VPN client w/RSA token support? - Nexus One Q&A, Help & Troubleshooting

Does anyone know of a VPN client that supports RSA token #'s? I've looked all over the place but can't seem to find anything.
Thanks for any help.

Maybe this? (VPN Connections)
http://android.modaco.com/content/h...7/cisco-vpn-client-on-htc-desire-short-howto/

Jack_R1 said:
Maybe this? (VPN Connections)
http://android.modaco.com/content/h...7/cisco-vpn-client-on-htc-desire-short-howto/
Click to expand...
Click to collapse
I'm running Cyanogen 5.0.7, and I read all the post but did not see anywhere that is supports RSA tokens. I might still try it and see if it works. Thanks!

It says "Cisco VPN Client". I know that Cisco VPN supports RSA tokens, having used one for a long time.

Jack_R1 said:
It says "Cisco VPN Client". I know that Cisco VPN supports RSA tokens, having used one for a long time.
Click to expand...
Click to collapse
Do you think it will still work on a N1, I see that the instructions are for the Desire?

http://forum.xda-developers.com/showthread.php?t=630703

Thanks to Jack_R1 I believe I have everything loaded correctly. Now could someone tell me where I can find my IPSec info on my computer? I'm not to familiar with the VPN stuff, but I have been working at this forever. I'm trying to do this on the low from my company since they said that they won't do it for me.
Any help would be great, thanks.

If you're using any proprietary sw to connect, look there in the connection properties to find the server IP. If not - look in Windows connection properties for VPN 'dialing' connection.

Jack_R1 said:
If you're using any proprietary sw to connect, look there in the connection properties to find the server IP. If not - look in Windows connection properties for VPN 'dialing' connection.
Click to expand...
Click to collapse
Our computers use Nortel Contivity, but I can't find the connection properties anywhere. I see the destination ip, and the assigned ip.
The IPSec gateway address should be what?
IPSec ID?
IPSec Secret?

bump for help!

Couldn't find anything and not familiar with Nortel SW..
http://ubuntuforums.org/showthread.php?t=441042
"You will now be asked first for your Ubuntu password, and then the following VPN info: the IPSec gateway address (the hostname of the VPN router you want to connect to), the IPSec ID (aka group ID), IPSec secret (aka group password), username (your VPN username), and password (your password or the value of your SecurID or other token if you have one)."
I guess you need to ask your IT personnel for IPSect ID and secret. IPSec gateway you can find from settings:
http://www.it.ubc.ca/security/VPN/setupdocs/nortelcontivity.html
"Destination" field holds it.

Jack_R1 said:
Couldn't find anything and not familiar with Nortel SW..
http://ubuntuforums.org/showthread.php?t=441042
"You will now be asked first for your Ubuntu password, and then the following VPN info: the IPSec gateway address (the hostname of the VPN router you want to connect to), the IPSec ID (aka group ID), IPSec secret (aka group password), username (your VPN username), and password (your password or the value of your SecurID or other token if you have one)."
I guess you need to ask your IT personnel for IPSect ID and secret. IPSec gateway you can find from settings:
http://www.it.ubc.ca/security/VPN/setupdocs/nortelcontivity.html
"Destination" field holds it.
Click to expand...
Click to collapse
I believe that I have all my settings correct but I'm still getting "failed to connect". I'm going to do a little more searching but if I can't get it I'm giving up, I have spent hours on this. Thanks for all your help Jack_R1.

I've just started trying to make this work also. Lex, did you ever find a solution?

jmglidden said:
I've just started trying to make this work also. Lex, did you ever find a solution?
Click to expand...
Click to collapse
Nope, I tried everything. Jack r1 was very helpful, but I just couldn't get it. I think my company's security is just too high to bypass and my lack of knowledge didn't help.

Related

Public IP Address??

I am trying to run one of the many FTP servers available for Windows Mobile (vxFTPSrv or ShareIT FTP) to keep some files in sync but I can't seem to figure out what public IP address my phone has. vxFTPSrv says it is listening to a non-routable 10.**** while whatismy ip says it starts with a 200.**** while DynDNS for Windows Mobile says it is 32.****. Nevertheless, none of these work nor can I get these programs to listen to the ports. Any ideas? Does the Tilt even get a public IP address from AT&T? Thanks.
Try this
I'm no pro, but had to tell the Physical address to the the tech guy at my university so he could enable my phone o use the wireless network...
... anyways, download and install a Registry Editor (I use Task Manager v2.8) you should be able to access an Ipconfig tab, where all the information is available.
I don't know if I'm in the right track.... Hope this helps? =)
jim
your pda have an ip address
using wifi router the uplink sees the routers ip
using an isp the internet sees the isp's assigned ip
http://www.ip-adress.com/
http://en.wikipedia.org/wiki/IP_address
Here is a kewl utility that is FREE.
http://www.cam.com/vxutil_pers.html
Here is the stuff it does.
DNS Audit
DNS Lookup
Finger
Get HTML
Info
IP Subnet Calculator
Password Generator
Ping
Ping Sweep
Port Scanner
Quote
Time Service
Trace Route
Wake On LAN
Whois
Another good one I use is Iper Suite.
http://tonaya.com/products/iper/index.php
For casual use the first one is probably satisfactory.
IPer is worth buying for the increased functionality and has a TFTP client.
HTH
TSoma said:
I am trying to run one of the many FTP servers available for Windows Mobile (vxFTPSrv or ShareIT FTP) to keep some files in sync but I can't seem to figure out what public IP address my phone has. vxFTPSrv says it is listening to a non-routable 10.**** while whatismy ip says it starts with a 200.**** while DynDNS for Windows Mobile says it is 32.****. Nevertheless, none of these work nor can I get these programs to listen to the ports. Any ideas? Does the Tilt even get a public IP address from AT&T? Thanks.
Click to expand...
Click to collapse
200.* would be a public IP. As would 32.*
Turn off your proxy setting in the phone and do the www.whatismyip.com thing. That will get you a more meaningfull result than anything else.
When I'm on GPRS/Edge (AT&T proxy settings in force) network I get a 66.102.186.15 IP address as reported by whatismyip.com. That resolves to alpmagr1fe06-dmz.mycingular.net. Which should be a att proxy server even tho it implies by its name its on a DMZ.
When I turn off the proxy for GPRS/Edge I get 166.195.188.15 according to whatismyip.com. That IP address will not respond to ICMP commands. So I assume it is firewalled. So it seems to me that yes you CAN and DO get a public IP address, its just that address is heavily firewalled.
You've piqued my interest, tho I cannot do anymore testing at this moment.

[Off-Topic] How do I setup a connection to my home web server?

(Don't blame me for being long-winded, I'm just explaning the situation (why I want to do all these) and also to prevent people from asking questions such as "Why do you even want to host your website at home?")
I want to pay for web hosting, but, as a student, I can't. I also want to host all my Android Development on my site, apart from XDA and Samdroid. But, I can't use a credit card (obviously, my country dosen't allow ownage of CCs before 21), and free web hosts (sorry for shouting) S*CK. Slow loading, banning because of CPU-hogging/ too many cron jobs, etc, etc... Also, my parents are paranoid about their credit card details being sold online at exorbitant prices. I do understand that web hosting is expensive, and it is not really wise to allow free web hosting, and I do not want to blame them for banning me, hence I decided to host my website from home. *catches breath* I do have some prior knowledge of fixing stuff, and whipping old parts into one lean mean computing machine. I've set up the computer, and configured my router. I can view the web site (It's good'ol wordpress) when I typed my local IP into the web browser from another computer in the home network. But, when I tried to access using the public IP from my school, I cannot enter the site. I have previously configured port-forwarding. I used No-IP's dynamic DNS client in this case. When I checked my public IP using different websites, all gave me different information. One gave me an IP with 255.244.***.***, another gave me 157.209.***.***, and others gave me 255.250.***.***
1) How do I make sure that when someone types in a URL or IP, it will show me what I want them to show?
2) Why are different websites give me different public IPs? No, I don't have a firewall, or a proxy.
We need more information:
1. Who is your internet provider
2. How do you connect? ADSL/SDSL/T1/Dial up?
3. If its ADSL/SDSL then you'll have a router (unless they've given you a USB modem for it). We'll need to know what type.
4. What's your concection speed, both down and more importantly up.
Now, assuming your ISP doesn't give you web space that you could use, then you'll need the following:
You'll need a dynamic dns service, some are free.
You'll need a router which can forward http (TCP port 80) traffic from the internet to your web server.
Once the router is forwarding http traffic to the web server, people on the internet will be able to access your website.
If you want to access it using the same address then you'll have to update your hosts file on your computer.
For windows this is in C:\windows\system32\drivers\etc\hosts
Add an entry like:
dynamic dns web address IP address of webserver
So if you've set up arikyeo.dyndns.org and your webserver's internal IP address is 192.168.0.200 then you'd add the following to the hosts file:
arikyeo.dyndns.org 192.168.0.200
xaccers said:
We need more information:
1. Who is your internet provider
2. How do you connect? ADSL/SDSL/T1/Dial up?
3. If its ADSL/SDSL then you'll have a router (unless they've given you a USB modem for it). We'll need to know what type.
4. What's your concection speed, both down and more importantly up.
Now, assuming your ISP doesn't give you web space that you could use, then you'll need the following:
You'll need a dynamic dns service, some are free.
You'll need a router which can forward http (TCP port 80) traffic from the internet to your web server.
Once the router is forwarding http traffic to the web server, people on the internet will be able to access your website.
If you want to access it using the same address then you'll have to update your hosts file on your computer.
For windows this is in C:\windows\system32\drivers\etc\hosts
Add an entry like:
dynamic dns web address IP address of webserver
So if you've set up arikyeo.dyndns.org and your webserver's internal IP address is 192.168.0.200 then you'd add the following to the hosts file:
arikyeo.dyndns.org 192.168.0.200
Click to expand...
Click to collapse
I used No-IP dynamic DNS service, with their client. But, it didn't work. I am using Singtel as my ISP, with a Linksys B/G router. I have forwarded the port 80 to the IP, and set port 80 as an exception. I can view the site locally, but not from the outside world.
Setup your no ip on their site as a port 80 forward. Forward this to the local port on your computer that you are using for the server. Log into your router and port forward the same port that you put in for the no ip into the from and to ports section and be sure its forwarding to your lan ip. After this is done then try it.
Sent from my DROID2 using XDA App
I see that you have already been told how best to start your server. I can also recommend instructions for collecting server statistics https://www.host-tracker.com/Blog/server_m/ This will come in handy for you in the future. Here you can configure notifications for server failures.

[Q] Authenticate on Intranet websites?

I would like to use the xoom to view web pages on my companies intranet site when I am connected to the internal wifi. When I connect to a web page with the browser, I am promted for my login details. No matter how I try and put them in, I seem to be unable to connect. I have tried specifying my user name:
user
[email protected]
domain\user
When using a laptop not joined to the domain, I can use [email protected] or domain\user.
Does anyone know how I can connect to these secured sites? Is there another browser I should use or is this some kerberos/android incompatibility?
For me I just have to use my company email address
Sent from my Xoom using XDA App
id try out firefox if your are still having problems
we have a staff intranet, and I can log in using my normal username and password. must be the way you guys have it configured. sorry not much use, but just +1 for "works for me".
padanfain said:
I would like to use the xoom to view web pages on my companies intranet site when I am connected to the internal wifi. When I connect to a web page with the browser, I am promted for my login details. No matter how I try and put them in, I seem to be unable to connect. I have tried specifying my user name:
user
[email protected]
domain\user
When using a laptop not joined to the domain, I can use [email protected] or domain\user.
Does anyone know how I can connect to these secured sites? Is there another browser I should use or is this some kerberos/android incompatibility?
Click to expand...
Click to collapse
I have the same issue, I would like to log into my sharepoint site but I get a user/pass/domain auth challenge that no matter what I enter comes back incorrect.
I designed and installed and currently maintain the global network for my company, and I can tell you, we've had success with our Android OS users authenticating.
If the default authentication (domain\user) doesn't work, try using the FQDN of your domain (may not be a .com). If you work for XYZ Corp, you may have e-mail address [email protected], but your authentication may be [email protected]
You can check your domain info (provided your Exchange admin hasn't removed it) on your GAL contact card. Open Exchange (webmail or Outlook client) and open your contact card (search the GAL for yourself). Look under the "E-mail addresses" section). If you see something other than a global TLD (.com, .net, ...), you may want to try it. Alternatively, from a domain machine, type ipconfig /all and check what your DNS suffix is. That should get you rolling.
Worst case, check w/your IT department and see if you work with jerks or cool people Review access logs with them from your intranet site and see what username your device is sending. If you'd like, I can provide a simple Windows-based authentication site for you all to test, I will post and review logs with you.
Let me know if you want me to, I'll set up a website.
The stock browser doesnt support anything but basic authentication apparantly
Use firefox and it works
Firefox does seem to work, but the default browser is way better for all other things... oh well.

VPN questions

I am using the newest talon kernel and vpnc widget and it works with our vpn concentrator. We use IPsec with group and group password. I am SO glad I got this working but from a security prespective vpnc widget leaves much to be desired. I do not want to have the username and password save where if someone took my phone they could remote in.
So my question is does anyone know of another application that will work with Cisco IPsec group authentication and permit it NOT to save the username and password. I downloaded an applications called "VPN connections" but it would not work for some reason. No logging that I could see so no idea why it failed.
This is huge for me with my job, I need to be able to test connectivity remotely but I also do not need to open my organization to risks by allowing an app just to be clicked on and boom...your inside our network.
Any help anyone can give would be greatly appreciated.

[Q] how to use built in client to connect to cisco ipsec vpn

is there a way I can work the built in VPN client to connect to a VPN using IPSec mode
i'm kind of a noob regarding this issue
i have the directions on how to set up the connection in an iPhone using the IPSec mode
i have
> server address
> account name
> password
> group name
> secret
for the connection
now, how do i work this into the android client
i tried configuring using different combinations of this info above
but it says "Unable to connect to network. Try again?"
i have a rooted samsung galaxy s 2.2 stock froyo
any help is really appreciated
tia
edit: the handset is technically a samsung captivate, although I don't suppose it'll make a difference
Unfortunately the stock Android kernel won't work with a VPN requiring a Group Name. If you've got a google account (eg a gmail address) you might want to add another star to issue 3902 to ask for this to be fixed.
code.google.com/p/android/issues/detail?id=3902
It can be done if you replace the firmware with something which includes the tun device. The Galaxy SII supposedly includes this out of the box.
The alternative is to reconfigure the VPN to use L2TP/IPSec and authenticate with a certificate rather than preshared key.
supportforums.cisco.com/message/3280346#3280346
Sorry those two links, well, aren't links. Being new here I'm not allowed to post links in case I'm a spammer.
njgalaxy said:
is there a way I can work the built in VPN client to connect to a VPN using IPSec mode
Click to expand...
Click to collapse
Using only the built-in VPN client it's not possible to connect to a Cisco VPN.
I made a small How-To (Link) to get this working on 2.3.3, but I think this way should basically work for FroYo too. Maybe you should give it a try

Categories

Resources