Related
For anyone interested in playing with it, I have built the ppp_mppe.ko module that is missing to make the PPTP with encryption work. My initial testing shows that it connects and passes traffic. Unfortunately, after a few minutes it stops passing traffic but remains connected. I need to investigate the logs...
To try it, open a terminal, cd to the folder where you stored it, su (YOU NEED ROOT), "insmod ppp_mppe.ko", and then go try an encrypted VPN PPTP connection. Mine failed the first time, and then worked on subsequent connections.
e081820061574b1ab1188294e62e1cff ppp_mppe.ko
I'm curious to see if anyone here cares about this and how it works for you.
Shayne
I'm really interested in make my VPN work. I'm using CM7 on Galaxy Tab. I don't think your module was made for my kernel.
Is this ever going to be fixed? I'm able to connect to my PPTP VPN provider, and it requires encryption. I can ping out for a while... but as soon as I open the browser or other app the actually uses the net the pings stop and connection stops transmitting, although still connected. So frustrating...
Yeah, the module isn't going to work on other devices.
I get the same result as you when I do a PPTP connection. Actually when I posted this I hadn't dug deep enough to find that this was a long standing problem, and I just figured that getting the module loaded in would fix it.
Seems like this module should be where the bug is, but I haven't had time to look at it more closely. Apparently there aren't enough people that care about this feature.
Looks like this problem is related to the MTU. I can send/rcv 1380 byte pings, but anything bigger causes the connection to quit working. I'm thinking that rebuilding pppd with a lower MTU might be interesting, but I need to get set up to do that. pppd does not pay attention to config files, and mtpd, akaik, doesn't pass an mtu/mru arg to it.
velocityfactor said:
Looks like this problem is related to the MTU. I can send/rcv 1380 byte pings, but anything bigger causes the connection to quit working. I'm thinking that rebuilding pppd with a lower MTU might be interesting, but I need to get set up to do that. pppd does not pay attention to config files, and mtpd, akaik, doesn't pass an mtu/mru arg to it.
Click to expand...
Click to collapse
I have come across this blog with some mtpd command line examples, see if it helps on manually connecting with custom MTUs.
I also tried a couple suggestions of changing MTU on the eth0 to 1480 and 1380 before and after connecting to the VPN, without any success. Also tried different MTUs on ppp0 after connection also with no success.
I just wanted to say that even though this stuff is far too above my head for me to contribute, thanks for working on this!
Now I can keep daydreaming about turning my phone into a PPTP server...
I understand that this thread hasn't been active for a while, however, I do want to say thanks for this! With the provided module, I was finally able to connect to our VPN server using PPTP with encryption. In fact, I was able to do so as well over 4G. I read through several threads on various sites regarding the commonality of this issue and possible firewall NAT restrictions on Verizon's behalf. It seems it was just a module needed that fixed all this.
On a side note, I haven't had the connection dropped so far. I'm about 1000 ping sequence in and connectivity is still up and running. Not sure if this is an effective means of validation it.
If it helps others looking into this issue as well, note, that I've tried virtually all available kernels as of date to this posting. Nothing worked. This module was the only thing that granted access to our VPN server.
Update: Spoke to soon. After attempting to log into a server, data was no longer able to pass through.
I'm glad to hear it has helped you. It didn't turn out to help me.
To test it further, I suggest you pass some real traffic over it. Regular ping traffic doesn't cause the loss of connection that I'm familiar with. If it continues to work, count yourself lucky, and you might want to convince your favorite kernel builder (imnuts, maybe) to include that module.
I spent some time looking into the dropped connection issue and was not successful at finding a solution. What I think I learned is that when the pptp server handles a packet larger than the mru and fragments the packet, the first fragment decrypts ok, but the second fragment decrypts to junk. It's supposed to be stateless encryption, but all subsequent packets silently fail to decrypt. Thus, all traffic stops moving and the link eventually times out.
This problem only seems to affect the reception of packets. The outgoing traffic seems to be unaffected.
The PPP and MPPE code in the froyo kernel is unchanged from that in the mainstream Linux kernel. My Ubuntu desktop can do PPTP with MPPE no problem. So why can't froyo?
This was absorbing too much of my time, so I finally gave in and set up L2TP.
velocityfactor said:
The PPP and MPPE code in the froyo kernel is unchanged from that in the mainstream Linux kernel. My Ubuntu desktop can do PPTP with MPPE no problem. So why can't froyo?
Click to expand...
Click to collapse
I'm not entirely sure if froyo's at fault as I was able to confirm with a few of my colleagues that they were able to VPN with PPTP just fine on their non-charge device that's on froyo. Additionally, I even tried the GB leak but ended up with the same results.
velocityfactor said:
This was absorbing too much of my time, so I finally gave in and set up L2TP.
Click to expand...
Click to collapse
Thanks for taking a stab at this though. It does seem that there isn't a big call for this feature within the community; a huge bummer for those that does need it.
Problem details
I have this problem with my HTC Inspire 4G and I've been researching it a lot.
The error reported on PPTP server side suggests that Android PPTP client tries to negotiate unsupported protocol:
pppd: Protocol-Reject for unsupported protocol 0xxx
but it is a misleading message since initially the protocol is negotiated correctly and the connection is established. Only after several dozens of frames are transmitted the error appears and it repeats with different value of unsupported protocol in the message.
Since then the PPTP tunnel is out of sync and Android client sends effectively random octets from the MPPE encryption module.
I will include links here to Web pages with details FYI if you are interested in more details about it.
http://www.securitykiss.com/resources/articles/android_vpn_bug/index.php
http://code.google.com/p/android/issues/detail?id=10901
http://code.google.com/p/android/issues/detail?id=4706
velocityfactor said:
This was absorbing too much of my time, so I finally gave in and set up L2TP.
Click to expand...
Click to collapse
Interesting that PPTP failed you, but L2TP worked. I had the opposite experience. A stock unrooted Android 2.2.2 connected to a debian pptpd just fine, mostly with default settings. (although I didn't go as far as to route traffic, just confirmed that there's an encrypted connection)
But it's ipsec that doesn't work for me. Would you please post the L2TP server configuration that works for you?
I'll post the PPTP server settings if anyone is interested.
The PPTP doesn't fail until you send traffic. Specifically, it works ok until you send a large packet that get fragmented. Then it seems the encryption becomes out of sync and things go downhill from there.
My L2TP is running on Windows Server just using default settings, so nothing to post really.
This thread should probably be closed since it doesn't really relate to the Charge specifically and the fix isn't "getting close" afaik.
Shayne
At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.
Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise
Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.
xdadevnube said:
At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.
Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise
Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.
Click to expand...
Click to collapse
I think samsung screwed it up more than the OS.
xdadevnube said:
At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.
Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise
Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.
Click to expand...
Click to collapse
Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.
Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.
Haadkoe said:
Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.
Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.
Click to expand...
Click to collapse
I dunno, but I just got it working on ICS 4.03 CleanROM Kang Tapped Edition for the HTC Rezound.
MPPE enabled.
It passes traffic, can browse the web, copy files from a network share. Connectivity does not get lost.
It does use the remote gateway.
I didn't check on if it was possible to set a local gateway.
Anyways, I've been waiting for this damned feature for quite some time.
If all you want to do is access your PC's files, I suggest PocketCloud Explore.
It is pretty tight.
Haadkoe said:
Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.
Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.
Click to expand...
Click to collapse
there is a specific way to force Encryption on the PPTP server on ddwrt
More info.
http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration
Okay, for anybody interested, I did get successful VPN with encryption working on the Droid Charge with an app called VPNRoot:
https://play.google.com/store/apps/details?id=com.did.vpnroot&hl=en
Plus, this allows one to have no pin or pattern unlock, no lock screen at all actually.
It worked for me on both the Droid Charge with Tweakstock 2.0 and the HTC Rezound with an ICS ROM.
I paid for the pro version of the VPNRoot app by donating to the dev. Now I finally have the feature I wanted over a year ago when I got my Charge.
ICS works with VPN, but you have to have a pin or pattern lockscreen on your phone. If you disable the lockscreen with NoLock or via a tweak, you still have to enter your pin or pattern every time you click a notification....
VPNRoot does exactly what I want. For some reason at first I had trouble with it, but the latest version seemed to fix all the issues.
I haven't done thorough testing on speed yet, but hopefully will soon.
xdadevnube said:
Okay, for anybody interested, I did get successful VPN with encryption working on the Droid Charge with an app called VPNRoot:
https://play.google.com/store/apps/details?id=com.did.vpnroot&hl=en
Plus, this allows one to have no pin or pattern unlock, no lock screen at all actually.
It worked for me on both the Droid Charge with Tweakstock 2.0 and the HTC Rezound with an ICS ROM.
I paid for the pro version of the VPNRoot app by donating to the dev. Now I finally have the feature I wanted over a year ago when I got my Charge.
ICS works with VPN, but you have to have a pin or pattern lockscreen on your phone. If you disable the lockscreen with NoLock or via a tweak, you still have to enter your pin or pattern every time you click a notification....
VPNRoot does exactly what I want. For some reason at first I had trouble with it, but the latest version seemed to fix all the issues.
I haven't done thorough testing on speed yet, but hopefully will soon.
Click to expand...
Click to collapse
VPNRoot works great, thanks! I have the same issue on my Hyundai T7 with android 4.0.4, times out connecting to my VPN, but this app solves that problem.
I'm using vpn root on a s4 with stock ics firmware.
it can connect but times out all the time.
I can do google searches fine but trying to load any Web page just hangs.
have a pptp vpn on dd-wrt.
is there any settings I need to change?
Is anyone having problem connecting to vpn with transformer? My iphone can connect on the same wifi network, so it may not be the firewall or port forward issue. Any clue? Getting error -server hungup.
golam1 said:
Is anyone having problem connecting to vpn with transformer? My iphone can connect on the same wifi network, so it may not be the firewall or port forward issue. Any clue? Getting error -server hungup.
Click to expand...
Click to collapse
I have several PPTP connections setup and working on my Transformer. In order for people here to help, you'll probably need to provide more details:
What type of VPN connection is giving you trouble? PPTP, L2TP, IPSEC?
What type of firewall or device are you trying to connect to? SonicWall, Watchguard, pfSense, etc
What is the verbatim error message you are getting? is it really just "server hungup"?
Can you provide any log files from the VPN server that you are trying to connect to that shows where the failure is?
I've tried both on PPTP and L2TP. The exact wording of the error message is 'Server hung up. The username and password you entered could be incorrect'. The same configuration works on my iphone and 2 other computers on the same wifi network.
Unfortunately, without being able to see log files from the device you are trying to connect to I could only make a wild guess as to what is happening.
The problem I find most frequently with PPTP connections is comming up with a combination of authentication and encryption protocols that are supported on both the client and host.
The only thing I could suggest would be to try changing some of the encryption options at both ends of the connection and see what happens.
Android dosen't support MSCHAP on PPTP, said in a different way, dosen't support encryption. Also it's a very recent issue, it's been there only since 1.6
Get encryption disabled on the server and everything will be alright. Lol.
(sarcasm: VPN support has been added in 1.6)
Sent from my GT-P1000 using Tapatalk
i already tried disabling encryption...didn't work. How do I get the log? Sorry if I sound novice.
golam1 said:
i already tried disabling encryption...didn't work. How do I get the log? Sorry if I sound novice.
Click to expand...
Click to collapse
Disabled on Android or on the server? On Android only it's pointless
Sent from my GT-P1000 using Tapatalk
I use VPN L2PT every day @ starbucks
No Issues
Sent from my Transformer TF101 using xda premium
I use pptp vpn for iphone connectivity it is good and fast
"server hungup" means you have a bad username/password combo
is there a way to clear just the network settings like iphone in Honeycomb without loosing the data?
Ok, maybe it is not related to ics. After installing ics, I lost my vnp connection for the office (maybe because I was not using any lock screen before) I have re-entered my vpn, but now I always get a "timeout" when I try to connect Do any of you who are using vpn's connection also have this issues, or maybe I have something wrong in my vpn settings ?
Anyone with stock firmware ics can confirm vpn is still working ?
Working fine for me, might be your specific vpn?
Sent from my Transformer TF101 using xda premium
Ok thanks. I'll make sure with the technicien here that everything is ok on their side
I had the same problem...the vpn connection settings were erased after ics update.
I created the connection one more time but didn't worked. I deleted that connection also and created another one...with the same details and worked.
Can confirm this issue also. After creating a new connection vpn works like a charm.
L2TP/IPSec PSK vpn is broken for me after upgrade to ICS. Seems to be a known problem with ICS. My colleague's Transformer Prime with ICS also not working with same type of VPN. It was working great with Honeycomb 3.2.1 before upgrade on both devices. I use the tablet for work extensively so this kind of sucks. Everything else is great.
Have a B90 TF101 so can't easily downgrade!
So is it an accurate assessment that L2 VPNs still do not work on ICS, such as solutions from Cisco and Juniper? We had to setup a special L2TP/IPSec PSK for just Android devices, whereas iDevices work just fine with industry standard SSL VPNs. Amazing that Google can't get on board with this. Wondering too if the Exchange cert issues still persist with the default mail client.
Yes. We setup L2TP/IPSec with PSK on a SonicWall firewall that works for both the iDevices and our Android devices. All android devices that upgraded to ICS stopped working. Will try to connect but will timeout trying to establish connection. I can't confirm all other L2TP VPN types but PSK is definitely not functioning.
We've never had any issues with Exchange push on the devices.
I can confirm it.
Today we have tested furthermore.
Everything is ok on the server side and on the client side.
Looking at the firewall, we can see the tf101 establishing a connection, but nothing about phase 2, it's like the server is giving the acknowledge about the PSK, but the TF101 can't hear or is not listening to it.. eventually it goes out with a timeout.
Everything was ok before ics.
where should i post this message, is it enough to be listed here or should a send a support mail to asus ? or google ?
by the way I've tried deleting and recreating, but still not working.
I formatted before and after ics. I would suggest a format first.
Sent from my GT-I9100 using xda premium
is there a solusion for not using a secure lock while using vpn on ics?
Sent from my HTC Sensation Z710e using xda premium
I've done a factory reset too, still the same problem
Alternative Solution
Hello,
This isnt a fix by any means but have you had a look at 2X Application XG Server, it is a little like citrix but a hell of a lot cheaper.
The client is awesome and works perfectly for windows, android and iOS.
It is free if you have a low count of concurrent users, I believe it is 5 concurrent users for free, anyway the link is below;
cant post links guys sorry it is 2x with www and .com in between...
If you need a hand with deployment drop me an email at [email protected] and we can sort something out, not doing the big sell here guys just something we use as a company when we decided to move our customers away from VPN's.
Anyway hope someone finds it useful.
cheers.
Don't know if this will help but i use vpnc widget and 2x client. My system is all cisco, and the only way i could get to it before was with an ipad, which i have since given away for obvious reasons. I have been on revolver for some time now, and just upgraded to 4, with no issues whatsoever - if anything it is more stable!
Works for me, too, but I sure would like to know if anyone has figured out how to disable the screen-lock when credential storage is enabled, as I am using mine for an individual OpenVPN and PPTP vpn and it is just plain irritating.
i've sent technical inquiries to Asus with no response. Very disappointing. I guess they are fixing other issues that have a more broad base of users before they take on things like VPN. I believe this is a general ICS issue as a quick search on Google shows varies reports across different manufacturers who have released ICS and the L2TP VPNs are broken. Several bug reports have been reported to Google. Great way for Google to alienate business users.
Do a Google search with these terms and you see all the references to this problem
"L2TP IPSEC PSK android ics"
I was wondering if anyone out there was using an IPSec Xauth PSK type connection? This is what we have at work. I set up the connection on my TF101, I put in all the correct info, and when I clicked connect it connected; however, there was no data sent or received. I disconnect and try reconnecting, but the connection times out. Before the ICS update I didn't even have this connection option so its a step in the right direction, the only problem is that nothing happens when I connect. Is anyone else having the same problem? Is this a known issue? Thanks in advance for any help you can offer.
x_kain_x said:
I was wondering if anyone out there was using an IPSec Xauth PSK type connection? This is what we have at work. I set up the connection on my TF101, I put in all the correct info, and when I clicked connect it connected; however, there was no data sent or received. I disconnect and try reconnecting, but the connection times out. Before the ICS update I didn't even have this connection option so its a step in the right direction, the only problem is that nothing happens when I connect. Is anyone else having the same problem? Is this a known issue? Thanks in advance for any help you can offer.
Click to expand...
Click to collapse
Works great here. I use the vpnc widget and x2 client as well works a treat since ics update.
vettejock99 said:
Works for me, too, but I sure would like to know if anyone has figured out how to disable the screen-lock when credential storage is enabled, as I am using mine for an individual OpenVPN and PPTP vpn and it is just plain irritating.
Click to expand...
Click to collapse
Grrr... indeed. But I've foud a free app on Market: VpnROOT - PPTP - Manager
karlr30 said:
I've done a factory reset too, still the same problem
Click to expand...
Click to collapse
+1
Edit: Hummm... for me I've found a temporary solution by using another app found on Market: "VpnROOT - PPTP - Manager".
My VPN use PPTP with MPPE encryption so, this one works fine for me.
It seems to have vanished in ICS. How do you connect to a you password protected home router? With gingerbread, I would use the wps button connection to connect automatically but I see no such configuration in wifi settings in ics.
Usually when I connect to a password protected router, I enter the password.......,
Sent from my Transformer TF101 using xda premium
pyro254750 said:
Usually when I connect to a password protected router, I enter the password.......,
Sent from my Transformer TF101 using xda premium
Click to expand...
Click to collapse
You have never used wps or other easy wireless configuration? I had it on my phone with gingerbread but lost it with ics.
Most people prefer a more secure wifi access method.
It seems most people here have difficulty identifying the question asked by the OP.
The OP is referring to Wifi Protected Setup. Yes i think it was removed.
While it certainly made wifi security easy, it is my suggestion not to use WPS as out was cracked back around December.
Sent from my Transformer TF101 using xda premium
klau1 said:
It seems most people here have difficulty identifying the question asked by the OP.
Click to expand...
Click to collapse
No it was answered in the first reply. At least the way he worded his question.
My reply was pointing out the same fact as the other poster. The fact that WPS is completely unsecured since Dec. So most people don't even try to use it hence why its not talked/cared about much.
savagepagan said:
How do you connect to a you password protected home router?
Click to expand...
Click to collapse
You should setup your wireless networking gear (home router and all wifi devices) to use WPA2-PSK and a strong passphrase. When everything else is in place, you can input the same passphrase on the wifi setup dialog that shows up when you select your home network in the TF101 WiFi preferences screen.
savagepagan said:
I would use the wps button connection to connect automatically
Click to expand...
Click to collapse
As stated by other posters, WPS is utterly insecure and it should never ever be relied upon for proper WiFi security.
That said, I don't recall WPS ever being supported on the TF101 even under Honeycomb (I could be mistaken, though, since my WiFi network equipment doesn't support it).
I happened to be goofing off with my WiFi the other day and I saw that when you go to Settings -> WiFi -> Advanced (in the top right corner) there is in fact an option to use WPS on the tablet with ICS. Find your router name, tap on it, then a little check box with show advanced options. Select WPS and choose button. Then hit the button on the router. Worked for me just fine.
Here's a screenshot: (For whatever reason, I can't upload an image...)
https://www.dropbox.com/s/6fm4lb4q7fjbcnq/Screenshot_2012-05-13-03-02-49.jpg
Sent from my SOS X EVO 4G
Grow a sense of humor guys, I was making a funny.
On a more serious note, I don't use wps. I use wpa2 and mac filtering.
TF101 Megatron 1.0.4 Guevor test 17c
zedorda said:
No it was answered in the first reply. At least the way he worded his question.
My reply was pointing out the same fact as the other poster. The fact that WPS is completely unsecured since Dec. So most people don't even try to use it hence why its not talked/cared about much.
Click to expand...
Click to collapse
May I ask why WPS is so insecure? My router has a WPA2 protected SSID, but I used wps to setup my wireless printer. It seems to only be" insecure" when it's enabled and looking for a device, which is timed to be on for no more than 2 minutes. I don't think vultures are waiting for those two minutes to connect to your router. Or is there another danger?
Sent from my HP Touchpad running ICS
this is like kindergarten chit-chat. totaly lame thread.
WPS is NOT a replacement of WPA it's not a security feature at all!
if you have WPS on ON ROUTER you still need to choose open/wep/wpa/wpa2
as the name could suggest, S stands for Setup and that's what it is. WPS will connect you without need to search for the network in the list of available networks, or even knowing the network name and if there is password, it will fill it in for you. it's an easy setup where you don't need to know password or the name of the wifi network you are connecting to.
another thing. you can't talk about vulnerability in reference to the wifi client - phone. it's the router which is vulnerable. If your car has weak remote central locking, throwing away your remote key transmitter will not make it much safer.
saying ICS doesn't have WPS because it's hackable is wrong. if a coffee place desides to use WPS their net is hackable, it's their concern. I still want to be able to use it as this safety issue doesn't affect me as a wifi client.
and thought ICS has this complicated way to get to the WPS, it's missing the point of WPS as you need to know which wifi you are connecting to, and click many times to get to the option. not easy setup at all. and the indicator of WPS availability is missing too. If I came to a coffee place and saw the icon I told them to keep their password and push the button instead. now I don't know if they have WPS.
So there is still an issue.
But maybe the ICS phone is listening for WPS all the time I didn't test this.
EP: your question is in place.
if it's your network, make sure you update router to latest firmware, as this vulnerability has been already addressed in most of the routers. Or keep it OFF until they'll make update to it.
it is NOT only those two minutes after you push the WPS button, but it's hackable all the time.
WPS can be used different ways, you can enter pin of client to be allowed in into router, or pin of router into client, or just push the button and no pin at all.
so the pin works all the time, that would still be fine, but a certain template was found in those pins, which brought the possible number of choices low enough to use brutal force attack to get the correct pin. that's the safety issue. nothing to do with the phone.
Sony xperia Z3 Dual D6633, Lollipop 5.0.2
Hi there,
I am trying to use the always on VPN feature without luck.
I already learned that you have to configure a PKI based VPN, otherwise the always on option won´t be available.
I configured my PKI properly and created a new VPN profile on the Z3. I am using L2TP/IPsec RSA, with the server IP address DNS servers properly configured. Imported the certificates (CA, user and server) and everything is working. I can manually connect and navigate. Traffic goes through the VPN, as supposed.
Things get weird when I choose the always on option. It asks me which profile to use and it tries to connect... but it doesn´t work. According to my server logs, it keeps trying but it times out in the middle of the negotiation.
Do you guys have any idea of what is going on? Does any1 successfully configured the always on option? Any suggestions?
Thanks in advance.