Hi everyone,
I have a little problem that I don't know how to solve, nor diagnose as I lack some knowledge.
I have a linksys E3000 router. I installed one of the many Tomato firmware flavors that has bundled VPN server. I managed to configure the server, generated the keys ca,client etc. Everything seems to work fine from a PC. I also run the latest cyanogenmod nightly on my Hero. I managed to solve or let's say find out how to install the certificates onto the system (add the ca.crt, client.crt, client.key into a .pk12 openssl package). Then I used the default CM configuration assitant to configure the connection and it works, or at least it connects and I can see that the conection was succesful on my router GUI.
Now, the problem is that even if it says connected (a small key at status bar), I can't do anything, no web browsing, no android market connection, nothing that involves traffic. I don't know what is the problem, or how to diagnose, log or something. Any help would be apreciated.
Thank you.
My router vpn server configuration:
Interface Type TAP
Protocol UDP
Port 1194
Firewall Automatic
Authorization Mode TLS
Extra HMAC authorization (tls-auth) Disabled
Client address pool DHCP
--------------------------------
Direct clients to redirect Internet traffic (tick)
Encryption cipher Default
Manage Client-Specific Options (tick)
Allow Client<->Client (tick)
My HTC Hero configuration:
-Basic
Name (some i chose)
VPN server (a dyndns host, the router updates the ip automatically)
User authentication (unticked)
CA certificate (the pk12 file i created)
CLIENT certificate (the pk12 file i created)
DNS search domains (unchanged)
-Advanced:
Server port 1194
Protocol to use udp
Device to use tap
LZO compression (unticked)
Redirect gateway (ticked)
Remote Sets Adresses (ticked)
Local IP Adress (faded)
Remote IP Adress (faded)
Chipher algorithm default
Size of cipher key default
Extra arguments unchanged
Related
I am trying to set up a vpn connection on the xda. I can get this to work if I set up my firewall to accept un-encrypted data, but obviously this is not the best.
Does WM2003 support MPPE encryption? At what level (ie. 40 bit, 50-whatever bit, 128 bit)?
Thanks,
Cuinn.
VPN connection from XDA
Unless you use a client for your firewall (SecuRemote for Checkpoint / EasyVPN and others for Cisco) you can only initiate L2TP or PPTP connections which will terminate fine onto a 2000 server / ISA server even over a Natted connection.
Bear in mind if you use a client, SecuRemote grinds my connection to a halt over GPRS as the processing overhead on the XDA is horrendous. L2TP/PPTP terminated on an MS ISA server seems the best solution. You can always hide ISA behind your proper firewall for added security, but the licensing will cost you unless you already use it as a proxy etc.
Thanks Pete,
I am running a PPTP VPN currently, which should support MPPE Data Encryption, but which does not seem to work. I have a PIX firewall, so I have also tried Movian VPN client, but I also am unable to get this to work at all. I can use PPTP if I accept un-encrypted data, but would prefer all data to be encrypted. I am terminating the VPN on my PIX which supports either 40 bit or 128 bit MPPE and the question I really want answered is does WM2003 PPTP VPN support MPPE and at what encryption level?
Cuinn.
PPTP Vpn
Following earlier post, I found this in the Checkpoint SecureClient for PPC docs.
3. Is the Client supposed to be able to connect to the Check Point gateway when cradled?
When cradled, the client may use the ActiveSync pass-through connection mechanism.
Since the current version of Win CE SecureClient does not support encryption via pass-through connection, you will be able to authenticate to your gateway, if it allows unencrypted authentication. This means that you will be able to add a new site this way, but not to use VPN (encrypted) communications with it.
Just thought of your situ, maybe this helps. And it's about time Checkpoint write a client that works with WM2003!. Just my two penneth!
The pass-through connection only supports TCP/IP (up to a certain point) and does not support UDP at all.
Hence VPN connections via the cradle will not work (PPTP and L2TP both use UDP, and I assume the other VPN/IPSec implementations do as well)
VPN client connection over GPRS
After some serious texting I can confirm on Windows 2003 server (not 2000) and ISA server 2000 on it, you can successfully run GPRS connection with L2TP or PPTP happily via a natted GRPS IP address. This has saved me LOADS of hastle with a business implementation. It hands over between cells on the mobile network, can get new IP address (which seems to happen on Vodafone handover a lot) and still maintain the connection (well really quickly re-make it, almost seamlessley)
Finally, I have raised a call with Checkpoint about Securemote client for WM 2003 and they still will give no fixed date, stating still within 6 months..... I hate them!
Anyway, the full MS implementation is working well, currently around 250 handsets on it, only another 350+ to go!
I'm running a Piratebox web server on my phone - Does anyone know if there's a way to adjust DNS and re-direct everyone to my phones web server when they are tethering from my phone?
+1 to this question.
I am currently trying to find a way to get some android devices, which are working as AdHoc clients), and I want an app running on them to connect to a "server" address instead of using a specific, fixed IP address. I meant to do this programatically, by creating a socket to an InetAddress resolution of the "server" address. I assume InetAddress will use the DNS defined on the wireless interface to make this translation, but its Java, and that assumption really depends on the low level impl. of InetAddress.
So yeah, DNS redirect from the DNS server running on the AdHoc host, which by association also runs Wireless Tether for root users. How can we do it?
I have tried some redirections from the hosts file (zone file), location in "system/etc/hosts". My device, like many others, comes preloaded with a bunch of IP-hostname redirections, but these only seem to work locally, e.g.:
gugle.com redirects to 127.0.0.1 (in the hosts: "gugle.com 127.0.0.1")
If I input this address on the AdHoc host, gugle.com will redirect to my http port 80 landing (I have a web server running on the device to test this).
If I input this address on an AdHoc client, it doesnt return anything. I'm guessing the DNS server running on the host does not use the zone file from the OS.
So the question remains - where can we define a redirection from the DNS server that runs on the Wireless Tethering for root users device.
I have a Mac mini running OS X 10.8.2 with the OS X Server 2.2.1 from the app store, and I have set up the VPN using L2TP in the Server.app interface. I have tested this VPN connection using a Macbook, which works, but I can't figure out how to get Android's built-in VPN to work.
Current set-up:
I have opened ports 500, 1701, 1723, and 4500 on my router.
I am using a dynamic DNS from no-ip.com, we'll say hostname.no-ip.org
I have set a "Shared Secret", we'll say 1234567890
I have set up an account for my android phone on the server, let's say the user name is "nexus" and the password is "google"
On the Macbook, I simply use the DNS, the secret, and credentials that I have set up on the server, and it connects.
On my Android device (Nexus 4 4.2.2) I am using the following settings:
Name: Mac Server
Type: L2TP/IPSec PSK
Server address: hostname.no-ip.org
LT2TP secret: (not used)
IPSec identifier: (not used)
IPSec pre-shared key: 1234567890
When I try to connect using these settings, it prompts for the username and password, so I enter "nexus" and "google". It sits there saying "Connecting..." for maybe 30 seconds and then it just goes back to "Disconnected" with no error or other message. I have also tried putting the "Shared Secret" in the L2TP secret field, but with the same result.
Is the built-in Android VPN simply incompatible with OS X Server's VPN? Or have I misconfigured something?
Note: I would strongly prefer to continue using L2TP, and not the less-secure PPTP VPN
Ok, so I have managed to connect to the VPN when doing it INSIDE the network to the IP of the server (lets say 192.168.1.2). If I change the address to hostname.no-ip.org it won't connect, although it is working for everything else (such as web, etc).
I have tried on my iPad and I can connect just fine either from inside the network or over 3G connection.
On the Nexus I have tried to change the hostname.no-ip.org to my public IP address but it will not work either.
The funny thing is that when I try to make it work outside the server, the mac server log will show nothing, while every other test I run it logs it perfectly.
I think something is very broken in the way VPN is implemented in Android. Am I the only one finding himself in this situation?
....your missing a very large part.....
FORWARD YOUR PORTS ON YOUR ROUTER
Also in your router look for anything relating to VPN.
Also some routers will not alow you to conect from the external ip internally. I hate routers like that..
and why run osx server on a macbook?
if you want a secure home vpn, go find a old windows computer any p4 will do and install linux and install vpn services on it.
Hello Everyone,
I am contacting you on behalfo of HideIPVPN.com - VPN & SmartDNS service provider.
Here is what we need,
we are looking for developer capable of creating app for both iOS & Android or at least one of those systems (offers for both are of course more preferable).
Task is to create VPN & SmartDNS connection manager - that will create connection to our servers.
Application will use an API to authenticate clients based on their username and password for VPN service and list all VPN servers which support PPTP, L2TP and OpenVPN protocol.
1.1 Application should be able to create VPN connection based on client server/protocol/country selection.
1.2 App. should look similar to our Windows software.
1.3 Client should be able to select Country, City and VPN protocol (PPTP, L2TP or OpenVPN) then press connect button.
1.4 From options we need all possible options on Android/iOS
1.5 Application killer, this function will kill selected apps. if VPN connection drops and should be able to restart apps. if VPN connection was re-established.
Specifications for Smart DNS:
Application will use an API to authenticate clients based on their SmartDNS key and list all DNS server countries for Smart DNS service.
2.1 Application should be able to Update DNS settings under selected wifi connection and flush DNS cache on Android.
2.2. App. will use API to update client IP address. 2.3 App will use an API to change Netflix zone from listed countries.
2.4 App should be able to update IP address on cron (clients can sect 24h, 1h, 30 min, 15 min and 5 min )
If you are interested in developing these apps for us, please contact us here [[email protected]] so that further details can be discussed. We would appreciate if you message would include rough price estimate.
If you want to see how our Windows software works, you can download it here (https://billing.hideipvpn.com/dl.php?type=d&id=59).
To register 3h trial VPN account click here: http://www.hideipvpn.com/freetrial/
To register 7 days trial SmartDNS account click here: https://billing.hideipvpn.com/free-trial-smartdns/
Both options require no further commitment to service, C/C details or any sort of resignation, feel free to try!
Looking forward to hear form you,
HideIPVPN Team
Hi!
I've got Nokia 7.2 with android 10 and I have interesting issue with android's VPN functionality.
My VPN is l2tp/ipsec PSK. It is working well, but with one interesting aspect.
My VPN server has another services on it's ip (http and etc).
If VPN is used on-demand (manual activating) - all is ok, I can use server's other services.
But if I switch VPN to "always-on" state - server's other services become unavailable.
Browser showing Error "ERR_NETWORK_ACCESS_DENIED"
What is interesting also - i can't ping vpn server's ip from phone. Ping command brings error message "do you want to ping broadcast". It seems like an error in netmask, but ifconfigs between 'on-demand' and 'always-on' are similar.
Phone is not rooted, so I can't check routes (or i don't know how to do it w\o root)
What can advice more experienced users? Where should i look into.
Thanks for any response in advance.