Hi,
I'm trying to connect my new touch HD to the work cisco firewall. I've set it up as LDAP/IPSEC with a preshared key.
When I try and force it to connect it contacts the ASA, starts the handshake but I see this in the debugging VPN log:
Start of Handshake:
Code:
7 Nov 12 2008 15:36:23 713236 IP = 89.193.232.83, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 564
Point of issue (i think anyway)
Code:
7 Nov 12 2008 15:36:24 713906 IP = 89.193.232.83, computing NAT Discovery hash
4 Nov 12 2008 15:36:24 713903 Group = 89.193.232.83, IP = 89.193.232.83, Can't find a valid tunnel group, aborting...!
7 Nov 12 2008 15:36:24 715065 Group = 89.193.232.83, IP = 89.193.232.83, IKE MM Responder FSM error history (struct &0xd9298110) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG4, EV_GROUP_LOOKUP-->MM_BLD_MSG4, EV_TEST_CERT-->MM_BLD_MSG4, EV_BLD_MSG4-->MM_BLD_MSG4, EV_TEST_CRACK-->MM_BLD_MSG4, EV_SECRET_KEY_OK-->MM_BLD_MSG4, NullEvent-->MM_BLD_MSG4, EV_GEN_SECRET_KEY
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, IKE SA MM:d5e02623 terminating: flags 0x01000002, refcnt 0, tuncnt 0
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, sending delete/delete with reason message
Looking at the logs it at no point tries to auth with the username and password so it's a tunnelling issue.
Any super geeks about to help?
jon- said:
Hi,
I'm trying to connect my new touch HD to the work cisco firewall. I've set it up as LDAP/IPSEC with a preshared key.
When I try and force it to connect it contacts the ASA, starts the handshake but I see this in the debugging VPN log:
Start of Handshake:
Code:
7 Nov 12 2008 15:36:23 713236 IP = 89.193.232.83, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 564
Point of issue (i think anyway)
Code:
7 Nov 12 2008 15:36:24 713906 IP = 89.193.232.83, computing NAT Discovery hash
4 Nov 12 2008 15:36:24 713903 Group = 89.193.232.83, IP = 89.193.232.83, Can't find a valid tunnel group, aborting...!
7 Nov 12 2008 15:36:24 715065 Group = 89.193.232.83, IP = 89.193.232.83, IKE MM Responder FSM error history (struct &0xd9298110) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG4, EV_GROUP_LOOKUP-->MM_BLD_MSG4, EV_TEST_CERT-->MM_BLD_MSG4, EV_BLD_MSG4-->MM_BLD_MSG4, EV_TEST_CRACK-->MM_BLD_MSG4, EV_SECRET_KEY_OK-->MM_BLD_MSG4, NullEvent-->MM_BLD_MSG4, EV_GEN_SECRET_KEY
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, IKE SA MM:d5e02623 terminating: flags 0x01000002, refcnt 0, tuncnt 0
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, sending delete/delete with reason message
Looking at the logs it at no point tries to auth with the username and password so it's a tunnelling issue.
Any super geeks about to help?
Click to expand...
Click to collapse
I have a working config from a Cisco PIX 501, however it can only run PIX OS 6.3(5) and not the newer 7.x or 8.x code the ASA's run so it's likely there are differences. Plus I am also using Digital Certificates as opposed to pre-shared keys, however that will only change the ISAKMP policy. I am also using MS IAS as the Radius server.
Code:
access-list l2tp permit udp host X.X.X.X any eq 1701
ip address outside X.X.X.X 255.255.255.252
ip local pool L2TP-IP-Pool-1 10.10.10.1-10.10.10.14 mask 255.255.255.240
aaa-server radius-authport 1812
aaa-server radius-acctport 1813
aaa-server RADIUS (inside) host 192.168.1.1 cisco-key timeout 5
aaa-server RADIUS (inside) host 192.168.2.1 cisco-key timeout 5
sysopt connection permit-l2tp
crypto ipsec transform-set l2tp esp-3des esp-sha-hmac
crypto ipsec transform-set l2tp mode transport
crypto ipsec security-association lifetime seconds 3600
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 28800 kilobytes 4608000
crypto dynamic-map dyna 20 match address l2tp
crypto dynamic-map dyna 20 set transform-set l2tp
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map mymap 10 ipsec-isakmp dynamic dyna
crypto map mymap client authentication RADIUS
crypto map mymap interface outside
isakmp enable outside
isakmp nat-traversal 20
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
vpdn group L2TP-VPN accept dialin l2tp
vpdn group L2TP-VPN ppp authentication mschap
vpdn group L2TP-VPN client configuration address local L2TP-IP-Pool-1
vpdn group L2TP-VPN client configuration dns 192.168.1.50
vpdn group L2TP-VPN client authentication aaa RADIUS
vpdn group L2TP-VPN client accounting RADIUS
vpdn group L2TP-VPN l2tp tunnel hello 60
vpdn enable outside
I have changed the IP addresses I am using, plus I have ommited the PKI Certificate stuff. For PSK's you would need to change the ISAKMP policy.
HTH
Andy
So does this work with WM6.1 native IPSec stack?
There's a similar thread here:
http://forum.xda-developers.com/showthread.php?t=280565&page=2
Someone else stated they figured it out.
stepw said:
So does this work with WM6.1 native IPSec stack?
There's a similar thread here:
http://forum.xda-developers.com/showthread.php?t=280565&page=2
Someone else stated they figured it out.
Click to expand...
Click to collapse
Yes. I have tested this with Windows XP & 2003 as well as Windows Mobile 6.0 & 6.1. The default policies with Vista prevent this working 'out-of-the-box' due to AES being the minimum encryption the Vista VPN client will negotiate (ISAKMP). You can change this though, but it's a pain to do individually and is best pushed down via a GPO - or use an ASA or PIX 7.x or 8.x that supports AES ISAKMP policies.
Andy
ADB100, how is your Cisco firewall configured? I've gotten past phase 1 now but it's stalling at phase 2 as i can't get the client to request the correct policy, it keeps falling back to the default which I can't reconfigure as other policies inherit from it.
Starting to lose my patience, so close yet so far! WinMo6.1 and cisco ASA VPN still has ig issues and no one on the internet seems to know why.
ADB100 said:
Yes. I have tested this with Windows XP & 2003 as well as Windows Mobile 6.0 & 6.1. The default policies with Vista prevent this working 'out-of-the-box' due to AES being the minimum encryption the Vista VPN client will negotiate (ISAKMP). You can change this though, but it's a pain to do individually and is best pushed down via a GPO - or use an ASA or PIX 7.x or 8.x that supports AES ISAKMP policies.
Andy
Click to expand...
Click to collapse
I pretty much posted all the VPN stuff in my previous post. I could send you the entire config if you wish (with some bits scrubbed obviously). I may have an ASA at the end of next week to play around. I will be installing it at a customer site the following week so I should have enough time to test the VPN stuff out, if you can wait? (I'm a CCIE.....)
Cheers
Andy
So you did Andy, sorry I didn't link you to the earlier post. I will continue playing with the ASA today (as you might have guessed I'm not that up to speed with Cisco) and let you know if I get anything.
FWIW here is the drop out when it was failing at phase 1, i don't have the latest log to hand
Code:
IP = , Error: Unable to remove PeerTblEntry
IP = , Removing peer from peer table failed, no match!
IP = , sending delete/delete with reason message
IP = , IKE SA MM:bccde876 terminating: flags 0x01000002, refcnt 0, tuncnt 0
IP = , IKE MM Responder FSM error history (struct &0xd888df20) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG3, EV_TIMEOUT-->MM_WAIT_MSG3, NullEvent-->MM_SND_MSG2, EV_SND_MSG-->MM_SND_MSG2, EV_START_TMR-->MM_SND_MSG2, EV_RESEND_MSG-->MM_WAIT_MSG3, EV_TIMEOUT-->MM_WAIT_MSG3, NullEvent
IP = , IKE_DECODE RESENDING Message (msgid=1100200) with payloads : HDR + UNKNOWN (218), *** ERROR *** + NONE (0) total length : 128
IP = , IKE_DECODE RESENDING Message (msgid=1100200) with payloads : HDR + UNKNOWN (218), *** ERROR *** + NONE (0) total length : 128
IP = , IKE_DECODE RESENDING Message (msgid=1100200) with payloads : HDR + UNKNOWN (218), *** ERROR *** + NONE (0) total length : 128
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , constructing Fragmentation VID + extended capabilities payload
IP = , constructing NAT-Traversal VID ver 02 payload
IP = , constructing ISAKMP SA payload
IP = , IKE SA Proposal # 1, Transform # 8 acceptable Matches global IKE entry # 3
IP = , processing IKE SA payload
IP = , Received NAT-Traversal ver 02 VID
IP = , processing VID payload
IP = , Received Fragmentation VID
IP = , processing VID payload
IP = , processing VID payload
IP = , Oakley proposal is acceptable
IP = , processing SA payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 544
IP = , Received encrypted packet with no matching SA, dropping
Ignoring msg to mark SA with dsID 151552 dead because SA deleted
IP = , IKE_DECODE SENDING Message (msgid=bbb6340d) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
Group = DefaultRAGroup, IP = , constructing qm hash payload
Group = DefaultRAGroup, IP = , constructing IKE delete payload
Group = DefaultRAGroup, IP = , constructing blank hash payload
Group = DefaultRAGroup, IP = , sending delete/delete with reason message
Group = DefaultRAGroup, IP = , IKE SA MM:78a1831c terminating: flags 0x01000002, refcnt 0, tuncnt 0
Group = DefaultRAGroup, IP = , IKE SA MM:78a1831c rcv'd Terminate: state MM_ACTIVE flags 0x00000042, refcnt 1, tuncnt 0
Group = DefaultRAGroup, IP = , Removing peer from correlator table failed, no match!
Group = DefaultRAGroup, IP = , sending delete/delete with reason message
Group = DefaultRAGroup, IP = , IKE QM Responder FSM error history (struct &0xd876e128) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH
Group = DefaultRAGroup, IP = , QM FSM error (P2 struct &0xd876e128, mess id 0x713438aa)!
IP = , IKE_DECODE SENDING Message (msgid=c1a6b7b3) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 80
Group = DefaultRAGroup, IP = , constructing qm hash payload
Group = DefaultRAGroup, IP = , constructing ipsec notify payload for msg id 713438aa
Group = DefaultRAGroup, IP = , constructing blank hash payload
Group = DefaultRAGroup, IP = , sending notify message
Group = DefaultRAGroup, IP = , All IPSec SA proposals found unacceptable!
Group = DefaultRAGroup, IP = , processing IPSec SA payload
Group = DefaultRAGroup, IP = , IKE Remote Peer configured for crypto map: outside-new_dyn_map
Group = DefaultRAGroup, IP = , Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Group = DefaultRAGroup, IP = , Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Group = DefaultRAGroup, IP = , Static Crypto Map check, map = outside-new_map, seq = 20, ACL does not match proxy IDs src: dst:213.122.163.115
Group = DefaultRAGroup, IP = , Static Crypto Map check, checking map = outside-new_map, seq = 20...
Group = DefaultRAGroup, IP = , QM IsRekeyed old sa not found by addr
Group = DefaultRAGroup, IP = , processing NAT-Original-Address payload
Group = DefaultRAGroup, IP = , L2TP/IPSec session detected.
Group = DefaultRAGroup, IP = , Received local Proxy Host data in ID Payload: Address 213.122.163.115, Protocol 17, Port 1701
Group = DefaultRAGroup, IP = , ID_IPV4_ADDR ID received
Group = DefaultRAGroup, IP = , processing ID payload
Group = DefaultRAGroup, IP = , Received remote Proxy Host FQDN in ID Payload: Host Name: HTC70 Address , Protocol 17, Port 1701
Group = DefaultRAGroup, IP = , ID_FQDN ID received, len 5
Group = DefaultRAGroup, IP = , processing ID payload
Group = DefaultRAGroup, IP = , processing nonce payload
Group = DefaultRAGroup, IP = , processing SA payload
Group = DefaultRAGroup, IP = , processing hash payload
IP = , IKE_DECODE RECEIVED Message (msgid=713438aa) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NAT-OA (131) + NONE (0) total length : 293
IP = , IKE Responder starting QM: msg id = 713438aa
Group = DefaultRAGroup, IP = , Starting P1 rekey timer: 21600 seconds.
IP = , Keep-alives configured on but peer does not support keep-alives (type = None)
IP = , Keep-alive type for this connection: None
Group = DefaultRAGroup, IP = , PHASE 1 COMPLETED
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 96
Group = DefaultRAGroup, IP = , constructing dpd vid payload
Group = DefaultRAGroup, IP = , Computing hash for ISAKMP
Group = DefaultRAGroup, IP = , constructing hash payload
Group = DefaultRAGroup, IP = , constructing ID payload
Group = DefaultRAGroup, IP = , Freeing previously allocated memory for authorization-dn-attributes
IP = , Connection landed on tunnel_group DefaultRAGroup
Group = DefaultRAGroup, IP = , Automatic NAT Detection Status: Remote end IS behind a NAT device This end is NOT behind a NAT device
Group = DefaultRAGroup, IP = , Computing hash for ISAKMP
Group = DefaultRAGroup, IP = , processing hash payload
Group = DefaultRAGroup, IP = , ID_FQDN ID received, len 5
Group = DefaultRAGroup, IP = , processing ID payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NONE (0) total length : 61
Group = DefaultRAGroup, IP = , P1 Retransmit msg dispatched to MM FSM
Group = DefaultRAGroup, IP = , Duplicate Phase 1 packet detected. Retransmitting last packet.
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 296
Group = DefaultRAGroup, IP = , Generating keys for Responder...
IP = , Connection landed on tunnel_group DefaultRAGroup
IP = , computing NAT Discovery hash
IP = , constructing NAT-Discovery payload
IP = , computing NAT Discovery hash
IP = , constructing NAT-Discovery payload
IP = , Send Altiga/Cisco VPN3000/Cisco ASA GW VID
IP = , constructing VID payload
IP = , Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
IP = , Send IOS VID
IP = , constructing xauth V6 VID payload
IP = , constructing Cisco Unity VID payload
IP = , constructing nonce payload
IP = , constructing ke payload
IP = , computing NAT Discovery hash
IP = , processing NAT-Discovery payload
IP = , computing NAT Discovery hash
IP = , processing NAT-Discovery payload
IP = , processing nonce payload
IP = , processing ISA_KE payload
IP = , processing ke payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 224
IP = , IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , P1 Retransmit msg dispatched to MM FSM
IP = , Duplicate Phase 1 packet detected. Retransmitting last packet.
IP = , IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , P1 Retransmit msg dispatched to MM FSM
IP = , Duplicate Phase 1 packet detected. Retransmitting last packet.
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , constructing Fragmentation VID + extended capabilities payload
IP = , constructing NAT-Traversal VID ver 02 payload
IP = , constructing ISAKMP SA payload
IP = , IKE SA Proposal # 1, Transform # 8 acceptable Matches global IKE entry # 3
IP = , processing IKE SA payload
IP = , processing VID payload
IP = , Received NAT-Traversal ver 02 VID
IP = , processing VID payload
IP = , Received Fragmentation VID
IP = , processing VID payload
IP = , processing VID payload
IP = , Oakley proposal is acceptable
IP = , processing SA payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 564
Thank you for your help thus far Andy.
ETA - I removed the timestamp to get within char limit, the oldest (first) message is at the bottom, newest (last) at top
Update - I've decided to go down the cert route as there's a working config from Andy above, however the Cisco ASA exports it's certificates in a format the winmo decive can't import! Any ideas?
jon- said:
Update - I've decided to go down the cert route as there's a working config from Andy above, however the Cisco ASA exports it's certificates in a format the winmo decive can't import! Any ideas?
Click to expand...
Click to collapse
OK, I have just got this working in my lab......
I have got a pretty basic config at the moment. I am using a pre-shared key for the ISAKMP phase I negotiation and local users. I have tested it with a Windows XP client and a couple of minutes ago with WM6.1 on my Kaiser. Both worked first time. I used the ASDM GUI to generate this configuration, I just attempted to match up the old PIX 6.3(5) config with the 7.2(4) code that is running on the new PIX.
Code:
ip local pool ip-pool 10.20.20.1-10.20.20.10 mask 255.255.255.240
!
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map inside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
!
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.10.10.10
vpn-tunnel-protocol l2tp-ipsec
!
username cisco password cisco privilege 0
username cisco attributes
vpn-group-policy DefaultRAGroup
!
tunnel-group DefaultRAGroup general-attributes
address-pool ip-pool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key cisco
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
I will do some more testing and get the authentication passed to an external Radius server as well as using RSA Certificates instead of a PSK.
HTH
Andy
Thanks Andy. Are you using the default policy for the devices? My problem seems to be I cant select a different group/tunnel/policy with winmo6.1 so it falls back to the default one which I can't configure to work with the device.
Yes its the default one (DefaultRAGroup), this is pretty much a vanilla PIX (it's not actually a real PIX its just an emulated one as well....). If you can let me have some of the bits of your config I can maybe test them here?
Andy
Here in lies my problem (i think), I can't use the default policy but can't force my phone to another policy.
Andy,
Been playing with Greenbow VPN client today after giving up on the built in one. No having much luck with that either, it seems to be trying to set up a lan to lan tunnel as well.
Here's the ASA config as requested
Code:
ip local pool Pool1 10.x.x.x-10.x.x.x mask 255.x.x.x
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside-new_dyn_map 20 set pfs
crypto dynamic-map outside-new_dyn_map 20 set transform-set ESP-3DES-SHA TRANS_ESP_3DES_SHA
crypto dynamic-map outside-new_dyn_map 40 set pfs
crypto dynamic-map outside-new_dyn_map 40 set transform-set ESP-3DES-MD5
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 62.x.x.x
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map outside-new_map 20 match address outside-new_cryptomap_20
crypto map outside-new_map 20 set peer 62.x.x.x
crypto map outside-new_map 20 set transform-set ESP-DES-MD5
crypto map outside-new_map 65535 ipsec-isakmp dynamic outside-new_dyn_map
crypto map outside-new_map interface outside-new
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp enable outside-new
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption des
hash md5
group 1
lifetime 86400
group-policy DfltGrpPolicy attributes
banner value hispek.com vpn
vpn-simultaneous-logins 30
vpn-tunnel-protocol IPSec webvpn
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Internal_Nets
default-domain value hispek
nac-settings value DfltGrpPolicy-nac-framework-create
webvpn
svc keepalive none
svc dpd-interval client none
svc dpd-interval gateway none
customization value DfltCustomization
group-policy MobileVPN internal
group-policy MobileVPN attributes
dns-server value 10.x.x.x 10.x.x.x
vpn-tunnel-protocol IPSec l2tp-ipsec
username jjbmobile password * encrypted privilege 15
username jjbmobile attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
service-type admin
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key M0b1132
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group 62.x.x.x type ipsec-l2l
tunnel-group 62.x.x.x ipsec-attributes
pre-shared-key m0squito
tunnel-group MobileVPN type remote-access
tunnel-group MobileVPN general-attributes
address-pool Pool1
default-group-policy MobileVPN
tunnel-group MobileVPN ipsec-attributes
pre-shared-key JonsSillyNewPhone
tunnel-group MobileVPN ppp-attributes
authentication ms-chap-v2
!
class-map global-class
match default-inspection-traffic
class-map inside-class
match access-list inside_mpc
class-map outside-class
match access-list outside_mpc
!
Windows Mobile 6.1 with ASA 5510
ADB100 said:
I pretty much posted all the VPN stuff in my previous post. I could send you the entire config if you wish (with some bits scrubbed obviously). I may have an ASA at the end of next week to play around. I will be installing it at a customer site the following week so I should have enough time to test the VPN stuff out, if you can wait? (I'm a CCIE.....)
Cheers
Andy
Click to expand...
Click to collapse
Hi Andy,
I am a new user to the forum....I am trying to workout Windows Mobile 6.1 connect with ASA 5510 using IPSec, through available VPN client which allows L2TP/IPSec & PPTP.
I have seen your posts and found you got this working without any external VPN client....Would you be able to share that configuration with me???
Thanks,
nil3879
Too bad Bluefire Security went out-of-business because their WinMo VPN client worked really well with Cisco VPN 3000 series concentrator and PIX 500 series firewalls and I'm sure it would work with Cisco ASA as well. Tested using group password and AD authentication.
I have 6.5 on my HD and was curious if I could use the lockscreen but without a password so I could keep the slider and notifications, I just dont want to enter a password each time thanks!
the only time you have enter the password, is if you setup the pin function on it, otherwise the slide fuction in wm6.5 works as normal
iky10 said:
the only time you have enter the password, is if you setup the pin function on it, otherwise the slide fuction in wm6.5 works as normal
Click to expand...
Click to collapse
if i do not enter "setting">>"lock" and click the "prompt if phone unused for", the unlock slide to application screen will not appear.
but if choose not to enter the pin, i cannot select the "prompt if phone unused for"
is there a way to activate the unlock slide to application screen but no need to input password everytime??
million thanks.
Forced lock by MS exchange
Yes this is a huge problem. I have the pin lock force on by MS exchange security settings. In WM6.1 this only affecxted when the phone was turned on not everytime it is locked.
This cab (from another thread) removes the lock enforced by Exchange.
Works on my 6.1 and I believe on 6.5 too.
Run it, then go to you Lock settings and the tick box to remove lock is no longer greyed out ...
Alternatively here's the reg setting to edit:
Enable/Disable Exchange Security Policy
Registry Key: HKLM\Security\Policies\00001023
To enable it: Set value to 0
To disable it: Set value to 1
I used similar registry tweak in WM6.1 to get away with the exchange security policy but not working now for the new WM6.5. eg. I can change the inactivity minutes AEFrequencyValue to long enough but still the phone asks for unlock password frequently.
mobiler2 said:
I used similar registry tweak in WM6.1 to get away with the exchange security policy but not working now for the new WM6.5. eg. I can change the inactivity minutes AEFrequencyValue to long enough but still the phone asks for unlock password frequently.
Click to expand...
Click to collapse
I have the Same Problem.
I'm force to have a Password from the exchange security Policy.
I have set the "Promt if phone unused for " to 30 Minutes, but each time the the phone goes to sleep, the Password is asked again.
Did someone have a solution without disabling Exchange Policy or installing S2U2??
Thanks
chemical349 said:
if i do not enter "setting">>"lock" and click the "prompt if phone unused for", the unlock slide to application screen will not appear.
but if choose not to enter the pin, i cannot select the "prompt if phone unused for"
is there a way to activate the unlock slide to application screen but no need to input password everytime??
million thanks.
Click to expand...
Click to collapse
If you disable lock in setting > lock, i.e. untick 'Prompt if phone unused for' and just use slider functionality in wm6.5 you don't need to enter PIN any more.
Install attached cab (Smart Lock) and once installed go to settings > system > smart lock and ensure that both 'wm6.5 new lock' and 'suspend lock' are ticked, then soft reset. Now each time you turn screen off device will lock and to unlock it you use the slider
I installed the Stay Unlock cab and I still have to enter my password when my phone reboots. Until now, for day, it did not ask me for a password after 15 mins of inactivity, but today, it is again asking me for passwd every 15 mins if I don't use the phone. I am not even able to ever uncheck the setting for Lock which turns on requiring passwd - that setting is grayed out for me even after installing the cab. Could someone please throw some light on this? Thanks.
ziggyred said:
This cab (from another thread) removes the lock enforced by Exchange.
Works on my 6.1 and I believe on 6.5 too.
Run it, then go to you Lock settings and the tick box to remove lock is no longer greyed out ...
Alternatively here's the reg setting to edit:
Enable/Disable Exchange Security Policy
Registry Key: HKLM\Security\Policies\00001023
To enable it: Set value to 0
To disable it: Set value to 1
Click to expand...
Click to collapse
==========================
in 6.5 the key is a bit different (policies twice):
Enable/Disable Exchange Security Policy
Registry Key: HKLM\Security\Policies\Policies\00001023
To enable it: Set value to 0
To disable it: Set value to 1
WM 6.5 Company Policy Activated Device Encryption
I recently set up Exchange e-mail on my WM 6.5 AT&T Tilt 2 (Touch Pro 2), which resulted in activating device encryption. Although I check the email box to remember my password, the device constantly asks me for a password.
I've since removed the Exchange e-mail account (I'll go back to synching rather than direct connect as this is too much of a hassle). However, I can't seem to turn off device encryption.
After reading this forum, I've tried the "Stay Unlocked.cab" and the registry settings (e.g., HKLM\Security\Policies\Policies\00001023 setting) to no avail. The "Prompt if Phone unused for remains grey/unselectable.
One thought: When I checked the 1023 key setting it was 0 so I set it to 1. That had no effect. But reading the post 0 = enable so I tried setting the value to 0 and got a message popup: "Exchange server has just enforced security policy required for Active Sync." So something of Exchange is still running or enabled...how can I turn this off?
WM 6.5 Company Policy Activated Device Encryption
Deleting the Exchange connection in Active Sync did the trick. That was so easy I do feel a bit foolish...
Evervolv 7.1.2 for HP Touchpad (tenderloin)
I have just built it from source, integrated Wi-Fi fixes I made for Amazon Kindle Fire HDX earlier, replaced the Wi-Fi driver with the one from backports-5.9.12-1.tar.gz, and tweaked memory settings. Now it sees more 5 GHz channels, automatically reconnects on connection loss, works properly when AP/router uses the same MAC address for 2.4 GHz and 5 GHz.
Bluetooth works.
The camera more or less works in some applications.
Feel free to test and report bugs.
If you intend to install GApps, I suggest disabling unused "heavy" applications like "Google".
https://androidfilehost.com/?fid=17825722713688247295As an alternative, you can download the same file using BitTorrent: magnet:?xt=urn:btih:602c6039b4790d0474488a0c8e8a4c241dd0632f&dn=ev_tenderloin-7.1.2-userbuild-2021.12.05.zip
Whatsnew:
2021-12-05 Removed "Phone" and "EVUpdater" (waste of RAM), increased per-app
Java heap limits (e. g. NewPipe works now).
2021-11-08 Latest Wi-Fi driver & fixes.
Kernel source:
https://github.com/Evervolv/android_kernel_htc_msm8960.git (branch "evervolv/ng-7.1")
Device tree:
https://github.com/Evervolv/android_device_hp_tenderloin-common.git (branch "evervolv/ng-7.1")
Thanks for your efforts!
I know what I'll be doing on the first cold and rainy day.
void555 said:
'...disabling unused "heavy" applications like "Google" '
Click to expand...
Click to collapse
How does one go about disabling?
First time that I've heard about performing this. (Probably I wasn't paying close enough attention.)
middle_road said:
How does one go about disabling?
First time that I've heard about performing this. (Probably I wasn't paying close enough attention.)
Click to expand...
Click to collapse
You wouldn't believe this - there is a button "Disable" in the details of (almost) every application in "Settings"/"Applications".
Thanks for creating this build. Flashing a clean install onto a 32GB Touchpad now to test.
First observation is there is a long delay with black screen between when the "HP Powered by Android" logo shows and when the Evervolv boot animation begins. The black screen lasts several minutes and there is no indication during that time that the ROM is actually loading.
The boot animation appears eventually though, after which the tablet finishes booting pretty quickly.
@void555
Thx, i give it a try. I'm also plagued with wifi disconnects after some time without reconnect.
I have done alot with my router setup to fix this without luck.
Like fixed channels, different names for 2,4 and 5ghz. Not hidden.
This year i found some good reconnect app. Maybe helpfull for someone.
WiFi Prioritizer – Apps bei Google Play
WiFi Priorisierungs wird wifi Ihres Geräts zu einem bevorzugten Netz schalten
play.google.com
I also use no more gapps.
greeting schwatter
@void555
So almost one week is over. Still strong wifi.
Not a single disconnect.
Thx you
Thanks @void555 for creating another evervolv 7.1.2 version and sharing!
I did flash it and works...
WiFi re-associate ( reconnect ) Fix for Android 7, 8, an 9.
About 6 months ago I started using some Tablets as a Web Server, Nextcloud, FTP site and WebDav Server.
Any open ( un-lock ) Android device will do the job, but the HP Touchpad can be completely modified easily and will not brick. Making it the perfect Server, built in battery backup ( no power interruption, always on ) noise free, low power consumption.
The challenge was how to make the WIFI behave like wire Ethernet connection, it needs to be always ON and reconnect automatically no matter what and low latency. The Tablets were always charging by USB port set up for maximum performance settings.
First step set the Router to 5 GHz (faster, but short rage ) instead of 2.4 GHz (slower, longer range)
Attached are the screenshot of the Router:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Connection speed using Evervolv 7.1.2 and 9
How to make Android WIFI to automatically keep the connection alive even if it gets disconnected or the router reboots.
Take total control of your WIFI: All the commands available.
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
To test, connect Tablet to PC open a terminal and use ADB Shell.
Code:
wpa_cli -p /data/misc/wpa_supplicant
Code:
adb shell
tenderloin:/ # wpa_cli -p /data/misc/wpa_supplicant
wpa_cli v2.6-devel-7.1.2
Copyright (c) 2004-2016, Jouni Malinen <[email protected]> and contributors
This software may be distributed under the terms of the BSD license.
See README for more details.
Using interface 'wlan0'
Interactive mode
>
Now all commands can be enter to override the system settings and control the WIFI driver directly.
List of the most important commands to enter in interactive mode:
Code:
IFNAME=wlan0 scan
disable_network list_networks
IFNAME=wlan0 disable_network 0
IFNAME=wlan0 enable_network 0
IFNAME=wlan0 reconnect
IFNAME=wlan0 add_network 0
IFNAME=wlan0 set_network 0 auth_alg OPEN
IFNAME=wlan0 set_network 0 ssid " "
IFNAME=wlan0 select_network 0
IFNAME=wlan0 enable_network 0
IFNAME=wlan0 reassociate
IFNAME=wlan0 status
IFNAME=wlan0 save_config
Example:
Code:
> IFNAME=wlan0 scan
OK
IFNAME=wlan0 <3>CTRL-EVENT-SCAN-STARTED
IFNAME=wlan0 <3>CTRL-EVENT-SCAN-RESULTS
Command to reassociate to the already connected network every 10 minutes ( or any time interval you want )
Enter entire command after the ADB Shell prompt:
Code:
wpa_cli -p /data/misc/wpa_supplicant -i wlan0 IFNAME=wlan0 reassociate scan_interval 10
The command can be run automatically as a script at boot time to run every 30 minutes as follow:
Code:
watch -n 30 wpa_cli -p /data/misc/wpa_supplicant -i wlan0 IFNAME=wlan0 reassociate scan_interval 10 &
All available commands:
Code:
status [verbose] = get current WPA/EAPOL/EAP status
ifname = get current interface name
ping = pings wpa_supplicant
relog = re-open log-file (allow rolling logs)
note <text> = add a note to wpa_supplicant debug log
mib = get MIB variables (dot1x, dot11)
help [command] = show usage help
interface [ifname] = show interfaces/select interface
level <debug level> = change debug level
license = show full wpa_cli license
quit = exit wpa_cli
set = set variables (shows list of variables when run without arguments)
dump = dump config variables
get <name> = get information
logon = IEEE 802.1X EAPOL state machine logon
logoff = IEEE 802.1X EAPOL state machine logoff
pmksa = show PMKSA cache
pmksa_flush = flush PMKSA cache entries
reassociate = force reassociation
reattach = force reassociation back to the same BSS
preauthenticate <BSSID> = force preauthentication
identity <network id> <identity> = configure identity for an SSID
password <network id> <password> = configure password for an SSID
new_password <network id> <password> = change password for an SSID
pin <network id> <pin> = configure pin for an SSID
otp <network id> <password> = configure one-time-password for an SSID
passphrase <network id> <passphrase> = configure private key passphrase
for an SSID
sim <network id> <pin> = report SIM operation result
bssid <network id> <BSSID> = set preferred BSSID for an SSID
blacklist <BSSID> = add a BSSID to the blacklist
blacklist clear = clear the blacklist
blacklist = display the blacklist
log_level <level> [<timestamp>] = update the log level/timestamp
log_level = display the current log level and log options
list_networks = list configured networks
select_network <network id> = select a network (disable others)
enable_network <network id> = enable a network
disable_network <network id> = disable a network
add_network = add a network
remove_network <network id> = remove a network
set_network <network id> <variable> <value> = set network variables (shows
list of variables when run without arguments)
get_network <network id> <variable> = get network variables
dup_network <src network id> <dst network id> <variable> = duplicate network variables
list_creds = list configured credentials
add_cred = add a credential
remove_cred <cred id> = remove a credential
set_cred <cred id> <variable> <value> = set credential variables
get_cred <cred id> <variable> = get credential variables
save_config = save the current configuration
disconnect = disconnect and wait for reassociate/reconnect command before
connecting
reconnect = like reassociate, but only takes effect if already disconnected
scan = request new BSS scan
scan_results = get latest scan results
abort_scan = request ongoing scan to be aborted
bss <<idx> | <bssid>> = get detailed scan result info
get_capability <eap/pairwise/group/key_mgmt/proto/auth_alg/channels/freq/modes> = get capabilities
reconfigure = force wpa_supplicant to re-read its configuration file
terminate = terminate wpa_supplicant
interface_add <ifname> <confname> <driver> <ctrl_interface> <driver_param>
<bridge_name> <create> <type> = adds new interface, all parameters but
<ifname> are optional. Supported types are station ('sta') and AP ('ap')
interface_remove <ifname> = removes the interface
interface_list = list available interfaces
ap_scan <value> = set ap_scan parameter
scan_interval < 2 > = set scan_interval parameter (in seconds)
bss_expire_age <value> = set BSS expiration age parameter
bss_expire_count <value> = set BSS expiration scan count parameter
bss_flush <value> = set BSS flush age (0 by default)
ft_ds <addr> = request over-the-DS FT with <addr>
wps_pbc [BSSID] = start Wi-Fi Protected Setup: Push Button Configuration
wps_pin <BSSID> [PIN] = start WPS PIN method (returns PIN, if not hardcoded)
wps_check_pin <PIN> = verify PIN checksum
wps_cancel Cancels the pending WPS operation
wps_nfc [BSSID] = start Wi-Fi Protected Setup: NFC
wps_nfc_config_token <WPS|NDEF> = build configuration token
wps_nfc_token <WPS|NDEF> = create password token
wps_nfc_tag_read <hexdump of payload> = report read NFC tag with WPS data
nfc_get_handover_req <NDEF> <WPS> = create NFC handover request
nfc_get_handover_sel <NDEF> <WPS> = create NFC handover select
nfc_report_handover <role> <type> <hexdump of req> <hexdump of sel> = report completed NFC handover
wps_reg <BSSID> <AP PIN> = start WPS Registrar to configure an AP
wps_ap_pin [params..] = enable/disable AP PIN
wps_er_start [IP address] = start Wi-Fi Protected Setup External Registrar
wps_er_stop = stop Wi-Fi Protected Setup External Registrar
wps_er_pin <UUID> <PIN> = add an Enrollee PIN to External Registrar
wps_er_pbc <UUID> = accept an Enrollee PBC using External Registrar
wps_er_learn <UUID> <PIN> = learn AP configuration
wps_er_set_config <UUID> <network id> = set AP configuration for enrolling
wps_er_config <UUID> <PIN> <SSID> <auth> <encr> <key> = configure AP
wps_er_nfc_config_token <WPS/NDEF> <UUID> = build NFC configuration token
ibss_rsn <addr> = request RSN authentication with <addr> in IBSS
sta <addr> = get information about an associated station (AP)
all_sta = get information about all associated stations (AP)
deauthenticate <addr> = deauthenticate a station
disassociate <addr> = disassociate a station
chan_switch <cs_count> <freq> [sec_channel_offset=] [center_freq1=] [center_freq2=] [bandwidth=] [blocktx] [ht|vht] = CSA parameters
suspend = notification of suspend/hibernate
resume = notification of resume/thaw
roam <addr> = roam to the specified BSS
p2p_find [timeout] [type=*] = find P2P Devices for up-to timeout seconds
p2p_stop_find = stop P2P Devices search
p2p_asp_provision <addr> adv_id=<adv_id> conncap=<conncap> [info=<infodata>] = provision with a P2P ASP Device
p2p_asp_provision_resp <addr> adv_id=<adv_id> [role<conncap>] [info=<infodata>] = provision with a P2P ASP Device
p2p_connect <addr> <"pbc"|PIN> [ht40] = connect to a P2P Device
p2p_listen [timeout] = listen for P2P Devices for up-to timeout seconds
p2p_group_remove <ifname> = remove P2P group interface (terminate group if GO)
p2p_group_add [ht40] = add a new P2P group (local end as GO)
p2p_group_member <dev_addr> = Get peer interface address on local GO using peer Device Address
p2p_prov_disc <addr> <method> = request provisioning discovery
p2p_get_passphrase = get the passphrase for a group (GO only)
p2p_serv_disc_req <addr> <TLVs> = schedule service discovery request
p2p_serv_disc_cancel_req <id> = cancel pending service discovery request
p2p_serv_disc_resp <freq> <addr> <dialog token> <TLVs> = service discovery response
p2p_service_update = indicate change in local services
p2p_serv_disc_external <external> = set external processing of service discovery
p2p_service_flush = remove all stored service entries
p2p_service_add <bonjour|upnp|asp> <query|version> <response|service> = add a local service
p2p_service_rep asp <auto> <adv_id> <svc_state> <svc_string> [<svc_info>] = replace local ASP service
p2p_service_del <bonjour|upnp> <query|version> [|service] = remove a local service
p2p_reject <addr> = reject connection attempts from a specific peer
p2p_invite <cmd> [peer=addr] = invite peer
p2p_peers [discovered] = list known (optionally, only fully discovered) P2P peers
p2p_peer <address> = show information about known P2P peer
p2p_set <field> <value> = set a P2P parameter
p2p_flush = flush P2P state
p2p_cancel = cancel P2P group formation
p2p_unauthorize <address> = unauthorize a peer
p2p_presence_req [<duration> <interval>] [<duration> <interval>] = request GO presence
p2p_ext_listen [<period> <interval>] = set extended listen timing
p2p_remove_client <address|iface=address> = remove a peer from all groups
vendor_elem_add <frame id> <hexdump of elem(s)> = add vendor specific IEs to frame(s)
0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), 3: Beacon (GO), 4: PD Req, 5: PD Resp, 6: GO Neg Req, 7: GO Neg Resp, 8: GO Neg Conf, 9: Inv Req, 10: Inv Resp, 11: Assoc Req (P2P), 12: Assoc Resp (P2P)
vendor_elem_get <frame id> = get vendor specific IE(s) to frame(s)
0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), 3: Beacon (GO), 4: PD Req, 5: PD Resp, 6: GO Neg Req, 7: GO Neg Resp, 8: GO Neg Conf, 9: Inv Req, 10: Inv Resp, 11: Assoc Req (P2P), 12: Assoc Resp (P2P)
vendor_elem_remove <frame id> <hexdump of elem(s)> = remove vendor specific IE(s) in frame(s)
0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), 3: Beacon (GO), 4: PD Req, 5: PD Resp, 6: GO Neg Req, 7: GO Neg Resp, 8: GO Neg Conf, 9: Inv Req, 10: Inv Resp, 11: Assoc Req (P2P), 12: Assoc Resp (P2P)
wfd_subelem_set <subelem> [contents] = set Wi-Fi Display subelement
wfd_subelem_get <subelem> = get Wi-Fi Display subelement
fetch_anqp = fetch ANQP information for all APs
stop_fetch_anqp = stop fetch_anqp operation
interworking_select [auto] = perform Interworking network selection
interworking_connect <BSSID> = connect using Interworking credentials
interworking_add_network <BSSID> = connect using Interworking credentials
anqp_get <addr> <info id>[,<info id>]... = request ANQP information
gas_request <addr> <AdvProtoID> [QueryReq] = GAS request
gas_response_get <addr> <dialog token> [start,len] = Fetch last GAS response
hs20_anqp_get <addr> <subtype>[,<subtype>]... = request HS 2.0 ANQP information
nai_home_realm_list <addr> <home realm> = get HS20 nai home realm list
hs20_icon_request <addr> <icon name> = get Hotspot 2.0 OSU icon
fetch_osu = fetch OSU provider information from all APs
cancel_fetch_osu = cancel fetch_osu command
sta_autoconnect <0/1> = disable/enable automatic reconnection
tdls_discover <addr> = request TDLS discovery with <addr>
tdls_setup <addr> = request TDLS setup with <addr>
tdls_teardown <addr> = tear down TDLS with <addr>
tdls_link_status <addr> = TDLS link status with <addr>
wmm_ac_addts <uplink/downlink/bidi> <tsid=0..7> <up=0..7> [nominal_msdu_size=#] [mean_data_rate=#] [min_phy_rate=#] [sba=#] [fixed_nominal_msdu] = add WMM-AC traffic stream
wmm_ac_delts <tsid> = delete WMM-AC traffic stream
wmm_ac_status = show status for Wireless Multi-Media Admission-Control
tdls_chan_switch <addr> <oper class> <freq> [sec_channel_offset=] [center_freq1=] [center_freq2=] [bandwidth=] [ht|vht] = enable channel switching with TDLS peer
tdls_cancel_chan_switch <addr> = disable channel switching with TDLS peer <addr>
signal_poll = get signal parameters
signal_monitor = set signal monitor parameters
pktcnt_poll = get TX/RX packet counters
reauthenticate = trigger IEEE 802.1X/EAPOL reauthentication
wnm_sleep <enter/exit> [interval=#] = enter/exit WNM-Sleep mode
wnm_bss_query <query reason> [list] = Send BSS Transition Management Query
raw <params..> = Sent unprocessed command
flush = flush wpa_supplicant state
driver <command> = driver private commands
radio_work = radio_work <show/add/done>
vendor <vendor id> <command id> [<hex formatted command argument>] = Send vendor command
neighbor_rep_request [ssid=<SSID>] = Trigger request to AP for neighboring AP report (with optional given SSID, default: current SSID)
erp_flush = flush ERP keys
mac_rand_scan <scan|sched|pno|all> enable=<0/1> [addr=mac-address mask=mac-address-mask] = scan MAC randomization
get_pref_freq_list <interface type> = retrieve preferred freq list for the specified interface type
p2p_lo_start <freq> <period> <interval> <count> = start P2P listen offload
p2p_lo_stop = stop P2P listen offload
Uploaded ev_tenderloin-7.1.2-userbuild-2021.12.05.zip (see OP).
Thank you for your great work!
With you our Touchpad is still usable. That's even better when you think of an device like the IPad Mini 1 from 2012 I started to play with which is almost unusable even with jailbreak!
I just found this version and installed it on my touchpad and it works great! Sadly, I use it mostly as an alarm lock more than anything else but it's smooth enough for light browsing if needed. Thanks!
void555 said:
Evervolv 7.1.2 for HP Touchpad (tenderloin)
I have just built it from source, integrated Wi-Fi fixes I made for Amazon Kindle Fire HDX earlier, replaced the Wi-Fi driver with the one from backports-5.9.12-1.tar.gz, and tweaked memory settings. Now it sees more 5 GHz channels, automatically reconnects on connection loss, works properly when AP/router uses the same MAC address for 2.4 GHz and 5 GHz.
Bluetooth works.
The camera more or less works in some applications.
Feel free to test and report bugs.
If you intend to install GApps, I suggest disabling unused "heavy" applications like "Google".
https://androidfilehost.com/?fid=17825722713688247295
Whatsnew:
2021-12-05 Removed "Phone" and "EVUpdater" (waste of RAM), increased per-app
Java heap limits (e. g. NewPipe works now).
2021-11-08 Latest Wi-Fi driver & fixes.
Kernel source:
https://github.com/Evervolv/android_kernel_htc_msm8960.git (branch "evervolv/ng-7.1")
Device tree:
https://github.com/Evervolv/android_device_hp_tenderloin-common.git (branch "evervolv/ng-7.1")
Click to expand...
Click to collapse
Good Day void555
I have two questions, please, recently I owned a hp touchpad, 4.4 kitkat installed, I need to go up for this 7.1 version, do I need to remove the old android or I can wipe it and install this one over. meantime is it same 7.1 four years ago which is on youtube too?
other question how to modify the wifi file inside the system, since you uploaded the kernel staff.
have my regards
zoromask
zoromask said:
Good Day void555
I have two questions, please, recently I owned a hp touchpad, 4.4 kitkat installed, I need to go up for this 7.1 version, do I need to remove the old android or I can wipe it and install this one over. meantime is it same 7.1 four years ago which is on youtube too?
other question how to modify the wifi file inside the system, since you uploaded the kernel staff.
have my regards
zoromask
Click to expand...
Click to collapse
Same here; would like to go from Kit-Kat to 7.1.2 but it's bee a loooong time since I did this.
Molasses said:
Same here; would like to go from Kit-Kat to 7.1.2 but it's bee a loooong time since I did this.
Click to expand...
Click to collapse
Thanks for the reply void555
How about the wifi, do I need to add it inside the touchpad, how to do, please.
My regards
zoromask
zoromask said:
Thanks for the reply void555
How about the wifi, do I need to add it inside the touchpad, how to do, please.
My regards
zoromask
Click to expand...
Click to collapse
I recently re-did the two Touchpads I have left following this guide:
https://forum.xda-developers.com/t/...all-android-roms-with-swap-partition.3901773/
Followed the parts that he has for 'Evervolv 7.1.2 Android Nougat' using the ROM posted here in this thread.
Works great. Tried the Evervolv v9 but got so tired with the constant WiFi instabilities.
Was so happy to find the ROM from this thread released with WiFi fixes. Extremely stable.
Sigster said:
I recently re-did the two Touchpads I have left following this guide:
https://forum.xda-developers.com/t/...all-android-roms-with-swap-partition.3901773/
Followed the parts that he has for 'Evervolv 7.1.2 Android Nougat' using the ROM posted here in this thread.
Works great. Tried the Evervolv v9 but got so tired with the constant WiFi instabilities.
Was so happy to find the ROM from this thread released with WiFi fixes. Extremely stable.
Click to expand...
Click to collapse
Good day void555
Now the thing is, that I flashed it successfully, but the battery is draining fast even though the battery indicator on right top showing full, but suddenly shuts down, you know any explanation for this, I mean what is the reason behind it, please some help if you can.
My regards
zoromask