In previous manual I have described how to connect your PC to GPRS/EDGE Internet provided by iphone via USB cable. This outstanding result achieved with the help of small utility called iTunnel.exe from Iphone Tunnel Suite released recently. SSH protocol is used to provide the connection between the PC and the iphone.
Now I will try to explain another way of communication the iphone can use. We will connect it to the Internet-connected PC via standard USB cable and get the iphone online in this passthru, reverse mode. Without wifi, without GPRS/EDGE fee to GSM operator. Incredible, impossible? Read further...
The PC:
iTunes should be installed on the PC (UPDATE: iTunes 8.2/9 should be used for iphone OS3.x), moreover you may need .NET Framework 3.5 to be installed in order to make it work. By the way, I managed to start it on Vista Home Premium SP1 with its native .NET Framework 3.0. Iphone Tunnel Suite is not needed. Instead you need to download only a core part, the iTunnel.exe, one supplementary dll (iTunesMobileDevice.dll) and startup cmd-file. The link to itunnel.zip is below:
http://www.mediafire.com/?tnaqjzw0mnd - for OS2.x
http://www.mediafire.com/?tlmdkorzmyq - for OS3.x (iTunesMobileDevice.dll from iTunes 8.2)
http://www.mediafire.com/?2q1fzowoy12 - for iTunes 9 (iTunesMobileDevice.dll from iTunes 9)
For ssh access I am going to use Bitvise Tunnelier but you can try any ssh client you like. In particular, Tunnelier Portable is excellent GUI ssh client with clear interface and good help file. It doesn't need to be installed on the computer and can be started even from USB flash drive. Download it from here:
http://tp.vbap.com.au/download
The iphone:
You must have OpenSSH installed on the iphone. I recommend to have Bossprefs as a toggle tool in order to enable SSH server and for some other tricks below. Disable wifi to avoid any interference.
Make sure your gprs/edge settings (APN etc.) are entered in the iphone and it reliably works over gprs/edge. We need it only to be sure that gprs/edge network interface is OK.
1-4. The first three steps are the same as in previous post. Extract TunnelierPortable and itunnel.zip if didn't do it before, locate Runtunnel.cmd and be ready to start later. Start TunnelierPortable.exe, if you save your profile before, the program will autoload it after start. Check settings according to the following screens, some of them need to be changed.
Login - enter 127.0.0.1 into the Host field, the Username is root, the initial method is "password". The password is alpine (if you didn't change it). You can store the encrypted password in the profile if you like.
For better security you can use key pairs for authentication but this item is out of current guide, see ssh manual for details or wait for my further posts on it.
Options - notice two check boxes at the top right corner. Enabling "Open Terminal" and "Open SFTP" you can use internal Tunnelier Terminal and SFTP client (WinSCP-like) to access the iphone after the connection.
I recommend you to enable them both now, you may need them later.
* * *
Services - in previous post it was important option to enable socks-proxy on the PC. Now we don't need this option. Please uncheck SOCKS/HTTP Proxy Forwarding on the Services screen if it was Enabled before.* * *
Client to Server Forwarding - if you have any entries here (left from previous exercise) disable or delete them on this screen. Later you can save settings in a new profile making previous profile intact and keeping all your socks and C2S entries.And finally:
Server to Client Forwarding - the most important new screen in this guide. It contains entries for so called reverse port forwarding (-R in OpenSSH) through the ssh tunnel. This is the most incredible point in the huge list of ssh protocol capabilities. Let me explain it briefly. In prevoius guide and in this one the PC is ssh client while the iphone is ssh server. After the connection between them ssh allows not only reach some external sites through the forwarded ports from client to server but in the reverse direction, from server to client too. It means that if our PC acting as ssh client is connected to the external network (via Ethernet or wireless connection) the ssh server will be able to reach client's network too. Unfortunately, this can not be made directly, for any of this connection we should provide the "reverse tunnel" between client and server.
OK, what should be done for iphone?
We need http proxy for all http-based native iphone applications. If you don't have proxy server in your LAN you need to install some personal and easy to configure proxy server on your PC. I recommend privoxy (www.privoxy.org), it is free open-source proxy server well-known with its good ad-blocking filters. Installation is straight-forward, privoxy is ready to use immediately after setup is finished.
Start it, you will notice blue circle with P in your tray. Double click on it will open main privoxy window. Optionally you can make privoxy to be more informative. To change its config choose Options/Edit main configuration, privoxy will open it config.txt, find section 3.1 debug and uncheck this part in it:
debug 1 # log each request destination (and the crunch reason if Privoxy intercepted the request)Save config.txt, privoxy will accept changes immediately. It will give you more information in Privoxy window when connection will be made. The default http port it uses to serve client's requests is 8118.
debug 4096 # Startup banner and warnings
debug 8192 # Non-fatal errors
Let's return to S2C Forwarding screen, you may notice that its first entry prepares the tunnel to provide the requests from the iphone to the PC over port 8118. Then we have another issue.
How to force the iphone to use http proxy on its primary, gprs/edge interface?
There is no menu in iphone settings to change it (unlike the wifi), it is not documented but it is possible.
The trick is to change the iphone's preferences file in the following location.
/private/var/root/Library/Preferences/SystemConfiguration/preferences.plist (for 1.1.1 firmware)
or
/private/var/preferences/SystemConfiguration/preferences.plist (for 1.1.3 or higher)
The recommended way is to copy this file from iphone to your PC using sftp-interface of Tunnelier (see later), modify it with some text editor, for instance Wordpad, save, check the name of the modified file doesn't contain .txt ending and copy it back to the iphone.
What should be modified in preferences.plist? You need to add section responsible for using proxy autoconfiguration file there. Locate the part shown below and append it with a text in blue color:
<dict>
<key>Interface</key>
<dict>
<key>DeviceName</key>
<string>ip1</string>
<key>Hardware</key>
<string>com.apple.CommCenter</string>
<key>Type</key>
<string>com.apple.CommCenter</string>
<key>UserDefinedName</key>
<string>com.apple.CommCenter (ip1)</string>
</dict>
<key>Proxies</key>
<dict>
<key>ProxyAutoConfigEnable</key>
<integer>1</integer>
<key>ProxyAutoConfigURLString</key>
<string>file:///private/var/preferences/proxy.pac</string>
</dict>
...some more entries which we don't touch
In this file we add the link to proxy autoconfiguration file proxy.pac in /private/var/preferences directory on iphone. The file contains proper address for the proxy server.
When the iphone is connected to the PC via USB cable proxy.pac must be:
function FindProxyForURL(url, host)
{ return "PROXY 127.0.0.1:8118"; }
If you need to get access to gprs/edge outdoors proxy.pac must be just:
function FindProxyForURL(url, host)
{ return "DIRECT"; }
Update: Starting from fw 2.2 you don't need to switch back to "DIRECT" in proxy.pac. I noticed that Safari and other http-based iphone applications start working over GRPS/EDGE again if there is no cable connection despite the proxy.pac remains with PROXY 127.0.0.1 inside. So the rest of section 1-4 (EdgeProxy plugin etc.) could be easily skipped to section 5 and kept here for historical reasons only. Anyway, if you prefer to switch proxy mode on and off you, sure, can use the method described below.
To simlify the task I have already prepared these files for you. Download edgeproxy.zip from here
http://www.mediafire.com/?ymkdc9zmjjh
In addition, I have made the plugin for BossPrefs 1.73 allowing to toggle proxy.pac thru BossPrefs interface.
Please find detailed manual in the Readme.txt inside.
Note the archive doesn't contain proxy.pac directly, but only two pattern files: proxy.edge and proxy.off.
Enabling EdgeProxy ON should copy proxy.edge to proxy.pac, create signal .pid file and REBOOT the iphone in few seconds to enable proxy settings. After restart BossPrefs will show you the right status of the EdgeProxy. So now the iphone is ready for connection via USB.
When you need to disable proxy start BossPrefs again and flick the EdgeProxy OFF. BossPrefs will copy proxy.off to proxy.pac, remove .pid file and REBOOT the iphone to make changes.
On my 1.1.1 firmware everything is working fine. I am not sure it will be so easy on more newer versions because of changes (user mobile) in BossPrefs execution of plugin commands.
Update: Everything is OK here with 2.0.2 iphone and latest Bossprefs. So please use the plugin.
Anyway, you know that through the Tunnelier Terminal connection (started with root credentials) you can make some copy commands manually or just prepare simple .sh scripts to automate the task.
See my scripts here as an example of those scripts.
OK. Now everything is ready to start.
5. Connect the iphone to the PC with standard USB cable, be sure that SSH server is enabled on the iphone. Be sure your PC is connected to the Internet.
6. Launch the Runtunnel.cmd mentioned above. If you didn't start it before notice Windows Firewall warning and add iTunnel to the exceptions list. You will see the black console window contains nothing except the itunnel.exe 22 22 command. Do NOT close this window, it should stay opened during the whole connection session, later you will notice some messages there proving that tunnel is working.
7. Press Login button in Tunnelier. First time the client will ask you to accept the host key from ssh server (your iphone). Accept it and look at the Tunnelier lower pane for log of the connection. If you enable Terminal and SFTP check-boxes Terminal and SFTP client windows will be opened.
You can use SFTP to copy preferences.plist forth and back to arange proxy access if you didn't do it before. You can use Tunnelier Terminal to execute commands to replace proxy.pac if BossPrefs failed to do it.
If everything is fine with preferences.plist and proxy.pac after the ssh connection you can start Safari on your iphone. Safari should start working over proxy server on our PC, you can see some entries in privoxy main window if you enable extra debugging options in privoxy config above. It means that our goal is reached! Open http://2ip.ru or http://www.whatismyip.com in Safari to make sure that your ip address is the same as on your Internet-connected PC. Try other iphone applications - Weather, Stocks, Maps, YouTube, iTunes, Cydia. Anything that use http to access will be forwarded thru reverse tunnel from ssh-server to ssh-client and appears as local proxy request to the privoxy proxy server. Fine. Our wildest dreams come true!
In addition, if you have some other proxy server in your LAN, for instance, in your office you can connect the iphone to it directly. In this case you don't need privoxy. Assuming this proxy server address is 192.168.0.10 and port 3128 we can change our S2C settings as shown below.
Now we put 192.168.0.10 in Destination host field and 3128 in Destionation Port. All requests from the iphone to LAN proxy server will look like the requests from your PC so you don't need extra permissions.
Well, but what about Mail? It doesn't use http for access. Look at the S2C Forwarding screen again, two additional entries are two additional reverse tunnels to provide access to gmail imap and smtp servers. If you use another mail providers please change the Destination host and port accordingly. The only drawback is that you need to change Mail settings in the iphone menu, so instead of real mail server name or ip address you should enter 127.0.0.1. In my gmail example it should look like this:
Please note that if you do not change settings for email accounts Mail will still be working over gprs/edge wasting operator's traffic despite the iphone is connected to the PC via USB cable.
If you use some other native iphone applications that should be connected over their own ports please add extra entries in S2C Forwarding screen with Destination Host and Port used by these applications. In configuration of the application don't forget to choose 127.0.0.1 as its server address in order to tunnel the connection from telephone to computer via USB cable. Remember, ssh can tunnel TCP-based connections only.
OK, the long guide is finished, it was longer than I thought before start. I hope you managed to fulfill the mission. If not please check back all settings, screenshots and files. Don't be hurry. Try again and you will get it as I am.
If you have question, remarks or additions feel free to apply it to me by email. I will try to help.