Anyone else having trouble with att tilt vpn over edge? I've had several smartphones in the past, the last being tmobile wing, and have never had any problems creating a vpn connection with url exceptions. With this new tilt it seems like I can connect the vpn only over wifi, it does not attempt to connect to the vpn when just using edge. I've reset the device several times both with and without the att customization.
Any ideas for this problem would be appreciated.
Thanks,
-J
TILT VPN Connection problems
I have been trying to make VPN connections over EDGE and 3G also. I find that the connection does get made if I connect manually, but as soon as I try to access something through IE, RD or Opera, it drops the connection. I have seen the connection maintained for up to a minute, but I cannot access anything.
I called ATT yesterday early afternoon. At that point the CSR was a proxy for the tech dept and told me to call HTC. I contacted HTC tech support and they were convinced it was an att softwae problem since the url exceptions worked correctly over wifi.
I called back ATT last night, got a csr who xfer me to a tech rep. He walked through the steps and provisioned isp.cingular apn to see if that would work. It did not. He then sent me to advanced network services where I got someone who definately was either not having a good night or had no intention of actually working that night. After his xfer to a bad extension, I called back to a csr, who then semi-understood the situation ( she was actually excellent help at the time for not being a tech person ) She put me with another advanced network services tech ( the first time she called advanced tech services she was hungup on by the same "Steve" I had encounted a few minutes earlier. Nice work Steve) who walked through the settings a few times, and then suggested I try another tilt at an att store.
Unfortunately it seems as though noone I've talked to yet has a grasp on url exceptions or what a vpn is? Noone from ATT or HTC seems to understand that its the software that's not trying to even attempt to connect to the vpn. I would be fine if it was my problem, vpn wise. I'm sure they're just doing their jobs but it's a little frustrating to pay $550 for a phone to have it no do something your other htc phone was doing last week. Anyways thats where I'm at now. I will try to go to an att store tonight and see if it works on another phone. I'm curious to know if anyone with the regular kaiser ( with the front camera ) is having a similar problem.
-J
Round 1
I called ATT yesterday early afternoon. At that point the CSR was a proxy for the tech dept and told me to call HTC. I contacted HTC tech support and they were convinced it was an att softwae problem since the url exceptions worked correctly over wifi.
I called back ATT last night, got a csr who xfer me to a tech rep. He walked through the steps and provisioned isp.cingular apn to see if that would work. It did not. He then sent me to advanced network services where I got someone who definately was either not having a good night or had no intention of actually working that night. After his xfer to a bad extension, I called back to a csr, who then semi-understood the situation ( she was actually excellent help at the time for not being a tech person ) She put me with another advanced network services tech ( the first time she called advanced tech services she was hungup on by the same "Steve" I had encounted a few minutes earlier. Nice work Steve) who walked through the settings a few times, and then suggested I try another tilt at an att store.
Unfortunately it seems as though noone I've talked to yet has a grasp on url exceptions or what a vpn is? Noone from ATT or HTC seems to understand that its the software that's not trying to even attempt to connect to the vpn. I would be fine if it was my problem, vpn wise. I'm sure they're just doing their jobs but it's a little frustrating to pay $550 for a phone to have it no do something your other htc phone was doing last week. Anyways thats where I'm at now. I will try to go to an att store tonight and see if it works on another phone. I'm curious to know if anyone with the regular kaiser ( with the front camera ) is having a similar problem.
-J
Sorry for that last double post. I did go back to the att kiosk again today and tried another tilt, which had the same results. I decided to return the one I had purchased and think i may try the regular htc kaiser with the front camera.
If anyone can verify that that version of phone works with pptp, that would be great.
From your last message I tried a few other things and I too was able to manually connect ( even get a prompt for login credentials to the vpn ) however the IE still will not try to connet with the url exception or keep the vpn connection open after IE is opened.
It's sad to think the att tilt is not working in thie regard. It takes away quite a bit of functionality for those who do use the vpn feature.
-J
PIE will "ignore" exceptions for work connection using EDGE
I see similar problem with 8525 at&t WM 5.0 device (HTC Hermes) exact version Microsoft ® Windows Mobile™ Version 5.0 with the Messaging and Security Feature Pack. 5.0 OS 5.1.478 (Build 15706.3.5.2)
PIE will "ignore" exceptions for work connection using EDGE. However other applications like “ActiveSync” and “Terminal Service Client” work properly.
If Wi-Fi connection used for Internet, PIE as well works properly.
FYI on previous device 8525 Cingular
Microsoft ® Windows Mobile™ Version 5.0 OS 5.1.195 (Build 14955.2.3.0)
work exceptions works with PIE
it continues...
I ordered htc kaiser, had it shipped opened it, configured, and the results were.....
it would use work exceptions as it should, dialing the vpn when using PIE and calling trying to access a host in the exceptions list.
It did not however want to connect to the host even after establishing a connection with the vpn server.
I dont know why, but I thought of checking the ip address with PocketLan on the gprs interface. The ip address was a 10.x.x.x but the kicker was the subnet mask using 255.0.0.0. That may cause a problem with routing as my vpn tunnel is not a full 10/8 but still a 10/16. Anyway I decided to try the online tech chat and spoke with "Marcus"
I asked if there had been any changes in the last month or so on as far as ip address scopes using wap.cingular He said yes. I'm still not sure if that was actually the case or not . I went ahead and upgraded to the pda connect unlimited to use the isp.cingular, as the "pda personal max" just uses wap.cingular.
I had to connect several times with the isp.cingular to have the connection get a public ip address rather than a nat'd 10.x.x.x. It DOES now work properly with url exceptions, connecting the vpn, the whole ball of wax with isp.cingular
Unfortunately I had already returned the ATT Tilt so I dont have any way to test if it was the att software causing it or not. If anyone would like to let me borrow one for a few days we can do that
I am going to test with another vpn connection using a 192.168 or 172.16 etc. ip scope and see if it works with wap.cingular getting a 10.x.x.x address.
Anyways, thats it for now. I'll post again after the vpn test with the different scope.
Thanks,
-J
Today I setup a vpn server with a 192.168.x.x scope. Using wap.cingular i was able to connect to the vpn and hosts within the vpn.
I tried again to connect to the 10.x.x.x vpn and try to edit the routing table using the PocketLan but each time I try to edit something it returns an error.
I'll have to try to find another utility or see if there a way to edit the routing table.
I'm hoping theres a way to change the default route for the 10.x network.
Here's some of the info when connecting over a wap.cingular connection
ip: 10.67.x.x
gateway: 10.67.x.x ( same as ip address )
subnet mask: 255.0.0.0/8
DNS: 66.209.10.201, 66.102.163.231
WINS: 10.11.12.13, 10.11.12.14 ( kind of hard to imagine any reason for wins entries? 10-11-12-13 seems like they may just be fake address. I dont know how window mobile does it's resolution, but that doesnt seem like it would be in the customers interest to be pointed to non-existant wins, if thats what they are. This may just be place holder entries for the PocketLAN software?)
Here's some of the info when connecting over a isp.cingular connection
ip: 166.128.x.x
gateway: 166.128.x.x ( same as ip address )
subnet mask: 255.255.0.0/16
DNS: 209.183.48.11, 208.183.48.10
WINS: 10.11.12.13, 10.11.12.14 ( same comments as before )
See Arin Whois for this netblock
OrgName: Service Provider Corporation
OrgID: SPC-10
Address: 442 Route 202-206 North
Address: # 485
City: Bedminster
StateProv: NJ
PostalCode: 07921-0523
Country: US
NetRange: 166.128.0.0 - 166.255.255.255
CIDR: 166.128.0.0/9
NetName: NETBLK-CDPD-B
NetHandle: NET-166-128-0-0-1
Parent: NET-166-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.WIRELESSDATASPCO.ORG
NameServer: NS.CDPDSPCO.ORG
Comment:
RegDate: 1993-07-09
Updated: 2005-01-07
RTechHandle: WDSPC-ARIN
RTechName: WDSPCo Helpdesk
RTechPhone: +1-215-489-7599
RTechEmail: [email protected]
OrgTechHandle: WDSPC-ARIN
OrgTechName: WDSPCo Helpdesk
OrgTechPhone: +1-215-489-7599
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2007-11-02 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
I just thought of testing tracreroutes form both isp and wap.cingular. It does then show the problem with the ip information when trying to route.
When using the tilt though at first, none of this seemed possible at the time ( as I thought I was going a little nuts ) since the url exceptions never seem to attempt to connect to the vpn at all. As if the exceptions were ignored when using anything except WIFI.
Thats it for now. Post something new later.
-J
jakedahs,
Very informative. Looks like its' been a few weeks. New insights?
Best,
Things are still working good with the kaiser and the isp.cingular. I haven't come across another ATT Tilt again to test it out again. Any other things you can think to test to put on this forum?
Thanks,
-J
LOL! I'm so far behind, I don't have a clue.
Tilt and VPN PPTP
jakedahs said:
I called ATT yesterday early afternoon. At that point the CSR was a proxy for the tech dept and told me to call HTC. I contacted HTC tech support and they were convinced it was an att softwae problem since the url exceptions worked correctly over wifi.
I called back ATT last night, got a csr who xfer me to a tech rep. He walked through the steps and provisioned isp.cingular apn to see if that would work. It did not. He then sent me to advanced network services where I got someone who definately was either not having a good night or had no intention of actually working that night. After his xfer to a bad extension, I called back to a csr, who then semi-understood the situation ( she was actually excellent help at the time for not being a tech person ) She put me with another advanced network services tech ( the first time she called advanced tech services she was hungup on by the same "Steve" I had encounted a few minutes earlier. Nice work Steve) who walked through the settings a few times, and then suggested I try another tilt at an att store.
Unfortunately it seems as though noone I've talked to yet has a grasp on url exceptions or what a vpn is? Noone from ATT or HTC seems to understand that its the software that's not trying to even attempt to connect to the vpn. I would be fine if it was my problem, vpn wise. I'm sure they're just doing their jobs but it's a little frustrating to pay $550 for a phone to have it no do something your other htc phone was doing last week. Anyways thats where I'm at now. I will try to go to an att store tonight and see if it works on another phone. I'm curious to know if anyone with the regular kaiser ( with the front camera ) is having a similar problem.
-J
Click to expand...
Click to collapse
I too am having issues with my Tilt and VPN. So when I got the Tilt 10 days ago, I had a blackberry 8300 (Curve), when i left the store they had me on the same BlackBerry Data plan. The VPN worked fine - Perfectly in fact. A few days later when I questioned why I was still using a blackberry plan the CSR at AT&T said I should be on a PDA data plan and changed my service. After that the VPN stopped working. I contacted AT&T chat support and also called their complex data device support department and after changing a bunch of settings on the phone they finally gave up and said they could not support the VPN option. Nice Huh?
When I get home I am going to try connecting over WiFi and trying the VPN. This should tell me if the routing / VPN issue is related to traffic over AT&T or if there is something wrong with the phone.
Additionally, when the VPN worked it used to show a " balloon status " telling me VPN was connecting. Now it no longer does that. Even if I do force the VPN to connect and then try to use the connection is disconnects immediately.
I'm guessing you're going to have the same result. If you'd like we can run through some tests using different scopes of vpn's. I'd be interested in trying the tilt again since I know the kaiser I have works ok and I'm not crazy
VPN
jakedahs said:
I'm guessing you're going to have the same result. If you'd like we can run through some tests using different scopes of vpn's. I'd be interested in trying the tilt again since I know the kaiser I have works ok and I'm not crazy
Click to expand...
Click to collapse
What kind of tests were you thinking?
wap.cingular - isp.cingular / netowrk settings
jakedahs said:
I ordered htc kaiser, had it shipped opened it, configured, and the results were.....
it would use work exceptions as it should, dialing the vpn when using PIE and calling trying to access a host in the exceptions list.
It did not however want to connect to the host even after establishing a connection with the vpn server.
I dont know why, but I thought of checking the ip address with PocketLan on the gprs interface. The ip address was a 10.x.x.x but the kicker was the subnet mask using 255.0.0.0. That may cause a problem with routing as my vpn tunnel is not a full 10/8 but still a 10/16. Anyway I decided to try the online tech chat and spoke with "Marcus"
I asked if there had been any changes in the last month or so on as far as ip address scopes using wap.cingular He said yes. I'm still not sure if that was actually the case or not . I went ahead and upgraded to the pda connect unlimited to use the isp.cingular, as the "pda personal max" just uses wap.cingular.
I had to connect several times with the isp.cingular to have the connection get a public ip address rather than a nat'd 10.x.x.x. It DOES now work properly with url exceptions, connecting the vpn, the whole ball of wax with isp.cingular
Unfortunately I had already returned the ATT Tilt so I dont have any way to test if it was the att software causing it or not. If anyone would like to let me borrow one for a few days we can do that
I am going to test with another vpn connection using a 192.168 or 172.16 etc. ip scope and see if it works with wap.cingular getting a 10.x.x.x address.
Anyways, thats it for now. I'll post again after the vpn test with the different scope.
Thanks,
-J
Click to expand...
Click to collapse
Since they had me change my plan and settings around I called and confirmed that I now have the PDA Connect Unlimited plan. However, in the phone's connection settings what should the two network and subsequent individual network setting be? Mine was set to Media Net and Media Net.
I tried setting it to ATT ISP but it still did not work.
I just use isp.cingular all the time. Have you created work url exceptions for your vpn connection? The problem I was having when I had the tilt is even though I had the exceptions it would never attempt to dial the vpn when going to a web site on the vpn network. I'm thinking it may have been ATT that cripled the phone somewhat. The regular HTC Kaiser I have now works fine.
VPN - TILT
So I confirmed that if I use my WiFi connection the VPN works perfectly.
There is some issue with routing over AT&T data network. I tried chatting with their online chat support and they could not give me the settings I needed. It was clearly beyond their scope of knowledge. I will try calling their complex data support department to see if I can get the right settings.
How can a company offer data services and not understand their own network?
Vpn - Tilt - Settings
I found this posting at the cingular.com forum.
Since I need to call tomorrow to confirm my provisioning and my data plan subscription I cannot tell if they will work but I thought I would make the info public.
Here's what I've done to VPN using L2TP successfully... (someone else)
- Have PDA Unlimited Plan
- Call to have your account "provisioned" to use isp.cingular
- Create a new connection using the isp.cingular settings
- Configure device to always use that connection
- Create a new VPN connection
- Import appropriate certificates (if necessary)
- Disable (preferably remove) Proxy settings in Registry
- Create an Exception list for Intranet addresses
- Configure device networks to use isp.cingular for Internet access and vpn for 'Your Work/Intranet' network
One thing I have noticed is that if I let the device connect automagically to VPN, it will disconnect after a short period of inactivity. If I manually/force connect to VPN, it stays that way until I disconnect session.
I can connect either via 3G or Edge with no issues/problems.
VPN Access over anything on the tilt would be nice
I am unable to either one of my 2 vpn's using any connection configuration. I It seems like it wants to connect but then gives me an error msg telling me to check username and password.
Can anyone shed anylite what I'm doing wrong?
Tilt Vpn over Edge
With a little patience i figured it out! if you connect to your VPN first and then go to IE it will disconnect you. But if you go to IE, Opera, whatever first and then go to the address that you have in your exception list the tilt will connect to MediaNet and then connect to your VPN server and work!
I've had the captivate about 24 hours now and dig it. I've rooted it and remove the att bloatware (per titanium backup), I've also performed a backup using Rom Manager.
I'm having trouble getting it up and running on an enterprise wireless what uses 802.1x PEAP authentication. I can get through all the auth. steps, and the device is assigned an IP, but I am unable to do anything that requires an internet connection; browser, market, etc.
Has anyone else ran into this issue?
*****EDIT*****
sigh i just realized that this is in the wrong area, it should have been over in development...i'm an idiot
I had a similar problem on a WEP-encrypted network, which I fixed by setting a static IP on the phone and then setting it back to DHCP (the correct setting). However, your problem could be entirely different than mine (not that I even am sure what my problem was, just that I fixed it!)
Best of luck!
Having the same problem on enterprise access points regardless of encryption. Home wifi netwroks work great (open and WPA2). Enterprise APs (open and WEP) connect and give me an IP, but will not transfer data. Think its a driver issue with the Wifi, it happens on every captivate ive tested, and seems to be more widespread than the GPS issue.
I have had the same issue with my work at work. I can get it to connect and get a ip but can not pass any data.
Sent from my SAMSUNG-SGH-I897 using XDA App
Had the same problem at work. Luckily I'm an admin and figured mine out. Our monowall portal was the issue. I can give a detailed answer for my problem tomorrow when I get to work.
I actually had the cap wiped to go back, then I literally figured out the problem. Thanks go out to my team mate for helping me talk through this.
Sent from my SAMSUNG-SGH-I897 using XDA App
can't wait to hear what your fix was!
Sent from my SAMSUNG-SGH-I897 using XDA App
This sounds more like your network not being allowing your device rather then the device having an issue.
it's been frustrating as I know two other guys with android devices that didn't have an issue. one is a droid eris running 2.1 and the other is a nexus one running 2.2.
Sent from my SAMSUNG-SGH-I897 using XDA App
designgears said:
This sounds more like your network not being allowing your device rather then the device having an issue.
Click to expand...
Click to collapse
Worked closely with my highly experienced network admin in my dept. for an afternoon (we had some time to kill). He checked the firewall and dhcp servers, ran packet traces, etc.
With what I'm experiencing, its the device. These wifi networks we use with Cisco APs are completely wide-open. All other phones and mobile devices have always worked great for years. We rely on this network for many custom applications and mobile tools.
Once the dhcp server leases an address, it seems like the radio stack hangs, and the device ceases communication. Here's an older thread on the exact issue over at androidfouroms: http://androidforums.com/samsung-captivate/130403-wifi-terrible.html
I have tested multiple new unmodified captivates and the issue is identical accross the board.
Now that I am at work, and have coffee in me and not beer, I will go through the problem I had with miCap and works wireless. Due to my skeptical ways, I will be semi vague for security purposes. On with it.
When I originally got miCap (pet name for it) I was able to access our public wifi. It allowed me into the public portal to agree to terms. I played a little bit on it, but wanted to see if I could access our private wifi. I got in the private no problem. But after that I never was able to get back on to our public. It did the same thing as I've read. It got an ip no problem (via dhcp) and acted like all was well. No browser, or ap could get a connection. The phone would not switch over to 3g to get info.
Armed with ip and mac address, my co-worker and I started to did through our monowall. ( He also has a cap that had no issues on public or private). We try tried reserving the ip for miCap, didn't work. We tried static ip, didn't work. I spent the morning completely wiping miCap to get it back to return worthy.
This was when I decided on last ditch effort.
Our ap's are cisco's that connect into monowall. I got into monowall and dug around. I found that with in the captive portal (how fitting) that the ip/mac associated with my phone hadn't checked in for 8 days. Even though I tried everyday. I deleted the entry to the phone there and suddenly my phone was getting access again.
Now I understand that this may not help everyone, because setups vary from place to place. But digging deeper into configurations at the access points may be what is needed. Do I think the phone had nothing to do with it? No, I think it helped aggravate the problem.
We have had problems with the Intel 3945abg chipsets with the same exact setup. That problem was fixed with driver updates on the laptops.
sorry for the long winded reply.
So in a nut shell you deleted the DNS entry for that ip/mac in the firewall and you are working.
Pmac25 said:
So in a nut shell you deleted the DNS entry for that ip/mac in the firewall and you are working.
Click to expand...
Click to collapse
Essentially yes. But it is not listed like that in the portal. Hmmm. I wonder about the combo of dhcp/dns being the culprit.
I was able to resolve this issue by changing my connection settings from DHCP to static for the Cisco APs.
Installing WiFi Buddy from the market allowed me to access these connection settings.
I just used an address from our static IP pool.
Manually set IP, subnet, gateway, and DNS, and now im finally rolling on our enterprise wifi network
I sent a help ticket into samsung; maybe if enough folks do we can get it on their radar.
jhannaman82 said:
I was able to resolve this issue by changing my connection settings from DHCP to static for the Cisco APs.
Installing WiFi Buddy from the market allowed me to access these connection settings.
I just used an address from our static IP pool.
Manually set IP, subnet, gateway, and DNS, and now im finally rolling on our enterprise wifi network
Click to expand...
Click to collapse
you can set the ip manually with out an app. When on the wifi screen, hit menu-advanced. This is a good time to set the wi-fi sleep policy also.
phlunkie said:
you can set the ip manually with out an app. When on the wifi screen, hit menu-advanced. This is a good time to set the wi-fi sleep policy also.
Click to expand...
Click to collapse
Thanks for that, i figured the menu was built in somewhere just never found it.
:thumbsup:
UPDATE
So I flashed the i9000 Eclair rom last night, and when I got into work today I can connect and use the wifi here. So looks like something AT&T buggered up, big surprise there, when they "customized" the captivate.
As much as I normally love blaming AT&T for problems, that can't be done here. My Captivate (running Stock Firmware) connects just fine to my work network. We use 802.1x with PEAP/MSCHAPv2 for authentication.
Anyone been able to connect at over 802.11b speeds while connected to an 802.1x network? I show connections at G and N speeds on my WPA2 network but nothing over 11Mbps on 802.1x.
Sent from my SAMSUNG-SGH-I897 using XDA App
Hi,
I am also having problems with my work wifi network.
It is 802.1x, on TTLS/PAP it also requires a thawte premium server ca certificate insalled.
Is there any way to connect this kind of networks?
With my previous iphone 3g it was taking only 4-5 seconds.
Hi,
Just got a shiny new Galaxy Note 10.1 last weekend. Yesterday, after receiving my case and keyboard from Amazon, I brought it in to school to start taking advantage of the S-Pen for note taking in classes that keyboards don't quite cut it in. Unfortunately, it revived an issue that I had and ignored on my HTC Rezound from last year... an issue that a WiFi device can't ignore, and unfortunately my phone's battery is not up to using CM10's tether function all day (and it might start running down my monthly data being used 5 days a week, all day).
So, any ideas what might cause this issue? The school primarily has Macs, and my Windows 8 Laptop sometimes has issues, but at least half the time it works fine. It is just Android devices that will not work. They connect, and get great signal strength, but just won't get any actual data. To my knowledge, nobody has ever gotten an Android device to connect. My Rezound is running an unofficial CM10 (4.1 JB) version, and my Note is using whatever the newest official update is (4.1 as well, I believe. Non-rooted). I don't know a whole lot about this type of stuff, but I'm not afraid to tinker around to try and get it working. I've tried a few other suggestions from numerous Google searches, but to no avail so far. The network is unprotected, and run by the school's IT people, so needless to say I have no way to easily change settings for the campus' network. I'd prefer not root the Note just yet, but if I need to, so be it. Any ideas what this might be?
Thanks
Some more Info
Coffeeist said:
[Original Post]
Click to expand...
Click to collapse
Some more info:
I cannot ping the tablet from my laptop (I get no packet loss, but all return 'Destination Host Unreachable'.
Same result if I try pinging my laptop or the router from my tablet using Terminal Emulator.
Sometimes, if set to DHCP, the tablet will give an 'Authentication Error Occured' error (or similar, I don't recall the actual wording). Sometimes it indicates a connection, but just won't work. I've never had a problem connecting using the same info as my laptop (with the IP changed, of course), but again, no internet, no ping.
Thanks
May or may not be the problem, but from what I've noticed, school networks tend to have a lot of blocked ports. I know the main Google Sync Framework uses port 5228. Try shooting an email to a network admin in your school's IT dept, asking about that port or just in general if they're aware that Android devices are unable to connect on their network.
Coffeeist said:
Some more info:
I cannot ping the tablet from my laptop (I get no packet loss, but all return 'Destination Host Unreachable'.
Same result if I try pinging my laptop or the router from my tablet using Terminal Emulator.
Sometimes, if set to DHCP, the tablet will give an 'Authentication Error Occured' error (or similar, I don't recall the actual wording). Sometimes it indicates a connection, but just won't work. I've never had a problem connecting using the same info as my laptop (with the IP changed, of course), but again, no internet, no ping.
Thanks
Click to expand...
Click to collapse
What do you mean by "same info as my laptop" what types of credentials are you referring to? Something you have to change on the laptop in order to get in? The more information regarding this you can provide (safely, mind you, mask/alter any sensitive info), the better we can assist you. If you have to do something like set a VLAN, then you're never going to get an Android device to work as we do not have the capability to use VLAN'd wireless like most PCs and Macs can with the proper configuration changes. If there's some browser catch-all page, then that should work, but based on your statement "with the IP changed" leads me to believe that you're messing with the adapter settings directly. I would be especially keen to helping you with more detailed networking issues like this should you provide me with the information requested. I look forward to your reply. (Yes, I like technical challenges like this, it's why I work VoIP support.)
IP address or no IP address
Coffeeist said:
Some more info:
I cannot ping the tablet from my laptop (I get no packet loss, but all return 'Destination Host Unreachable'.
Same result if I try pinging my laptop or the router from my tablet using Terminal Emulator.
Sometimes, if set to DHCP, the tablet will give an 'Authentication Error Occured' error (or similar, I don't recall the actual wording). Sometimes it indicates a connection, but just won't work. I've never had a problem connecting using the same info as my laptop (with the IP changed, of course), but again, no internet, no ping.
Thanks
Click to expand...
Click to collapse
since you know ping, then did you check the IP address for each device?
Back to basic:
1: ping your device gateway IP
2) if ok, then ping ur device (tablet or laptop)
3) if ok then ping bbc.co.uk (this will check your dns), if failed ping your dns's IP address.
If no IP on android, then check if there is any protection on device. It sound like no IP been allocated for you.
Depends on how good a school's IT dept. I have not seen many school actually put filter to stop non-window device.
I am not sure it has anything to do with VLAN yet. As a simple logon, device does not care VLAN or no VLAN.
The basic for us is 1) get an IP on device. 2) know how to get out (gateway IP) 3) interrept hwere you go (DNS resolution) 4) know how to get to internet (internet router, internet firewall, internet boardband et...)
If you have authentication error, then it is sure you are not going to get an IP address. If this is WiFi then check on security (WEP, WAP...TKIP...)
tinbox134 said:
since you know ping, then did you check the IP address for each device?
Back to basic:
1: ping your device gateway IP
2) if ok, then ping ur device (tablet or laptop)
3) if ok then ping bbc.co.uk (this will check your dns), if failed ping your dns's IP address.
If no IP on android, then check if there is any protection on device. It sound like no IP been allocated for you.
Depends on how good a school's IT dept. I have not seen many school actually put filter to stop non-window device.
I am not sure it has anything to do with VLAN yet. As a simple logon, device does not care VLAN or no VLAN.
The basic for us is 1) get an IP on device. 2) know how to get out (gateway IP) 3) interrept hwere you go (DNS resolution) 4) know how to get to internet (internet router, internet firewall, internet boardband et...)
If you have authentication error, then it is sure you are not going to get an IP address. If this is WiFi then check on security (WEP, WAP...TKIP...)
Click to expand...
Click to collapse
Hello Coffeeist,
Please contact your schools IT department and find out what kind of encryption they use on their APs.
If they use TKIP, then that is whats causing the problem with android devices.
Once TKIP is disabled on the AP you are connecting to, you will be able to reach the internet.
I say this because I had the same problem in the past (setting up Cisco APs), and can confirm that this is the cause of the problem.
TKIP shouldn't be used anyway. They should be using AES. TKIP is too weak.
I guess that last part answered another question that you might of had. (Why TKIP doesn't work with Android?) Android=Secure TKIP=WEAK.... Unacceptable for Android
Also, you mention something about not being able to ping your tablet from your laptop. If I understand this correctly, you have both your laptop and tablet connected to the same AP and you are trying to ping between the two. This wont work in most cases. Reason: "Port-Protection", which if enabled doesn't allow clients on the AP to communicate with each other.
Regards,
Ed
Let us know how it goes.
nasvi said:
Hello Coffeeist,
Please contact your schools IT department and find out what kind of encryption they use on their APs.
If they use TKIP, then that is whats causing the problem with android devices.
Once TKIP is disabled on the AP you are connecting to, you will be able to reach the internet.
I say this because I had the same problem in the past (setting up Cisco APs), and can confirm that this is the cause of the problem.
TKIP shouldn't be used anyway. They should be using AES. TKIP is too weak.
I guess that last part answered another question that you might of had. (Why TKIP doesn't work with Android?) Android=Secure TKIP=WEAK.... Unacceptable for Android
Also, you mention something about not being able to ping your tablet from your laptop. If I understand this correctly, you have both your laptop and tablet connected to the same AP and you are trying to ping between the two. This wont work in most cases. Reason: "Port-Protection", which if enabled doesn't allow clients on the AP to communicate with each other.
Regards,
Ed
Let us know how it goes.
Click to expand...
Click to collapse
With useful posts above the rest is not much left for me to say but a simple advice
Make sure your friends aren't playing a prank on you coz I tend to do it I use arpspoof and aireplay-ng to cause such mayhem
Sent from my A116 using Tapatalk 2
Airplay and Arpspoof wouldn't be possible if MFP is enabled on the AP. Also the OP is stating that it is with all android devices and not 1.
Sent from my HTC One XL using xda app-developers app
responses
First off, thanks for all of the posts, and I apologize for taking so long to respond.
Also, I did check port 5228 with my laptop, and it seemed to indeed be closed. Haven't been able to contact IT yet, but I will need to soon to solve an issue with another, unrelated issue.
Cynagen said:
What do you mean by "same info as my laptop" what types of credentials are you referring to? Something you have to change on the laptop in order to get in? The more information regarding this you can provide (safely, mind you, mask/alter any sensitive info), the better we can assist you. If you have to do something like set a VLAN, then you're never going to get an Android device to work as we do not have the capability to use VLAN'd wireless like most PCs and Macs can with the proper configuration changes. If there's some browser catch-all page, then that should work, but based on your statement "with the IP changed" leads me to believe that you're messing with the adapter settings directly. I would be especially keen to helping you with more detailed networking issues like this should you provide me with the information requested. I look forward to your reply. (Yes, I like technical challenges like this, it's why I work VoIP support.)
Click to expand...
Click to collapse
Just IP/DHCP/DNS (and I've also tried public DNS such as Google). Nothing fancy set up on the laptop (everything should be on Windows default network settings, same with Android on both devices). There is also no catch-all page, assuming I'm interpreting that correctly (as a login page sort of thing, like I'd get at Starbucks or a Hotel).
Glad to provide the challenge... truth be told, underneath the annoyance of lacking connection, I love issues like this because of the fun tricks and such that solving them can teach.
tinbox134 said:
since you know ping, then did you check the IP address for each device?
Back to basic:
1: ping your device gateway IP
2) if ok, then ping ur device (tablet or laptop)
3) if ok then ping bbc.co.uk (this will check your dns), if failed ping your dns's IP address.
If no IP on android, then check if there is any protection on device. It sound like no IP been allocated for you.
Depends on how good a school's IT dept. I have not seen many school actually put filter to stop non-window device.
I am not sure it has anything to do with VLAN yet. As a simple logon, device does not care VLAN or no VLAN.
The basic for us is 1) get an IP on device. 2) know how to get out (gateway IP) 3) interrept hwere you go (DNS resolution) 4) know how to get to internet (internet router, internet firewall, internet boardband et...)
If you have authentication error, then it is sure you are not going to get an IP address. If this is WiFi then check on security (WEP, WAP...TKIP...)
Click to expand...
Click to collapse
1. If I recall, this either had full loss, or Destination Host Unreachable, when pinging the gateway IP from the tablet.
2. Have tried this nonetheless, and I think I made it through once or twice just after turning on the tablet, but after that would only get Dest. Host Unreachable.
3. Had tried with Google, fails across any DNS.
I seem to get an IP, although sometimes I get the authentication error in Android and it won't connect. Whenever I set a static IP, based off of my laptop's IP (not the same, of course), I get connected, just no internet.
nasvi said:
Hello Coffeeist,
Please contact your schools IT department and find out what kind of encryption they use on their APs.
If they use TKIP, then that is whats causing the problem with android devices.
Once TKIP is disabled on the AP you are connecting to, you will be able to reach the internet.
I say this because I had the same problem in the past (setting up Cisco APs), and can confirm that this is the cause of the problem.
TKIP shouldn't be used anyway. They should be using AES. TKIP is too weak.
I guess that last part answered another question that you might of had. (Why TKIP doesn't work with Android?) Android=Secure TKIP=WEAK.... Unacceptable for Android
Also, you mention something about not being able to ping your tablet from your laptop. If I understand this correctly, you have both your laptop and tablet connected to the same AP and you are trying to ping between the two. This wont work in most cases. Reason: "Port-Protection", which if enabled doesn't allow clients on the AP to communicate with each other.
Regards,
Ed
Let us know how it goes.
Click to expand...
Click to collapse
Unless I am totally clueless about this stuff (er, moreso than I though I already was), it uses neither TKIP or AES, being an open and unsecured network.
sak-venom1997 said:
With useful posts above the rest is not much left for me to say but a simple advice
Make sure your friends aren't playing a prank on you coz I tend to do it I use arpspoof and aireplay-ng to cause such mayhem
Sent from my A116 using Tapatalk 2
Click to expand...
Click to collapse
Haha, I doubt it. None of my friends, especially the ones who I think would even try and do something like this, are tech-savvy enough for me to have any suspicion of that. Thanks though
Another piece of info (a pretty weird seeming one at that): Sometimes, I'll turn on my tablet in the middle of the day, and out of the blue there is an email notification there, for recent emails. Of course, if I go into browser, I can't get any pages. Can't think of any other networks that the device could/would connect to on campus, either.
Thanks!
Coffeeist said:
First off, thanks for all of the posts, and I apologize for taking so long to respond.
Also, I did check port 5228 with my laptop, and it seemed to indeed be closed. Haven't been able to contact IT yet, but I will need to soon to solve an issue with another, unrelated issue.
Just IP/DHCP/DNS (and I've also tried public DNS such as Google). Nothing fancy set up on the laptop (everything should be on Windows default network settings, same with Android on both devices). There is also no catch-all page, assuming I'm interpreting that correctly (as a login page sort of thing, like I'd get at Starbucks or a Hotel).
Glad to provide the challenge... truth be told, underneath the annoyance of lacking connection, I love issues like this because of the fun tricks and such that solving them can teach.
1. If I recall, this either had full loss, or Destination Host Unreachable, when pinging the gateway IP from the tablet.
2. Have tried this nonetheless, and I think I made it through once or twice just after turning on the tablet, but after that would only get Dest. Host Unreachable.
3. Had tried with Google, fails across any DNS.
I seem to get an IP, although sometimes I get the authentication error in Android and it won't connect. Whenever I set a static IP, based off of my laptop's IP (not the same, of course), I get connected, just no internet.
Unless I am totally clueless about this stuff (er, moreso than I though I already was), it uses neither TKIP or AES, being an open and unsecured network.
Haha, I doubt it. None of my friends, especially the ones who I think would even try and do something like this, are tech-savvy enough for me to have any suspicion of that. Thanks though
Another piece of info (a pretty weird seeming one at that): Sometimes, I'll turn on my tablet in the middle of the day, and out of the blue there is an email notification there, for recent emails. Of course, if I go into browser, I can't get any pages. Can't think of any other networks that the device could/would connect to on campus, either.
Thanks!
Click to expand...
Click to collapse
Based on your responses, I have a follow up question and comment. The question is as follows: Did you have to register your computer with your IT when you started school in order to be permitted on the wireless network? If this was the case they're likely filtering based on MAC address (which you won't be able to spoof on your Android, but you may be able to spoof on your laptop), get them to re-register your laptop after you spoof the MAC address so you can get both devices on using the same MAC address (though not at the same time of course unless you're fine with stuff randomly not working). The comment is as follows: Yeah, finding the workarounds to get back limitations like this is definitely a fun challenge because when you win, you've definitely learned something new. Oh, and you were right about my question of the gateway authentication page like a hotel wifi login page.
MAC
Cynagen said:
Based on your responses, I have a follow up question and comment. The question is as follows: Did you have to register your computer with your IT when you started school in order to be permitted on the wireless network? If this was the case they're likely filtering based on MAC address (which you won't be able to spoof on your Android, but you may be able to spoof on your laptop), get them to re-register it after you spoof the MAC address so you can get both devices on using the same MAC address (though not at the same time of course). The comment is as follows: Yeah, finding the workarounds to get back limitations like this is definitely a fun challenge because when you win, you've definitely learned something new.
Click to expand...
Click to collapse
Nope, it was up and running just through connecting normally, and has been since (mostly) - no registration or anything like that. Now, the reason that I put 'mostly' in parentheses is that sometimes the computer will be connected, but also have no internet (I don't think this started until I, dare I admit, upgraded to Windows 8). However, this only happens sometimes, whereas the Android devices never get internet access.
However, on the topic of MAC addresses, one post (in fact, I think it was on XDA) I saw awhile back while Google searching this problem was that someone had a similar issue, found to be with their device's MAC address having the letters 'FA' instead of 'FB' or something like that. Being that my Note isn't rooted, I haven't tested it with that, but perhaps I should give that a try with my CM10 Rezound?
(This is the post: HERE)
Thanks!
Coffeeist said:
Nope, it was up and running just through connecting normally, and has been since (mostly) - no registration or anything like that. Now, the reason that I put 'mostly' in parentheses is that sometimes the computer will be connected, but also have no internet (I don't think this started until I, dare I admit, upgraded to Windows 8). However, this only happens sometimes, whereas the Android devices never get internet access.
However, on the topic of MAC addresses, one post (in fact, I think it was on XDA) I saw awhile back while Google searching this problem was that someone had a similar issue, found to be with their device's MAC address having the letters 'FA' instead of 'FB' or something like that. Being that my Note isn't rooted, I haven't tested it with that, but perhaps I should give that a try with my CM10 Rezound?
(This is the post: HERE)
Thanks!
Click to expand...
Click to collapse
That shouldn't be it unless they have corporate level routers that don't recognize the MAC address of any devices manufactured after 2009 (when most of these manufacturers got the MAC addresses assigned to them (this is VERY unlikely)). I would honestly work with IT on campus and advise that it appears not a single Android device is allowed on the network. If they're blocking Android for any reason, check the terms of service for using the WiFi and see if there's any provisions for banning an entire brand of device/OS for whatever reason. If there's only provisions for individual banning, then take it back to them and show them that your record has not been abusive in the least and go from there. Make a case, otherwise draw one up with legal council. *shrugs* I don't believe anyone should ever be punished for the type of device they chose to purchase, that's first amendment choice, but it really comes down to their terms of service which you agree to by using the wifi.
Cynagen said:
That shouldn't be it unless they have corporate level routers that don't recognize the MAC address of any devices manufactured after 2009 (when most of these manufacturers got the MAC addresses assigned to them (this is VERY unlikely)). I would honestly work with IT on campus and advise that it appears not a single Android device is allowed on the network. If they're blocking Android for any reason, check the terms of service for using the WiFi and see if there's any provisions for banning an entire brand of device/OS for whatever reason. If there's only provisions for individual banning, then take it back to them and show them that your record has not been abusive in the least and go from there. Make a case, otherwise draw one up with legal council. *shrugs* I don't believe anyone should ever be punished for the type of device they chose to purchase, that's first amendment choice, but it really comes down to their terms of service which you agree to by using the wifi.
Click to expand...
Click to collapse
I'll give it a shot, thanks.
Coffeeist said:
I'll give it a shot, thanks.
Click to expand...
Click to collapse
Sorry to bump the thread, but seeing as it's my own I figured it would be alright...
I got around to asking the the school IT about the issue, and they said that the deliberately block mobile traffic, which they went on to find out does include Android tablets (I understand phones, but I can't even begin to understand why they target Android tablets... unfortunately, that's not my call). I Google searched a bit, and found that networking devices from a company called Aruba can be set to block traffic from specific types of devices (supposedly Cisco and a few other companies can do similar things too), by checking something with the HTML version, or something like that (I'm by no means a networking expert hehe).
So, I guess I'll make my last effort with this thing, and ask if anyone knows of some legal, non-hacky way of getting by this?
I'm guessing not, but worth asking.
Thanks
Coffeeist said:
Sorry to bump the thread, but seeing as it's my own I figured it would be alright...
I got around to asking the the school IT about the issue, and they said that the deliberately block mobile traffic, which they went on to find out does include Android tablets (I understand phones, but I can't even begin to understand why they target Android tablets... unfortunately, that's not my call). I Google searched a bit, and found that networking devices from a company called Aruba can be set to block traffic from specific types of devices (supposedly Cisco and a few other companies can do similar things too), by checking something with the HTML version, or something like that (I'm by no means a networking expert hehe).
So, I guess I'll make my last effort with this thing, and ask if anyone knows of some legal, non-hacky way of getting by this?
I'm guessing not, but worth asking.
Thanks
Click to expand...
Click to collapse
Before discussing any workarounds, you may need to review the Terms of Service for your wifi on the school premises first, review the consequences for bypassing their security measures, and figure if it's worth the risk to you... At this time, it'll be kind of "hacky" to get around such a block. In order to provide you with a valid workaround though we'll need a little bit of information regarding what's going on when you connect.
First, when you connect to the WiFi with your Android device, do you even receive an IP address? If you don't then we'll stop here, the only way to get around the types of blocks they're employing at this level would require hardware hacking/firmware reprogramming to change the identity of the device itself, which is flat out illegal in just about anywhere I can think of. Here's your checklist, fill out where applicable: (Even if you set static information to accomplish this, that will be a valid Y.)
Get an IP? (If Y, proceed)
Is it a valid IP address on the same network as your PC? (Either way, don't care)
Can you ping the gateway you got from DHCP on Android? (If Y, proceed)
Can you ping the DNS server(s) you got from DHCP on Android? (If Y, proceed)
Can you ping an external server such as Google DNS (8.8.8.8) on Android? (If Y, then we're done here)
It's kind of a bit of a process unfortunately, however, if you pass every single one of these tests with the Android device, there's good news. They're only filtering traffic based on the User-Agent identification of all your applications (and based on the MAC address of your device, denying your DHCP requests), you should be able to bypass this with a VPN tunnel back to your home from your Android (after setting your static IP) in order to encrypt and keep this information from leaking to their systems. However, this will likely set off alarms if they monitor their network heavily. If the school IT asks, then you're "working on projects in-between classes on your computer at home and your family has a home office with VPN already, so you used that to connect back to the house". Either way, they can't say much about it besides cut you off... again. Anywhos, I wouldn't recommend trying to bypass without doing all this research first, and then also evaluating the possible consequences, however the rewards are within themselves. You'll be the only person at school with a working mobile device, (besides those iSuckers). Technically, encrypting your traffic is completely legal (and they can't say anything legally about it), however, setting a static IP address in the same range as your computer at school may be against their TOS which you abide by being on campus. Let us know how everything goes.
Cynagen said:
Get an IP? (If Y, proceed)
Is it a valid IP address on the same network as your PC? (Either way, don't care)
Can you ping the gateway you got from DHCP on Android? (If Y, proceed)
Can you ping the DNS server(s) you got from DHCP on Android? (If Y, proceed)
Can you ping an external server such as Google DNS (8.8.8.8) on Android? (If Y, then we're done here)
Click to expand...
Click to collapse
With Static I set an IP and all other info (Gateway, DNS, etc, except for Network Prefix Length... no clue what that is, left it at 24 default), and could not ping gateway
Dynamic/DHCP I will have to check tomorrow, after downloading stuff for the tablet to get that info (I think I need root to use IfConfig with Terminal Emulator, correct?).
Whatever they use to block me out, it seems to have a slight hole built in... every day, multiple times a day, I will look down at my tablet and see notifications (mainly email, occasionally Facebook, etc) that pushed through on the schools network (I know that for sure, being that often times the emails are messages received during the day, in a time period where the tablet has been nowhere near any other networks). Maybe this hole can be breached?
Thanks!
Coffeeist said:
With Static I set an IP and all other info (Gateway, DNS, etc, except for Network Prefix Length... no clue what that is, left it at 24 default), and could not ping gateway
Dynamic/DHCP I will have to check tomorrow, after downloading stuff for the tablet to get that info (I think I need root to use IfConfig with Terminal Emulator, correct?).
Whatever they use to block me out, it seems to have a slight hole built in... every day, multiple times a day, I will look down at my tablet and see notifications (mainly email, occasionally Facebook, etc) that pushed through on the schools network (I know that for sure, being that often times the emails are messages received during the day, in a time period where the tablet has been nowhere near any other networks). Maybe this hole can be breached?
Thanks!
Click to expand...
Click to collapse
It seems like small gaps where the system doesn't block you long enough to receive some traffic, but that is promising. BTW, you can get your "network prefix" (netmask as we call it) from your computer. If you go into the command prompt on windows and run "ipconfig /all" you'll get 4 useful bits of info we need, IP address (so you can mimic it), the gateway, the subnet mask (usually 255.255.something.something) and the DNS servers. The subnet mask determines what you use, and I HIGHLY doubt they use 24 (that's mainly for home networks, 24 = 254 devices permitted on the DHCP, 16 = 65534 devices (this is WAY more likely)).
Cynagen said:
It seems like small gaps where the system doesn't block you long enough to receive some traffic, but that is promising. BTW, you can get your "network prefix" (netmask as we call it) from your computer. If you go into the command prompt on windows and run "ipconfig /all" you'll get 4 useful bits of info we need, IP address (so you can mimic it), the gateway, the subnet mask (usually 255.255.something.something) and the DNS servers. The subnet mask determines what you use, and I HIGHLY doubt they use 24 (that's mainly for home networks, 24 = 254 devices permitted on the DHCP, 16 = 65534 devices (this is WAY more likely)).
Click to expand...
Click to collapse
Well, I just had a clean connection for about 5 minutes, and had a normal-looking IP based on my PC. Using Terminal Emulator I pinged the gateway after my connection failed, still with no response. I still appeared to have a proper IP on my tablet, but no actual internet connection.
So, perhaps these small windows are something to pursue? Or perhaps sticking with the VPN plan is best?
Thanks!
Coffeeist said:
Well, I just had a clean connection for about 5 minutes, and had a normal-looking IP based on my PC. Using Terminal Emulator I pinged the gateway after my connection failed, still with no response. I still appeared to have a proper IP on my tablet, but no actual internet connection.
So, perhaps these small windows are something to pursue? Or perhaps sticking with the VPN plan is best?
Thanks!
Click to expand...
Click to collapse
You need to make sure your networking information is entered correctly, you still haven't said anything about the netmask in this situation. However, if you're entering this information in correctly then you should have a solid connection until they realize you've forced a device into the network. The only thing you can do beyond that point is during that window, open a VPN connection without using a single browser request so they don't know what the device is unless they check the MAC address. Either way, this is a window that can be used, you just need to avoid identifying your device in any way prior to initiating the VPN connection. Turn off Sync when you connect.