In short, Potatso app for some reasons stops working for me on my iOS device. It keeps crashing right at the launch time, and I have switched my attention away from the project as not extend my iOS developer account, so I won't be able to build the app then install on my phone. It requires Network extension in which only developer account can access.
So now that's the problem. It's fairly inflexible to communicate with my family as mostly we use Line app, and it requires VPN access if use from within China, as well as many other apps i.e. Instagram, Twitter, Google-related app etc. How can I solve this problem?
Fortunately, during initial year of settling working environment here in China, I bought several stuff to aid my working style and environment. I got wireless router for free as part of purchasing those stuff. Up until today, I can make use of it.
Normal scenario when I want to surf or use apps on iOS device that needs VPN access is to use Potatso. To solve my problem, what if we could have such wireless router to help accept connections from devices (or multiple devices), let it passes through the gateway (in this case Macbook Pro) in which it all goes under ShadowsocksX-NG app traffic as installed on the system, then this could solve the problem and iOS device doesn't need to have any dependencies installed in it.
Let's jump right in.
Connecting Wireless Router to MBP
First step is to connect a router to MBP with LAN cable in which I use Cat5E type aligned with bandwidth the router supports.
We connect just to let it know Ethernet is up, then we can set router's ip address and configure router's configurations.
Examine Network Map and Set IP Address
At this point, we will need to know ip address and general idea of our network environment as we will use such information to configure router properly.
So on MBP, open System Preferences->Network and check Ethernet on the left, it should be connected. Now try to configure its ip address to be at the same network of our router (which is by default is 192.168.1.1, consult your router's manual.). Select Configure IPv4 to be Using DHCP with manual address and enter ip address like 192.168.1.2. Another way is to set via command line
sudo ipconfig set en0 INFORM 192.168.1.2; provided that en0 is your Ethernet network interface.
So let's summarize our networking map
Internet <---> MBP (ShadowsocksX-NG installed) <---> Router (AP mode) <---> Clients / Devices
Now about ip addresses:
- Internet - it's WiFi network interface as part of MBP, it's in network like 192.168.0.0.
- MBP - gateway for our setup, it has two network interfaces and connected to both of them. Wifi: 192.168.0.x (normally x != 1 which is usually a gateway router providing basis WiFi), and Ethernet: 192.168.1.2.
- Router - 192.168.1.1
Setup Wireless Router
Read through your router's manual. For my case of RT-N12, the home page to access and configure router is at 192.168.1.1 and the default username and password is admin, and admin respectively. Then it usually prompts you asking which kind of router you want it to be. There are 3 types.
- Router mode
- Repeater mode
- Access point mode
The mode we want here is 3; Access point mode. Mode 1 won't suit us as we won't connect to another router, neither do we have direct access to modem or Internet via LAN. Still if we have direct access to Internet in either via another router or LAN, we can't use it as the whole point is we need it to go through Shadowsocks via our gateway (MBP). Router used in this setup has no built-in Shadowsocks support (other types of VPN don't work well here in China).
Mode 2 is not what we want as the signal is already good, we don't want just to make signal stronger to reach us.
Mode 3 is what we want as it allows us to provides WiFi connection to more users and we could configure it to have our MBP as a gateway, so we can take benefit of its installed ShadowsocksX-NG app without a need for clients to install any additional app; just a few steps of easy setup via Setting app on iOS device.
Make sure you selected Access Point (AP) mode
For LAN setting of router, as I've tried several times by manually set static ip address, it won't work stably but until I changed it to Yes for Get LAN IP Automatically? it now works like magic.
Select Yes for Get LAN IP Automatically to let system configure ip address for us automatically. This screenshot taken after I've finished the whole process. You will know ip address of your router acting as access point later.
After we set such value, and click on apply. It will randomly assign ip address for our access point. I'm not quite sure on theory part behind this. But whenever you setup router as access point, it will have a different ip address.
So at this point if you try to access router's admin page like before, you will have hard time without success. ASUS recommends us to download Device Discover Utility tool by searching from target model here. At last, it will give us instruction on how to download such software. In short, it will lead us to mac appstore, the actual link is here.
I have macOS 10.14, and Device Discover Utility gives me no result. Configure button cannot be clicked. Didn't work. I guess it might be due to our setting as we have 2 different networks and our router exists on another one Ethernet, and the app might only try to find it on just certain network interface i.e. WiFi thus no result. I guess with best effort here :)
So how can we find the ip address? Use old friend
nmap. On macOS, install it via
brew install nmap. Then execute
nmap -T4 -F 192.168.1.1-255 whose those two flags are about how fast it will attempt in scanning. You can learn more about such flags via
nmap --help. Likely you will find one ip address with only port 80 open while other two ip addreses are your MBP and default router ip addres.
Result shown like this (excuse my redaction of MBP, such
<redacted> lines are similar in format of others as shown)
haxpors-mbp:local-web haxpor$ nmap -T4 -F 192.168.1.1-255 Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-20 21:44 CST Nmap scan report for 192.168.1.1 Host is up (0.00077s latency). Not shown: 96 closed ports PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 445/tcp open microsoft-ds 548/tcp open afp Nmap scan report for 192.168.1.2 Host is up (0.00089s latency). Not shown: 96 closed ports PORT STATE SERVICE <redacted> <redacted> <redacted> <redacted> Nmap scan report for 192.168.1.120 Host is up (1.0s latency). Not shown: 99 closed ports PORT STATE SERVICE 80/tcp open http Nmap done: 255 IP addresses (3 hosts up) scanned in 10.47 seconds
Your access point's ip address is
192.168.1.120. From now on, you need to use this ip address to access router's admin page.
Set up MBP
Let's go back to our gateway, MBP. 3 Important things needed to be done to make it works.
- Turn on Internet Sharing from WiFi to Ethernet in System Preferences->Sharing
- Enable ip forwarding
- Configure NAT
For 1., open System Prefrences->Sharing then click on Internet Sharing on the left, then select WiFi for Share your connection from: then select Ethernet for To computers using:.
For 2, and 3, (thanks to Robert Eisele for the tips)
sudo sysctl -w net.inet-ip.forwarding=1
For 3, open
/etc/pf.conf (you might have to be administrator to modify the file), then add the following line after the line
nat on e1 from en0:network to any -> (en1)
pfctl to disable and load configs from such file again via following
sudo pfctl -d sudo pfctl -e -f /etc/pf.conf
Set up Client (iOS Device)
Now final part, we connect client to WiFi as provided by our access point, enter the correct password.
Then tap on such WiFi item.
and scroll down at the bottom, you will see two options to configure
Make sure DNS is automatic, but for proxy, change it to Manual and enter your proxy info correctly. You can check such information by clicking on Preferences of ShadowsocksX-NG's context menu then tap on HTTP tab, make sure HTTP Proxy Listen Address is set to 0.0.0.0, and HTTP Proxy Enable is checked. You will also see or configure your port there. Use these information to setup.
With this, all requests coming from this iOS device will go through proxy (ShadowsocksX-NG) which is our gateway; MBP.
That's it! Now we can surf Internet on iOS device from China bypassing Internet censorship without a need to install additional app on your iOS device. It works for my case as I'm mostly at home but anyway whenever you go outside, now it's time to think about it again :P
Til next time.