I am trying to completely conceal all traffic on my phone from the wireless provider.
I would like to do this by directing the traffic through an SSH tunnel to my home router through iptables (not sure if they help?).
The phone is rooted and is running CyanogenMod 7.1 (and is therefore iptables-capable).
I've looked at this question, but I am still sort of shaky on the details. That question sort of describes how to do this for a single port - but how can I do this for every single packet on every single port?
This question is of both practical and academic interest. Thanks.
This doesn't solve your use case because this only directs the traffic of firefox, but you don't need root.
Install Termux app on android, EDIT IMPORTANT: Termux does not receive updates on Play Store anymore. Install the application and add-ons from F-Droid instead.
In termux install openssh pkg i -y openssh
ssh into server using dynamic port forwarding ssh user@server -D12345
Install Firefox Beta on android (at this time, plain Firefox doesn't support configuring with about:config
)
Open Firefox Beta, and go to about:config
Search proxy
Look for and set the following properties:
network.proxy.allow_hijacking_localhost: true
network.proxy.socks: localhost
network.proxy.socks_port: 12345
network.proxy.type: 1
make sure network.proxy.socks_port
matches with the port in the ssh command above
Done!, you are now navigating through the ssh server on Firefox
ssh user@server -D12345
(or just press Up+Enter if you have run this command previously)Install Termux
Configure ssh client by running the following commands:
# Ask for storage permission
termux-setup-storage &&
# Install openssh
apt install -y openssh &&
# Generate an SSH key
ssh-keygen -t ecdsa -f ~/.ssh/id_ecdsa &&
# Set a password for the private key
# Get public key
echo -e '\nCopy the following public key:'
cat ~/.ssh/id_ecdsa.pub
(Optional) If you have access to the server with ssh, then run:
ssh-copy-id user@server
If not, you need to manually add the public key to the server. This is explained below in the Setup server section
Install Firefox Beta - normal firefox might work if you can access to about:config
Open Firefox and go to the url about:config
, search proxy
and set the following configurations:
network.proxy.allow_hijacking_localhost: true
network.proxy.socks: localhost
network.proxy.socks_port: 12345
network.proxy.type: 1
make sure network.proxy.socks_port
matches with the port used in the ssh command in the Usage section
If you succesfully run the command ssh-copy-id
there's nothing to do here.
But if not, you need to manually add the public key generated:
echo 'public key' >> ~/.ssh/authorized_keys
In the future I will be keeping this up-to-date here: https://github.com/madacol/knowledge/blob/master/Ssh%20poor-man's-vpn%20on%20android.md