Hello,
Does anybody know of a current solution to connecting to a VPN using RSA SecurID? I know RSA now provides a software for the hardware token which generates token codes, but what I need is an app or a solution that will let me *connect* to the VPN servers using my PIN and the generated token codes.
It would be sad if there's currently no solution, because I can't access most of my work files without getting on the VPN, including my Exchange e-mail.
Any help or ideas would be appreciated.
Bump.
Sent from my GT-P1000 using XDA App
What VPN solution are you using with the SecurID? We're using it here, but not with a VPN solution, just to gain access to Citrix/XenApp servers.
For example, if you're using a Cisco VPN Concentrator, I believe all you'd need is the tun module and the vpnc binaries built for android. Connecting would be a command-line affair, unless someone out there has built a graphical app wrapper like they have for the OpenVPN stuff.
Get the RSA SecurID token software from the market, import your token (using iphone method and paste it in securid), get a robot vpnc http://code.google.com/p/get-a-robot-vpnc/ and tun.ko (posted somewhere in Galaxy Tab forums or build it yourself).
It worked for me for my work VPN.
We're using SecureClient to connect our workstations, so I'm guessing we use Checkpoint VPN. I'm fairly new to VPN, as this is my first job which requires us to use one, so I don't know much about it.
Technomancer said:
Get the RSA SecurID token software from the market, import your token (using iphone method and paste it in securid), get a robot vpnc http://code.google.com/p/get-a-robot-vpnc/ and tun.ko (posted somewhere in Galaxy Tab forums or build it yourself).
It worked for me for my work VPN.
Click to expand...
Click to collapse
Thanks, I'll see what I can do.
Technomancer said:
Get the RSA SecurID token software from the market, import your token (using iphone method and paste it in securid), get a robot vpnc httx://code.google.com/p/get-a-robot-vpnc/[/url] and tun.ko (posted somewhere in Galaxy Tab forums or build it yourself).
It worked for me for my work VPN.
Click to expand...
Click to collapse
Does that client you posted actually have an rsa eap client integrated? I am very curious.
I setup our ISA servers at work to authenticate against RSA servers for two factor. We use keychain tokens. We are using this on pc's deployed with cmak along with an added installed eap client. The vpn also works with the built in eap client included with Apple OS and tested on MAC, IPad, and Iphone.
I'm curious if anyone has found an android vpn client that will allow you to enter your token code.
I've been looking for the same solution myself. . . Got the new Cisco jabber client but of course need to vpn first.
Sent from my GT-P1000 using XDA App
omnia2tester said:
Does that client you posted actually have an rsa eap client integrated? I am very curious.
I setup our ISA servers at work to authenticate against RSA servers for two factor. We use keychain tokens. We are using this on pc's deployed with cmak along with an added installed eap client. The vpn also works with the built in eap client included with Apple OS and tested on MAC, IPad, and Iphone.
I'm curious if anyone has found an android vpn client that will allow you to enter your token code.
Click to expand...
Click to collapse
I know there are software tokens for many of the mobile platforms to generate rsa keys and such. We alsu use RSA for Citrix. However those wont help with vpn.
I too am looking for a vpn client that will leverage the SecureID eap authentication. It would be nice if the Android distribution included a built in client like the Apple IOS does. :-(
Hi Guys,
Did anyone ever get a workaround for this? we're trying to get users to use tablets to VPN into work using IPSec and SecurID tokens without buying anyconnect licenses.
Cheers
Related
Anybody out there successfully doing IPsec VPN on a windows mobile device ?
I'm having a devil of a time getting anything working.
Thanks,
DLD
OK how about IPsec VPN with ANYTHING [email protected]#$?
DLD
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)
can you share sir what app you used for us to use? i have and S3 also and we have a Watchguard XTM 5
End_Bringer said:
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)
Click to expand...
Click to collapse
The only available client that I have been able to get work is ncp vpn client with a mobile user ipsec tunnel to connect to my watchguard x515
Ran trial for a week and just pulled the trigger.. Very happy.
Sent from my SAMSUNG-SGH-I747 using xda premium
Need to set group namem for my VPN connection.
Doesn't look like android supports this.
Anybody know where I might find info?
I use the VPN software downloaded from the Market. And the setup of GroupName and GroupPwd you can refer to the bleow settings.
IPSec ID =GroupName
IPSec secret = GroupPwd
For more details you can check the below link:
http://techha.us/2009/06/android-vpn-vpnc/
That would work, if you have root.
Donut appears to only support L2TP/IPSec VPN (RFC 3193).
It looks like you are trying to connect to an implementation of Cisco-like VPN which would require a Group name and Group Password. Donut does not appear to support this yet.
Like binchen said, you can use the Android port of vpnc and as scoob said, this does still require root.
Luckily I have root, so that shouldn't be too much problem.
Thanks!
i have a root
but i got force close immediately
recently i installed the last eclair kernel from Dalingrin (2/25/11), which among other great things, implements netfilter/iptables
i was able to install both TransProxy and AsProxy, but since i need ntlm authentication to connect to the internet in my office, only AsProxy would be useful for me, but when i hit the start button, it says that the iptables were not found.
has anyone been able to connect to the internet thru a proxy server (in my case an ISA Server), with any of the above mentioned programs or another one?
Have you gotten your iptables to show up yet?
I havent gone the route of ROM yet but I probably will have too. I have asproxy and Orbot (TOR client) installed but without iptables they are useless.
wrenchneck said:
Have you gotten your iptables to show up yet?
I havent gone the route of ROM yet but I probably will have too. I have asproxy and Orbot (TOR client) installed but without iptables they are useless.
Click to expand...
Click to collapse
I have the same issue too. Peharps Dal could compile the Kernet to support iptables.
What I had to do for this is set up OpenVPN... Violates my work policy, but oh well. Couldn't figure out how to get it set up any other way.
Technically I did set up an access point on a CentOS box with a transparent proxy, but that doesn't handle syncing which I need at work as I use my tablet during meetings and need to have my schedule up to date etc..
Did you heard about Honeycomb 3.1? Now you can set up proxy and user/psw on the wifi configuration. Nice.. It should be very nice if CM7 got this too...
Hi Guys,
Does anyone know if OpenVPN is supported on the Galaxy Note like it is on the SGSII? This is by far, one of the most important reasons for me to buy a Note.
If not, is there a tun file for the note available?
Greets Z
Isn't VPN a standard feature of Android?
VPN is, but only PPTP, L2TP/IPSec. In the SII, the tunnel driver for OPenVPN is integrated in the rom and with the S1 it's compiled by the ROM builders.
Stock doesn't have the module.
I'll have a look later if I can fix up the modules when I'm home, you'll need root thought.
I know that it has support for Cisco Anyconnect and Juniper Junos VPN.
If you could build one, that would be great. OpenVPN is one of the things I use constantly.
does this help ?
http://tabtimes.com/news/ittech-sec...juniper-secure-content-galaxy-note-galaxy-tab
Is there any update about getting the tun.ko file yet ?
i am going mad trying to get this thing to work
http://forum.xda-developers.com/showthread.php?t=1328007
That kernel has a tun.ko it seems?
Zflash said:
VPN is, but only PPTP, L2TP/IPSec. In the SII, the tunnel driver for OPenVPN is integrated in the rom and with the S1 it's compiled by the ROM builders.
Click to expand...
Click to collapse
For VPN Samsung has partnered with Juniper Networks which offers a safe tunnel through the internet to the company network. The current implementation only works with Junipers own VPN Servers, but future clients will work with Open VPN Servers as well. This is a layer 3 solution, meaning that Juniper can reroute and encrypt all data packages without the knowledge of the app. In the future Juniper will offer a complete Mobile Device Management Solution that allows remote wiping and tracking as well as remote app management. Imagine Angry Birds being disabled on a company phone in work hours. This alone could save some companies millions.
Junipers Software had to be baked in right into Samsungs Firmware to allow this deep integration into Android, which shows how serious Samsung takes it’s move into the enterprise sector.
Source:
http://wirelessminds.com/2011/the-galaxy-note-revives-the-stylus/#more-334
---------- Post added at 10:16 AM ---------- Previous post was at 10:13 AM ----------
Additional sources
http://thenextweb.com/mobile/2011/1...or-business-use-with-vpn-and-app-admin-tools/
http://security.onestopclick.com/te...offers-ssl-vpn-to-android-users_800782722.htm
Juniper is still not fully implemented.
Sent from my GT-N7000 using xda premium
Use:
http://forum.xda-developers.com/showthread.php?t=1331784, #4
CF-Root-SGN_XX_OXA_KJ1-v5.0-CWM4.zip
It has the 'tun' module installed. (i.e. already installed - no need for tun.ko)
Using VPNCWidget I was able to login to a Cisco OpenVPN server - first time.
pvlagsma said:
Use:
http://forum.xda-developers.com/showthread.php?t=1331784, #4
CF-Root-SGN_XX_OXA_KJ1-v5.0-CWM4.zip
It has the 'tun' module installed. (i.e. already installed - no need for tun.ko)
Using VPNCWidget I was able to login to a Cisco OpenVPN server - first time.
Click to expand...
Click to collapse
I dont think it has tun module. However i see that you were able to login,
Can u detail me the steps that you took.
Thanks
if you get an adb shell on the Note,
and do
# find / -name '*tun*'
you will see that
/sys/devices/virtual/misc/tun
/sys/class/misc/tun
/dev/tun
exist. So the tun is installed.
Just get VPNCWidget from the market.
Install it as a widget.
Touch it.
Check, allow root via superuser, it will say OK.
Set up preferences.
Sign in.
You can log out via the notification icon.
You may not have DNS set up for your work.
In which case you'll have to use FQDN's for your servers.
pvlagsma said:
if you get an adb shell on the Note,
and do
# find / -name '*tun*'
you will see that
/sys/devices/virtual/misc/tun
/sys/class/misc/tun
/dev/tun
exist. So the tun is installed.
Just get VPNCWidget from the market.
Install it as a widget.
Touch it.
Check, allow root via superuser, it will say OK.
Set up preferences.
Sign in.
You can log out via the notification icon.
You may not have DNS set up for your work.
In which case you'll have to use FQDN's for your servers.
Click to expand...
Click to collapse
u have a pm
Please keep the discussion in this thread and not through pm. I just ordered my Note and would really like to know if there where issues with the Tun.ko module.
Zflash said:
Please keep the discussion in this thread and not through pm. I just ordered my Note and would really like to know if there where issues with the Tun.ko module.
Click to expand...
Click to collapse
Second this. Would love to know if/how openvpn would work on this phone.
Hi all, total android noob here, be gentle
I'm coming from Nokia N900 (Maemo, which had an openVPN client/server app available).
I have openVPN server on my home Win XP box, and my N900 runs openVPN client. I use tap (not tun) for various reasons, and all VPN connections to my LAN are made using certificates that I issue to the clients from my own server.
Am I correct in understanding that in order to get access to my home LAN from my new Note via my current method, I would need to find a custom ROM for the note which included the tap (as well as/instead of) the tun module?
in case it helps, here is my current XP server config:
Code:
local 192.168.0.10
port 11194
proto udp
dev tap
dev-node openVPN
ca "c:\\program files\\openvpn\\easy-rsa\\keys\\ca.crt"
cert "c:\\program files\\openvpn\\easy-rsa\\keys\\server.crt"
key "c:\\program files\\openvpn\\easy-rsa\\keys\\server.key"
dh "c:\\program files\\openvpn\\easy-rsa\\keys\\dh1024.pem"
ifconfig-pool-persist ipp.txt
server-bridge 192.168.0.10 255.255.255.0 192.168.0.150 192.168.0.160
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.0.1"
keepalive 10 120
comp-lzo
max-clients 2
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 6
;mute 20
... and my client config:
Code:
script-security 2
up /etc/openvpn/maemo-update-resolvconf
down /etc/openvpn/maemo-update-resolvconf
resolv-retry infinite
client
remote xxxxxxxxxx.no-ip.org 11194
dev tap0
proto udp
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/n900.crt
key /etc/openvpn/n900.key
comp-lzo
like I said, I have zero experience with android and don't really want to rush too quickly into rooting and ROM'ing my new Note until I have pretty clear understanding of whether it will be worth it to gain the openVPN connectivity.
I could if required use a tun instead of a tap, but I spent a while getting the tap set up just how I wanted it (serving up an IP from a dedicated range on my home router DHCP and running all traffic - including http for the phone browser - through the VPN).
So, long story short - can I currently get openVPN on the note with a tap device & if so, how (in idiot-proof detail!!)?
TIA for any help you can offer
---------- Post added at 01:22 PM ---------- Previous post was at 01:03 PM ----------
I don't have too much faith in this, but I just went over to juniper's website and got accostd by a live chat agent before I'd even had a chance to read their FAQ's. here's the transcript:
[Julie] Welcome to Juniper! Is there anything I can help you with today?
[Visitor] I just bought a samsung galaxy note. I run openVPN on home server and am looking for a suitable client. I see Junos client is available for Note, will this work?
[Julie] Hi
[Visitor] hi
[Julie] Please hold, I am putting together some information for you. Is this a solution you are currently evaluating for your own company or a client?
[Visitor] my own company
[Julie] Yes, I believe it will work. Are you already in contact with a Juniper Reseller?
[Visitor] no, but I don't need a reseller? I just need to know whether your VPN client for Note will allow me to connect ot my existign openVPN installation?
[Julie] I believe yes.
[Visitor] great. I'll download it and give it a go then. THnaks for your help.
[Visitor] Bye
[Julie] You're welcome.
[Julie] Have a nice day.
has anyone actually tried an openVPN client connection via Juniper client with the note as yet?
---------- Post added at 02:02 PM ---------- Previous post was at 01:22 PM ----------
Forget that - just browsed the online doc's for Junos Pulse. It doesn't (V3.0) allow a client connection to an openVPN server, it appears only to support their own servers - the live chat agent was either stupid or just doesn't know what openVPN is (actually, that makes her stupid anyway if she works for a VPN solutions vendor!).
I'm not going to waste my time downloading this corporate bloatware unless anyone has actually got it to work?
drgopoos said:
u have a pm
Click to expand...
Click to collapse
Works or not works?
I too have a tap based openvpn network and I still haven't found a solution to connect to it without tap.ko
As far as I understand Windows Phone 8 doesn't support WPA2 Enterprise EAP-TLS authentication. I mean certificate only based authentication.
Is there any third party app which allows such authentication?
I haven't worked anywhere that used WPA2-EAP since the days of WP7, but WP7 did support it. I have a hard time believing that WP8 does not...
However, third-party apps are not going to be the solution here; apps do not have the ability to directly control the network interfaces or implement authentication schemes for the whole phone.
GoodDayToDie said:
I haven't worked anywhere that used WPA2-EAP since the days of WP7, but WP7 did support it. I have a hard time believing that WP8 does not...
Click to expand...
Click to collapse
I remember vaguely using WPA2 EAP-TLS on WP7. But on WP8 I can't find a solution. And googling doesn't help either.
uszu said:
I remember vaguely using WPA2 EAP-TLS on WP7. But on WP8 I can't find a solution. And googling doesn't help either.
Click to expand...
Click to collapse
It should work. I am using WPA2-EAP and doing user authentication against Active Directory. I support server certificate verification and pushed the cert to the domain member PCs through a GPO, but I don't require verification since the cert isn't installed on most users' phones and tablets. I've been able to associate to the access point with my Nokia Lumia 920 using my domain credentials as long as I don't do the server certificate verification.
In EAP-TLS you authenticate with client certificate. According to Joe Belfiore WP8 will not support this feature soon.
See also users voting here for adding this option.