Well, I recently decided to register my phone for use on my universities network. However, in order to access the network, I am forced to login to a page that uses SSL encryption. When I try to access the page, the browser returns an error telling me it was unable to obtain a secure connection and it refuses to load the page.
I did some Googling and it seems that the Android platform currently denies a connection if it finds *anything* wrong with the SSL certificate. Anyone know a way around this?
Related
I've been struggling with OpenVPN on my Vario III on T-Mobile and hope someone can throw me a bit of a lifeline.
I can connect to my OpenVPN (running on my WRT54GS router) via wifi but the problem is when I try over 3G. Even when I've specified the provider and ticked "exclusive", it manages to connect to my OpenVPN server but I get no further connectivity (to webpages etc).
As said, via wifi this config on my Kaiser works perfectly...
Code:
remote xxxxxx.homeip.net
port 22
dev tap
secret "\\Program files\\OpenVPN\\config\\secret.key"
proto tcp-client
resolv-retry infinite
nobind
comp-lzo
cipher AES-256-CBC
route gateway 192.168.xxx.xxx
redirect-gateway
dhcp-option DNS 192.168.xxx.xxx
but when tried via 3G it seems to have a problem with setting the routing..
Code:
Mon Oct 22 21:58:00 2007 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.
Just wondering if there is something either with the T-Mobile network or the Vario III which is specifically stopping me from using OpenVPN
Or are my settings misconfigured?
I've also attached a full copy of the log.
Thanks for any help you can give (Give generously)
CP
Sounds suspiciously like a NAT traversal or proxy issue to me. On the HSDPA network, there's a proxy in the picture. I don't believe that's the case for the Edge network. That could easily be the cause of the problem.
Surely once the connection has been established the NAT issue shouldn't be a problem?
TBH I thought the route addition problem was due to the software being unable to update the local routing table?
NAT traversal issues often manifest themselves as connections that look like they're established, then die immediately. The VPN participants have to know the actual IP addresses of the devices involved, and understand that NAT is happening. Proxies also need to play a role in that process since they're effectively "standing in" for your device. And they may be configured not to permit IPSec traffic at all.
What you've described sounds exactly like NAT traversal issues - the negotiation appears to go just fine, but the actual connection dies on the vine. Since the end points don't have the right data from the negotiation (actual valid addresses to build the tunnel around), the route they try to build is invalid and fails.
In your log, it's impossible to tell since the IP addresses have been all translated to xxx.xxx.xxx.xxx. But I suspect that the ones up until the "TCP connection established with..." message are all displaying valid public IP addresses, and somewhere very shortly after that they start displaying private RFC 1918 addresses.
Proxies + NAT +IPSec = small nightmares. This is one of the reasons SSL VPNs have gained significantly in popularity.
Try Hamachi vpn
https://secure.logmein.com/products/hamachi/vpn.asp
Surur
PerfAlbion said:
In your log, it's impossible to tell since the IP addresses have been all translated to xxx.xxx.xxx.xxx. But I suspect that the ones up until the "TCP connection established with..." message are all displaying valid public IP addresses, and somewhere very shortly after that they start displaying private RFC 1918 addresses.
Click to expand...
Click to collapse
You have PM
Quick update:
I've just connected my Laptop to the internet via my Kaiser using 3G.
Ran OpenVPN and it connected without a problem.
Technically this would suggest that I should be able to connect with my kaiser but theres either a problem with my config or a bug in the PPC openvpn software :S
I haven't tried on UDP yet which will be my next test....
Any ideas?
Blimey, I didn't know there was a PPC client! I'll try it to see if it works with my setup.
Well I can't even get it to talk to my server so won't be able to help !
Fire up the card in your laptop and take a look at the IP address assigned to your machine. Since it's a different service, they may not be passing you through the proxy that's in place for the Kaiser. If you've received a public address, then you're on a "different network" even though both are 3G services.
PerfAlbion said:
Fire up the card in your laptop and take a look at the IP address assigned to your machine. Since it's a different service, they may not be passing you through the proxy that's in place for the Kaiser. If you've received a public address, then you're on a "different network" even though both are 3G services.
Click to expand...
Click to collapse
?? When you connect a laptop via BT to the kaiser, (using internet sharing) it creates a NAT which the traffic is passed over through the 3G service. Essentially using the same service..
Unless you mean the "service" between the windows software & the PPC/WM software is different?
Plus how'd you mean fire up the card in my laptop?
Cheers for your help on this btw.
I'm assuming that the Laptop data service and the PDA data service are treated differently within the AT&T network. While the PDA passes through a proxy, I suspect the laptop does not.
When I say "fire up the laptop card," I mean establish a connection and look at your IP address (ipconfig from a command prompt will show it). It may be a different IP address range than the PDA receives (which you could see using VxIPConfig or VxUtils). Even if it's within the same range, it may be bypassing the proxy.
So while you're using essentially the same technology, I suspect the services are implemented very differently, and that's what we're trying to sort out.
I dont believe it!!!
I downloaded VM Net Brower checked what IP addresses were being assigned and connected successfully! Loaded up www.whatismyip.org and it came up with the proxy of my PC at home.
Unfortunately, my phone was running incredibly slow and thought it best to do a soft reset... afterwards no matter what I do, I can't connect. I just cant figure out why or replicate what I did
Argh.. this is getting to me now... next on the agenda is to try changing the port number from 22 to 8080 or 80 and see what happens.
I'm having a bit of an issue with pptp on the Kaiser. The handset is provided by Vodafone so it's branded a v1615, I've not flashed it with anything yet.
I can create and establish a pptp connection via 3g to my server successfully, however as soon as I either go to messaging (setup for imap to the server's internal IP) or PIE to access OWA the pptp connection just drops.
Anyone any ideas?!
Bit of an update - in Messaging the network to use was wap which had an incorrect access point set. I changed it to work, set the access point to internet (I'm on Voda UK), username & password of web.
Then I created the pptp connection under VPN for this (the work) connection.
Now in messaging when I hit send/receive it dials the 3G connection, succeeds, then establishes the pptp connection successfully. And stays connected.
Only, still no mail - it reports back unable to retrieve new messages or contact server.
On the server, it shows there is a ras client and gives it's IP (obtained by dhcp).
I can't ping it (the kaiser) through the vpn.
I can't get imap to work through the vpn from the kaiser to my server.
I can't get RDP to work through the vpn
I can't get PIE to access OWA when addressing the internal IP of the server through the vpn.
I know these services work via this same pptp connection from another windows box. It's almost like it's not routing traffic down the tunnel. Vodafone don't seem to be blocking it as it is establishing a connection. Anyone any ideas??
This is more than frustrating. PPTP connection establishes fine, RRAS reports back an IP address for the logged on client.
I've tried using vxutil on the device (http://www.cam.com/vxutil_pers.html) - when the tunnel is reported as up, it is unable to pass any traffic through the vpn it seems, no tcp, udp or icmp. Nothing.
I have tried adding the server ip address under exceptions, also *.*, but no difference.
I ran Ethereal/Wireshark on the server, not one packet even reaches the server, this pptp connection is useless and somewhat of a let down.
I guess nobody else uses pptp at all? I would have thought I had a fairly standard setup with a W2k3 box nat'd behind a 3com router/firewall.
PPTP works fine on any other device apart from this..
Just so share my experisnce with VPN. I have configured PPTP using the WM6 VPN client and I am able to establish connection on my Kaiser(stock rom).
The connection works fine in PIE when I use it to access one of my servers via HTTP. In fact, I just need to point PIE to the URL of my server(internal IP. I have to set the IP in the hosts file in the registry) and it will automatically dial into my VPN.
For RDP, I am also able to login to my server but strangely the connection will automatically drop after 3 mins or so. I am also unable to get the RDP client to automatically use VPN. I have to manually establish the VPN connection myself.
You may want to try some other VPN clients and not the WM6 VPN client. I have read some threads in the past in this forum regarding other VPN clients that work on WM6.
I'm running wm6.1 on a tytn, and have been trying to connect to my uni's wireless network. their system is tailored to laptops and for authentication, requires SecureW2. Since there's an identical version of SecureW2 for WM, i've downloaded an installed it. My phone connects to the wireless network and I can browse the INTRANET.
now, the problem lies in browsing the internet. the instruction sheet provided by the IT division specifies that the internet is accessed through a proxy. for laptops, there's an automatic configuration script (a link on the server). tytn cant browse the internet without this script, and i can't seem to find a place in my network settings the enter the script address. my question is is there a third party app to solve this problem or am i just doing it wrong?
Cheers!
aravinda said:
I'm running wm6.1 on a tytn, and have been trying to connect to my uni's wireless network. their system is tailored to laptops and for authentication, requires SecureW2. Since there's an identical version of SecureW2 for WM, i've downloaded an installed it. My phone connects to the wireless network and I can browse the INTRANET.
now, the problem lies in browsing the internet. the instruction sheet provided by the IT division specifies that the internet is accessed through a proxy. for laptops, there's an automatic configuration script (a link on the server). tytn cant browse the internet without this script, and i can't seem to find a place in my network settings the enter the script address. my question is is there a third party app to solve this problem or am i just doing it wrong?
Cheers!
Click to expand...
Click to collapse
Hi There.
Try using the proxy settings in windows mobile instead, you will find an option under network connections, click on "the internet" or what ever your connection is called, and enable "this connection requires a proxy server" and enter in the IP address and Port number of the proxy server.
That should get you online. Schools and Uni's are a pain when they use 3rd party software on their network, tell them they should have gone to cisco!
I tried the proxy settings. First i downloaded the autoconfig script from their server, and went through every single proxy they had on it (they had alternatives). still nothing. but the intranet still works fine!
i'm not willing to giveup because basically, wifi on the tilt should be able to identify itself as a desktop/mobile device.
any other suggestions anyone? i'm banking on there being some obsolete third party addon that might work.
well your not alone..
i can only say proxy cant be used with tytn ii
http://forum.xda-developers.com/showthread.php?t=343309&highlight=proxy
if you got a solution, feel free to post here.. my school also uses proxy. cheers
I am trying to establish a VPN connection to my home servers.
The device is connecting to a Microsoft RRAS server.
I have been successful in establishing a VPN connection both over PPTP and L2TP (using a pre-shared key) to my server.
I know that it is successful, because I use VxTools and check out my IP info. I am also able to ping the RRAS server and other servers on my internal network successfully. I CAN use Windows Mobile desktop over the VPN by both IP and local name (e.g. SERVER01). So I am 100% positive a VPN is established and that traffic flows over it.
The problem lies in when I actually try to do anything else within the VPN.
If I try to map a drive using either Resco or the HTC network plugin, I am unable to browse to any machines. I am also not able to type the names in directly to connect. In addition if I use PIE to access a webpage internally it tells me it can't connect.
I try by FQDN and by IP. I have set up exceptions to my internal FQDN in the network settings...nothing seems to work.
But, there is no point in having the VPN if I can't actually access any resources!
any ideas?
thanks
p.s. This has been tried on both the stock 6.1 AT&T and HTC ROMS following a clean flash.
just curious if you have found a solution. My RDP will not even connect over the VPN, i think this is bescause I have a newer version of RDP. But i can ping across the vpn just fine. from internal Machines and to them. This is annoying.
I have 300+ GB of music I want to listen to over this thing.
I go to a university where there is wifi everywhere. Everyone's computer has the ability to log into campus wifi. When you start your computer you type in your student number, password and log in.
When my diamond finds the wifi signal for my school, I tried to enter my password and student number with the same domain and it says "The server certificate is issued by an unknown authority"
and
"Cannot log on to the wireless network. This network requires a personal certificate to positively identify you."
Anyone know how I can find my certificate on my laptop and transfer it to the phone?