How to connect your phone if it is behind a NAT/firewall/proxy or the internet provider blocks the incoming connections?

There are several methods to reach your phone even when you can't connect to it directly. These methods require that your phone starts a connection and keep it alive.

Our method

The C++ code starts a connection to androidwebkey.com (see function backserver in mongoose.c) on port 80 (if it is unsuccessful, then tries port 110), and send some bytes (the string "WEBKEY" for example, and the version, username at our server and a random string - which is for security), and listen on that connection. The server remember this incoming connection and put it into a list. When someone browse for http://androidwebkey.com/the_same_username/, then the server transmit all the data between the phone and the browser using the phone's and the browser's connection. When the phone receives at least one byte from the server, then it starts a new TCP connection which will handle the next request. There might be up to 3 connections which the phone hasn't received anything back. We also set the keep alive flags of TCP, because there is no way to check whether the connection is alive or not (if any router between the computer and the phone can drop this connection from its NAT table), but send data or ask TCP to check it for us.

We don't plan to release the server code (security reason: it may contain security leaks, someone might use our code with a faster server to convince people to use his/her server and steal the users' data with our application, this is the place we can place advertisements, etc.), but here is a code which works for one phone and explains the protocol: server_one_user.py. New release !!! (2nd of March, 2011)

I tried to make this process as simple as possible. Please use version at least 1.91, if it's not available the time you read this, then use the latest from the test apks. It contains some functions for you, for example it checks the file /data/data/com.webkey/files/server.txt for an alternative server, and if this file is available it will use port 8080 to connect. For the port 8080 you won't need root privileges, so you can run our script as a normal user.

The steps:
- Install the new apk.
- Start a Terminal in Webkey. Type:

	echo your_server's_address > /data/data/com.webkey/files/server.txt

Remark:
You can check the content of this file by

	cat /data/data/com.webkey/files/server.txt

And remove this file to use our server again by

	rm /data/data/com.webkey/files/server.txt

Start the python script on the server:

	python server_one_user.py

Setup a nickname in Webkey, it doesn't matter what it is. Make sure "keep connection alive" is checked. Stop and start Webkey's service. After this you should be able to connect to your phone using:

	http://your_server's_address:8080/

VPN

I haven't used VPN. Nowadays it is part of the custom firmwares, and there are several tutorials how to set up OpenVPN.

ssh reverse port forwarding

With an ssh client on the phone (either in console with an ssh binary - haven't tried any of them, I use chrooted debian on my phone -, or using ConnectBot) you can manage to set up a reverse port forwarding:

ssh your_server -R 3333:127.0.0.1:80

After this command you will be able to access port 80 of the phone at port 3333 on your server. Without any future steps, this port 3333 will be only available from the server, see man ssh for more details.

ssh tunel

It creates a new network device, see -w option of ssh.

Some libraries

I found this one yesterday: tcp_tun.

UPnP

I haven't used UPnP, but I'm sure it wouldn't work in all cases.