Community


All times are UTC - 5 hours




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: iPad/iPhone on neorouter network, well it is a workaround
PostPosted: Sat Jan 19, 2013 4:42 pm 
Offline

Joined: Tue Aug 17, 2010 5:55 am
Posts: 28
Still waiting for the iPad/iPhone Neorouter client :-)

In the meantime I had to get my iPad on the Neorouter network, well it is a dirty hack and does not replace a real client.

It has several drawbacks, would need some improvements (lower security, as it connects with L2TP to Neorouter network, the most functions are not point and click, could not setup proper routing on Mac so had to use additional a W7 box for port-forwarding, etc). As I am not a command line guy, also did not want to spend a lot of time on this, here the implementation, all GUI driven, should be running including testing in 1 hour;

You need following:

a) one Mac on your Neorouter network (tested with Mountain Lion) On other OS to setup a L2TP server seems a real complicated story.

b) install "VPN Activator" on Mac http://netputing.com/applications/vpn-activator/

c) install "Squidman" on Mac http://squidman.net/squidman/

d) as I could not figure out, how to set more then one route for VPN server or port-forwarding on Mac with new pf firewall, you need also a Windows box for port-forwarding, I have a W7 VM running in Fusion on my MBP to do this, you need to install "PortMapper" from http://www.analogx.com/contents/downloa ... eeware.htm

e) on iPad the apps used for testing:
- Safari browser to connect to Neorouter webclient (to get IP addresses of Neorouter network, you need to click on one of the icons to see IP)
- "VNC Viewer" App
- "2X Client" and/or "iRdesktop" for RDP connection
- "zaTelnet"App for SSH and Telnet
- "Netstat" App
- IT Tools
- Ping

There is also a lot of other Apps what could be used, see below for explanation.

Setup:

Configure your L2TP/PPTP server and your router on your Mac as explained here: http://netputing.com/applications/vpn-activator/

Setup a dynamic DNS domain for your Neorouter server, use on the public side the port 443, a lot of mobile networks block ports other then 80 and 443. On router twist the port to the "official" neorouter port. Also create a dynamic DNS domain for the L2TP server if installed on different machine.

Configure Squidman as explained http://squidman.net/squidman/ (when you install Squidman, also Squid is installed automatically, nothing else to do. With this you can now browse via the L2TP tunnel and you Mac to the internet.

If you want to browse in foreign country, for example your Mac is in Europe and you have a other Neorouter client in USA, install on the US machine a proxy (if Mac use Squidman, if Windows the proxy from Neorouter or better http://www.youngzsoft.net/ccproxy/proxy ... wnload.htm (you can use free version) or http://www.analogx.com/contents/downloa ... eeware.htm then set in your Squidman the "Parent Proxy" which is the Neorouter IP address of your US client with proxy installed.

Now configure the VPN under settings General in your iPad. Select L2TP, better security then PPTP, set:

- Server: domain of your L2TP server

- Account and password and Secret as set on your L2TP server on Mac

- Send All Traffic to ON, if set to Off it will be split tunnel and requests to public addresses will NOT be routed via tunnel

- Proxy set to manual, Server to Squidman IP on Mac with L2TP server

Now you are ready for first test, connect iPad via L2TP to your Mac. try to browse the internet with Safari, use the VNC, 2x Client and other Apps to connect to all your machines on the same network as your Mac is on.(use real IP address on your home network, not Neorouter IP addresses)

Now the problem, you can not connect to other machines on the Neorouter network, because the L2TP server is by default only configured for one route, your home network. I could not figure out how to set up an additional route to Neorouter network. If someone knows, I would be interested to hear about it. Here I tried to get help, but I could not figure out the route tables to set https://discussions.apple.com/thread/4715455?tstart=30

Well, as I could not figure it out, I have on my Mac a Windows 7 VM in Fusion running. Installed the PortMapper from AnalogX, then you have to configure for each Machine and protocol (VNC, SSH, RDP) on the PortMapper a port forwarding (very simple, it is GUI only setup), for example, connect via iPad VNC to your IP of the W7 VM on your home network and for example port 10000 goes to the VNC server on the US machine forwarded, port 10001 to the RDP server on your US machine etc......well that's the big mess on this workaround. Anyway if you really want to do it....it works.

If someone could solve the issue with the routing on the Mac, I would really appreciate it. This would simplify a lot.

So if parent proxy is in US, you can watch Netflix and Hulu in other parts of the world. All iPad Apps using http will work via the proxy and parent proxy. iPad Apps using other protocols would need to setup proper port forwarding in the W7 box as the routing to neoruter network in Mac does not work.

Have fun to try it out (if you have one hour or more to waste :D )
//Wolfgang


Top
 Profile  
 
 Post subject: Re: iPad/iPhone on neorouter network, well it is a workaround
PostPosted: Mon Jan 21, 2013 1:04 pm 
Offline

Joined: Tue Aug 17, 2010 5:55 am
Posts: 28
Some Update:

A) If you replace the VPN Activator with EasyVPN http://www.squashedsoftware.com/products-easyvpn.php you get additional feature that you can add multiple logins for different IPad/iPhone users. In this version do not fill in anything under Network Routing definitions. This needs to be filled in only if you want to create a split tunnel (certain routes will be outside tunnel when on iPad the config for "Send All traffic" is set to off. This makes me believe that all route settings for L2TP are only for split tunneling and not to reach multiple networks on tunnel endpoint (but I maybe wrong)

B) If you want to avoid the W7 VM with portforwarding, you can do this in OSX with Netcat ( nc ) I have Zenmap installed http://nmap.org/zenmap/ ,with zenmap you get a more advanced Netcat installed "ncat". Commandline for forwarding the port 10001 (thats the virtual assigned port for VNC on your first server on neorouter network) and real VNC port for your neorouter box would be 10.0.0.1:5900 the syntax for ncat is:

ncat --sh-exec "ncat 10.0.0.1 5900" -l 10001 --keep-open

and needs to be set in similar way for all other machines and protocols RDP, SSH etc. To reach this VNC port from your iPad on VNC App you would use the L2TP server private address, for example 10.0.53.12:10001 and then ncat would pipe it to 10.0.0.1:5900
If the machine you need to connect to is a Mac you would need the "iTap VNC" App, because regular VNC viewer Apps on iPad can not connect to Mac's

C) If you want to proxy more protocols then http/https or needs traffic shaping, user control and also port mapping, then the Squidman proxy is not good enough (in the current form, except you are a commandline master), if this is the case you should use the CC-proxy from http://www.youngzsoft.net/ccproxy/ and install it on the W7 VM. Keep in mind if you use a second proxy as parent proxy (in other country etc), this has to be then also a CC-proxy to handle the other protocols.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 19 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: