VPN questions - Captivate Q&A, Help & Troubleshooting

I am using the newest talon kernel and vpnc widget and it works with our vpn concentrator. We use IPsec with group and group password. I am SO glad I got this working but from a security prespective vpnc widget leaves much to be desired. I do not want to have the username and password save where if someone took my phone they could remote in.
So my question is does anyone know of another application that will work with Cisco IPsec group authentication and permit it NOT to save the username and password. I downloaded an applications called "VPN connections" but it would not work for some reason. No logging that I could see so no idea why it failed.
This is huge for me with my job, I need to be able to test connectivity remotely but I also do not need to open my organization to risks by allowing an app just to be clicked on and boom...your inside our network.
Any help anyone can give would be greatly appreciated.

Related

VPN Configuration Help

Well I've been trying to set up the VPN from my uni for a while, but I've never had any luck, so here I am. The uni gives settings to put in the iPhone:
Add VPN Configuration, IPSEC mode.
Server: “vpn.usyd.edu.au”, Account: Unikey login name, Group Name: “wireless”, Secret: “jacaranda”
Now when I try to add IPSec on my G1, it asks either for a pre-shared key or certificate, neither of which I have. And none of the IPSec options on my G1 allow me to put in an account or group name... Any ideas?
Any help appreciated!

VPN client w/RSA token support?

Does anyone know of a VPN client that supports RSA token #'s? I've looked all over the place but can't seem to find anything.
Thanks for any help.
Maybe this? (VPN Connections)
http://android.modaco.com/content/h...7/cisco-vpn-client-on-htc-desire-short-howto/
Jack_R1 said:
Maybe this? (VPN Connections)
http://android.modaco.com/content/h...7/cisco-vpn-client-on-htc-desire-short-howto/
Click to expand...
Click to collapse
I'm running Cyanogen 5.0.7, and I read all the post but did not see anywhere that is supports RSA tokens. I might still try it and see if it works. Thanks!
It says "Cisco VPN Client". I know that Cisco VPN supports RSA tokens, having used one for a long time.
Jack_R1 said:
It says "Cisco VPN Client". I know that Cisco VPN supports RSA tokens, having used one for a long time.
Click to expand...
Click to collapse
Do you think it will still work on a N1, I see that the instructions are for the Desire?
http://forum.xda-developers.com/showthread.php?t=630703
Thanks to Jack_R1 I believe I have everything loaded correctly. Now could someone tell me where I can find my IPSec info on my computer? I'm not to familiar with the VPN stuff, but I have been working at this forever. I'm trying to do this on the low from my company since they said that they won't do it for me.
Any help would be great, thanks.
If you're using any proprietary sw to connect, look there in the connection properties to find the server IP. If not - look in Windows connection properties for VPN 'dialing' connection.
Jack_R1 said:
If you're using any proprietary sw to connect, look there in the connection properties to find the server IP. If not - look in Windows connection properties for VPN 'dialing' connection.
Click to expand...
Click to collapse
Our computers use Nortel Contivity, but I can't find the connection properties anywhere. I see the destination ip, and the assigned ip.
The IPSec gateway address should be what?
IPSec ID?
IPSec Secret?
bump for help!
Couldn't find anything and not familiar with Nortel SW..
http://ubuntuforums.org/showthread.php?t=441042
"You will now be asked first for your Ubuntu password, and then the following VPN info: the IPSec gateway address (the hostname of the VPN router you want to connect to), the IPSec ID (aka group ID), IPSec secret (aka group password), username (your VPN username), and password (your password or the value of your SecurID or other token if you have one)."
I guess you need to ask your IT personnel for IPSect ID and secret. IPSec gateway you can find from settings:
http://www.it.ubc.ca/security/VPN/setupdocs/nortelcontivity.html
"Destination" field holds it.
Jack_R1 said:
Couldn't find anything and not familiar with Nortel SW..
http://ubuntuforums.org/showthread.php?t=441042
"You will now be asked first for your Ubuntu password, and then the following VPN info: the IPSec gateway address (the hostname of the VPN router you want to connect to), the IPSec ID (aka group ID), IPSec secret (aka group password), username (your VPN username), and password (your password or the value of your SecurID or other token if you have one)."
I guess you need to ask your IT personnel for IPSect ID and secret. IPSec gateway you can find from settings:
http://www.it.ubc.ca/security/VPN/setupdocs/nortelcontivity.html
"Destination" field holds it.
Click to expand...
Click to collapse
I believe that I have all my settings correct but I'm still getting "failed to connect". I'm going to do a little more searching but if I can't get it I'm giving up, I have spent hours on this. Thanks for all your help Jack_R1.
I've just started trying to make this work also. Lex, did you ever find a solution?
jmglidden said:
I've just started trying to make this work also. Lex, did you ever find a solution?
Click to expand...
Click to collapse
Nope, I tried everything. Jack r1 was very helpful, but I just couldn't get it. I think my company's security is just too high to bypass and my lack of knowledge didn't help.

[Q] Authenticate on Intranet websites?

I would like to use the xoom to view web pages on my companies intranet site when I am connected to the internal wifi. When I connect to a web page with the browser, I am promted for my login details. No matter how I try and put them in, I seem to be unable to connect. I have tried specifying my user name:
user
[email protected]
domain\user
When using a laptop not joined to the domain, I can use [email protected] or domain\user.
Does anyone know how I can connect to these secured sites? Is there another browser I should use or is this some kerberos/android incompatibility?
For me I just have to use my company email address
Sent from my Xoom using XDA App
id try out firefox if your are still having problems
we have a staff intranet, and I can log in using my normal username and password. must be the way you guys have it configured. sorry not much use, but just +1 for "works for me".
padanfain said:
I would like to use the xoom to view web pages on my companies intranet site when I am connected to the internal wifi. When I connect to a web page with the browser, I am promted for my login details. No matter how I try and put them in, I seem to be unable to connect. I have tried specifying my user name:
user
[email protected]
domain\user
When using a laptop not joined to the domain, I can use [email protected] or domain\user.
Does anyone know how I can connect to these secured sites? Is there another browser I should use or is this some kerberos/android incompatibility?
Click to expand...
Click to collapse
I have the same issue, I would like to log into my sharepoint site but I get a user/pass/domain auth challenge that no matter what I enter comes back incorrect.
I designed and installed and currently maintain the global network for my company, and I can tell you, we've had success with our Android OS users authenticating.
If the default authentication (domain\user) doesn't work, try using the FQDN of your domain (may not be a .com). If you work for XYZ Corp, you may have e-mail address [email protected], but your authentication may be [email protected]
You can check your domain info (provided your Exchange admin hasn't removed it) on your GAL contact card. Open Exchange (webmail or Outlook client) and open your contact card (search the GAL for yourself). Look under the "E-mail addresses" section). If you see something other than a global TLD (.com, .net, ...), you may want to try it. Alternatively, from a domain machine, type ipconfig /all and check what your DNS suffix is. That should get you rolling.
Worst case, check w/your IT department and see if you work with jerks or cool people Review access logs with them from your intranet site and see what username your device is sending. If you'd like, I can provide a simple Windows-based authentication site for you all to test, I will post and review logs with you.
Let me know if you want me to, I'll set up a website.
The stock browser doesnt support anything but basic authentication apparantly
Use firefox and it works
Firefox does seem to work, but the default browser is way better for all other things... oh well.

[Q] how to use built in client to connect to cisco ipsec vpn

is there a way I can work the built in VPN client to connect to a VPN using IPSec mode
i'm kind of a noob regarding this issue
i have the directions on how to set up the connection in an iPhone using the IPSec mode
i have
> server address
> account name
> password
> group name
> secret
for the connection
now, how do i work this into the android client
i tried configuring using different combinations of this info above
but it says "Unable to connect to network. Try again?"
i have a rooted samsung galaxy s 2.2 stock froyo
any help is really appreciated
tia
edit: the handset is technically a samsung captivate, although I don't suppose it'll make a difference
Unfortunately the stock Android kernel won't work with a VPN requiring a Group Name. If you've got a google account (eg a gmail address) you might want to add another star to issue 3902 to ask for this to be fixed.
code.google.com/p/android/issues/detail?id=3902
It can be done if you replace the firmware with something which includes the tun device. The Galaxy SII supposedly includes this out of the box.
The alternative is to reconfigure the VPN to use L2TP/IPSec and authenticate with a certificate rather than preshared key.
supportforums.cisco.com/message/3280346#3280346
Sorry those two links, well, aren't links. Being new here I'm not allowed to post links in case I'm a spammer.
njgalaxy said:
is there a way I can work the built in VPN client to connect to a VPN using IPSec mode
Click to expand...
Click to collapse
Using only the built-in VPN client it's not possible to connect to a Cisco VPN.
I made a small How-To (Link) to get this working on 2.3.3, but I think this way should basically work for FroYo too. Maybe you should give it a try

[Q] Getting the App store to work over corporate domain Proxy server

One of my problem with just taking up the windows 8 phone challange is that inside a corprate network with a Proxy server in place that requires authentication the App store no longer works.
The advanced Wifi settings do not allow you to add a username / password to authenticate either and the browser setting don't allow you to enter anything regarding a proxy at all.
Has anyone got any ideas or developed anything to get around this problem?
The workarounds so far are to allow a seprate SID with open access as ISA servers even with a bypass rule fail to allow traffic for the APP store to pass.
Same here.
I can only browse with IE, I put the address of the proxy at the navbar (192.168...ect) then the IE ask for username/pass
i can,browse the internet, but the app store doesn't work, neither some apps like whatsapp for example
edit: same,with my wife's LG G2, I can browse the net, but the play store is not working.... I don't know much about the proxy servers so can't figure out why this happen

Categories

Resources