vpnc on KT

[carstenx]

Well, I won't have my KT for a few weeks, but I'm already thinking about what I can do with it... ;-)

To use wifi at my university I need a cisco VPN-client. Now, I have done a bit of research, but nobody has done this yet? Really?

I know there still is no jailbreak for the KT, but as I think this is just a matter of time, this is how I imagine I could install a vpn-client on the Kindle:

- cross compile the tun kernel module (sources are available...) and vpnc.
- copy them to the kindle
- configure launchpad to execute the command, so you can manually connect to the vpn after you have established a wifi connection

Am I missing something? Seems to be too easy!

Thanks for any feedback.


Carsten

[geekmaster]

It should be possible to run VNC as a web server over port 80 on a web server, in a way that would work even with 3G. You would view it with the KT web browser.

Progress is being made on the jailbreak. The firmware was extracted last night, and it is being studied. It contains much new code, which means that there are probably many new loopholes to investigate for jailbreak use.

[carstenx]

Quote:

Originally Posted by geekmaster

It should be possible to run VNC as a web server over port 80 on a web server, in a way that would work even with 3G. You would view it with the KT web browser.

Progress is being made on the jailbreak. The firmware was extracted last night, and it is being studied. It contains much new code, which means that there are probably many new loopholes to investigate for jailbreak use.

Good to hear.
But I meant VPN as in virtual private network...

[geekmaster]

Oops... I misread that. The "vpnc" in the thread title looked like "vnc" to me, and the misunderstanding was carried forward while reading your message.

I think the jailbreak crowd are reluctant to publish VPN/tunnel/proxy hacks for kindles (on mobileread) because they make it is too easy to abuse free 3G access.

The information IS out there if you know where to look. If you tunnel, please use it only on Wi-Fi.

[hawhill]

Lots of German universities use Cisco VPN appliances for enabling access to the internet via their unauthorized, open Wifi networks (i.e. they don't use Wifi security measures but rather use a VPN gateway).

Carsten, the solution you described looks as if it should work. However, compiling single kernel modules without recompiling the whole kernel has always been a PITA, so YMMV.

Also, if I'm guessing right, you might also be able to use "eduroam", the newer method. It uses enterprise WPA (Radius authentification). How to configure the kindle for these kinds of networks was already described here. It works without additional software (except for the means of bringing it up, like e.g. launchpad). Just search for "eduroam". If your university takes part in the eduroam initiative, the nice thing is that it is much more stable than Ciscos proprietary VPN and it will work in other universities, too.

[carstenx]

Quote:

Originally Posted by hawhill

Lots of German universities use Cisco VPN appliances for enabling access to the internet via their unauthorized, open Wifi networks (i.e. they don't use Wifi security measures but rather use a VPN gateway).

Carsten, the solution you described looks as if it should work. However, compiling single kernel modules without recompiling the whole kernel has always been a PITA, so YMMV.

Also, if I'm guessing right, you might also be able to use "eduroam", the newer method. It uses enterprise WPA (Radius authentification). How to configure the kindle for these kinds of networks was already described here. It works without additional software (except for the means of bringing it up, like e.g. launchpad). Just search for "eduroam". If your university takes part in the eduroam initiative, the nice thing is that it is much more stable than Ciscos proprietary VPN and it will work in other universities, too.

Thanks for the info, but sadly my university doesn't take part in eduroam. (But you were right, it's in Germany )

I'll try it my way then... Since geekmaster said, that some people here might be unhappy with seeing tunneling stuff in this board, let me know if I should upload my results here.

[geekmaster]

Quote:

Originally Posted by carstenx

... Since geekmaster said, that some people here might be unhappy with seeing tunneling stuff in this board, let me know if I should upload my results here.

The results would be welcome. Please post them. Just leave out any details that would make it too easy for the script kiddies to abuse 3G access with it.

[yifanlu]

How could a VPN client enable 3G abuse?

[carstenx]

Quote:

Originally Posted by yifanlu

How could a VPN client enable 3G abuse?

Glad you asked... ^^ No idea!

[geekmaster]

Quote:

Originally Posted by yifanlu

How could a VPN client enable 3G abuse?

Actually, a VPN is just a type of tunnel. If you really want to know, (naughty or desperate) people tether (tunnel PC internet access over USB through amazon free 3G) with Jesse's modified corkscrew, or by adding the "magic header" to privoxy. At least I did not provide easy to use instructions. Hopefully people who can figure it out are responsible enough to NOT abuse it.

A VPN connection from the kindle to a home server could send any kind of traffic over it, disguised as innocent HTML, with proper header configuration. The problem is that it is all too easy to consume excess bandwidth (think of Windows PCs polluted with applications that phone-home to check for updates) which WOULD eventually get noticed when amazon gets the 12 cents/MB bill from Sprint (or AT&T). They are likely to pass that on to you at 15 cents/MB (per your kindle registration agreement), or worse, clamp down on free 3G for everybody.

If you *really* wanted to, you could configure a kindle as a Wi-Fi hotspot, to share 3G internet over Wi-Fi, but that would eat batteries faster (but you could power the kindle through its USB port). And of course, tunneling traffic simultaneously from multiple PCs would just get your traffic noticed faster by amazon.

And sharing amazon 3G with your neighbors might encourage streaming video or music downloads. Would amazon be happy getting notices from the motion picture and music industries (or even just the bills from the cellphone companies)?

[yifanlu]

Quote:

Originally Posted by geekmaster

Actually, a VPN is just a type of tunnel. If you really want to know, (naughty or desperate) people tether (tunnel PC internet access over USB through amazon free 3G) with Jesse's modified corkscrew, or by adding the "magic header" to privoxy. At least I did not provide easy to use instructions. Hopefully people who can figure it out are responsible enough to NOT abuse it.

But amazon blocks all ports except 80, 443, and maybe a few others. All traffic must also go through their servers first. If you use 3G, you can only VPN to amazon if that even works.

[geekmaster]

According to vpnc.org:
"The term "VPN" has taken on many different meanings in recent years"

I was referring to this kind of VPN:
http://www.exiledmind.net/vpn-tunnel/
(except with the added HTTP header)

Of course, to connect to a typical IPSEC VPN, you would be limited to Wi-Fi.

[dasmoover]

You need to completely recompile the Kindle Kernel in order to support TUN. Please share your methodology if you end up getting it to work.

[geekmaster]

Quote:

Originally Posted by dasmoover

You need to completely recompile the Kindle Kernel in order to support TUN. Please share your methodology if you end up getting it to work.

Will loadable kernel modules work? 'insmod' is there, so it should work (no kernel recompile needed).

I use a loadable mmc module on my routers, to support an SD card wired to "spare" (re-used) GPIO pins. I do not know why TUN should be different.

[yifanlu]

Most likely not. Lots of modules need symbols from the kernel which requires them to be built into the kernels.