-- Leo's gemini proxy
-- Connecting to warp.geminispace.club:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en
ISSUED: 2023-09-29 LAST EDIT: 2023-11-22
> A big thank to Absc, Cage and Op that helped me to realize this gemlog! π
I have been struggling for ages to get a proper android tethering connection, mostly because I have been mastering the way of the pebcak β which is not good π β and also because people share fake guides and tutorials on the Internet, and this really pisses me off from the bottom of my bottomβ¦ π‘
However, eventually, I was able with some gemi-friends assistance to funnel the connection through an SSH tunnel and to get unbelievable performance.
This tutorial has been tested on:
Crapdroid 12
Elibom-T π
OnePlus Nord N200 5G
Armbian Bookworm
Odroid-XU4
Firefox ESR 117 ArmV7
A decent phone that support USB tethering
A computer (desktop, laptop, SBC) with a USB 3 port
A USB 3 Type C data cable (usually provided with your phone charger)
On Crapdroid you need to install:
Termux (available on the F-Droid repo)
And inside Termux you need to install:
pkg install dropbear python iproute2
> This requires F-droid installed and at least 1GB available on your device.
Also you need to enable USB tethering on your phone:
All the guides I read suggested to create a pair of keys, especially if you want connect to the phone over wifi (hotspot). Useless to say that I couldn't get this working, however you need to create a password no matter what, so from Termux you must type the following command and create a brand new password:
passwd
It will prompt to insert the password twice as usual. Now with the password enable you can connect through the SSH connection with and without the tunnel. I won't tell you how to enable the keys, you can read the documentation by yourself:
Honestly, since I am connected to the Odroid-XU4 board through a USB cable I don't need to use any key, the password is just fine. However even if I would use the wifi hotspot I believe it would be safe as well since from my phone I can decide how many devices can connect to my hotspot, and if I authorize one connection only nobody else will be able to connect to my phone in first place and to dropbear in second place.
This is the software required on Armbian:
openssh (installed by default)
Firefox (installed by default)
also any software that can use "the socks 5" protocol
highly recommended TMUX
> These requirement should be applicable to any Debian based distribution such as Devuan.
All the US carriers apply a cap to your tethering connection, that is know as "throttle". Throttling makes your internet connection very slow, and since the modern web is unlikely bloated, with the default setting any TCP service based, including Firefox, APT and Lagrange struggle to perform any operation because your connection is stuck at an average speed of 60KBs. This makes you experience with the internet very limited and extremely frustrating.
SSH allows encrypt connection between two end points, and once you are connected through the SSH tunnel your nasty carrier is going to be unable to recognize that you are connected with another computer through the tethering, therefore it won't apply the throttling, allowing you to go full-speed!
However to get into full-speed mode I have been struggling for years, and before to see the light at the end of the tunnel I have been suffering a lot, but eventually I got there.
To understand how to achieve this result has required a lot of trials and errors, I had to go across a lot of articles, stack-something posts and documentation that I hadn't desire to collect, the majority of those where absolutely inaccurate (excluding the documentation of course), copy of something wrong, or partial! The only recipe that really worked for me is my own recipe, although some friends help me to refine it.
For days I have been afflicted by random connection drops, I used all the SSH flags available without success, then I realized that it wasn't Dropbear fault or the SSH client either. It was Android that when the screen goes off turns of Termux, to avoid that you should run:
termux-wake-lock
and before to close Termux:
termux-wake-unlock
To make this more automatized for a single session you can add the following file on Termux from Termux itself or through SSH:
nano ~/.bash_profile --> termux-wake-lock nano ~/.bash_logout --> termux-wake-unlock
> I tested it, and it works.
The prep is done, ready for the next step.
Before to run your server you need to know your IP address:
ifconfig
If you're connect through USB your interface will be likely named `rndis`, while if you are using the hotspot it will be likely named `wifi`. Once you get the IP it will be your remote host.
> β οΈ every time you restart your phone the IP change.
Dropbear is a lightweight replacement for SSHD, since I don't need to do anything else with Termux, I run it on the foreground:
dropbear -F -W 10240
> I am not sure about the flag -W but the manpage says it can speedup the connection.
Opening the tunnel is pretty straightforward:
ssh -D localhost:12000 -NTv -p 8022 192.168.135.96
Below a brief description of the various flags:
-D it opens a dynamic port toward the real port.
-N it does not execute remote command, this makes port forwarding secure.
-T it disables pseudo-terminal allocation, what actually it means is unsure.
-p it sets an alternative port to connect to remote host (default is 22)
-v it enables the "verbose mode", useful for debugging and if you like lurking your connection.
To make the connection more reliable I modified my ~/.ssh/config file with these settings:
host *
TCPKeepAlive
KeepServerAlive 30
KeepServerPort 9999
> β οΈ perhaps this modification is irrelevant, another suggestion I got is to run the tunnel from Tmux.
I tried several setups, techniques and different software before to find the ones that really works on my OS/hardware. Among them, one that at beginning looked very promising was one called SSHUTTLE. On the paper it should be able to funnel any connection from any application inside the tunnel, unfortunately didn't work very well. It looks like it was leaking enough metadata to allow the carrier to throttle my connection when using it.
Another software that perhaps leaks metadata is TSOCKS, this is a wrapper to use in combination with software like WGET that doesn't support socks protocol. Even with TSOCKS the connection was throttled down to 60KBs.
The SSH tunnel is pretty cool, however you need to understand what applications you want to use, and verify if tehy can go through it, in my case I need:
to go one the Geminispace, just because I can;
to go on the internet with Firefox;
to read my email with my email client: Evolution;
to update and download software wit APT;
to use Rclone through the tunnel;
to be able to download heavy files from the terminal like WGET does.
Lagrange and Telescope do not supports socks, although a feature request has been opened for the former. Actually Gemini does not need full speed since text goes faster no matter what is your speed connection.
Firefox support socks5h out of the box, follow the instructions:
settings β general β network settings β settings
And setup the pop-up window this way:
> β οΈ in case you don't need the proxy you need to revert on "auto-detect proxy for this network"
Evolution works more or less as the previous, go to:
edit β preference β network preference
And setup the pop-up window this way:
> β οΈ in case you don't need the proxy you need to revert on "Defer to Desktop Settings"
Definitely APT needs a boost, you can use socks5 with it:
sudo micro /etc/apt/apt.conf.d/60proxy.conf
And paste:
## ENABLE APT OVER PROXY
Acquire {
HTTP::proxy "socks5h://localhost:12000/";
HTTPS::proxy "socks5h://localhost:12000/";
> β οΈ port must match your port
I use Rclone to connect to a WebDav resource, based on Rclone wiki you can use environments to enable socks5 proxy, therefore:
export https_proxy="socks5://localhost:12000" | rclone mount drive:/ /mnt/drive --vfs-cache-mode writes --daemon
> π‘ It worked very well!
Since WGET did not work well under TSOCKS, I decided to test out cURL. The latter worked fine with this syntax:
curl --socks5-hostname 127.0.0.1:12000 https://www.example.com/bigfile.iso -o bigfile.iso
There are a couple of nerdy stuff that is worthy mentioning:
Tmux is a terminal multiplexer that can run in background and it can be recall anytime later:
Open the terminal and run Tmux:
tmux new -s ssh
Launch the tunnel inside Tmux (you may need to copy and paste the command):
ssh -D localhost:12000 -NTv -p 8022 192.168.135.96
Close the session using the following combination:
ctrl+b d
Open the session, it doesn't matter if close the terminal:
tmux attach-session -t ssh
"Et voilΓ !" you're again watching the output of your traffic inside the tunnel!
Since the tunnel is running in verbose mode you can simply type the command:
ctrl+c
if type also "exit" you terminate the tmux session.
Same as above, only on Termux you need to tap the button "ctrl" and then c, after that you type "exit" and the tap enter, it will prompt you to tap enter twice to close the application.
By portforward the connection it is possible to reach an external server through the same tunnel, this is very since recently the regular tethering is preventing the connection to this very server:
ssh -L 12000:localhost:8022 user@host -p port
> π‘ You don't need to specify `-p port` if your server is listening the default 22 port.
I finally won the war against the nasty carrier. Imagine that I was almost to give up with the Odroid XU4, the slow connection makes you feel as the board was already outdated, it is incredible. Now with the connection faster you I don't have anymore this feelings, clearly it is always limited but overall it is a total different experience.
I hope these memos can help someone else to full-speed even though there are enough jumps through the hoops to do, if you think you have suggestions to improve these memos please do not hesitate to contact me, thanks! π
ββββββββββββ
For comments or suggestion write me at:
-- Response ended
-- Page fetched on Tue May 21 19:29:09 2024