I only started using Veency a few weeks ago but was bummed that it wouldn't work over the cell network due to the fact that incoming connection requests are blocked.
The guys over at this thread had the brilliant idea of creating a reverse SSH tunnel and automatically keeping that connection alive using Auto SSH and a couple of scripts. I wasn't able to get that working personally so I tried another route: VPN home server. The problem with VPN is that my local telco (Rogers) no longer allows the use of VPN over 3G unless you subscribe to their VPN service for an extra $10 /month! Crooks. In the end, I got the service turned on for free which gave me access to a new APN that would assign my phone a publicly accessible IP. This entailed some changes to the iPhone's APN settings but unfortunately the tech support agent I was talking to had no clue how to push the APN configuration over to my phone. So I used this link to create my own custom APN profile: Unlockit - APN Changer for your iPhone (visit via your iPhone)
Now that VPN was working over 3G and Edge I was finally smiling. The only thing I had to figure out now was how to get the phone to automatically connect to my VPN server at startup AND keep the connection alive as I roam about my coverage area. After fiddling unsuccessfully with some plist files in the iPhone's LaunchDaemons folder I realized it was unnecessary... now that I have a public IP for my phone I should be able to establish a direct connection with veency on demand without wasting precious battery power on a persistent connection. It worked! Big smile
So I'd killed two birds with one stone. Now all I had to do was get around the pesky issue of dynamic IPs... no problem. I downloaded a handy little app called iDNS from Cydia which regularly updates the phone's IP with my free No-ip host name.
That's it! Now if my phone ever gets stolen or misplaced I'll stand a good chance of retrieving it. Hope some of you found this helpful!
Update: I followed your link, ON MY iPHONE =)... and created a custom APN, i just dont see how this could create a public IP, or somehow disable the firewall 3G has built in to not accept incoming... but i will let you guys know as soon as i finish testing it...
im confuzed
i have herd of such things, note: im the guy from the other forums of reverse ssh tunnels to your iphone...
my method only allows a specific reversed server to have access to the iphone... NOT THE WHOLE WORLD!!
running a REAL server on a PUBLIC ip address requires a firewall...
I question the security of this idea, and the safety of your iphone... asuming this gets more attention soon, it will be a hotspot for hackers...
Please, I will do my best to get this forum linked to some security info sites (android) and see if there are any obviouse wholes... ie, someone can crack into your iphone without a password...
NOTE TO darko:
If you are using the above method... please make sure to change your mobile and root password on your iphone, and of course disable any listening server services when you do not need them
Last edited by michaelwithe21; 10-02-2009 at 12:45 PM.
lol first calm down a bit, you seem to get worked up over this in every forum post of yours I've read. Maybe it's just the frequent use of CAPS?
As I mentioned in my post, I had to contact my telco to get a public IP. Normally they (Rogers) charge $10/mo for this but I got it for free. I believe AT&T does as well but I can't be sure. You need this if you want to be able to use your phone's VPN over 3G. From what I understand it is they that block incoming connection requests as well as GRE packets over the 3G network. Afterward I had to update my APN settings myself because the CSR I was talking to had no clue what I was talking about. The link I provided is to a free service that will let you customize your own APN file and then push it to your phone. It works well. Alternatively, you can manually edit your APN settings or find an app through Cydia to do this.
As for your security concerns... yes, definitely change your SSH password. I'm sure that creating a SSH tunnel to your computer is safer but it lacks the convenience of being able to connect to (find) your phone from any machine besides your own. It also requires you to maintain a persistent connection which probably drains the battery much more quickly.
Anyway, this is an ISP approved service that they offer publicly so I assume that they're running their own security measures at some level. If not, iPhone hacking is pretty rare so I'm not concerned and will rely on application level password protection for now. I've also got Hackulo's security app installed for good measure (not exactly sure what it protects against though). If a better, more eloquent solution presents itself I'll adopt it but for now this is as close to ideal as I can get. Just throwing it out there for anyone else interested in trying.
you definitely nailed all of my concerns, and as long as you understand the security issue, all is well..
as far as the service provider putting up their own defenses on a public IP, i dont really think they can, a true Public IP with no router is OPEN... hackulo's pkg is ur best approach for the time being...
I have herd of people demanding a Public IP from AT&T, and i hope to do this soon, because as you said, the ssh tunnel itself does not drain battery (just when its connected to), but the auto ssh or daemon which would maintain it would definitely take its toll on the iphones small battery life...
LinkBack URL
About LinkBacks
Veency over 3G/Edge working w/ iDNS
safe? secure?
Reply With Quote
Posting Permissions
