Cisco VPN (ASA / PIX / IPSEC) and Winmo 6.1 - experts needed - Networking

Hi,
I'm trying to connect my new touch HD to the work cisco firewall. I've set it up as LDAP/IPSEC with a preshared key.
When I try and force it to connect it contacts the ASA, starts the handshake but I see this in the debugging VPN log:
Start of Handshake:
Code:
7 Nov 12 2008 15:36:23 713236 IP = 89.193.232.83, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 564
Point of issue (i think anyway)
Code:
7 Nov 12 2008 15:36:24 713906 IP = 89.193.232.83, computing NAT Discovery hash
4 Nov 12 2008 15:36:24 713903 Group = 89.193.232.83, IP = 89.193.232.83, Can't find a valid tunnel group, aborting...!
7 Nov 12 2008 15:36:24 715065 Group = 89.193.232.83, IP = 89.193.232.83, IKE MM Responder FSM error history (struct &0xd9298110) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG4, EV_GROUP_LOOKUP-->MM_BLD_MSG4, EV_TEST_CERT-->MM_BLD_MSG4, EV_BLD_MSG4-->MM_BLD_MSG4, EV_TEST_CRACK-->MM_BLD_MSG4, EV_SECRET_KEY_OK-->MM_BLD_MSG4, NullEvent-->MM_BLD_MSG4, EV_GEN_SECRET_KEY
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, IKE SA MM:d5e02623 terminating: flags 0x01000002, refcnt 0, tuncnt 0
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, sending delete/delete with reason message
Looking at the logs it at no point tries to auth with the username and password so it's a tunnelling issue.
Any super geeks about to help?

jon- said:
Hi,
I'm trying to connect my new touch HD to the work cisco firewall. I've set it up as LDAP/IPSEC with a preshared key.
When I try and force it to connect it contacts the ASA, starts the handshake but I see this in the debugging VPN log:
Start of Handshake:
Code:
7 Nov 12 2008 15:36:23 713236 IP = 89.193.232.83, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 564
Point of issue (i think anyway)
Code:
7 Nov 12 2008 15:36:24 713906 IP = 89.193.232.83, computing NAT Discovery hash
4 Nov 12 2008 15:36:24 713903 Group = 89.193.232.83, IP = 89.193.232.83, Can't find a valid tunnel group, aborting...!
7 Nov 12 2008 15:36:24 715065 Group = 89.193.232.83, IP = 89.193.232.83, IKE MM Responder FSM error history (struct &0xd9298110) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG4, EV_GROUP_LOOKUP-->MM_BLD_MSG4, EV_TEST_CERT-->MM_BLD_MSG4, EV_BLD_MSG4-->MM_BLD_MSG4, EV_TEST_CRACK-->MM_BLD_MSG4, EV_SECRET_KEY_OK-->MM_BLD_MSG4, NullEvent-->MM_BLD_MSG4, EV_GEN_SECRET_KEY
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, IKE SA MM:d5e02623 terminating: flags 0x01000002, refcnt 0, tuncnt 0
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, sending delete/delete with reason message
Looking at the logs it at no point tries to auth with the username and password so it's a tunnelling issue.
Any super geeks about to help?
Click to expand...
Click to collapse
I have a working config from a Cisco PIX 501, however it can only run PIX OS 6.3(5) and not the newer 7.x or 8.x code the ASA's run so it's likely there are differences. Plus I am also using Digital Certificates as opposed to pre-shared keys, however that will only change the ISAKMP policy. I am also using MS IAS as the Radius server.
Code:
access-list l2tp permit udp host X.X.X.X any eq 1701
ip address outside X.X.X.X 255.255.255.252
ip local pool L2TP-IP-Pool-1 10.10.10.1-10.10.10.14 mask 255.255.255.240
aaa-server radius-authport 1812
aaa-server radius-acctport 1813
aaa-server RADIUS (inside) host 192.168.1.1 cisco-key timeout 5
aaa-server RADIUS (inside) host 192.168.2.1 cisco-key timeout 5
sysopt connection permit-l2tp
crypto ipsec transform-set l2tp esp-3des esp-sha-hmac
crypto ipsec transform-set l2tp mode transport
crypto ipsec security-association lifetime seconds 3600
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 28800 kilobytes 4608000
crypto dynamic-map dyna 20 match address l2tp
crypto dynamic-map dyna 20 set transform-set l2tp
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map mymap 10 ipsec-isakmp dynamic dyna
crypto map mymap client authentication RADIUS
crypto map mymap interface outside
isakmp enable outside
isakmp nat-traversal 20
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
vpdn group L2TP-VPN accept dialin l2tp
vpdn group L2TP-VPN ppp authentication mschap
vpdn group L2TP-VPN client configuration address local L2TP-IP-Pool-1
vpdn group L2TP-VPN client configuration dns 192.168.1.50
vpdn group L2TP-VPN client authentication aaa RADIUS
vpdn group L2TP-VPN client accounting RADIUS
vpdn group L2TP-VPN l2tp tunnel hello 60
vpdn enable outside
I have changed the IP addresses I am using, plus I have ommited the PKI Certificate stuff. For PSK's you would need to change the ISAKMP policy.
HTH
Andy

So does this work with WM6.1 native IPSec stack?
There's a similar thread here:
http://forum.xda-developers.com/showthread.php?t=280565&page=2
Someone else stated they figured it out.

stepw said:
So does this work with WM6.1 native IPSec stack?
There's a similar thread here:
http://forum.xda-developers.com/showthread.php?t=280565&page=2
Someone else stated they figured it out.
Click to expand...
Click to collapse
Yes. I have tested this with Windows XP & 2003 as well as Windows Mobile 6.0 & 6.1. The default policies with Vista prevent this working 'out-of-the-box' due to AES being the minimum encryption the Vista VPN client will negotiate (ISAKMP). You can change this though, but it's a pain to do individually and is best pushed down via a GPO - or use an ASA or PIX 7.x or 8.x that supports AES ISAKMP policies.
Andy

ADB100, how is your Cisco firewall configured? I've gotten past phase 1 now but it's stalling at phase 2 as i can't get the client to request the correct policy, it keeps falling back to the default which I can't reconfigure as other policies inherit from it.
Starting to lose my patience, so close yet so far! WinMo6.1 and cisco ASA VPN still has ig issues and no one on the internet seems to know why.

ADB100 said:
Yes. I have tested this with Windows XP & 2003 as well as Windows Mobile 6.0 & 6.1. The default policies with Vista prevent this working 'out-of-the-box' due to AES being the minimum encryption the Vista VPN client will negotiate (ISAKMP). You can change this though, but it's a pain to do individually and is best pushed down via a GPO - or use an ASA or PIX 7.x or 8.x that supports AES ISAKMP policies.
Andy
Click to expand...
Click to collapse
I pretty much posted all the VPN stuff in my previous post. I could send you the entire config if you wish (with some bits scrubbed obviously). I may have an ASA at the end of next week to play around. I will be installing it at a customer site the following week so I should have enough time to test the VPN stuff out, if you can wait? (I'm a CCIE.....)
Cheers
Andy

So you did Andy, sorry I didn't link you to the earlier post. I will continue playing with the ASA today (as you might have guessed I'm not that up to speed with Cisco) and let you know if I get anything.
FWIW here is the drop out when it was failing at phase 1, i don't have the latest log to hand
Code:
IP = , Error: Unable to remove PeerTblEntry
IP = , Removing peer from peer table failed, no match!
IP = , sending delete/delete with reason message
IP = , IKE SA MM:bccde876 terminating: flags 0x01000002, refcnt 0, tuncnt 0
IP = , IKE MM Responder FSM error history (struct &0xd888df20) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG3, EV_TIMEOUT-->MM_WAIT_MSG3, NullEvent-->MM_SND_MSG2, EV_SND_MSG-->MM_SND_MSG2, EV_START_TMR-->MM_SND_MSG2, EV_RESEND_MSG-->MM_WAIT_MSG3, EV_TIMEOUT-->MM_WAIT_MSG3, NullEvent
IP = , IKE_DECODE RESENDING Message (msgid=1100200) with payloads : HDR + UNKNOWN (218), *** ERROR *** + NONE (0) total length : 128
IP = , IKE_DECODE RESENDING Message (msgid=1100200) with payloads : HDR + UNKNOWN (218), *** ERROR *** + NONE (0) total length : 128
IP = , IKE_DECODE RESENDING Message (msgid=1100200) with payloads : HDR + UNKNOWN (218), *** ERROR *** + NONE (0) total length : 128
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , constructing Fragmentation VID + extended capabilities payload
IP = , constructing NAT-Traversal VID ver 02 payload
IP = , constructing ISAKMP SA payload
IP = , IKE SA Proposal # 1, Transform # 8 acceptable Matches global IKE entry # 3
IP = , processing IKE SA payload
IP = , Received NAT-Traversal ver 02 VID
IP = , processing VID payload
IP = , Received Fragmentation VID
IP = , processing VID payload
IP = , processing VID payload
IP = , Oakley proposal is acceptable
IP = , processing SA payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 544
IP = , Received encrypted packet with no matching SA, dropping
Ignoring msg to mark SA with dsID 151552 dead because SA deleted
IP = , IKE_DECODE SENDING Message (msgid=bbb6340d) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
Group = DefaultRAGroup, IP = , constructing qm hash payload
Group = DefaultRAGroup, IP = , constructing IKE delete payload
Group = DefaultRAGroup, IP = , constructing blank hash payload
Group = DefaultRAGroup, IP = , sending delete/delete with reason message
Group = DefaultRAGroup, IP = , IKE SA MM:78a1831c terminating: flags 0x01000002, refcnt 0, tuncnt 0
Group = DefaultRAGroup, IP = , IKE SA MM:78a1831c rcv'd Terminate: state MM_ACTIVE flags 0x00000042, refcnt 1, tuncnt 0
Group = DefaultRAGroup, IP = , Removing peer from correlator table failed, no match!
Group = DefaultRAGroup, IP = , sending delete/delete with reason message
Group = DefaultRAGroup, IP = , IKE QM Responder FSM error history (struct &0xd876e128) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH
Group = DefaultRAGroup, IP = , QM FSM error (P2 struct &0xd876e128, mess id 0x713438aa)!
IP = , IKE_DECODE SENDING Message (msgid=c1a6b7b3) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 80
Group = DefaultRAGroup, IP = , constructing qm hash payload
Group = DefaultRAGroup, IP = , constructing ipsec notify payload for msg id 713438aa
Group = DefaultRAGroup, IP = , constructing blank hash payload
Group = DefaultRAGroup, IP = , sending notify message
Group = DefaultRAGroup, IP = , All IPSec SA proposals found unacceptable!
Group = DefaultRAGroup, IP = , processing IPSec SA payload
Group = DefaultRAGroup, IP = , IKE Remote Peer configured for crypto map: outside-new_dyn_map
Group = DefaultRAGroup, IP = , Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Group = DefaultRAGroup, IP = , Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Group = DefaultRAGroup, IP = , Static Crypto Map check, map = outside-new_map, seq = 20, ACL does not match proxy IDs src: dst:213.122.163.115
Group = DefaultRAGroup, IP = , Static Crypto Map check, checking map = outside-new_map, seq = 20...
Group = DefaultRAGroup, IP = , QM IsRekeyed old sa not found by addr
Group = DefaultRAGroup, IP = , processing NAT-Original-Address payload
Group = DefaultRAGroup, IP = , L2TP/IPSec session detected.
Group = DefaultRAGroup, IP = , Received local Proxy Host data in ID Payload: Address 213.122.163.115, Protocol 17, Port 1701
Group = DefaultRAGroup, IP = , ID_IPV4_ADDR ID received
Group = DefaultRAGroup, IP = , processing ID payload
Group = DefaultRAGroup, IP = , Received remote Proxy Host FQDN in ID Payload: Host Name: HTC70 Address , Protocol 17, Port 1701
Group = DefaultRAGroup, IP = , ID_FQDN ID received, len 5
Group = DefaultRAGroup, IP = , processing ID payload
Group = DefaultRAGroup, IP = , processing nonce payload
Group = DefaultRAGroup, IP = , processing SA payload
Group = DefaultRAGroup, IP = , processing hash payload
IP = , IKE_DECODE RECEIVED Message (msgid=713438aa) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NAT-OA (131) + NONE (0) total length : 293
IP = , IKE Responder starting QM: msg id = 713438aa
Group = DefaultRAGroup, IP = , Starting P1 rekey timer: 21600 seconds.
IP = , Keep-alives configured on but peer does not support keep-alives (type = None)
IP = , Keep-alive type for this connection: None
Group = DefaultRAGroup, IP = , PHASE 1 COMPLETED
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 96
Group = DefaultRAGroup, IP = , constructing dpd vid payload
Group = DefaultRAGroup, IP = , Computing hash for ISAKMP
Group = DefaultRAGroup, IP = , constructing hash payload
Group = DefaultRAGroup, IP = , constructing ID payload
Group = DefaultRAGroup, IP = , Freeing previously allocated memory for authorization-dn-attributes
IP = , Connection landed on tunnel_group DefaultRAGroup
Group = DefaultRAGroup, IP = , Automatic NAT Detection Status: Remote end IS behind a NAT device This end is NOT behind a NAT device
Group = DefaultRAGroup, IP = , Computing hash for ISAKMP
Group = DefaultRAGroup, IP = , processing hash payload
Group = DefaultRAGroup, IP = , ID_FQDN ID received, len 5
Group = DefaultRAGroup, IP = , processing ID payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NONE (0) total length : 61
Group = DefaultRAGroup, IP = , P1 Retransmit msg dispatched to MM FSM
Group = DefaultRAGroup, IP = , Duplicate Phase 1 packet detected. Retransmitting last packet.
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 296
Group = DefaultRAGroup, IP = , Generating keys for Responder...
IP = , Connection landed on tunnel_group DefaultRAGroup
IP = , computing NAT Discovery hash
IP = , constructing NAT-Discovery payload
IP = , computing NAT Discovery hash
IP = , constructing NAT-Discovery payload
IP = , Send Altiga/Cisco VPN3000/Cisco ASA GW VID
IP = , constructing VID payload
IP = , Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
IP = , Send IOS VID
IP = , constructing xauth V6 VID payload
IP = , constructing Cisco Unity VID payload
IP = , constructing nonce payload
IP = , constructing ke payload
IP = , computing NAT Discovery hash
IP = , processing NAT-Discovery payload
IP = , computing NAT Discovery hash
IP = , processing NAT-Discovery payload
IP = , processing nonce payload
IP = , processing ISA_KE payload
IP = , processing ke payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 224
IP = , IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , P1 Retransmit msg dispatched to MM FSM
IP = , Duplicate Phase 1 packet detected. Retransmitting last packet.
IP = , IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , P1 Retransmit msg dispatched to MM FSM
IP = , Duplicate Phase 1 packet detected. Retransmitting last packet.
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , constructing Fragmentation VID + extended capabilities payload
IP = , constructing NAT-Traversal VID ver 02 payload
IP = , constructing ISAKMP SA payload
IP = , IKE SA Proposal # 1, Transform # 8 acceptable Matches global IKE entry # 3
IP = , processing IKE SA payload
IP = , processing VID payload
IP = , Received NAT-Traversal ver 02 VID
IP = , processing VID payload
IP = , Received Fragmentation VID
IP = , processing VID payload
IP = , processing VID payload
IP = , Oakley proposal is acceptable
IP = , processing SA payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 564
Thank you for your help thus far Andy.
ETA - I removed the timestamp to get within char limit, the oldest (first) message is at the bottom, newest (last) at top

Update - I've decided to go down the cert route as there's a working config from Andy above, however the Cisco ASA exports it's certificates in a format the winmo decive can't import! Any ideas?

jon- said:
Update - I've decided to go down the cert route as there's a working config from Andy above, however the Cisco ASA exports it's certificates in a format the winmo decive can't import! Any ideas?
Click to expand...
Click to collapse
OK, I have just got this working in my lab......
I have got a pretty basic config at the moment. I am using a pre-shared key for the ISAKMP phase I negotiation and local users. I have tested it with a Windows XP client and a couple of minutes ago with WM6.1 on my Kaiser. Both worked first time. I used the ASDM GUI to generate this configuration, I just attempted to match up the old PIX 6.3(5) config with the 7.2(4) code that is running on the new PIX.
Code:
ip local pool ip-pool 10.20.20.1-10.20.20.10 mask 255.255.255.240
!
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map inside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
!
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.10.10.10
vpn-tunnel-protocol l2tp-ipsec
!
username cisco password cisco privilege 0
username cisco attributes
vpn-group-policy DefaultRAGroup
!
tunnel-group DefaultRAGroup general-attributes
address-pool ip-pool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key cisco
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
I will do some more testing and get the authentication passed to an external Radius server as well as using RSA Certificates instead of a PSK.
HTH
Andy

Thanks Andy. Are you using the default policy for the devices? My problem seems to be I cant select a different group/tunnel/policy with winmo6.1 so it falls back to the default one which I can't configure to work with the device.

Yes its the default one (DefaultRAGroup), this is pretty much a vanilla PIX (it's not actually a real PIX its just an emulated one as well....). If you can let me have some of the bits of your config I can maybe test them here?
Andy

Here in lies my problem (i think), I can't use the default policy but can't force my phone to another policy.

Andy,
Been playing with Greenbow VPN client today after giving up on the built in one. No having much luck with that either, it seems to be trying to set up a lan to lan tunnel as well.
Here's the ASA config as requested
Code:
ip local pool Pool1 10.x.x.x-10.x.x.x mask 255.x.x.x
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside-new_dyn_map 20 set pfs
crypto dynamic-map outside-new_dyn_map 20 set transform-set ESP-3DES-SHA TRANS_ESP_3DES_SHA
crypto dynamic-map outside-new_dyn_map 40 set pfs
crypto dynamic-map outside-new_dyn_map 40 set transform-set ESP-3DES-MD5
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 62.x.x.x
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map outside-new_map 20 match address outside-new_cryptomap_20
crypto map outside-new_map 20 set peer 62.x.x.x
crypto map outside-new_map 20 set transform-set ESP-DES-MD5
crypto map outside-new_map 65535 ipsec-isakmp dynamic outside-new_dyn_map
crypto map outside-new_map interface outside-new
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp enable outside-new
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption des
hash md5
group 1
lifetime 86400
group-policy DfltGrpPolicy attributes
banner value hispek.com vpn
vpn-simultaneous-logins 30
vpn-tunnel-protocol IPSec webvpn
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Internal_Nets
default-domain value hispek
nac-settings value DfltGrpPolicy-nac-framework-create
webvpn
svc keepalive none
svc dpd-interval client none
svc dpd-interval gateway none
customization value DfltCustomization
group-policy MobileVPN internal
group-policy MobileVPN attributes
dns-server value 10.x.x.x 10.x.x.x
vpn-tunnel-protocol IPSec l2tp-ipsec
username jjbmobile password * encrypted privilege 15
username jjbmobile attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
service-type admin
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key M0b1132
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group 62.x.x.x type ipsec-l2l
tunnel-group 62.x.x.x ipsec-attributes
pre-shared-key m0squito
tunnel-group MobileVPN type remote-access
tunnel-group MobileVPN general-attributes
address-pool Pool1
default-group-policy MobileVPN
tunnel-group MobileVPN ipsec-attributes
pre-shared-key JonsSillyNewPhone
tunnel-group MobileVPN ppp-attributes
authentication ms-chap-v2
!
class-map global-class
match default-inspection-traffic
class-map inside-class
match access-list inside_mpc
class-map outside-class
match access-list outside_mpc
!

Windows Mobile 6.1 with ASA 5510
ADB100 said:
I pretty much posted all the VPN stuff in my previous post. I could send you the entire config if you wish (with some bits scrubbed obviously). I may have an ASA at the end of next week to play around. I will be installing it at a customer site the following week so I should have enough time to test the VPN stuff out, if you can wait? (I'm a CCIE.....)
Cheers
Andy
Click to expand...
Click to collapse
Hi Andy,
I am a new user to the forum....I am trying to workout Windows Mobile 6.1 connect with ASA 5510 using IPSec, through available VPN client which allows L2TP/IPSec & PPTP.
I have seen your posts and found you got this working without any external VPN client....Would you be able to share that configuration with me???
Thanks,
nil3879

Too bad Bluefire Security went out-of-business because their WinMo VPN client worked really well with Cisco VPN 3000 series concentrator and PIX 500 series firewalls and I'm sure it would work with Cisco ASA as well. Tested using group password and AD authentication.

Related

XDA - Orange - PAYG - GPRS Help Needed

Did anyone get this working?
I have an XDA unlocked and using a PAYG Orange SIM, I have had GPRS switched on by Orange for the sim but still have problems.
I am using these settings:-
Modem type : Cellular Line (GPRS)
Baud rate : 19200
IP Address : Server assigned
Software compression : Off
Header Compression : Off
DNS : Server assigned
ALT DNS : Server assigned
WINS : Server assigned
ALT WINS : Server assigned
AccessPointName (APN): payginternet
Username : none
Password : none
Domain : none
I get a 'Connected' message comes up but no data and attempts to surf to any URL pause for a long long while and then come up as 'page could not be found'.
Any ideas anyone?
Any help much appreciated

WIFI with a "Conceptronic C54APM" Access Point

Is it possible to connect the Trinity to a "Conceptronic C54APM" access point with WEP activated?
I am able to connect it, give the correct password but I can get no communication!!!
Thanks in advance.
edba2000 said:
Is it possible to connect the Trinity to a "Conceptronic C54APM" access point with WEP activated?
I am able to connect it, give the correct password but I can get no communication!!!
Thanks in advance.
Click to expand...
Click to collapse
Try taking off the wep protection on your access point, then get the Trinity connnected. If all is well, then add the wep again. Make sure that you check that the "shared" option is the same on both.
Just in case, access can also be restricted/enabled at the MAC level.
Thanks for the answer.
Even without WEP, I still can't connect
Here is my "Access Point" config:
System
Up time 0day:0h:21m:25s
Hardware Version Rev. A
Firmware Version 1.25
Wireless Configuration
Mode AP
ESSID xxxxxx
Channel Number 5
Security WEP
BSSID 00:xx:xx:xx:xx:xx
Associated Clients 2
LAN Configuration
IP Address 192.168.0.2
Subnet Mask 255.255.255.0
Default Gateway 192.168.0.1
MAC Address 00:xx:xx:xx:xx:xx
Authentication Type : Open System Shared Key [X]Auto
Fragment Threshold : 2346 (256-2346)
RTS Threshold : 2347 (0-2347)
Beacon Interval : 100 (20-1024 ms)
Data Rate : 54M
Transmit Rate :
Preamble Type : [X] Long Preamble Short Preamble
Broadcast ESSID : [X] Enabled Disabled
IAPP : [X] Enabled Disabled
802.11g Protection : Enabled [X] Disabled
Encryption : WEP
Key Length : 128 bit
Key Format : ASCII (13 char)
Default Tx Key : key1
Encryption Key 1 : *************
Encryption Key 2 : *************
Encryption Key 3 : *************
Encryption Key 4 : *************
[ ] Enable 802.1x Authentication
* Management IP
IP Address : 192.168.0.2
Subnet Mask : 255.255.255.0
Gateway Address : 192.168.0.1
DHCP Server : enabled
* DHCP Server
Default Gateway IP : 192.168.0.1
Domain Name Server IP : 192.168.0.1
Start IP : 192.168.0.5
End IP : 192.168.0.10
Domain Name :
Lease Time : forever
When I connect my HTC to the AccessPoint, the IP 192.158.0.5 is assigned to it but I can't ping to 192.168.0.2 (the AP IP)
Some other help would be great!
Thanks
edba2000 said:
Is it possible to connect the Trinity to a "Conceptronic C54APM" access point with WEP activated?
I am able to connect it, give the correct password but I can get no communication!!!
Thanks in advance.
Click to expand...
Click to collapse
You should try and connect your Trinity to another hot spot just to make sure that the Wifi is working properly. If so, you might try resetting your access point by the pin hole on the back, or however your AP resets. Personally, if I'm ever having trouble connecting a device to my network, I turn off all encryption and filtering until I get a connection. The info you gave shows WEP encryption is still on.
Hi Matterhorn,
Thanks for the answer. The info I gave shows WEP activated, but I did the test without WEP too. The result is the same.
The HTC is working properly and I can connect to other APs. I can't understand what's happening!!!
JUST FOUND THE PROBLEM!!!
The power mode must be: "Best Performance"
Thanks to all.

Help On Windows Mobile 6.1 Ip Forwarding

We are testing IP forwarding feature on windows mobile 6.1 platform. The scenario is as following:
169.254.19.49/16 169.254.54.165/16
+--------| a +--------+
| PC1 | ----------- | Mobile |
+--------+ +--------+
\ |
\ c b |
\ |
\ |
\ +---------+
\-------------- | PC2 |
169.254.160.194/16 +---------+
We setup an Wi-Fi ad-hoc network and 3 nodes involved. This is a full mesh network. There is a direct wireless link 'c' between PC1 and PC2 and we expect the IP packets path changed to be PC1--Mobile--PC2.
We enabled IP forwarding on the mobile phone and change PC1 and PC2's routing tables. But it seems IP forwarding does not work properly. We did 'ping 169.254.19.49' from PC2 and we did get the ICMP replies. While the packet sniffer shows that those replies are originated by the middle node (source IP is 169.254.54.165) and no packets are received by 169.254.19.49. How come the mobile phone take the responsibility to answer the ICMP reply for PC1 and it even does not check the reachability to PC1.It seems there is some kind of proxy running on the mobile? Any configuration we are missing?
The modifications to the devices are attached below:
PC1
----------------------------------------------------------------------------------------
IP: 169.254.19.49/16
Routing Table:
Network Destination Netmask Gateway Interface Metric
169.254.0.0 255.255.0.0 169.254.19.49 169.254.19.49 30
169.254.19.49 255.255.255.255 127.0.0.1 127.0.0.1 30
169.254.160.194 255.255.255.255 169.254.54.165 169.254.19.49 30
169.254.255.255 255.255.255.255 169.254.19.49 169.254.19.49 30
Basically, the routing setting implies that 'to 169.254.160.194, the next hop is 169.254.54.165'.
Registry setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect = 0
The purpose is to ignore possible ICMP redirect message from the mobile phone which would change the route entry 169.254.160.194 back to a direct network route.
Mobile:
----------------------------------------------------------------------------------------
IP: 169.254. 54.165/16
Routing Table:
Network Destination Netmask Gateway Interface
Metric
169.254.0.0 255.255.0.0 169.254.160.194 0x3
25
169.254.19.49 255.255.255.255 169.254.54.165 0x3
30
169.254.54.165 255.255.255.255 127.0.0.1 0x3
30
169.254.160.194 255.255.255.255 169.254.54.165 0x3
30
169.254.255.255 255.255.255.255 169.254.2.1 0x30002
30
169.254.255.255 255.255.255.255 169.254.54.165 0x3
30
Registry setting:
HKEY_LOCAL_MACHINE\Comm\Tcpip\Parms\IpEnableRouter = 1
HKEY_LOCAL_MACHINE\Comm\Tcpip\Parms\EnableICMPRedirects = 0
PC2
----------------------------------------------------------------------------
------------
IP: 169.254.160.194/16
Routing Table:
Network Destination Netmask Gateway Interface
Metric
169.254.0.0 255.255.0.0 169.254.160.194 169.254.160.194
25
169.254.19.49 255.255.255.255 169.254.54.165 169.254.160.194
30
169.254.160.194 255.255.255.255 127.0.0.1 127.0.0.1
25
169.254.255.255 255.255.255.255 169.254.2.2 169.254.2.2
30
169.254.255.255 255.255.255.255 169.254.160.194 169.254.160.194
25
Basically, the routing setting implies that 'to 169.254.19.49, the next hop
is 169.254.54.165'.
Registry setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Enable
ICMPRedirect = 0
YOu shouldn't use 169.254 addressing.
169.254.0.0/16 is the "link local" block. It is allocated for communication between hosts on a single link.
Have a quick read on RFC 3330
something else in your network is probably interfering.
use 10.0.0.0/8 or perhaps 192.168.0.0/16 or 172.16.0.0/12 as these are set aside for private networking addresses.
thank you very much
farkah said:
YOu shouldn't use 169.254 addressing.
169.254.0.0/16 is the "link local" block. It is allocated for communication between hosts on a single link.
Have a quick read on RFC 3330
something else in your network is probably interfering.
use 10.0.0.0/8 or perhaps 192.168.0.0/16 or 172.16.0.0/12 as these are set aside for private networking addresses.
Click to expand...
Click to collapse
Thank you Very Much!!!! I have solve this problem!!!!

Cisco VPN Config HOWTO

I have posted this at DARKYROM, i thought it might be useful here too.
Heres a quick "how to" get Cisco IOS VPN working with DARKYROM native vpn client
because of the limitations in android we cannot use group authentication, it does not work.however this how to will show how you to create an L2TP/IPSec tunnel from your Cisco @ work or home to your droid (Preferably darky rom) native client. I.E. settings > wireless & networking> vpn
there is only one prerequisite and that is that you have advandced ip services ios ( required for ipsec)
heres the cisco config additions, please change the stuff in the <CHANGE ME>.
aaa new-model
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization exec default local
!
user <USERNAME> password <PASSWORD>
!
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key <KEY> address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 3600
!
crypto ipsec transform-set ipnetconfig esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map ipnetconfig-map 10
set nat demux
set transform-set ipnetconfig
!
!
crypto map cisco 10 ipsec-isakmp dynamic ipnetconfig-map
!
interface FastEthernet 4 (This is the OUTSIDE interface, this may be different on your router)
ip address dhcp
duplex auto
speed auto
crypto map cisco (This is the line required to your outside interface)
!
interface Virtual-Template1
ip unnumbered FastEthernet 4 (This is the OUTSIDE interface, this may be different on your router)
peer default ip address pool poolipnetconfig
ppp encrypt mppe 40
ppp authentication ms-chap-v2
!
!
ip local pool poolipnetconfig 172.16.0.9 (change this to whatever range your lan is as this is the address that will be assigned to your droid)
!
end
DO NOT Just copy and paste this onto your router. you must edit it first and remove the comments and the brackets.
Please change the ip, username, passwords and keys to make this work.
then basically on your droid goto the vpn settings and create a L2TP/IPSec vpn. input a name a shared key and the ip address or dns name of your router (internet address).
save the config and try to connect, this will ask for the aaa username and password. enter this and then it should connect. wayhey!!!!!!!!!!!!!!!!!
Any chance SSL VPN can work?
hmmmm dunno i have not tried... maybe ill have a go
hvc123 said:
hmmmm dunno i have not tried... maybe ill have a go
Click to expand...
Click to collapse
I found a Cisco Anyconnect client on the market.
https://market.android.com/details?id=com.cisco.anyconnect.vpn.android&feature=search_result
Just need to acquire mobile licenses for the ASA...

[ROM] [7.1.2] [Evervolv 7.1.2] [Unofficial with Wi-Fi fixes] [2021-12-11]

Evervolv 7.1.2 for HP Touchpad (tenderloin)
I have just built it from source, integrated Wi-Fi fixes I made for Amazon Kindle Fire HDX earlier, replaced the Wi-Fi driver with the one from backports-5.9.12-1.tar.gz, and tweaked memory settings. Now it sees more 5 GHz channels, automatically reconnects on connection loss, works properly when AP/router uses the same MAC address for 2.4 GHz and 5 GHz.
Bluetooth works.
The camera more or less works in some applications.
Feel free to test and report bugs.
If you intend to install GApps, I suggest disabling unused "heavy" applications like "Google".
https://androidfilehost.com/?fid=17825722713688247295As an alternative, you can download the same file using BitTorrent: magnet:?xt=urn:btih:602c6039b4790d0474488a0c8e8a4c241dd0632f&dn=ev_tenderloin-7.1.2-userbuild-2021.12.05.zip
Whatsnew:
2021-12-05 Removed "Phone" and "EVUpdater" (waste of RAM), increased per-app
Java heap limits (e. g. NewPipe works now).
2021-11-08 Latest Wi-Fi driver & fixes.
Kernel source:
https://github.com/Evervolv/android_kernel_htc_msm8960.git (branch "evervolv/ng-7.1")
Device tree:
https://github.com/Evervolv/android_device_hp_tenderloin-common.git (branch "evervolv/ng-7.1")
Thanks for your efforts!
I know what I'll be doing on the first cold and rainy day.
void555 said:
'...disabling unused "heavy" applications like "Google" '
Click to expand...
Click to collapse
How does one go about disabling?
First time that I've heard about performing this. (Probably I wasn't paying close enough attention.)
middle_road said:
How does one go about disabling?
First time that I've heard about performing this. (Probably I wasn't paying close enough attention.)
Click to expand...
Click to collapse
You wouldn't believe this - there is a button "Disable" in the details of (almost) every application in "Settings"/"Applications".
Thanks for creating this build. Flashing a clean install onto a 32GB Touchpad now to test.
First observation is there is a long delay with black screen between when the "HP Powered by Android" logo shows and when the Evervolv boot animation begins. The black screen lasts several minutes and there is no indication during that time that the ROM is actually loading.
The boot animation appears eventually though, after which the tablet finishes booting pretty quickly.
@void555
Thx, i give it a try. I'm also plagued with wifi disconnects after some time without reconnect.
I have done alot with my router setup to fix this without luck.
Like fixed channels, different names for 2,4 and 5ghz. Not hidden.
This year i found some good reconnect app. Maybe helpfull for someone.
WiFi Prioritizer – Apps bei Google Play
WiFi Priorisierungs wird wifi Ihres Geräts zu einem bevorzugten Netz schalten
play.google.com
I also use no more gapps.
greeting schwatter
@void555
So almost one week is over. Still strong wifi.
Not a single disconnect.
Thx you
Thanks @void555 for creating another evervolv 7.1.2 version and sharing!
I did flash it and works...
WiFi re-associate ( reconnect ) Fix for Android 7, 8, an 9.
About 6 months ago I started using some Tablets as a Web Server, Nextcloud, FTP site and WebDav Server.
Any open ( un-lock ) Android device will do the job, but the HP Touchpad can be completely modified easily and will not brick. Making it the perfect Server, built in battery backup ( no power interruption, always on ) noise free, low power consumption.
The challenge was how to make the WIFI behave like wire Ethernet connection, it needs to be always ON and reconnect automatically no matter what and low latency. The Tablets were always charging by USB port set up for maximum performance settings.
First step set the Router to 5 GHz (faster, but short rage ) instead of 2.4 GHz (slower, longer range)
Attached are the screenshot of the Router:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Connection speed using Evervolv 7.1.2 and 9
How to make Android WIFI to automatically keep the connection alive even if it gets disconnected or the router reboots.
Take total control of your WIFI: All the commands available.
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
To test, connect Tablet to PC open a terminal and use ADB Shell.
Code:
wpa_cli -p /data/misc/wpa_supplicant
Code:
adb shell
tenderloin:/ # wpa_cli -p /data/misc/wpa_supplicant
wpa_cli v2.6-devel-7.1.2
Copyright (c) 2004-2016, Jouni Malinen <[email protected]> and contributors
This software may be distributed under the terms of the BSD license.
See README for more details.
Using interface 'wlan0'
Interactive mode
>
Now all commands can be enter to override the system settings and control the WIFI driver directly.
List of the most important commands to enter in interactive mode:
Code:
IFNAME=wlan0 scan
disable_network list_networks
IFNAME=wlan0 disable_network 0
IFNAME=wlan0 enable_network 0
IFNAME=wlan0 reconnect
IFNAME=wlan0 add_network 0
IFNAME=wlan0 set_network 0 auth_alg OPEN
IFNAME=wlan0 set_network 0 ssid " "
IFNAME=wlan0 select_network 0
IFNAME=wlan0 enable_network 0
IFNAME=wlan0 reassociate
IFNAME=wlan0 status
IFNAME=wlan0 save_config
Example:
Code:
> IFNAME=wlan0 scan
OK
IFNAME=wlan0 <3>CTRL-EVENT-SCAN-STARTED
IFNAME=wlan0 <3>CTRL-EVENT-SCAN-RESULTS
Command to reassociate to the already connected network every 10 minutes ( or any time interval you want )
Enter entire command after the ADB Shell prompt:
Code:
wpa_cli -p /data/misc/wpa_supplicant -i wlan0 IFNAME=wlan0 reassociate scan_interval 10
The command can be run automatically as a script at boot time to run every 30 minutes as follow:
Code:
watch -n 30 wpa_cli -p /data/misc/wpa_supplicant -i wlan0 IFNAME=wlan0 reassociate scan_interval 10 &
All available commands:
Code:
status [verbose] = get current WPA/EAPOL/EAP status
ifname = get current interface name
ping = pings wpa_supplicant
relog = re-open log-file (allow rolling logs)
note <text> = add a note to wpa_supplicant debug log
mib = get MIB variables (dot1x, dot11)
help [command] = show usage help
interface [ifname] = show interfaces/select interface
level <debug level> = change debug level
license = show full wpa_cli license
quit = exit wpa_cli
set = set variables (shows list of variables when run without arguments)
dump = dump config variables
get <name> = get information
logon = IEEE 802.1X EAPOL state machine logon
logoff = IEEE 802.1X EAPOL state machine logoff
pmksa = show PMKSA cache
pmksa_flush = flush PMKSA cache entries
reassociate = force reassociation
reattach = force reassociation back to the same BSS
preauthenticate <BSSID> = force preauthentication
identity <network id> <identity> = configure identity for an SSID
password <network id> <password> = configure password for an SSID
new_password <network id> <password> = change password for an SSID
pin <network id> <pin> = configure pin for an SSID
otp <network id> <password> = configure one-time-password for an SSID
passphrase <network id> <passphrase> = configure private key passphrase
for an SSID
sim <network id> <pin> = report SIM operation result
bssid <network id> <BSSID> = set preferred BSSID for an SSID
blacklist <BSSID> = add a BSSID to the blacklist
blacklist clear = clear the blacklist
blacklist = display the blacklist
log_level <level> [<timestamp>] = update the log level/timestamp
log_level = display the current log level and log options
list_networks = list configured networks
select_network <network id> = select a network (disable others)
enable_network <network id> = enable a network
disable_network <network id> = disable a network
add_network = add a network
remove_network <network id> = remove a network
set_network <network id> <variable> <value> = set network variables (shows
list of variables when run without arguments)
get_network <network id> <variable> = get network variables
dup_network <src network id> <dst network id> <variable> = duplicate network variables
list_creds = list configured credentials
add_cred = add a credential
remove_cred <cred id> = remove a credential
set_cred <cred id> <variable> <value> = set credential variables
get_cred <cred id> <variable> = get credential variables
save_config = save the current configuration
disconnect = disconnect and wait for reassociate/reconnect command before
connecting
reconnect = like reassociate, but only takes effect if already disconnected
scan = request new BSS scan
scan_results = get latest scan results
abort_scan = request ongoing scan to be aborted
bss <<idx> | <bssid>> = get detailed scan result info
get_capability <eap/pairwise/group/key_mgmt/proto/auth_alg/channels/freq/modes> = get capabilities
reconfigure = force wpa_supplicant to re-read its configuration file
terminate = terminate wpa_supplicant
interface_add <ifname> <confname> <driver> <ctrl_interface> <driver_param>
<bridge_name> <create> <type> = adds new interface, all parameters but
<ifname> are optional. Supported types are station ('sta') and AP ('ap')
interface_remove <ifname> = removes the interface
interface_list = list available interfaces
ap_scan <value> = set ap_scan parameter
scan_interval < 2 > = set scan_interval parameter (in seconds)
bss_expire_age <value> = set BSS expiration age parameter
bss_expire_count <value> = set BSS expiration scan count parameter
bss_flush <value> = set BSS flush age (0 by default)
ft_ds <addr> = request over-the-DS FT with <addr>
wps_pbc [BSSID] = start Wi-Fi Protected Setup: Push Button Configuration
wps_pin <BSSID> [PIN] = start WPS PIN method (returns PIN, if not hardcoded)
wps_check_pin <PIN> = verify PIN checksum
wps_cancel Cancels the pending WPS operation
wps_nfc [BSSID] = start Wi-Fi Protected Setup: NFC
wps_nfc_config_token <WPS|NDEF> = build configuration token
wps_nfc_token <WPS|NDEF> = create password token
wps_nfc_tag_read <hexdump of payload> = report read NFC tag with WPS data
nfc_get_handover_req <NDEF> <WPS> = create NFC handover request
nfc_get_handover_sel <NDEF> <WPS> = create NFC handover select
nfc_report_handover <role> <type> <hexdump of req> <hexdump of sel> = report completed NFC handover
wps_reg <BSSID> <AP PIN> = start WPS Registrar to configure an AP
wps_ap_pin [params..] = enable/disable AP PIN
wps_er_start [IP address] = start Wi-Fi Protected Setup External Registrar
wps_er_stop = stop Wi-Fi Protected Setup External Registrar
wps_er_pin <UUID> <PIN> = add an Enrollee PIN to External Registrar
wps_er_pbc <UUID> = accept an Enrollee PBC using External Registrar
wps_er_learn <UUID> <PIN> = learn AP configuration
wps_er_set_config <UUID> <network id> = set AP configuration for enrolling
wps_er_config <UUID> <PIN> <SSID> <auth> <encr> <key> = configure AP
wps_er_nfc_config_token <WPS/NDEF> <UUID> = build NFC configuration token
ibss_rsn <addr> = request RSN authentication with <addr> in IBSS
sta <addr> = get information about an associated station (AP)
all_sta = get information about all associated stations (AP)
deauthenticate <addr> = deauthenticate a station
disassociate <addr> = disassociate a station
chan_switch <cs_count> <freq> [sec_channel_offset=] [center_freq1=] [center_freq2=] [bandwidth=] [blocktx] [ht|vht] = CSA parameters
suspend = notification of suspend/hibernate
resume = notification of resume/thaw
roam <addr> = roam to the specified BSS
p2p_find [timeout] [type=*] = find P2P Devices for up-to timeout seconds
p2p_stop_find = stop P2P Devices search
p2p_asp_provision <addr> adv_id=<adv_id> conncap=<conncap> [info=<infodata>] = provision with a P2P ASP Device
p2p_asp_provision_resp <addr> adv_id=<adv_id> [role<conncap>] [info=<infodata>] = provision with a P2P ASP Device
p2p_connect <addr> <"pbc"|PIN> [ht40] = connect to a P2P Device
p2p_listen [timeout] = listen for P2P Devices for up-to timeout seconds
p2p_group_remove <ifname> = remove P2P group interface (terminate group if GO)
p2p_group_add [ht40] = add a new P2P group (local end as GO)
p2p_group_member <dev_addr> = Get peer interface address on local GO using peer Device Address
p2p_prov_disc <addr> <method> = request provisioning discovery
p2p_get_passphrase = get the passphrase for a group (GO only)
p2p_serv_disc_req <addr> <TLVs> = schedule service discovery request
p2p_serv_disc_cancel_req <id> = cancel pending service discovery request
p2p_serv_disc_resp <freq> <addr> <dialog token> <TLVs> = service discovery response
p2p_service_update = indicate change in local services
p2p_serv_disc_external <external> = set external processing of service discovery
p2p_service_flush = remove all stored service entries
p2p_service_add <bonjour|upnp|asp> <query|version> <response|service> = add a local service
p2p_service_rep asp <auto> <adv_id> <svc_state> <svc_string> [<svc_info>] = replace local ASP service
p2p_service_del <bonjour|upnp> <query|version> [|service] = remove a local service
p2p_reject <addr> = reject connection attempts from a specific peer
p2p_invite <cmd> [peer=addr] = invite peer
p2p_peers [discovered] = list known (optionally, only fully discovered) P2P peers
p2p_peer <address> = show information about known P2P peer
p2p_set <field> <value> = set a P2P parameter
p2p_flush = flush P2P state
p2p_cancel = cancel P2P group formation
p2p_unauthorize <address> = unauthorize a peer
p2p_presence_req [<duration> <interval>] [<duration> <interval>] = request GO presence
p2p_ext_listen [<period> <interval>] = set extended listen timing
p2p_remove_client <address|iface=address> = remove a peer from all groups
vendor_elem_add <frame id> <hexdump of elem(s)> = add vendor specific IEs to frame(s)
0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), 3: Beacon (GO), 4: PD Req, 5: PD Resp, 6: GO Neg Req, 7: GO Neg Resp, 8: GO Neg Conf, 9: Inv Req, 10: Inv Resp, 11: Assoc Req (P2P), 12: Assoc Resp (P2P)
vendor_elem_get <frame id> = get vendor specific IE(s) to frame(s)
0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), 3: Beacon (GO), 4: PD Req, 5: PD Resp, 6: GO Neg Req, 7: GO Neg Resp, 8: GO Neg Conf, 9: Inv Req, 10: Inv Resp, 11: Assoc Req (P2P), 12: Assoc Resp (P2P)
vendor_elem_remove <frame id> <hexdump of elem(s)> = remove vendor specific IE(s) in frame(s)
0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), 3: Beacon (GO), 4: PD Req, 5: PD Resp, 6: GO Neg Req, 7: GO Neg Resp, 8: GO Neg Conf, 9: Inv Req, 10: Inv Resp, 11: Assoc Req (P2P), 12: Assoc Resp (P2P)
wfd_subelem_set <subelem> [contents] = set Wi-Fi Display subelement
wfd_subelem_get <subelem> = get Wi-Fi Display subelement
fetch_anqp = fetch ANQP information for all APs
stop_fetch_anqp = stop fetch_anqp operation
interworking_select [auto] = perform Interworking network selection
interworking_connect <BSSID> = connect using Interworking credentials
interworking_add_network <BSSID> = connect using Interworking credentials
anqp_get <addr> <info id>[,<info id>]... = request ANQP information
gas_request <addr> <AdvProtoID> [QueryReq] = GAS request
gas_response_get <addr> <dialog token> [start,len] = Fetch last GAS response
hs20_anqp_get <addr> <subtype>[,<subtype>]... = request HS 2.0 ANQP information
nai_home_realm_list <addr> <home realm> = get HS20 nai home realm list
hs20_icon_request <addr> <icon name> = get Hotspot 2.0 OSU icon
fetch_osu = fetch OSU provider information from all APs
cancel_fetch_osu = cancel fetch_osu command
sta_autoconnect <0/1> = disable/enable automatic reconnection
tdls_discover <addr> = request TDLS discovery with <addr>
tdls_setup <addr> = request TDLS setup with <addr>
tdls_teardown <addr> = tear down TDLS with <addr>
tdls_link_status <addr> = TDLS link status with <addr>
wmm_ac_addts <uplink/downlink/bidi> <tsid=0..7> <up=0..7> [nominal_msdu_size=#] [mean_data_rate=#] [min_phy_rate=#] [sba=#] [fixed_nominal_msdu] = add WMM-AC traffic stream
wmm_ac_delts <tsid> = delete WMM-AC traffic stream
wmm_ac_status = show status for Wireless Multi-Media Admission-Control
tdls_chan_switch <addr> <oper class> <freq> [sec_channel_offset=] [center_freq1=] [center_freq2=] [bandwidth=] [ht|vht] = enable channel switching with TDLS peer
tdls_cancel_chan_switch <addr> = disable channel switching with TDLS peer <addr>
signal_poll = get signal parameters
signal_monitor = set signal monitor parameters
pktcnt_poll = get TX/RX packet counters
reauthenticate = trigger IEEE 802.1X/EAPOL reauthentication
wnm_sleep <enter/exit> [interval=#] = enter/exit WNM-Sleep mode
wnm_bss_query <query reason> [list] = Send BSS Transition Management Query
raw <params..> = Sent unprocessed command
flush = flush wpa_supplicant state
driver <command> = driver private commands
radio_work = radio_work <show/add/done>
vendor <vendor id> <command id> [<hex formatted command argument>] = Send vendor command
neighbor_rep_request [ssid=<SSID>] = Trigger request to AP for neighboring AP report (with optional given SSID, default: current SSID)
erp_flush = flush ERP keys
mac_rand_scan <scan|sched|pno|all> enable=<0/1> [addr=mac-address mask=mac-address-mask] = scan MAC randomization
get_pref_freq_list <interface type> = retrieve preferred freq list for the specified interface type
p2p_lo_start <freq> <period> <interval> <count> = start P2P listen offload
p2p_lo_stop = stop P2P listen offload
Uploaded ev_tenderloin-7.1.2-userbuild-2021.12.05.zip (see OP).
Thank you for your great work!
With you our Touchpad is still usable. That's even better when you think of an device like the IPad Mini 1 from 2012 I started to play with which is almost unusable even with jailbreak!
I just found this version and installed it on my touchpad and it works great! Sadly, I use it mostly as an alarm lock more than anything else but it's smooth enough for light browsing if needed. Thanks!
void555 said:
Evervolv 7.1.2 for HP Touchpad (tenderloin)
I have just built it from source, integrated Wi-Fi fixes I made for Amazon Kindle Fire HDX earlier, replaced the Wi-Fi driver with the one from backports-5.9.12-1.tar.gz, and tweaked memory settings. Now it sees more 5 GHz channels, automatically reconnects on connection loss, works properly when AP/router uses the same MAC address for 2.4 GHz and 5 GHz.
Bluetooth works.
The camera more or less works in some applications.
Feel free to test and report bugs.
If you intend to install GApps, I suggest disabling unused "heavy" applications like "Google".
https://androidfilehost.com/?fid=17825722713688247295
Whatsnew:
2021-12-05 Removed "Phone" and "EVUpdater" (waste of RAM), increased per-app
Java heap limits (e. g. NewPipe works now).
2021-11-08 Latest Wi-Fi driver & fixes.
Kernel source:
https://github.com/Evervolv/android_kernel_htc_msm8960.git (branch "evervolv/ng-7.1")
Device tree:
https://github.com/Evervolv/android_device_hp_tenderloin-common.git (branch "evervolv/ng-7.1")
Click to expand...
Click to collapse
Good Day void555
I have two questions, please, recently I owned a hp touchpad, 4.4 kitkat installed, I need to go up for this 7.1 version, do I need to remove the old android or I can wipe it and install this one over. meantime is it same 7.1 four years ago which is on youtube too?
other question how to modify the wifi file inside the system, since you uploaded the kernel staff.
have my regards
zoromask
zoromask said:
Good Day void555
I have two questions, please, recently I owned a hp touchpad, 4.4 kitkat installed, I need to go up for this 7.1 version, do I need to remove the old android or I can wipe it and install this one over. meantime is it same 7.1 four years ago which is on youtube too?
other question how to modify the wifi file inside the system, since you uploaded the kernel staff.
have my regards
zoromask
Click to expand...
Click to collapse
Same here; would like to go from Kit-Kat to 7.1.2 but it's bee a loooong time since I did this.
Molasses said:
Same here; would like to go from Kit-Kat to 7.1.2 but it's bee a loooong time since I did this.
Click to expand...
Click to collapse
Thanks for the reply void555
How about the wifi, do I need to add it inside the touchpad, how to do, please.
My regards
zoromask
zoromask said:
Thanks for the reply void555
How about the wifi, do I need to add it inside the touchpad, how to do, please.
My regards
zoromask
Click to expand...
Click to collapse
I recently re-did the two Touchpads I have left following this guide:
https://forum.xda-developers.com/t/...all-android-roms-with-swap-partition.3901773/
Followed the parts that he has for 'Evervolv 7.1.2 Android Nougat' using the ROM posted here in this thread.
Works great. Tried the Evervolv v9 but got so tired with the constant WiFi instabilities.
Was so happy to find the ROM from this thread released with WiFi fixes. Extremely stable.
Sigster said:
I recently re-did the two Touchpads I have left following this guide:
https://forum.xda-developers.com/t/...all-android-roms-with-swap-partition.3901773/
Followed the parts that he has for 'Evervolv 7.1.2 Android Nougat' using the ROM posted here in this thread.
Works great. Tried the Evervolv v9 but got so tired with the constant WiFi instabilities.
Was so happy to find the ROM from this thread released with WiFi fixes. Extremely stable.
Click to expand...
Click to collapse
Good day void555
Now the thing is, that I flashed it successfully, but the battery is draining fast even though the battery indicator on right top showing full, but suddenly shuts down, you know any explanation for this, I mean what is the reason behind it, please some help if you can.
My regards
zoromask

Categories

Resources