Would it be possible with the transformer? I need to set gateway, group name, group password, user name and userpassword. I don't see the group fields in the vpn configuration.
I would rather not root.
Yes, I really want know too if anybody knows about Cisco VPN. I heard somewhere Cisco built the client for Android but I have not found it anywhere.
The only client that I know working is VPN Connections (my friend has it working in his Evo phone), but it requires root access, so I have not tried it yet in my transformer.
Nothing available as of yet, I've spent hours searching.
Samsung had announced they were including this on the 10.1, however I posted the question in that forum, and it was not included in the initial release.
More on this topic at http://code.google.com/p/android/issues/detail?id=3902&cnum=500&cstart=1233#makechanges
I got this working last night !
I am running Prime 1.4 which includes the tun.ko kernel module which is needed. Then install this app: http://code.google.com/p/get-a-robot-vpnc/
The app is designed for phones, looks absolutely terrible on a tablet, and is unusable in portrait mode. BUT with all that said, I created a profile, entered the vpn address, group name, group password, username and left the user password blank (token auth for me). I set it up to load tun.ko automatically. long press the profile and select "Connect", got prompted for my password, entered it and bam! I'm vpn'd into my work cisco vpn.
Good luck.
That is super news that you got it working! The project is open source, so making it tablet friendly will surely happen. But installing a kernel module means having root.
ppirate said:
That is super news that you got it working! The project is open source, so making it tablet friendly will surely happen. But installing a kernel module means having root.
Click to expand...
Click to collapse
Indeed it does. I'm actually surprised/disappointed tun.ko is not a standard on all devices. I'd also like to see cifs.ko standard, but there are far fewer people tht wold find that useful I think.
If I understand correctly, the only thing asus would have to do is add tun.ko to the modules. Then everything can be done in userland.
One other link I found was the following:
https://www.nixuopen.org/blog/2011/5/android-and-cisco-ipsec-vpn/
This nicely integrates the cisco vpn support into android. This would be the perfect solution.
Starting with Cisco ASA version 8.4(1) Cisco is supporting Android remote clients using Android native VPN client (only L2TP/IPsec is supported at this point)
http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html
I hope Google will include a full featured VPN client (group support, etc.), and Cisco will provide clientless VPN support for Android devices.
lqaddict said:
Starting with Cisco ASA version 8.4(1) Cisco is supporting Android remote clients using Android native VPN client (only L2TP/IPsec is supported at this point)
http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html
Click to expand...
Click to collapse
Aha, this might be useful for me. One of the vpn addresses at my uni starts with asa1vpn.* . Thus in my case it might work, I'll probably better send the IT department the above link, they will help me further.
Though I still hope native cisco vpn gets supported in android.
Cisco is supposed to release the anyconnect ssl vpn client for android....but knowing how cisco works ot may be a while. Its supposed to be on their cius tablet.
Sent from my DROIDX using XDA App
timekillerj said:
I got this working last night !
I am running Prime 1.4 which includes the tun.ko kernel module which is needed. Then install this app: http://code.google.com/p/get-a-robot-vpnc/
The app is designed for phones, looks absolutely terrible on a tablet, and is unusable in portrait mode. BUT with all that said, I created a profile, entered the vpn address, group name, group password, username and left the user password blank (token auth for me). I set it up to load tun.ko automatically. long press the profile and select "Connect", got prompted for my password, entered it and bam! I'm vpn'd into my work cisco vpn.
Good luck.
Click to expand...
Click to collapse
How did you setup tun.ko to auto load? I've got get-a-robot-vnc working on my HTC Supersonic running CM7 out of the box. However, on TF104 running Prime 1.4 when I try to connect, I get an immediate "Failed to Connect" error. I'm guessing the tun.ko module is not loaded.
Looking online, I searched for the tun.ko module via "find -iname tun.ko" and found it at "/system/lib/modules/tun.ko"
To load it I did "inmod /system/lib/modules/tun.ko" and got a # prompt which I think is expected (I'm linux dumb).
I went back to VPN Connections and got the same error.
Looking at the LogCat, VPN_Connections is saying that tun doesn't exist
Edit in:
ok I think I had a typo in my command up there, should be ins[/]mod. When I run that command, I get "insmod: init_module '/system/lib/modules/tun.ko' failed (File exists)
jefbal99 said:
How did you setup tun.ko to auto load? I've got get-a-robot-vnc working on my HTC Supersonic running CM7 out of the box. However, on TF104 running Prime 1.4 when I try to connect, I get an immediate "Failed to Connect" error. I'm guessing the tun.ko module is not loaded.
Looking online, I searched for the tun.ko module via "find -iname tun.ko" and found it at "/system/lib/modules/tun.ko"
To load it I did "inmod /system/lib/modules/tun.ko" and got a # prompt which I think is expected (I'm linux dumb).
I went back to VPN Connections and got the same error.
Looking at the LogCat, VPN_Connections is saying that tun doesn't exist
Edit in:
ok I think I had a typo in my command up there, should be ins[/]mod. When I run that command, I get "insmod: init_module '/system/lib/modules/tun.ko' failed (File exists)
Click to expand...
Click to collapse
I had this problem as well. Doing a full wipe including cache and dalvik then reflashing prime 1.4 cleared that up for me.
Here is where I am at now. I can connect to the VPN, checking the netcfg from the shell or terminal emulator shows that my tunnel interface is up and has an IP address but when I attempt to use the connection either by web browser or ping from within the shell the tunnel interface drops out.
Checking the last connection log I can see the MOTD banner pop up and show I am connected then I see the following;
Device "wlan0
wlan0" does not exist
RTNETLINK answers: No such device
cp: can;' stat '/etc/resolv.conf' : No such file or directory
process stderr Device "wlan 0
wlan0" does not exist
RTNETLINK answers: No such device
cp: can;' stat '/etc/resolv.conf' : No such file or directory
Connection string detected
velocd said:
I had this problem as well. Doing a full wipe including cache and dalvik then reflashing prime 1.4 cleared that up for me.
Here is where I am at now. I can connect to the VPN, checking the netcfg from the shell or terminal emulator shows that my tunnel interface is up and has an IP address but when I attempt to use the connection either by web browser or ping from within the shell the tunnel interface drops out.
Checking the last connection log I can see the MOTD banner pop up and show I am connected then I see the following;
Device "wlan0
wlan0" does not exist
RTNETLINK answers: No such device
cp: can;' stat '/etc/resolv.conf' : No such file or directory
process stderr Device "wlan 0
wlan0" does not exist
RTNETLINK answers: No such device
cp: can;' stat '/etc/resolv.conf' : No such file or directory
Connection string detected
Click to expand...
Click to collapse
Fixed this issue by applying this fix in the link below.
http://bugs.gentoo.org/show_bug.cgi?id=331445
I also placed a set-x command at the beginning of the VPNC-script file to get a better debug in the lastconnection.log
Now I am seeing the following error;
+ fix_ip_get_output
+ sed s/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit [0-9]\+//g
+ /system/bin/ip route add
RTNETLINK answers: No such device
I can still connection and in the log I can see the router tables build but I am having issues getting the data to pass through the tunnel. The tun0 interface drops as soon as I attempt to pass date through it.
Anyone have any ideas?
tun.ko / VPN Connections does NOT work on Prime 1.4.
Even if it looks like it is working it does not pass traffic through the tunnel.
M-A-A said:
tun.ko / VPN Connections does NOT work on Prime 1.4.
Even if it looks like it is working it does not pass traffic through the tunnel.
Click to expand...
Click to collapse
Yup, my problems were related to a lack of SuperUser providing root access to the VPN Connections software. I got the updated binary and it says it connects, but disconnects within minutes.
Must be a bug in either HoneyComb or the Prime 1.4 ROM. I have VPN Connections fully functioning on my HTC Supersonic running CM7
I checked out the project from the SVN, changed the target to Android 3.1 and rebuilt it.
Now, the UI is a lot better.
The thing that happens to me (it happened before), is that the apps stays on trying to disconnect. I checked on the ASA (the device that manages the connection), and it's not there... So dunno. I just kill the app...
I've attached the program below. Its license is GPLv3 so there shouldn't be a problem.
sh337 said:
I checked out the project from the SVN, changed the target to Android 3.1 and rebuilt it.
Now, the UI is a lot better.
The thing that happens to me (it happened before), is that the apps stays on trying to disconnect. I checked on the ASA (the device that manages the connection), and it's not there... So dunno. I just kill the app...
I've attached the program below. Its license is GPLv3 so there shouldn't be a problem.
Click to expand...
Click to collapse
This definitely looks a lot better! We just need to get the backend stuff working now
M-A-A said:
This definitely looks a lot better! We just need to get the backend stuff working now
Click to expand...
Click to collapse
What do you mean? It is working for me...
sh337 said:
What do you mean? It is working for me...
Click to expand...
Click to collapse
When I connect to my corp network, no packets flow. As soon as I try to access anything, the VPN session drops.
sh337 said:
What do you mean? It is working for me...
Click to expand...
Click to collapse
You have it passing traffic through the tunnel?
Related
Hello All,
I have gotten infrastructure mode working on my EVO. I compiled support for the SIOCSIWPRIV AP_PROFILE_SET system call into iwconfig and lo and behold:
After unloading and reloading the _ap.bin firmware using insmod while wifi-tether is running I issue the following command:
Command: # ./ultraiwconfig eth0 mode master
Response in kernel log:
Code:
<4>[19452.040679] penguin, get AP_PROFILE_SET
<4>[19452.041076] wl_iw: set ap profile:
<4>[19452.041442] ssid = AndrewsAndroidAP
<4>[19452.042144] security = wpa-psk
<4>[19452.042510] key = 1234567890
<4>[19452.042877] channel = 0
<4>[19452.043243] max scb = 2
<4>[19454.110931] Set auto channel = 1
<4>[19454.112182] wl_iw_setap: do passhash...
<4>[19454.210723] [00]: aa2f2f2c
<4>[19454.210845] [01]: f4081ab1
<4>[19454.211059] [02]: ccc1d613
<4>[19454.211181] [03]: 887fd525
<4>[19454.211273] [04]: b51d0c01
<4>[19454.211395] [05]: 781b89b1
<4>[19454.211608] [06]: b5de9c57
<4>[19454.211730] [07]: 2f8812e2
<4>[19454.211853] wl_iw_setap: passphase = 2c2f2faab11a08f413d6c1cc25d57f88010c1db5b1891b78579cdeb5e212882f
<4>[19454.222106] ap setup done
<4>[19454.224487] send AP_UP
And proceed to assign IP information and bring the interface up.
The interface then appears on my Windows 7 laptop in infrastructure mode fully supporting wpa.
I will be working with Harald in the coming days to integrate this functionality into android-wifi-tether!
That is the shiz. Exellent work and I am sure it will be appreciated!
that's awesome. wow. nexus support?
iammuze said:
that's awesome. wow. nexus support?
Click to expand...
Click to collapse
Very likely, can you give me a quick summary of the state of nexus hotspotability? How does the native froyo app work on it?
NICE! this would be the first phone to do this right. Good option, dont really like the computer to computer mode. Thanks
Can't believe I don't know this but this would make wifi-tether look like a real WAP instead of ad-hoc?
spurnout said:
Can't believe I don't know this but this would make wifi-tether look like a real WAP instead of ad-hoc?
Click to expand...
Click to collapse
Yea this sums it up right
spurnout said:
Can't believe I don't know this but this would make wifi-tether look like a real WAP instead of ad-hoc?
Click to expand...
Click to collapse
yes
[10char]
Great news! Thanks for your hard work!
great contribution
andrew500 said:
I compiled support for the SIOCSIWPRIV AP_PROFILE_SET system call into iwconfig
Click to expand...
Click to collapse
So, if you compiled in support for it, than how did it work before? Wouldn't the Sprint Hotspot app have to use the same system calls?
I guess I would not put it past them to write a custom one that does some account checks before hand to make sure people are paying for the service...
blakejohnson86 said:
So, if you compiled in support for it, than how did it work before? Wouldn't the Sprint Hotspot app have to use the same system calls?
I guess I would not put it past them to write a custom one that does some account checks before hand to make sure people are paying for the service...
Click to expand...
Click to collapse
They did not use iwconfig to setup their hotspot! I'm actually curious as to how they did do it. From what I can deduce they've created something in android.net.hotspot and just do java-based calls to that class. com.htc.WifiRouter is the name of the task that manages it.
I come from the world of linux so I'm just starting to see how the Android API fits into the picture, but I'm going to assume that's how they can make the system-calls needed to pull this off.
I'm using the same system calls, just I compiled them (because they are undocumented!) into iwconfig.
I'm going to guess this is how they manage to ensure you pay your bill, and will with FroYo, they hook into the interface that lets the applications make the system calls and as a result they are the gatekeeper.
Sprint changes your apn information btw, when you use their app, to ensure you pay for it. You're basically authenticating under a different 3g username.
andrew500 said:
I have gotten infrastructure mode working on my EVO. I compiled support for the SIOCSIWPRIV AP_PROFILE_SET system call into iwconfig and lo and behold:
After unloading and reloading the _ap.bin firmware using insmod while wifi-tether is running I issue the following command:
Command: # ./ultraiwconfig eth0 mode master
Click to expand...
Click to collapse
would it be possible you could post the binary for your custom configurated iwconfig?
it'd be great for the advanced users (hence the dev section) to get access to your amazing work.
thanks for this discovery and hard work to bring it about!
to clarify steps, start wifi tether, unload, reload _ap.bin firmware with insmod, start iwconfig wtih ./ultraiwconfig eth0 mode master, assign ip information and bring up the interface.
did i catch everything? thanks again!
Omfg I have been waiting on this for ever thank you
This was the only thing that made me want the hotbot app now I can tether my June and download music from the market place anywhere and regress my drm
-------------------------------------
Sent via the XDA Tapatalk App
Awesome work. I was wondering when you were going to get this working I knew that ad-hoc wasn't not good enough from your perspective.
Thanks for the great work!!
Right on! Looking forward to this being integrated into Harold's Wireless Tether!
would it be easy/possible to change the security to WPA2-AES?
joeykrim said:
would it be possible you could post the binary for your custom configurated iwconfig?
it'd be great for the advanced users (hence the dev section) to get access to your amazing work.
thanks for this discovery and hard work to bring it about!
to clarify steps, start wifi tether, unload, reload _ap.bin firmware with insmod, start iwconfig wtih ./ultraiwconfig eth0 mode master, assign ip information and bring up the interface.
did i catch everything? thanks again!
Click to expand...
Click to collapse
Here you go dude, it's rough.
I will not answer questions on this binary. It's a hack for sure. Here are my notes on it:
Turn off WiFi (not necessary, just being consistant)
Start WiFi Tether and start tethering
Issue the following commands:
rmmod bcm4329
insmod /system/lib/modules/bcm4329.ko firmware_path=/etc/firmware/fw_bcm4329_ap.bin
./ultraiwconfig eth0 mode master
ifconfig eth0 192.168.2.254 netmask 255.255.255.0
ifconfig eth0 up
You should have a fully functional wifi hotspot! I understand some of those commands are redundant but I haven't worked on them yet. The ultraiwconfig utility will be cleaned up in the final version, right now it does not take any parameters. Your AP will be called AndrewsAndroidAP and the wpa pass is 0123456789.
andrew500 said:
Here you go dude, it's rough.
I will not answer questions on this binary. It's a hack for sure. Here are my notes on it:
Turn off WiFi (not necessary, just being consistant)
Start WiFi Tether and start tethering
Issue the following commands:
rmmod bcm4329
insmod /system/lib/modules/bcm4329.ko firmware_path=/etc/firmware/fw_bcm4329_ap.bin
./ultraiwconfig eth0 mode master
ifconfig eth0 192.168.2.254 netmask 255.255.255.0
ifconfig eth0 up
You should have a fully functional wifi hotspot! I understand some of those commands are redundant but I haven't worked on them yet. The ultraiwconfig utility will be cleaned up in the final version, right now it does not take any parameters. Your AP will be called AndrewsAndroidAP and the wpa pass is 0123456789.
Click to expand...
Click to collapse
been following your posts on the progress, so it all makes sense. just was missing the actual binary you tweaked. thanks, it looks good!
getting a permission denied error on
./ultraiwconfig eth0 mode master
i guess it doesn't work on unrevoked rooted phones
Hi,
I need the captivate to be able to connect to a adhoc wifi network created using my laptop. However, android doesn't seem to be supporting it, just access point networks. Has anyone tried this, any success?
Searching revealed one thread where a guy modified some code on an htc phone, and got it to work, but seemed a little dated. Not sure if that would work with the android 2.1 and the Samsung phone.
Help appreciated.
The Captivate can connect to ad-hoc networks, but not through the native GUI interface. I tested mine via adb shell issuing some iwconfig commands via script to connect to a MyWi router on a friend's iPad. It's buggy, to say the least..
agentdr8 said:
The Captivate can connect to ad-hoc networks, but not through the native GUI interface. I tested mine via adb shell issuing some iwconfig commands via script to connect to a MyWi router on a friend's iPad. It's buggy, to say the least..
Click to expand...
Click to collapse
agentdr8,
Thanks for the reply.
Care to share details on the commands you ran? Or are you saying it's not worth it because it's so buggy?
thanks
To avoid a hard lockup, start with the wifi turned off. I tested it numerous times with it already on, and it resulted in a battery pull.
You'll need busybox 1.7x (maybe 1.8x will work too?). You'll also need a working iwconfig binary (I symlinked mine from the WifiTether app dir: /data/ext2data/data/android.tether/bin to /system/xbin)
With an adb shell, try something like this:
$ su
# /system/xbin/ifconfig eth0 up
# /system/xbin/iwconfig eth0 mode ad-hoc
# /system/xbin/iwconfig eth0 essid YourEssidHere
# /system/xbin/iwconfig eth0 key WEPkeyhere
Now with wifi turned off, these commands will all error since the interface is down/off (eth0 is the wifi, at least on my Cap). Turn your wifi on and rerun the same commands, followed by:
# netcfg eth0 dhcp
This may or may not error out, but ultimately, you should see a dhcp address for eth0 as handed out by your dhcp server/mywi device.
You may need to also manually add the ad-hoc network in the GUI with its key. I can't remember if I needed that or not, but with it I can see the connection status and when it's grabbing the IP. Even shows connected and signal strength once it does connect (assuming it doesn't lockup).
agent can you help me pls. Im a newbie still.
Do i run all those commands in windows when my phone is connected or do i run it through something like terminal emulator an app on the phone??
You can either use adb shell on your Windows machine (part of the Android SDK), or you can use a terminal on the device itself (ConnectBot is my preferred). Your phone needs to be rooted if it isn't already.
Okay, I'll try out the connectbot. Can you tell me how to do this part then if it's needed??
"You'll also need a working iwconfig binary (I symlinked mine from the WifiTether app dir: /data/ext2data/data/android.tether/bin to /system/xbin)"
how do you do this symlinked part?? I don't really understand it.
I tried ur commands without doing the symlinked part....everything just returned a "not found" message.
Maybe you could give me a dumbed down step by step way of doing this hahahaha??? Im rooted and i have busybox 1.7x, just missing the working iwconfig because im not really sure what it is.
If you're not too familiar with linux commands, it would be best to wait for someone to build a widget/GUI app around this, as poking around in a root shell on your phone is never a good idea if you're not aware of the potential consequences of blindly running commands.
It's possible that with the Froyo update adhoc connections may just work as intended, not that I've read anything that suggests that.
The portal had a write up on how to connect an android device to an adhoc network a couple days ago.
Sent from my AOSP on XDANDROID MSM using XDA App
boborone said:
The portal had a write up on how to connect an android device to an adhoc network a couple days ago.
Sent from my AOSP on XDANDROID MSM using XDA App
Click to expand...
Click to collapse
Okay, i'll go look for it though a link would help.
Maybe i'll just wait until something like Cyanogens ROM comes, i hear it usually comes with ad-hoc connectivity.
Try this: http://www.xda-developers.com/android/android-ad-hoc-wireless-network-support/
Sent from my HTC Dream using XDA App
only problem is it's compiled for froyo and i think geared towards the Desire according to the replies.
I feel like it might mess up my captivate
Well if you're computer is windows7 you can use a program called conectify.
It makes win7's adhoc networks work as real hotspots
Sent from my HTC Dream using XDA App
Wanted to enable ad-hoc so I could tether the captivate to my iPhone
Yes I woild also know on a workaround , would love to tether my unlimited data from my iphone to my captivate
pewpewbangbang said:
Wanted to enable ad-hoc so I could tether the captivate to my iPhone
Click to expand...
Click to collapse
Why would you do that? Do you prefer safari over android browser or something?
Sent from my Nexus One using XDA App
cowballz69 said:
Yes I woild also know on a workaround , would love to tether my unlimited data from my iphone to my captivate
Click to expand...
Click to collapse
Then You need to jailbreak your iphone and get a tethering app
boborone said:
Then You need to jailbreak your iphone and get a tethering app
Click to expand...
Click to collapse
Issue isn't on iPhone-end, nor wpa-supplicant end (as the wpa-supplicant binary included in the android wireless tether app has this ability).
The problem is the GUI end of things (i.e., settings.apk) ALSO filters the results.
So it goes beyond simpy modifying the wpa-applicant (yes; this is sufficient for the basic-functionality), but is very crude & diffcult to do on the go from the tiny terminal emulator, etc.
What I've personally been looking for, is an update that modifies the neceasary files, and enables this extewmely useful function.
Something similar to the update package posted for the froyo-build, but instead for the ECLAIR-2.1 build of the captivate.
If anyone knows of anything availible like I'm describing (a GUI-centered mod that will remove ALL the STUPID damn (pardon language lol) IBSS filtration form the settings.apk, wpa-supplicant, wireless configuration files, etc for the ECLAIR-2.1 build of the Captivate so that it JUST WORKS lol -- this way we can SEE and CONNECT via our native GUI .
I've gotten this to work through running command line / configuration file hacks, but it's very messy/annoying AND to make things MORE annoying, once you've put it into Ad-hoc mode and have it all setup very nicely, guess what? The settings.apk application (which is needed to load the device into kernel), will actually COMPLETELY UNDO all the tedious command line efforts you've just made, and takes the wifi chip out of Ad-hoc mode every x amount of minutes! ARGH!! LOL!
Anyway, I've gone through the source code and patch diff's myself and it really doesn't seem very involved. I actually was planning on compiling the necessary modded binary (making a nice update.zip for all the frustrated captivate owners like myself lol), but I simply haven't had the time to setup the build environment for it at the moment (have several other build environments I'm juggling as it is with work).
Anyway, I apologize for the rant lol -- I just wanted to clarify exactly what is needed and point out it really wouldn't be much work (and would be VERY much appreciated!!!!) if someone with the skill, time, and a build environment for the galaxy s (captivate, speifically lol , could post an eclair mod for us -- you would receive AN ENORMOUS amount of praise & thanks lol .
OR -- if someone who has a little time, could simply modify the android wireless-tether-app to have one extra feature, 'connect to ad-hoc network' lol . This would also be ideal, as it already fully supports the initialization & loading of the captivate wireless driver properly, and can fully manage the interface & connections while running in the background (independent of settings.apk). PLUS -- it even already has full ad-hoc support built into it's own pre-packaged wpa-supplicant. Basically, all the hard work has already been done with the wireless-tether-app, just need a few extra functions to handle scanning for networks and connecting to them (relatively simple, considering they've already done ALL the hard work..lol)..
Okay, my rant is officially done! Lol! I just hope this helps those who have the capability to help, give a clear picture of all that's required. It's late, so some of this stuff may have already been mentioned and I missed it! Shoot, maybe someone just finished doing exactly what I just went on & on about? Lol.
In any case, if anyone is willing to help out -- or already knows of a solution already out there I've missed -- PLEASE let me' know! This functionality would truly help a great deal in my day to day work with my captivate! Thanks in advance!!!
holy need a bump batman!
i would really like this too!
I found this post last night, but I couldn't get it to work: http://forum.xda-developers.com/showpost.php?p=16632147&postcount=7758
Would one of the Dev's be willing to tackle getting VPN PPTP with encryption (mppe 128 or 256) working on the G-Tab? Right now it is either not working or working as unsecured PPTP (depending on the ROM). If anyone knows of a ROM where this is functional please let me know.
What little I have found on the history of VPN in android indicates that the last version with encrypted PPTP was version 1.6. Google was having problems keeping a connection to the VPN server.
Reference: http://code.google.com/p/android/issues/detail?id=4706
For myself and my coworkers this has become an important need. If we can't get the feature we may be forced to get iPads (*cringe*). I for one am willing to make donations to Dev(s) who can add this. Some ROMs have the option but seem to be lacking the module (unconfirmed) to handle encryption through the included PPPD.
It is possible this may come back in Android 3.0 since it is geared toward tablets but I haven't been able to find any information either way.
Thank you for your time.
Newanzer said:
Would one of the Dev's be willing to tackle getting VPN PPTP with encryption (mppe 128 or 256) working on the G-Tab? Right now it is either not working or working as unsecured PPTP (depending on the ROM). If anyone knows of a ROM where this is functional please let me know.
What little I have found on the history of VPN in android indicates that the last version with encrypted PPTP was version 1.6. Google was having problems keeping a connection to the VPN server.
Reference: http://code.google.com/p/android/issues/detail?id=4706
For myself and my coworkers this has become an important need. If we can't get the feature we may be forced to get iPads (*cringe*). I for one am willing to make donations to Dev(s) who can add this. Some ROMs have the option but seem to be lacking the module (unconfirmed) to handle encryption through the included PPPD.
It is possible this may come back in Android 3.0 since it is geared toward tablets but I haven't been able to find any information either way.
Thank you for your time.
Click to expand...
Click to collapse
Did you try one of clemsyn's latest kernels - they have the tun support. Also on market place there is an OpenVPN app that attempts to install an openvpn binary - that same dev also has an OpenVPN settings app that you can use to create your tunnel. Perhaps that will work for you.
prscott1 said:
Did you try one of clemsyn's latest kernels - they have the tun support. Also on market place there is an OpenVPN app that attempts to install an openvpn binary - that same dev also has an OpenVPN settings app that you can use to create your tunnel. Perhaps that will work for you.
Click to expand...
Click to collapse
I can currently get a VPN connection, but the server refuses it because it isn't encrypted - even with the encryption option on. I'll try clemsyn's kernel. I noticed he posted one specific to the ZTab ROM recently.
Newanzer said:
I can currently get a VPN connection, but the server refuses it because it isn't encrypted - even with the encryption option on. I'll try clemsyn's kernel. I noticed he posted one specific to the ZTab ROM recently.
Click to expand...
Click to collapse
PLEASE keep us updated. This is also essential to my job and I want to use android! GTab in particular.
jmdearras said:
PLEASE keep us updated. This is also essential to my job and I want to use android! GTab in particular.
Click to expand...
Click to collapse
No luck. Tried the new kernel and still get the same error. G-Tab shows connection lost. Server log shows same error (port 47 blocked or unable to negotiate encryption). Since our laptops all work I'm going to assume port 47 isn't blocked on our network. Maybe not enabled on G-Tab?
Which ROM are you using?
EDIT: nevermind - I see zpad rom. Did you try the vegan rom or tnt rom?
I am setting up a server with two cards and windows server 8 and an accesible ip just as test lab for this. If any dev wants access pm me.
Sent from my DROIDX using XDA App
Newanzer said:
Would one of the Dev's be willing to tackle getting VPN PPTP with encryption (mppe 128 or 256) working on the G-Tab? Right now it is either not working or working as unsecured PPTP (depending on the ROM). If anyone knows of a ROM where this is functional please let me know.
What little I have found on the history of VPN in android indicates that the last version with encrypted PPTP was version 1.6. Google was having problems keeping a connection to the VPN server.
Reference: http://code.google.com/p/android/issues/detail?id=4706
For myself and my coworkers this has become an important need. If we can't get the feature we may be forced to get iPads (*cringe*). I for one am willing to make donations to Dev(s) who can add this. Some ROMs have the option but seem to be lacking the module (unconfirmed) to handle encryption through the included PPPD.
It is possible this may come back in Android 3.0 since it is geared toward tablets but I haven't been able to find any information either way.
Thank you for your time.
Click to expand...
Click to collapse
Try this, I enabled everything re: PPP in this kernel including PPTP and also enable MPPE (Microsoft PPP Encryption). I hope this helps. BTW, this MPPE is experimental in the kernel but I hope it works for you.
clemsyn said:
Try this, I enabled everything re: PPP in this kernel including PPTP and also enable MPPE (Microsoft PPP Encryption). I hope this helps. BTW, this MPPE is experimental in the kernel but I hope it works for you.
Click to expand...
Click to collapse
Brillant! I have a connection! From home even. Many Thanks! (but I can only hit the button once...)
I'll keep an eye on it and see how long the connection lasts. That seemed to be the bug that killed Google's interest in this. With luck it wont show because someone tweaked over it.
I'll spread the word. Thanks again!!
Update: Unfortunately the data traffic stops within a minute. The connection stays up and reports a server connection just no data passes. This is the same issue as Google has in it's bug report. I"ll look at the server logs in the morning to see if anything is reported, but it is at least a step in the right direction.
BTW: The GUI seems a bit faster. Were there any other tweaks in that kernel?
Newanzer said:
Brillant! I have a connection! From home even. Many Thanks! (but I can only hit the button once...)
I'll keep an eye on it and see how long the connection lasts. That seemed to be the bug that killed Google's interest in this. With luck it wont show because someone tweaked over it.
I'll spread the word. Thanks again!!
Update: Unfortunately the data traffic stops within a minute. The connection stays up and reports a server connection just no data passes. This is the same issue as Google has in it's bug report. I"ll look at the server logs in the morning to see if anything is reported, but it is at least a step in the right direction.
BTW: The GUI seems a bit faster. Were there any other tweaks in that kernel?
Click to expand...
Click to collapse
There is a cryto sha 256 or 512. Lmk which to enable
clemsyn said:
Try this, I enabled everything re: PPP in this kernel including PPTP and also enable MPPE (Microsoft PPP Encryption). I hope this helps. BTW, this MPPE is experimental in the kernel but I hope it works for you.
Click to expand...
Click to collapse
This is awesome - and just what I was looking for! Any chance you could post the Vegan version as well? Thanks so much!
Hi Clemsy,
Thanks again for all the great work you're doing. If you could also do this for vegantab it would be greatly appreciated.
Cheers
Jonesie
How do I install this file?
Jonesie18 said:
Hi Clemsy,
Thanks again for all the great work you're doing. If you could also do this for vegantab it would be greatly appreciated.
Cheers
Jonesie
Click to expand...
Click to collapse
I might have to take a pause on this since I'm having issues with my Gtab at the moment. My screen turned white and I can't see a thing. I was playing angry birds and noticed that my screen sensitivity turned bad and a few seconds later it turned all white. I might have to get a replacement for my Gtab
I can build the kernel for Vegan tab but there is no way for me to test it but it should work fine
I read a post that doing this might fix it:
Add the following to /etc/pptpd.conf
mru 1280
mtu 1280
Please try and see how it goes.
More Info
I had our network admin look at the VPN server logs for my connection. No errors or warning from the server.
One interesting thing to note, it seems that when the data transfer between the tab and the VPN server stops it's only one way. I was able to send mail out from the tab, but not receive mail or view web pages. I'm wondering if the decryption side (incoming to tab) of MPPe is broken. That could explain why the server keeps a connection, but the data flow seems to stop.
Could we steel code from a linux kernel that works?
clemsyn said:
I read a post that doing this might fix it:
Add the following to /etc/pptpd.conf
mru 1280
mtu 1280
Please try and see how it goes.
Click to expand...
Click to collapse
I don't have a pptpd.conf in /etc. What is the file syntax? I'll make one and copy it in. I'm assuming this is ./etc and not ./system/etc.
Edit: Never mind found info here: http://www.linux.org.au/~quozl/pptp/pptpd.conf.5.html
Edit Edit: Ok I think I have reached the level of my ignorance. How do you get a file copied to /etc? I have tried a file manager with SU permissions, and a terminal with SU permissions. In both cases I am getting a permission denied error. What's the secret?
Newanzer said:
I don't have a pptpd.conf in /etc. What is the file syntax? I'll make one and copy it in. I'm assuming this is ./etc and not ./system/etc.
Edit: Never mind found info here: http://www.linux.org.au/~quozl/pptp/pptpd.conf.5.html
Edit Edit: Ok I think I have reached the level of my ignorance. How do you get a file copied to /etc? I have tried a file manager with SU permissions, and a terminal with SU permissions. In both cases I am getting a permission denied error. What's the secret?
Click to expand...
Click to collapse
Upload the file and ill make a zip file for you to flash it.
So close ... I think Google may need to work out a few of their bugs first.
First off a big thanks to clemsyn for the hard work. (I used Root Explorer to copy the file pptp.conf)
Using the latest kernel posted here for VeganTab I was able to connect to a MS PPTP VPN and ping for a long while however just like my Samsung Vibrant the VPN appears to die once a burst of traffic is shot through the tunnel. The tunnel I have discovered is not disconnected but unusable through the Android system. If I disconnect the VPN session remotely the log files indicate that the remote server killed the connection. Not sure much can be done as now I feel I am hampered by Google's inability to care for VPN access. I am sure the developers here can figure this out but why should they have to figure this out when it seems to be a fundamental issue with Google's code. Maybe this disconnection does not happen with OpenVPN? Anybody use it? I am tempted to setup a test OpenVPN server just to see how long I can keep my connection.
BTW ... After remotely killing the VPN connection the VPN services crashes and throws up an exception in the back ground when terminating the service.
Not working. I might try without the encryption in the server side to check if that works. It actually connects (pings) a couple of seconds with the LAN computers... then it nevers connects again... even with reboots. Does the pptpd.conf only need those two lines?
I found this site which may help
http://code.google.com/p/android/issues/detail?id=6402
A user stated this:
"Hey! Saw another post elswhere in the forum. For Microsoft VPN using PPTP, I think it helps to disable Software Compression in Routing and Remote Access Manager on the Windows server hosting VPN. After I did that, I was able to connect to VPN.
In Routing and Remote Access Manager, right click on the server in the tree and select Properties. Then, under the PPP tab, uncheck Software Compression. I am the Sys Admin at my Co, so I was able to do this myself. Others may have to submit a request to your respective Sys Admins. Besides, who uses compression on VPN's since the death of Dial-up?
Good Luck!"
I have a transformer prime running ICS. when I use terminal emulation, I can not make my nslookup work. I can ssh to any server by IP but could not resolve DNS. My TP can get on internet no problem but for some reason, the terminal did not work with any DNS.
Where is the resolve.conf? How the android setup network interface? DNS?
Does anyone had the same issue?
chao0129 said:
I have a transformer prime running ICS. when I use terminal emulation, I can not make my nslookup work. I can ssh to any server by IP but could not resolve DNS. My TP can get on internet no problem but for some reason, the terminal did not work with any DNS.
Where is the resolve.conf? How the android setup network interface? DNS?
Does anyone had the same issue?
Click to expand...
Click to collapse
Yea, there's a lot of threads over the internet about this specific issue. The people that 'know their crap' say that we (like we compiled the binaries or something) compiled without the correct libraries.
Problem is, I didn't compile shiz, so they should really yell at the devs to compile with the correct libraries... OR tell us how to link the correct libraries AND give us a link to the correct binaries.
!!EDIT!!
Turns out, if you use the jrummy busybox installer to update busybox to the latest release, the terminal apps you use aren't updated (because of obvious reasons) so you have to do a little hacking for it to use the correct binaries (like, say remove their system dirs and link to xbin?)
UPDATE UPDATE UPDATE -- OCTOBER 4, 2018: AzireVPN is no longer free, and therefore the below instructions will no longer work for non-paying folks, which is probably most of XDA. For this reason, you are advised to now use your own judgement when selecting a WireGuard VPN host. Two recommended ones, as of writing, are:
- Mullvad - more servers, better bandwidth, more mature company
- AzireVPN - newer, has IRC channel, uses custom PXE-booting hardware
Even better, however, is that you run your own server using an inexpensive (or sometimes free) VPS.
If other providers become free, we can update this thread.
WireGuard is a next-generation VPN protocol that's extremely fast, secure, and well suited for mobile devices. It was recently featured on XDA news and there's an active thread for developers-only. This post is a how-to for normal people.
WireGuard is just the protocol and software. But to use it, you need to send your traffic through a server. There are a few commercial providers -- AzireVPN and Mullvad, for example -- or you can setup your own server. This guide will focus on AzireVPN, simply because as of writing, it's free, not because it's any better or worse than others.
==== For your Android Phone ====
1. Install the WireGuard app: https://play.google.com/store/apps/details?id=com.wireguard.android
2. Sign up for AzireVPN: https://www.azirevpn.com/manager/auth/register
3. Generate and download a configuration zip from: https://www.azirevpn.com/cfg/wireguard
4. Import it into the WireGuard app using "Add from file or archive"
==== For your Ubuntu Computer ====
1. Install WireGuard:
Code:
$ sudo add-apt-repository ppa:wireguard/wireguard
$ sudo apt-get update
$ sudo apt-get install wireguard-dkms wireguard-tools linux-headers-$(uname -r)
2. Sign up for AzireVPN: https://www.azirevpn.com/manager/auth/register
3. Run the Azire script:
Code:
$ curl -LO https://www.azirevpn.com/dl/azirevpn-wg.sh
$ chmod +x ./azirevpn-wg.sh
$ ./azirevpn-wg.sh
4. Turn on WireGuard:
Code:
$ wg-quick up azirevpn-se1
==== For your macOS Computer ====
1. Install Homebrew: https://brew.sh
2. Install WireGuard:
Code:
$ brew install wireguard-tools
3. Sign up for AzireVPN: https://www.azirevpn.com/manager/auth/register
4. Run the Azire script:
Code:
$ curl -o azirevpn-wg.sh https://www.azirevpn.com/dl/azirevpn-wg.sh
$ chmod +x ./azirevpn-wg.sh
$ ./azirevpn-wg.sh
5. Turn on WireGuard:
Code:
$ wg-quick up azirevpn-se1
That should be it!
Direct any questions to the WireGuard IRC channel -- #wireguard on Freenode.
Thanks for writing this! I've linked to it on the WireGuard developers' thread.
I have setup WireGuard a few days ago on Android exactly as descripted in the howto. Everything is working perfect only issue I can't access devices on my local network with WG enabled.
I have been looking for a way to bypass WG for local traffic but haven't found a solution yet.
Any tips on how to this, or alternatively is is possible to switch WG on/off via the command line so I can use Tasker to switch WG off when on my local network.
kantjer said:
I have setup WireGuard a few days ago on Android exactly as descripted in the howto. Everything is working perfect only issue I can't access devices on my local network with WG enabled.
I have been looking for a way to bypass WG for local traffic but haven't found a solution yet.
Any tips on how to this, or alternatively is is possible to switch WG on/off via the command line so I can use Tasker to switch WG off when on my local network.
Click to expand...
Click to collapse
Thanks for the report. I'm wrapped up in end of the year festivities right now, but when that's over I'll try to reproduce the local network issue and see if I can provide a workaround or toggle switch.
In the meantime, indeed you can use Tasker as you described. In the settings menu of the app, choose "Install command line tools." After, you'll be able to type "wg-quick up somename" and "wg-quick down somename." You can look at the status of existing vpn connections with the "wg" command too. Let me know how it goes!
Thanks for this project, looking for a test drive of WireGuard app, but there's a lot of users like I, don't use google apps, so if you are interested to support us through https://f-droid.org/ by adding your app to repo.
zx2c4 said:
In the meantime, indeed you can use Tasker as you described. In the settings menu of the app, choose "Install command line tools." After, you'll be able to type "wg-quick up somename" and "wg-quick down somename." You can look at the status of existing vpn connections with the "wg" command too. Let me know how it goes!
Click to expand...
Click to collapse
The wg-quick up/down works perfect for temporary disable WG to sync with my NAS. Thanks for the tip.
error bringing up tunnel.. can anybody help me with a working configuration file.. pm me the file..
dixan43 said:
error bringing up tunnel.. can anybody help me with a working configuration file.. pm me the file..
Click to expand...
Click to collapse
No. Send logs from `adb logcat` or the Matlog app instead, so we can help solve this issue.
zx2c4 said:
No. Send logs from `adb logcat` or the Matlog app instead, so we can help solve this issue.
Click to expand...
Click to collapse
here
zx2c4 said:
No. Send logs from `adb logcat` or the Matlog app instead, so we can help solve this issue.
Click to expand...
Click to collapse
beacon kernel developer here suggested me to turn off internet and connect wireguard config and then turn on internet.. and it just connected with internet off.. so is it supposed to work like that?
-- so when I connect it with internet already on, it gives that error..
-- when internet off, it connects and remains connected there after..
zx2c4 said:
No. Send logs from `adb logcat` or the Matlog app instead, so we can help solve this issue.
Click to expand...
Click to collapse
Same error bringing up tunnel.
anwarsheriff said:
Same error bringing up tunnel.
Click to expand...
Click to collapse
despite that error, yu can still connect to VPN by disabling internet, then connect.. it will connect.. then just switch internet on.
dixan43 said:
here
Click to expand...
Click to collapse
Thanks for the extremely useful log file. The issue is that your external interface has too small of an MTU, so v6 fails. I've fixed wg-quick so silently work around this error here -- https://git.zx2c4.com/wireguard-android/commit/?id=f1f36fb600ffdaa59f838f6866f594e8e690170d -- and I uploaded a new version to the play store. After you update, let me know if the error goes away for you.
dixan43 said:
beacon kernel developer here suggested me to turn off internet and connect wireguard config and then turn on internet.. and it just connected with internet off.. so is it supposed to work like that?
-- so when I connect it with internet already on, it gives that error..
-- when internet off, it connects and remains connected there after..
Click to expand...
Click to collapse
I wish such "kernel developer"s would try debugging the issue with me first -- to get at whatever the core problem is -- before doling out dubious incantations like that. Alas.
dixan43 said:
despite that error, yu can still connect to VPN by disabling internet, then connect.. it will connect.. then just switch internet on.
Click to expand...
Click to collapse
He's facing a different issue. Please stop spreading this advice, even if it works. It's a terrible way of "fixing" things and will just ensure people's issues never get fixed the proper way.
anwarsheriff said:
Same error bringing up tunnel.
Click to expand...
Click to collapse
You're actually encountering a different error. Specifically, for you, it's -- "12-26 21:49:02.224 V/WireGuard/RootShell(972): stderr: RTNETLINK answers: Out of memory", in response to `ip link add wg0 type wireguard`. That's super unexpected and weird. Could you tell me what kernel you're running on your phone (link to xda thread and github too), what phone you have, and whatever other useful information you can come up with? Does your phone, in fact, have a super limited amount of ram? I'll likely need to bring out the heavy machinery here.
zx2c4 said:
You're actually encountering a different error. Specifically, for you, it's -- "12-26 21:49:02.224 V/WireGuard/RootShell(972): stderr: RTNETLINK answers: Out of memory", in response to `ip link add wg0 type wireguard`. That's super unexpected and weird. Could you tell me what kernel you're running on your phone (link to xda thread and github too), what phone you have, and whatever other useful information you can come up with? Does your phone, in fact, have a super limited amount of ram? I'll likely need to bring out the heavy machinery here.
Click to expand...
Click to collapse
Phone being used: Redmi Note 3 with 3gb ram and 32gb storage.
ROM & Android version: Nitrogen OS 8.1
Link to ROM thread: https://forum.xda-developers.com/redmi-note-3/development/rom-nitrogen-os-11-01-2017-t3536211
Kernel used: Agni AGNi pureLOS-N/O v11.8
Link to thread: https://forum.xda-developers.com/re...kernel-02-10-2016-agni-purecm-n-v1-7-t3472640
Hope that helps
---------- Post added at 09:32 PM ---------- Previous post was at 09:12 PM ----------
zx2c4 said:
You're actually encountering a different error. Specifically, for you, it's -- "12-26 21:49:02.224 V/WireGuard/RootShell(972): stderr: RTNETLINK answers: Out of memory", in response to `ip link add wg0 type wireguard`. That's super unexpected and weird. Could you tell me what kernel you're running on your phone (link to xda thread and github too), what phone you have, and whatever other useful information you can come up with? Does your phone, in fact, have a super limited amount of ram? I'll likely need to bring out the heavy machinery here.
Click to expand...
Click to collapse
Well to keep you updated. I cleaned the ROM and tried another wireguard implemented kernel. No issues anymore. It gets connected.
Working kernel Link: https://forum.xda-developers.com/re...nel-shadow-kernel-redmi-note-3-kenzo-t3689866
Was it the kernel or the wireguard app update that fixed the issue?
zx2c4 said:
Thanks for the extremely useful log file. The issue is that your external interface has too small of an MTU, so v6 fails. I've fixed wg-quick so silently work around this error here -- https://git.zx2c4.com/wireguard-android/commit/?id=f1f36fb600ffdaa59f838f6866f594e8e690170d -- and I uploaded a new version to the play store. After you update, let me know if the error goes away for you.
Click to expand...
Click to collapse
yea the error is gone.. it's fixed with the update.. thnx.
Which ones to use for fastest internet and best battery life?
I am from India
Hi,
Just wondering about the Wireguard Android app. I have blu_spark, latest which supports Wireguard and the Android app. I aslo have the name and public key for the Mullvad Wireguard server. My question is on the Android app:
Under Interface,
Name: <<should be my Wireguard provider? E.g., Mullvad?>>
Address: <<should be blank? My behind-NAT-address such as 192.168.1.41? Router IP address such as 64.121.124.59? Or something like 0.0.0.0?>>
Under Peer,
Allowed IPs: <<should be same as Interface Address? Something else?>>
Endpoint: <<should be the ip address/name of Mullvad WG server?>>
Thanks.