Samsung - VPN Issues - AT&T Samsung Galaxy S II Skyrocket SGH-I727

As a new XDA user involved with development, but unable to post in the development boards because of minimum post restrictions, I am going to drop some general information here (getting my post count up). This is also an attempt to see how many people are frustrated with the VPN connectivity on Samsung Platforms and desire a kernel fix.
Behavior:
An inability to connect to a VPN concentrator, or a seemingly successful connection with a failure to pass traffic across the tunnel. You can observe the behavior by connecting to your VPN, having the interface report a successful connection, but when you attempt to access resources on the other side of the tunnel you will not be able to reach them. When you view the status of the VPN connection, you will see that no packets were encrypted and passed along the tunnel.
Cause:
While I cant rule out a configuration error in every case, I can in mine. Samsung was/is creating kernels for GB and ICS with a slimmed down version of ipsec-tools/racoon. Without getting to technical, this is the module responsible for negotiating the multiple phases necessary for a fully functional VPN tunnel. Because it is slimmed down, IPsec-Tools lacks its usual level of configuration necessary to support a wider range of VPN encryption types.
Solution:
Sorry, for all of you vanilla/non rooted users (really, who is that here anyway?) there is no fix. For everyone else, we need a kernel (the version depends on your rom) with a full version of IPSec-Tools baked in.
Let me know what you people think, the more responses the better my chances of getting this put together. Feel free to also give me a tl:dr
PS: I already tried and failed at compiling this myself, if anyone knows of any good places to start learning a bit more about kernel compiling please drop it here or PM me.

Thanks, I thought the problem was in my router. I am using a Linksys router with DD-WRT on it, and thought the problem was on that end.

Hawkeye9723 said:
Thanks, I thought the problem was in my router. I am using a Linksys router with DD-WRT on it, and thought the problem was on that end.
Click to expand...
Click to collapse
Could be, what version of android are you on? Were you experiencing the behavior above, successful connect and no packets transmitted? Usually dd-wrt wants you to setup the vpn as SSL IPsec (RSA Certificate). I have not yet given tried that implementation but have been attempting IPsec + xAuth PSK (3des encryption).
I have in the past configured dd-wrt to work successfully using the "VPN (the easy way)" on the dd-wrt site (sorry, I'm not allowed to post hyperlinks yet).

It would be great if we could get VPN running like it should. Would make my life a ton easier for work, I wouldn't need to carry around my laptop just to diagnose a tiny problem.
~PsyCl0ne

PsyCl0ne said:
It would be great if we could get VPN running like it should. Would make my life a ton easier for work, I wouldn't need to carry around my laptop just to diagnose a tiny problem.
~PsyCl0ne
Click to expand...
Click to collapse
As an IT professional, that's my motivation as well. Been following all of the leaks and releases, no fix yet. Looks like we'll have to take matters into our own hands.

I haven't tried in on ICS yet. I was running the stock GB. It would connect, bu could not access anything on my home network. I also could not access anything on the internet. Trying to access the router config page would just timeout. I had dd-wrt set up using PPTP.

Yeah, could be the same issue.
Don't mean to patronizing, if I am I apologize...
Did you try setting the advanced options? See attached image.
Leave the DNS settings alone. Try adding the forwarding route ie. If your router address is 192.168.1.1, put 192.168.1.0/24 in that field (192.0.0.0/8 or 192.168.0.0/16 should work too).
Sent from my SAMSUNG-SGH-I727 using xda premium

this issue exists on most samsung phones, from GB to ICS - not sure about JB.
ipsec is broken

Related

Wifi+DNS on XDA Mobile 6

I rarely post questions because most that I have had have been answered already and I can find what I need through searching.
However the amount of apparent confusion in the questions and answers on this subject has made it impossible to figure this out.
I cannot reliably connect via wifi on my Wizard running XDA Mobile 6.
Problem:
1. Wizard connects to Wifi, but does not correctly get DHCP.
Okay, a pda is pretty useless as a wifi device if it can't receive a dynamic address, but I set up a static IP (on the Wizard) to work with my router, and deferred diagnosing this until after I actually have wifi working at all.​2. Wizard cannot seem to choose a DNS server.
It apparently tries to use the GPRS dns server to resolve addresses, and can succeed, but this is slow. If I disable the phone it uses the DNS I entered (my wifi router). and works precisely as it should, resolving domain names almost instantly, just like the other wifi devices on my network. With the phone turned on the DNS address seems to be ignored​
Is there someone out there who can address this problem? Maybe I need a primer in the serpentine methods Windows Pocket PC uses to configure itself to connect to networks, because it certainly doesn't seem the least bit logical from this writer's perspective.
Thanks.
Le Zouave
Yes, I had the same issue with most 6.0 ROMs here. But TNT 6.0 ROM works without changing DNS manually. Haven't checked the root cause is ...... You might install TNT ROM to see whether it resolve your issue.
That's some kind of DHCP problem.
I don't have it with my cooked ROMs.
When DHCP is used to get an IP address, it also gets the DNS servers sent back in the same response packet. So if you disable DHCP (or it fails) you need to manually configure both it and the DNS addresses.
Exactly my point.
It's clear that the problem is a DHCP client failure. There are plenty of posts here saying things like, "try a different ROM" etc. The information I am looking for is how to fix it.
Uh, try a ROM that doesn't have the problem?
The ones I've run (including my own cooking) work fine.
oops- double post
I was sort of hoping for a registry key to edit or other setting...
DHCP is working, for example on Remote NDIS-host (activesync connection), so it seems likely that there might be another solution.
I will have a look at your ROM, Genesis3.,

School wifi problem

Just got my Samsung Captivate about a month and I got my wifi connected to the school network, but when i open the broswer or any apps need internet i didnt get any connections? at the first week it works.. and when connecting to the school wifi it should be come out with the school login page,, then the internet will work.. however the wifi is connected doesnt matter how strong the wifi singal is.. it just cant load and cant bring me to the login page..
I really need help..
and the wifi works everywhere.. except my school...
btw my friends iphone 3gs works..
I am also at college and have had the same problem. the best reason I have found is the phone itself. half of our wifi is an older standard that does not work on the phone. it shows up as wep and i can not get it to recognize it as 802.1x . in my tinkering I have also messed up the wifi that was working.
long story short it probably won't work. I have spent a long time trying to get it to work with no luck
Sent from my SAMSUNG-SGH-I897 using XDA App
Hello to both of you,
I also attend a college with an 802.1x connection and the captivate supports most of these networks; however you will probably need to configure the network settings manually (usually retrievable on your schools IT site). If you dont mind digging up your settings I would love to check to see if I can configure your phone.
FYI, you might be having a problem similar to what's seen in this post.
http://androidforums.com/captivate-support-troubleshooting/142397-odd-netmask-issues-wifi.html
I definitely had this problem today. It appeared connected but no web pages would load. Going to have to investigate further. Why can't things just work
I know my school recently implemented some new security certificates that you must agree to before logging in, has anything like that changed for you? My wife's Aria is running 2.2 and can log into the school network, but my captivate cannot. It is frustrating I know.
Seems some colleges and universities are noticing issues with android devices letting the DHCP leases to expire but keeps using the IP address assigned instead of requesting a new one.
See the following links.
h t t p ://www . natecarlson . com/2010/08/27/android-att-captivates-wifi-networking-is-broken/
h t t p ://www . net . princeton . edu/android/android-stops-renewing-lease-keeps-using-IP-address-11236.html
I actually have similar issues with my Belkin wireless router at home. My laptops and other wireless devices have no problems connecting or re-connecting but the Captivate just refuses to re-connect after the connection was terminated. Even after resetting the router, the phone just keeps trying to use the same IP address for some reason.
The only way I could get it to reconnect is to either reboot the phone or to remove the AP entry which is a pain especially if you have wireless passwords.
Hopefully someone with better insight into how Eclair and Froyo handles WiFi can come up with some fix.
more solutions?
I believe the new 2.2 firmware solves this issue. I too am at College and my captivate FAILS to actually access the internet through wifi unless I statically assigned the IP.
I just updated to Froyo and it connected instantly. I'll have to do more testing to make sure, but I think Samsung finally fixed it.
captivate wifi issue at school
i just got Galaxy S (Captivate) and wi-fi is giving trouble.
when i tried at a university campus, it gives error and says can't open and try again later. it is like, i get connected to the network, IP and DNS and everything is generated. But when i open browser to open a website, instead of taking me to login page it gives the above error.
here is what i get when i try to open a website.
'web page not available'. the page might be temporarily down or it may have been moved permanently to new address.
here are some suggestions:
- check to make sure device has signal and data connection. (I made sure it is connected to wifi)
- reload page later. (i tried after 5 mins, same result)
- view cached copy from google. (doesn't work either)
i am not able to understand why is this happening. i tried restarting the phone after connecting to wifi but no luck. any pointers?
Sounds like they use a portal system which requires logon and doesn't play nice with the Captivate's browser. Unfortunately many such portal systems are written poorly and I've even seen some that only work with Internet Explorer.
You could try a different browser on the Captivate. Dolphin allows spoofing assorted User Agents, which might help.
Hey guys, I have the same problem connecting to m school's network login page. It would say connected but the website always says cant be found. But the good news is that I found a way to connect to it manually! What you need is your captivate and friends iphone 4 or 3gs. First have use your friends iphone to connect to the wifi and then go into wifi settings. You should see 2 DNS address, Ip address, netmask (subnet mask) and router address. Now jot those addresses down except the ip address. Go to settings->wireless and network->Wi-Fi settings->now tap the bottom left button under the samsung logo and click advanced. Now check use static ip. Do not enter anything for your ip address just yet (we will do this last). Now enter router address into gateway, subnet mask into netmask, DNS1 to DNS1 and DNS2 to DNS2. ok when you are done click back and tap the network you want to connect to. Once you are connected jot down your ip address by taping the network once more. now go back to where the static ip was and input the ip address you just jot down into the ip address underneath use static ip. Disconnect and reconnect to the desired network. You may have to do this a few times or reboot your phone. This has been working for me so far around different buildings but with the same school network connection. I hope this helps cheers!
sremick said:
Sounds like they use a portal system which requires logon and doesn't play nice with the Captivate's browser. Unfortunately many such portal systems are written poorly and I've even seen some that only work with Internet Explorer.
You could try a different browser on the Captivate. Dolphin allows spoofing assorted User Agents, which might help.
Click to expand...
Click to collapse
Yeah, my school uses the Bradford dissovable agent. Funny thing is, some connections work perfectly, others not at all. Technically none should work, and sometimes I feel that maybe I should tell them that sometimes somehow it is possible to bypass the whole agent thing- but why rock the boat just yet
Does it need a proxy to work? If so, this app is amazing.
http://forum.xda-developers.com/showthread.php?t=766569
I figured it out a month ago, and it is actually petty easy. But you really have to change ip address manually, usually just the last number.
Sent from my SAMSUNG-SGH-I897 using XDA App

PPTP encryption fix (getting close)

For anyone interested in playing with it, I have built the ppp_mppe.ko module that is missing to make the PPTP with encryption work. My initial testing shows that it connects and passes traffic. Unfortunately, after a few minutes it stops passing traffic but remains connected. I need to investigate the logs...
To try it, open a terminal, cd to the folder where you stored it, su (YOU NEED ROOT), "insmod ppp_mppe.ko", and then go try an encrypted VPN PPTP connection. Mine failed the first time, and then worked on subsequent connections.
e081820061574b1ab1188294e62e1cff ppp_mppe.ko
I'm curious to see if anyone here cares about this and how it works for you.
Shayne
I'm really interested in make my VPN work. I'm using CM7 on Galaxy Tab. I don't think your module was made for my kernel.
Is this ever going to be fixed? I'm able to connect to my PPTP VPN provider, and it requires encryption. I can ping out for a while... but as soon as I open the browser or other app the actually uses the net the pings stop and connection stops transmitting, although still connected. So frustrating...
Yeah, the module isn't going to work on other devices.
I get the same result as you when I do a PPTP connection. Actually when I posted this I hadn't dug deep enough to find that this was a long standing problem, and I just figured that getting the module loaded in would fix it.
Seems like this module should be where the bug is, but I haven't had time to look at it more closely. Apparently there aren't enough people that care about this feature.
Looks like this problem is related to the MTU. I can send/rcv 1380 byte pings, but anything bigger causes the connection to quit working. I'm thinking that rebuilding pppd with a lower MTU might be interesting, but I need to get set up to do that. pppd does not pay attention to config files, and mtpd, akaik, doesn't pass an mtu/mru arg to it.
velocityfactor said:
Looks like this problem is related to the MTU. I can send/rcv 1380 byte pings, but anything bigger causes the connection to quit working. I'm thinking that rebuilding pppd with a lower MTU might be interesting, but I need to get set up to do that. pppd does not pay attention to config files, and mtpd, akaik, doesn't pass an mtu/mru arg to it.
Click to expand...
Click to collapse
I have come across this blog with some mtpd command line examples, see if it helps on manually connecting with custom MTUs.
I also tried a couple suggestions of changing MTU on the eth0 to 1480 and 1380 before and after connecting to the VPN, without any success. Also tried different MTUs on ppp0 after connection also with no success.
I just wanted to say that even though this stuff is far too above my head for me to contribute, thanks for working on this!
Now I can keep daydreaming about turning my phone into a PPTP server...
I understand that this thread hasn't been active for a while, however, I do want to say thanks for this! With the provided module, I was finally able to connect to our VPN server using PPTP with encryption. In fact, I was able to do so as well over 4G. I read through several threads on various sites regarding the commonality of this issue and possible firewall NAT restrictions on Verizon's behalf. It seems it was just a module needed that fixed all this.
On a side note, I haven't had the connection dropped so far. I'm about 1000 ping sequence in and connectivity is still up and running. Not sure if this is an effective means of validation it.
If it helps others looking into this issue as well, note, that I've tried virtually all available kernels as of date to this posting. Nothing worked. This module was the only thing that granted access to our VPN server.
Update: Spoke to soon. After attempting to log into a server, data was no longer able to pass through.
I'm glad to hear it has helped you. It didn't turn out to help me.
To test it further, I suggest you pass some real traffic over it. Regular ping traffic doesn't cause the loss of connection that I'm familiar with. If it continues to work, count yourself lucky, and you might want to convince your favorite kernel builder (imnuts, maybe) to include that module.
I spent some time looking into the dropped connection issue and was not successful at finding a solution. What I think I learned is that when the pptp server handles a packet larger than the mru and fragments the packet, the first fragment decrypts ok, but the second fragment decrypts to junk. It's supposed to be stateless encryption, but all subsequent packets silently fail to decrypt. Thus, all traffic stops moving and the link eventually times out.
This problem only seems to affect the reception of packets. The outgoing traffic seems to be unaffected.
The PPP and MPPE code in the froyo kernel is unchanged from that in the mainstream Linux kernel. My Ubuntu desktop can do PPTP with MPPE no problem. So why can't froyo?
This was absorbing too much of my time, so I finally gave in and set up L2TP.
velocityfactor said:
The PPP and MPPE code in the froyo kernel is unchanged from that in the mainstream Linux kernel. My Ubuntu desktop can do PPTP with MPPE no problem. So why can't froyo?
Click to expand...
Click to collapse
I'm not entirely sure if froyo's at fault as I was able to confirm with a few of my colleagues that they were able to VPN with PPTP just fine on their non-charge device that's on froyo. Additionally, I even tried the GB leak but ended up with the same results.
velocityfactor said:
This was absorbing too much of my time, so I finally gave in and set up L2TP.
Click to expand...
Click to collapse
Thanks for taking a stab at this though. It does seem that there isn't a big call for this feature within the community; a huge bummer for those that does need it.
Problem details
I have this problem with my HTC Inspire 4G and I've been researching it a lot.
The error reported on PPTP server side suggests that Android PPTP client tries to negotiate unsupported protocol:
pppd: Protocol-Reject for unsupported protocol 0xxx
but it is a misleading message since initially the protocol is negotiated correctly and the connection is established. Only after several dozens of frames are transmitted the error appears and it repeats with different value of unsupported protocol in the message.
Since then the PPTP tunnel is out of sync and Android client sends effectively random octets from the MPPE encryption module.
I will include links here to Web pages with details FYI if you are interested in more details about it.
http://www.securitykiss.com/resources/articles/android_vpn_bug/index.php
http://code.google.com/p/android/issues/detail?id=10901
http://code.google.com/p/android/issues/detail?id=4706
velocityfactor said:
This was absorbing too much of my time, so I finally gave in and set up L2TP.
Click to expand...
Click to collapse
Interesting that PPTP failed you, but L2TP worked. I had the opposite experience. A stock unrooted Android 2.2.2 connected to a debian pptpd just fine, mostly with default settings. (although I didn't go as far as to route traffic, just confirmed that there's an encrypted connection)
But it's ipsec that doesn't work for me. Would you please post the L2TP server configuration that works for you?
I'll post the PPTP server settings if anyone is interested.
The PPTP doesn't fail until you send traffic. Specifically, it works ok until you send a large packet that get fragmented. Then it seems the encryption becomes out of sync and things go downhill from there.
My L2TP is running on Windows Server just using default settings, so nothing to post really.
This thread should probably be closed since it doesn't really relate to the Charge specifically and the fix isn't "getting close" afaik.
Shayne
At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.
Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise
Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.
xdadevnube said:
At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.
Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise
Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.
Click to expand...
Click to collapse
I think samsung screwed it up more than the OS.
xdadevnube said:
At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.
Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise
Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.
Click to expand...
Click to collapse
Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.
Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.
Haadkoe said:
Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.
Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.
Click to expand...
Click to collapse
I dunno, but I just got it working on ICS 4.03 CleanROM Kang Tapped Edition for the HTC Rezound.
MPPE enabled.
It passes traffic, can browse the web, copy files from a network share. Connectivity does not get lost.
It does use the remote gateway.
I didn't check on if it was possible to set a local gateway.
Anyways, I've been waiting for this damned feature for quite some time.
If all you want to do is access your PC's files, I suggest PocketCloud Explore.
It is pretty tight.
Haadkoe said:
Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.
Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.
Click to expand...
Click to collapse
there is a specific way to force Encryption on the PPTP server on ddwrt
More info.
http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration
Okay, for anybody interested, I did get successful VPN with encryption working on the Droid Charge with an app called VPNRoot:
https://play.google.com/store/apps/details?id=com.did.vpnroot&hl=en
Plus, this allows one to have no pin or pattern unlock, no lock screen at all actually.
It worked for me on both the Droid Charge with Tweakstock 2.0 and the HTC Rezound with an ICS ROM.
I paid for the pro version of the VPNRoot app by donating to the dev. Now I finally have the feature I wanted over a year ago when I got my Charge.
ICS works with VPN, but you have to have a pin or pattern lockscreen on your phone. If you disable the lockscreen with NoLock or via a tweak, you still have to enter your pin or pattern every time you click a notification....
VPNRoot does exactly what I want. For some reason at first I had trouble with it, but the latest version seemed to fix all the issues.
I haven't done thorough testing on speed yet, but hopefully will soon.
xdadevnube said:
Okay, for anybody interested, I did get successful VPN with encryption working on the Droid Charge with an app called VPNRoot:
https://play.google.com/store/apps/details?id=com.did.vpnroot&hl=en
Plus, this allows one to have no pin or pattern unlock, no lock screen at all actually.
It worked for me on both the Droid Charge with Tweakstock 2.0 and the HTC Rezound with an ICS ROM.
I paid for the pro version of the VPNRoot app by donating to the dev. Now I finally have the feature I wanted over a year ago when I got my Charge.
ICS works with VPN, but you have to have a pin or pattern lockscreen on your phone. If you disable the lockscreen with NoLock or via a tweak, you still have to enter your pin or pattern every time you click a notification....
VPNRoot does exactly what I want. For some reason at first I had trouble with it, but the latest version seemed to fix all the issues.
I haven't done thorough testing on speed yet, but hopefully will soon.
Click to expand...
Click to collapse
VPNRoot works great, thanks! I have the same issue on my Hyundai T7 with android 4.0.4, times out connecting to my VPN, but this app solves that problem.
I'm using vpn root on a s4 with stock ics firmware.
it can connect but times out all the time.
I can do google searches fine but trying to load any Web page just hangs.
have a pptp vpn on dd-wrt.
is there any settings I need to change?

vpn / ics

Ok, maybe it is not related to ics. After installing ics, I lost my vnp connection for the office (maybe because I was not using any lock screen before) I have re-entered my vpn, but now I always get a "timeout" when I try to connect Do any of you who are using vpn's connection also have this issues, or maybe I have something wrong in my vpn settings ?
Anyone with stock firmware ics can confirm vpn is still working ?
Working fine for me, might be your specific vpn?
Sent from my Transformer TF101 using xda premium
Ok thanks. I'll make sure with the technicien here that everything is ok on their side
I had the same problem...the vpn connection settings were erased after ics update.
I created the connection one more time but didn't worked. I deleted that connection also and created another one...with the same details and worked.
Can confirm this issue also. After creating a new connection vpn works like a charm.
L2TP/IPSec PSK vpn is broken for me after upgrade to ICS. Seems to be a known problem with ICS. My colleague's Transformer Prime with ICS also not working with same type of VPN. It was working great with Honeycomb 3.2.1 before upgrade on both devices. I use the tablet for work extensively so this kind of sucks. Everything else is great.
Have a B90 TF101 so can't easily downgrade!
So is it an accurate assessment that L2 VPNs still do not work on ICS, such as solutions from Cisco and Juniper? We had to setup a special L2TP/IPSec PSK for just Android devices, whereas iDevices work just fine with industry standard SSL VPNs. Amazing that Google can't get on board with this. Wondering too if the Exchange cert issues still persist with the default mail client.
Yes. We setup L2TP/IPSec with PSK on a SonicWall firewall that works for both the iDevices and our Android devices. All android devices that upgraded to ICS stopped working. Will try to connect but will timeout trying to establish connection. I can't confirm all other L2TP VPN types but PSK is definitely not functioning.
We've never had any issues with Exchange push on the devices.
I can confirm it.
Today we have tested furthermore.
Everything is ok on the server side and on the client side.
Looking at the firewall, we can see the tf101 establishing a connection, but nothing about phase 2, it's like the server is giving the acknowledge about the PSK, but the TF101 can't hear or is not listening to it.. eventually it goes out with a timeout.
Everything was ok before ics.
where should i post this message, is it enough to be listed here or should a send a support mail to asus ? or google ?
by the way I've tried deleting and recreating, but still not working.
I formatted before and after ics. I would suggest a format first.
Sent from my GT-I9100 using xda premium
is there a solusion for not using a secure lock while using vpn on ics?
Sent from my HTC Sensation Z710e using xda premium
I've done a factory reset too, still the same problem
Alternative Solution
Hello,
This isnt a fix by any means but have you had a look at 2X Application XG Server, it is a little like citrix but a hell of a lot cheaper.
The client is awesome and works perfectly for windows, android and iOS.
It is free if you have a low count of concurrent users, I believe it is 5 concurrent users for free, anyway the link is below;
cant post links guys sorry it is 2x with www and .com in between...
If you need a hand with deployment drop me an email at [email protected] and we can sort something out, not doing the big sell here guys just something we use as a company when we decided to move our customers away from VPN's.
Anyway hope someone finds it useful.
cheers.
Don't know if this will help but i use vpnc widget and 2x client. My system is all cisco, and the only way i could get to it before was with an ipad, which i have since given away for obvious reasons. I have been on revolver for some time now, and just upgraded to 4, with no issues whatsoever - if anything it is more stable!
Works for me, too, but I sure would like to know if anyone has figured out how to disable the screen-lock when credential storage is enabled, as I am using mine for an individual OpenVPN and PPTP vpn and it is just plain irritating.
i've sent technical inquiries to Asus with no response. Very disappointing. I guess they are fixing other issues that have a more broad base of users before they take on things like VPN. I believe this is a general ICS issue as a quick search on Google shows varies reports across different manufacturers who have released ICS and the L2TP VPNs are broken. Several bug reports have been reported to Google. Great way for Google to alienate business users.
Do a Google search with these terms and you see all the references to this problem
"L2TP IPSEC PSK android ics"
I was wondering if anyone out there was using an IPSec Xauth PSK type connection? This is what we have at work. I set up the connection on my TF101, I put in all the correct info, and when I clicked connect it connected; however, there was no data sent or received. I disconnect and try reconnecting, but the connection times out. Before the ICS update I didn't even have this connection option so its a step in the right direction, the only problem is that nothing happens when I connect. Is anyone else having the same problem? Is this a known issue? Thanks in advance for any help you can offer.
x_kain_x said:
I was wondering if anyone out there was using an IPSec Xauth PSK type connection? This is what we have at work. I set up the connection on my TF101, I put in all the correct info, and when I clicked connect it connected; however, there was no data sent or received. I disconnect and try reconnecting, but the connection times out. Before the ICS update I didn't even have this connection option so its a step in the right direction, the only problem is that nothing happens when I connect. Is anyone else having the same problem? Is this a known issue? Thanks in advance for any help you can offer.
Click to expand...
Click to collapse
Works great here. I use the vpnc widget and x2 client as well works a treat since ics update.
vettejock99 said:
Works for me, too, but I sure would like to know if anyone has figured out how to disable the screen-lock when credential storage is enabled, as I am using mine for an individual OpenVPN and PPTP vpn and it is just plain irritating.
Click to expand...
Click to collapse
Grrr... indeed. But I've foud a free app on Market: VpnROOT - PPTP - Manager
karlr30 said:
I've done a factory reset too, still the same problem
Click to expand...
Click to collapse
+1
Edit: Hummm... for me I've found a temporary solution by using another app found on Market: "VpnROOT - PPTP - Manager".
My VPN use PPTP with MPPE encryption so, this one works fine for me.

[Q] Won't reconnect manual network without SSID broadcast?

So the S3 has known WiFi issues, but mine seems to have none of the issues I've read about thus far. It does have one irritating thing that has been driving me crazy for the longest time. If I ever move outside of the range of my network, reboot, or etc such that the WiFi has to be reestablished, it will decide that my network is "out of range" even though the signal is well within an acceptable minimum (it's a tad bit weak, but, once established it holds extremely steady pretty much no matter what I'm doing.) If I remove and re-add the network settings it works perfectly, again with a stable signal and perfect speeds until the next time I move out of range or reboot.
For now I've reenabled SSID broadcast, but I really liked the idea of having it off as it's a ridiculously simple yet strikingly effective security mechanism (I like the "security through obscurity" methods when I can -- especially since I'm having to use the old WEP encryption protocol to support some older devices, though I'm just about ready just to give up on them at this point. Even the best hacker in the world couldn't get into my network if (s)he never actually made any attempt to do so in the first place.) With SSID enabled, it has no troubles picking up my network every time, it just won't automatically pick it up without it.
Is this just an issue with the software itself or something? Anything that can be fixed from the user side, or is it something that can only be fixed by an update to the OS or related software itself? (But then with 4.1 coming soon supposedly I'm kind of hoping that if it is an issue with the software that would fix it. Still, that's a while away at least and this is assuming their plans aren't messed up with this whole lawsuit business causing them so many problems right now.)
If you have SSID broadcast disabled, how do you expect your phone to recognize the network? I can see how it would work if you enable SSID, connect to your network then disable it again, but it's not going magically reconnect with SSID disabled, its not logical seeing your SSID is what makes it possible for your phone to find your network.
Sent from my SCH-I535 using xda app-developers app
Wep sucks ofcourse but how about just setting up a mac addy auth to give another layer of security and enable ur ssid
Sent from my SCH-I535
I do use MAC address filtering if that's what you mean. While it might stop a script kiddie, I don't have a huge amount of confidence in it. MAC address spoofing is so pitifully easy than with computer equipment at least you usually are even presented with a configuration option that lets you specifically change the MAC address to anything you want. I'm definitely sticking with it because, well, there's absolutely no reason not to, but I actually have less confidence in MAC address filtering to stop anyone than disabled SSID broadcasting because anyone actually actively trying to break in should pretty much immediately bypass that particular mechanism right off.
Shibby87 said:
If you have SSID broadcast disabled, how do you expect your phone to recognize the network? I can see how it would work if you enable SSID, connect to your network then disable it again, but it's not going magically reconnect with SSID disabled, its not logical seeing your SSID is what makes it possible for your phone to find your network.
Click to expand...
Click to collapse
ALL other devices are smart enough to search for a manually configured network if they actually know the SSID to search for. My Roku, my Android 2.2 "Internet Tablet" (basically a PDA) by Archos, my Nintendo DS (this is the main thing holding me back at WEP, and as ancient and pitiful as its networking is, even IT can connect on its own without making me manually recreate the settings every time!) and my EeePC running Windows XP without any software to manage the WiFi settings except the built-in Windows thing.
Nazo said:
So the S3 has known WiFi issues, but mine seems to have none of the issues I've read about thus far. It does have one irritating thing that has been driving me crazy for the longest time. If I ever move outside of the range of my network, reboot, or etc such that the WiFi has to be reestablished, it will decide that my network is "out of range" even though the signal is well within an acceptable minimum (it's a tad bit weak, but, once established it holds extremely steady pretty much no matter what I'm doing.) If I remove and re-add the network settings it works perfectly, again with a stable signal and perfect speeds until the next time I move out of range or reboot.
For now I've reenabled SSID broadcast, but I really liked the idea of having it off as it's a ridiculously simple yet strikingly effective security mechanism (I like the "security through obscurity" methods when I can -- especially since I'm having to use the old WEP encryption protocol to support some older devices, though I'm just about ready just to give up on them at this point. Even the best hacker in the world couldn't get into my network if (s)he never actually made any attempt to do so in the first place.) With SSID enabled, it has no troubles picking up my network every time, it just won't automatically pick it up without it.
Is this just an issue with the software itself or something? Anything that can be fixed from the user side, or is it something that can only be fixed by an update to the OS or related software itself? (But then with 4.1 coming soon supposedly I'm kind of hoping that if it is an issue with the software that would fix it. Still, that's a while away at least and this is assuming their plans aren't messed up with this whole lawsuit business causing them so many problems right now.)
Click to expand...
Click to collapse
hidden ssid enabler will solve this problem. it works great for me. follow the directions in comments of play store though.
You know, I do believe that did actually solve the problem. I guess more testing is needed, but in my initial test it seems to have worked just fine with the SSID broadcast set to hidden again (I even rebooted the router and phone both just to be sure the settings fully took.)
It still strikes me as being a bit dumb that my ancient Nintendo DS that can't even handle WPA can handle a non-broadcast SSID and my previous Android PDA could as well, yet this Android phone couldn't out of the box...

Categories

Resources