meiweijia / sshtunnel

Automatically exported from code.google.com/p/sshtunnel
GNU General Public License v3.0
0 stars 0 forks source link

Hack to have SSH Tunnel proxy work on Nexus 7 (rooted Android 4.2.1) #162

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?

1.  Setup SSH Tunnel with dynamic SOCKS Proxy, Global Proxy
2.  SOCKS connections will utilize SSH tunnel, but regular network traffic is 
not Global Proxied (is not sent to SSH tunnel but sent directly through normal 
network interface).   Alternatively Individual Proxy for apps doesn't work 
either.   It appears that IPTABLES is not working (tablet is rooted)

What is the expected output? What do you see instead?

Expected all network traffic to be sent via SOCKS proxy SSH Tunnel (effectively 
exiting on remote SSH server), but traffic is not proxied.

What version of the product are you using? On what operating system?

SSHTunnel 1.5.5 on Nexus 7 tablet running rooted Android 4.2.1

Please provide any additional information below.

Appears that app needs an option to Use System's IPtables, similar to Orbot 
(Tor) app, or ProxyDroid.

Installed ProxyDroid and AFTER establishing the SSH tunnel setup ProxyDroid to 
SOCKS5 proxy Global traffic to localhost port that is SSHTunnel local port.   
Used the ProxyDroid menu to ENABLE Use System's IPtables option.

This caused ProxyDroid to SUCCESSFULLY setup a Global Proxy that sent to 
SSHTunnel, and thus the whole thing worked.

Best long term fix is to add the Use System's IPtables option from ProxyDroid 
in as an option for SSHTunnel.    I suspect that this hacked solution should 
work for any rooted Android 4.2.1 system that includes iptables.

Original issue reported on code.google.com by jon.koop...@gmail.com on 27 Jan 2013 at 4:39

GoogleCodeExporter commented 8 years ago
I have this same behavior running SSHTunnel 1.5.6 on a first-gen Nexus 7 with 
Android 5.0

It doesn't look like iptables was actually populated with rules - iptables 
--list output attached from root shell. Note: I have selinux in permissive mode 
for this, to rule that out.

Here's some logcat. I wonder if maybe your bundled iptables binary is broke?
E/SSHTunnel(16355): Forward Successful
D/SSHTunnel(16355): /data/data/org.sshtunnel/proxy_socks.sh start 1984
D/SSHTunnel(16355): /data/data/org.sshtunnel/iptables -t nat -N SSHTUNNEL
D/SSHTunnel(16355): /data/data/org.sshtunnel/iptables -t nat -F SSHTUNNEL
D/SSHTunnel(16355): /data/data/org.sshtunnel/iptables -t nat -N SSHTUNNELDNS
D/SSHTunnel(16355): /data/data/org.sshtunnel/iptables -t nat -F SSHTUNNELDNS
D/SSHTunnel(16355): /data/data/org.sshtunnel/iptables -t nat -A SSHTUNNELDNS -p 
udp --dport 53 -j REDIRECT --to 58081
D/SSHTunnel(16355): /data/data/org.sshtunnel/iptables -t nat -A OUTPUT -p udp 
-j SSHTUNNELDNS
D/SSHTunnel(16355): /data/data/org.sshtunnel/iptables -t nat -A SSHTUNNEL -p 
tcp ! -d 173.171.41.22 --dport 80 -j REDIRECT --to 8123
D/SSHTunnel(16355): /data/data/org.sshtunnel/iptables -t nat -A SSHTUNNEL -p 
tcp ! -d 173.171.41.22 --dport 443 -j REDIRECT --to 8123
D/SSHTunnel(16355): /data/data/org.sshtunnel/iptables -t nat -A SSHTUNNEL -p 
tcp --dport 5228 -j REDIRECT --to 8123
D/SSHTunnel(16355): /data/data/org.sshtunnel/iptables -t nat -A OUTPUT -p tcp 
-j SSHTUNNEL

Original comment by drae...@gmail.com on 13 Dec 2014 at 5:30

Attachments:

GoogleCodeExporter commented 8 years ago
Hmm, even if I enter these commands myself nothing actually reflects in 
iptables --list... weird.

Original comment by drae...@gmail.com on 13 Dec 2014 at 5:33

GoogleCodeExporter commented 8 years ago
Workaround: org.proxydroid seems to work. Install that, and point it at 
SSHTunnel as a SOCKS5 proxy.

Note: org.proxydroid currently doesn't let you enter IPv6 bypass addresses, so 
if you need to bypass your tunnel for IPv6 stuff you're going to have 'fun' 
doing so.

Original comment by drae...@gmail.com on 13 Dec 2014 at 5:58