I've been struggling with OpenVPN on my Vario III on T-Mobile and hope someone can throw me a bit of a lifeline.
I can connect to my OpenVPN (running on my WRT54GS router) via wifi but the problem is when I try over 3G. Even when I've specified the provider and ticked "exclusive", it manages to connect to my OpenVPN server but I get no further connectivity (to webpages etc).
As said, via wifi this config on my Kaiser works perfectly...
Code:
remote xxxxxx.homeip.net
port 22
dev tap
secret "\\Program files\\OpenVPN\\config\\secret.key"
proto tcp-client
resolv-retry infinite
nobind
comp-lzo
cipher AES-256-CBC
route gateway 192.168.xxx.xxx
redirect-gateway
dhcp-option DNS 192.168.xxx.xxx
but when tried via 3G it seems to have a problem with setting the routing..
Code:
Mon Oct 22 21:58:00 2007 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.
Just wondering if there is something either with the T-Mobile network or the Vario III which is specifically stopping me from using OpenVPN
Or are my settings misconfigured?
I've also attached a full copy of the log.
Thanks for any help you can give (Give generously)
CP
Sounds suspiciously like a NAT traversal or proxy issue to me. On the HSDPA network, there's a proxy in the picture. I don't believe that's the case for the Edge network. That could easily be the cause of the problem.
Surely once the connection has been established the NAT issue shouldn't be a problem?
TBH I thought the route addition problem was due to the software being unable to update the local routing table?
NAT traversal issues often manifest themselves as connections that look like they're established, then die immediately. The VPN participants have to know the actual IP addresses of the devices involved, and understand that NAT is happening. Proxies also need to play a role in that process since they're effectively "standing in" for your device. And they may be configured not to permit IPSec traffic at all.
What you've described sounds exactly like NAT traversal issues - the negotiation appears to go just fine, but the actual connection dies on the vine. Since the end points don't have the right data from the negotiation (actual valid addresses to build the tunnel around), the route they try to build is invalid and fails.
In your log, it's impossible to tell since the IP addresses have been all translated to xxx.xxx.xxx.xxx. But I suspect that the ones up until the "TCP connection established with..." message are all displaying valid public IP addresses, and somewhere very shortly after that they start displaying private RFC 1918 addresses.
Proxies + NAT +IPSec = small nightmares. This is one of the reasons SSL VPNs have gained significantly in popularity.
Try Hamachi vpn
https://secure.logmein.com/products/hamachi/vpn.asp
Surur
PerfAlbion said:
In your log, it's impossible to tell since the IP addresses have been all translated to xxx.xxx.xxx.xxx. But I suspect that the ones up until the "TCP connection established with..." message are all displaying valid public IP addresses, and somewhere very shortly after that they start displaying private RFC 1918 addresses.
Click to expand...
Click to collapse
You have PM
Quick update:
I've just connected my Laptop to the internet via my Kaiser using 3G.
Ran OpenVPN and it connected without a problem.
Technically this would suggest that I should be able to connect with my kaiser but theres either a problem with my config or a bug in the PPC openvpn software :S
I haven't tried on UDP yet which will be my next test....
Any ideas?
Blimey, I didn't know there was a PPC client! I'll try it to see if it works with my setup.
Well I can't even get it to talk to my server so won't be able to help !
Fire up the card in your laptop and take a look at the IP address assigned to your machine. Since it's a different service, they may not be passing you through the proxy that's in place for the Kaiser. If you've received a public address, then you're on a "different network" even though both are 3G services.
PerfAlbion said:
Fire up the card in your laptop and take a look at the IP address assigned to your machine. Since it's a different service, they may not be passing you through the proxy that's in place for the Kaiser. If you've received a public address, then you're on a "different network" even though both are 3G services.
Click to expand...
Click to collapse
?? When you connect a laptop via BT to the kaiser, (using internet sharing) it creates a NAT which the traffic is passed over through the 3G service. Essentially using the same service..
Unless you mean the "service" between the windows software & the PPC/WM software is different?
Plus how'd you mean fire up the card in my laptop?
Cheers for your help on this btw.
I'm assuming that the Laptop data service and the PDA data service are treated differently within the AT&T network. While the PDA passes through a proxy, I suspect the laptop does not.
When I say "fire up the laptop card," I mean establish a connection and look at your IP address (ipconfig from a command prompt will show it). It may be a different IP address range than the PDA receives (which you could see using VxIPConfig or VxUtils). Even if it's within the same range, it may be bypassing the proxy.
So while you're using essentially the same technology, I suspect the services are implemented very differently, and that's what we're trying to sort out.
I dont believe it!!!
I downloaded VM Net Brower checked what IP addresses were being assigned and connected successfully! Loaded up www.whatismyip.org and it came up with the proxy of my PC at home.
Unfortunately, my phone was running incredibly slow and thought it best to do a soft reset... afterwards no matter what I do, I can't connect. I just cant figure out why or replicate what I did
Argh.. this is getting to me now... next on the agenda is to try changing the port number from 22 to 8080 or 80 and see what happens.
I am trying to establish a VPN connection to my home servers.
The device is connecting to a Microsoft RRAS server.
I have been successful in establishing a VPN connection both over PPTP and L2TP (using a pre-shared key) to my server.
I know that it is successful, because I use VxTools and check out my IP info. I am also able to ping the RRAS server and other servers on my internal network successfully. I CAN use Windows Mobile desktop over the VPN by both IP and local name (e.g. SERVER01). So I am 100% positive a VPN is established and that traffic flows over it.
The problem lies in when I actually try to do anything else within the VPN.
If I try to map a drive using either Resco or the HTC network plugin, I am unable to browse to any machines. I am also not able to type the names in directly to connect. In addition if I use PIE to access a webpage internally it tells me it can't connect.
I try by FQDN and by IP. I have set up exceptions to my internal FQDN in the network settings...nothing seems to work.
But, there is no point in having the VPN if I can't actually access any resources!
any ideas?
thanks
p.s. This has been tried on both the stock 6.1 AT&T and HTC ROMS following a clean flash.
just curious if you have found a solution. My RDP will not even connect over the VPN, i think this is bescause I have a newer version of RDP. But i can ping across the vpn just fine. from internal Machines and to them. This is annoying.
I have 300+ GB of music I want to listen to over this thing.
I run my own email server at home. When my HTC Touch Diamond is connected to my home network say via WiFi I need to contact my server (defaria.com) with it's private IP (192.168.x.x). However when I'm connect to the internet via say WiFi I need to contact my server via its public IP address (65.101.22.21).
What I want to do is override defaria.com's IP address but only on my internal WiFi connection. IOW I wish to set the /etc/hosts for this specific WiFi connection. Can this be done?
I need to be able to access my FTP server from the Internet but all ports are closed.
My Bionic is my only connection to the Internet for my home network. I am using the Verizon Hotspot app and from my home network I can do anything I want to. This connectivity is great.
However, when away from home I need to access my FTP server on ports 21, 8080, and 443. I am using CrushFTP as my server. I have configured no-ip and from within CrushFTP it passes the built-in no-ip connectivity test, Thus my FTP server is reaching no-ip just fine. I check my IP that Google says I have against a ping to mydomain.no-ip.biz and the both match. But when I do a Sheilds-Up port scan, ALL ports are in stealth mode.
Next I loaded Port Forwarder on the phone and tried every connection to my laptop but still no luck. BTW, I connected the laptop directly to the hotspot taking out all routers and switches of my home network. Same results. The firewall is OFF on the laptop.
Then I downloaded a port scanner onto the pone. When I scan the phone's public IP, 70.201.1.55 port 21, 8080 etc are closed. So i tried scanning port 21 on my laptop's IP, 192.168.44.149 and it said OPEN. This proves the problem is not the laptop rather the phone.
After long talks with Verizon they assure me that they are not blocking inbound ports. I believe them because my neighbor has both a Bionic and a 3G hotspot stick. When he tries to get to his IP camera with the Bionic it fails. But if he connects his 3G stick, he CAN get to his camera.
I am willing to pay someone to get the Bionic to work! Or, if you know of a different phone that can do what I need to do, PLEASE PLEASE tell me. I cannot stress how important this is to me.
Thank You for reading.
Well it turns out that although Verizon does not block ports, your 4G phone in NATed and thus easily connecting from the Internet back to your system is not possible. Apps like LovMeIn do work just fine. But if you are trying to connect back to an FTP server, IP camera, etc, you cannot.
However, I was able to get me needs met by signing up for one of those VPN solutions AND getting a public IP from them too. I choose PureVPN and it is costing me $74/year for the service. I have a Microsoft Server 2003 running under VMware where my FTP server runs. I loaded the VPN client on the MS server and I can not access my FTP server from the Internet. I did setup the firewall for added protection.
Please note that your system will be fully accessible to anyone unless you set up a good firewall and block all um-necessary open ports. I put this server under VMware and it only runs the FTP server program for additional protection.
Good Luck!
I have to use a vpn for incoming services using sprints network. Im connect to my vpn on my phone and route the vpn through my hotspot so every computer gets the public address and all that is working. My hotspot config is gateway 192.168.2.1 and the ddwrt router that my clients connect to is 192.168.2.5. Problem is. When i connect to the vpn it changes the gw and i cannot ping or connect to any services on 192.168.2.5 from the phone. However i can ping 192.168.2.1. Can someone tell me how to add a route so that i can talk to 192.168.2.5 from the phone when the vpn is connected. Thankyou my phone is rooted.