Best IPsec VPN client? - Networking

I am testing BlueFire 2.3.0 client for more than a week now. Overall it is very good - it does its job done. But after running it extensively for a week I discovered several issues with it, mostly cosmetic, but they are really annoying. Especially, if you want to have Direct Push. Those issues are:
1. "Save credentials for auto-reauthentication" does not work - you have to enter your password every time you connect.
2. It does not reconnect on its own, if it looses the connection (i.e. EDGE/GPRS goes down temporarily)
3. Detection of disconnect is not very reliable - sometimes when you loose signal and GPRS connection wants to disconnect, it cannot do it because of VPN still thinks it is connected and prevents GPRS from reconnecting.
4. Extensive use of on-screen push-buttons instead of soft-keys. And soft-keys are mapped to rarely used functions, like About - poor interface design. It woldn't be so bad, if the VPN client was not requiring user interaction to reconnect and authenticate...
5. After several minutes of standby, it brings its window on top of Today screen, kinda like letting user know that he better check his tunnel/connection, because it could be already disconnected... In most cases it is not true, because the unit wakes half the way up every several minutes to check email or send a heart-beat packet, which keeps connection up (this only applies to GPRS/EDGE connection and not WiFi, unfortunatelly). But sometimes the VPN tunnel becomes dead, and you have to click "Disconnect", "Connect" and enter your password again.
Ok, that is my impression about BlueFire VPN client. Now the question is - is there any better IPsec client for PPC (WM5), which allows you to have Direct Push email over IPsec all day long without your intervention to check the connection status and reconnect manually?
Thanks for your time.

Hi!
Where did you get version 2.3?? I just can find 2.2 on their website...
I wasn't able to connect to my uni's Cisco VPN with version 2.2 and had a lot of issues with other VPN clients (NCP and Antha kind of disrupted the connection manager) - so basically I haven't found any client which is working properly. Hope that will change with one of the next versions...
Thomas

DoctorT said:
Hi!
Where did you get version 2.3?? I just can find 2.2 on their website...
I wasn't able to connect to my uni's Cisco VPN with version 2.2 and had a lot of issues with other VPN clients (NCP and Antha kind of disrupted the connection manager) - so basically I haven't found any client which is working properly. Hope that will change with one of the next versions...
Thomas
Click to expand...
Click to collapse
Apparently, even though their web site says 2.2, they are giving out 2.3 here for trial:
http://www.bluefiresecurity.com/orders/
As of other VPNs for me so far:
NCP killed all my connections - GPRS and WiFi didn't work anymore. It is overcomplicated and I had to uninstall it to get my connections to work properly again.
Antha is promising, especially its DPD (Dead Peer Detection) feature, but I cannot connect with it to our VPN server no matter what I do. I copied all the settings from Bluefire, which can connect, but stil no success.

Related

DirectPush via Wifi instead of cellular-line - AUTD

I have just updated my wizard to the newest Qtek-ROM (186504-ruu_9100_2170702_21707102_20710_qtek_wwe_ship.exe) with AKU2/MSFP and DirectPush. Everything works fine when I am using a cellular-line.
As soon as I change to a Wifi the ActiveSync tells me the error 85020013: "Your current sync schedule requires a cellular data connection. Please set up a cellular data connection as described in online Help or change the sync schedule." Whats that :evil:? Is there a way to setup DirectPush with a Wifi-connection?
As far as I know Directpush works only with GPRS not via Wifi.
If you disable directpush in your active sync it can connect via WIFI and your error will be gone.
It will sync by wifi even if directpush is enabled but this error will come back every time it sync's according to its schedule.
But your device has to be switched on for this.
Cheers,
Drifter
I had the same question for days.....
Every peace of information you read about microsoft Direct Push says it's possible to sync using gprs AND wifi.
But.... as soon as direct push is enabled and only wifi is available the dreaded error appears.
It doesn't make sense..... wifi is, just as gprs is, a normal IP connection which supports the heartbeat signal en HTTPs notification.
Perhaps someone could clarify this matter
I can try.
Possibliity one:
Its got something to do with the legal IP address associated with the Wizard. This address is crucial to the "always on" connection since there's an IP socket associated with it for port 443 (or 80 if you don't use HTTPS) on the FrontEnd Exchange server. If the IP changes, then the connection is dropped and has to be re-established. That in itself is no big deal, but I believe that there is no mechanism in place to notify Direct Push on the Wizard that this has happened.
(more likely) Possiblity two:
There must be some low-level tie to the Direct push app from the GPRS connection that allows it to function when the device is in standby mode. Have you ever noticed that your WiFi connection is dropped when you place your wizard into standby mode by pressing the power button?
Yep.... i've noticed the WIFI standy but it still would be nice te recieve pushed mails as soon as i start using the wizard.
All this without having to do the manual operations.
Perhaps something for the future.................
@Sleuth255: I am convinced that possibility two is the right one.
Wifi takes a lot of power (at least with my wizard it seems so) and so they don't let it on when the device is in standby (you are right). Switching off GPRS or GSM wouldn't be so clever for a phone so this is probably the reason for making DirectPush only work with a cellular connection.

Simple VPN requirement on WM5 - can anyone help?

Hi,
I've got my O2 XDA Exec set up just how I want it with regard to connection to the internet, and my LAN via Wifi and GPRS - that's all great. It simply uses the connection that's available at the time, and accesses stuff just fine. I haven't had to mess about with "My ISP", or "Work" connections etc - I just have an "Internet" connection, and it seems to do the job, just like I would on a regular laptop.
However, on a regular laptop, I can set up a VPN connection that I dial at will that will connect me to either my home network when I'm out and about, or to a Windows 2003 Server I have co-located. The only problem is, I can't seem to get my Exec to be able to do the same. I can set up the VPN details under "Connections", no problem, and I can even tell it to connect, but looking at the syslog on the router I can tell that no traffic ever comes close.
I've tried a couple of 3rd Party VPN clients (Bluefire really screws up your machine if you try and install to SD Card!), but these seem to be geared up to more complex VPN setups, and don't seem to handle my setup which, I think I'm right in saying, uses PPTP - they all seem to want to use IPSec, but at least I did see them trying to access the VPN on the router.
Can anybody offer any solution?
Cheers,
Steve.
Hi Steve,
I'm currently trialing Bluefire and using it successfully to log into my work network. As you say it is for more complex VPN configuration but I must admit I know little about this. Having used Movian before in WM 2003, it is usual that loading the software to an SD card is not supported, it must be installed to the device memory. I have also trialed AnthaVPN but this screws up my Wireless/GPRS connections.
John.
Yes, I tried Antha too, and screwed stuff up, so I've had to restore from a backup.
The annoying thing is, the built in VPN client should work, I think, I just can't get it to work.
Any suggestions?
Cheers,
Steve

Success with L2TP/IPSec VPNs?

Has anyone had any success with L2TP/IPSec VPNs and Windows Mobile 5 or 6? I have no problems with getting PPTP to work but have NEVER had any success with L2TP/IPSec. I have valid Client & Server Certificates but I have never been able to get a connection; in fact the HTC Wizard I have never even attempts to make a connection (I have a sniffer on the Ethernet port my Wireless AP is connected to). I have tried using Certificates & Pre-Shared Keys but the results are the same - The Wizard never attempts to connect, with PPTP it works every time.
The Server I am using is a Windows 2003 RRAS server and I have verified with a Windows XP Client that L2TP/IPSec works.
I have asked the question before but have not had any helpful replies. I would be grateful if anyone who has set this up successfully can let me know and maybe give me a run-down of the steps you used. I am not interested in any 3rd party VPN clients, it must be the built-in one.
Thanks
Andy
Hi
Yes I have had the same issue with both the wizard and now hermes tried wm5 and wm6. I think it maybe related to NAT-T translation as am unsure from my reading weather MS supports NAT-T on the mobile end. If data session is being NATed by your provider then this may be the cause. Probably need to check the ip packets comming from the phone to see what it is sending out. Is that what you did or is the sniffer at the other end.
sebjepb said:
Hi
Yes I have had the same issue with both the wizard and now hermes tried wm5 and wm6. I think it maybe related to NAT-T translation as am unsure from my reading weather MS supports NAT-T on the mobile end. If data session is being NATed by your provider then this may be the cause. Probably need to check the ip packets comming from the phone to see what it is sending out. Is that what you did or is the sniffer at the other end.
Click to expand...
Click to collapse
It has nothing to do with NAT traversal. WM5 (and WM6 probably?) does NOT support NAT-T, however I am not attempting to get this working over NAT. As I said I have a put a sniffer on the Ethernet port my Wireless AP is connected to and my Wizard does not transmit anything when configured for L2TP/IPSec (except a DNS lookup for the VPN server name if I enter it's DNS name as opposed to it's IP address). With PPTP it works and I can happily see the packets it transmits on the sniffer.
This is really frustrating as it looks like no one has ever got this to work
I had a HP iPAQ 6365 previously with Windows Mobile 2003 and I managed to get it working on this quite easily
Andy
Andy
I now have this working on both the wizard and the hermes.
I am a bit confused with your last response as ipsec port 4500 is nat-t and is required and is being transmitted by both the wizard and hermes in my case.
My setup maybe somewhat different to yours as I have a windows sbs2003 server running isa and rras. It is sitting behind an adsl modem router connected to the internet. The data connection on my phone is edge network on the wizard and HSDPA on the Hermes. Also have tried this via WiFi as well.
Steps I used
On server side router
On adsl modem router setup forwarding udp ports 500 ipsec, 4500 nat-t and 1701 l2tp and protocol 50 IPsec ESP. I selected l2tp/ipsec from its predefined list but noticed it missed udp 1701 so added this manually.
On Server.
ISA management selected Network Configuration right click and selected Allow vpn connections. This essentially setups the ip filters to allow incomming protocols and then sets up rras for pptp and l2tp ports.
In rras configure a preshared key by right click server/properties/security tick allow custome ipsec policy... and added preshared key.
On mobile
settings/connections
My Work Network
Edit my vpn servers and added new IPsec/L2TP connection.
Works a treat hope this helps
I did notice on another forum something about disabling the phone skin but I did not have to do this.
Regards
Stephen
sebjepb said:
Andy
I now have this working on both the wizard and the hermes.
I am a bit confused with your last response as ipsec port 4500 is nat-t and is required and is being transmitted by both the wizard and hermes in my case.
My setup maybe somewhat different to yours as I have a windows sbs2003 server running isa and rras. It is sitting behind an adsl modem router connected to the internet. The data connection on my phone is edge network on the wizard and HSDPA on the Hermes. Also have tried this via WiFi as well.
Steps I used
On server side router
On adsl modem router setup forwarding udp ports 500 ipsec, 4500 nat-t and 1701 l2tp and protocol 50 IPsec ESP. I selected l2tp/ipsec from its predefined list but noticed it missed udp 1701 so added this manually.
On Server.
ISA management selected Network Configuration right click and selected Allow vpn connections. This essentially setups the ip filters to allow incomming protocols and then sets up rras for pptp and l2tp ports.
In rras configure a preshared key by right click server/properties/security tick allow custome ipsec policy... and added preshared key.
On mobile
settings/connections
My Work Network
Edit my vpn servers and added new IPsec/L2TP connection.
Works a treat hope this helps
I did notice on another forum something about disabling the phone skin but I did not have to do this.
Regards
Stephen
Click to expand...
Click to collapse
What ROM are you running on the Wizard? I am currently running a WM6 ROM but I previously used the official QTEK update (AKU 2.3 I think?) and then various WM5 AKU 3.3 ROMs. I have tested this with all of them and none have worked. If I could just see it attempt to connect I would be happy The fact is it doesn't transmit anything at all and all I see is the dialogue box on the Wizard saying 'Cannot Connect'....
With regards to NAT-T I read that the VPN Client in Windows Mobile 5 was not capable of this, I could be wrong however?
Andy
Sorry didn't have signature updated I'm running WM6 MBE on the wizard and WM6 Black on the Hermes
Ok I am still confused can you tell me exactly how you are connecting to your work network. Wifi or gprs.
Can you check also.
Under settings/connections/advanced/select networks make sure you have a separate ie different connections for the internet and private network. The Intenet settings will be your service provider grps settings.
For the private network mine is set as My Work Network. Edit this and make sure sure you do not have any modem connection listed ie we want to make sure it goes out over our existing connection and does not try to make a new connection. Make sure the vpn tab has your vpn settings as required they must be listed here and not under the Internet connection.
If you are using WiFi you must make sure the network setup is Connects to: The Internet and not set to Work. If it is work the VPN will not connect. You can not change this on the fly need to disconnect and setup again.
PM Me When you get to work given time diff I should be home. Might be able to test connection to my server at home then can check logs etc
Also use Task manger v2.7 to view netsats on phone to confirm udp ports and ip routes etc. It will show you if the phone is indeed sending should see upd ports 500 4500 and 1701 being used.
Stephen
sebjepb said:
Sorry didn't have signature updated I'm running WM6 MBE on the wizard and WM6 Black on the Hermes
Ok I am still confused can you tell me exactly how you are connecting to your work network. Wifi or gprs.
Can you check also.
Under settings/connections/advanced/select networks make sure you have a separate ie different connections for the internet and private network. The Intenet settings will be your service provider grps settings.
For the private network mine is set as My Work Network. Edit this and make sure sure you do not have any modem connection listed ie we want to make sure it goes out over our existing connection and does not try to make a new connection. Make sure the vpn tab has your vpn settings as required they must be listed here and not under the Internet connection.
If you are using WiFi you must make sure the network setup is Connects to: The Internet and not set to Work. If it is work the VPN will not connect. You can not change this on the fly need to disconnect and setup again.
PM Me When you get to work given time diff I should be home. Might be able to test connection to my server at home then can check logs etc
Also use Task manger v2.7 to view netsats on phone to confirm udp ports and ip routes etc. It will show you if the phone is indeed sending should see upd ports 500 4500 and 1701 being used.
Stephen
Click to expand...
Click to collapse
I am using WiFi, this is all in a test environment so I have full control over everything. Under Connections I have 'My ISP' and 'My Work Network' listed. 'My ISP' has a modem entry, 'My Work Network' has no modem but has a VPN listed with the IP Address of the VPN server and set to L2TP/IPSec using a certificate on the device (I have tried with pre-shared key also). The WiFi entry is configured as 'Connects to The Internet'.
I enable the WiFi and verify I have connectivity, I then go to Connections, click on My Work Network, 'Manage existing connections' select the VPN tab, hold down the stylus on the entry and click connect and I almost immediately get the dialogue box saying 'cannot connect'. If I edit the VPN entry so it is PPTP it works every time. As I said I have a sniffer on so I can see what the Wizard transmits and it when set to L2TP/IPSec it doesnt transmit anything whatsoever, with PPTP I can capture the whole conversation.
Thanks for any help you can give me.
Andy
Ok I have now also tried using certificates and your right it does not seem to sending any info at all. It might ahve something to do with checking the certificate store first I ahve had issues before with Cisco vpn and certificates you have to get the nameing and certification justs right before it even starts the connection.
So first thing lets try pre shared keys as I have got that working. I will PM you my server details if you wish to try that first.
Stephen
sebjepb said:
Ok I have now also tried using certificates and your right it does not seem to sending any info at all. It might ahve something to do with checking the certificate store first I ahve had issues before with Cisco vpn and certificates you have to get the nameing and certification justs right before it even starts the connection.
So first thing lets try pre shared keys as I have got that working. I will PM you my server details if you wish to try that first.
Stephen
Click to expand...
Click to collapse
I have just re-tested this and using a pre-shared key - same result
There is a brief flash of 'connecting' when you click connect but then the 'Cannot Connect' dialogue box appears, nothing gets transmitted. I have tried entering different IP addresses (public, private etc) just to see if it will transmit anything - it doesn't regardless of the IP address I enter.....
Andy
Andy
check your pm
Are you sure the wireless ap is actually passing the ipsec/l2tp traffic.
Working, well sort of.....
After a lot of messing around I now have this working, at least partially........
Following a soft-reset I can connect to a Wireless network OK (either a new one or one that is pre-configured), I can then connect the VPN using L2TP/IPSec. I can also manually disconnect the VPN and re-connect without any issues. However, when the wireless is disconnected (i.e. turned off from CommManager) and then re-connected the VPN will never work again, unless the Wizard is soft-reset.
Does anyone know what is likely to be causing this? some application in memory or a registry 'state' entry
Does anyone else see this behaviour?
Andy
I had exactly this with L2TP/IPSec on the MDA Vario II, but the same settings work as they should on my Athena.
ADB100 said:
After a lot of messing around I now have this working, at least partially........
Following a soft-reset I can connect to a Wireless network OK (either a new one or one that is pre-configured), I can then connect the VPN using L2TP/IPSec. I can also manually disconnect the VPN and re-connect without any issues. However, when the wireless is disconnected (i.e. turned off from CommManager) and then re-connected the VPN will never work again, unless the Wizard is soft-reset.
Does anyone know what is likely to be causing this? some application in memory or a registry 'state' entry
Does anyone else see this behaviour?
Andy
Click to expand...
Click to collapse
HI!
How can you DISCONNECT?? Do you get a "Disconnect" button or menu item somewhere??
How do you know you are connected to VPN?
Thank you,
Dmitry.
A bit late but...
I have a possible solution to the fact it doesn't send ANY traffic on a connect attempt - on my XDA mini S (HTC Wizard) it requires me to put something in the 'domain' field on the username/pwd screen before it will start the IPSec negotiation....
Now I just have to get it o complete the process with the sonicwall...
David
Revisiting this
I can't get PPTP going on my HD2. Thoughts?
bumping this message
I have tried all the usual vpn software (for 3g connectivity) the only third party software that connects is the ncp software, but I get stuck because it wont accept a challenge response grid.
Symantic - won't auth
Green something - doesn't connect
MS VPN - doesn't connect
I have been able to connect in the past with an iPhone, but without a java i can't connect to most motorola hardware devices at work so it's useless. I'm testing a G1 on 1.6 now and it fails to connect also. Going to try openvpn today sometime. MY friend has his Eris working, so I know droid OS works.
I work for a large company and switching vpn hardware is out of the question, so if anyone has a 3g resolution for winmo, I won't have to trade my HD2.
Hi,
L2TR VPN with the Windows Mobile is working !!
The trick with L2TR VPN on WM is to use: a IP address (and NOT a hostname)
Strange, because using a hostname with PPTP VPN on the Windows Mobile it works.
With the trick L2TR works perfectly.
Chris
Hello. This is my first foray into VPN on Win Mo. I can establish a PPTP connection between my Imagio (stock Win Mo 6.5 R1) and my SBS 2008 server. I can ping the server and can browse the company web page. But I am having no luck accessing file shares. I have Schaps Network Plugin installed, but it doesn't see/can't access the shares. Will switching to IpSec VPN work? If so, any guidance on how to set it up on SBS 2008.

VPN via 3G/HSDPA is still unresolved ?

Hi Everyone,
Having the Shift as my workhorse since some moths, there is still one annoyance I couldn't avoid: my VPN connections are interrupting the Internet connection when using 3G/HSDPA modem connecting to Internet in Vista/WM.
I was trying to search through all existing threads, but I still don't see anyone finding a solution.
I think the root lays in WM somewhere, since I cannot establish a PPTP connection in WM neither. In my case it is certainly not caused by the data provider, because I have checked it with them.
Let's try to put our knowledge together to sort this out !
This is normal behaviour I suppose
When connected to the VPN, the VPN must provide you with either a proxy or another internet gateway, otherwise you are just connected to a private network...
Maybe you mean something else, but from what I read it seems like you never got on the internet with VPN active.
If you did, and you are talking about intermittent network errors, then only high performance settings on your power settings may help.
If you could give more info I could help more. IP/Proxy/Gateway/ did it ever work yes no etc.
lucid said:
When connected to the VPN, the VPN must provide you with either a proxy or another internet gateway, otherwise you are just connected to a private network...
Maybe you mean something else, but from what I read it seems like you never got on the internet with VPN active.
If you did, and you are talking about intermittent network errors, then only high performance settings on your power settings may help.
If you could give more info I could help more. IP/Proxy/Gateway/ did it ever work yes no etc.
Click to expand...
Click to collapse
Lucid,
Thanks for replying. I will try to explain it another way.
1. When I am connected to Internet via Wifi, I have no problem using my VPN connection. I get authenticated and connected to the company network and the connection stays active as long as I want.
2. Using 3G/HSDPA Internet, the following happens:
- I start the same VPN connection, and get connected.
- Than my 3G/HSDPA connection breaks up, and the PPTP dialin stays alive - it doesn't have any use this way of course.
- When I disconnect from VPN, the 3G connection comes back automatically.
I hope this is more clear this way, any hints are very welcome !
jarbi said:
2. Using 3G/HSDPA Internet, the following happens:
- I start the same VPN connection, and get connected.
- Than my 3G/HSDPA connection breaks up, and the PPTP dialin stays alive - it doesn't have any use this way of course.
- When I disconnect from VPN, the 3G connection comes back automatically.
Click to expand...
Click to collapse
Thats exactly the same problem that i have had for over months - it just doesn't work and I can't see any way to get it to work - so much so, I don't use the Shift anymore - got a Tytn II and redfly and just remote desktop to a PC on the work lan!
jarbi said:
Lucid,
Thanks for replying. I will try to explain it another way.
1. When I am connected to Internet via Wifi, I have no problem using my VPN connection. I get authenticated and connected to the company network and the connection stays active as long as I want.
2. Using 3G/HSDPA Internet, the following happens:
- I start the same VPN connection, and get connected.
- Than my 3G/HSDPA connection breaks up, and the PPTP dialin stays alive - it doesn't have any use this way of course.
- When I disconnect from VPN, the 3G connection comes back automatically.
I hope this is more clear this way, any hints are very welcome !
Click to expand...
Click to collapse
The VPN that you are running is on VISTA side.(if yes try to see the routing table) by default the VPN get the default GW, and try to change it.
If this is the issue then you can go to the VPN connection properties -> Networking ->TCP/IP -> Properties -> Advanced -> IP Setings -> unchek the use the default GW on remote network.
regards
Is this a problem caused by this vista "feature", which disconnects the 3G Modem from Vista, as soon as an other network is being connected via WLan or via cable?
I think this is a stupid feature. Instead of that the users just should set the metrics for the networks manually and you can be sure, that Vista always uses the WLAN instead of the GSM/3G modem, if both where available.
alazarid said:
The VPN that you are running is on VISTA side.(if yes try to see the routing table) by default the VPN get the default GW, and try to change it.
If this is the issue then you can go to the VPN connection properties -> Networking ->TCP/IP -> Properties -> Advanced -> IP Setings -> unchek the use the default GW on remote network.
regards
Click to expand...
Click to collapse
alazarid,
Thanks a ton, the TCP/IP part did the trick ! Now my VPN has a use ).
cheers !
Ok guys heres the issue...
At first I thought this problem was associated with the fact that there may have been some software monitoring for other data connections, to disable the GSM modem when not needed...
After checking into everything, I found that there is probably NO software that does this...
Since WM handles the passthrough for the 3G connection, and ontop of that the actual endpoint for the data connection on the GSM connection is the WM side and not Vista, what happens is what when the VPN creates a connection and you opt-in to use the default remote gateway (I prefer to use it, because I require this for the work I do), the default gateway is updated on the 3G network interface.
I beleive that this update of configuration, then causes the WM side to stop the connection because either a) it doesn't know howto interprit this or b) retries to create the connection because it thinks there is an error.
I havn't played with this for a few weeks, and have my fair shareof other stuff I deal with, so I cannot remember if WM NATs the 3G connection, but the key thing breaking this is the WM side.
I beleive that IF you did want to hack up a configuration that uses the remote gateway, you could configure a VPN connection under Windows Mobile and have WM connect to the VPN, therefor the PC would be using that connection (but wouldn't be aware that its connected to the VPN), therefore giving the user access to the VPN, WITH the remote default gateway being used.
Again, as I mentioned its been a while since ive gone tech on my Shift, but I beleive this is correct. If anyone wants to add anything, please feel free.

VPN over public wifi

Hello!
I was on a vacation abroad recently and tried out something novel for me: To use VPN while on a public wifi. Another neatness was that the PPTP VPN server was running on my ASUS RT-AC66U router back home, an endpoint I'm pretty comfortable with
However, there was one thing that griped me: Whenever I established a connection to a wireless network, Viber or Facebook Messenger or something would pop up a message before I could establish the VPN connection. Now, since I don't know how these services work, I don't know if there was a brief period in there that my device communicated messages and credentials in the open. Hopefully there remains some sort of encryption certificates from a previously negotiated session, but I'd like to be confident that it's not possible to send unencrypted credentials or messages.
Ideally, the phone should remain passive until all traffic is routed through the secure tunnel. Is there any way to do this? Android introduced "Always-On VPN" that sounds like it claims to be what I'm looking for. However, it only works for L2TP as far as I understand.
The usage case scenario here allows for no data by default/block all ports/route everything locally. Then if wifi connection is established, open port for VPN connection, establish VPN, then open all ports. Presently I've switched to OpenVPN also, and installed the "OpenVPN for Android" application. I have no problems establishing a VPN connection, it's just tightening any holes I'm interested in.

Categories

Resources