Android 9 will not connect to our WiFi. I can connect with a windows device. We're using PEAP with MSCHAPV2. Certificate issued by internal CA. CA cert. has been installed on the Android device and it shows it as a CA. Initially I was getting an unknown CA error on the device. Turns out we were issuing SHA1 certs so I corrected that and that error is no longer showing now. Looking at the logcat log I can't find any other information that stands out to me other than "04-27 10:28:50.686 20424 20424 D wpa_supplicant: wlan0: Event DEAUTH (11) received". Packet capture shows the engotiation start between the android device and RADIUS and then RADIUS sends a reject which the code appears to mean an EAP method couldn't be negotiated. I've gone through the RADIUS server over and over and can't find anything wrong on that end and like I said earlier, windows laptops connect fine.
Update: I've got this working now. It was an issue on the Radius/NPS server side. Be sure to have TLS 1.1 and 1.2 enabled properly. There is some innacurate info. out there on the correct Hex values to use.
Related
I am having problems setting up my WiFi connection with my SDA (HTC Tornado ...Tmobile unlocked) with Windows mobile 5 and i cant find a solution..please help me...
When using my laptop wifi connect I set up the following
Network Authentication OPEN
Data Encryption WEP
key is automatically provided (i tick this option)
Enable IEEE 802.1x authentication for this network
EAP Type as PEAP.
Then under configuration of PEAP I uncheck Validate Server Certificate and authentication method selected as "Secured password (EAP-MSCHAP v2) and "enable fast reconnect" is also ticked.
With these settings it works perfectly well in laptop. But with these settings made in the SDA phone it gives the following error msgs ; "The server certificate is issued by an unknown authority" and "Cannot log on to the wireless network. This network requires a personal certificate to positively identify you."
I have done the registry edit (adding DWORD ValidateServCert=0). It stopped showing the message ""The server certificate is issued by an unknown authority". But the other msg still comes. Actually for PEAP we wont want personal certificate. I think this is a bug. Then i installed a dummy personal cert to cover this bug. Now no more error msgs, but internet is not connected.
Then i installed the root certificate (specific for my univ) i got from my laptop (windows xp). But no effect. I checked under root cert to see if it is there and i saw it there.
Sorry for this long story sometimes we need long explanations to fully understand the problem.
SOMEBODY PLEASE HELP ....
try using a key that is not provided automatically. May not be the fix you want, but it works for me (never tried doing it your way).
I need some assistance on setting up VPN access to my corporate network on my X 7510. I am technologically barely savvy. I am a business user of my X 7510.
Can someone please help me in configuring my device to access my corporate VPN?
The following describes my attempts to configure the VPN settings using the standard VPN configuration available on the device:
I am using the settings given by my network team. We are using a pre-shared key and no certificates. Our corporate VPN uses CISCO ASA 5520. When I setup the VPN there is an "Advanced" option that asks for certain server IP addresses. Our network team says that this need not be used.
I am trying to connect over a GPRS network. The most frustrating part is that the IT Manager uses an iPhone and he downloaded a VPN client for 9 dollars from the Apple Store and it works beautifully !!!
But I am not able to connect and I get an error message that says that there is a problem with my user name and password. The message asks me to turn off and turn on my device to see if that fixes my problem. But it does not.
I have triple checked all the setting details with our network team and all the data are correct. My network team can monitor connection attempts and they say that they are not even able to see any connection atempts from my device.
Can somone please help me?
I Think it depends on the rom you use. If that vpn package is there.
I also have a problem with my VPN on x7510. I think I get all the settings right because it says I am connected to my corporate network. Our network administrator from the network monitoring desk actually sees me connected. But I cannot access any application on the network, not even my company's intranet homepage.
Another irritating part is that when I fire up any application that requires internet access but not VPN - like Nimbuzz, the VPN starts to connect through GPRS - very annoying. So I have now set up the VPN to disallow internet access.
rsawoseyin
Can you please share how u have setup the VPN? I am not even able to connect.
Isn't there anybody else here who can assist?
My roms have vpn capabilities, if you go to connection at the bottom it has "set up vpn" (or something like that)
For HRPD systems (1xEV-DO 0, a, b, etc.), I am having difficulty understanding when an access terminal receives the SID of an access network. In 1xRTT, the SID is being constantly broadcast on the Sync channel with a Sync message. In HRPD, the Sync message is constantly broadcast on the Control Channel but the data fields are only 1) MessageID, 2) MaximumRevision, 3) MinimumRevision, 4) PilotPN and 5) SystemTime.
I see that the HRPD Location Updata procedure in the Application layer provides a way for the access terminal to request the SID of the access network but I assume that I must be missing something. Why would HRPD systems be designed to allow for obtaining the SID ONLY after a session has been established? If the access terminal's perferred roaming list has PREF_ONLY=1 and the access network of which the access terminal is attempting to connect has its SID set as PREF_NEG=0 then it has to go all the way through session establishment just to figure out that the base station it is attempting to access is not one that it is permitted to connect to. It seems so ineffecient, hence the reason why I believe I am confused.
Also, the QuickConfig message and the SectorParameters message of the Overhead Messages Protocol (broadcast on the Control Channel before a session is established) also contain no SID so this does not eliminate the need to establish a session in order for the access terminal to obtain the SID.
So, do the access networks broadcast their SIDs (prior to a session) in some way that I am missing or in some way that is not in the standards? Do HRPD access terminal manufactures configure the devices to have the capability to obtain the SID before establishing a session and before having to receive it with a unicast message after session establishment?
I appreciate any help and references to applicable standards. If I am not confused, then what is the point of waiting until a session is established before the access network reveals its SID? I don't see any reason why anyone would want to change from how it was done in 1xRTT.
When hotspot is enabled, internet is available on connected clients, but not on the phone itself.
I did a quick check of the signal and dialed *#*#4636#*#*
Network Type shows LTE, however when clicking "Run ping test", I receive an error messages: IP addr not reachable
The Hostname(www dot google dot com): Fail: Host unreachable.
Meanwhile, the device connected to the phone's hotspot is perfectly fine.
Where can I start to debug this problem?
XDA Visitor said:
When hotspot is enabled, internet is available on connected clients, but not on the phone itself.
I did a quick check of the signal and dialed *#*#4636#*#*
Network Type shows LTE, however when clicking "Run ping test", I receive an error messages: IP addr not reachable
The Hostname(www dot google dot com): Fail: Host unreachable.
Meanwhile, the device connected to the phone's hotspot is perfectly fine.
Where can I start to debug this problem?
Click to expand...
Click to collapse
Greetings!
Thank you for using XDA Assist.
In order for us to help, you must provide your device's make and model.
Thanks.
Hi all,
sometimes when my Android device (OnePlus 5, Android version 10) is connected to my mobile router, it shows "limited connection" in my wifi settings.
The connection still appears to work fine, however I wonder what exactly (technically) would trigger this message?
Is it, Android tries to access some host from time to time and if not reachable it turns this message on?
Or does it probably interpret some information contained in the Wifi payload itself?
Maybe one of the Android devs here can answer this for me. Or can point me to the code which controls this message, I am happy to study it myself then.
Thanks a lot and all already a Happy New year 2022.
Andi
Hi Andi,
the phone uses a captive portal detection to see if internet is reachable from the current connection or it's not reachable or if it's blocked by a firewall, such as in a hotel's wifi.
To do so, it connects to
http://connectivitycheck.gstatic.com/generate_204
and if it gets a 204 response, the connection is good and no message is displayed. In other cases it will open the wifi login portal (if any) or it will just display a limited connection note, as on your phone.
If you see the message despite the connection can reach internet, it means that there might be something (a firewall for example) blocking the connections to connectivitycheck.gstatic.com. Some applications, as Aurora Store, also use gstatic.com to check the connection, and they won't work if it's not reachable, even though the rest of the web can be browsed.
It is possible to change the address used for connectivity check by running these commands in adb shell:
settings put global captive_portal_http_url "http://<YOUR-URL>
settings put global captive_portal_https_url "https://<YOUR-URL>
You can use any url you want, public or privately hosted, the only important thing is that it has to return a 204 response code.
Happy 2022 to you too!
tremalnaik said:
Hi Andi,
the phone uses a captive portal detection to see if internet is reachable from the current connection or it's not reachable or if it's blocked by a firewall, such as in a hotel's wifi.
To do so, it connects to
http://connectivitycheck.gstatic.com/generate_204
and if it gets a 204 response, the connection is good and no message is displayed. In other cases it will open the wifi login portal (if any) or it will just display a limited connection note, as on your phone.
If you see the message despite the connection can reach internet, it means that there might be something (a firewall for example) blocking the connections to connectivitycheck.gstatic.com. Some applications, as Aurora Store, also use gstatic.com to check the connection, and they won't work if it's not reachable, even though the rest of the web can be browsed.
It is possible to change the address used for connectivity check by running these commands in adb shell:
settings put global captive_portal_http_url "http://<YOUR-URL>
settings put global captive_portal_https_url "https://<YOUR-URL>
You can use any url you want, public or privately hosted, the only important thing is that it has to return a 204 response code.
Happy 2022 to you too!
Click to expand...
Click to collapse
Thanks, this is a good pointer to further analyze this the next time it happens.
Many thanks for the detailed answer, really appreciated.
Have a great 2022
Andi