VPN Problem - JASJAR, XDA Exec, MDA Pro General

I am trying to set up a vpn connection and can connect to our firewall but I cannot connect to the network. If I try to pin the network it just times out.
The firewall is configured to allow the device through.
Can abyone help with this??
Thanks

Sorry I'm no expert on VPN or much else.
I use Remote Desktop through a router, firewall enabled.
Took a while to get through the firewall until I had set everything up properly.
You have to enable a virtual server port on the router to allow the traffic in, have you set one up and if so the right port number for VPN. From what I have seen its 1723.
Not much help I know, but seach on the internet for help on setting it up correctly, check your settings and double check.

Hi quest,
let me answer some questions to see things more clearly:
1. Do you use built-in (Microsoft) VPN-Client or 3rd party product
2. If Microsoft, what type of VPN did you set up? L2TP or PPTP?
3. If L2TP, how do you authenticate: Preshared Key or Certificate?
4. How do you know that the device connects to your firewall?
5. How do you know that the device doesn't connect to the network?
6. What exactly is the rule permitting your device passing the firewall?

The answers to your questions are:-
We are using the built in MS VPN client of Win Mobile v5.0 (5.1.1700 build 14352.0.1.0)
I have tried both PPTP and L2PT
When L2TP, I was authenticating with a preshared key
Firewall logs show PPTP negotiation successful, and issues a VPN IP address to the device
It can ping the firewall external interface, but times-out trying to reach an internal address
The VPN session is established, but the firewall logs don't register either deny or allow traffic for each internal ping request, rather the firewall packet error count increments for each failed attempt.
Any help is greatly appreciated.

The answers to your questions are:-
We are using the built in MS VPN client of Win Mobile v5.0 (5.1.1700 build 14352.0.1.0)
I have tried both PPTP and L2PT
When L2TP, I was authenticating with a preshared key
Firewall logs show PPTP negotiation successful, and issues a VPN IP address to the device
It can ping the firewall external interface, but times-out trying to reach an internal address
The VPN session is established, but the firewall logs don't register either deny or allow traffic for each internal ping request, rather the firewall packet error count increments for each failed attempt.
Any help is greatly appreciated.

Related

Wifi access to internet via ISA firewall

I've just set up a small wireless network at home through which I intend to use several devices to connect to the internet through my LAN!
The LAN gateway is running ISA 2004 and my home computer is running the necessary Firewall client (a completely secure connection with username and password)!
Now everything's working fine... the pocket pc hooks up just right and i can browse the network and do what I could probably do using my own personal computer BUT the internet doesn't work!
It keeps asking me for a username and password (which like i usually provide in internet explorer on my personal computer) which i do supply... three times in a row after which it gives me an error saying that ISA cannot authenticate me!
The home computer doesn;t run the internet without the firewall client, and i'm supposing the pocket pc is facing the same dilemma! is there any way to circumvent this issue? perhaps a mobile version of the isa firewall client?
Please help. Thanks!
afaik there isn't a mobile version of the firewall client.
I set my ISA server to allow anonymous internet access ,and set all my machines up as secure nat clients (set isa servers ip as default gateway, I use a dhcp scope to do this). There is lots of info on this on microsofts ISA server website, I'd suggest a look there first, or try a google for secure nat.
Good luck, works well for me but ymmv.

GPRS and Static IP with VPN

HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Unfortunately there is no simple answer to your question. AFAIK you cant get a fixed ip on gprs, but if your using the right firewall and the right vpn host you dont need to.
I use and supply windows sbs 2003 servers and vpn into them regularly. I have also used citrix to achieve similar results. Might be a bit difficult to persuade your firms it dept to set up something like that for 1 person though.
PM me if youd like any advice.
BillyB said:
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Click to expand...
Click to collapse
Hello Billy,
You ask a good question, but the answer isn't simple. Most carriers do have two types of APN (Access Point Name) provision for your SIM: "private" APN (which provides a non-routable IP assignment from behind a NAT, for basic browsing and e-mail functionality) and "public" APN (that provides a routable IP assignment, which is the Minimum Requirement for a more sophisticated connection type, such as VPN, etc). However, both of them are assigned by a DHCP (Dynamic Host Configuration Protocol) Server on a GGSN (Gateway GPRS Support Node) of your particular GPRS network operator. In either case, the end result will obviously be a DYNAMIC IP address on your GPRS terminal (be it a laptop PC, a PDA, or phone)
Some carriers do offer what is called a "dedicated APN" provision, which gives the subscriber their own IP range to choose from (almost like a small subnet), but it is only available to corporate giants like Pepsi (for example).
Now, to sum it up, you must have the proper APN provisioned on your Mobile SIM account (which the provider will normally call something like a "VPN data package" in billing terms). Then, you must obviously establish a GPRS session before you can connect your VPN client (but remember that most basic VPN clients work the best). It is pretty sad to say, but Microsoft Windows-embedded VPN client on Win2k/XP Pro so far has performed the best with no quirks whatsoever. It has to be via PPTP...L2TP has also worked for me..otherwise, the fancier (and more secure) the VPN tunneling protocol, the more its likely to fail. Normally all you need for a basic MS WIndows VPN client config is the Server name (or IP address), the user name, and the password.
Hope this helps,
Let me know how it goes,
Alex
PS. PM me if you have further questions.
VPN and TS Its like pulling teeth
hi all this has got to be the most anoying problem ever. i can connect to O2 vpn access point and hence i can connect to my work vpn server. however as soon as i try to open a TS connection to my desktop (through the vpn) the VPN connection is dropped and i never connect. Can anybody tell me why? if i have a vpn connection to my work server why does TS try to make another connection and bomb out the original. Is there a fix or another way of doing this i.e. does a external IP have to be nat'd to my desktop IP on port 3389? all help greatly appreciated. Ian

VPN application?

Is there an application which will allow me to connect to a VPN connection without having to wade through
Settings>Connections>Advanced>Select Networks>Edit {work network}>VPN>Connect ???
Hopefully if an application exists it will have additional functions such as re-connect settings and possibly being able to automatically redirect specific applications or computers through the VPN connection in a similar way as the exceptions list does for selected WM5/6 applications.
Any suggestions of any applications with such features would be greatly appreciated.
Thanks.
I'm using the "pockethosts" application. it allow mw to specify the name and the IP numbers I consider be part of my intranet. When an application try to connect to an address specified by pocket host WM5 automatically try to connect to VPN.
Ive been using NCP vpn client, It allows you to set up rules for which hosts are 'behind' a VPN.

OpenVPN (WM6) connects but anyhow doesn't work...

Hi,
I have a HP Ipaq 210 series PDA with WM6 and trying to get OpenVPN to work for allowing me to connect the our university network.
After presenting my user data, OpenVPN says "connected" and displays the green symbol. Nevertheless my browsers (PIE, Opera Mobile) or any other internet app is able to "go outside".
Do I have to tell Windows or the browser to use the VPN-tunnel anyhow? I just don't know how to proceed.
Any information that could help me?
Kind regards,
roke
Can somebody please at least indicate how the configuration in the windows connection manager should be? ISP/work and so on? network device should connect to work/ISP? Configuration of OpenVPN: Use connection manager? On which network? Exclusive? ...
I just don't know what else I can do. The admins responsible for the VPN are bloody amateurs and don't know anything about windows mobile...
Help me please...
Regards,
roke
I have not tried openvpn on the ppc, but i run some openvpn connections for my company.
The openvpn server is configured to push the various parameters to the client, essentially that is the ip address ranges which should pass through the vpn and any DNS servers. (Excepted for bridged mode, where the ipaddress will be in the same subnet as the main site.)
From the Openvpn web site :"By default, when an OpenVPN client is active, only network traffic to and from the OpenVPN server site will pass over the VPN. General web browsing, for example, will be accomplished with direct connections that bypass the VPN." Why would you want it any other way?
What is it that is not working?
Can you access the sites and resources with the openvpn connection?
Can you access the sites on the openvpn server side by ipaddress?
Regards
Chapelhill

When VPN down, block app - When VPN up, allow app

Hello...
I have a Mi Box S device. It has the lastest updates.
Basically - what I am trying to do is when my VPN is up, an app is allowed to run (so do nothing). When the VPN is down, block the app.
I do not have ROOT.
I have tried various firewalls on the device that do not need ROOT and blocks apps - but they work by creating a separate VPN connection for the device. When I switch on my VPN, the firewall stops working. When I switch my VPN off, the firewall needs to be manually started.
If I had ROOT, I would edit IPTABLES to block everything except the IP \ PORTS needed for my VPN to work, and that would solve the issue. No apps would have Internet access until my VPN was active.
Ideas welcome. I am not against rooting the device - however - for the newest versions of the Android TV boxes, it seems to cause many more issues and does not seem to be worth the risk.
THANK YOU!
I do NOT know the answer to your question and I don't have Android TV, so ignore this if it doesn't help...
On the PC there are various VPN killswitch batch files that simply remove the LAN gateway, which works PERFECTLY to do what you ask on a PC:
Start VPN and then start the VPN killswitch
If the VPN is on, the LAN and WAN are accessed
The instant the VPN drops, the WAN is dropped
But the LAN remains intact
Maybe something like that is available for Android?
Googling, we get a lot of hits for Android VPN-specific killswitches.
Each Android public VPN server seems to have their own killswitch.
For example, here's one for private vpn on Android.
But there should be a killswitch for Android WITHOUT having to use any given VPN public server.
This hit implies it's a part of the Android settings.
But unfortunately my Android 12 doesn't have those VPN killswitch settings.
Does yours?
Solved. Admittedly - this solution works for me but might not work for others.
I host my own VPN server 'in the cloud' and, as part of that server, it's own DNS server.
Manually set the IP and DNS on the Mi Box S. Set the DNS to an INTERNAL DNS address that is only available when the VPN is running.
The app in question needs DNS to function. When the VPN is down, no functioning DNS, app does not function.
When the VPN is up, DNS functions, the app functions.
Good enough for me...

Categories

Resources