WPA Enterprise not working - XPERIA X1 General

At work we have a WPA network, And ever time i try to connect to it with my x1 it asks me for my username and password a few times then shows a error message saying i don't have a personal cert. Are network does not require a personal cert. We do have a signed cert from thawte. Are ssid is hidden and the network settings are "WPA, TKIP, PEAP"

same problem here too.
WPA (not WPA2), TKIP with PEAP. I do have the university certificate, but no personal one.
It just keeps asking the password and username, but never connects.
Pretty damn frustrating, as the network works perfectly on Mac, Windows, Linux and even iPhone. But not on Windows Mobile...??

.............................bump.............................

My company apparently had some odd version of WPA enterprise, so I had to use the following hack on my X1 (as well as any other WinMo phone) to get it to work:
1. Get PHMRegEdit: http://www.phm.lu/Products/PocketPC/RegEdit/
2. Add a key to the registry: \HKLM\Comm\EAP\Extension\25\ValidateServerCert= dword:00000000
3. Connect to your network. For mine, I used the settings: WPA, TKIP, hidden network checked, PEAP.
4. After connecting, enter user/pass. I left domain blank on mine.
After following these steps, it seems to work just fine for me, but YMMV.

Type PEAP into the search engine at the top of the forum and try one of the many answers.
The top one gives you an option to connect without checking for any certificates..
does that sound like the solution you need?
I keep repeating this, as do the moderators and the other more experienced members but the search is an incredibly useful feature on this site !
PLEASE SEARCH BEFORE POSTING
blackax in the 24hours since you first posted you could have tried millions of different searches, PEAP was the first one I tried.
EDIT : bah you gave them the answer from the first post!

@brikis98
Thank you for the post. But i have already tryed that with not it working :-(
@fards
I posted because i couldnt find the answer that worked for me. I should of made that more clear in my first post.

It seems that im not even getting to the Radius server. There is no error in the Log around the time i tryed to access WPA. grrrrr This is driveing me nuts

First, you got to figure out what kind of authentication method yr company used.
For me, my company use Cisco EAP-Fast and my only option is install Juniper's Odyssey Client for WM. It's not free but you can try it for 30 days and it works for me.

download "securew2" and follow the directions here: http://askageek.blogspot.com/2008/09/concordia-wireless-using-windows-mobile.html and you should be able to get WPA enterprise to work. I'm a med school student so we have a pretty encrypted system and the tech there didnt' know if anything would work, but I got this to work. Did a bunch of searches before I found something that worked. I've had no problem connecting since this. Hope this helps!

hollyyih said:
download "securew2" and follow the directions here: http://askageek.blogspot.com/2008/09/concordia-wireless-using-windows-mobile.html and you should be able to get WPA enterprise to work. I'm a med school student so we have a pretty encrypted system and the tech there didnt' know if anything would work, but I got this to work. Did a bunch of searches before I found something that worked. I've had no problem connecting since this. Hope this helps!
Click to expand...
Click to collapse
Well, it's really depends as I said before. This one only support the following:
EAP-TTLS
EAP-GTC
EAP-PEAP
EAP-SIM
My company only support EAP-FAST and only Odyssey can handle so many different protocols (all of the above and a lot more).

Related

Connect to schoolNetwork

Hi, I am from Sweden and this is my first post here at XDA.
I got a HTC p3600, it´s upgraded to WM 6.5 and it works awesome.
Now the problem. The WLAN works great at home and other open networks/ if i got the key.
In my school we got WLAN but i can´t connect to it. I find it in the WLAN-list but there it ends. My friend with an Iphone just select the network and then he can insert his username and password, and woila! He´s in.
When i try to connect the server wants a "Certifikat" in swedish. I have tried to do a "Domain enroll" to get it But it always fail.
I think they use Windows Server 2003.
Does anybody understand my bad language? If you wanna know any more, just tell me.
Same problem here, trying for some weeks to find a solution and so far all attempts with different clients failed. I`m sure it`s not a windows server but a cisco concentrator that let`s You access wlan and it seems there is no free client that can communicate correctly with cisco hardware for winmobile. Iphones have a vpn client directly from cisco integrated and can pass without problems. Try to ask Your computer center what concentrator they use and if they know of a client that supports winmobile.
Some forums mention a registry hack that deactivates certificate authentication but just setting it didn`t help. We`re still trying if this might work in conjunction with a locally installed certificate. Try to get the root certificate of Your CA and import it to Your device. Might help. Somehow they screwed up PEAP on mobile clients cause it`s supposed to work without local certificates but alas...
FlyBy_1 said:
Same problem here, trying for some weeks to find a solution and so far all attempts with different clients failed. I`m sure it`s not a windows server but a cisco concentrator that let`s You access wlan and it seems there is no free client that can communicate correctly with cisco hardware for winmobile. Iphones have a vpn client directly from cisco integrated and can pass without problems. Try to ask Your computer center what concentrator they use and if they know of a client that supports winmobile.
Some forums mention a registry hack that deactivates certificate authentication but just setting it didn`t help. We`re still trying if this might work in conjunction with a locally installed certificate. Try to get the root certificate of Your CA and import it to Your device. Might help. Somehow they screwed up PEAP on mobile clients cause it`s supposed to work without local certificates but alas...
Click to expand...
Click to collapse
Thanks for the answer!
Would it be possible to to install some kind of program from cisco to make it work?
Unfortunately Cisco doesn`t do any winmo clients, they licensed it to other companies. Tried with Root CA yesterday but that didn`t work, maybe we need a valid client cert too. Have to get a personal one from our uni CA the days.
Try installing secureW2
http://www.securew2.com/node/3
This is a program specifically designed to work with wpa2 networks offered through a radius server. Most schools and universities use a radius server. You will need a local login and password though.
When installed, you can select securew2 in the certificate window of wifi settings, when you try to connect to the wireless network.
Thanks for the suggestion. I tried with various clients, none of them worked, securew2 was among them. But maybe it works with fiddyboy.
A page mentioned some older hardware may not cope with mixed wpa modes, maybe P3600 is among them but I really don`t think so...
MAsterokki said:
Try installing secureW2
http://www.securew2.com/node/3
This is a program specifically designed to work with wpa2 networks offered through a radius server. Most schools and universities use a radius server. You will need a local login and password though.
When installed, you can select securew2 in the certificate window of wifi settings, when you try to connect to the wireless network.
Click to expand...
Click to collapse
I am downloading now, will test it tomorrow. Thanks!
Edit: I am not getting it to work. Can someone help me with the settings?
I am sorry, but I don't know what settings to use in your specific case... These settings should be made available by your school or company, most of the time the settings for laptops will give enough information too
which rom do you use to upgrade to windows mobile 6.5
Finally got it to work. We have different WLANs here at our university. I had no luck connecting to our VPN-network so I tried our eduroam WLAN. Eduroam is a roaming network for educational purposes. If You have a login from Your uni/school/whatever You should be able to access the internet from any eduroam network worldwide.
As You said You were asked for a certificate I think Your network relies on the same technologies as ours because I had the same error before. Following explanation:
Our eduroam RADIUS server is certified.
This means our uni gave it a certificate. Our uni was certified by and got a certificate from the DFN (german research net). The DFN was certified by and got a certificate from the german Telekom.
This is called a certificate chain with the DFN as intermediary and Telekom as root certificate authority.
What I had to do is import just the root certificate (from Telekom) to my mobile device by downloading it from our unis webpage, transferring it to the Trinity and just click on it. It confirmed installation and the root ca is listed under the Settings>System>Certificates>Root.
Edit : Normal certs are with *.crt ending. MinMo wants *.cer-files. If You only can get Your hands on *.crt import them into Your PC browser, export from there with DER-encoding and rename *.der to *.cer. That`s it.
Our eduroam RADIUS server authentication is via PEAP.
So I configured the network connection like this:
connects to : internet
authentication : wpa2
data encryption : aes
eap type : PEAP
Connect. When prompted put in Your uni account credentials.
This worked on WinMo 6.1 and 6.5 Without the ValidateServerCert reghack or any other other special program.
WinMo5 failed! Also tried the ValidateServerCert reghack but it`s of no use. Think it`s because WM5 has no wpa2-aes support. If Your RADIUS allows wpa and tkip it may work.
Maybe if this doesn`t work Your server it uses something other than wpa2 or aes. Try different options. Maybe it`s not using PEAP. Ask Your admin but try with a certificate first.
The strange thing is that PEAP was used to avoid handling of certificates; it`s especially there to NOT have to fiddle with them. Anyway, this works here, hope this is the solution for Your location...
you should just buy a protable harddrive or a flash drive and transfer your files onto that and then onto your computer.
Hi, I have same problem, trying to use eduroam on CTU, my Notebook/Laptop WiFi work ok, but I can't connect with TD2 Topaz. I have instaled required certificate, but in options I have no way to set concrete RADIUS server to connect (which is required to be specified in settings on Notebook). Any ideas please? I Also installed securew2, but I can't add Cesnet CA in securew2 options, even it is installed in system (I is present in setings-certificates in WM).
When You have WinMo 6.1 You shouldn`t need securew2 and there is no need to explicitly set RADIUS IP. Have You tried eap-type : PEAP ? What`s the error message if any ?

HOWTO get Eduroam working

Some univeristies use a WLan called EduROAM.
http://www.eduroam.org/
But somehow HTC HD2 cant connect to it.Seems like a personal certificate is the problem.
Has anyone got this working on HD2 ?
It works on Nokia phones running Windows mobile 6.5
you need to download one of the latest version of securew2 client from your uni website or the developer's website. follow instruction to set up the connection given by your uni IT department.
I'm using eduroam connection now in UCL.
Thanks for your answer.
I downloaded securew2
But I still cant get it to work.
Do you have to provide this information on your campus ?
SSID: eduroam
authentication: WPA2
kryptering: AES
EAP-typ: PEAP
authentication: MSCHAP v2
For me WPA1 works better, also AES is wrong. Then you select "Secure W2" in the drop down box not peap. SecureW2 needs to be configured as well. Your university should provide you with that info. You usually don't need the radius part with the cert! That's just to protect you from connecting to the wrong network (and thus giving them your password).
Above information about WPA2 is from my campus informationsite.
After I made some settings on "Eduroam connection" i cant change them.
As soon as push eduroam it tries to connect.
The only way to change them is to install a new rom, so that the phone is
like it was from the first time.
quart666 said:
Some univeristies use a WLan called EduROAM.
http://www.eduroam.org/
But somehow HTC HD2 cant connect to it.Seems like a personal certificate is the problem.
Has anyone got this working on HD2 ?
It works on Nokia phones running Windows mobile 6.5
Click to expand...
Click to collapse
I took my mobile to my University's IT Department and they set it up for me and it works great, I get all of my student emails directly to my mobile. Hope this helps.
bahardman said:
I took my mobile to my University's IT Department and they set it up for me and it works great, I get all of my student emails directly to my mobile. Hope this helps.
Click to expand...
Click to collapse
ROM version ?
In my case,
I download SecureW2 personal client 2.04 ce, install it on my phone via active sync.
Settings>Menu>All settings>Connection>Wifi>Wireless networks>Menu>Add new
and start configuring the settings. Different network will have different settings.
I don't think ROM version matters in this case. It should work with your device, if you got the right SecureW2 client and settings set up on your phone.
Btw, IT department or university's website should provide sufficient information for you to set up the connection.
Good luck.
The IT people cant get it to work......
They say that they cant get it to work on HD2.
Thats why I turned to you guys.
Still no luck, secureW2 keeps asking for user/pass, and yes I know its the right user/pass. A friend at work tried his username and it doesnt workl either.
If I connect to Eduroam on my pc it works, so nothing wrong with user/pass
quart666 said:
The IT people cant get it to work......
They say that they cant get it to wrok on HD2.
Thats why I turned to you guys.
Still no luck, secureW2 keeps asking for user/pass
Click to expand...
Click to collapse
You might need to get another version of secureW2 client.
I tried a secureW2 client provided by my uni and i faced the same problem as you. It kept on prompting me for username and password. I changed to another client (SecureW2_Personal_Client_204_CE), downloaded from SecureW2 forum, and it worked great!
During the installation of the client, registration is needed, i could register and install it couple of times on my phone without any problem. However, yesterday when i tried to reinstall the client after upgrading my ROM, the installation failed at the registration part. Maybe because they stop providing the free version?
I managed to get it installed on my phone again via activesync though.
Cant find that version.
I downloaded version SecureW2_Enterprise_Mobile_313_GA_TRIAL.exe
bump..
I still cant get it to work
http://www.chalmers.se/insidan/SV/arbetsredskap/it/bastjanster/eduroam
Chalmers University of Technology uses Thawte premium server certificate for authentication.
What you need to do is this, go to Thawtes website and download their certificates:
(Apparently I cannot post links, but just google for "thawte root certificate" the file is at www dot thawte dot com slash roots)
The certificate you need is located in the folder Thawte Roots\Thawte SSLWeb Server Roots\thawte Premium Server CA\Thawte Premium Server CA.cer
Download that to your HTC HD2 and install it by just clicking it in the file browser on your phone.
Then you can just follow the instructions you found at their webpage.
Hope this helps.
//a
how to connect to EDUroam
Firstly, this refers to connecting an HTC android phone (specifically the HTC Desire, but what I get from the web is that they are all much the same, these HTC android interfaces).
The problem starts when an innocent user looks for a WiFi network and finds eduroam. It then asks for not particularly relevant password information and cannot connect because the configuration of the default network setup is wrong. If you try to get the phone to forget that network it appears to do so that when you reconnect it still assumes that the connection was correctly set up. In order to get it to forget their network properly you have to enter the wrong password several times so that the phone thinks you have illegally trying to access the network. It then completely forgets.
The network discovery procedure will again come up with EDUroam, and the configuration should follow the instructions on the following website from Oxford University: <search for android eduroam oxford in Google>
In fact the names given on the HTC desire setup are slightly different. The important thing is that the EAP type should be PEAP, and the secondary type should be MSCHAPv2.
You then enter the username which will be effectively your registered e-mail address at your own institution, and then use as a password the thing eduroam calls "network access token" (16 lower case alphabetic character password generated for you if you buy your institution on request.
You then connect up and miraculously you have the connection you wish!
You should check that the connection is mobile roaming capability on your phone and checking that you really do have Internet and e-mail access as you wish through the WiFi connection directly.
I have been looking for the SecureW2 Personal Client 2.0.4 for Windows CE package (original filename: "SecureW2_Personal_Client_204_CE.zip"). I have been unable to find it and the sources given in this thread no longer exist or are no longer available.
If anyone has the file, please provide it.

Proxy Login

I have no idea what I did before this happen since I only need the service at certain places, so here goes...
I work at an airport that offers free WiFi to travelers. The WiFi is open without a key but when browsing, it redirects you to their proxy which has you click on a button that says you accept their User Agreement. Then you have full access to the Internet.
At school, the same thing. An unsecured WiFi access point, with a proxy that requires me to login with my school user id and password.
The reason I know it's the phone and not the connection, is that my Samsung Jack finds the proxy at work.
Please help,
Thanks
You never really stated what the problem was... is it not finding the proxy, or not letting you log in?
WM doesn't have proxy autoconfig script support, but Opera Mobile does. You need to type in the proxy settings yourself manually (by setting it to "Work" network). When you use the browser it should prompt you for credentials automatically.
Talk about rambling without saying anything at all...
My problem is finding the proxy server. Both IE and Opera found it. Once I get to the page, accepting the agreement and logging on worked fine. I never had to manually configure proxy settings when it did work.
I hope when I am able to get to the page I won't have that problem too.
Thanks
I figured it out. I remembered that I had installed Lookout Mobile Security and checked the Firewall settings. I disabled it and it worked.
Is a security app really necessary on a mobile?
I've never found the need for AV/Firewall software on a mobile (didn't even know firewalls for WinMo existed!)
There are very, very few WinMo viruses around and I've never got one. Then again, I've never got a Windows (PC) virus either... as long as you don't install suspicious software then you should be fine.

Vibrant Wifi problem (Clean Access)

I have a stock Samsung Vibrant. It connects to my home wifi network just fine and is very fast.
At my school we have to register the mac address' of devices we have on their Clean Access servers. I have registered many devices that work fine.
I registered the mac address of my Vibrant, and it can connect to the wifi, but it will not load a web page. Does anyone have any idea of what is wrong.
I also registered my roommates Vibrant. His does not work either.
I work at the Schools Tech Support so I have access to register and edit my phone on their Clean Access servers.
Does anyone have any solutions?
are you using WPA/WPAv2 or WEP + RADIUS authentication? Does your vibrant obtain an IP address successfully? Can you ping the default router?
The wifi that works at my apartment is WPA2.
The wifi at school is an open network. I can fully connect to their wifi.
Status Connected
Speed 48Mbps
Signal Strength Good
Security Open
IP address (a real IP address)
Im going out on a limb here. I am going to say its the Clean access and your "open network". I assume on your schools computer you use your student ID and some password. Your phone would need the same thing if that is the case. I know at my school, iphones are the only phones that can access our clean access. If its not the case then i am sorry.
my school runs clean access and it works fine. but they have two networks a guest and a login. i use the guest cause i don't want to waste the time to login. but i can try it on monday. typically with linux (i.e. android) you have a web portal and have to agree to some antivirus bs by clicking a button and that's it (and login for the non guest network). one thing i have noticed, though, is that typically i have to turn wifi on, connect to the network, try to load a page, it doesn't work, then i turn wifi off then immediately back on and try to load a page and it takes me to the login/terms portal page.
GTASouthPark said:
The wifi that works at my apartment is WPA2.
The wifi at school is an open network. I can fully connect to their wifi.
Status Connected
Speed 48Mbps
Signal Strength Good
Security Open
IP address 140.209.21.68
Click to expand...
Click to collapse
You should remove the IP from post. Anyways, it seems like the handshake is good. Note down the address of redirected terms and conditions page you get when trying to go online from a laptop. Then enter the same address in vibrant's browser once you are connected through Wifi ( or set it as homepage) and see if that lets it through.
Probably an issue with Android's lack of native NTLM support. AFAIK this is still unresolved. Have you tried using Fennec rather than the stock browser? I've heard you can authenticate properly using it.
Siks said:
Probably an issue with Android's lack of native NTLM support. AFAIK this is still unresolved. Have you tried using Fennec rather than the stock browser? I've heard you can authenticate properly using it.
Click to expand...
Click to collapse
interesting. i use dolphin hd and it works for the clean access web authentication page.
Could be, if your school does not have a guest account login for devices, that you are getting on the segregated network because CA cannot verify the "cleanliness" of your device. When I setup CA it verified patch levels and such on the non-guest network, so unless CA comes out with a Android client/access list, it may not work.
watcher64 said:
Could be, if your school does not have a guest account login for devices, that you are getting on the segregated network because CA cannot verify the "cleanliness" of your device. When I setup CA it verified patch levels and such on the non-guest network, so unless CA comes out with a Android client/access list, it may not work.
Click to expand...
Click to collapse
except then it wouldn't allow osx or linux. clean access requires an app for windows to verify service pack and av and whatever, but for linux and osx it doesn't. it wouldn't be able to (at least for linux).
funeralthirst said:
except then it wouldn't allow osx or linux. clean access requires an app for windows to verify service pack and av and whatever, but for linux and osx it doesn't. it wouldn't be able to (at least for linux).
Click to expand...
Click to collapse
That is correct but it can ID the operating system and has exceptions for those flavors ...
Hey it's me again.
I don't think it's an android thing because I had my G1 on the servers.
Normally what happens if you aren't registered on Clean Access is, if you open a web browser, you will be automatically redirected to an authentication page where you put in your school ID and password. This would work fine and allow me to get on the wifi, but it never came up on the web browser, it just tries to load the page for awhile and goes to a 'Page cannot be displayed' page.
Also I have tried using different browsers, including Dolphin HD.
If I can just get to the authentication page even it will be fine, I could work with that.
Also the school does have a guest login, but you have to get to the authentication page, and I wouldnt want guest access since it limits time, bandwidth, and features.
That is exactly what I said my last reply...Try putting https infront of your authentication URL, and make sure the java-script etc. is on in your browser...Try clearing cache and hit refresh as well. Also, see what happens if you set that URL as homepage...
GTASouthPark said:
Hey it's me again.
I don't think it's an android thing because I had my G1 on the servers.
Normally what happens if you aren't registered on Clean Access is, if you open a web browser, you will be automatically redirected to an authentication page where you put in your school ID and password. This would work fine and allow me to get on the wifi, but it never came up on the web browser, it just tries to load the page for awhile and goes to a 'Page cannot be displayed' page.
Also I have tried using different browsers, including Dolphin HD.
If I can just get to the authentication page even it will be fine, I could work with that.
Also the school does have a guest login, but you have to get to the authentication page, and I wouldnt want guest access since it limits time, bandwidth, and features.
Click to expand...
Click to collapse
did you try turning on wifi, wait for it to connect, try to load a page (any page because it will redirect you), wait for it to time out, pull down the notification bar, turn wifi off, turn it back on and then reload the page? i know it sounds dumb, but this is the only way i've got it to work at my school and it works every time...
watcher64 said:
That is correct but it can ID the operating system and has exceptions for those flavors ...
Click to expand...
Click to collapse
to what flavors? i'm guessing android will show as linux since it's based off a linux kernel. more than likely it checks for windows, and if false goes to the default linux/osx page because to clean access those aren't threat os's.
VICosPhi said:
That is exactly what I said my last reply...Try putting https infront of your authentication URL, and make sure the java-script etc. is on in your browser...Try clearing cache and hit refresh as well. Also, see what happens if you set that URL as homepage...
Click to expand...
Click to collapse
they don't have the authentication URL on their homepage so I don't know what it is, it should automatically redirect me to it.
Also when I connect to wifi, try to load a page, let it time out, turn off wifi, turn it back on and connect again, and then refresh the page.. nothing happens it times out again.
Ok so I did find out the authentication page URL. Typed it into my phone. I had high hopes when a page saying "You are being redirected to the network authentication page. If you are not redirected automatically, then please click HERE".
Anyway it did redirect me, to a "Web page not available"... etc.
In the default browser it gave me the error... "Data connectivity problem. A secure connection could not be established". umm wtf?
Can you communicate with other protocols/ports? I used to be able to exploit a bug with our school's CCA servers where I could just connect unauthenticated and use SSH. (Maybe it was a feature?)
I can't use any other web protocols.
Bump. Okay. I've figured out how to do this . '
it's a t mobile vibrant either kernel or rom problem. My phone connected the very first time I tried to use it at an argosy site, then never ever ever again.
so. I used wifi manager to find out what the ip, gateway, subnet mask, and dns 1 and 2 were. I went to settings, wifi, options key to go to advanced options, from there selected static ip and entered all the info I gathered
bam! ! Connected every time.
Oh and btw, the reason I say its a tmobile vibrant rom or kernel problem is that on fusion, Eugene's and bionix final, I was able to connect right away, every time . And on my f friends att fascinate and verizon captivate, they never had to enter the static ip like I did. They connected right away every time . Yet everyone I know that had s vibrant kept having the same proble. m i did .
Tmobile. What a piece of ****. Anyway I figured nobody had this figured out so I'd jump in.
Hope this helps out some people. GL

[HOWTO] Use VPN with your Android & Home Router

This is a simple tutorial to allow you to connect to the internet using VPN through your home router.
:NOTE: At present, the steps here are sparse. They assume some technical capability to set things up yourself, this is just kindof a guide as to WHAT you'll need to setup.
Why, you ask? Security. Using a VPN will essentially encrypt your communications though a tunnel back to your home computer. Not going into all that here, basically a simple guide. I assume we're all smart here, so the basics.
Prerequisites
1. DD-WRT V24 Capable router. If you don't have this, then you will need to instead use a different method involving installing software on your PC that I won't cover here. The advantage of the DD-WRT router is ease of setup on the router, and not having to have your computer turned on.
2) Capable Android Phone & Provider. I can't troubleshoot your ROM or provider. Some Android Roms don't support VPN, and it's broken in some. Some providers apparently block it. If your Rom is good and your provider doesn't block it, you're golden. In some cases (such as on the G2X) custom kernels (such as Faux123's) will add the necessary TUN support. Or you may need to add a TUN.KO file if it doesn't... again, device specific, refer to appropriate device forums.
3) If you don't have a static IP (I assume you don't) you'll need a dynamic DNS provider compatible with DD-WRT. I prefer freedns.afraid.org, but you can use any o these: dyndns.org, zoneedit.com, No-Ip.com, 3322.org, easydns.com tzo.com or dynsip.org.
Got all that? Great!
Okay, here's the fun bit.
STEP 1
First, you need to hack your router. It's a LOT like rooting your Android phone. How to do it is BEYOND the scope of what I can write here, but what you need to do is visit http://www.dd-wrt.com and have a look around. Or, you can actually purchase routers with DD-WRT pre-installed. Basically you have to flash a custom ROM onto your router. It needs to support VPN, and be at least version "v24 SP1". Older versions may have a DIFFERENT VPN setup that's not as easy. Don't say I didn't warn you. I flashed the full-featured VOIP version to my router, a Buffalo WHR-G54S.
Unlocking (if necessary) and flashing your router with DD-WRT is a topic as broad as rooting/flashing Android - so I can't help you here. But once it is done, you are ready for....
STEP 2
Setup your dynamic DNS provider. I used http://freedns.afraid.org/ to do this. Basically you go to the site and sign up for the free "subdomain" services. You can pick a name that will be on a number of different domains, such as "us.to", where you could maybe pick something like "kick.us.to" if it isn't taken yet. All that matters is you remember the name.
Next, in DD-WRT, go to the Setup->DDNS tab and select the proper DDNS service and enter the information it asks for -- your service used, username, password and hostname usually. You can usually leave update interval at the default, and normally you don't need to use external IP check.
NOTE: You need to make sure you are not "Double NAT-ed".. this means two routers stacked is a nono. If you have a router connected to a cable/dsl router (instead of a cable/dsl modem), then it needs to be set to BRIDGE mode. Again.. complicated and really a topic best dealt with on its own.
Once you've setup your Dynamic DNS, you're well on your way. You can actually use that hostname for all sorts of things, such as always being able to get Audiogalaxy to connect to the right host without having to know a numeric IP that could change.
STEP 3
You're on a roll... Now, time to setup the VPN in the router. This is done under the Services->VPN tab. If that tab doesn't exist, then you got the wrong version of DD-WRT and need to go back to Step 1.
Enable PPTP Server, Broadcast Support, MPPE Encryption. Under Server IP enter your ROUTER's IP address (usually 192.168.1.1, or whatever you use to connect to your router). Under Client IP's, enter the range of clients on your local network in the format: 192.168.1.100-149 (where 100-149 represents possible IP addresses I've set in DD-WRT for my LAN)... this doesn't seem as important since we'll be connecting from outside.. Just do it.
Under CHAP-Secrets enter in your preferred username and password in the format:
username * password *
that is, the username, a space, *, a space, the password, a space and then *
Save and apply settings. (You need to click both SAVE and APPLY, DD-WRT is weird like this)
STEP 4
Back to Android! Yay! This part of the procedure may vary by phone, but this is how it is on my Gingerbread T-Mobile G2X with faux123's kernel.
Goto Settings->Wireless & Networks->VPN Settings->Add VPN->Add PPTP VPN
VPN Name=whatever you want
VPN server= your dynamic IP name you selected in Step 2
Enable encryption = Yes
now, hit Menu->Save
You should now see your VPN listed under VPNs. Click on it, and select CONNECT. Type in your username and password you selected at the end of Step 3.
It should connect. CONGRATULATIONS!
You should also have a notification in your taskbar that will now let you disconnect from the VPN.
STEP 5
Enjoy! .. wait, what? It didn't work? It did for me!!!
I guess.... ask questions here, or if it appears to be a phone issue, ask in your device's appropriate forum (and link to this thread so people know what guide you're following)
And, if anybody reading this is a better expert in setting this stuff up than I am, feel free to critique/laugh/criticize/constructively comment on this little howto and I'll correct anything I Rick Perry'd.
Nice tutorial! Would have been better if you also included more details in hacking our router
DroidVPN said:
Nice tutorial! Would have been better if you also included more details in hacking our router
Click to expand...
Click to collapse
I would have, but like I said, that's a topic as big as phone hacking itself. Every model of router is going to be different! There may be models that support VPN in the router as well without DD-WRT, but I'm not familiar with that setup.
DD-WRT's website has a pretty huge forum on what routers are compatible and how to set it all up.
The optimal speed can be achieved by the compression of traffic and by minimizing server loads. Web acceleration will enable you bring about a drastic improvement in the web page response time. This kind of acceleration usually come in lesser costs and offers the best web application performance.
So Wat does this do? Keeps u secured from the eyes of the ISP?.. harder for others to hack u?...
Sent from my HTC Desire using xda premium
evilgenius00 said:
So Wat does this do? Keeps u secured from the eyes of the ISP?.. harder for others to hack u?...
Sent from my HTC Desire using xda premium
Click to expand...
Click to collapse
lotherius said:
Security. Using a VPN will essentially encrypt your communications though a tunnel back to your home computer.
Click to expand...
Click to collapse
Yeah, that.
...
10char.
Nice TUT, VPN working
Thanks. I mostly appreciated the idea of using afraid.org.
For some reason, Dyndns and no-ip wouldn't work with ICS as client.
thanks for this tut, keep it up
nice.. thanks for sharing
The cool thing is, once you start hacking your router, you open up all sorts of fun. Like using a virtual wireless network to bridge the open wifi network that gets 1 bar of signal in one little corner of your apartment to be a full strength WPA protected network with your own SSID and subnet that all of your devices can use ... not like I would do such a thing. Now, I *am* a bit afraid to try to set up a VPN on the bridged virtual network..... that could get complicated.
Will this also work with OpenDNS?
Already running DDWRT v24 on WRT600N, and trying to figure this VPN stuff to connect my Atrix running CM10. Thanks for any help
katinatez said:
Will this also work with OpenDNS?
Already running DDWRT v24 on WRT600N, and trying to figure this VPN stuff to connect my Atrix running CM10. Thanks for any help
Click to expand...
Click to collapse
Any service which gives you a stable hostname to the outside network should work.
If you have a higher end router that supports the mega builds (8MB flash), then you can opt for OpenVPN which is more secure than PPTP. Setup is more complicated though.
australix said:
If you have a higher end router that supports the mega builds (8MB flash), then you can opt for OpenVPN which is more secure than PPTP. Setup is more complicated though.
Click to expand...
Click to collapse
Still using a (now antiquated) Buffalo WHR-G54S which has 4MB flash and 16MB Ram... so while it has a lot of features, OpenVPN is lacking... so I can't test that method personally.
This Buffalo is the best router I've ever owned, though. I still can do without gigabit or N networking, so I'm not upgrading. I went through 5 or 6 bad routers (even a Linksys WRT-54G that crashed constantly) before I got this one.
Thanks for all the info here. I've deleted the post because I think my issue is with something else.
Thanks..
p
very...helpfull..!!!
Very easy guide! Thanks!
455
nice cool...
bumpin this because i have a question regarding this, i just set this up and it works great
there are mainly two types of auth vpn servers use, certificate authentication and username/password
i tried to set up password one, and you still need the server public certificate along with username/password, but you don't need client public and private keys unlike with cert auth.
now, i placed the server key, ca.crt, on my internal storage and together with username/password, works great, my concern is security of this file. this file needs to be accessible right, so you can't put it in /etc or /system, having it in internal storage, any app with storage permission can read it... isn't this a security risk? how is this solved? where do i put the file?
thanks
edit: also, how do i *prevent* network traffic without vpn? i know there is always on option and start on boot, but i did, and when the boot finnishes there is a brief moment when the phone connects on mobile network just before initializing vpn and in that brief moment android probably sends all sorts of passwords and data through the network ... how do i delay this until vpn is initialized?

Categories

Resources