Related
Hi,
I have a little problem that I am sure there must be an easy solution to!
I have set up a VPN on my Universal to connect to work. The problem is that my work's VPN server allocates me an ip address in the 10.x.x.x address range. All servers that I need to access behind the VPN have addresses in this range as well. Unfortunately, my ISP (T-Mobile UK), also allocates an address in the same range. Therefore, whenever I try to acccess a server at work, WM5 suffers confusion since it doesn't know whether to route the message through the VPN or directly out to the internet through the cellular modem.
I have been able to verify that the VPN thing works if my work network was on a different network address since initially, I was unable to VPN into my PC at home for the reason described above. I changed the ip addresses of all machines on my home network and now everything works fine at home.
Unfortuantely, I am unlikely to convince the IT people at work to change the address of all their machines. Similarly, I don't think I will have much success with T-Mobile and so is there anything I can change at my end to avoid this problem?
Thanks in advance for any help.
Mark
Narrowing the ip address may help, eg 10.0.0.1 is different to 10.1.0.1.
are you using this over wifi or gprs? if the phone provider is involved, I assume its gprs.
you could try and esablish your ip address as fixed rather than part of the pool, so the it guys assign a range for remote connections as say 10.0.0.100 to 10.0.0.150 as remote dial in connections, thus giving you a separate number.
the best way though I would have thought is for you to a fixed ip address known to you and the servers, and then hard type the ip address as your vpn settings, then establish that ip address as part of the exceptions settings.
in order to use exceptions though you have to know the range, or the exact ip address you will be assigned, and must be different to your telco.
not much of a solution, just some suggested areas to look at.
cheers
s.
hi guys, just out of curiosity what software are you using for VPN? on my laptop my company has installed cisco vpn, does it need to be a cisco vpn for wm5?? :?
From bad to worse...
Thanks for the reply Simon.
Unfortunately, I just went to try out some of your ideas and discovered that I can't get the VPN to connect at all now. It used to connect OK but then have routing problems whenever I tried to access anything. And my home VPN worked perfectly. Now, I can connect to neither.
I simply switched over to an O2 sim and with minimal configuration changes could verify that my setup still works OK and so it must be something to do with T-Mobile blocking ports. They weren't blocked yesterday!!!
Yesterday I "upgraded" my GPRS account from T-Mobile's Web'N'Walk to Web'N'Walk Professional and now I find I have this problem. Is this just a coincidence, or could it be that the Pro version has more severe restrictions than the consumer version?
I have emailed Customer Services to see what they have to say.
I will post back when I get a reply from T-Mobile.
mstar, I am no VPN expert, but for me, using a Windows XP hosted PPTP VPN it works after a fashion (above problems excepted!). I am using the VPN client built into Windows Mobile 5. I think you stand a good chance of getting it working using the built-in client.
Mark
I simply switched over to an O2 sim and with minimal configuration changes could verify that my setup still works OK and so it must be something to do with T-Mobile blocking ports. They weren't blocked yesterday!!!
Click to expand...
Click to collapse
I've heard on the grapevine that T-mobile have explicitly refused certain types of traffic on the web-n-walk
VOIP is the biggy...
I was seriously thinking about getting signed up - but no point if IPSEC is a prob, as well as VOIP.
Not sure how they can tell it's Skype traffic :?
http://www.reghardware.co.uk/2006/05/09/t-mobile_bans_voip/
for more info
An Update
An update on my VPN problem. Yesterday after total failure to get the VPN to connect, I emailed T-Mobile customer services.
Although they have not replied, when I tried it this afternoon I found that it was working again as before even though it had not been working first thing this morining. Of course I have not changed anythng at my end to cause it to break and then start working again (but they all say that, don't they!).
So, I don't know whether this was just a momentary fault, or whether T-Mobile have changed something to re-enable the VPN ports for me. I can now VPN in to my home PC, but the problem connecting to my work VPN with the 10.x.x.x address remains.
So, Sikkutz, depending on the address of the remote network, you may or may not be able to get a VPN to work using T-Mobile's Web'N'Walk.
By the way, my VPNs both use Microsoft's PPTP and not IPSec and so there may be different issues with that protocol.
I have discovered that O2 provides a separate acccess point, vpn.o2.co.uk, that causes a public ip address to be allocated to the device, ie not on the 10.x.x.x network. It would seem that this is designed to address this very problem. Does anyone know if T-Mobile can provide something similar?
Mark
There must be a solution
Hi!
I have the same problem with my Qtek 9000 (VPA IV). I can connect to my VPN Gateway but the routing into LAN failed. I get a 10.x.x.x address from Vodafone Germany and my LAN uses 10.98.8.X. :-(
But there must be a solution! My previous Qtek 9010 (VPA III) had the same problem, but it was able to route between the 10.-networks after a firmware-upgrade to version 1.40.01! But I don't no why!
What was changed in firmware to enable routing???
Daniel
i have the same issue aswell, I am reluctant to change the IP range of my machines as that usually causes trouble for the servers
Any other ideas?
Thanks
maybe stupid thing, but did you guys try dna forwarding (that is what I use from home office, not on pda to be honest..
Maybe I just did not get your point....
What kind of VPN server do you use? I'am using a Cisco PIX and use a PPTP VPN almost everyday. I can use the 10.1.x.x network at the location the PIX is located (this PIX is directly connected to the 10.1.x.x network).
I can't however use any of the remote offices using 10.2/10.3.x.x etc.
This is becaus of the lack of routing abilities in the PPTP implementation.
With an IPSEC tunnel (additional software needed) the remote offices can be reached without any problems.
I know that some IP implementation disallow routing between a public address and any 10.x address. To solve this you could give your VPN clients an address from a 10.x subnet .
hi sorry been away awhile,
I use the routing and remote admin snapin of Windows server 2003 to manage my VPN, I can connect fine using the phone as a modem with my notebook but as soon as I try accessing any URL/resource on my network it fails, e.g. we have a intranet site on http://servername but it wont open this up.
Any Ideas?
Anyone get these two to play nice together?
Details:
Cisco PIX 501e at the office
WM6 3g phone (HTC TyTn II)
vista/xp laptop (working properly on either would be great right now )
VPN setup on the pix is, i believe, fine. I could be wrong tho, i set it up by trial and error + reading the manual having never even touched a cisco device before
It works tho and has worked flawlessly for months now with Cisco VPN Client on XP or Vista machines.
Old phone was WM5 and used the clunky and annoying modem emulator to enable a laptop to use it to connect to intarwebs in the middle of nowhere, this was great and after faffing about getting it setup worked fine (required you to be logged in as administrator on vista tho :\ and not just a user account with admin privileges, actually administrator. Annoying.)
New phone is WM6 and uses internet sharing to connect with a laptop, this is a much better solution with no faffing about in vista and XP
Problem: Cisco VPN client connects to the pix through Internet Sharing on the phone just fine, however no traffic gets through.
Cannot ping, web browse, dns, rdc or anything to the network at work. Tried with Cisco VPN client v4.6.00.0049 and v5.0.01.0600 on XP and v5.0.00.0340 on Vista, none work.
This sucks
Now, i know its not a problem with the laptop or the vpn software on the laptop as these work fine when connected over ethernet or wifi.
Its not a problem with the phone's 3g connection, i installed a trial of bluefire vpn client onto it and that connects to the vpn and works just fine when the phone is in standalone mode.
However for the life of me i cannot get the two bloody things to work together.
Plz halp
Hi,
Often times, the inability to ping a local host (computers or other connected devices e.g router, hardware firewall, printer, PPC, etc) or hosts, is due to the firewall not allowing traffic through the router. It can also be that the hosts are incorrectly configured to be on different subnets, even though they are local, as in your own case.
Proceed as follows to troubleshoot:
a). Ping the router
Note that the idea is to see if we can establish communication with the router or hardware firewall such as the Pix.
At command prompt (c:\>) type:
ping 192.168.0.1
(each router manufacturer uses a different default internal IP address for its router) - the one above is for a Netgear or D-Link router - for a Cisco router, you would need to know the Cisco IOS command - see your router manual for this.
b). ipconfig /all
Note: there is a space before the forwardslash.
When it returns the parameters, check to see that the IP addresses are all on the same subnet.
This is crucially important for you to take good note. If you are not able to ping a local host or gateway, it's most likely due to this.
c). Ping the Pix Firewall (using its IP address)
d). Ping a remote IP address, e.g. your ISP's gateway or DNS server
e). Is there traffic? If it returns successfully, then ping the other hosts, including the VPN client.
Pix Firewall
Check to see that the Access Control List is configured correctly by ensuring that the IP addresses of the connected hosts have been entered, with the relevant access rights.
Router
Log on to the router. Whilst there:
Ensure that the hosts (computers, etc) are all on the SAME subnet. If they are on different subnets, you must correct the IP addresses to reflect that they are on the same subnet.
Note: If you do really want them to be on different subnets, then you need to use a default gateway.
Hope this helps.
kiwi992.
My searches on the web haven't yielded much help or information so I thought I would come to the experts...
I have a Treo 750 that I just "upgraded" to WM6 2 days ago. I noticed that DUN has gone away and was replaced by ICS. After configuring my laptop to use that instead of DUN I connected and was surfing the web. My problem now is VPN. I travel frequently (luckily I'm in the office until Jan.) and regularly used my phone to connect to the corporate network via VPN. I also work with a lot of other companies and have VPN access to their systems as well. Basically now I can open my Cisco VPN client, connect to a VPN gateway, authenticate, get assigned all the appropriate IP information, but cannot communicate on the network. What gives? Is there a solution to this? If not, what the heck was MS thinking when they did this!? My phone is basically useless for one of the major reasons I bought it...
Any help is appreciated!
thanks!
Ok, further searches found that DUN can be added back into WM6 via a cab that was posted here at the XDA forums. I installed it and the DUN service is now visible again. I unpaired by phone and laptop, re-paired, and included DUN. Now when I try to connect, I get the DUN connection box after the bluetooth connection is initiated but when I click DIAL I get the DIALING... prompt, followed by Error 678: The remote computer did not respond.
Anybody get this working on a Treo 750? Thoughts, ideas suggestions?
What is the ip address you are getting via the cisco vpn client
It maybe that it is in the same subnet as the ip address assigned to the pc from the wm6 ics. The ICS gives the address 192.168.0.1. and if your Cisco is also giving a 192.168 address then you will have two routes for the 192 address range thus giving you the problem when accessing hosts.
If this is the problem Im pretty sure you can change the address allocated via the ICS using a registry editor. If not you may be able to get work to use a different range for you on the cisco vpn.
Our corporate network is 172.x.x.x so it's nowhere near the 192.168.0.x assigned by the phone. When I look at the route in the VPN client I see 192.0.0.0, 10.0.0.0, and 172.0.0.0 so I am assuming 192 is my laptop, 10 is the phone, and 172 is the corporate network.
I'm guessing NATing is the problem. I've been reading that if I use a different APN (isp.cingular instead of wap.cingular) there is no NATing. I've tried both, and I've tried turning off and on the "force AT&T" proxy setting to no avail.
Tried the DUN cab hack that is floating around for WM6 also. The service is active again and I can also add Modem Link back in and my laptop sees my Treo as a modem but when I dial I get an error stating the remote computer did not respond. I'm guessing along with going from WM5 to WM6 AT&T also updated the radio so the old communications protocols don't work anymore?
Hello Sir,
I have exactly the same problem... I have successfully connected via VPN, however unable to communicate with any devices on that network... Then what is the use of VPN on the phone? I've tried searching online for answers, but no luck... People are having the same problem but no one knows how to solve it... I'll try and trouble shoot this problem more as soon as my exams are done...
Hi
Working successfully for me. I am using Imate jasjam wm6. Pc using cisco client connecting via ics on phone. I have telstra 3g connection tested ok on both telstra.internet (Nated ip) and telstra.extranet (real ip).
You are correct it may be an nat issue. Can you check that your transparent tunnelling is on as follows: right click on your connection entry in cisco client and select modify then transport tab. Check that enable transport tunneling is enabled ipsec over udp(Nat/pat).
The other thing to check is that the cisco vpn server aslo has transport over Nat on as well.
Also are you sure your corporate ip range is 172 or is that the range given by the cisco vpn to clients.
Transport tunneling is on (always was). I'll have to check with our network admin and check on the VPN server setting...I guess as long as I have connectivity back to the office, I don't need it that badly for all the customers I need to connect to at various times.
Yep, positive on the corporate IP. Right now it is 172.28.1.87 and I'm in the office.
Thanks for the help so far. Got any other suggestions on how I can troubleshoot further?
One other thought...should I modify the registry on the phone to assign a different IP address to my laptop? Would that help?
Same Problem
MX. I am having the exact same issue but with Securemote VPN. I've looked through the registry and found the assigned address, but I'm wary of changing anything until I can find some more information.
Anyone out there ever change the DHCP configuration for their phone?
Somewhat related question?
Im attempting to route my connection on my mobile through a laptop acting as a wan bridge, then uplinking it into the router. The issue Im having is that XP and WM6 both use the same IP Block. Ive read and read and cant find much to tell me how to change the WM6 IP BLock to something like 192.168.2.1 rather than the default 192.168.0.1
Does anyone have any pointers? Ive looked through the registry. There MUST be a simple way to change a default.
To clarify my setup, I am using ICS Via USB into a UMPC laptop running XP. The UMPC is set to share that same connection back out over Ethernet. The ethernet runs into my WAN Uplink on the router and then back out via wifi/rj-45
This setup works as I have done it using Wifi with other networks, and I can chose the "Lan3" to share under the advanced settings on the UMPC. The reason I dont just share out via Wifi from the start is that Wifi on my Kaiser and Raphael both make the device to hot to charge, thusly killing the battery within a couple hrs of sharing. If I share via USB , it stays pretty cool and still charges.
Anyone have any pointers?
I have already tried tricking XP into using the Lan on another block but as soon as you try to share the USB lan, it reverts back to the 192.168.0.1
The only way I can imagine is a registry modification or a program change in ICS.
Thanks Much!
Hi everyone,
I would like to connect to my laptop next room from local network. I can connect perfectly when I type in my IP address into the first textbox (Computer), but I can't connect when I type in my Computer Name (full computer name) instead. I tried MyPCName as Computer, \\MyPCName as Computer, forwarding port 3389 to my IP, leaving domain name empty, putting in my workgroup name as a domain, putting in my computer name as a domain, putting in myPCName\MyUserName as Username, \\MyPCName as Computer, still the same. It won't connect unless I put in the IP address. I would like to do this since my workplace assigns a different IP to my laptop then I assign at home, but naturally I have the same computer name at both places, so I would like to have a permanent setting for both places.
I'm running Windows 7 64 bit on my laptop and 1.66.405.2 ROM on my HTC HD2.
Many thanks in advance.
can you connect to it ok using another computer? might be a dns issue at a guess...
I can connect from other computers fine. Also on my HD2 I can see the host names of PC's under Resco Explorer and map them. However, remote desktop mobile refuses to work with the Computer Name. I can ping my Laptop's IP and also Computer name from pingbox2. Only in Remote Desktop Mobile there is a problem.
windows 7 by default blocks remote desktop connections from different versions of remote desktop. if you right click computer and select properties, then choose remote settings on the right hand side and select the middle option (accept connections from all verions of remote desktop). havent tried this my self but it solves most issues when using different versions of windows
OK, I sort of figured it but would still appreciate some help. Here is how I got it to work:
I had OpenDNS IP under DNS settings for wireless adapter. I deleted them. If I don't do this, pinging my computer name from HD2 always brings 67.215.65.132, which is opendns and not my true local IP, i.e. 192.168.x.x. I also had to disable the data connection (3G) and only have wireless. If I don't disable 3G, I can only connect with IP and not computer name. Only after doing these 2, when I pinged my computer name, I got the true local IP and I was able to connect with Remote Desktop Mobile using computer name. Now my question is:
1- I don't want to quit using opendns, is it possible?
2- I don't want to disable 3G connection every time, is it possible?
thanks in advance.
For me it works with MyPCName in computer and empty domain, both for XP and 7.
Something seems strange with your phone's networking configuration. At a guess (and this is a long shot), I would check your VPN settings on your phone to make sure you're not connecting to a different domain over 3G as this might explain why it works when you turn off the data connection on the phone and why it works by IP address.
As I said though, it's a long shot and is the only thing I could think of that fits your particular symptoms...
ozkaya said:
OK, I sort of figured it but would still appreciate some help. Here is how I got it to work:
I had OpenDNS IP under DNS settings for wireless adapter. I deleted them. If I don't do this, pinging my computer name from HD2 always brings 67.215.65.132, which is opendns and not my true local IP, i.e. 192.168.x.x. I also had to disable the data connection (3G) and only have wireless. Only after doing these 2, when I pinged my computer name, I got the true local IP and I was able to connect with Remote Desktop Mobile using computer name. Now my question is:
1- I don't want to quit using opendns, is it possible?
2- I don't want to disable 3G connection every time, is it possible?
thanks in advance.
Click to expand...
Click to collapse
about the open dns issues, I suspect that can be solved by making sure your router lets the incoming connection into your home network (you say it resolves to 66.whatever when open dns is used, shouldn't be a problem do long as you don't forget that will be your home ip address so that connection will neef to be allowed through the router and then forwarded by your routers virtual server (our whatever your router software calls out) to your laptops internal ip address.
as for the 3g it should use wifi over 3g by default..... mine certainly does, no need for me to disable it.
tomallen35 said:
Something seems strange with your phone's networking configuration. At a guess (and this is a long shot), I would check your VPN settings on your phone to make sure you're not connecting to a different domain over 3G as this might explain why it works when you turn off the data connection on the phone and why it works by IP address.
As I said though, it's a long shot and is the only thing I could think of that fits your particular symptoms...
Click to expand...
Click to collapse
I think you're right, when the 3G is on (and also Wifi on), Resco shows computers from all around the country when I click computers near me and not my local network. When only wifi is on I can see my local computers. 3G probably has precedence over Wifi? How can I correct this?
samsamuel said:
about the open dns issues, I suspect that can be solved by making sure your router lets the incoming connection into your home network (you say it resolves to 66.whatever when open dns is used, shouldn't be a problem do long as you don't forget that will be your home ip address so that connection will neef to be allowed through the router and then forwarded by your routers virtual server (our whatever your router software calls out) to your laptops internal ip address.
as for the 3g it should use wifi over 3g by default..... mine certainly does, no need for me to disable it.
Click to expand...
Click to collapse
But the 66.whatever address is generic openDNS lookup IP and same for everyone. Are you suggesting me to route this IP to my local IP, i.e. 192.168.x.x? Oh, one more thing, I can also connect when 3g and wifi are both on, but only through computer's IP and not computer name. Can you connect with computer name while both are on and connected?
when your phone does a dns lookup on the name it resolves to the open dns assigned address (not the same for everyone, otherwise the open fns system wouldn't work) so to connect to your computer the phone sends its request to open dns who forward that request to your current actual address.at home that address is your home ip address BUT it isn't your laptops address it is your routers address.(stop reading here if you don't have a router).
so the router needs to be told "if you get a connection request in port (whatever the remote desktop port is) please forward it to (laptop ip address)
its called port forwarding in some routers, virtual server in others.
samsamuel said:
so the router needs to be told "if you get a connection request in port (whatever the remote desktop port is) please forward it to (laptop ip address)
its called port forwarding in some routers, virtual server in others.
Click to expand...
Click to collapse
You're mixing up things a bit - he's not using dns but the computer netbios name. The point is that he has wifi on and connected as well as 3G, thus with an "intranet" ip address on Wifi... so the program/phone should be looking up the name on that connection, where it would find it, instead of looking up over the 3G connection. As the netbios protocol is not routable, it has no chance of finding the computer name over 3G/internet and back home, even with port mappings.
kilrah said:
You're mixing up things a bit - he's not using dns but the computer netbios name. The point is that he has wifi on and connected as well as 3G, thus with an "intranet" ip address on Wifi... so the program/phone should be looking up the name on that connection, where it would find it, instead of looking up over the 3G connection. As the netbios protocol is not routable, it has no chance of finding the computer name over 3G/internet and back home, even with port mappings.
Click to expand...
Click to collapse
you're totally right, I have a router and its port is forwarded to my laptop IP, but this is only good (and works well too) when I want to connect from Internet to my local network. I tried OpenDNS exceptions for VPN and defined an exception named as MyComputerName but it didn't work. Then I tried a dyndns solution, but it only works for external connections and not local network, i.e. it can't map local IP's. What I need is a dynamic client which can update my local IP.
I also tried to edit hosts entry in the registry with MyComputerName. It works for a single IP, but I'm not sure if I can write multiple IP adresses (my work and home local IP) into that. If I could maybe everything would be OK.
I've just tried a couple of things and it really works fine for me. If I connect Wifi only, I can remote desktop with the computer name. If I then connect data connection, it still works. Disabling wifi and obviously it doesn't work anymore. Re enabling wifi, it doesn't work at first, but does again after ~30 seconds once the netbios protocol has done its host lookup procedures.
There simply shouldn't be anything special to do.
kilrah said:
I've just tried a couple of things and it really works fine for me. If I connect Wifi only, I can remote desktop with the computer name. If I then connect data connection, it still works. Disabling wifi and obviously it doesn't work anymore. Re enabling wifi, it doesn't work at first, but does again after ~30 seconds once the netbios protocol has done its host lookup procedures.
There simply shouldn't be anything special to do.
Click to expand...
Click to collapse
thank you very much for your time, I appreciate it. You're right in that waiting a bit resolves the issue (it's a bit more than 30 secs for me that's why I thought it wasn't working when 3G is enabled) but only when OpenDNS is not used. I assume you don't use OpenDNS, right? Once I put that one into equation, it takes over NetBIOS protocol and returns its IP instead of the local IP(192.168.x.x). As far as I understand, DNS lookup has precedence over NETBIOS and if the name is not found in DNS it consults NETBIOS protocol. However OpenDNS has this nice "feature" where it finds the name with its own IP. There are several posts about this on its webpage and they say to either disable the typo correction or put exceptions for Netbios names, but sadly none of them works for me right now.
Nope, no OpenDNS, never actually heard of it.
How does it work? Do you enter their DNS server address in the network settings of your pc/phone, or is it an app you run?
you click Start/Settings/All Settings/Connections/Wifi/First Button/Switch to Network Adapters tab/Select Broadcom 802.11 DHD Network Adapter/Switch to Name Servers Tab/Type in 208.67.222.222 for primary DNS and 208.67.220.220 for secondary DNS, click OK. that's all. Could you try if it's not so much trouble? Thanks.
OK, remote desktop doesn't work either with the OpenDNS servers in.
I'm pretty sure it must be a limitation of the remote desktop app itself, as resco explorer can still navigate and/or discover the network shares of my other PCs with no problem. NBTStatCE also finds everybody.
Wouldn't even surprise me, as that Remote desktop mobile has always been troublesome. I don't remember exactly, but in the WM5 days it was pretty much impossible to use on a local network due to a weird handling of names... if I remember well all "local" (NetBIOS) addresses without a '.' entered in the remote desktop app would be redirected to the "Work" connection, while "remote" ones with a period would be directed on the "Internet" connection. As a network card can only be defined as one of them, if you wanted it to work in both cases through Wifi you had to switch the card from Work to Internet and back all the time. And of course when it's on Work it breaks some other things that use the default system handling like mail.
How do you do this? I have just been reading up on this and apparently it is very easy to get hacked or for someone to see what you are doing when you are connected to a hotel connection. I am going on vacation in about a month and plan on using my laptop on the hotel network. From the research I have done it seems like a VPN is my best bet? Anyone know about this stuff? I just don't want my passwords and credit card info getting swiped.
Use OpenVPN and tunnel all of your laptop's traffic to a secure remote location, or better yet, to a computer at your own home that has the OpenVPN server setup properly.
This will make it very difficult for anyone to see what you are doing.
Or, tether your phone's internet if that is a possibility for you and then use OpenVPN on your phone's tether if you're still worried.
DIY
If you're running Windows you can make your Windows computer a VPN server really easily. Here's how.
Windows XP
http://www.onecomputerguy.com/networking/xp_vpn_server.htm
Windows 7
http://www.windows7library.com/blog/networking/a-quick-vpn-server-using-windows-7/
Then you need to go into your router and forward port 1723 for VPN traffic to the computer you just set up this VPN server on. Do a search on the brand name of your router plus 'incoming vpn port forward'
Once that's set you'll need a Dynamic DNS service so that you can access it over the Internet by name, even if your IP address at home changes. You can set this up for free here.
http://dyn.com/dns/dyndns-free/
Of course if you're on a Mac I can't help you there lol, I'm not a Mac guy.
Last up, if you're at a hotel, VPN connections don't always work coming out of a hotel due to cheap/crappy setups. To PoisonWolf's point, having tethering on your phone is always a great backup in case the hotel's Internet access isn't good.
B