KDCAD Tech Blog

I recently jumped ship from my ATT Fuze to the iPhone – in reality it was a jump from the Windows Mobile OS to the iPhone OS. All my reasons for the change are worthy of a few standalone blog posts, but in brief I was looking to simplify my life and the iPhone fit the bill. That being said, I do have needs. I need my cell phone to do a little more than just make calls – including handle Exchange email, POP and IMAP email, browse the web, provide remote access to the servers at work, and act as a modem on the road. The ATT version iPhone does all of this EXCEPT the last. ATT iPhones do not offer tethering and that’s a deal breaker for me, so I turned to the internet and jailbreaking.

Easier said than done of course. It seems I had the perfect storm of issues to prevent me from getting a clean break. But I pulled info from several different sites and finally got it working beautifully. Since it was such a pain to get through it all, I thought I’d pull it all together here. Note that I cannot guarantee this will work on the 3G or the iPod Touch. I should also note this is not a sanctioned activity by Apple and if you screw it up they will not help you. Additionally, if you screw it up, I will not help you either.

First my system specs:

• Windows 7 64-bit
• HP EliteBook 8530w
• iTunes 9.0.2.25
• iPhone 3GS

Now the steps…

Preparation (with iPhone NOT attached to computer):

1. Make sure you have a complete sync/backup of your phone (if you care about keeping any of it) using iTunes.
2. Download the latest clean Apple firmware from here: iphone3gs3. This is just in case it all goes wrong and you need to to recover your phone. To use it, hold the shift key while clicking the Restore button in iTunes. This will prompt you to pick a file.
3. Download the latest version of Blackra1n from here: blackra1n.com and place it in the root of your C: drive.
4. Change the properties of the blackra1n.exe to be compatible with Windows XP SP2 and check the box to run as administrator.
5. In iTunes, turn off automatic syncing:
6. Now close iTunes and go to the Task Manager and end the iPodService.exe and the iTunesHelper.exe processes.
7. Now attach the iPhone to the computer via USB. iTunes should NOT fire up.
8. Watch this YouTube Video several times:

Jailbreaking:

1. Following the instructions in the video above, run Blackra1n.exe, holding down the power and home buttons, releasing them as instructed. THIS IS THE KEY – IF YOU READ THIS and wonder what I’m talking about WATCH THE VIDEO AGAIN.
2. Trusting that you followed the steps correctly, Blackra1n should be installed on your iPhone. Find the app and run it.
3. Install SNOW to Unlock the phone.
4. You phone is now Jailbroken and to be modified for tethering.

Tethering:

1. In Safari on the iPhone, goto http://tr.im/oS1h and scroll down to the Mobileconfigs section:
2. Download Mobileconfigs, select your country, and then your carrier. The message reads: “IMPORTANT: The authenticity os “US AT&T” cannot be verified. Installing this profile will change settings on your iPhone.” Changing settings is exactly what we’re trying to do. Confirm with “Intall Now”.
3. NOW, on the iPhone go to Settings>>General>>Network and you will see a new option for Internet Tethering.
4. Turn that on and you are done!

Earlier I posted my steps for getting the Watchguard SSL VPN Client to work on Vista Business x64. Now we have a few test users upgraded to Windows 7 Professional 64-bit and once again SSL VPN is a problem child. Actually, that’s a little unfair – the problems with installation are result of Microsoft’s increased "security measures" in Win7. As you might guess, this article outlines and advocates disabling these some of these measures, so think about it before try it. And if you do try it, be sure to go all the way to the bottom of the article to see some of the other "fixes" you need to do. (**UPDATED 11/25/09 – check it out…)

For the most part, the steps are the same as those required for Vista. You need the lastest RC release of OpenVpn (currently 2.1 RC 20), and you need to NOT install the Tap driver that comes with the WG SSL VPN. The changes in the process are the changes to Windows 7 that you need to make because the OpenVPN Tap driver is not digitally signed. Windows 7 x64, by default, does not allow the installation of unsigned drivers. Now, there are a couple ways to disable this limitation – one is provided by MS at boot time, another is more "permanent" and the one I chose. Here we go:

1. Turn off User Access Control: From the Start Menu type "UAC Control" in the search bar and select "Change User Account Control settings". Take the slider to the bottom, click OK, and then restart your computer.
2. Disable Driver Signing: Once you are back in, from the Start Menu, select All Programs, then Accessories. Right click on the Command Prompt and select ‘Run as administrator’. At the command prompt, type the following and reboot your computer afterward:
   

   bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
   bcdedit.exe -set TESTSIGNING ON

3. Install the OpenVPN Tap Driver: If you haven’t already, download the latest OpenVPN from here: http://www.openvpn.net/index.php/open-source/downloads.html (currently c2.1_RC20). Run the installer as Administrator (by right clicking the OpenVPN executable and selecting "Run as administrator"), but UNCHECK all items except the Tap Driver and complete the installation. Note: I rebooted here, but you may not need to.
4. Install the Watchguard SSL VPN Client: Download and run the SSL VPN installer (as administrator).

At this point, it should work. You can go back and turn UAC back on if you need to and while I think it’s a complete pain in the butt, I have to recommend that you do. Leaving it off can cause unexpected problems with other programs (such as GotoAssist Express which is service I used to use but will be ditching as soon as the contract is up).

If you are still having problems connecting, here are some other tips based on my experience. These are in no particular order:

• Turn off Windows Firewall completely and reboot. With version 10.2.9 of the SSL VPN client, you still need access to port 4100 and 443.
• If you already tried to install the Tap driver without first disabling the driver signing, Windows will permanently tag it as having an unsigned driver. SO you need to open the Device Manager, look under Network Adapters, and uninstall the Tap driver and reboot. If you have disabled the driver signing, go ahead and reinstall the OpenVPN Tap driver.
• If you don’t want to permanently disable driver signing, you can TRY temporarily disabling it by pressing F8 at boot time (like you are booting to Safe Mode) and selecting ‘Disable Driver Signing Enforcement’. **UPDATE 11/25/09**  I had few opportunities recently to try this one and it works like a charm. So if you just have to install the VPN client on someone else’s computer, this method is the quickest.

Once you have all that squared away, you may notice that you have a watermark in the lower left of your screen stating "Test Mode Windows 7 Build 7600". Since you have turned off Driver Signing, Windows has decided you are obviously in some temporary "test mode".  To rid yourself of the watermark, go HERE and to download the RemoveWatermark patch.

Since I wrote this article originally, I found this website which offers more information on bypassing Driver Signing and links to some cool free tools for managing it on the fly. Swing by and take a look.

Good luck and feel free to log into the Watchguard forums and request that they fix this!