formulations > Logons > WiFi > Cards of Net > TAP1:) a static IP (in my case: 192.168.0.31 subnet 255.255.255.0) and serveur DNS (in my case the router of the remote net: 192.168.0.1). Attention the IP must belong to the same one sottorete of the remote net.

- We copy in also in directory “config” of client the certificates and the keys previously created: ca.crt, ca.key, client.crt, client.key, ta.key.

We now go to create the files of OpenVPN configuration for the serveur (server.ovpn) and the client (client.ovpn). I have preferred to insert them in this guide “near” so that they are immediately confrontabili.
In the directory “config” of the serveur, we create the rows server.ovpn with the following one contained:

proto tcp
port 443
dev tap
dev-node OpenVPN # is the name of the TAP *non of the bridge! *

ca ca.crt
CERT server.crt
key server.key
dh dh1024.pem
#tls-auth ta.key 0 # remmata, seems to give problems on PocketPC

ifconfig-pool-persist ipp.txt

serveur-bridge 192.168.0.4 255.255.255.0 192.168.0.31 192.168.0.41

push “dhcp-option DNS 192.168.0.1”

keepalive 10 120

comp-lzo
cipher AES-256-CBC

max-clients 10

persist-key
persist-tun

#status openvpn-status.log # only for debug
#verb 3 # only for debug


to be continued..

continue from previous post...

In the directive “serveur-bridge”, at the end, they are indicated the IP of the client remote that will come instradati towards the serveur.
The directive “port” (at the beginning) refers obviously to the door in listens of the serveur. Perche' I have chosen door 443? Perche' is the door of service “HTTPS”, one of the little doors (with to door 80) opened generally on “the limited” logons, like on “Vodafone Internet” (WAP).

In the directory “config” of the client, we create the rows client.ovpn with the following one contained:

client
dev tap
proto tcp

remote myip.dyndns.org 443

resolv-retry infinite

nobind

persist-key
persist-tun

ca “\ \ Card of memory \ \ Programs \ \ OpenVPN \ \ config \ \ ca.crt”
CERT “\ \ Card of memory \ \ Programs \ \ OpenVPN \ \ config \ \ client.crt”
key “\ \ Card of memory \ \ Programs \ \ OpenVPN \ \ config \ \ client.key”
# tls-auth “\ \ Card of memory \ \ Programs \ \ OpenVPN \ \ config \ \ ta.key” 1

cipher AES-256-CBC

comp-lzo

#verb 3 # only for debug

HTTP-proxy-retry 1
HTTP-proxy 10.128.201.76 80


The directive “remote” refers to the address of the remote serveur and to the door (the host name of the serveur verra' correctly “resolved” from the logon originates them from own serveur DNS, before that the client it is connected to the VPN and it begins the instradamento of the traffic). The path of the certificates “ca”, “CERT”, “key”, “tls-auth” it depends obviously from the path in which you have installed OpenVPN on the remote machine (in my case it heads for the card of memory of my PocketPC) and must be the path complete, poiche' the rows of executed configuration verra' from the external GUI.
Last the two lines refer to the serveur proxy on which verra' instradato the traffic in order to exit on Internet, in this example it is the serveur proxy of Vodafone in format IP DOOR. Also the logon towards our serveur on obvious door 443 passera', com'e', through this proxy. For less limitative logons (es: only doors sluices but no proxy, these directives go naturally removed).

Final configurations serveur: door 443 goes forwardata towards the machine where it is in execution the serveur OpenVPN (in this guide: 192.168.0.4). It goes shaped the firewall opportunely on the machine, if present.

Final configurations client: it goes shaped the firewall on the system. In this guide (relative to PocketPC and provider Vodafone) it goes shaped the logon: Start > Formulations > Logons > Advanced Logons > > “Selects Nets”, set up both parameters to: “Net Office”. As modems obviously used the apn “wap.omnitel.it” and not “web.omnitel.it”! IMPORTANT: It goes moreover set up manually the IP of virtual card “TAP: ” (Start > Formulations > Logons > WiFi > Cards of Net > “TAP1: ”), in this guide: 192.168.0.31 and default gateway of the router remote: 192.168.0.1 and DNS remote serveur: 192.168.0.1.

We launch finally () the serveur OpenVPN (skillful key on “server.ovpn” > “OpenVPN Start on this config rows”, if all it has gone well would have to be put in I listen in approximately 10 second ones.
We launch client the OpenVPN (skillful key on “client.ovpn” > “OpenVPN Start on this config rows”), that it would have to be connected to the serveur and being projected in the remote local net. Famous for PocketPC: to the installation of OpenVPN you apparira' the icona of a right PC low, to assign connection manager to the logon to use: tap on icona > utils > the Settings > Settings 2 > “Net Office” (Exclusive), you can use the same one icona in order launch the client: tap icona > start from config > client. In this way WAP logon GPRS would have to leave automatically when OpenVPN tentera' to be connected to the remote net. You can disabilitare from the configuration “Try to ping serveur on connect” poiche' you do not have some way to pingare your serveur before esservi connected.

If all you have gone according to plans (fortunate that you have at least this guide, than “sure works”, I does not sleep from three days in order to make the tests) now yours client is connected to the remote net and all the traffic is instradato through of it (any thing, also demands DNS), yours client therefore uscira' on Internet with the public IP of the ADSL and avra' full functionality of all the applicativi of net (web, email, voip, videoconferenza, remote desktop and quant'altro) all making to pass to the traffic through a single door (the local doors comes shunted correctly to the escape ofthe tunnel, and comes recreated of new to the “return”). It is from holding present that you will have also full access to your domestic net, therefore you will be able “to be annoying” on your local PC (to see film in streaming, to listen to music, collegarvi to the rooms of domestic videosorveglianza, etc).

TODO: to render this guide piu' exaustive, coming down in the details of the configuration, for the moment I do not have time (if someone wanted to take the briga to render it piu' compresibile, to him about it I would be pleasing). To render the configuration piu' snella: I use of the tunnelling with table routing created dynamically through OpenVPN directives. The advantage would be not to have to carry out bridge “a physicist” of the net cards on the serveur, without therefore compromising the architecture of the domestic net.

STEP2: installation of the serveur on router dedicated (OpenWRC) so as to not to have itself to worry of having a PC “always on” that make from serveur. Consultabile to this link: “OpenVPN Installation on Router Asus WL-500G”
--------------------------------------------------------------------------

In a previous post of mine i attached a diagram to be helped with the network configuration. Finally i filled out the diagram myself and here it is.

ATTENTION: I spent two days trying to find what the fault was on this..
If you use an wirelless interface as your primary interface on the server side instead of traditional wired NIC , and try to bridge it with the Virtual ethernet interface (TAP) is more likely the Network bridge you will create will have a faulty functioning due to the compatibility mode of those cards. For the solution refer to http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q302348&ID=KB;EN-US;Q302348&
Another interesting point is that if you try to make it work but you can't , try a soft reset to the ppc... (Microsoft OS...).
And remember to build the bridge First and then start Openvpn server.
That's for now..

I have read all the post here, read the first more the thrice, still couldn't do it,.
my proxy setting 10.10.1.100 9401
putty flashes connection closed by the server.

will wait for more successful stories and work arounds

Thanks

even if you manage to get putty working ,only the email service will work easily. Try openvpn.It is the appropriate solution.(see above posts)
Good luck

Thanks for all info on that m8s.
I have a small problem.
I managed to connect to desktop with openvpn even get ping over it but whenever I try to open an application that need Internet on my ipaq openvpn drops. It’s like that it's tring to connect to some ware else. Any ideas?

I suppose you can make the ping to the network bridge's private address (192.168.xxx.xxx) , i'm i right?

Is the proxy server disabled on the mobile device?
I cant think anything else right now...

hello and thank you for this great tutorial

in my case i have unlimited access to all ports with my carrier, but usage of ports for pop/imap/smtp are not in the "all included" so this is exactly the solution i was looking for : port forwarding only on some specific ports

I can get everything working and check emails thru the tunnel with pocket outlook, the problem is once emails are retrieved and PO enters the "disconnecting" phase, the tunnel seems to disconnect : even the putty window with top command stops updating. it i want to check emails again i have to close putty, relaunch it and recheck emails - not really convenient

any idea for this behaviour ? thanks !
Max

Both this, and the original article were great reminders of what can be accomplished with port tunneling and vpn over http(s).

@OP, from the post about a year ago: one possible solution to run openvpn is to ask the local resident to hook up a laptop on the internal network that you can access through your router. Then config the laptop and leave it running. Config the router to set the laptop into your DMZ, then leave both solutions running. If the laptop crashes, you still have your original access method available to you.

silenceisdefeat.com is a public SSH server where a shell account is created with a donation of as little as $1.34. Port forwarding using port 443 is possible.
I have used Alkizmo's method successfully along with this server to set up a tunnel. Only problem was "Connection reset by peer" which was resolved with the setting for "sending of null packet" with seconds in the single-digits. TCP keepalive is not required.

On my Raphael, PocketPuTTY (tried various versions) displays all characters as little squares, so I can't read the console output. This happens even without the tunnelling modifications and settings.
Anyone got an idea what is wrong?
I posted screenshots here: http://forum.xda-developers.com/showthread.php?t=661573

hi guys,sorry for bother but all steps are easy for me but
what is the ssh:ip I do not know what ssh?and
is that needed to be done by pc,so is there any ssh free ips
to connect to,I do not need to.I just want simple ip of ssh to
make my msn work over my proxy of carrier
thanks