Related
I'm trying to VPN using GPRS to several networks which I have access to but I can't seem to be able to VPN them with my PDA2K. I can VPN them easily with no special configuration with my XP.
My i-mate keeps trying "Connectioning XX VPN..." and then aborts after about half a minute saying to check the username and password. The username and password are correct.
I called my cellular provider and they said that I should be able to connect to a VPN only if 'UDP Encapsulation' is defined on the VPN server?!?!? Well.. What is this thing? I'm trying to connect to big corp VPN, they wouldn't even listen to 'special requests'. I tried to connect to 4 different VPNs and I could not connect to any single one of them!
I really need that VPN connection via GPRS with my PDA2K. Any help would be more than appreciated. Maybe a different client than the built in VPN client of the WM2003SE ?
Thanks in advance.
Sorci
anyone?
bump for help. this gotta be a common prob.
Your GPRS connection will be subject to some form of NAT (Network Adress Translation) through your provider. VPNs don't get along well with NAT as the firewall doing the address translation modifies the packet header after it has had it's hash value calculated by the client (in this case your PDA). The receiving firewall will reject the packet as the hash values for the (now modified) packet don't match.
UDP encapsulation gets around this by encapsulating the encrypted and authenticated (secure) packet in a UDP packet which will be happily modified by the NAT'ing firewall. The receiving firewall will decapsulate(is that even a word?) the UDP packet and process secure packet inside as normal.
James
Thanks a lot Jamz for the thorough detailed info. I appreciate it.
So what's the fix? I tried several other VPNs and was unable to access them as well.. I can't just call all these providers and make some strange requests for a 'one guy with a pda2k and a gprs connection' that wants them to change their VPNs, enabling or disabling protocols or port.
Any other solution?
sorci said:
Any other solution?
Click to expand...
Click to collapse
Are you sure you're using the built-in VPN client in Windows, and not something like a Cisco VPN client?
You could try something like the Movian VPN client (not sure this is still made). I've used this previously with a Cisco VPN and it is fully configurable to handle multiple VPN types.
I've got a similar problem. Am trying to set up a temporary GPRS connection into my work LAN (I work for myself but 2nd child due shortly so want to be able to connect in from home for a couple of weeks only). I've got MS Win2000 Server set up to accept incoming VPN connections and it works fine on a dial-up connection but refuses to authenticate my username/pasword whenever I try to get the GPRS working.
As it's only going to be used for a short period of time, I'm loathe to spend out on any specific hardware/software but if anyone's got any suggestions, I'd be grateful.
If it helps, the LAN is behind a Netgear DG834GT ADSL modem/router/firewall and VPN PPTP and IPSEC are allowing in and out on it. The server is on a static IP address in the range 192.168.99.x.
GPRS Connections and VPN
With O2 you have to aks for VON connectivity to be enabled and connect to vpn.o2.co.uk instead of mobile.o2.co.uk. (by the way you can't access the web whilst connected to the vpn.o2.co.uk AP)
I suspect that most providers have simalair requirements
Dave
Hi,
I have a little problem that I am sure there must be an easy solution to!
I have set up a VPN on my Universal to connect to work. The problem is that my work's VPN server allocates me an ip address in the 10.x.x.x address range. All servers that I need to access behind the VPN have addresses in this range as well. Unfortunately, my ISP (T-Mobile UK), also allocates an address in the same range. Therefore, whenever I try to acccess a server at work, WM5 suffers confusion since it doesn't know whether to route the message through the VPN or directly out to the internet through the cellular modem.
I have been able to verify that the VPN thing works if my work network was on a different network address since initially, I was unable to VPN into my PC at home for the reason described above. I changed the ip addresses of all machines on my home network and now everything works fine at home.
Unfortuantely, I am unlikely to convince the IT people at work to change the address of all their machines. Similarly, I don't think I will have much success with T-Mobile and so is there anything I can change at my end to avoid this problem?
Thanks in advance for any help.
Mark
Narrowing the ip address may help, eg 10.0.0.1 is different to 10.1.0.1.
are you using this over wifi or gprs? if the phone provider is involved, I assume its gprs.
you could try and esablish your ip address as fixed rather than part of the pool, so the it guys assign a range for remote connections as say 10.0.0.100 to 10.0.0.150 as remote dial in connections, thus giving you a separate number.
the best way though I would have thought is for you to a fixed ip address known to you and the servers, and then hard type the ip address as your vpn settings, then establish that ip address as part of the exceptions settings.
in order to use exceptions though you have to know the range, or the exact ip address you will be assigned, and must be different to your telco.
not much of a solution, just some suggested areas to look at.
cheers
s.
hi guys, just out of curiosity what software are you using for VPN? on my laptop my company has installed cisco vpn, does it need to be a cisco vpn for wm5?? :?
From bad to worse...
Thanks for the reply Simon.
Unfortunately, I just went to try out some of your ideas and discovered that I can't get the VPN to connect at all now. It used to connect OK but then have routing problems whenever I tried to access anything. And my home VPN worked perfectly. Now, I can connect to neither.
I simply switched over to an O2 sim and with minimal configuration changes could verify that my setup still works OK and so it must be something to do with T-Mobile blocking ports. They weren't blocked yesterday!!!
Yesterday I "upgraded" my GPRS account from T-Mobile's Web'N'Walk to Web'N'Walk Professional and now I find I have this problem. Is this just a coincidence, or could it be that the Pro version has more severe restrictions than the consumer version?
I have emailed Customer Services to see what they have to say.
I will post back when I get a reply from T-Mobile.
mstar, I am no VPN expert, but for me, using a Windows XP hosted PPTP VPN it works after a fashion (above problems excepted!). I am using the VPN client built into Windows Mobile 5. I think you stand a good chance of getting it working using the built-in client.
Mark
I simply switched over to an O2 sim and with minimal configuration changes could verify that my setup still works OK and so it must be something to do with T-Mobile blocking ports. They weren't blocked yesterday!!!
Click to expand...
Click to collapse
I've heard on the grapevine that T-mobile have explicitly refused certain types of traffic on the web-n-walk
VOIP is the biggy...
I was seriously thinking about getting signed up - but no point if IPSEC is a prob, as well as VOIP.
Not sure how they can tell it's Skype traffic :?
http://www.reghardware.co.uk/2006/05/09/t-mobile_bans_voip/
for more info
An Update
An update on my VPN problem. Yesterday after total failure to get the VPN to connect, I emailed T-Mobile customer services.
Although they have not replied, when I tried it this afternoon I found that it was working again as before even though it had not been working first thing this morining. Of course I have not changed anythng at my end to cause it to break and then start working again (but they all say that, don't they!).
So, I don't know whether this was just a momentary fault, or whether T-Mobile have changed something to re-enable the VPN ports for me. I can now VPN in to my home PC, but the problem connecting to my work VPN with the 10.x.x.x address remains.
So, Sikkutz, depending on the address of the remote network, you may or may not be able to get a VPN to work using T-Mobile's Web'N'Walk.
By the way, my VPNs both use Microsoft's PPTP and not IPSec and so there may be different issues with that protocol.
I have discovered that O2 provides a separate acccess point, vpn.o2.co.uk, that causes a public ip address to be allocated to the device, ie not on the 10.x.x.x network. It would seem that this is designed to address this very problem. Does anyone know if T-Mobile can provide something similar?
Mark
There must be a solution
Hi!
I have the same problem with my Qtek 9000 (VPA IV). I can connect to my VPN Gateway but the routing into LAN failed. I get a 10.x.x.x address from Vodafone Germany and my LAN uses 10.98.8.X. :-(
But there must be a solution! My previous Qtek 9010 (VPA III) had the same problem, but it was able to route between the 10.-networks after a firmware-upgrade to version 1.40.01! But I don't no why!
What was changed in firmware to enable routing???
Daniel
i have the same issue aswell, I am reluctant to change the IP range of my machines as that usually causes trouble for the servers
Any other ideas?
Thanks
maybe stupid thing, but did you guys try dna forwarding (that is what I use from home office, not on pda to be honest..
Maybe I just did not get your point....
What kind of VPN server do you use? I'am using a Cisco PIX and use a PPTP VPN almost everyday. I can use the 10.1.x.x network at the location the PIX is located (this PIX is directly connected to the 10.1.x.x network).
I can't however use any of the remote offices using 10.2/10.3.x.x etc.
This is becaus of the lack of routing abilities in the PPTP implementation.
With an IPSEC tunnel (additional software needed) the remote offices can be reached without any problems.
I know that some IP implementation disallow routing between a public address and any 10.x address. To solve this you could give your VPN clients an address from a 10.x subnet .
hi sorry been away awhile,
I use the routing and remote admin snapin of Windows server 2003 to manage my VPN, I can connect fine using the phone as a modem with my notebook but as soon as I try accessing any URL/resource on my network it fails, e.g. we have a intranet site on http://servername but it wont open this up.
Any Ideas?
Hi,
I've got my O2 XDA Exec set up just how I want it with regard to connection to the internet, and my LAN via Wifi and GPRS - that's all great. It simply uses the connection that's available at the time, and accesses stuff just fine. I haven't had to mess about with "My ISP", or "Work" connections etc - I just have an "Internet" connection, and it seems to do the job, just like I would on a regular laptop.
However, on a regular laptop, I can set up a VPN connection that I dial at will that will connect me to either my home network when I'm out and about, or to a Windows 2003 Server I have co-located. The only problem is, I can't seem to get my Exec to be able to do the same. I can set up the VPN details under "Connections", no problem, and I can even tell it to connect, but looking at the syslog on the router I can tell that no traffic ever comes close.
I've tried a couple of 3rd Party VPN clients (Bluefire really screws up your machine if you try and install to SD Card!), but these seem to be geared up to more complex VPN setups, and don't seem to handle my setup which, I think I'm right in saying, uses PPTP - they all seem to want to use IPSec, but at least I did see them trying to access the VPN on the router.
Can anybody offer any solution?
Cheers,
Steve.
Hi Steve,
I'm currently trialing Bluefire and using it successfully to log into my work network. As you say it is for more complex VPN configuration but I must admit I know little about this. Having used Movian before in WM 2003, it is usual that loading the software to an SD card is not supported, it must be installed to the device memory. I have also trialed AnthaVPN but this screws up my Wireless/GPRS connections.
John.
Yes, I tried Antha too, and screwed stuff up, so I've had to restore from a backup.
The annoying thing is, the built in VPN client should work, I think, I just can't get it to work.
Any suggestions?
Cheers,
Steve
Can anyone connect to VPN (PPTP) using WM5 via wireless or GPRS?? When i use my old XDAIIi or II, i can connect by now using WM5 i cannot.
Hope those can connect please share. tks.
I can connect to a Windows 2000 PPTP VPN via wireless -- make sure that in Settings/Network Cards/Network Adapters, your network card is set to connect to the Work network.
Also, in Settings/Connections/Advanced/Select Networks, make sure that the lower droplist (private network) is configured to use the Work network.
Aside from those two items, I can't think of any other gotchas.
Ya still doesn't work......
do you know what the vpn device is that you are trying to connect to?
windows servers tend to be quite reliable. there are known issues with some checkpoint and cisco devices.
Hello,
I am having the same problem! I cant connect via VPN (PPTP) to my Windows Server 2003 RAS setup. It works perfectly fine on my laptop over the internet but when I try to connect using my Cinguar 8125 I get a generic "Invalid username/password' kind of error message. I have tried several differnt things, but I was wondering if there are security settings that are turned off or something like that? I actually have my RAS policy to let any device establish a VPN connection (obviously as long as it is authenticated) so I dont know what to do next... any suggestions??
RickoT said:
Hello,
I am having the same problem! I cant connect via VPN (PPTP) to my Windows Server 2003 RAS setup. It works perfectly fine on my laptop over the internet but when I try to connect using my Cinguar 8125 I get a generic "Invalid username/password' kind of error message. I have tried several differnt things, but I was wondering if there are security settings that are turned off or something like that? I actually have my RAS policy to let any device establish a VPN connection (obviously as long as it is authenticated) so I dont know what to do next... any suggestions??
Click to expand...
Click to collapse
For me works fine. I have only 2 connections:
a) my isp, with gprs configuration for vodafone
b) my work network, with the vpn connection definition (ip address, user, passw and domain)
I have it set up the same way and I still get the password issue... what kind of policies do you have in RAS?
RickoT said:
I have it set up the same way and I still get the password issue... what kind of policies do you have in RAS?
Click to expand...
Click to collapse
did you uncheck the security in the connection with the server?
take care with the name user, times exchange get crazy: server/user or only user name for the user field...
Public IP
afterlife said:
Can anyone connect to VPN (PPTP) using WM5 via wireless or GPRS?? When i use my old XDAIIi or II, i can connect by now using WM5 i cannot.
Hope those can connect please share. tks.
Click to expand...
Click to collapse
Hi! I am not an Network expert at all, but here in Norway with one teleoperator we have to use a special access point name on My Work Network connection to get a public IP-address so Network accepts the connection. Perhaps nothing to do with your problem, but also we experience a lot of PDA users having no problem with pre-WM5 devices and much problems with WM5 devices and VPN
Hi,
I am trying unsuccessfully to connect to a PPTP VPN using the VPN client built into my new HTC TyTN II.
Wifi - I can connect using a WinXP SP2 laptop using wifi through my home linksys wireless router (which has PPTP passthrough enabled) using the standard Win XP vpn client. When I try with my TyTN II, I can browse ok but if I set up a VPN connection I get "VPN server problems. Verify your username and password, etc"
GPRS - If I try to connect over GPRS, I connect to Orange GPRS but when it tries to connect to the IP address of my VPN server, I get the same VPN server problem error message. (As a side issue, I asked Orange to enable my account for vpn which they did, sent a SIM update and told me to change my apn to 'internetvpn' instead of 'orangeinternet')
As I can connect through my wifi connected laptop, it seems to point to my WM6 vpn client but my forum searches suggest that the WM6 client works ok. Oh, and yes, I have checked that I am using the correct vpn username and password!
Any thoughts greatly appreciated - the ability to maintain some linux servers was my main reason for getting this phone!
_______________________________________________________
Phone - HTC TyTN from Orange
Windows Mobile 6 Professional
CE OS 5.2.1620 (Build 18125.0.4.2)
Processor QUALCOMM MSM7200-400MHz
Memory 101.63MB
Setings Device Information Version
Operator version 24.181.1.612
ROM Version 1.81.61.2.WWE
ROM Date 09/20/07
Radio version 1.27.14.32
Protocol version 22.45.88.07H
Bump!!! Same problem here. I have all the proper ports open on my router and still no luck.
I've been trying to resolve this with the people that manage my vpn server which is my case is a Watchguard firewall - apparantly Watchguard isn't compatable with PPTP on WM6 and they have suggested using IPSec and have provided me with a client (not that I've got that working yet either!)
I suggest you contact the vendor of your vpn server and ask them whether they are compatable and how a WM6 client should be configured. Post anything you find out here for the benefit of others.
WM6 don't connect to VPN over GPRS/ WiFi
Friends...
I have the same problem... the VPN server is Windows Server 2003... My PDA has WM6 (with in-build VPN client)... then VPN PPTP would work OK... but What is the wrong??
Regards...
I also could not connect on vpn over GPRS and got error message, but after I tested all installed programs I have found out that my SPB GPRS Monitor was the reason for the errors. So I killed it.
Now VPN over GPRS connects and looking into register I see that I am really connected i.e. I got DNS server IP, I got name of the local network and dynamic IP for my HTC, but nothing works. As I have found out from server guys they see me but my dynamic IP is not logged in server DNS, so no program sees me and I can not work.
Can somebody help?
Same
I have a similar problem but the difference is that i don't even receive an error message. When i click connect NOTHING happens!! The wifi i am using is an open network but I must connect to vpn to connect to the internet.
Please help as i really need to get this working...
I have been trying to iron this out with IT at my office as well. I have been trying to get WM6.1 VPN working for nearly a year.
I have a TyTnII and my IT office just bought some kind of WM6.1 Motorola/Sprint Smartphone as well which they actually asked me about setting up for them.
The problem what I am experiencing is that I CAN connect to the VPN server (I use one of the TaskMan progs that has ipconfig built it, and I am getting an appropriate IP from the VPN server). BUT I can't browse ANY intranet sites via PIE or Opera Mobile 9.5. Whenever I try to browse to an intranet site I just get nothing, browser does nothing for ~10min then gives timeout error.
I have heard that this has to do with an inbuilt error in the PPTP module of the VPN client that incorrectly makes VPN server requests using the IP address assigned by the GPRS/EDGE/3G/etc. connection rather than the IP address assigned by the VPN connection, obviously will cause problems!
Anyway, we are investigating 3rd part VPN clients...
Only IPSEC works
I also made many tries to get vpn working over BT PAN profile.
The only configuration which worked for my was IPSEC with the Safenet SoftRemote-LT Client on PC.
With the windows native pptp based vpn does not work .
I got the error code 721 what means that the GRE protocol (frame type 47 on port 1721) does not pass through. This seems to be the the real problem of the packet filtering components of the WM device. The problem is not related to bluetooth or PAN Driver, because it behaves in the same way if you try to do it over USB port. No way.
You guys might want to check out my post about getting my PPTP VPN working and actually syncing ActiveSync on a fixed schedule regularly over VPN.
http://forum.xda-developers.com/showthread.php?t=428878
Getting what you want to work over VPN requires work URL Exceptions so that the traffice is properly routed.
nkitson said:
I've been trying to resolve this with the people that manage my vpn server which is my case is a Watchguard firewall - apparantly Watchguard isn't compatable with PPTP on WM6 and they have suggested using IPSec and have provided me with a client (not that I've got that working yet either!)
I suggest you contact the vendor of your vpn server and ask them whether they are compatable and how a WM6 client should be configured. Post anything you find out here for the benefit of others.
Click to expand...
Click to collapse
Watchguard does support PPTP, your IT guys just need to configure it. As for IPSec which would be awesome because there is an app call Greenbow that will connect you over 3G doesn't work with Watchguard. You can only connect using their own client for it which needs a license and isn't support on Windows Mobile. They got a hate email from me for that crap.