Setting up Global SSH Tunnel on Android

Search This thread

sam.jaat

Senior Member
Feb 11, 2012
113
7
Haryana
Samsung Galaxy S20
I think it is open
I just had to put proxy and port by modified setting of vpn
Proxy is 10.0.0.3
Port is 3128
IP is set to dynamics
And then it connects
And all boatware apps like chrome playstore connect
Buy third party apps like ucbrowser and games don't connect
 
Last edited:

khaytsus

Senior Member
Apr 8, 2008
7,258
1,175
Central Kentucky
I think it is open
I just had to put proxy and port by modified setting of vpn
Proxy is 10.0.0.3
Port is 3128
IP is set to dynamics
And then it connects
And all boatware apps like chrome playstore connect
Buy third party apps like ucbrowser and games don't connect

If you have OpenVPN up and running, ALL connections should be redirected through it completely transparently. Are you using OpenVPN? If you've just set a proxy in Wifi settings or something, I don't know what that actually works for, but I doubt it works for anything except web connections.
 

strifej

Senior Member
Feb 4, 2008
462
80
Samsung Galaxy Note 3
LG V40
I'm in China so I'm somewhat of an old hand at VPN stuff. Ever since SSH Tunnel app stopped working (4.2 or 4.4), SSH tunnels aren't the most convenient for Android. And since most people in this thread would have a SSH server, you already have the tools you need to set up some alternatives.

Shadowsocks - Very similar to SSH and works very well (by the guy that wrote the original SSH Tunnel app). The main webpage has instructions on how to install and the config is very simple. There's an up to date client on the play store. Does global system tunnel so everything is routed through it.

OpenVPN - more difficult to set up, but lots of guides. There are multiple clients that work and if you need obufscation (China/Syria/etc), you can run a patched OpenVPN that scrambles the header. If you do go this route, google bolehvpn for a client that supports it. Doesn't work for me on Lollipop though.
 
  • Like
Reactions: dixi00 and xiocc

diogo.sena

Senior Member
Apr 7, 2011
675
276
I'm in China so I'm somewhat of an old hand at VPN stuff. Ever since SSH Tunnel app stopped working (4.2 or 4.4), SSH tunnels aren't the most convenient for Android. And since most people in this thread would have a SSH server, you already have the tools you need to set up some alternatives.

Shadowsocks - Very similar to SSH and works very well (by the guy that wrote the original SSH Tunnel app). The main webpage has instructions on how to install and the config is very simple. There's an up to date client on the play store. Does global system tunnel so everything is routed through it.

OpenVPN - more difficult to set up, but lots of guides. There are multiple clients that work and if you need obufscation (China/Syria/etc), you can run a patched OpenVPN that scrambles the header. If you do go this route, google bolehvpn for a client that supports it. Doesn't work for me on Lollipop though.

You can still use sshtunnel app, the only thing that is broken is global proxy, working perfectly in android 5.1
Just combine proxydroid( by the same developer too ) for global proxy (using localhost as address) and sshtunnel.
 

runswithascript

Senior Member
Sep 23, 2012
162
6
Dublin
I had thought Shadowsocks would take care of what I am looking for but it does not. It seems to not have any option to connect to my SSH server.

Is there any app that will automatically connect to my SSH server (preferably with a key), whenever I reboot my phone, or when the connection changes from Wi-Fi to mobile data, and maintains a global proxy? The key word is automation here, SSH tunnel does not seem to work automatically, and as someone has mentioned global proxy is broken. Ki4a works very well, but it is not automated, you have to start it whenever you power on your phone/switch data connection, and press a button, so autostart would not handle this.

Maybe our only option for automatically encrypting all of our traffic on Android is VPN?
 

r0ark

Senior Member
May 13, 2010
104
8
Why don't you guys make your life easy and do this.

1. Get a wifi router that is capable of taking modern aftermarket firmware that has OpenVPN Server built-in. I highly recommend the Asus RT-xxx series routers that can take the Asuswrt-merlin firmware. It's basically a linux box that you can install a crap load of software on it via Entware packages. Look it up. Or you can install a virtual OpenVPN server on your network.

2. For example, on the Asuswrt-Merlin firmware, configure the OpenVPN Server via the gui and export the config file (.opvn). Very easy.

3. On android, install "OpenVPN for Android", import the .opvn config file. In "OpenVPN for Android", tick a couple of boxes for forcing all traffic through the tunnel, and profit! All the traffic on your Android is now tunneled through your home wifi router, including DNS resolution.

4. Bonus points, on your Asuswrt-merlin firmware, setup DNScrypt and AB-Solution (advert block solution). Now, all dns lookups are encrypted and ads are block for all devices going through this wifi router.

All this is very easy.
 

mel2000

Senior Member
Apr 26, 2011
198
29
Is there a test that can be done to determine if SSH Tunnel is working on my unrooted Android 7.0? The app icon is running just fine after launch. There's no need to anonymize my IP address and since my phone is unrooted, there's no need for Global Proxy. I'd like to know how to test that SSH Tunnel is encrypting my browser traffic. Thanks.
 

DeadSilent001

New member
Nov 11, 2022
4
0
I have a major problem. I believe someone has hacked my android. It started almost a year ago and I didn't figure out what was going on until about three months ago. That is when I began to study penetration testing. What I have discovered is frightening. I run my android without a SIM card and I believe this is where the answer I seek is hidden but I cannot find the answer anywhere. When I do ifconfig I see tun0 running sometimes, but not all the time. I never opened an set tunnel and have no vpn running. I cannot kill the connection. I thought I was crazy when I heard my neighbor talking through the wall when he said something about hacking and using a code. But now I think I just have good hearing. Any help on this problem would be greatly appreciated.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 7
    For anyone interested in data security the ability to encrypt network traffic is obviously important-- especially in light of the myriad of recent well publicized reports of private and government electronic snooping. It is also relevant to mention that to date no one has come close to cracking "TwoFish" encryption which can be used by SSH. With this in mind, consider the following tutorial which describes a method for encrypting all 3g, 4g, and Wi-Fi data, thus beefing up phone and personal data security.

    Setting up a global SSH Tunnel on Android phones
    This tutorial assumes the reader possesses a fully configured SSH server and rooted phone. In lieu of a server, (eg., the reader only has only a Windows-based operating system), research into CYGWIN is recommended. I use CYGWIN to run my SSH server and I have found that it is the most robust option for Windows users; however, setting this up on Windows can be a daunting task.

    Setting up global SSH Tunnel on Android
    1. Download 2 apps from the Google Playstore: ConnectBot and ProxyDroid
    2. Install ConnectBot and ProxyDroid on your phone.
    3. In ConnectBot set up Port forwards for your SSH connection. For "Type" field use "Dynamic (SOCKS)." For “Source Port” use 56001 or any local port not being used. The reasoning behind using port 56001 is this: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535)
    4. Open ProxyDroid and configure as follows:
    Host: 127.0.0.1
    Port: 56001 (or the port you chose to use in step 3)
    Proxy Type: SOCKS5
    Global Proxy: Check the box

    The above procedure accomplishes several things. First, ConnectBot remotely connects to your SSH server. Next, the ConnectBot connection forwards to the local port 56001. ProxyDroid then redirects all network traffic through the localhost on port 56001. Once you are connected through ConnectBot and ProxyDroid is activated all of your data will be tunneled through the encrypted ConnectBot session. This is an excellent way to set up a global proxy because it does not require manual configuration of any applications to connect through the proxy. You can test the functionality of the connection by opening up your phone browser and performing the Google search: What is my IP. If the proxy is functional you will see the WAN IP of the network of your SSH server. Additional and more thorough testing can be done with packet sniffers such as WireShark.

    An application called "SSH Tunnel" is an alternative to accomplishing the above. However, I find ConnectBot and ProxyDroid is more elegant and gives better control-- not to mention being more sophisticated/chic. When correctly performed the ConnectBot and ProxyDroid method encrypts all 3g, 4g and Wi-Fi data on your phone. This is obviously useful for phone access of sensitive materials especially using unfamiliar or alien network connections. With the current proliferation of identity theft via electronic snooping on mobile devices I do not advocate using cellular phones for any banking or electronic transactions without setting up a robust and reliable encrypted connection.
    2
    I'm having trouble with this exact setup on Android 4.3 with DNS Proxy (proxydroid) enabled in China. When DNS Proxy is enabled, no traffic will come through at all. If I disable DNS Proxy, it works but without proxied DNS requests, I can't get to Youtube/twitter/FB.

    Any ideas?

    SSHTunnel for 4.2.2 is a much better alternative than running 2 separate apps and I still use it on my 4.2.2 tablet. But I don't want to downgrade my phone to 4.2.2 just for this :(
    2
    thank you for this tutorial!

    I have been looking for a new way to setup SSH tunneling since the app "ssh tunnel" from the Google Play store stopped working with Android 4.2+

    I can't wait to try this out..

    I have two phones both SGS4's one running CM 10.2 and the other stock on 4.3 so i will try both of them out and report back here how it works out.

    Thanks again for the tutorial!

    -droidshadow
    2
    I'm in China so I'm somewhat of an old hand at VPN stuff. Ever since SSH Tunnel app stopped working (4.2 or 4.4), SSH tunnels aren't the most convenient for Android. And since most people in this thread would have a SSH server, you already have the tools you need to set up some alternatives.

    Shadowsocks - Very similar to SSH and works very well (by the guy that wrote the original SSH Tunnel app). The main webpage has instructions on how to install and the config is very simple. There's an up to date client on the play store. Does global system tunnel so everything is routed through it.

    OpenVPN - more difficult to set up, but lots of guides. There are multiple clients that work and if you need obufscation (China/Syria/etc), you can run a patched OpenVPN that scrambles the header. If you do go this route, google bolehvpn for a client that supports it. Doesn't work for me on Lollipop though.
    1
    Yes, you can also use connectbot + proxydroid. But it's too much of a hassle to load 2 programs and click a few things in each. With a shadowsocks or opevpn, it's usually 1 click.