OK, running Tiamat's newest ROM, and a rooted kernel. Connecting to an old Cisco 3000 concentrator with an RSA token. I can get connected to the VPN, and even go so far as to get a ping if I'm quick, but it quickly loses connection (Connecting over 3G). I then have to reboot, or the internet won't work at all. I'm using Get a Robot VPN as it seems to be the only program that'll connect up to that old concentraor through IPSEC VPN.
Any suggestions beyond waiting for ICS???
Oh, Cisco Anyconnect will go so far as to identify the concentrator, but when I try to connect, it says can't find server... Grrr.....
Update: I used http://forum.xda-developers.com/showpost.php?p=12124163&postcount=23 which seems better, but still having issues.
I can't get an ifconfig -a on this machine. I tried updating Busybox, and still nothing. When I go into connectbot locally, I get a sh-4.1$ prompt, which I assume is some kind of shell? Anyway, going to system/bin/ifconfig, I get nothing. If I add a -a to it, I get -a:No such device. When I do the same without being connected via VPN, I get the same answer. Very frustrating!
Related
Dear all, I got my new Nexus One, rooted, with recovery ROM and with Modaco Custom ROM installed (without Add-On installed).
I installed also the VPN Connection but I cannot get it to work!
Anyone was succesfully get it to work on N1?
Or any other idea to get a VPN connection with a Cisco concentrator?
thank you
I would like that one as well!
I've installed the VPN connection from the market on top of Cyanogen's Baconmod and it worked the first time. I'm going back to my companies Cisco concentrator also.
I'm using a group password - make sure you set that up correctly... Connects over WiFi or 3G with no issues. I'm not certain if it works well with certificates.
I am unlocked, rooted, RA Recover, and N1 Addon. Once you get all of that setup then go to the market and download "VPN Connections - root".
It should work barring any unforeseen configuration on your work side like TCP vs UDP, connections port changes, or anything else that would be propagated by a configuration file.
But if you unlock, root, and have Cyanogen's N1 Addon you should be fine unless you have a config challenge.
Ntwrkwizard
Cisco VPN works but has issues
Nexus is my first Android phone and I just rooted and baconized. I was so conflicted, but I told myself it was inevitable. The phone has been solid for a week and I knew that when the first ROM dropped with multi-touch, I wouldn't be able to resist. Might as well get a head start, right?
First thing I did was install VPN Connections from the Market and setup a connection to my company Cisco ASA. I was totally stoked when I was able to connect and VNC into my office PC. After I was done. I went back into VPN Connections and disconnected from the VPN. My Internet (WIFI) access did not come back. Next I tried disabling the VPN from within the app. No dice. I then forced VPN Connections closed and still no good. I ended up disabling and re-enabling WIFI to get it my net connection back. Is this normal?
networking hosed after disconnecting VPN...
Posted this over in the apps section, before I saw this thread:
Nexus is my first Android phone and I just rooted and baconized. I was so conflicted, but I told myself it was inevitable. The phone has been solid for a week and I knew that when the first ROM dropped with multi-touch, I wouldn't be able to resist. Might as well get a head start, right?
First thing I did was install VPN Connections from the Market and setup a connection to my company Cisco ASA. I was totally stoked when I was able to connect and VNC into my office PC. After I was done. I went back into VPN Connections and disconnected from the VPN. My Internet (WIFI) access did not come back. Next I tried disabling the VPN from within the app. No dice. I then forced VPN Connections closed and still no good. I ended up disabling and re-enabling WIFI to get it my net connection back. Is this normal?
Does this program place a .pcf file anywhere on the phone? I have a pcf file from my work VPN, and the options that are in the UI are not quite enough to cover what all I need to enter. I looked all over the place for a pcf file, but couldn't find one. I know that the get-a-robot initial version of this program had one, but I don't know where this new version keeps it (if it does at all).
jchap2k
Cisco VPN
I have a question about Cisco VPN. i've not tried using it on an android phone, because I wasn't sure if the way my company's VPN works is supported. My company uses a token file that needs to be "installed" on the computer for the Cisco VPN. So the question is, would the Cisco VPN solution for Android support this?
Thank you
Using CM beta 4 rom with update from Google and this program FCs when trying to connect to vpn.
Any helpful hints would be great.
not sure on the fc, maybe try another rom/kernel.
i wasn't able to get this to work using any of the cyan roms so i must be doing something wrong.
my vpn works fine with the settings i've used for both vpn client (windows cisco client) and vpnc (fedora linux client) but when i press connect on android it will instantly say failed, is there a log available for this application?
I just got my TB this morning, am working on configuring it to replace my DInc. I have an L2TP over IPSec (PSK) VPN set up on my DInc, and it works without any problem. I tried the exact same settings on my TB, and I get a box "Attention Unable to connect to the network. Do you want to try again?"
I get this message whether I try to connect from 3g/4g or from my own wireless network (on the same LAN as the VPN). When I look at the logs on the machine hosting the VPN, I see absolutely nothing when I attempt to connect from my TB (connecting from my DInc produces the right log entries). I can also connect to the VPN server from other clients (Windows 7, etc.) without any problems.
*Edit: Cannot connect from TB via PPTP either. Can connect from other PPTP clients.
I have been able to connect to my works VPN (using PPTP) without problem.
Very fast and stable so far! Used it for about 15 minutes without a hitch.
rajuabju said:
I have been able to connect to my works VPN (using PPTP) without problem.
Very fast and stable so far! Used it for about 15 minutes without a hitch.
Click to expand...
Click to collapse
Thanks for the reply. I am still unable to connect directly from my TB, using PPTP or L2TP. If I configure my TB as a mobile hotspot and connect to the internet through it, though, I can connect to my VPN server using the TB's internet connection. But I still cannot connect from the TB using its VPN client.
Lovely. After doing some extensive reading, it sounds like the problem is likely the rom itself. Guess I'll be waiting for an update.
can you list what settings your using in your VPN? since this forum is aout people having trouble and not bragging about whats working?
I too am running dasBAMF and have no VPN's added nor can I find default settings
papajay224 said:
can you list what settings your using in your VPN? since this forum is aout people having trouble and not bragging about whats working?
I too am running dasBAMF and have no VPN's added nor can I find default settings
Click to expand...
Click to collapse
I'm guessing your post was directed at rajuabju, but hopefully I can help. I do finally have both PPTP and L2TP/IPSec VPN's working on my TB. With what are you having trouble?
Have you tried OpenVPN? I have had the most luck with that, as well as having it forward all traffic through the VPN.
As the subject states, non of the current roms/kernels appear to have the TUN/TAP driver to run openvpn.
Side note.. ATT pissed me off today (okay so I had it coming for tethering but still..) So, new solution is to run openvpn and force all the traffic through my openvpn gateway, this will keep ATT from spying, and also prevent them from using TTL (still speculation, but one of the methods to detect tethering)
Just out of curiosity, how did you confirm that the TUN/TAP driver was non-existant or not operating properly on the skyrocket?
I'm in the midst of doing the same ... installing openvpn. I have the server set up on my home PC and verified through another laptop off-network. But I have problems when trying to run openvpn settings. Here is what I did:
1) Copied .ovpn file, ca.crt, client1.crt, client1.key, ta.key FROM server TO /sdcard/openvpn directory on skyrocket
2) Installed busybox
3) Installed openvpn installer
4) Installed openvpn using #3
5) Installed and opened openvpn settings
6) Under "OpenVPN Settings" I checked the box saying "OpenVPN"
7) Under "OpenVPN Configurations", I selected my .ovpn file's checkbox
8) The .ovpn checkbox immediately disables and I have no openvpn
Was your approach similar?
I just checked via lsmod. I did not bother going through the process of moving my config files from my captivate to the skyrocket.
Samsung does not include the tun/tap driver in the stock kernel, so it will require a custom kernel, or at least someone to create the module with the same libraries as the stock kernel and just the tun.ko module file to copy across to our current phones.
Actually TUN/TAP is compiled directly into the stock kernel and not compiled as a module so you won't find it with lsmod. You also don't need to do an insmod to use it. I'm running openvpn just fine in tap mode.
There IS a bug in the OpenVPN Installer though that requires you to have ifconfig and route in /system/xbin/bb. It won't work if you select anything else during the openvpn install.
Here's what I did...
Install busybox to /system/xbin
Install openvpn to /system/xbin and select /system/xbin/bb as the location of ifconfig/route
adb shell or use a terminal on the device and do a su.
mount -o rw,remount /dev/block/mmcblk0p24 /system
mkdir /system/xbin/bb
cd /system/xbin/bb
ln -s ../busybox ifconfig
ln -s ../busybox route
mount -o ro,remount /dev/block/mmcblk0p24 /system
Configure and start openvpn.
Good to know.
Will try it in abit, I tried to run openvpn, but it failed on the tun driver, which is why I stopped, but I did not link bb, will give that a try when I get a chance... stupid ATT busted me for unauthorized tethering again.. so cannot get my existing openvpn config from my server yet...
gtj0:
I tried the directions you provided but with using tun and no luck. I'll try and reconfigure my openvpn server to run tap and will try agian.
jvanbrecht:
let me know if you make any progress
plarser48 said:
gtj0:
I tried the directions you provided but with using tun and no luck. I'll try and reconfigure my openvpn server to run tap and will try agian.
jvanbrecht:
let me know if you make any progress
Click to expand...
Click to collapse
I just reconfigured my server over to tun mode and it's still working fine.
Can you try running openvpn from a command line and see what errors it spits out?
I.E. openvpn --config server.ovpn
Also can you check if /dev/tun exists?
edit.....
Here's my config...
client
dev tun0
proto udp
float
remote vpn.example.com 21194
resolv-retry infinite
nobind
persist-key
persist-tun
ca vpn.example.com.ca.crt
cert zzz.crt
key zzz.key
tls-auth vpn.example.com.ta.key 1
cipher AES-256-CBC
comp-lzo
verb 4
mute 20
plarser48 said:
gtj0:
I tried the directions you provided but with using tun and no luck. I'll try and reconfigure my openvpn server to run tap and will try agian.
jvanbrecht:
let me know if you make any progress
Click to expand...
Click to collapse
I had no problems getting it to work, I borrowed my co workers usb modem to pull down my configs from my old Captivate (I use ssl-admin and store the configs with the certificates in zip format).
The problem I am having at the moment is getting tethering to work while openvpn is running.
Laptop can talk to the phone (using wifi tethering, usb tethering kills the adb session, but I suspect it would work just fine), and phone can talk to the world, but laptop will not connect to the world.
The routes are in place, I checked the sysctl options, and ip forwarding is enabled. Just no traffic will pass... it is driving me nuts... heh.
Success for me too! Not sure what was wrong. The server was always working no problem and was always able to connect directly over home wifi from laptop. But I wasn't able to connect on the Skyrocket.
But I used gtj0's config file, changed the remote ip address/port, and worked perfectly. Thanks!
jvanbrecht: I haven't tried it with tethering yet and probably won't get to until at least a few days. Hope to be able to help by trying on my phone sometime soon.
Everyone: Any idea if it is better to run tun or tap for mobile phone openvpn? Regarding tethering, do both tap and tun hide detectable elements like TTL at the IP layer?
EDIT: VPN Not Porting Properly?
Hmm. It seems I am able to connect no problem and openvpn on the phone says it's connected. But when I go to www.whatismyip.com from my phone, it still says an AT&T address. I expected with openvpn running that it should show my home server ip address no? Also, openvpn on skyrocket indicates that it is connected as 10.3.0.6. But if I try to ping 10.3.0.6 from the server I get no response. Is that expected?
plarser48 said:
Success for me too! Not sure what was wrong. The server was always working no problem and was always able to connect directly over home wifi from laptop. But I wasn't able to connect on the Skyrocket.
But I used gtj0's config file, changed the remote ip address/port, and worked perfectly. Thanks!
jvanbrecht: I haven't tried it with tethering yet and probably won't get to until at least a few days. Hope to be able to help by trying on my phone sometime soon.
Everyone: Any idea if it is better to run tun or tap for mobile phone openvpn? Regarding tethering, do both tap and tun hide detectable elements like TTL at the IP layer?
EDIT: VPN Not Porting Properly?
Hmm. It seems I am able to connect no problem and openvpn on the phone says it's connected. But when I go to www whatismyip com from my phone, it still says an AT&T address. I expected with openvpn running that it should show my home server ip address no? Also, openvpn on skyrocket indicates that it is connected as 10.3.0.6. But if I try to ping 10.3.0.6 from the server I get no response. Is that expected?
Click to expand...
Click to collapse
TAP provides a bridged connection so broadcasts on the server's network are propagated across the connection. For network-to-network connections this may be needed for things like dhcp and windows networking. For end users, this usually isn't a good thing because it eats up bandwidth. TUN, which is routed instead of bridged, is the better way to go.
My config only routes traffic destined for the server's LAN over the vpn connection so the behavior you see with whatsmyip is normal. Check openvpn's config file paramters to make the vpn the default route for all traffic.
See my other post. I included my configs.
Just add redirect-gateway option to your client configuration, or the server side client configuration in the ccd directory.
I have everything working. As for what att will see. Only an encrypted tunnel initiated from you phone to your vpn server. Ttl, ip options etc will not be visible to att.
Sent from my SAMSUNG-SGH-I727 using XDA App
Cool thanks again. I'll try updating my configs and trying again tonight. I'm sure not being able to ping across the tunnel was probably a configure issue a well.
You also need the Client to Client option enabled if you want the openvpn server to advertise routes to other vpn client devices and their associated networks. That would be another reason why you cannot ping across the tunnel if you are trying to ping another vpn device.
jvanbrecht:
I'm not seeing your config files on the board here. I'm fairly new here so maybe I'm not looking at the right place. But I didn't see an attachment.
The configs are posted in my other thread.
http://forum.xda-developers.com/showthread.php?t=1378970
Thank you. I'll try out the details in that post. If I have any questions I am going to post over there from now on because that post is more closely aligned with my goal and thus more relevant.
Hi
I'm just making this post as I can't really see any solutions for this.
Let me first explain the situation we're in, we have a bunch of laptops that need access to the internet and this building provides free wifi, YAY. The problem is, the wifi is unstable where we are, randomly doesn't allow computers to connect to it, and drops computers from the network for no reason. The landlord is pretty much unhelpful here, and we're only here for 2 weeks so we're just living with it right now.
I have a contracted phone with unlimited data that I tether with USB to my computer and then run a VPN on the computer which works fine for me, but I want to get the other laptops connected too.
The problem is my phone hasn't got tethering, so as soon as it detects a user agent that corresponds with a desktop based browser, it blocks the data connection until the signal is completely reestablished.
This is even a problem for my laptop as sometimes theres a random HTTP request that blocks the connections before the VPN can connect.
So the solution I really want for this is a VPN to be running on the phone, and then a hotspot to run on the phone. Then the laptops can connect to the phone and theoretically be behind the VPN, so everything can be connected and the connection won't get blocked.
I've tried all the iptables forwarding and masquerade rules to no avail, OpenVPN with "Use default route" to force all routes through the VPN also does not allow any computer on the hotspot to connect to get a data connection.
For more info, the phone is a SGS3 i9300 which is currently running the latest CM10.1 nightlies. The VPN is from HMA.
Does anyone have any suggestions for this?
Thanks for the time.
Anyone else experiencing this?
When I try to connect to my VPN server using OpenVPN connect over TCP I get a Network EOF error, and when connecting with the regular Open VPN Client app I get "SIOCGIFHWADDR(lo) failed." Works fine when I connect under UDP, and connecting to the same server under TCP works fine on my other devices (I'm coming from the Nexus 6 2014 and used it extensively on there).
From what I can see on Google it sounds like this is a ROM issue, but wanted to make sure it's happening to everyone so I know it's not just something misconfigured on my end.
I just tried mine and TCP connection isn't working for me either.
Andrew025 said:
I just tried mine and TCP connection isn't working for me either.
Click to expand...
Click to collapse
Out of curiosity, does UDP work for you? I figured UDP was working, because it showed as connected with no errors on OpenVPN Connect but it actually doesn't load anything from the internet whilst connected and the other OpenVPN app is giving me the same "SIOCGIFHWADDR(lo) failed" error.
This is a pretty major issue
I'll bet your wifi doesn't approve of VPN.
UDP and TCP connection through the Private Internet Access app work fine. There's a configuration problem in what you're trying to do. Either the wifi LAN won't allow it, or your OpenVPN settings are off, or the OpenVPN app is somehow unhappy in Nougat.
Skripka said:
I'll bet your wifi doesn't approve of VPN.
UDP and TCP connection through the Private Internet Access app work fine. There's a configuration problem in what you're trying to do. Either the wifi LAN won't allow it, or your OpenVPN settings are off, or the OpenVPN app is somehow unhappy in Nougat.
Click to expand...
Click to collapse
It's definitely possible that the OpenVPN settings are off, possibly requiring a different configuration on the v20, however the WIFI is fine and Nougat isn't an issue as it works fine on my Nexus 6 2014 running Android 7.0.
PhantomGamers said:
Out of curiosity, does UDP work for you? I figured UDP was working, because it showed as connected with no errors on OpenVPN Connect but it actually doesn't load anything from the internet whilst connected and the other OpenVPN app is giving me the same "SIOCGIFHWADDR(lo) failed" error.
This is a pretty major issue
Click to expand...
Click to collapse
Yep, UDP works without issue through OpenVPN.
My PIA app works as well.
It depends on the security settings with the network, with my home wifi or data using from the Usim, it works ok, if using my company network, it block me out, and won't connect.