# psocks/cfg - "Build" settings for package #--------------------------------------------------------------------- [technotes] 1. The source tarball used by this package was created using upstream sources and patches as a starting point. The original tarballs are in- cluded with this "cfg" file. #--------------------------------------------------------------------- 2. This package (psocks) builds and installs two CLI programs: (a) psocks (b) tsocks "tsocks" is a bug-fix version of the classic TCP proxy tool of the same name from the 2000s. Note: This distro's version of "tsocks" both supports and enables DNS redirection. In the past, "tsocks" was often used for "tor"-related purposes. In that context, these days, "torsocks" should be used instead. However, "tsocks" remains useful in other contexts. "psocks" is a copy of "tsocks" modified to proxy TCP packets through a USB-tethered Android smartphone. It's part of the OldCoder Tether For- ever system. For more about "psocks", see the Tether Forever documentation provided below. #--------------------------------------------------------------------- 3. TETHER FOREVER. Subtitle: "Incompatible, my *ss." OldCoder says: Dedicated to Cricket Wireless. In 2021, I paid for te- thering but they told me that they couldn't activate it because only Cricket-brand phones and iPhones were "compatible" with tethering. O.K. So the procedure described here which shows how to get all the tethering that you want must be an illusion. Tether Forever is a kludge. The "sshuttle" approach that many people use is simpler. However, we haven't been able to get UDP to work in that approach. Additionally, Tether Forever is better suited to some use cases. The pluses of Tether Forever include: * You don't need an unlocked or rooted phone * You don't need "sshuttle" on the PC side * You don't need Python 2 or 3 on the phone side * You don't need to use firewall tricks for basic operations * Both TCP and UDP are supported * It's based on USB Tethering. This approach is fast. * The phone stays charged. The battery might age faster. This procedure is for Android phones and Linux CLI experts only. This said, if you're a Linux CLI expert, it's easy enough and it offers the points listed above. The main minus of Tether Forever is that it requires a number of man- ual steps. However, much of the per-Internet session work could be scripted. #--------------------------------------------------------------------- 3.01. Start with an Android smartphone dated after the mid-2010s. The phone doesn't need to be unlocked or rooted. It does need to sup- port Developer Mode, USB Debugging, and USB Tethering. Note: The exact name of the last feature may vary. The phone needs to be on a phone plan that provides mobile data. The phone plan doesn't need to allow tethering. Tether Forever doesn't need or use "wifi hotspot". #--------------------------------------------------------------------- One-time setup: 3.02. Choose one of your existing "ssh" keypairs to use with the pho- ne. Or create a new keypair. Copy the public key into any "wget"-com- patible website that you have write access to. #--------------------------------------------------------------------- One-time setup: 3.03. Install "termux" on the phone. Add "termux" to the exceptions list for any Android process killers that you use. #--------------------------------------------------------------------- One-time setup: 3.04. On the phone, run "termux" and execute: apt-get update apt-get install curl htop joe lynx nano openssh screen socat whoami Optional but recommended: apt-get install dnsutils Make a note of the username that "whoami" prints. It'll probably be something similar to "u0_a248". #--------------------------------------------------------------------- One-time setup: 3.05. On the phone, run "Termux" and execute two commands similar to the following: cd && mkdir -p .ssh && cd .ssh curl http://somewhere/sally.public >> authorized_keys Replace "http://somewhere/sally.public" with the appropriate "http" or "https" URL for the public key that you transferred in step 3.02. Note: Unless you know what you're doing, be sure to use ">>" and not ">". #--------------------------------------------------------------------- One-time setup: 3.06. On the phone, enable Developer Mode and USB Debugging. You should only need to do this once per phone. #--------------------------------------------------------------------- Per Internet session: 3.07. Cable the phone to a USB2 or USB3 port on your Linux laptop or PC. We're not sure of whether or not both types of ports will always work. But try USB3 first. Tether Forever seems to work O.K. whether the phone is plugged direct- ly into a laptop or PC port or into a USB hub. #--------------------------------------------------------------------- Per Internet session: 3.08. Turn on two settings as follows: (a) The USB Tethering option on the phone should now be un-greyed out. Enable it. In 2021, in at least one version of OxygenOS, this option was located on the following screen: Settings -> WiFi & Network -> Mobile Hotspot & tethering A related default setting was located on a different screen: Settings -> System -> Developer Options -> Default USB Configur- ation (b) If Mobile Data isn't already enabled, enable this as well. #--------------------------------------------------------------------- Per Internet session: 3.09. If you have a client-side "known_hosts" file, delete it: rm -f $HOME/.ssh/known_hosts If you use the "ssh" "ControlPath" and/or "ControlPersist" features to cache connections, delete any cached connection files as well. The command used to do the latter step will depend on where the cached connection directory is located on your system. You may need to do these steps once per Tether Forever session. #--------------------------------------------------------------------- Per Internet session: 3.10. On the phone, run "termux" and execute: sshd -D It should sit there without returning to the CLI prompt or printing anything. #--------------------------------------------------------------------- Per Internet session: 3.11. Set up networking on your laptop or PC to use "usb0". For Laclin, "setupnet" will list "usb0" as an option. For other dis- tros, you'll need to figure out the procedures to use. #--------------------------------------------------------------------- Per Internet session: 3.12. On the PC, execute "route -n" and note the Gateway IPV4 address in the "0.0.0.0" row. It'll probably be in the 192.168.###.### range but this isn't guaranteed. Note: You may or may not need to use "sudo" to execute "route -n". This command may or may not work to get the IPV4 in question in a scr- ipted manner: route -n | grep usb0 | \ grep -v 255.255.255.0 | \ sed -e 's/^0.0.0.0 *//' -e 's/ .*//' #--------------------------------------------------------------------- Per Internet session: 3.13. On your laptop or PC, edit "$HOME/.ssh/config" and add an entry similar to the following: Host phone # psocks gateway Hostname 192.168.42.129 port 8022 User u0_a248 IdentityFile ~/.ssh/salad.prvkey Replace "192.168.42.129" with the IPV4 from step 3.12 Replace "u0_a248" with the "whoami" output from step 3.04 On Laclin, the "# psocks gateway" comment shown here should be moved to the end of the Hostname line: Hostname 192.168.42.129 # psocks gateway Replace "~/.ssh/salad.prvkey" with a path for the private-key file from the phone keypair that you selected or created in step 3.02. Try the CLI command "ssh phone". If everything is working correctly, this should start an "ssh" session on the phone. To exit, type "exit" there or emulate Control-D. Laclin only: If things are set up correctly, "psocks-ipsetup" might do most of steps 3.12 and 3.13 for you. #--------------------------------------------------------------------- Per Internet session: 3.14. In a separate "xterm" or "screen" session on your laptop or PC, execute the following command: ssh -4 -v -i -C2TNv -D 9092 phone This should start a "ssh" session that prints a few messages and then sits there. The session may or may not go to a "bash" prompt. #--------------------------------------------------------------------- Per Internet session: 3.15. This step is optional for some phones and/or phone companies and required for others. Open a new "ssh" connection to the phone. On the phone side, execute a "socat" command to create a simple DNS relay. A shell script similar to the following should work: socat tcp4-listen:15000,reuseaddr,fork,bind=127.0.0.1 UDP:8.8.8.8:53 Most port numbers from 10000 to 60000 should work where "15000" is specified. On the local system, point DNS to the DNS relay that is now running on the phone. In the local step, be sure to specify the "tcp4-listen" port that you used on the phone side. Note: It doesn't seem possible to specify a port number in "/etc/ resolv.conf". One approach that does work is to use "dnsmasq" on the local side. This is a good idea regardless. You can start with the following settings in "/etc/dnsmasq.conf": all-servers cache-size=5000 interface=lo no-resolv server=208.67.220.220 # OpenDNS server=208.67.222.222 # OpenDNS server=8.8.8.8 # Google Add a line similar to the following: server=192.168.###.### 15000 Replace "192.168.###.###" with the phone IPV4 determined previously. Replace "15000" with the "tcp4-listen" port number from before. Set "/etc/resolv.conf" to the following line and restart "dnsmasq": nameserver 127.0.0.1 In theory, the DNS relay shouldn't be needed because "psocks" tries to translate DNS requests from UDP to TCP that can be proxied through the port 9092 mechanism that was set up previously. In practice, something prevents this from working in some cases. The supplemental DNS step fixes DNS in those cases. #--------------------------------------------------------------------- 3.16. If you've made it this far, you should now be able to proxy TCP packets through your phone whether or not you have a phone plan that permits tethering. As a bonus, depending on your phone and phone plan, it may be fast for some operations compared to typical hotspots. Speeds may be as slow as 1 MB/sec download but we often see 2 to 5 MB/sec. First, "psocks" commands of the following form will proxy many simple CLI TCP commands through the phone: psocks wget http://moocow/bigfile.dat psocks lynx http://google.com/ # etc. "psocks bash" won't work. Nor will attempts to proxy "ssh"-family pro- grams such as "scp", "ssh", or "sshfs". For more about the latter is- sue, see the following sections. Second, Chromium, Firefox, Thunderbird, and some other large GUI pro- grams and/or extensions will work with proxy settings similar to the following: SOCKS Host: 127.0.0.1 SOCKS Port: 9092 SOCKS Type: 5 (as opposed to 4) Use proxy to perform DNS: yes (if this option is offered) # Chromium: No Proxy For: localhost; 127.0.0.1; # Firefox and Thunderbird: No Proxy For: localhost, 127,0.0.1, 192.168.0.1/16 Important: In Firefox or Thunderbird or derivatives of the programs, the advanced setting indicated below should be set to true: network.proxy.socks_remote_dns To do this in Thunderbird, in some versions, use: Hamburger -> Preferences -> Preferences -> Config Editor The corresponding Firefox step is to be documented. Chromium and de- rivatives may not need this step. #--------------------------------------------------------------------- 3.17. It's possible to proxy UDP through the phone as well. There are some limitations: (a) You need to know which IPV4 addresses and UDP ports are in- volved. (b) You need to be able to specify the IPV4 addresses on a pro- gram's command line and/or in its configuration files. If these parameters are hard-coded in a program, it won't work without firewall tricks. To proxy UDP, "ssh" to the phone (ssh phone) and use "joe" or "nano" to create shell scripts similar to the following: socat UDP-LISTEN:30088,fork UDP:brown.moocow:30088 You'll need one script for each UDP hostname-port combination. In each case, replace 30088 with the port number and "brown.moocow" with the hostname. Execute the scripts using commands similar to the following: bash ./script01 >& script01.log & bash ./script02 >& script02.log & etc. You can use "ps ax" to confirm that the scripts are running. Now point the programs of interest to the IPV4 from step 3.12 (using the same ports as usual). We tested this with a UDP game and it worked great. Note: "socat" processes tend to accumulate over time. So, if you do this for a few days, you may need to reboot the phone and set things up again. #--------------------------------------------------------------------- 3.18. To proxy "ssh"-family commands (scp, ssh, sshfs, etc.), proceed as in follows: Create and run "socat" scripts as in step 3.17 but proxy TCP instead of UDP. It may be advisable to add the "-b###" switch shown below as well. The remote ports will usually be 22 in this case. The local (phone- side) ports will be arbitrary unique integers (between 1024 and 65000) as opposed to 22. For example: socat -b1048576 TCP-LISTEN:40001,fork TCP:brown.moocow:22 If you're going to transfer significant amounts of data in the upload direction, the "-b###" switch here is recommended. Otherwise, it may be optional. In theory, the "-b###" switch should be safe to use in most contexts. However, if you believe that it may be causing problems, drop it temp- orarily and restart the associated "socat" process and client connec- tions. For each such script, edit "$HOME/.ssh/config" on your laptop or PC and add an entry similar to the following: Host moocow-socat Hostname 192.168.42.129 Port 40001 User root IdentityFile ~/.ssh/moo.prvkey Replace "192.168.42.129" with the IPV4 from step 3.12 Replace "40001" with the TCP-LISTEN port from the "socat" script Replace "root" with the appropriate remote username Replace "~/.ssh/moo.prvkey" with a path for the private-key file that you use for the associated remote host. When you're in Tether Forever mode, use the "-socat" names from ".ssh/ config" instead of the regular names. Note: Some sites suggest using a ".ssh/config" feature named "Proxy- Command" to address this use case. We tried that approach and it was too slow. #--------------------------------------------------------------------- 3.19. If you need to run a program that uses both TCP and UDP ports, combinations of steps 3.15 to 3.18 above should work. #--------------------------------------------------------------------- 3.20. Tether Forever methods and results: Need to: Browse using Chromium or other major GUI web browsers Method: Use the SOCKS 5 proxy by way of the "-D 9092" CLI tunnel Results: Ookla speed test gives 31.40 Mbps D/L and 1.55 Mbps U/L Need to: Send or receive email using Thunderbird or its forks Method: Use the SOCKS 5 proxy by way of the "-D 9092" CLI tunnel Results: Works and should be fast Need to: scp, ssh, and/or sshfs Method: "socat" TCP proxy - See part 3.17 Results: 2 to 3 MB/sec D/L - Slower than "psocks" web access 0.3 to 0.5 MB/sec U/L - See notes below Need to: D/L a file using "wget" Method: psocks wget http://somesite/somefile Results: 2 to 5 MB/sec D/L "curl", "ncftp", and most other "http", "https", and "ftp" tools should also work Need to: Browse at the CLI level using "lynx" Method: psocks lynx http://somesite/ Results: 2 to 5 MB/sec D/L Need to: IRC using HexChat Method: psocks hexchat Results: Seems to work Use of the "socat" "-b###" switch may increase "ssh" upload speeds to nearly the level that is associated with a normal network setup. How- ever, this may still be slow. In theory, uploads using a "http" CLI uploader (through "psocks") or a web-based uploader (through "-D 9092") should be faster. In practice, they may not work because most web servers aren't set up to support large uploads. #--------------------------------------------------------------------- # 3.21. Summary of post-install setup steps: # phone: cable to hub or a USB2 or USB3 port # phone: turn on USB debugging # phone: turn on USB tethering # phone: ssh -D in termux # do steps 3.11 to 3.14 # keep the resulting ssh session open # start a new screen or shell session # # date # see if date is roughly correct # date 1107124623 # if date isn't roughly correct, do something # MMDDHHMMYY # similar to this # psocks runhtpdate # in another shell session #--------------------------------------------------------------------- [buildtimes] 00.00 hours (or 000.20 minutes) - 2021 L.A. dedi box: 6x2 CPU 32GB RAM 00.00 hours (or 000.28 minutes) - HP EliteBook 8560w 32GB RAM #--------------------------------------------------------------------- [settings] build = default exepack = yes license = See "license*.txt" in installed tree licfile = COPYING setpaths = psocks tmpsize = 3M #--------------------------------------------------------------------- [depends] actools gawk grep sed #--------------------------------------------------------------------- [configure] ETCDIR=$PKGDIR_PROD/etc MANBASE=$PKGDIR_PROD/man mkdir -p $ETCDIR $MANBASE cp -p $PKGDIR_SPECIAL/psocks.conf $ETCDIR/ autoreconf -f -i bash ./configure \ --prefix=$PKGDIR_PROD \ --build=$LACARCHBUILD \ --host=$LACARCHHOST \ --sysconfdir=$ETCDIR \ --disable-debug \ --disable-dependency-tracking \ --disable-hostnames \ --enable-shared=yes \ --enable-socksdns \ --enable-static=no \ --mandir=$MANBASE #--------------------------------------------------------------------- [postbuild] BINDIR=$PKGDIR_PROD/bin mkdir -p $BINDIR cd $BINDIR mv tsocks tsocks.bin cp $PKGDIR_SPECIAL/psocks.wrapper.in psocks cp $PKGDIR_SPECIAL/tsocks.wrapper.in tsocks chmod 755 psocks tsocks #--------------------------------------------------------------------- # Original URLs. These URLs were valid at one point, but may have died # since then. If you download newer versions of tarballs [etc.], don't # delete the original versions, as you may not be able to replace # them. [urls] url_debian = tbd url_home = tbd url_lfs = tbd url_tarball = special # See "technotes" in "cfg" file #--------------------------------------------------------------------- [history] 210625 Added package. Started with 210625. 210911 Worked on documentation