One of the corner cases it seems HP did not design into webOS is the ability to auto negotiate a full 802.11X connection. I managed to fix this though and my touchpad is happily connected to our office wi-fi and I figure anyone else trying this might want to check out the workaround I managed.
When I attempted to configure my touchpad to connect to an office/enterprise access point, I hit a brick wall where after completing all the required steps. It was able to use the current user credentials and get to the access point itself, but failed out with a "warning, no certificate is found for this network, please contact your network administrator" type of message.
Well of course no one in our IT group had ever so much as seen WebOS and ultimately I was left to fend for myself.
The goal here is to successfully transfer the (normally auto-retrieved) 802.11X signing certificate to the touchpad so that it can properly connect to your corporate/enterprise wireless network. On other devices such as android this seems to all be automated, but on the touchpad a significant amount of manual arm-wringing was needed to get it to all work together.
Step 1: Getting a root security certificate for your company.
There are a few guides out there for various operating systems/devices which you can use. Since my office machine was windows 7, thats what I have direct experience with.
Win7 Has a built in certificate management tool, but it is not listed in any of the menus. To get to it, enter certmgr.msc into the run panel and it will open up this handy dandy little tool.
Once you have that tool open, look into the root certificate authority folder and find your company's enterprise certificate. Hopefully it will be fairly easy to spot, i.e. if you work at company with domain X, you should see something like "X Enterprise CA".
Right click this certificate and select "All Tasks->Export" which will bring up a wizard with a few different certificate formats. After much trial and error, I found that the only one the touchpad seemed to natively understand was the "Base-64 encoded X.509". Finish the export with a file name and you can find it in your default user folder.
Step 2: Transfer this file to your touchpad
This one is a no brainer, just connect the touchpad via usb to your machine where you have this file, and drag it over.
Step 3: Importing the new certificate
All you need here is any webos file manager capable of opening a file. I used Gemini File Manager, but several free ones are also available and should work.
Open the file manager app on your touchpad, and run that certificate file. This will open a certificate manager tool on the touchpad and prompt you to trust this new certificate. Once you select to trust it, it will be brought into the system and available to use for 802.11x authentication.
Step 4: Connecting to the network
At this point all you should have to do is connect to the office wireless that was giving you trouble before, and now after giving all your authentication info it should successfully connect and offer full connectivity
It seems a little convoluted but it is awfully nice to have the touchpad be fully on-line and available around the office and you only have to do it the one time, successive connections should all just work.
I've tried this at my University, but it doesn't work for my exact situation. Hopefully it will work for others too. Kudos for figuring it out! As for me, apparently WPA2 Enterprise PEAP MSCHAPV2 is a no go until the WebOS team will update/fix it....
I managed to get connected to my MS corp wireless, but will actually see if I have network connectivity a bit later (and update this thread).
its given me full connectivity here (I'm writing this on my touchpad on the enterprise WiFi right now). Its also worked for several other people here lucky enough to score one as well.
the biggest sticking point was getting the right certificate in the right (touchpad working ) format. Once I managed to get that file simply sending it around helped everyone else here get going in a couple minutes vs a couple hours it took when I was trying to sort it all out.
We use 802.1x at work without server certs. Just peap and mschap v2. I haven't had any luck connecting though. Anyone else been able to?
Looks like PEAP support is a major sticking point.
There's a tutorial here: http://www.webos-internals.org/wiki/Advanced_Wifi
(I changed some of the script as per the thread I got the link from here: http://forums.precentral.net/hp-touchpad/288229-wifi-enterprise-802-1x.html)
I tracked down the ARM wpa_supplicant package here: http://packages.debian.org/squeeze/armel/wpasupplicant/download
And the libreadline.so.6 package here:
http://packages.debian.org/squeeze/armel/libreadline6/download
.DEB packages just have .TAR files inside them so I extracted what I needed using 7Zip and used WebOSQuickInstall to copy the files to the TP.
Even after following the other directions though, I consistantly get an error saying:
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Not having much luck...
what's odd is our network looks like it does have peap set but with this certificate its working on the touchpad just fine.
it uses our exchange login info with a slightly off domain but even that has not thrown it.
The exact network configuration visible in the windows properties for the wireless link here is as follows:
Security: WPA2-Enterprise
Encryption: AES
Network Authentication: PEAP
Validate Server Certificate
Secured Password (EAP-MSCHAPv2) (Automatically use windows login/pass/domain)
Fast Reconnect
I haven't had luck with anything so far.
Is anyone willing to make a patch to fix the MSCHAPv2 problems? I'm willing to donate to your cause if I can my TouchPad to connect to my school's wireless, as it's essentially useless right now.
The network here uses WPA-Enterprise (not WPA2), and PEAP with password authentication only (no cert needed - as far as I'm aware it doesn't issue one to the phone).
I managed to get the TP to say "no network with that name and security method" found when I had the protocol set to IEEE801X, it doesn't do it when I set it to WPA-EAP though.
Essentially, using (what I believe to be) the exact same settings that work with my SGS2, doesn't work with the TouchPad.
It looks like at best the enterprise stuff is kinda half baked. If you need a certificate, webos is capable of *using* one, but not generating it. If its non certificate based, it seems to just fail out entirely.
Have you guys who are having the failures had luck with other devices like laptops etc? if so, what are the settings used to establish that successful connection? It seems like the touchpads are *capable* of mantaining peap/mschapv2 connections, as that is the setup my office uses, but for some reason without the certificate requirement it just is glitching out and won't establish the connection in the first place
eltee said:
It looks like at best the enterprise stuff is kinda half baked. If you need a certificate, webos is capable of *using* one, but not generating it. If its non certificate based, it seems to just fail out entirely.
Have you guys who are having the failures had luck with other devices like laptops etc? if so, what are the settings used to establish that successful connection? It seems like the touchpads are *capable* of mantaining peap/mschapv2 connections, as that is the setup my office uses, but for some reason without the certificate requirement it just is glitching out and won't establish the connection in the first place
Click to expand...
Click to collapse
My Windows7 laptop and my WP7 Samsung Focus both securely connect to the network fine. My TouchPad is the first device I've ever heard of having issues connecting.
Hell, my roommate even has his PS3 and XBOX connected.
Thanks OP! Method works on Swansea University Eduroam.
bump now that we have a 3.03/04 update
anyone know if it worked?
Installed the WiFi Certificate but still no luck.
Any other workarounds out there?
Just updated (manually) to the leaked 3.0.3 version and it's resolved the Enterprise Wifi connection issue.
Confirmed, my WiFi works. Enterprise mschapv2 PEAP without certificate. 3.0.3. Now I can leave my laptop at home and use splashtop if I need anything.. *rock on*
I can also confirm that the certificate issue has been solved in 3.03, but now I can't set a proxy, has anyone been able to?
PEAP/MSCHAPv2 fixed with "official" 3.04 OTA too
PEAP/MSCHAPv2 authentication has stayed fixed with the official 3.04 OTA update.
I've just checked that I can connect to an eduroam connection configured this way at a UK university, which the TouchPad couldn't do before.
professordes said:
PEAP/MSCHAPv2 authentication has stayed fixed with the official 3.04 OTA update.
I've just checked that I can connect to an eduroam connection configured this way at a UK university, which the TouchPad couldn't do before.
Click to expand...
Click to collapse
awesome news, I will be testing mine out today when I get to school.
update: I was able to connect at my school, but I had to uncheck the cert box to get it to work.
Yup, i removed my custom certificate on 3.04 and re-joined the access point. It had some new options about authentication built in and sure enough just worked, no issues.
Looks like the little crazy work-around won't be needed anymore
Related
Is it possible to sync using activesync over the internet without running an exchange server? I'd like to be able to sync my XDA while I'm out and about to my PC at home.
:shock: :?: :?:
been trying to do the same for ages , but never found out how to do it
It can be done, under a few conditions:
1. You need to have a static IP address for you PC
2. You need to install Pocket Hosts or a similar free utility to map the WINS host name to your PC's IP address.
3. Your carrier / ISP must not have a firewall that blocks ports 5678 or 5679 (T-mobile seems to block this)
Remote active sync was designed with a local area network in mind and it is configured to connect to you computer by using the WINS name and not using an internet based DNS name. When you connect over an internet connection from your XDA, it is not able to find you PC.
If you install a free utility such as Pocket Hosts (http://zimac.de/cestuff.htm) you can configure the Pocket PC to be able to find you PC. This utility will allow you to configure you Pocket PC to map your PC Name to an IP address (similar to the HOST file on a Windows based PC)
Before I had the unlimited GPRS plan, I created a dial up connection to an ISP on my PocketPC Phone and it works perfectly. However, when I try the same thing over the GPRS connection, it does not work. From my end, it looks like T-Mobile blocks ports 5678 or 5679 on their firewall, which are the ports that remote active sync uses to complete the connection. (It looks like it is about to work, but then fails to complete the connection)
I have tried to convince t-mobile to fix this, but they keep claiming that it will not work out of the box, they don't know how to make it work, and they won't support it. They try to "upsell" me the sidekick or other device. I can't seem to get through to the right people. It seems crazy that a setting on their end blocks us from being able to sync over the air. After all, what is the point of a data connection if you are still restricted to using a cradle to sync. I understand that they don't want to support this and walk people through setting this up, but blocking the functionality seems pointless.
Anyone tested this on ATT? With number portability starting, I may have to explore other options. Anyone have an in at T-mobile that can get them to open up these ports on the firewall?
try www.yahoo.com
get an account (if you don't have one already)
login -- click on mail
the click the tab for addresses
on the next line to the right you will see the word "sync"
this will take you to download intellisync for yahoo
then follow instructions
sync you pda and your good to go, you will have your info on the internet and sync from anywhere
one more thing if youown a palm os and a pocket pc pda and you want to have both devices with same info (contacts, mail, notes etc. etc.)
the change the settings on your intellisync for your other device and resync
hope this helps it did for me...
Hi, I'm from the Philippines and my Network is SMART Communications. I tried synching with my active sync via GPRS but it seems it can't find my PC eventhough I used Pocket Hosts utility. It seems they block the port too. Anybody from Smart to please open the gate for us.
I've setup up my Win2k PC as dial-up server. And with the help of the Pocket Hosts utility, I can now be able to sync my Outlook over the air. But the call charges is killing me.
Jose
I've been investigating this myself too - and have to say T-Mobile's attitude is also alive and well here in the UK on O2 (via crapphone-whorehouse data support team).
I was actually shouted at by one of their 'tech' guys when I tried to persuade them that it could technically be done, but I needed to find out whether they were blocking the relevant ports. He eventually hung up on me! Fantastic service, eh!
I've been trying to get ActiveSync working over the Internet for the past few days and have finally managed to get it to work reliably. There are a couple of things that I have found...
Firstly, at least one of the ports required for ActiveSync does seem to be blocked when using GPRS (Vodadone UK in my case). Setting up a normal dial-up ISP connection results in first time connections to ActiveSync every time. It would be nice to know why there is problem over GPRS.
Secondly, my device was still connecting as Guest. Whilst reading through various other forums I found a fix that seem to work for this but it involves deleting a registry key. I wouldn't recommend it as I have know idea what else this key might be used for but it certainly solved the problem for me. The key I removed is HKLM/Ident/Username value is guest. The key is replaced automatically at some point (maybe after a reset) so if it stops working, you have to go and delete it again! There must be a better way....
That's great information, thanks.
I now have my device remote synching!
Just to summarise my steps to get things working on my XDA II:
1) XDA: Set up new work connection (don't you just hate the organisation of conenctions...) to a dial-up ISP over GSM, as O2 UK also block the ports required for activesync.
2) PC: Open sockets 990, 999, 5678, 5679 on my firewall
3) XDA: Use pockethosts to set up the IP address for my PC name
4) XDA: Change HKLM\Ident\User from guest to my normal PC logon user id
5) PC: Set allow network connections in activesync
6) XDA: Manually Connect to the ISP connection
7) XDA: Open activesync and click synch - away we go!
As an update to this, I had to do a full restore at the weekend after loosing all my data on the XDAII. The problem was not related to these changes but it made me look again at the Ident key. There are two keys normally like...
HKLM/Ident/Name Value<Your chosen PDA Name>
HKLM/Ident/OrigName Value<Pocket_PC>
This time I changed only HKLM/Ident/OrigName to the same value as in HKLM/Ident/Name and it connected first time. Also, this value does not seem to be reset unless you do a hard reset on the device. This may be better than changing the Username value though I have yet to try either on another computer where my preferred connection should actually be as a Guest.
Got it working
Thanks to andyclap's suggestions I finally got it working. It looks like T-mobile does not block any ports, but without the registry hack the error I got was the same as when I tested this over a dial up connection and blocked the ports on my firewall.
The other change since my last post is that I am using WM2003 and it requires you to set up a VPN connection to the PC instead of just using PocketHosts for the name resolution.
Hey all,
So I've got a small issue. I've got a Verizon XV6800 with the MR1 Rom WM6.1, Valhalla GPS server, 3.42.50 Radio.
Internet connection sharing is not working at this point. I've gone through the winmodem and internet connection sharing cab installs, registry edits, etc. None seem to help.
I previously had a ATT tilt 8925 and had no issues whatsoever tethering it to my mac by just pairing the phone, selecting to "Using a direct Higher speed connection to reach your ISP". Starting Internet Sharing on the phone, selecting Bluetooth PAN & the default data connection, then selecting connect. Then selecting "Connect to network" On the mac through the my phone listed in the bluetooth connections. That simple.
Having installed the "Internet Sharing" cab onto the phone. Internet sharing appears to work, but the phone does not advertise this service, like the ATT tilt did on ATT's network.
I've also tried a few registry edits, and used all variations of modem scripts, and got all the dialup info from verizon directly (so I know it was right ) but could not get dialup to work either. Usually not detecting a carrier, other times lockups.
I truely want to get the bluetooth-PAN working again as it did on my tilt. Anyone have this working on the MAc with a XV6800 on verizon?
i did have it working before. I'm wondering if you might be more successful with a custom rom. Verizon installs software (at least previous roms, I haven't tested the MR1 rom) that reverts reg edits and keeps it working like VzW wants it to. This could be causing problems. First check after a soft-reset to make sure your reg edits still exist.
Also I'm sure you've tried this be in Leopard's bluetooth setup delete the phone and try again. You need to select the type of device as any device in order for leopard to see it. Can you connect the device to your mac? Try that first. If you get a BT connection non-internet connection and you change your settings delete the phone and try again. I forget some of the setting I used. Also Engadget had a how to article for BT pan using the xv6700 and Tiger most of the information is still useful. It's a couple years old so you might have a hard time finding it.
Hope some of that helps.
Cycomachead said:
i did have it working before. I'm wondering if you might be more successful with a custom rom. Verizon installs software (at least previous roms, I haven't tested the MR1 rom) that reverts reg edits and keeps it working like VzW wants it to. This could be causing problems. First check after a soft-reset to make sure your reg edits still exist.
Also I'm sure you've tried this be in Leopard's bluetooth setup delete the phone and try again. You need to select the type of device as any device in order for leopard to see it. Can you connect the device to your mac? Try that first. If you get a BT connection non-internet connection and you change your settings delete the phone and try again. I forget some of the setting I used. Also Engadget had a how to article for BT pan using the xv6700 and Tiger most of the information is still useful. It's a couple years old so you might have a hard time finding it.
Hope some of that helps.
Click to expand...
Click to collapse
As mentioned, I have tried a ton of different methods to try and use the data connection, from using dialup settings, to trying to get the Bluetooth Pan working. I've removed and re-paired the device from my mac, flashed roms, hacked away at the registry a ton of times. Nothing seems to give so far.
I've got one more suggestion, found here: http://forum.xda-developers.com/showpost.php?p=1794133&postcount=29
I'm going to give this a shot tomorrow and will let you know how it goes.
Eponymous069 said:
Hey all,
So I've got a small issue. I've got a Verizon XV6800 with the MR1 Rom WM6.1, Valhalla GPS server, 3.42.50 Radio.
Internet connection sharing is not working at this point. I've gone through the winmodem and internet connection sharing cab installs, registry edits, etc. None seem to help.
I previously had a ATT tilt 8925 and had no issues whatsoever tethering it to my mac by just pairing the phone, selecting to "Using a direct Higher speed connection to reach your ISP". Starting Internet Sharing on the phone, selecting Bluetooth PAN & the default data connection, then selecting connect. Then selecting "Connect to network" On the mac through the my phone listed in the bluetooth connections. That simple.
Having installed the "Internet Sharing" cab onto the phone. Internet sharing appears to work, but the phone does not advertise this service, like the ATT tilt did on ATT's network.
Click to expand...
Click to collapse
I was wondering if you be gracious enough to share the Internet sharing CAB i only need to get it to work thought the USB cable and on a windows box, and from what im getting you got that far... JUST not working on a mac...
if thats the case, i would be ever so greatful..
Thanks
thetaz01 said:
I was wondering if you be gracious enough to share the Internet sharing CAB i only need to get it to work thought the USB cable and on a windows box, and from what im getting you got that far... JUST not working on a mac...
if thats the case, i would be ever so greatful..
Thanks
Click to expand...
Click to collapse
You can use the link from the previous post here, and just copy the dll's and exe to the Windows directory, and place teh shortcut into the Device\Windows\Start Menu\Programs\ directory.
Eponymous069 said:
You can use the link from the previous post here, and just copy the dll's and exe to the Windows directory, and place teh shortcut into the Device\Windows\Start Menu\Programs\ directory.
Click to expand...
Click to collapse
hey, ok great, i just downloaded the file, Just one question..
The file i downloaded has about a page of Reg Key changes, you didnt mention that in your "thngs to do"
Just want to see if i am to make all those changes or not.
thanks
So, your problem is in getting the internet connection to work and not connecting it to the mac, right? Does your mac recognize the phone as a modem?
If you're using MR1 I think you might need to hard reset and the soft reset right before the Verizon customizations run. You won't be able to run their apps but there won't be software to cripple the phone.
i have the same exact issue i have a new macbook pro and the bluetooth connects however the speed is slower then dial up it works perfectly however on bootcamp apple has to change the drivers
So more results.
I tried all the registry edits, (much easier with CD-Regedit so you can make the changes on your desktop) and now internet sharing does not even allow me to select a connection type, it had worked previously.
The only thing that was missing before I made the registry changes was that when I pair the phone, in the services listed, "Network Access Point" is not one of the listed services. My old phone has this service listed, and this is how I used it, where I started internet sharing on the phone, then selected the bluetooth device (phone) on the mac and selected: "Connect to Network) and it worked flawless.
Back to the drawing board. I'm going to try next to re-flash the MR1 rom and do as Cycomachead suggested and stop verizons customizations from happening.
bryanw17, what were the exact settings you used for dialup on the mac. The modem script used is probably the most important piece.
Number: #777
Username: Phonenumber (or [email protected]????)
Password: (We know this one, not sure if it's legal to post though)
Darn, I wish I could provide more help. It is indeed possible in Leopard, I had it going before I began flashing my phone - and I no longer have a data plan to test, otherwise I'd be using it a lot more!
aparently no one with a new macbook pro can get bluetooth pan to work. I have it connected however the drivers for the new macbook pro do not provide a good connection if you search the mac forums theyve been talking about it on there. I dont use a username n password however because i use the internet sharing app for the moment i am using wmwifirouter to connect online however my xv6800 doesnt charge at the same time for some reason so u can only use it till the battery dies
So some more results.
I installed ICS and all the registry edits. Then the internet Connection Sharing did not function at all. I verified the registry settings, all were fine. So no dice with me.
So back to the drawing board.
I installed a previous rom. DCD 3.2.6, and guess what? From initial flash of the phone and initial setup, no apps installed, no hacking, ICS runs and provides a network connection to my mac perfect. I also instantly notice when I pair it through bluetooth, it allows the option of "Access this device as a network port". And "Network Access point" is listed as an offered service.
I installed newer rom DCD 3.3.4, and the MR1 Rom. Neither have ICS installed initially. I can install the two files: intshare.dll and IntShrUI.exe into the windows directory without any reg edits, and then ICS works on the phone, but then pairing the phone to the Mac, and attempting to discover teh PAN service is unsuccessful. It only is discovered as a Dialup Access device, and not a "Network Access Point".
So, It appears I can get internet Sharing via Bluetooth PAN to function on the phone no matter which rom, but have not figure out how to tell the mac, or trick the mac, into thinking the "Network Access Point" service is available.
I have pulled completed registry dumps with CE-Regedit and compared the differences between the two, which there are quite a few, but not sure how to export these differences with the program so I can apply them to the other roms registry. I guess I might try a fukll backup and then restore to the new(er) rom and cross my fingers.
I'd stay with the 3.2.6 rom. and 3.42.50 Radio, with PRI 2.03, but I can only seem to make the GPS function successfully with the MR1 stock verizon rom.
Anybody want to take the two regs files compare, and see if they can find out where we can make the change to have the phone advertise the service "Network Access Point" when being paired to the mac or PC?
On one last note. I also tried the method of restoring the MR1 official rom, and then not allowing the customizations. ICS will function, but again, not advertising the service: "Network Access Point" when pairing, so it's not recognized as a valid networking method.
Where did you get those files (intshare.dll and IntShrUI.exe) to allow ICS via bluetooth?
Nevermind, I found it on PPCGeeks.
Don't know why DCD disabled the BT DUN on ICS.
I use Missing sync, and I turned on PAN then added my phone and it shoed it as a modem when I added it, but my BT connection is fairly Unrealible compared to the USB teather on Bootcamp
i was under the impression that bt pan has been whacked on macbook pro models starting from early 2008 on. anything earlier than that and it seems to work great. does anyone know why bt pan doesnt work on the newer machines and how to get it to work?
does anyone know how to make a working vpn connection with the touchpad?
i couldnt get one.
i have win 7
tried vnc too,
did anyone get an working vpn connection?
works for me. my proxy server uses pptp so i download pptp plugin from market and all's good.
I think if you have an ASA you can try the built in anayconnect client provided you have a mobile license activated on the Cisco otherwise use IPSEC on your gateway device. I never played with pptp on the touchpad before.
I saw this but what can I do by joining a VPN?
is there someone who can write up an a quick tutorial for the ones that dont know how to do it.
that would be apriated.
i want to control windows 7 remotly with it
jlove said:
is there someone who can write up an a quick tutorial for the ones that dont know how to do it.
that would be apriated.
i want to control windows 7 remotely with it
Click to expand...
Click to collapse
Bump... Same question. Out of all the people who have recently bought the touchpad, there has to be someone out there that can give a short explanation on how to use the native VPN capability to connect to a Windows system. I have searched all over the net for the answer and have come across many unanswered forum threads.
Below are instructions I used on Win 7 to create an incoming VPN connection to make it available to be connected to.
pcworld. com/article/210562/how_to_set_up_vpn_in_windows_7. html (take the two spaces out of the link, cant post links yet since Im a NOOB!!)
Step by Step: Building a VPN (Incoming)
Step 1 Click the Start button, and, in the search bar, type Network and Sharing.
Step 2 Click Change Adapter Settings in the left-hand menu.
Step 3 Click File, and then New Incoming Connection.
Step 4 Select the users you'd like to give access to and click Next.
Step 5 Click Through the Internet and select Next.
Step 6 Select the Internet Protocol you'd like to use. (The default TCP/IPv4--the line highlighted in the screenshot below--will work fine.)
Click to expand...
Click to collapse
On the touchpad when using the Cisco AnyConnect VPN connection type and enter the host name, I get this error "Connection attempt has failed due to configuration issue with server"
When using the VPNC connection type, and enter the host name and password, I am prompted to fill in several fields that I dont know what to enter.
I use my laptop to log into my Win7 desktop all the time easily via the Remote Desktop Connection app. Hopefully there is something similar coming to the touchpad.
I have an openvpn subscription with strongvpn - this works well for the technically deficient peeps like myself to have an added layer of security when using windows machines in a public wifi area (i.e. hotels)
I asked strongvpn about any support for webos, and they were not sure of any workarounds to date. Any new ideas on this? I am using an open vpn (as opposed to their ptpp). They said that on rooted android devices open vpn will work following one of their tutorials.
If you are technically sound only then you will be able to set up a VPN and solve these kind of issues yourself..Average PC users like me will avoid indulging in these configurations as they are too complicated for us
Why not try an already established, reliable VPN service provider for touchpad??
you can definitely Google them and can choose amongst the choices you get..That would be far easier believe me
[Q] VPN support
I was wondering if anyone has tried vpn support on the touchpad? I am looking at using it overseas as a way to watch amazon VOD while I travel.
Edit: Found out I needed to download a free app from app catalog for PTP support. Works now when I connect to my school network. Also I found out that playon services work too on touchpad so I might try that for netflix.
So, I was trying to make my own VPN to bypass my mobile network's blockage on Skype. I'm trying to get my Galaxy S3 connect to my home's PC which is totally fine with Skype.
I followed the steps here to setup a VPN on Windows 7. But when I tried to fill the VPN settings on my phone, it was unsuccessful.
What am I missing?
EDIT:
Couldn't post the link. The steps were :
Following are the steps for configuring Incoming VPN Connection in Windows 7
First go to Control Panel and open Network and Sharing Center.
Click on Change adapter settings.
Press Alt+F and select New Incoming connection
Put a check on who you’d like to give access to this computer or you can configure a new account by clicking on Add someone,after that click on Next.
Put a check mark on Through the Internet. Click on Next.
Select the protocols you want to enable for this connection. Click on Allow access.
Make a note of the Computer name as this will be used by the client to connect to this computer and after that Click on Close.
Banana Phone said:
So, I was trying to make my own VPN to bypass my mobile network's blockage on Skype. I'm trying to get my Galaxy S3 connect to my home's PC which is totally fine with Skype.
I followed the steps here to setup a VPN on Windows 7. But when I tried to fill the VPN settings on my phone, it was unsuccessful.
What am I missing?
EDIT:
Couldn't post the link. The steps were :
Following are the steps for configuring Incoming VPN Connection in Windows 7
First go to Control Panel and open Network and Sharing Center.
Click on Change adapter settings.
Press Alt+F and select New Incoming connection
Put a check on who you’d like to give access to this computer or you can configure a new account by clicking on Add someone,after that click on Next.
Put a check mark on Through the Internet. Click on Next.
Select the protocols you want to enable for this connection. Click on Allow access.
Make a note of the Computer name as this will be used by the client to connect to this computer and after that Click on Close.
Click to expand...
Click to collapse
I have to say, I highly advise against using any of the desktop-based Windows OS for a VPN server. The reason being is that although some functionality for providing an incoming VPN service may be there, it is by no means widely supported and where it is found, can be flakey and unstable at the best of times. Server-based operating systems, like Windows Server 2003, feature a very solid server base (hence the name) and as a result, have much more support and stability when it comes to hosting services used by clients. Further to the point of an actual VPN server, they are very difficult to get working properly and even more difficult to maintain, even on a server-based OS. I know running a server-based OS isn't something that everyone can (or wants) to do, so if you need to use a VPN service for whatever reason I suggest taking a look here: http://www.makeuseof.com/tag/7-completely-free-vpn-services-protect-privacy/ or if you wish to shell out a few pounds here: http://www.zeropaid.com/news/94826/top-5-free-vpn-services/ Anyway, that's just my opinion (although one I have developed from a professional background and having endured trials much like you are now) so on to the problem you face...
You say you have setup a VPN incoming connection, via a Windows 7 wizard. I encourage you to check this link out, and go over the motions it describes to see if there are any intermediate steps the guide you followed may have missed.
http://www.pcworld.com/article/210562/how_to_set_up_vpn_in_windows_7.html
After you have done this, please follow the following link to see the ports that are needed to be opened between you and the outside world. This will either have to be done at a) your firewall if you have one (could be software, ie Windows 7 Firewall, or hardware) or b) your router.
http://www.speedguide.net/faq_in_q.php?qid=163
I am unsure whether Windows 7 as a VPN server uses PPTP or L2TP for its service. However, I will hazard a guess and say PPTP, as L2TP I have only ever seen used on Unix-based system. Therefore you will need to open (or forward) ports 1723 and port 47 to your Windows 7 PC. As there are many different makes and models of home router I cannot give you specific instructions on how to do this, but a Google string such as "<your router name here> port forwarding" will no doubt give you guides on how to do this. My money is on something like your router/firewall just blocking VPN traffic, as the ports are not currently forwarded properly.
I hope this helps - let me know how it goes.
Hi,
I am connecting to my university's wifi and I am unable to use their settings. From their settings, I am to choose PEAP for EAP Method. MSCHAPV2 for phase 2 authentication and Use System Certificates for CA Certificate however my phone only gives me the options of Select Certificate and Do Not Authenticate.
Is there something I haven't installed or am I missing something.
Thanks
Did you solve this? I'm having the same
No, still haven't figured it out. Been working by using do not authenticate.
I'm monitoring this thread daily - I have to settle for a "guest" connection at my work (College) until a system cert. option becomes available - it is tremendous pain logging in all the time etc... I'm surprised this issue isn't more prevalent. This seems to be the only thread with this issue raised.
I am having the exact same issue with my university wifi login
I've also been having this exact issue trying to login to my Universities wifi really stressing me out. Hopefully a solution is found soon
Problem solved
Hi there,
I encountered exactly the same problem on my S9 and have solved it now. The problem is the system certification is not installed on our devices. The solution is quite simple. Just download and install the App "eduroam CAT", and then it will automatically search for the eduroam of your university. After inputting your user name and password, it will automatically download the required certification and directly connect to the eduroam network. Hope this helps.
doubledou said:
Hi there,
I encountered exactly the same problem on my S9 and have solved it now. The problem is the system certification is not installed on our devices. The solution is quite simple. Just download and install the App "eduroam CAT", and then it will automatically search for the eduroam of your university. After inputting your user name and password, it will automatically download the required certification and directly connect to the eduroam network. Hope this helps.
Click to expand...
Click to collapse
unfortunately i've tried that and its still not working. Glad to hear your wifi is working however
doubledou said:
Hi there,
I encountered exactly the same problem on my S9 and have solved it now. The problem is the system certification is not installed on our devices. The solution is quite simple. Just download and install the App "eduroam CAT", and then it will automatically search for the eduroam of your university. After inputting your user name and password, it will automatically download the required certification and directly connect to the eduroam network. Hope this helps.
Click to expand...
Click to collapse
Thanks! Worked for me on Galaxy A7 2017 on Android 8 (where the option "use system certificates" doesn't exist) when connecting to Eduroam on the University of São Paulo.
ssadtru said:
Hi,
I am connecting to my university's wifi and I am unable to use their settings. From their settings, I am to choose PEAP for EAP Method. MSCHAPV2 for phase 2 authentication and Use System Certificates for CA Certificate however my phone only gives me the options of Select Certificate and Do Not Authenticate.
Is there something I haven't installed or am I missing something.
Thanks
Click to expand...
Click to collapse
Can the IT department for the school provide you with a downloadable certificate file so you can choose that?
This is something they should be able to do (provided they know how)
I have an S9 and the same problem. I solved it as follows:
Since my university doesn't say where to download the CA certificate, I went to my Windows 10 laptop that was logged in to the WiFi of the uni because I think it gets downloaded when I connect with Windows (or maybe Windows asked me to confirm the certificate?).
I exported (using binary format) the CA certificate - "thawte" was the issuer
I emailed it to myself, and from my email on my phone, saved the attached certificate to Android's file system.
I imported/installed the certificate in the Android 8 system.
Finally, I chose it (it appeared in "CA Certificate" drop-down menu) when signing in to WiFi
My theory is that often University IT departments outsource WiFi to third-party companies whose main goal is to make them easy to use on Windows/MacOS. Since many people don't have the latest Android (8), they don't understand what is going on.
Ideally, the IT folks should tell you where to download the certificate (so you won't have to export it from another PC), as in the explanation given at the University of Illinois (Google the text "How to manually set up IllinoisNet on the Android OS" since XDA won't let me post links).
how were you able to find out which certificate was tied to your uni's wifi? i finally got all of the other steps down, but finding out which one is relevant is still hard for me to do.
My university advertises cat.eduroam.org as solution for no certificates. Haven't tried it myself, as I didn't need it, but worth a shot.
After upgrading to Oreo on my S7, I was having the same problem for both my Uni's wifi and with eduroam. I solved it in a similar way as TheFuhrmanator. Make sure you've connected to Uni's wifi on your Windows 10 laptop at least 1 time to make sure the connection works.
Go to the Windows 10 Certificate manager (Start -> type 'certificate' -> Manage Computer Certificates)
Expand the folder Trusted Root Certification Authorities -> Certificates
Right click USERTrust RSA Certification Authority (and maybe AddTrust External CA Root) and export them to DER Encoded Binary format. I found the exact ones to export from https://it.umn.edu/wifi-windows-10-setup-guide
Copy the exported files to phone
On phone, go to Lock Screen and Security -> Other Security Settings -> Install certificates from storage (select the option to use the certificate for WiFi)
Connect to eduroam and select USERTrust RSA Certification Authority or whatever you named it
Process that we have worked out for certificate installation and connection
This isn't eduroam-specific, but our organization created this documentation, at wifi.lihc.on.ca with the installation process. We created a PEM-encoded ".cer" for our particular certificate chain, including the root and the two other required chained certificates.
The process is relatively painless, all things considered, but still an unnecessary step where the device already has the certificate installed.
I don't have "USERTrust RSA Certification Authority" only "AddTrust External CA Root"
Hello there
Just in case anyone still has this problem. I figured it out for my specific case with both the CAMPUS and EDUROAM networks at my university. The wifi network configuration required me to select for both cases:
EAP method: PEAP
Phase 2 Authentication method: MSCHAPV2
CA certificate: Greyed out and set to "Use system certificates"
Online certificate status, Choose : DO NOT VALIDATE
Even after I typed the username and password, the connect button would be disabled and I was always requested to provide a domain address, otherwise I would not be able to connect. So I downloaded the CA certificate configuration provided at https://cat.eduroam.org/# for my school in Canada. The file you download does not do anything in android so "double-click" gives no joy . Now, my aha! moment came when I opened the file on a texteditor, somewhere around all the encrypted gibberish you will see something that says:
</CA><ServerID>xxxx.yyyy.zzz</ServerID>
I suppose that would be the certificate authority address for my school. So, I added this address in the domain address and voilá! Connect button enabled and connection working all good for both cases. I hope this gets helps whomever now. Important to mention, I found this post looking for the problem but now I have a Google Pixel 5, but I'm sure the solution will work with any android phone.
----EDIT----
I just realized something else. I noticed someone said they will just keep using the GUEST network at their school even if it meant logging in everyday which is pretty stupid and annoying at this point in time. IN MY CASE, when tried the GUEST school network as a likewise temporary solution, I would be redirected to the school's wifi portal for authentication. It turns out, this portal has the same address as the CA authority (https://xxxx.yyyy.zzz/WHATEVER?STUFF......).
My point being, if your case does not involve EDUROAM of any form to allow you to get a config file and see the CA authority address, well, it stands to reason that it is the same server for both CAMPUS and GUEST networks used for authentication. At least is worth the try this address if you are out of options.
Cheers!
Flogisto said:
Hello there
Just in case anyone still has this problem. I figured it out for my specific case with both the CAMPUS and EDUROAM networks at my university. The wifi network configuration required me to select for both cases:
EAP method: PEAP
Phase 2 Authentication method: MSCHAPV2
CA certificate: Greyed out and set to "Use system certificates"
Online certificate status, Choose : DO NOT VALIDATE
Even after I typed the username and password, the connect button would be disabled and I was always requested to provide a domain address, otherwise I would not be able to connect. So I downloaded the CA certificate configuration provided at https://cat.eduroam.org/# for my school in Canada. The file you download does not do anything in android so "double-click" gives no joy . Now, my aha! moment came when I opened the file on a texteditor, somewhere around all the encrypted gibberish you will see something that says:
</CA><ServerID>xxxx.yyyy.zzz</ServerID>
I suppose that would be the certificate authority address for my school. So, I added this address in the domain address and voilá! Connect button enabled and connection working all good for both cases. I hope this gets helps whomever now. Important to mention, I found this post looking for the problem but now I have a Google Pixel 5, but I'm sure the solution will work with any android phone.
----EDIT----
I just realized something else. I noticed someone said they will just keep using the GUEST network at their school even if it meant logging in everyday which is pretty stupid and annoying at this point in time. IN MY CASE, when tried the GUEST school network as a likewise temporary solution, I would be redirected to the school's wifi portal for authentication. It turns out, this portal has the same address as the CA authority (https://xxxx.yyyy.zzz/WHATEVER?STUFF......).
My point being, if your case does not involve EDUROAM of any form to allow you to get a config file and see the CA authority address, well, it stands to reason that it is the same server for both CAMPUS and GUEST networks used for authentication. At least is worth the try this address if you are out of options.
Cheers!
Click to expand...
Click to collapse
I'm working to resolve this for my university. What CA file are you referring to, here? The certificate does not contain a ServerID tag, and our university does not issue certificates from this eduroam page.