[Q] How to setup and connect to L2TP/IPSec CRT VPN? - General Questions and Answers

Hi,
I've been trying to connect my Desire Z to a VPN that's setup on Windows Server 2003. I've installed the user/CA certificates in my phone, and setup the L2TP/IPSec CRT VPN on the phone. However, when I try to connect, it fails. PSK mode works, and the VPN server is fine since I'm able to connect via a Windows 7 PC. However, when I try to connect to it with my phone, it fails. Using Wireshark, I'm discovering that the failure happens during the key exchange portion. The server requests my phone for the certificate, and doesn't receive anything in return.
Does Android have any specific VPN configurations that I need to set? Also, is there way I can access any logs that say why the server certificate request isn't responded to?
Thanks.

Anyone ?

Related

Internet Sharing+VPN WM6 problem

I cant figure it out, I just installed the latest v. WM6 Rom (http://forum.xda-developers.com/showthread.php?t=297256)
Internet Sharing via Bluetooth works but... when i start my vpn either via ssl or ipsec (on laptop) NOGO. something is in between dont know what...so workaround:
Internet sharing via USB: the device tells me "connected", the new Network connection in control panel/xp tells me "connected" but there is no Internet connection. I try to ping 192.168.0.1 which it made gateway and this is not found. nothing nada. firewall off. nogo. repair. nogo.
*argh* I realize it are 2 different problem but in short: I can not connect as I usually did under the wm5 dialer (and I miss the status lights).
Anyone has a clue?
Hi !
I have the same problem with the same ROM. I didn't found any solution yet.
I didn't try Internet connection shring with Bluetooth. But your problem sounds as a proxy setting problem on your PDA connexion. You should take a look at those settings...
Let us know if you find anything.
edit :
Finally it's working, I re-installed ActiveSync 4.5 and now it's OK.
I reinstalled activesync, modded down to wm5, then again wm6 ...
and magic usb is working but...
My VPN connection on both BlueTooth or Usb is not working. I use the AT&T client to connect to our network but authentication fails with all vpn servers in the list.
That's a shame because this is really the only basic functionality i need to check my e-mail and stuff "on the road". Hmmm... down to WM5!
Unless someone has got VPN working?
I reinstalled activesync, modded down to wm5, then again wm6 ...
and magic usb is working but...
My VPN connection on both BlueTooth or Usb is not working. I use the AT&T client to connect to our network but authentication fails with all vpn servers in the list.
That's a shame because this is really the only basic functionality i need to check my e-mail and stuff "on the road". Hmmm... down to WM5!
Unless someone has got VPN working? Heres my errorlog:
21:24:55.190 Logon request sent to VPN server 111.11.111.222...
21:24:55.190 Wait for asynchronous action to complete.
21:24:55.230 A VPN logon message 1 was received.
21:24:55.230 Accessing digital certificate...
21:25:00.818 A VPN logon message 2 was received.
21:25:00.818 Negotiating encryption keys with the VPN server (111.11.111.222)...
21:25:02.290 A VPN logon message 3 was received.
21:25:02.290 Authenticating with the VPN server (111.11.111.222)...
21:25:22.349 The VPN logon response was received.
21:25:22.349 The local address is 192.168.1.78.
21:25:22.349 Last login error set to 118.
21:25:22.349 'LogonToIPSecTunnelServer' failed.
21:25:22.349 FSM error in state 'AuthenticatingTunnel'.
21:25:22.349 !Error 118 No response from IPSEC terminator during authentication. (error 118).
21:25:22.349 ---------- Change state to 'BeforeTunneling'. ----------
ah... I have it... stupid me.
sorry. stupid. forgot the checkmark on the authentication tab on the auto-created controlpanel > networkconnections > Windows Mobile 6 Connection > Authentication.
Great!
For reference, using the Cisco VPN client, with Bluetooth and internet sharing, does not work. With WM6, a Bluetooth PAN adapter is created on the PC, and the Cisco VPN doesn't bind to this type of adapter.
Using the same config, but with the USB cable, and the wireless modem, does work.
Unfortunately It does NOT work anymore.
Whatever I try I can not get connection to the Internet
- I start "connect"
- Plugin the usb cable
- The new network connections icon appears under network connections
- It pops up it is connected
- It has an assigned 192.168.0.2
But no internet connection, ping 192.168.0.1 can not be reached, etc...
I turned off the firewall to see if this was the problem. not.
Is there ayone who has got a clue? This is really frustrating.
For what it's worth, I'm using WM6 Black 2.5 on a Hermes (Cing 8525) and I'm able to use WM6 Internet Sharing via BT to connect my laptop to the internet and I am able to use my Cisco VPN client on my laptop to connect to my company's intranet. No problems here so I don't think it's a WM6 problem.... rather a configuration problem... either on your company's VPN concentrator side or your client side.You may want to chat with your IT/Ops dept for configuration settings.
No problems here nither. I use Vista on PC. I need to connect to several networks and just have made some tests. I could reach all of them. The fact is that most of them are built on Draytek routers not Cisco, but they also use IPSec and so on.
Yep I'm having the same problem, my VPN's worked fine with WM5, but went to Black 2.5 and now when I VPN, it connects, assignes me an IP, but wont let me ping the network.
I _think_ it's becuase now the fone shows up as a network rather than a modem, and assigns me a 192.168.0.x address, and the home network is in this too... any suggestions?
share internet connection with ppc
Can i use my ppc as the wireless adapter? do i need to use "wireless modem" or "activesync" to do this? For more detail, if my computer do not have wireless adapter, and now i want to use the wireless adapter on my ppc to connect to the internet. Is it posible?

Remote Desktop Cannot Connect

Hello all:
(first of all, I apologize for the double post, I erred and replied to a thread in the diamond forum)
I'm having problems getting my remote desktop to work. Been trying to connect since I picked up my Fuze on the 11th.
I have three different computers that I can successfully administer via my desktop. I've tried using 3G to connect, no success. I've tried using Wi-fi to connect, no success. I've used local computer names, IP addresses, properly forwarded ports --
It has to be a setting I'm missing on the phone. Any ideas? TIA
What version of Windows are you trying to connect to? Do you have a Firewall? And have you done the port forwarding on the router?
But the only options you need is Computer: IP Address and the user name and password. Use a Domain if you are connecting to PCs on a domain. Also when I logged in not using 16bit color under options the PC was almost unusable.
My attempts
The things I have tried since my post:
1) attempting to connect to Windows Server 2003 machine, non-local. Used IP address with port, same IPort that works from my desktop. Left username/password blank -- filled them both in -- left the domain name blank -- filled it in. All failed. Get the error message with three possible causes listed. Connected to my home network via wifi, data connection disabled (sometimes causes problems with my internet browsing if they're both enabled)
2) attempted to connect to a local machine, running XP Pro. Again, tried all possible combinations of username/password completeness, no success. Using Wifi
My local router does have a firewall, and the remote router does as well. I can successfully navigate those using my desktop (or laptop, for that matter)
GTO: I appreciate the quick reply...thank you.
3daysaside said:
The things I have tried since my post:
1) attempting to connect to Windows Server 2003 machine, non-local. Used IP address with port, same IPort that works from my desktop. Left username/password blank -- filled them both in -- left the domain name blank -- filled it in. All failed. Get the error message with three possible causes listed. Connected to my home network via wifi, data connection disabled (sometimes causes problems with my internet browsing if they're both enabled)
2) attempted to connect to a local machine, running XP Pro. Again, tried all possible combinations of username/password completeness, no success. Using Wifi
My local router does have a firewall, and the remote router does as well. I can successfully navigate those using my desktop (or laptop, for that matter)
GTO: I appreciate the quick reply...thank you.
Click to expand...
Click to collapse
Okay its been awhile since I used 2k3 sever. Using 2k8 lately but are you trying to use Terminal Server? and if your using 2k3 and you have ISA enabled I know it can be a pain to do port forwarding with it. But let me get this stright. You have no issues using XPs Remote Desktop to log into the server machines Terminal Server/Remote Desktop? Here is an idea. Whatever port your running Terminal Server/Remote Desktop type the IP Address with a : and port. IE 192.168.0.1:3000
Also if you would like you can PM the IP address of one of the Machines and I will try from my phone that I know is working with my machine. I am pretty sure you don't need to end a user name or password and it will bring me up to the login screen or you can make a temp account. On also on the Win2k3 machine I am pretty sure you have to add the option to login with Terminal Server even if its the Administrator account.
I am able to connect to my local XP machine over wifi using the ip addy/no port. Hostname (DNS) connection attempt failed, though. My 2k3 server's power supply died or I would test that for you.
No special router config (port fwd) for my device had been done.
The fact that you can't get to your local box on your local network is where I'd start.
Local Network Issues
Thanks again to you both...
I think that might be the problem -- the local network setup. I can connect via wifi, and browse the web. However, I can't install a network printer using the WinMo app that's included, and I can't seem get to the local PC even when I use the local IP instead of the DNS name. I did check, I'm being issued an IP address by the router (obviously), but still no dice on anything relating to network based traffic.
Is there a way to ping using WinMo? I'd like to be able to use that start.
Cont..
Also, I've noticed that I don't get the same error each time. Depending on which machine I'm trying to connect to, it'll give me an error with either two or three options as to why it's not working. Trying to figure out what that's telling me.
As far as Terminal Services are concerned, when I connect from the desktop, I believe I'm using Remote Desktop there (honestly, I haven't been paying attention -- I just use whatever pops up when I type 'mstsc' from the Run dialog, lol), and I can connect to the 2003 server. However, I can't play with this anymore today, because apparently the server is down, and I won't be able to get to it till Monday.
I think I'm going to go play with the ATT proxy and see if that changes anything. I think mine is still enabled because I read that it might help with the GPS problems...
I have found some freeware app... pocketping 1.6 and microsoft has a network tool offering which I am not sure will work on WM6. I have no exp. with either tool on WM.
Can you get to your http/https router mgmt interface from the device? Check your router's client table? Does your router have any logging capabilities?
Sorry, more questions than answers.
Router
I am able to "dial" into the router from my phone -- it shows the HTCP4600 in the clients table with an IP of 192.168.2.108 ... all good.
My logging on the router was disabled, but now it is enabled. What should I be looking for?
I think i'll try the pocketping...
Now make sure inside of the router then you have all the correct ports forwarded.
It should be port 3999 to 3999 On UDP and TCP and then your PC ip behind the firewall.
Pocketping, JETCET Print 5, and success
Here's the update:
Discovered that by disabling the AT&T proxy on the Fuze, I was finally able to connect to my network printer -- the Fuze doesn't have the drivers for my printer, but that's another thread.
So I was able to make my first IN-Network contact. Installed pocketping 1.6, and it's a very useful tool. I'm able to successfully ping the computers on my network now that the proxy is disabled -- an voila...I can also connect to my laptop on my own network! The main trick was to use the network IP address and not the DNS name.
Thanks to both of you who helped out.

[Q] [HELP] SSH Tunnelling

Hello.
I need some help about my problem connecting to my work lan.
I have a PC in office connected to work LAN. I can connect to my pc from remote usign SSL VPN.
I have installed Junos Pulse on my Galaxy Note 10.1 and with it I can connect to my VPN and then, using port 3389, I can connect to my PC using RDC.
If I need to access my work network, I need to make some tunnel using port 3389.
I installed SSH server listening on port 3389 on my pc and, after VPN connection has been established, I try to use SSHtunnel to configure connection to my ssh server (working ok) and then starting Global Application routing. When I start SSH tunnel it connect to my ssh server and it works (for ex. using internet browser from android) but only using IP addresses.
If I try to use names instead of IP it is unable to resolve DNS, also if I set DNS option ON in SSHtunnel.
I cannot understand how to accomplish that kind of connection. I tried proxydroid, sshtunnel, autoproxy but they does not work (or I am not able to make them work).
I don't know if it is some problem using tunnelling with Junos pulse.....
Any help for me?
Thank you
No help?

[Q] vpn can connect but no internet and local lan

Hi, I have a samsung galaxy note 10.1 N8000. On my local network I have a synology diskstation DS213j which can run a vpn server L2TP/IPSec or openvpn.
On my samsung I have the latest official firmware.
L2TP/IPSec server DS213j is working fine with my ubuntu 11.10 notebook. I didn't try openvpn yet, but I guess I get that working too.
On my samsung I can connect nicely to L2TP/IPSec server (with build in android vpn client) or the openvpn server (with Openvpn for android app).
However I cannot access internet or my local lan. Although I can ping my local lan addresses. When I open ie the url to my webinterface of the local lan it tries to connect to it. It sometimes even manage to display the login screen.
I guess my routing on the tablet is wrong. Routing is set to automatic, only dns servers has been filled in manually, because they didn't get pushed right by the openvpn server on my synology. Notice that I don't have this problem on my ubuntu notebook.
Did someone manage to succesfully setup a vpn connection using L2TP/IPSec or openvpn?
If so I must take another look at the vpn servers on my synology, else I think I need to get root access to my tablet to manipulate the routing table.
BTW the goal is to rout all the traffic through the vpn expecially the internet. I need to access the internet through my home IP so I can use the live TV app from my cable/internet provider when I am on the road.
divx118
divx118 said:
Hi, I have a samsung galaxy note 10.1 N8000. On my local network I have a synology diskstation DS213j which can run a vpn server L2TP/IPSec or openvpn.
On my samsung I have the latest official firmware.
L2TP/IPSec server DS213j is working fine with my ubuntu 11.10 notebook. I didn't try openvpn yet, but I guess I get that working too.
On my samsung I can connect nicely to L2TP/IPSec server (with build in android vpn client) or the openvpn server (with Openvpn for android app).
However I cannot access internet or my local lan. Although I can ping my local lan addresses. When I open ie the url to my webinterface of the local lan it tries to connect to it. It sometimes even manage to display the login screen.
I guess my routing on the tablet is wrong. Routing is set to automatic, only dns servers has been filled in manually, because they didn't get pushed right by the openvpn server on my synology. Notice that I don't have this problem on my ubuntu notebook.
Did someone manage to succesfully setup a vpn connection using L2TP/IPSec or openvpn?
If so I must take another look at the vpn servers on my synology, else I think I need to get root access to my tablet to manipulate the routing table.
BTW the goal is to rout all the traffic through the vpn expecially the internet. I need to access the internet through my home IP so I can use the live TV app from my cable/internet provider when I am on the road.
divx118
Click to expand...
Click to collapse
Solved with the official release of DSM 4.3 beta and vpn server update of my synology. As I expected not all the routes were pushed by the server. dns servers I still have to ad them manually.

[Q] Connect to OpenVPN + pem certificate + tap device

I want to connect my android device (nexus 7 2013) to an openvpn server which is not administrated by me, meaning I have no access on the configuration.
On my windows7-pc, I do this with the windows version of openvpn, the provided settings file for the openvpn server and the also provided pem-certificate.
Since the server uses the tap device of openvpn, alternative clients like openvpn for android by arne schwabe[1] don't work (this app doesn't support tap).
Since I don't have a private key file (*.key), I cannot generate a p12-file[2] which could be imported by the official openvpn app[3].
The pem-fileformat is compatible to *.cer and *.crt, meaning, I can simply change the file extension to "convert" them. The crt-file can be imported by the android systems (security -> import), but this doesn't help openvpn as it seems to only use it's own certificates.
Any suggestions on how to achieve a successful connection?
[1]: play.google.com/store/apps/details?id=de.blinkt.openvpn
[2]: blog.max.berger.name/2010/01/pem-fromto-p12.html
[3]: play.google.com/store/apps/details?id=net.openvpn.openvpn
wifi
i think if you have ICS_P740AV1.0.0B07 + you can't find open hot spot and if you can see you can't connect.
Try to make one hostop secured with wpa2 and try it.
k0tsompakos said:
i think if you have ICS_P740AV1.0.0B07 + you can't find open hot spot and if you can see you can't connect.
Try to make one hostop secured with wpa2 and try it.
Click to expand...
Click to collapse
Whoa, i only understand half of it
I have android 4.3 JSS15Q rooted with flo (?). I have superSU and Busybox installed. I followed the default instructions of the nexus root toolkit. My wifi is connected for sure, but it has blocked ports (which is the reason for all this). However, since I'm failing at an earlier stage, and, since it works from my pc from the same network with the same openvpn on the same ports I suppose the error is not in the network settings...
The wifi i'm connected to has wpa2+pkip etc. but I'm not sure how this is relevant...
rom
you have installed a custom rom?
you have try to enable and disable airplane mode?
you have data conenction?
k0tsompakos said:
you have installed a custom rom?
you have try to enable and disable airplane mode?
you have data conenction?
Click to expand...
Click to collapse
I have stock android rooted. I only have wifi and the connection works perfectly, I tried rebooting the device, I consider this counts as "dis/enable airplane mode". I have good wifi signal strength.
I have no issues accessing websites over port 80/443, only the blocked ports don't work. The openvpn server is reachable on port 443 (it works from my pc).
Hello,
did you ever manage to solve this? I'm looking to configure my nexus 7 2013 to connect to an OpenVPN server using TAP and it doesn't seem to be working. I'm using OpenVPN settings with certificate-based authentification. I'm able to connect to my server, however I don't get a local IP address assigned and when I browse the internet, my IP is still showing up as from the original connection instead of the VPN endpoint. Computers with windows 7 can connect to the server no-problem and all their traffic is directed to the tunnel. Any ideas for guides and walkthroughs?
Thanks. Any help is very much appreciated.

Categories

Resources