hello everybody,
i am having huge problems connecting to my university`s wifi (tu-clausthal in germany). i installed secure w2 newest version and the required certificates from my university. i configured everything according to the guidelines. however, i cannot connect to the wifi network, it keeps connecting forever and nothing happens. i am 100% sure the configuration is correct, a friend of mine can connect with the exact same config. also i can connect to any other wifi network, no matter if wep, wpa, etc. only havin problems with the certificates, it seems.
now my question: has anybody successfully connected to a secure w2 wifi network? if so, which rom and which version of secure w2 did you use?
the technical support of my university doesnt know anything about windows mobile...iphone and symbian phones seem to connect without problems...
any suggestions?
edit: i am using AtheniOS rom wm 6.1
Same problem connecting to a w2 on my AT&T Tilt. My company was running a linksys standard WPA but installed a WPA2 a few months ago. My IT department tried to help but they don't know windows mobile and AT&T tech support was useless. I have a WPA2 option in my wireless menu but I can't connect??? I'll get looking and will post if I find anythink.
hmm too bad. as i said, one of my friends can connect without problems....
With WPA2 Enterprise (not WPA2-PSK) Windows Mobile allows only EAP-TLS & PEAP Authentication, the authentication type will be configured on a central RADIUS server(s). With EAP-TLS you MUST have a personal certificate on the device as well as the Root CA's certificate. The client certificate must also have the 'Client Authentication' attribute. The Root CA certificate will generally have the 'All Purposes' attribute. With PEAP you have the option to use either a Certificate or Username/Password to identifiy the user - you would normally use Username/Password, however the RADIUS Server always identifies itself to the client using a Certificate. The client has the option to ignore this certificate if it chooses, however the default is to verify it is a trusted certificate. In XP or Vista you can turn this checking off in the network settings by unchecking the box 'Validate server certificate'. In Windows Mobile there isn't a way of doing this in the GUI, however there is a registry tweak that can be set:
Code:
[HKEY_LOCAL_MACHINE\Comm\EAP\Extensions\25
ValidateServerCert=0
Setting the value to 1 means check the certificate, 0 means don't check it.
Also verify the Time & Date on your device is in sync with the RADIUS server as timing is critical with PKI.
Other than that I don't know what to suggest. I sucessfully use my Kaiser with (almost) stock 5.2.19212 ROM on two WPA2 networks, one using WPA2/AES with PEAP authentication and the other using WPA2/AES & EAP-TLS - both work fine.
One more thing, check the version of the 'TNETW1251.dll' file. There appears to be at least two floating around. I have version 3.55.0.0 in my ROM.
HTH
Andy
thanks for your advice!
i just flashed the new atheniOS win 6.5 and installed the secure w2 software and now it works! i dont know why or how though
Due to the nature of my setup (asterisk box behind my firewall) i need to specify a port range (10 000 – 20 000) for my tytnii phone to successfully connect remotely to my asterisk box. I have done this with eyebeam on my notebook, so I know my setup works, but I’m desperately trying to get this working on my windows mobile 6.1 the phone connects fine internally when connected on my local wireless network but I need to get this to work using 3g. How can this be done?
I do not know how many people are experiencing this issue but apparently I cannot never ever connect with my school Wifi's network which has security type: 802.1x EAP. It does not work with any Android version I tried (2.1, 2.2, 2.2.1, 2.3.3) and any ROMS (Cronos, HONO CM6/7 mod, Ice&Fire and CM7) weirdly. All it does is just sit there "Connecting and Disconnecting", whenever I forced it to Connect to the network.
Originally I thought it to be an Android bug since all my friends and me who owns an iOS device can connect to the school's network while my other friend who have a Xperia X8 and me with my Milestone can't. However the other day, my friend tried to connect its Optimus One (running stock 2.2) with the network and it connects.
So I take a look at his settings and this is what I got:
Code:
Security Type: 802.1x EAP
EAP: PEAP
Phase 2 Authentication: None
CA & User Certificate: (unspecified)[however in iOS, it will prompt user to install a unknown certificate though for him, no prompt was shown]
Identity: *correct user*
Anonymous identity: blank
Password: *correct password*
I originally thought it was a CM's problem but it seems after trying out other ROMS, it failed to connect to it too. Any help?
http://code.google.com/p/android/issues/detail?id=1386
Thanks for the link, will try some of the workarounds posted in there.
Hmm, are you sure it's PEAP and not something like MSCHAP2 for the authentication? I know my work requires a certificate, which is what allows me to connect; I had to create a p12 certificate, since my work doesn't allow exporting, it was a bit long and arduous using openssl.
However, since you're listing a username and password, it sounds like they can go in without a cert, which, when working with other vendors, was usually specified as mschap2. Still, I'm no expert, so I may be wrong.
If you need to change settings, there is an Advanced Wifi Configuration utility on the market. I'd link it, but evidently my post count is too low.
Yeah it was PEAP, at least according to my friends' Optimus One settings.
Just to report back, after trying out WifiAce and try to tick almost all possible combinations, I unfortunately still unable to connect with my school wifi. The problem is also present in Desire Z. However the LG Optimus One continue to connect without problem. Any ideas?
Hi,
I'm wondering if anyone could help me with the settings that I need to implement for L2TP/IPsec to work with my HTC One?
Basically I have 3 handsets with versions 4.2, 4.3, 4.4 of Android and need to get VPN functionality working.
Previously I was using OpenVPN which worked fine but then version 4.4 of Android managed to break things so the OpenVPN Connect app doesn't work any more.
I think what I'm stuck on is which encryption type works and also authentication type should be?
My server runs OpenBSD so I don't know if anyone has had any luck with that but my current settings are:
main: hmac-sha1 with encryption type aes and modulus of 1024
quick: hmac-sha1 with encryption type aes and psk
I've had a look at some Cisco documentation to try to figure out the necessary settings which are actually the ones above... however I keep getting the error that the "Phase 2 ID's don't match"/
Would someone be able to share their working config experiences so that I can get my handsets to connect?
Basically the issue I'm having is not with the handset but figuring out how to configure the server to get the handset to connect.
Thanks.
Hi,
I am wondering, if I am holding it wrong or if anybody else can reproduce my issue:
When using Wireguard over the mobile Network, I am only getting terrible speeds. WG over Wifi, all is well. Also, without WG, all is well. Tunnel off over Mobile, all well. Tunnel on or off over wifi: All well. Only Tunnel on over mobile network is giving terrible speeds. And this is only happening with the S21U. S20+, Tab S6 are fine with WG tunnel over T-Mobile DE.
Constellation: Using WG tunnel on the S21U over T-Mobile DE giving very slow speeds, only several hundred kilobit/s. Device is an SM-G988B DBT (exynos), 256GB.
I have tried:
- using another SIM-Card - problem in the S21U, fine in Tab S6
- rebooted S21U
- checked and reset APN settings
- use different WG endpoints in several countries and over several destination ports
- set the S21 to 5G, 4G, 3G - always slow speeds over mobile
As Wireguard is quite common nowadays, is anybody else expierencing this problem?
Thanks
Yes, trying to bump it, but seriously, nobody using a wireguard VPN?
I just did a wireguard connection, I'm getting 350mbps download to a local server (400mbps internet package), seems to work fine for me
Thanks, @aroy97 - over mobile network, NOT wifi?
Over wifi, all is well, only over data connection it does not work well at all for me.
I am still having this issue. Can somebody please be kind and test?
- Wireguard over MOBILE, not WIFI
- Speedtest
- Speed ok?
Have S21 Ultra and wireguard, use over mobile and works fine - tested over 4g and 5g - speed is fine
Wireguard is based on udp. Your carrier may be blocking udp.
I switched to Wiregaurd protocol in PIA VPN app a while ago as I get better speeds on the VPN connections. Not had any issues with it since flipping from OpenVPN stack to Wiregaurd.
corwin_amber said:
Hi,
I am wondering, if I am holding it wrong or if anybody else can reproduce my issue:
When using Wireguard over the mobile Network, I am only getting terrible speeds. WG over Wifi, all is well. Also, without WG, all is well. Tunnel off over Mobile, all well. Tunnel on or off over wifi: All well. Only Tunnel on over mobile network is giving terrible speeds. And this is only happening with the S21U. S20+, Tab S6 are fine with WG tunnel over T-Mobile DE.
Constellation: Using WG tunnel on the S21U over T-Mobile DE giving very slow speeds, only several hundred kilobit/s. Device is an SM-G988B DBT (exynos), 256GB.
I have tried:
- using another SIM-Card - problem in the S21U, fine in Tab S6
- rebooted S21U
- checked and reset APN settings
- use different WG endpoints in several countries and over several destination ports
- set the S21 to 5G, 4G, 3G - always slow speeds over mobile
As Wireguard is quite common nowadays, is anybody else expierencing this problem?
Thanks
Click to expand...
Click to collapse
I can confirm this situation. I have a S21, no plus or ultra. The issue is with both wireguard app and TunSafe app. Over Wifi no problem, over mobile - almost no throughput. Without WG VPN: no problem whatsoever.
I run the VPN endpoint myself, and so can see that on the other side of the tunnel, a lot of retransmissions (about 10%) and out-of-order packages occur. Tweaking MTU doesn't help.
My mobile provider is indeed also T-Mobile DE. When you tried "another" SIM card - was that also T-Mobile, or one of the other providers here?
Cheers
OMG, finally.
A workaround which makes it a little better is to disable 'Paketplaner auf mehreren Kernen' in Developer Options.
Bit you know what resolved the issue? Found out recently:
Switching the tunnel (not necessarily Transport) protocol to IP v6. It is, however, a bit of a hassle to set up, as I am using an UDM behind a Fritz.
You need to delegate a prefix from the Fritz to the UDM (did a /60), open the Fritz Firewall for the delegated prefix, set the UDM firewall accordingly, do v6 dyndns from the raspis (which are the WG endpoint).
Get yourself an account from mullvad for 5€ per month, there you can easily set up v4, v6 tunnels and test a lot. That is, how I found out.
I have no idea, how this issue can stay all the way up to the Android 12 beta.
corwin_amber said:
A workaround which makes it a little better is to disable 'Paketplaner auf mehreren Kernen' in Developer Options.
Click to expand...
Click to collapse
This did not make any difference on my side. The connection was as slow and with the same retransmission rate as with this option enabled.
corwin_amber said:
Switching the tunnel (not necessarily Transport) protocol to IP v6. It is, however, a bit of a hassle to set up, as I am using an UDM behind a Fritz.
You need to delegate a prefix from the Fritz to the UDM (did a /60), open the Fritz Firewall for the delegated prefix, set the UDM firewall accordingly, do v6 dyndns from the raspis (which are the WG endpoint).
Click to expand...
Click to collapse
Can you pls go into details:
if you are behind a Fritz Box then we're talking about WiFi and not mobile data. Using WiFi along with a wireguard VPN works without trouble for me.
How do you switch the tunnel protocol? Do you mean to define only ipv6 addresses between the two peers, which means: encapsulate ipv6 traffic inside a ipv4 connection?
If so - how is the Fritz Box involved here? If your ipv6 traffic is encapsulated in the tunnel, the Fritz Box cannot see any of the contents, i.e.: doesn't know that there is ipv6 flowing inside the tunnel.
Thanks for a more verbose explanation.
PS: if I assing an ipv6 address only to the config of the mobile client, and the same on the counterpart config on the server, then still I can open the tunnel via WiFi, but not via mobile data. And even if the tunnel is open via Wifi, I cannot transfer data as ipv4 packets don't seem to flow through the ipv6 tunnel (or at least I don't know how to do that, not so experienced with ipv6).
So again - advice is appreciated.
Will go into more detail later, just quickly:
- Paketplaner is making a big difference for me. Interesting.
- I am hosting Wireguard on a raspi behind the unifi UDM, which is behind the Fritz. Everything in the row has an IPv6 address.
- Therefore I am on mobile data and connecting to my home WG instances - Problem is regardless of connecting to home or e.g. Mullvad. And yes, when the S21 is on wifi, no problem at all.
- Switching between protocols: Setting up the tunnel with an IPv6 destination address and being in an IPv6 network (like Telekom DE offers) makes the difference for me. You need to enable a native v6 connection wan side on the Fritz and also enable it on LAN. You need to set up v6 LAN side on the UDM and on the raspi.
- If you are using an 'external' VPN provider, just try setting up an IP v6 connection. V6 addresses, inside it can be v4. If there is v4 or v6 inside the tunnel (peer addresses are v4 or v6) is not making a difference for me.
Do you want more details on Mullvad? There you can get 1 month for 5€ and quickly create qr codes with different settings (v6 tunnel, v4 transport and vice versa or combinations).
All this brought me to the following solution:
The problem is the IPv6-to-IPv4 gateway of Telekom. This gateway comes into play when the APN internet.v6.telekom is used. This is the case on newer devices. Thus we don't see a problem of the S21 here, but what we see is the problem of a "new" device being autoconfigured to use the 6to4 gateway.
If I use the IPv4 APN (internet.telekom), then wireguard works fine on both WiFi and mobile network.
However I'd like to stay with IPv6. For this I configured the wireguard client to use the IPv6 address of my VPN endpoint. But even then I cannot bring up the connection over mobile network.
All in all it seems to me that there is something weird within the Telekom network.