HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Unfortunately there is no simple answer to your question. AFAIK you cant get a fixed ip on gprs, but if your using the right firewall and the right vpn host you dont need to.
I use and supply windows sbs 2003 servers and vpn into them regularly. I have also used citrix to achieve similar results. Might be a bit difficult to persuade your firms it dept to set up something like that for 1 person though.
PM me if youd like any advice.
BillyB said:
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Click to expand...
Click to collapse
Hello Billy,
You ask a good question, but the answer isn't simple. Most carriers do have two types of APN (Access Point Name) provision for your SIM: "private" APN (which provides a non-routable IP assignment from behind a NAT, for basic browsing and e-mail functionality) and "public" APN (that provides a routable IP assignment, which is the Minimum Requirement for a more sophisticated connection type, such as VPN, etc). However, both of them are assigned by a DHCP (Dynamic Host Configuration Protocol) Server on a GGSN (Gateway GPRS Support Node) of your particular GPRS network operator. In either case, the end result will obviously be a DYNAMIC IP address on your GPRS terminal (be it a laptop PC, a PDA, or phone)
Some carriers do offer what is called a "dedicated APN" provision, which gives the subscriber their own IP range to choose from (almost like a small subnet), but it is only available to corporate giants like Pepsi (for example).
Now, to sum it up, you must have the proper APN provisioned on your Mobile SIM account (which the provider will normally call something like a "VPN data package" in billing terms). Then, you must obviously establish a GPRS session before you can connect your VPN client (but remember that most basic VPN clients work the best). It is pretty sad to say, but Microsoft Windows-embedded VPN client on Win2k/XP Pro so far has performed the best with no quirks whatsoever. It has to be via PPTP...L2TP has also worked for me..otherwise, the fancier (and more secure) the VPN tunneling protocol, the more its likely to fail. Normally all you need for a basic MS WIndows VPN client config is the Server name (or IP address), the user name, and the password.
Hope this helps,
Let me know how it goes,
Alex
PS. PM me if you have further questions.
VPN and TS Its like pulling teeth
hi all this has got to be the most anoying problem ever. i can connect to O2 vpn access point and hence i can connect to my work vpn server. however as soon as i try to open a TS connection to my desktop (through the vpn) the VPN connection is dropped and i never connect. Can anybody tell me why? if i have a vpn connection to my work server why does TS try to make another connection and bomb out the original. Is there a fix or another way of doing this i.e. does a external IP have to be nat'd to my desktop IP on port 3389? all help greatly appreciated. Ian
Related
I have been trying to establish a VPN connection with my xda over gprs to my office computer (PPTP) but I am not sure I have made the appropriate settings. There is no place to type in my username and password (except for the gprs connection).
Can anyone guide me on how to ensure a proper connection?
Also, I am not sure what the VPN connection will mean in terms of pocket pc functionality. Will it mean that I can access my office e-mail which would otherwise require a direct dial in? Will I be able to synchronize with my office outlook?
I would greatly appreciate your help. Thanks, apap
VPN
hi,
suggest ringing 0845 6006886 (O2 GPRS Helpline).
They have a PDF Doc that may help. They will e-mail it to you.
Doc Title VPN_Access_over_mobile_web.
Good luck
Ric.
Thanks for your help Ric.
I have followed the settings as discussed in the pdf file but I have not had any success. I will call the helpline.
private networks
Please note that if you are using O2 and your office have a private network range in the 10.0.0.0 range, you will have problems due to the subnet mask used, and the fact that O2 use NAT.
I have written a utility which monitors the routing table, and overcomes this problem by narrowing the net mask. Anyone who is interested, contact me for this software: [email protected]
I tried to 'give' this software to O2, but they didn't seem to care. They didn't really seem to understand the problem.
Re: private networks
martinlong1978 said:
[...]
I have written a utility which monitors the routing table, and overcomes this problem by narrowing the net mask. Anyone who is interested, contact me for this software: [email protected]
I tried to 'give' this software to O2, but they didn't seem to care. They didn't really seem to understand the problem.
Click to expand...
Click to collapse
How about this: we'll dedicate a page to it on this site, and possibly even include a small tutorial that deals with networking stuff in general. If everyone in the know contributes a bit of their knowledge, I'll lay it all out, add the screenshots and put it on a page.
Re: private networks
Thanks.
Here's the gist of it.
Often, corporate networks use addresses in the range 10.0.0.0 - 10.255.255.255 in order to create private networks. This address range is designated for this purpose, and is the only class A range designated as such.
O2's GPRS network uses NAT in order to cut down the number of IP addresses they require. In doing so, they also use the private address range.
It is not recommended practice to use NAT for subscription networks, as they do not provide a 'complete' internet service. Certain peer-to-peer services will not work through NAT, as they require both devices to be publicly addressable - this however, is not the cause of this issue.
Lets look at the process of connecting to a VPN.
1) a 'dial up' connection is made to the GPRS service. When I say 'dial up' I do not mean a circut switched call is made (before you techies correct me), but still, some kind of PPP connection is made.
2) IP addresses are negotiated. An address is allocated to the device in the 10.0.0.0 range. During this allocation proceedure no subnet mask is specified, and the device assumes 255.0.0.0 as for a class A network.
3) The device adds a route to 10.0.0.0 mask 255.0.0.0 on the GPRS virtual adapter.
The connection to the VPN can now be made
1) a 'dial up' connection is made to the VPN service.
2) IP addresses are negotiated. An address is allocated to the device in the 10.0.0.0 range (depending on corporate config). During this allocation proceedure no subnet mask is specified, and the device assumes 255.0.0.0 as for a class A network.
3) The device adds a route to 10.0.0.0 mask 255.0.0.0 on the VPNvirtual adapter.
All seems fine - no? Try connecting to any host on the private network. Mail server, terminal server, web server. I bet you it doesn't work. That's because two routes have been allocated on the 10.0.0.0 mask 255.0.0.0 network. When you try and connect to your mail server (eg 10.0.0.6) the packets go straight out through the first matching route - the GPRS, and never even see the VPN route.
My software tool watches the route table (I use a function in the IPhlpapi.dll for those interested), and waits for a change. When it spots a change, it re-writes the routing table, narrowing the routing entries to 24 bit masks (it works out the missing octets from the gateway address).
So an example would be:
10.0.0.0 mask 255.0.0.0 gw 10.34.23.254 if GPRS
10.0.0.0 mask 255.0.0.0 gw 10.0.0.1 if VPN
becomes
10.34.23.0 mask 255.255.255.0 gw 10.34.23.254 if GPRS
10.0.0.0 mask 255.255.255.0 gw 10.0.0.1 if VPN
This allows you to access stuff in the 10.0.0.0 network.
Drawback:
You won't be able to peer to peer with other O2 XDA's who aren't on the same class C netowork - big deal, does anyone do this?
You are limited to contacting hosts on the same class C within your private network. I am working on broadening this range.
Files:
There is 1 file required - the executable, which should be placed in the startup folder. Let me know where to send this, and it can be made public.
util.
To keep you updated. I've just updated this slightly. It no longer requires MFC. It is 1 x 5.5 K executable.
Regards
Martin
Please note, not everyone will need this update. Only if your office uses a 10.0.0.0 subnet.
Thanks for all the enquiries.
Can I share the files - VPN_Access_over_mobile_web.pdf?
Hi ,
Can I share the files - VPN_Access_over_mobile_web.pdf? I am also testing the VPN conection over XDA GRPS, but if it is possible , pls mail me that PDF files. [email protected]
Thx
Li
CAn anyone please email me the VPN_Access_over_mobile_web.pdf file? Please Please Please!
Thanks
Ian
[email protected]
Don't have this file to hand, but if it is the one I think (provided by o2 UK) it is on their site somewhere.
VPN to Win2k server (with fixed ip, and internal ip of 192.168.blah-de-blah) worked first time following those instructions, as did Terminal Server used to remotely control it.
HTH
imordey said:
CAn anyone please email me the VPN_Access_over_mobile_web.pdf file? Please Please Please!
Thanks
Ian
[email protected]
Click to expand...
Click to collapse
VPN Access
For goodness sake.
http://www.o2.co.uk/mobileweb
Select the VPN Access tab!
Download the PDF from there.
A little surfing goes a long way
Re: util.
Hi Martin, I tried to mail you for the VPN fix but it bounced, any chance you could email it to me or attach it here? paul_w at cix dot co dot uk.
Thanks,
Paul
--
To: [email protected]
Subject: XDAII VPN fix
Sent: Sat, 28 Feb 2004 13:15:42 -0000
did not reach the following recipient(s):
[email protected] on Sat, 28 Feb 2004 13:30:55 -0000
The recipient name is not recognized
The MTS-ID of the original message is: c=us;a= ;p=trace computers
;l=DATA1504022813301W4WRN23
MSEXCH:IMS:Trace Computers PLCatawiseATA15 0 (000C05A6) Unknown
Recipient
martinlong1978 said:
To keep you updated. I've just updated this slightly. It no longer requires MFC. It is 1 x 5.5 K executable.
Regards
Martin
Click to expand...
Click to collapse
Does anyone have this file? Or any contact details for martinlong?
Thanks,
Paul
What VPN does for me.
Me and my significant other have 3 servers in our closet and host exchange (email), Active Directory, and outlook mobile access as well as things like ftp, web, and most importantly VPN. All my email that comes to us goes into my Outlook box on the exchange server then activesync sends a text message to my tmo pda phone and activesync begins downloading my mail and synchronizes my contacts and calendar. Once that is complete, a VPN connection is started up and the pda syncs with my desktop computer, so programs like vindigo and files like my documents are up to date. I even have the option of installing over the air or browsing my files on my computer at home.
Hey Sytris, I'm setup the same way pretty much but I've tried with 2 different devices and I can't get it to sync with the local computer. The active synce with exchange works fine and the vpn connects just fine. The active Sync app on the server then gets the connection from the PPC but shows connected as guest instead of my device and the active sync on the PPC still shows connecting but never goes anywhere. Did you run into that when setting yours up? Any suggestions? Thanks - Jim
About PPTP connection via PC I found nice tutorial step by step here at supervpn.net/blog
About mobile, you should try to contact some VPN provider, they have nice live chat support so they can answer you probably on all your questions.
For setup your vpn on your phone you can find solution on worldvpn.net
HI!
I need connect two PPCs with wifi... VPN..? How I make it?
they would need to both connect to a vpn server.
but then the question is what do you expect the devices to do with each other. neither have any server type services for the other to connect to.
it would require one or both of the pocketpc's to run a VPN server if there is such a server program for pocketpc's at all
sounds like a non starter to me.
i think a vpn server needs to dish out IP addresses.
thats just to start with.
unless you are connecting both ppc's to a vpn server
Please elaborate. Do you mean direct P2P connection (which is very easy to do - see my related articles on this), or a plain Internet / VPN-based one?
marclouis said:
i think a vpn server needs to dish out IP addresses.
thats just to start with.
Click to expand...
Click to collapse
In internet-less P2P connections, you don't need VPN either for assigned IP addresses.
I'm an IT guy and I just got into smartphone PPCs for the first time after a long-time hiatus from PDAs when I used to be a Palm owner. After my last palm, a LifeDrive, got stolen I moved to a Moto Q wich was a big dissapointment OS wise, and I never really got into modding it or anything, just set my POP3 e-mail server and used it like that for 2 years (draw back was that I didn't have contact sync nore internal e-mail sync that got handled by my exchange server). My contract with that Q expired and I made the move to a Sprint Mogul with WM 6.1 Pro and I'm NEVER LOOKING BACK!!!
Anyways, enough about me, this is my first contribution so I wanted to do the little intro.
I had searched around a bit about how to get ActiveSync to sync my company's Exchange server through PPTP VPN (we don't have it published with a certificate for an actual push config) but all I found was info on how to setup the VPN itself, being an IT guy that was like pointing out the obvious to me as I had already got that running and connecting but couldn't get anything but the OWA site opening in IE and Opera.
Basically what I figured out was that I had to program a work URL exception in the Connections control panel under the Advanced tab. There I added my exchange server's IP address as a URL and used that IP to program the server under ActiveSync with all the usual credentials. I can't configure it to receive as items arrive, instead I had to let the configuration run on a 10 minute schedule. Every time the schedule is up I see the VPN connecting pop up and it syncs PERFECTLY and disconnects the VPN. (It doesn't turn on my screen each time, it just pops up if I'm using it; but that pop up can be turned off if it gets to annoying).
I don't know if anyone else knew about this but I though I'd share this info as I searched for a few days and found nothing, ended up figuring this out myself. If this is new info I'll post more detailed configuration information for those who desire it.
BTW, this is working over the Data Plan and WiFi as well.
Wow. your a god...
I been trying to figure why it kept disconnecting the vpn when it synced up.
Adding the work url exception works perfect...
(Im using WM6.1 on a Samsung Omnia)
Many Many thanks!
No problem dude! I'm surprised no one else has really found this helpful. Glad I could help!
BTW, those exceptions work very well for internal web sites as well. I use it to log in to web-based management consoles such as Symantec's Mail Security for Exchange, Symantec Endpoint, basically if you got an internal website of some sort you can access it through VPN using a Work URL Exception.
I was looking for this info too, i would like more detailed configuration information about this.
Thanx in advance...
Roland hendriks
What part of the configuration are you having trouble with? Configuring the VPN, the Exchange Server or the URL Exception?
Thanks
I personally am thankful for your information. Even if none of the other 1000s of readers out there say anything...
Thank you for sharing your knowledge.
Tim
Glad I could help! I know I broke my head over this one during the first week of me having a WM phone. I figured it out thanks to the Fdc Soft Task Manager using the Netstat utility. It let me know exactly what the network stack of the phone was trying to do and the URL exclussion I just stumbled upon and reading what the page said it lead me to believe that it might be a routing table for configured "WORK" connections. And it worked.
During the past month or two of using my exchange like this and switching around ROMs and cooking my own ones now I've noticed that having TCP Data Reconnect and Transmission Retry settings in your registry set to high will cause Active Sync to take a long ass time for it to actually route communications through the VPN connection. I noticed this after using custom ROMs wich some have these settings increased to ensure communications go through but they raise connection timeouts way to much. On my own custom ROM I've set these to defaults (2 and 4 respectively) and Active Sync only takes about 1 minute to start syncing onces you hit sync while you wait for it to dial the cellular line and the VPN.
you talk about the vpn..
i think you are in the very small percentage of ppl who can get that to work.
i have the activesync set to manual and have tried the vpn type to both IPSec/L2TP and PPTP
w/o success..i always get a UN PW error which i know cant be so..
i set the host ip to what was shown from "whatsmyip"..
searching for quite awhile, i see thousands of ppl who cant get it to work and have
never found a reliable method that works for anyone but the person who posted it.
if you could back track a little and post how to do it, there are probly
thousands of ppl who would find it very useful and really appreciate it.
thanx
Well one thing is how to setup a WM device's VPN client to connect to your VPN server and another is actually configuring your VPN server. Do you have a working VPN setup in your corporate network already? This usually is setup by having a static IP assigned to your corporate internet connection and a firewall configured to allow VPN access with all the necessary traffic and authentication routes.
If you don't have a static IP in your office and use a lower cost DSL or Cable connection you aren't SOL, for these types of connections you can use a service like dyndns.org to dynamically upadate your dynamic IP into a static dns name like: mycompany.dyndns.org for example. This requires you to setup your firewall or ISP modem to communicate with dyndns.org to report the changes. Most firewalls come with this funcionality already built-in, but most of them also call them by different names so you'd have to look up your equipment's documentation on how to report a dynamic dns service.
I would be happy to help you setup your VPN correctly but its more practicall for me to help you setup a checklist on which type of VPN you want to setup (IPSec or PPTP) and what your corporate network's infrastructure looks like and let you know what to look for in google; there is PLENTY of very helpful information on the web on how to setup VPN but first you have to know what you need and how you are going to achieve it and then you'll know what to look for.
Each setup is very particular to the customer's needs and the network infrastructure that is setup and how much security you want to use (IPSec is a naturally secured VPN tunnel protocol while PPTP is not secured by nature but can be secured with a Radius server in your DMZ validating authentication in an encruypted manner to your Active Directory service).
What I posted above will work for an already existing and working PPTP VPN connection wich I already had running for years in my office and I regularly use with my laptop to connect to my exchange server while on the road or at home. What I posted above is what is need to get your WM device to connect to an already functioning PPTP VPN server.
Hope this helps. And if I'm to help you make a checklist I need a lot of information:
Type of ISP (static IP or dynamic IP)
Type/Brand of firewall device
How the devices are connected together (dumb modem or internet router from your ISP to your firewall's WAN port or a full blown router provided by your ISP wich is patched into your firewall's WAN port)
Internal network configuration (both AD and Exchange on same server (SBS) or separated)
What amount of security you are looking for.
Send me some PMs and maybe I could at least point you in the right direction.
nttdemented: I'm doing the PPTP shuffle at the moment, and wanted to pick your brains..
The basic connection is running fine - e.g. when I add 192.168.0.1 as an Exception and go to http://192.168.0.1 in Pocket IE the VPN fires up and I see the page just fine.
I've also added '10.6.1.8' as an exception, but if I go to that address in PIE, I don't see any network activity (using ethereal/tcpdump) on the 'ppp0' server interface (I use Ubuntu server's pptpd) ...
Can I assume that your Exchange server is hosted on the same machine as your PPTP server? Some MS SBS or similar?
Even if I configure an http proxy (on the 192.168.0.1 IP) I see no activity when I try the 10.6.1.8 address. :/
thanks so much!!
that i didn't find/read about the "exceptions" option in WM before...
Somehow, when i got my phone, i got it to work without this workaround, it just worked, out of the box, no exception setting required. (VPN settings + exchange server location were enough)
But yesterday, from the one moment to the next, it suddenly stopped working.
In my efforts to get it to work again i deleted the exchange settings, but doing that, I deleted all my contacts and my agenda! I was in big trouble because I really needed those , but after reading your post, i got it working again! my phone is synching "as we speak" and i'm very happy!
don't know how it worked before, don't know why it stopped working, all I know is, it's working now!
you made my day
Good to know!
Cheers!
I've since stopped using this method as we got around to publishing our Exchange server with an SSL certificate so I'm actually using SSL enabled ActiveSync push on my phone now.
Excuse me but perhaps you can help me too.
My problem is that I can get/sync my mails using WIFI.
If I connect thru GPRS, y go to send/receive and I get all the mails. If I'm on my office and connect thru WIFI to the work net I also get all the mails from the exchange server.
The problem is when I'm outside my office and connect to other wifi net and try to sync my mails. I have an HTC TOUCH CRUISE with WM 6.1 original from HTC without any flash.
Thanks in advance.
VPN connection doesn't always connect for ActiveSync synchronization?
I have had ActiveSync working with an Exchange server over a PPTP VPN connection for years now, but there has been one nagging issue I can't figure out. For the most part it works, but sometimes when ActiveSync tries to sync it will not make the VPN connection. There is only one connection listed when I tap on the icon on the notification bar - the phone's data connection. So in activesync, the icon with the arrows spins for a while but nothing synchronizes. I think it ends up saying "waiting for network" or something like that. It seems to always work when I manually hit "sync", but sometimes it fails on scheduled synchronizations.
Any idea why this happens sometimes?
oh...cheers...got my brain back...
The exceptions rule has almost fixed mine now. I'm getting mail but not through Activesync (just sits waiting for network).
Hello,
I want to connect to my Company's VPN and read my e-mails.
My Company uses a Nortel Contivity switch to which I successfully connected with Bluefire Mobile Security VPN v2.7.5, Build 706 (IKE=DES+MD5+DH1; IPsec=3DES+MD5+LZH+PFS; NAT traversal active), using a cellular HSDPA connection. Now comes the bad part: I cannot configure Outlook to use the Exchange server nor the IMAP or POP servers (I tried with Flexmail 4 but with the same results) - it always say that the servers are not accessible. As far as I could figure it out, it seems that after the tunneling is operational, Outlook or any other software still tries to access the internet through the cellular connection (I tried to traceroot some addresses and it ALWAYS goes through the cellular line (not the tunneled connection).
What would be the correct settings in my connection manager so I could access the my Company's Exchange / POP / IMAP servers after I setup the VPN manually with Bluefire?
Thanks a lot!
DO you work for VZ ?? i too would like to connect to my vpn network ... I spoke to our techsupport and advised that wasnt possible ...just for bllackberry ... which i found odd ... i would be interested tofind out how to also
TheAlphonso said:
Hello,
I want to connect to my Company's VPN and read my e-mails.
My Company uses a Nortel Contivity switch to which I successfully connected with Bluefire Mobile Security VPN v2.7.5, Build 706 (IKE=DES+MD5+DH1; IPsec=3DES+MD5+LZH+PFS; NAT traversal active), using a cellular HSDPA connection. Now comes the bad part: I cannot configure Outlook to use the Exchange server nor the IMAP or POP servers (I tried with Flexmail 4 but with the same results) - it always say that the servers are not accessible. As far as I could figure it out, it seems that after the tunneling is operational, Outlook or any other software still tries to access the internet through the cellular connection (I tried to traceroot some addresses and it ALWAYS goes through the cellular line (not the tunneled connection).
What would be the correct settings in my connection manager so I could access the my Company's Exchange / POP / IMAP servers after I setup the VPN manually with Bluefire?
Thanks a lot!
Click to expand...
Click to collapse
!!!up!!!!!
when you configure your email account dont you specify which internet connection it should try to use? so shouldnt youspecify that your work conection is he connection that it should use to check mail.?
Hi,
Using a HTC HD2 I am trying to access my home network via WIFI (WPA2/PSK - AES). Some of it works, some of it doesn't and I was hoping some of you would be able to point me in the right direction:
I can connect to intranet pages (for instance utorrent web interface) via IP, but not via hostname.
I cannot connect to network (smb) shares at all, either via IP or hostname.
A program which requires the hostname to work (since I use it over Hamachi VPN as well as locally and don’t want to change the IP based on how I use it) does work over Hamachi and not over WIFI.
I'm quite confused
Any help would be greatly appreciated!
Cheers,
Elco
Sounds like your DNS isn't working. Do you have custom DNS servers configured in the "Name Servers" tab of network card config?
Yhanks for responding!
It should get it from DHCP (though I have tried assigning a static IP and dns, but this gave the same result)
Also, I have another older win mobile device, and with the same setttings it does allow me to access the network shares (by IP and hostname)
I've combed all settings regarding wifi and network, but since they are the same I am guessing it is probably a different at the registry level?
The HTC HD2 does have 2 broadcom wifi adapters mentioned though, a normal one and one with a DHD postfix.
Cheers,
Elco
@Talisman_: same problem here. have you solved it?
Exactly same problem on xperia x2. I just set on manual temporary.
Are you using Hamachi on your phone?
Did you have this problem prior to installing Hamachi?
The reason being is Hamachi installs a network interface which exists whether or not Hamachi is running
You may want to check your Data Connection settings and see if it has applied the "requires a proxy" setting
What are you using as your DNS server though, that is the question.
If it's your broadband router, then chances are it won't be able to serve DNS requests for internal devices (ie computers on your home network).
If that's the case, you'll need a proper DNS server (get an old PC and install Linux) and create a local domain such as home.local, or if you've got a registered domain, you can even set it up the same (domain.com for instance) just tell the DNS server it's the domain master.
It's been yonks since I played around with Linux so I can't tell you how, much easier with Windows Server
Some people advise against using the same public domain name as an internal domain name, but it just means you add A records for any public addressess such as WWW.domain.com or mail.domain.com if it's accessable outside your network as well as inside.
Alternatively, if you're only going to be accessing them via the home network then you could try adding a few hosts to your registry (use the windows calc or similar to convert each IP address number to Hex)
http://windowsmobilepro.blogspot.com/2006/04/etchosts-file-equivalent-in-windows.html
As always, you modify the registry at your own risk.