Related
While I was looking for a *working* VPN client solution to work with a Cisco concentrator, I found a couple of potential solutions:
1. Bluefire VPN client (http://www.bluefiresecurity.com/)
2. AnthaVPN (http://www.anthavpn.com/webmaker/portal/wmlink_360)
Both claim to work with the Cisco concentrator (3000 series to be precise). Before I go ahead and install either/both on my MDA Pro (with Imate ROM), I was wondering if anyone had any good/bad things to say about the software?
Any help would be appreciated.
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
rukna said:
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
Click to expand...
Click to collapse
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
rukna said:
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
Click to expand...
Click to collapse
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
Did you try the VPN client from APANI
There is a trial version for CISCO VPN 3000 Series for PDA and Mac
http://www.apani.com/vpnclients.html
italos said:
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
Click to expand...
Click to collapse
I tried that already, didn't work. It may just be issues with the configuration on the concentrator. I'm going to play with it this weekend to see if I get anywhere. Thanks for the reply, nonetheless.
pierrelp1 said:
Did you try the VPN client from APANI
There is a trial version for CISCO VPN 3000 Series for PDA and Mac
http://www.apani.com/vpnclients.html
Click to expand...
Click to collapse
I filled out an eval request yesterday with Apani and got the instructions to download the client this morning. I'll install it over the weekend to see if it works "out of the box". Thanks for the suggestion, dude!
It appears that Apani doesn't really support the universal. Got the following from one of their support reps. Back to the drawing board, I guess.
The Client does not support the use of Windows Mobile 5. We currently
support Windows Mobile 2003 only.
Sincerely,
Janet
Apani Networks
[email protected]
714-674-1700
Click to expand...
Click to collapse
Bluefire VPN
be careful when installing Bluefire... It is a mess if you install it on the SD card..
it's a nuisance to uninstall it... all advice i got from "Bluefire support" was to try a hard reset.... most helpfull
(apparently this problem is well explained in their "product documentation"... but no solution has been found.. yet
NCP Secure Entry Client works
Have a working environment against a CISCO-PIX with NCP
http://www.ncp.de/english/services/testsoftware/index_entry.html
=) Georg
I got the BlueFire client to work finally! I had to enable the PFS (Perfect Forward Secracy) on the concentrator along with the encryption set to 1024 bits on my group profile.
After I got past that, I got the DirectPush client to work with my exchange server! Now I can confidently say this phone has been worth it for me!
OpenVPN
FYI - I just came across this openVPN port for windows mobile and thought it might be of interest for some of you guys:
http://www.ziggurat29.com/OVPNPPCAlpha/OVPNPPCAlpha.htm
Its still in the alpha stage and is continually being worked on by the author, David G. Lemley, III
I am in the same boat - need to use IPsec VPN to connect to our corporate Exchange server.
I am testing BlueFire 2.3.0 client for more than a week now. Overall it is very good - it does its job done. But after running it extensively for a week I discovered several issues with it, mostly cosmetic, but they are really annoying. Especially, if you want to have Direct Push. Those issues are:
1. "Save credentials for auto-reauthentication" does not work - you have to enter your password every time you connect.
2. It does not reconnect on its own, if it looses the connection (i.e. EDGE/GPRS goes down temporarily)
3. Detection of disconnect is not very reliable - sometimes when you loose signal and GPRS connection wants to disconnect, it cannot do it because of VPN still thinks it is connected and prevents GPRS from reconnecting.
4. Extensive use of on-screen push-buttons instead of soft-keys. And soft-keys are mapped to rarely used functions, like About - poor interface design. It woldn't be so bad, if the VPN client was not requiring user interaction to reconnect and authenticate...
5. After several minutes of standby, it brings its window on top of Today screen, kinda like letting user know that he better check his tunnel/connection, because it could be already disconnected... In most cases it is not true, because the unit wakes half the way up every several minutes to check email or sent a heat-beat packet, which keeps connection up (this only applies to GPRS/EDGE connection and not WiFi, unfortunatelly). But sometimes the VPN tunnel becomes dead, and you have to click "Disconnect", "Connect" and enter your password again.
Ok, that is my impression about BlueFire VPN client. Now the question is - is there any better IPsec client for PPC (WM5), which allows you to have Direct Push email over IPsec all day long without your intervention to check the connection status and reconnect manually?
Thanks for your time.
Im also trying to connect to our corporate network using a vpn client.
with my laptop i usually do this with the cisco vpn client and a very simple configuration.
My target is doing the same with the universal.
I tried Bluefire VPN, and AnthaVPN.
Eventhough i tried a lot of times, i couldn't make a connection with bluefire
With Antha, the results were better. I could connect , but after installing it, wifi stop working, and the active sync, sometimes doesnt recognize the device ( i saw in this forum somebody with exactly the same problem).
Is there anybody that use Antha in Universal without problems?
I checked the official web of Antha, and universal is not supported.
Do you know any other vpn software that works with Cisco?
Thanks
I recently purchased a tmobile mda and was trying to access my campus's network. But when I logged on, the only page I could view was about downloading a vpn client for multiple os's (but no windows mobile) to use the network.
Is there a vpn client for windows mobile?
Any help would be great.
Thanks!
There's a built-in client that will handle L2TP and PPTP VPNs. If you go into Settings/Connections and click "Edit my VPN servers" you can configure the client for your VPN. It's worth a try.
Tried that, didn't work... I decided to ask my University about their network, they said it was a cisco 3000 or something... And also informed me that "to their knowledge" the windows mobile 5 built in client isn't compatible...
I then went to the College of computer science help desk to see if some peers could help me. They said someone had bought a $100 program to be able to connect to the concentrator but didn't know who made it or where to get it.
Does anyone know of such a thing? Or a cheaper alternative?
AnthaVPN
I have found AnthaVPN wich is about from 40$ to 100$ depending what you need.
I'm trying also to open VPN without this IMHO too expensive solution. But if it's the only way - then I need to buy....
Maybe some kind of tunneling from own Linux-server (With Swan) might be the free solution....
I have been testing Bluefire Security's VPN and it works great, but my employer is using a Nortel system sio I cannot comment on the Cisco compatibility. It costs $79. I have also tries Antha but is cause problems enabling Wifi and Gprs.
John
Long time I could’t make connection with the built-in VPN client. After the latest ROM update from Qtek it works (I tested only PPTP). I can make VPN to SBS server and Windows XP. Also I can use Terminal Services true VPN connection.
The only thing I can’t get working is to access network shares (I tried GSFinder+ and NetUse).
Guka
Hi!
In our company we have Cisco VPN clients on laptops. How do I open VPN connection from TyTN?
.............probably not going to happen.
...did you install the client on your phone?
ClCisco does not have client...
There is no official client from Cisco. AFAIK.
There is third party program that I have not installed... Because it is so expensive. First I want to try with what I have...
In TyTN there is clien inside which should support appropriate protocols. It does not support changing RSA-key... afaik again. Any suggestions?
Hmm.
It should work, as long as your company doesn't demand that your computer be joined to a domain or anything. Hostname, username, password should be all you need.
Group password...
I think the biggest problem is this group authentication system... Groupname and password. There is no way to set those parameters.
VPN Clients that support "Group Authentication"
If you require "Group Authentication" you'll need either the:
Bluefire
http://www.bluefiresecurity.com/products/vpn/
(I'm testing with the 15 day free trial and it works, with one annoyance - it does not reestablish automatically if I lose phone signal, and have to reconnect, typing in password again. It will be $79 to own)
or the:
NCP VPN client:
http://www.ncp.de/fileadmin/pdf/datenblaetter/NCP_DS_Entry_Client_CE.pdf
(see 30 day free trial download link at end of the .pdf, I have NOT tested, but read it works here: http://forum.xda-developers.com/showthread.php?t=356489, $83 to own)
Good luck,
Thank you for pointing the other... I've also been able to find Bluefire but had no time to test it. Good to know that it works. Yes I really need that group authentication. I'll test this second one also.
I've got Bluefire VPN working with a Cisco VPN Concentrator and RSA authentication.
_mike_ said:
I think the biggest problem is this group authentication system... Groupname and password. There is no way to set those parameters.
Click to expand...
Click to collapse
I've been trying to connect my Tilt to my Cisco ASA5510 device using standard L2TP and I can't get it to work. No need for groupname and password, but it always fails.
The inbuilt client lt2p does work with cisco vpns we have it working through a cisco 3005 concentrator. It is a bit of a pain to set it up correctly at the concentrator end. If anyone is interested i'll put together a guide based on what we did.
If anyone is interested i'll put together a guide based on what we did
Click to expand...
Click to collapse
That would be great!
Please do.
No luck here in WinMo 6.1 .... please advise us on your findings ....
Thanks!
any updates???
Basti756 said:
I've got Bluefire VPN working with a Cisco VPN Concentrator and RSA authentication.
Click to expand...
Click to collapse
Please do share what u did to get this working .... versions, configs, etc.
Much appreciated!
Danke!
hey guys,
am trying to connect to my office's VPN with my vario II. the default software provided does not seem sufficient. for one, i have one of those security key ring things which means my password changes every time i want to connect.
my pc uses cisco's vpn client...
any ideas? right now i'm just synching my exchange server with my pda using activesync, but wouldnt' midn having it on the go! there's no "external" access as such for the exchange server - it does have a web front end but its highly customized and isn't as easy as just configuring it as an external data source on my pda...
This one works perfect for me..
http://www.ncp.de/english/download/testsoftware/index.html
We use AnthaVPN at my university and it's supposed to work quite well with Cisco concentrator gateways, but be warned, if you have the latest 3.3 aku, you might run into problems like I did regarding loosing 3g internet connectivity on your hermes. However it could have just been a fluke as I didn't bother trying a fresh install of antha after a hard reset or anything since 3g is just as fast as my universities wireless internet anyways
Hope this helps
You can also try Bluefire. They have a 30 day fully functional trial version.
Find out more Here
Applestar said:
http://www.ncp.de/english/download/testsoftware/index.html
Click to expand...
Click to collapse
I have installed this but can't see any way of configuring the VPN connection. How did you configure it?
You have to use the PC client in order to create a configuration file and then transfer the file to your device
duh!
thanks!
bluefire is amazing. i bought it.
I came close to getting bluefire to work on our Cisco network... But once connected it would not transfer data.
I read on a seperate post here that alledgely the medianet unlimited plan uses the wap.cingular access point. That point is NAT based and some vpn clients do not like that... So they refuse the connection based on changing ip addresses.
I am not a networking expert so I do not know if this is in fact the case.
I do know I tried every freakin setting for bluefile and could not get a vpn tunnel from my phone to our Cisco vpn... So I gave up!
NCP
Could I get more specific infos about bluefire? They wanted a 5 page survey before they would send me a (business) trial.
Well, NCP Secure Entry VPN Client works perfect for me with Lancom and other standard firewalls. And yes, configuration is made with a Win XP Desktop Application. Nice about this: They got a Desktop VPN client as well which will be configured exactly the same way. So if you got a working setting for your Laptop you can manually copy the settings and they will work on the PPC as well - thats what I did.
Hi,
I'm currently on a HTC Trinity using Mary's 3.3.5 ROM and want to be able to connect to my universities WiFi network but to do so I need to use a VPN tunnel, anyone recommend a good PPC App that will allow me to connect to my universities VPN?
Cheers,
Mike
mikecsmith said:
Hi,
I'm currently on a HTC Trinity using Mary's 3.3.5 ROM and want to be able to connect to my universities WiFi network but to do so I need to use a VPN tunnel, anyone recommend a good PPC App that will allow me to connect to my universities VPN?
Cheers,
Mike
Click to expand...
Click to collapse
WM6 Pro includes both a PPTP & a L2TP/IPSec VPN client. This will work with most VPN routers & firewalls, however they may not be configured to support it. If you can connect using Windows 2000/XP's built-in PPTP or L2TP/IPSec VPN Client then you can almost certainly connect with WM6's.
A lot if VPN Routers & Firewalls are supplied with a 'free' Windows client that has the documentation geared around it. However most (if not all?) of these products will work with the native VPN client in Windows 2000+ (and WM5/6). I would try and stick with the L2TP/IPSec client but this requires some additional steps over setting up PPTP - on both the client & server (router). It is worth the extra steps in my opinion though.
Andy
I have the same problem ... I am not able to connect using the default VPN client ...
Hi,
There's a great review of vpn clients by Menneisyys in the Wiki. It's entitled:
'Access Your Desktop PC From Your Pocket PC!'
I'm sure you'll find it very useful because it would point you in the right direction as regards VPN tunnelling to your Uni's server.
kiwi992.
kiwi992 said:
Hi,
There's a great review of vpn clients by Menneisyys in the Wiki. It's entitled:
'Access Your Desktop PC From Your Pocket PC!'
I'm sure you'll find it very useful because it would point you in the right direction as regards VPN tunnelling to your Uni's server.
kiwi992.
Click to expand...
Click to collapse
HI!
Thank you for your reply, but this articles are about "Remote desktop" - like solutions for WM - based devises. Not for connecting to VPN.
Did anybody have had any success so far?
Any working 3-rd party VPN clients / Solutions?
Thank you in advance.
Dmitry.
====
keyword list: VPN; connection; VNP over WIFI; VPN WM5; VPN WM6; VPN problem; VPN client;
Hi,
You might find Manneisyys' review very long but if you take your time to read it, you'll see that he talks about the various VPN clients and how they compare. VNC, VNC+, etc are all mentioned there.
Just take your time to read it.
kiwi992.
Nice article, is the VPN working?
Do you have the WM6 VPN client working? Specifically the ActiveSync -> VPN -> MS Exchange functionality that was there under WM5?
kiwi992 said:
Hi,
You might find Manneisyys' review very long but if you take your time to read it, you'll see that he talks about the various VPN clients and how they compare. VNC, VNC+, etc are all mentioned there.
Just take your time to read it.
kiwi992.
Click to expand...
Click to collapse
Thank you for your answer!
But. Once again: the article talks about REMOTE CONTROL with the use of things like: RAdmin, MS RDP, etc.
This sofware - are remote desktops, so called VNC, not VPN clients in a classic way.
There is a little mess we get at the moment. (I've defenetelly got)
Let me describe in detail:
People need VPN here for many reasons, for me it is:
- to connect to some VPN through WIFI with our WM5 \ 6 device.
In my case- this is a public WIFI internet provider, which has a wifi coverage in the city.
Wifi is open PPTP. I need to type in a login \ pass on the web page I get, to start using the internet in current wifi session.
The ALTERNATIVE way to conect to internet - is to establish a VPN connection over the wifi.
I can successfully do in on the laptop.
With my UNI, WM5, AKU 3.5 - I can connect to VPN with the built-in VPN Client, but the first request to internet (via browser or Messaging send-receive) - drops my VPN connection, as it described here in the forum.
So: we need some software that can work.
I tried so far:
1. BlueFire VPN - just can't connect.
2. Antha VPN - just doesn't work.
I have heard thah on some other ROMs there is no problem with the built-in VPN client for PPTP, will try with some other WM6 ROMs later.
Any solution so far?
Thank you, kiwi992
Thanks to everybody!
Hi, im sorry for my bad english.
I have the same Problem. I search for an VPN tool. I have wm6. I know ther ist an VPN client but it doesn't work. To connect to the VPN in my University I need the L2TP/IPSec "safety andcertificate" but I don't kwon where I can load this.
thank's for helping
IronMaster1987 said:
Hi, im sorry for my bad english.
I have the same Problem. I search for an VPN tool. I have wm6. I know ther ist an VPN client but it doesn't work. To connect to the VPN in my University I need the L2TP/IPSec "safety andcertificate" but I don't kwon where I can load this.
thank's for helping
Click to expand...
Click to collapse
Hi! The L2TP/IPSec is a special story.
It is widely discussed here at forum: xda-developers > General discussion > Networking >
Search for *VPN* string on this forum.
This is the: http://forum.xda-developers.com/showthread.php?t=302520&page=2&highlight=*VPN* one of the success stories.
You need to obtain the certificate from the system administrators of your network. You may also have some "magic" URL in your campus network, where you can download the required certificate. This URL should point to the inranet web page of the web interface of the VPN server.
If your goal is to securely connect to some specific computer on the network, you should use one of the VNC programs: the VNC server part on the computer, and the VNC client on your device.
In any case - first check your certificate \ settings on, say, Windows XP laptop, connected through WIFI, first, then continue with the device.
Good luck!
Dmitry
VPN problems
I don't know if this issue is specific to my device (pharos gps 600 gps phone), or to windows mobile 6 which I'm running.
I can't connect to my vpn through wifi, the reason being is that I cannot associate any connections through the wifi card with the vpn info.
Wifi card doesn't show as a selectable modem in the modem tab next to the vpn tab in the vpn config. Only modems are cellular line modems, bluetooth, and one "hayes compatible com1" which is my usb I would guess.
Does anybody know how I might get around this?