Any VPN client compatible with Cisco VPN concentrator? - 8125, K-JAM, P4300, MDA Vario Software Upgrading

In my office, we use a Cisco VPN concentrator with OTP.
I tried to connect this afternoon using my soft token to generate a key, to no avail. I suspect the MS IPSec/L2TP implementation.
Anyone has a client working on WM5?
Cheers,
Hal

There are a few around, i'm about to start testing any / all that i can find as my work are about to replace our local PPTP VPN server with the Cisco Concentrator setup at our head office.
So far, i have only tested one, with limited success - Bluefire Mobile Security VPN: http://www.bluefiresecurity.com. This client was able to connect and authenticate using the group authentication however it failed at obtaining an IP Address. They at least have a trial version available for download so I was able to test it without having to pay
As i test more VPN clients, i'll post my results in this thread and it would be great if others could do the same as i really want to get this working.
Cheers,
Chris

Hi,
I've used Bluefire (Trial version) for a few days with Cisco Gateway of my Company, and it worked perfectly.
The only limitation is that when connection is lost (it happens very often in mobility) the sw is not capable to resume the connection, so you have to digit usr/pwd again..

"Me too!"
Here is a post with my experience on BlueFire - http://forum.xda-developers.com/viewtopic.php?t=52386
Did you find anything better for IPsec VPN for WM5? Thanks.

Problem with IP tunnel address on bluefire here. I did speak with Dennis Komisky who is the CTO of Bluefire at MEDC and he mentioned that the latest version fixes many Cisco related issues.
Alas, when I fired up the latest trial although it did correctly auto sense and set up my DH pairs, I still had the IP tunnel address issue. Unfortunately, I haven't had time to pursue this though even though Dennis told me to contact support and drop his name if I had problems....

Sleuth255 said:
Problem with IP tunnel address on bluefire here. I did speak with Dennis Komisky who is the CTO of Bluefire at MEDC and he mentioned that the latest version fixes many Cisco related issues.
Alas, when I fired up the latest trial although it did correctly auto sense and set up my DH pairs, I still had the IP tunnel address issue. Unfortunately, I haven't had time to pursue this though even though Dennis told me to contact support and drop his name if I had problems....
Click to expand...
Click to collapse
Hmm, and I got a completely reverse experience - I can connect with BlueFire to our corporate Cisco VPN w/o a problem (I had to manually set IKE/IPSEC parameters though) and absolutelly cannot connect with AnthaVPN... I wish their log messages were more detailed.

Related

WM6: Ok, VPN: Ok, Remote Desktop: NOT Ok - HELP

Hello all,
I have been successful in loading the WM6 ROM: works great! I have been successful at using the phone for Bluetooth DUN. I have been successfull at setting up a VPN connection to my place of employment: I can look at the RRAS server GUI and see that I have established a viable connection.
What I have NOT been successful at is getting Remote Desktop to work. RD is one of the reasons I upgraded to this ROM. Has any one been able to get their Windows desktop on their Treo? If so, how did you do it?
I can't seem to find any pertinent information on how to make this work so anything you can tell me would be a great help.
Cheers,
idyllic
http://forum.xda-developers.com/showthread.php?p=1453117#post1453117
http://forum.xda-developers.com/showthread.php?p=1451613#post1451613
joannaex said:
http://forum.xda-developers.com/showthread.php?p=1453117#post1453117
http://forum.xda-developers.com/showthread.php?p=1451613#post1451613
Click to expand...
Click to collapse
Joannaex,
thank you for the forum pointers. Alas, they did not help. I did try to load the cab file from one of the threads, but it loaded the same version of Remote Desktop Mobile that I already had. I still get the same errors encountered with the previous version. Maybe this behavior is due to the "unofficial" ROM not being fully functional in some way? I don't know. It would be interesting to hear from someone that actually got this to work.
Cheers
idyllic
PS: in occurs to me that this might be a routing issue in the 10.x.x.x/192.x.x.x space. I could verify this if there were a command prompt where I could run things like ipconfig, tracert, netstat, etc. Or a log file that could be viewed. Just wishful thoughts I suppose
PPS: Just found two great progs, one called VXIPCONFIG which give you the info you would get in you did an ipconfig /all. The other is called VXUTIL which you can do PING, TRACERT, WHOIS and a lot more. The utilities are available from http://www.cam.com/windowdsce.html.
I have been able to connect to remote desktop. What has been successful for me has been to already initiate my 3G connection then connect using remote desktop. It doesn't seem to be able to start up the connection itself.
andokai said:
I have been able to connect to remote desktop. What has been successful for me has been to already initiate my 3G connection then connect using remote desktop. It doesn't seem to be able to start up the connection itself.
Click to expand...
Click to collapse
andokia,
I am doing the exact same thing: starting my 3G connection, then my VPN connection, and lastly Remote Desktop Mobile. The RDN ALWAYS times out with one of these two errors: "Connection Status - Cannot Connect. Likely reasons are: 1. Specified computer name or IP does not exist, 2. A network error occurred while establishing a connection." So, I'm kind of at a loss here as the troubleshooting tools available are not great. Thank you for the response!
Cheers,
idyllic
Hi idyllic,
Can you access a remote desktop when a VPN session isn't active? I have used the two separately without problems but haven't tried them together.
andokai said:
Hi idyllic,
Can you access a remote desktop when a VPN session isn't active? I have used the two separately without problems but haven't tried them together.
Click to expand...
Click to collapse
andokia,
no, I cannot access any system. I have tried my home system (firewalls turned off and on). I have tried my work systems (VPN on and off). Nothing seems to work. It's really frustrating to have a tool that you know can help you, but it doesn't work: aaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhhhh!
Cheers,
idyllic
I'm assuming you're trying to use a local address because you are connecting with vpn first. Did you put the local address in the exceptions list? If not the vpn connection will disconnect anytime you try to use an address that is not in the exceptions list.
Exceptions list: start\settings\connections\connections\advanced\exceptions
then add the local url
Hope this helps. Used to be the problem I had when trying to use VPN.
chris44gw said:
I'm assuming you're trying to use a local address because you are connecting with vpn first. Did you put the local address in the exceptions list? If not the vpn connection will disconnect anytime you try to use an address that is not in the exceptions list.
Exceptions list: start\settings\connections\connections\advanced\exceptions
then add the local url
Hope this helps. Used to be the problem I had when trying to use VPN.
Click to expand...
Click to collapse
chris44gw,
yes, I'm trying to connect to a local addres, but that address isn't a URL. The address I'm entering is an IP address of the machine for which I want to get a desktop. Now maybe I'm wrong, but my understanding is that I can use Remote Desktop Mobile to get, say, a desktop/console of one of my servers.
I've been able to surf the web on the phone, I've been able to use the phone as a Bluetooth modem, I've been able to connect to each of my companies VPN servers. Still now desktop. Whether I enter a fully qualified domain name or an IP address it never works.
Now, I have a little more information. If I just connect to the AT&T 3G network I can do a traceroute to the VPN servers. If I then connect to the VPN (PPTP connection verfied and active) I CANNOT ping anything on the corp. net. It has to be a routing issue I'm thinking. It seems that it needs to be fixed on the phone side, but I can't seem to figure out where to do this.
Anyway, I appreciate the pointer about the URL exception list.
Cheers,
idyllic
That's what mine looks like. Once I'm connected vpn wise into my 2003 server I can RDP into it and another XP machine on the network through the local IP. Only thing I can think of is if you have activesync connecting to an exchange server. It might disconnect the vpn. I think you've said you're verifying the vpn connections so I might look into the firewall on the computer or make sure RDP is on for the computer (although you've probably done that). Good luck though.
chris44gw said:
That's what mine looks like. Once I'm connected vpn wise into my 2003 server I can RDP into it and another XP machine on the network through the local IP. Only thing I can think of is if you have activesync connecting to an exchange server. It might disconnect the vpn. I think you've said you're verifying the vpn connections so I might look into the firewall on the computer or make sure RDP is on for the computer (although you've probably done that). Good luck though.
Click to expand...
Click to collapse
chris44gw,
thank you for the screen-shot. I gave this a try, but no luck. We don't use exchange servers at work and I've verified that no active sync is active during the connect process. Having downloaded a couple of tools to help troubleshoot, I've noticed that I CANNOT ping anything on the internal network: this after verify that the VPN connection active and viable. I have also verified that each system that I am connecting to has RDP turned on. I guess I'll just keep experimenting. I just can't help but think that there is ONE LITTLE THING that is keeping this from working.
Cheers,
idyllic
PS: What encryption level does the Treo 750 VPN app use? 56bit? 128?
PPS: Upon further testing... when I connect to the RRAS server (and connecting to the RRAS server has NEVER been the problem) on the West Coast (Windows 2000 Server std. SP4) I cannot ping the "inside" network. When I connect to the East coast RRAS server (Windows Server 2003 SP2) I CAN ping "inside" network. In either case I still cannot get a remote desktop.
Have the same problem on Diamond
Hi all,
After upgrading to wm6.1 on O2 Diamond unable connect to Remote Desktop.
When manually connected to Internet it works perfect, but from RD Client there is always an error (dial up or Proxy settings). All other programmes can always correctly initiate internet connection via GPRS/UMTS. Via Active sync RD works always.
MFG
Sorry, never got it to work. Call me a traitor, but I now have an iPhone and everything works the way I expect it... with two major exceptions: 1. no cut-and-paste, 2. can't be used as a tethered modem without jail-breaking the phone (which I'm not willing to do).
--idyllic
Similar problem HTC Touch HD
Hi all, sorry in advance if my problem ends up being because I've missed something basic; I'm trying to setup RDC on my HTC Touch HD with no luck. Computer name is right, password is right, IP is right. Fail message:
"connection status. cannot connect. likely reasons are: 1. specified computer name or ip does not exist. 2. A network error occurred while establishing the connection."
I'm connected to my WiFi network which also has the machine i'm trying to connect to on it. I've also tried when out of network range, connecting via 3G/HSDPA. Steps I've taken:
-Enabled remote desktop in system properties on target machine. Haven't added any remote users as it already allows me (admin on target machine) and I'm using those login details to access.
-Allowed RD in the packet settings of Kaspersky antivirus, using the address as the ip of my mobile, found by going to whatsmyip.com, and name as the name I've set on the device.
-Probably unrelatedly, I've also allowed the HTC to access the wifi through the MAC address access list
I can connect via a standard windows machine on the same router (which just needs the computer name, not the IP). Have found this useful as I had the details around the wrong way, but even now it's not working. Based on the tips in the link above, I'm under the impression that I should set things up thus:
Computer: the ip address of target machine
User name: EITHER my username OR MACHINENAME/User Name, e.g. John Smith OR JOHNSPC\John Smith
Password: pw
Domain: either machinename or blank.
Anyone know if this is right / which of the options for username and domain is right?
Cheers
Dez

Running OpenVPN on the Kaiser (3G)

I've been struggling with OpenVPN on my Vario III on T-Mobile and hope someone can throw me a bit of a lifeline.
I can connect to my OpenVPN (running on my WRT54GS router) via wifi but the problem is when I try over 3G. Even when I've specified the provider and ticked "exclusive", it manages to connect to my OpenVPN server but I get no further connectivity (to webpages etc).
As said, via wifi this config on my Kaiser works perfectly...
Code:
remote xxxxxx.homeip.net
port 22
dev tap
secret "\\Program files\\OpenVPN\\config\\secret.key"
proto tcp-client
resolv-retry infinite
nobind
comp-lzo
cipher AES-256-CBC
route gateway 192.168.xxx.xxx
redirect-gateway
dhcp-option DNS 192.168.xxx.xxx
but when tried via 3G it seems to have a problem with setting the routing..
Code:
Mon Oct 22 21:58:00 2007 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.
Just wondering if there is something either with the T-Mobile network or the Vario III which is specifically stopping me from using OpenVPN
Or are my settings misconfigured?
I've also attached a full copy of the log.
Thanks for any help you can give (Give generously)
CP
Sounds suspiciously like a NAT traversal or proxy issue to me. On the HSDPA network, there's a proxy in the picture. I don't believe that's the case for the Edge network. That could easily be the cause of the problem.
Surely once the connection has been established the NAT issue shouldn't be a problem?
TBH I thought the route addition problem was due to the software being unable to update the local routing table?
NAT traversal issues often manifest themselves as connections that look like they're established, then die immediately. The VPN participants have to know the actual IP addresses of the devices involved, and understand that NAT is happening. Proxies also need to play a role in that process since they're effectively "standing in" for your device. And they may be configured not to permit IPSec traffic at all.
What you've described sounds exactly like NAT traversal issues - the negotiation appears to go just fine, but the actual connection dies on the vine. Since the end points don't have the right data from the negotiation (actual valid addresses to build the tunnel around), the route they try to build is invalid and fails.
In your log, it's impossible to tell since the IP addresses have been all translated to xxx.xxx.xxx.xxx. But I suspect that the ones up until the "TCP connection established with..." message are all displaying valid public IP addresses, and somewhere very shortly after that they start displaying private RFC 1918 addresses.
Proxies + NAT +IPSec = small nightmares. This is one of the reasons SSL VPNs have gained significantly in popularity.
Try Hamachi vpn
https://secure.logmein.com/products/hamachi/vpn.asp
Surur
PerfAlbion said:
In your log, it's impossible to tell since the IP addresses have been all translated to xxx.xxx.xxx.xxx. But I suspect that the ones up until the "TCP connection established with..." message are all displaying valid public IP addresses, and somewhere very shortly after that they start displaying private RFC 1918 addresses.
Click to expand...
Click to collapse
You have PM
Quick update:
I've just connected my Laptop to the internet via my Kaiser using 3G.
Ran OpenVPN and it connected without a problem.
Technically this would suggest that I should be able to connect with my kaiser but theres either a problem with my config or a bug in the PPC openvpn software :S
I haven't tried on UDP yet which will be my next test....
Any ideas?
Blimey, I didn't know there was a PPC client! I'll try it to see if it works with my setup.
Well I can't even get it to talk to my server so won't be able to help !
Fire up the card in your laptop and take a look at the IP address assigned to your machine. Since it's a different service, they may not be passing you through the proxy that's in place for the Kaiser. If you've received a public address, then you're on a "different network" even though both are 3G services.
PerfAlbion said:
Fire up the card in your laptop and take a look at the IP address assigned to your machine. Since it's a different service, they may not be passing you through the proxy that's in place for the Kaiser. If you've received a public address, then you're on a "different network" even though both are 3G services.
Click to expand...
Click to collapse
?? When you connect a laptop via BT to the kaiser, (using internet sharing) it creates a NAT which the traffic is passed over through the 3G service. Essentially using the same service..
Unless you mean the "service" between the windows software & the PPC/WM software is different?
Plus how'd you mean fire up the card in my laptop?
Cheers for your help on this btw.
I'm assuming that the Laptop data service and the PDA data service are treated differently within the AT&T network. While the PDA passes through a proxy, I suspect the laptop does not.
When I say "fire up the laptop card," I mean establish a connection and look at your IP address (ipconfig from a command prompt will show it). It may be a different IP address range than the PDA receives (which you could see using VxIPConfig or VxUtils). Even if it's within the same range, it may be bypassing the proxy.
So while you're using essentially the same technology, I suspect the services are implemented very differently, and that's what we're trying to sort out.
I dont believe it!!!
I downloaded VM Net Brower checked what IP addresses were being assigned and connected successfully! Loaded up www.whatismyip.org and it came up with the proxy of my PC at home.
Unfortunately, my phone was running incredibly slow and thought it best to do a soft reset... afterwards no matter what I do, I can't connect. I just cant figure out why or replicate what I did
Argh.. this is getting to me now... next on the agenda is to try changing the port number from 22 to 8080 or 80 and see what happens.

Kaiser and VPN

Hello,
does someone use a VPN software on the Kaiser ?
Wich one ?
I tried several but none worked.
My Kaiser is using the built in VPN client, to VPN into two different Microsoft RRAS networks using PPTP and IPSec/L2TP.
What problems are you experiencing? What type of networks are you trying to VPN into?
Thanks a lot for your answer !
I didn't know the Kaiser had a VPN client included ...
Where is the application ? What's its name ?
Is there a documentation I can find somewhere to help me to configure it ?
The other thing is that I use a SecurID password to connect to my corporate network, I don't know if this can work also with the Kaiser VPN.
In fact I would like to connect to my corporate network wich accepts both IPSec/UDP and IPSec/TCP. All I know is that I need a Cisco compatible VPN application.
I tried "AnthaVPN", it connects to our Cisco server, but then it disconnects after a few "Time Out" errors.
Thanks again for your help !
I would be interested in this too... we use Cisco at work using Cisco ipsec/udp but no idea how to set this up on the phone
Finally I've found how to use the buit in VPN, but it still does not work for me, because of the SecurID password I think (it says my login/password may be incorrect).
Here is how to access to the built in VPN (my device is french, I translate it to english but I'm not sure the names will be the same on english devices):
parameters/connections -> choose the "Connections" icon.
Then choose "Modify/Configure my VPN servers"
After you filled everything there, choose "Manage existing connections".
At the bottom of the screen, choose "VPN". The VPN connection you made should appear here.
Put your stylus on it until the options "delete" and "connect to" appears.
Select "connect to" and then you should be connected to your network.
I hope this helped.
So finally, I am still searching for a VPN application wich would work with SECURID passwords.
Does someone know one ?
Cisco VPN Help Required
Even my office uses a Cisco PIX Firewall with VPN. Even i have tried many softwares, but nothing seems to work. I thik it is because of the 2 phase authentication of the Cisco VPN.
Also just for info, we use IPSec over UDP (NAT/PAT)
How to set this up in my KAISER?
Hello to all
Im using AnthaVPN and it's work great with Cisco VPN Concentrator System in my KAISER. There must be also a way to connect to a pix.
http://forum.ppcwarez.org/viewtopic.php?f=41&t=32009&hilit=AnthaVPN
Greets
Haija
Like I said, I tried this one, but it did not work with SecurID keys.
I also had a problem with it related to the WIFI :
when I tried to use it with WIFI enabled, if I wanted then to disable the WIFI, it was impossible, even after a soft reset. I had to deinstall AnthaVPN to be able to disable the WIFI.
So finally I think the built-in VPN is better than AnthaVPN because I had no WIFI issue with it.
I have read the manual from the Homepage AnthaVPN and for me its OK. But i haven't testet over wifi. Over GPRS works great.
i'm using the Bluefire VPN CLient (www.bluefiresecurity.com) to connect to my university's vpn (cisco) and it's working great.
with AnthaVPN i was not able to disconnect wifi anymore (phone would hang up -> soft reset -> wifi on again), don't know if they fixed this till now
So I was not alone to have wifi problems with AnthaVPN !
Finally I tried Bluefire VPN, it works a lot better than AnthaVPN (no more wifi problems !), I can go upto the SecurID login, but after that, at "Phase 2", I have an error code talking about IPSec parameters...
So I still have problems but now I know that Bluefire is working with securid keys.

pptp - staying connected problem

I'm having a bit of an issue with pptp on the Kaiser. The handset is provided by Vodafone so it's branded a v1615, I've not flashed it with anything yet.
I can create and establish a pptp connection via 3g to my server successfully, however as soon as I either go to messaging (setup for imap to the server's internal IP) or PIE to access OWA the pptp connection just drops.
Anyone any ideas?!
Bit of an update - in Messaging the network to use was wap which had an incorrect access point set. I changed it to work, set the access point to internet (I'm on Voda UK), username & password of web.
Then I created the pptp connection under VPN for this (the work) connection.
Now in messaging when I hit send/receive it dials the 3G connection, succeeds, then establishes the pptp connection successfully. And stays connected.
Only, still no mail - it reports back unable to retrieve new messages or contact server.
On the server, it shows there is a ras client and gives it's IP (obtained by dhcp).
I can't ping it (the kaiser) through the vpn.
I can't get imap to work through the vpn from the kaiser to my server.
I can't get RDP to work through the vpn
I can't get PIE to access OWA when addressing the internal IP of the server through the vpn.
I know these services work via this same pptp connection from another windows box. It's almost like it's not routing traffic down the tunnel. Vodafone don't seem to be blocking it as it is establishing a connection. Anyone any ideas??
This is more than frustrating. PPTP connection establishes fine, RRAS reports back an IP address for the logged on client.
I've tried using vxutil on the device (http://www.cam.com/vxutil_pers.html) - when the tunnel is reported as up, it is unable to pass any traffic through the vpn it seems, no tcp, udp or icmp. Nothing.
I have tried adding the server ip address under exceptions, also *.*, but no difference.
I ran Ethereal/Wireshark on the server, not one packet even reaches the server, this pptp connection is useless and somewhat of a let down.
I guess nobody else uses pptp at all? I would have thought I had a fairly standard setup with a W2k3 box nat'd behind a 3com router/firewall.
PPTP works fine on any other device apart from this..
Just so share my experisnce with VPN. I have configured PPTP using the WM6 VPN client and I am able to establish connection on my Kaiser(stock rom).
The connection works fine in PIE when I use it to access one of my servers via HTTP. In fact, I just need to point PIE to the URL of my server(internal IP. I have to set the IP in the hosts file in the registry) and it will automatically dial into my VPN.
For RDP, I am also able to login to my server but strangely the connection will automatically drop after 3 mins or so. I am also unable to get the RDP client to automatically use VPN. I have to manually establish the VPN connection myself.
You may want to try some other VPN clients and not the WM6 VPN client. I have read some threads in the past in this forum regarding other VPN clients that work on WM6.

[Q] change ip address for WLAN tethering ?

Is it possible to change the ip-address range, so that a dhcp client receives an adress from a given subnet.
I looked for a dhcp server on the galaxy or dhcp settings but could not find it. There is only a dhcpcd.conf for the SGS as a WLAN client.
If someone knows, which config file I should look for, it would be great.
Background:
The SGS has a VPN connection and I want to share that connection with my notebook. Yes, I could establish another VPN connection from my notebook, but if that is not necessary it is nicer.
Thanks for any hints.
Gregor
Found another problem - the 192.168.34.xx can cause collisions within the company network if I run VPN.
Nobody with an idea ?
I'm still searching for a better way to it than recompiling everthing but at least this seems promissig https://code.google.com/p/android/issues/detail?id=11855
in my (very short) trys i wasn't able to configure a bridge for both interfaces so we may have to life at frist with 2 separat ip ranges but may can allow routing between the to interfaces. I assume that iptables is used to prevent this by default.

Categories

Resources