G'day
I am wondering if the implementation of IPSEC in Eclair 2.1 is functional ? I have done some limited testing with RFC compliant IPSEC peers (Cisco and Checkpoint) and find the VPN fails - i ran wireshark on the line and see the IKE negotiation failing. (tested Samsung Galaxy S, 2.1 native).
Mind you, I had Iphone 4 as a control, and it is able to successfully negotiate to both - I didn't want to say this is valid test because Iphone comes with Cisco-labelled VPN client, so it is likely going to work with the same vendor, however I tried a few others, such as HotSpotShield, etc - Android 2.1 fails, the Iphone IPSEC implementation appears to succeed.
Wondering if anyone else has observed this behavior and whether any fix is anticipated in 2.2 or subsequent?
cheers
-k
Related
Hi,
is there any solution for getting LEAP working on Wizard. It seems that I-mate AKU 2 ROM has software for it since I can start LEAP program and add new entries, but it's not working - I can't connect to my corporate WLAN.
Is there any solution for this problem. Will this be at least in some new ROM, etc?
I'm in the same boat.
I've done countless searches and hours of investigation. Some have reported success, but I have contacted them and done exactly as they did and still no joy.
My network administrator claims that we are not using any restrictive protocols and/or options on our network and is also puzzled as to why it will not connect. It does attempt to connect to the AP, but authorization fails everytime.
I have official given up. If anyone can provide insight I believe that many would be indebited.
Perhaps you and the admin should take a look at the logs and figure out where it's stopping exactly? I haven't had the need to use LEAP yet so I can't really comment but a little sniffing around will probably tell you what's going on.
My main question is: Is LEAP working at all on Wizard? My previous device was iPAQ 4150 and it was working perfect using LEAP in my corporate WLAN - so I don't think that the problem is in some restrictions.
With the new AKU2 ROM came an add on for LEAP - the software is there, but is Wizard actually using entries that I enter there? It seems that it doesn't.
Well I have some encouraging news for you ...
My last PDA was also the 4150, and I could not get that working on our corporate WLAN either ... therefore ... you may have better luck than I.
Best of luck ... if you get it working, could PM me please.
Thanks, Greg
it's amazing why enterprises are still using the LEAP when its proprietary to cisco when many non proprietary types of EAP are easily available and better support..
PEAP for one is totallly free, offers similar if not stronger authentication and works with most recent windows operating systems
I have gotten it to work. The last version of Funk Odyssey works. You can download a trial from Juniper's website.
Hey, I have been looking forward to the 2.1 update for our Heros because I thought it was going to finally give us simple VPN access... *to Cisco concentrators*. Unfortunately, it only gives us IPSec/L2TP PSK or CRT... whereas I need a pure IPSec client that supports Group Authentication in order to connect to my corporate VPN.
So, I, and I am sure many others, need to revert back to the Get-A-Robot-VPNC client to connect to our corporate networks, but apparently do not have a correct tun.ko module. Trying to insmod a tun.ko module, I get "invalid format" or "failed executable" - So, can someone provide a tun.ko that we can use, or explain how to get one installed in these new 2.1 ROMs?
I am currently using the ZenHero 2.1 ROM
Thanks! Once I get VPN access again, the Hero will really be something pretty damn awesome again.
Or, does anyone know of any VPN clients coming down the pipe for Android? or any other projects in development?
I heard Shew Soft was coming out with a mobile variant... not sure if it'll be on Android though..
I have no use for it or way to try it, but I did find vpn connections in the market when searching for something else and remembered this thread. It said on the comments though to go to the site for the latest version. http://code.google.com/p/get-a-robot-vpnc/
actually, a search for vpn in the market turned up a few options. Take a look, I don't know exactly what you need.
I have been trying multiple ways. I even tried the tun.ko. I have not been successful but I would like to hear if anyone is successful.
danaff37 said:
actually, a search for vpn in the market turned up a few options. Take a look, I don't know exactly what you need.
Click to expand...
Click to collapse
Unfortunately, none support, what I think to be the most popular VPN type, from a corporate stand-point: pure IPSec that supports Group Authentication. Most in the market are just for VPNC.
Thanks for your post though.
Yes the android app is lacking.
I have a Cisco concentrator working with MY phone. I just dumped all Group based auth. We wanted a device that would work with 99.999% of devices on the market and our little Asa-5505 does the trick.
You should be able to configure policies on the cisco to handle either clients, that is really your or your admins choice.
Otherwise the stock android vpn client MY only complaint is it will NOT let me vpn over mobile network.. only wifi. Kinda pointless if I have wifi I would use my laptop to vpn to work. WTF?
Sprint is the problem
kkruse said:
Yes the android app is lacking.
I have a Cisco concentrator working with MY phone. I just dumped all Group based auth. We wanted a device that would work with 99.999% of devices on the market and our little Asa-5505 does the trick.
You should be able to configure policies on the cisco to handle either clients, that is really your or your admins choice.
Otherwise the stock android vpn client MY only complaint is it will NOT let me vpn over mobile network.. only wifi. Kinda pointless if I have wifi I would use my laptop to vpn to work. WTF?
Click to expand...
Click to collapse
I realize this post has been sitting here for a while, but I thought this might help some others who may run into similar issues. At my work, we have all Cisco equipment and have a Cisco ASA configured with PSK mobile VPN. We are having basically no luck getting in using Sprint-connected devices (Sprint EVO 4G) on anything but Wifi. I CAN, however, connect just fine on my Samsung Captivate over AT&T 3G signal using the same built-in android VPN client. We've gone the rounds with the Sprint Engineers on this and they have nothing they can pinpoint that is causing this outage. I would really like for either Cisco or Sprint to come up with a good explanation as it shouldn't matter if you're on Wifi or 3G, it should work either way. The point is that it works on AT&T for us, but not Sprint, as far as 3G/4G data connection is concerned.
I am trying to use PPTP VPN with MPPE encryption enabled to connect to a network with a WRT54GL running dd-wrt-vpn running the vpn server. I know I have the server setup right, and I have added scripts to the server pptpd options file to require encryption "MPPE required" and disable compression "nodeflate". Using a rooted EVO 4G with stock 2.2 Froyo, I am able to connect successfully over 3G or 4G, however traffic only works for about 20 seconds, after that, no web pages will load, no ping, nothing, but the vpn stays connected and never disconnects. I know this has been an issue with Android since 1.6, and you can see the post on code.google, issue 4067, it's been there since november 2009, and has still not been fixed. I'm not asking a question about "what's causing the issue", so please don't tell me to use search just yet , what is strange to me is that if I use my Samsung Galaxy Tab 10.1 running Android 3.1 to tether to my Evo with wireless tether, then I can use the PPTP VPN client in 3.1, and it connects and creates a stable pptp tunnel, and I was able to have stable traffic for hours without anything going wrong (except for the Evo battery temp reaching 100F after some time ). They had reported on that issue 4067 that even the later versions of android don't have a working pptp and ppp0 client, so that's obviously not correct.
Anyway, I read a post here (in the Samsung Epic 4G forum) by member "drunix" from september of last year that said he was going to try to recompile the client with MPPE encryption enabled (assuming that is the issue in 2.2) if no one else has done it yet or tried to fix this yet. I don't think it's just the encryption that is the issue, because even with encryption disabled both on the server and client, traffic dies again after about 20 seconds.
So judging from what that member wrote, even though SO many android phone owners have complained so far about the pptp vpn client not working properly in Android versions 1.x and 2.x, no one has so far successfully fixed this issue yet, no one has even acknowledged or attempted to look at this issue yet so far other than that one member, not even the OS manufacturer. I have a hard time believing that the independent developers here and everywhere else make all these custom roms and kernels and other very impressive things from scratch, but no one has even touched this issue when functional pptp and ppp0 already exists almost on all other computer OS's and other platforms, and iPhone, WinMo and linux ALL have functional clients. All apple users say that they can successfully use the phone to connect to a pptp vpn. I guess this must not be important enough to catch the attention of any devs not only from google, but not even here. Is there any way some of the very knowledgable devs here, who can so easily root any new android version that comes out, take a look at this to see if they can fix it so android can be fully functional in all its included features like apple? I think this is the only major issue where android does not function as well as iOS, otherwise it is ahead of the iphone in every other aspect, so why not try to fix this for those who have the knowledge and fix things that are way more complicated than this?
Thanks
Are you referring specifically to 2.2 versions? If so I cannot answer since I am running 2.3.4 modified stock sense 3.0
Also I have successfully used at least three of the available VPN clients to support a IP/Sec connection to both secured servers and routers (mostly routers) with no drops, lock ups or related.
For me, the VPN clients work and have worked but maybe you are referring to something specifically different.
Hope that helps
Hey, I was hoping I could get some help with this. I must be doing something wrong because I've spent a ridiculous amount of time on this project and have nothing to show for it.
I want to run a mobile hotspot on my phone, but not nearly enough to justify paying Verizon an extra $30/month for tethering. I'd only use it a few times a month and wouldn't push a lot of data thru, plus I'm paying them for an "unlimited" data plan - I won't get into that, you know where I'm coming from. I know they probably won't do anything about it since I'm using it so little, but I want to add an extra layer of security via an SSH tunnel or a VPN. I'm sure they just have to run a very basic report on their system to catch somebody who's tethering, and who knows when some manager will tell them to run it on every user vs just the high bandwidth ones? They could force me onto a more expensive plan, disable my account, throttle my connection, or just block any port an Android phone doesn't normally use, and they could do all that automatically pretty easily. If all my tethering data is encrypted they'd have to do some actual work to prove I'm tethering and probably won't think it's worth their time.
I installed OpenSSH on my home PC, forwarded some ports, and put the SSHTunnel app on my phone and it works great. It seamlessly moves all traffic over my SSH tunnel, except for the mobile hotspot. Which was kind of the point of the whole exercise! I looked all over the place but could not find a way to resolve this.
Next I looked at setting up a VPN so I loaded TomatoVPN on my router. The default VPN (OpenVPN) option for that firmware is IPSec with a CA certificate, so I went about setting that up. Apparently the default Android VPN client doesn't work well with IPSec because I can't get it to work - it keeps prompting me for a username and password, but it won't accept my router's admin credentials. None of the tutorials mention that prompt and I can't get around it. I messed around with an IPSec PSK VPN but couldn't get Android to connect to that either.
I looked into PPTP a bit but they say it's not supported by Linksys or OpenWRT, and from my experience Tomato doesn't appear to work with it either. I was going to put a PPTP server on my PC but saw somewhere that many routers can't forward PPTP requests from a WAN into the LAN.
So I went back to the IPSec approach, figuring the problem is with the Android client. I tried putting OpenVPN on my phone, but got stuck where I have to register a tun.ko file using the terminal. I don't even know if I found the right tun.ko. Then I realized I was trying to install an app to configure an app that installs another app and maybe I wasn't going about this the right way.
Does anybody have any advice? How should I approach this?
Here's what I'm using
Phone: Rooted HTC Thunderbolt
Carrier: Verizon
Ugh, looks like Verizon is 1 step ahead of me:
jbenisek.wordpress.com/2010/10/05/android-2-1-and-2-2-vpn-pptp-over-verizon/
Well, that sucks.
One thing I've been enjoying greatly (and use VERY frequently) is the Cisco IPSec client that has been standard in iOS.
Since getting my iPhone in 2009, I've been able to connect to my work systems and get a lot of stuff done that would have otherwise required a trip to my desk.
I haven't seen any Cisco IPSec support in the native AOSP or CyanogenMod builds. Is this even possible with Android?
With more and more Android devices comes out (and I have three now), it would be nice to have more options other than always going to iOS.
I saw Cisco AnyConnect in the Market. That (unfortunately) requires Root, something that may not always be possible. There was nothing for Cisco IPSec connectivity.
I had a friend tell me that it is an issue with the linux kernel that is being used not the rom. Doubtful that cisco ipsec vpn will be available on android anytime soon.
Currently it has been done for Samsung devices: https://market.android.com/details?id=com.cisco.anyconnect.vpn.android
And 4.0 is supposed to introduce a new VPN API, meaning that once ICS is ported to this device, you should have what you're looking for.
you can try the cisco anyconnect for rooted phones- for whatever reason it works on my rooted epic 4g but refuses to connect on my nook color. The other option which works is vpnconnections