I'm attempting to use a Windows Mobile 6.1 device (HTC Diamond) for a temporary internet connection for my mail server while my broadband is down (BT cancelled my line in error and do not seem to be in any hurry to restore the service!). Initially I'm using the built-in ICS functionality..
While outgoing connections are fine I do not seem to be able to make in incoming connection. At first I thought this was due to ICS not port mapping incoming connections downstream (in a port forwarding DMZ manor) so I moved to the seemingly very good WMWiFiRouter tool and which is much more configurable in such ways, however still no joy. Further investigation using the useful website whatismyipaddress.com suggests that my connection is actually not a true connection but instead proxy'd (assumingly by Vodafone). Is this correct? If so, assumingly it is therefore impossible to make direct incoming IP connections (TCP or UDP) to devices on a mobile operators network (in my case Vodafone)?
All comments welcome!
Thanks, Simon
To reply / follow-up to my own post..
It seems this is due to a problem with Vodafone providing data connections with a private NAT’d IP address that is routed through their proxies for traffic optimization etc, and not the required (publically addressable) public IP address for incoming connections.
Please see my separate post on this wider issue: http://forum.xda-developers.com/showthread.php?t=478741
had a problem kinda like it trying to make a socket connection from 2 3 gprs devices
did'nt work unless both had static ip's which cost extre
but it worked ok if just one of them were not a 3 grps device
like a normal pc or a gprs device from another operator
Related
I'm trying to VPN using GPRS to several networks which I have access to but I can't seem to be able to VPN them with my PDA2K. I can VPN them easily with no special configuration with my XP.
My i-mate keeps trying "Connectioning XX VPN..." and then aborts after about half a minute saying to check the username and password. The username and password are correct.
I called my cellular provider and they said that I should be able to connect to a VPN only if 'UDP Encapsulation' is defined on the VPN server?!?!? Well.. What is this thing? I'm trying to connect to big corp VPN, they wouldn't even listen to 'special requests'. I tried to connect to 4 different VPNs and I could not connect to any single one of them!
I really need that VPN connection via GPRS with my PDA2K. Any help would be more than appreciated. Maybe a different client than the built in VPN client of the WM2003SE ?
Thanks in advance.
Sorci
anyone?
bump for help. this gotta be a common prob.
Your GPRS connection will be subject to some form of NAT (Network Adress Translation) through your provider. VPNs don't get along well with NAT as the firewall doing the address translation modifies the packet header after it has had it's hash value calculated by the client (in this case your PDA). The receiving firewall will reject the packet as the hash values for the (now modified) packet don't match.
UDP encapsulation gets around this by encapsulating the encrypted and authenticated (secure) packet in a UDP packet which will be happily modified by the NAT'ing firewall. The receiving firewall will decapsulate(is that even a word?) the UDP packet and process secure packet inside as normal.
James
Thanks a lot Jamz for the thorough detailed info. I appreciate it.
So what's the fix? I tried several other VPNs and was unable to access them as well.. I can't just call all these providers and make some strange requests for a 'one guy with a pda2k and a gprs connection' that wants them to change their VPNs, enabling or disabling protocols or port.
Any other solution?
sorci said:
Any other solution?
Click to expand...
Click to collapse
Are you sure you're using the built-in VPN client in Windows, and not something like a Cisco VPN client?
You could try something like the Movian VPN client (not sure this is still made). I've used this previously with a Cisco VPN and it is fully configurable to handle multiple VPN types.
I've got a similar problem. Am trying to set up a temporary GPRS connection into my work LAN (I work for myself but 2nd child due shortly so want to be able to connect in from home for a couple of weeks only). I've got MS Win2000 Server set up to accept incoming VPN connections and it works fine on a dial-up connection but refuses to authenticate my username/pasword whenever I try to get the GPRS working.
As it's only going to be used for a short period of time, I'm loathe to spend out on any specific hardware/software but if anyone's got any suggestions, I'd be grateful.
If it helps, the LAN is behind a Netgear DG834GT ADSL modem/router/firewall and VPN PPTP and IPSEC are allowing in and out on it. The server is on a static IP address in the range 192.168.99.x.
GPRS Connections and VPN
With O2 you have to aks for VON connectivity to be enabled and connect to vpn.o2.co.uk instead of mobile.o2.co.uk. (by the way you can't access the web whilst connected to the vpn.o2.co.uk AP)
I suspect that most providers have simalair requirements
Dave
Hi all,
I'm brand new to mobile / pocket pc development, I just have a few networking related questios though.
I'm implementing my own blackberry style client/server for my brand new (got it yesterday) XDA IIi.
From what I've read the IP address of a mobile connected to GPRS will change every data session, so even though it has stayed 'online' all day it may have multiple IP addresses throughout the day. How do the blackberry style systems get around this? Is this todo with the IMS / SIP protocol ?
What I'm wanting is so that the mobile phone doesn't have to send any data to the server (apart from an initial hello) and then when mails come in the server can send directly to the mobile. Obviously with changing IP addresses this is impossible unless each time the IP changes the mobile tells the server, effectively you are not really pushing any more then it's more of a poll.
Also one more question on a non-development note, do providers charge for dropped packets or are they dropped normally before their routers so they simply never see them?
BTW I will be releasing the software I'm working on when done so don't fear
Thanks
bump ?
I guess not much known about GPRS / Blackberry workings ?
You can use WAP push to get in touch with the client on a Pocket PC Phone Edition. Have a look in the Phone API at msdn. I think you'll find something there...
Thanks! Totally forgot about checking MSDN ;P
This is possible, I do something similar. But it's difficult.
The IP assigned to your device is in private address space, using NAPT to contact Internet. Therefore you cannot contact the device IP in any way.
You can however open a connection from the XDA to any host on the Internet using TCP. Once this connection is open, it will remain open indefinitely. Or about 30 minutes if no data is transferred.
Once you have an open TCP connection, you can push data down the tunnel in either direction with very low latency. It is up to you to find a suitable protocol to run over your open tunnel.
Several things also need checking:
- Send some data every few minutes to keep connection open.
- Watch for stale GPRS connections. If this happens, remake the connection.
- Packets do get lost. Ensure all packets checked, resend if needed. You can use the TCP 'ACK' packet, or use your own acknowledgement protocol.
If you get it working, it works surprisingly well.
Hope this is of some use,
Ben Clewett.
Has anyone had any success with L2TP/IPSec VPNs and Windows Mobile 5 or 6? I have no problems with getting PPTP to work but have NEVER had any success with L2TP/IPSec. I have valid Client & Server Certificates but I have never been able to get a connection; in fact the HTC Wizard I have never even attempts to make a connection (I have a sniffer on the Ethernet port my Wireless AP is connected to). I have tried using Certificates & Pre-Shared Keys but the results are the same - The Wizard never attempts to connect, with PPTP it works every time.
The Server I am using is a Windows 2003 RRAS server and I have verified with a Windows XP Client that L2TP/IPSec works.
I have asked the question before but have not had any helpful replies. I would be grateful if anyone who has set this up successfully can let me know and maybe give me a run-down of the steps you used. I am not interested in any 3rd party VPN clients, it must be the built-in one.
Thanks
Andy
Hi
Yes I have had the same issue with both the wizard and now hermes tried wm5 and wm6. I think it maybe related to NAT-T translation as am unsure from my reading weather MS supports NAT-T on the mobile end. If data session is being NATed by your provider then this may be the cause. Probably need to check the ip packets comming from the phone to see what it is sending out. Is that what you did or is the sniffer at the other end.
sebjepb said:
Hi
Yes I have had the same issue with both the wizard and now hermes tried wm5 and wm6. I think it maybe related to NAT-T translation as am unsure from my reading weather MS supports NAT-T on the mobile end. If data session is being NATed by your provider then this may be the cause. Probably need to check the ip packets comming from the phone to see what it is sending out. Is that what you did or is the sniffer at the other end.
Click to expand...
Click to collapse
It has nothing to do with NAT traversal. WM5 (and WM6 probably?) does NOT support NAT-T, however I am not attempting to get this working over NAT. As I said I have a put a sniffer on the Ethernet port my Wireless AP is connected to and my Wizard does not transmit anything when configured for L2TP/IPSec (except a DNS lookup for the VPN server name if I enter it's DNS name as opposed to it's IP address). With PPTP it works and I can happily see the packets it transmits on the sniffer.
This is really frustrating as it looks like no one has ever got this to work
I had a HP iPAQ 6365 previously with Windows Mobile 2003 and I managed to get it working on this quite easily
Andy
Andy
I now have this working on both the wizard and the hermes.
I am a bit confused with your last response as ipsec port 4500 is nat-t and is required and is being transmitted by both the wizard and hermes in my case.
My setup maybe somewhat different to yours as I have a windows sbs2003 server running isa and rras. It is sitting behind an adsl modem router connected to the internet. The data connection on my phone is edge network on the wizard and HSDPA on the Hermes. Also have tried this via WiFi as well.
Steps I used
On server side router
On adsl modem router setup forwarding udp ports 500 ipsec, 4500 nat-t and 1701 l2tp and protocol 50 IPsec ESP. I selected l2tp/ipsec from its predefined list but noticed it missed udp 1701 so added this manually.
On Server.
ISA management selected Network Configuration right click and selected Allow vpn connections. This essentially setups the ip filters to allow incomming protocols and then sets up rras for pptp and l2tp ports.
In rras configure a preshared key by right click server/properties/security tick allow custome ipsec policy... and added preshared key.
On mobile
settings/connections
My Work Network
Edit my vpn servers and added new IPsec/L2TP connection.
Works a treat hope this helps
I did notice on another forum something about disabling the phone skin but I did not have to do this.
Regards
Stephen
sebjepb said:
Andy
I now have this working on both the wizard and the hermes.
I am a bit confused with your last response as ipsec port 4500 is nat-t and is required and is being transmitted by both the wizard and hermes in my case.
My setup maybe somewhat different to yours as I have a windows sbs2003 server running isa and rras. It is sitting behind an adsl modem router connected to the internet. The data connection on my phone is edge network on the wizard and HSDPA on the Hermes. Also have tried this via WiFi as well.
Steps I used
On server side router
On adsl modem router setup forwarding udp ports 500 ipsec, 4500 nat-t and 1701 l2tp and protocol 50 IPsec ESP. I selected l2tp/ipsec from its predefined list but noticed it missed udp 1701 so added this manually.
On Server.
ISA management selected Network Configuration right click and selected Allow vpn connections. This essentially setups the ip filters to allow incomming protocols and then sets up rras for pptp and l2tp ports.
In rras configure a preshared key by right click server/properties/security tick allow custome ipsec policy... and added preshared key.
On mobile
settings/connections
My Work Network
Edit my vpn servers and added new IPsec/L2TP connection.
Works a treat hope this helps
I did notice on another forum something about disabling the phone skin but I did not have to do this.
Regards
Stephen
Click to expand...
Click to collapse
What ROM are you running on the Wizard? I am currently running a WM6 ROM but I previously used the official QTEK update (AKU 2.3 I think?) and then various WM5 AKU 3.3 ROMs. I have tested this with all of them and none have worked. If I could just see it attempt to connect I would be happy The fact is it doesn't transmit anything at all and all I see is the dialogue box on the Wizard saying 'Cannot Connect'....
With regards to NAT-T I read that the VPN Client in Windows Mobile 5 was not capable of this, I could be wrong however?
Andy
Sorry didn't have signature updated I'm running WM6 MBE on the wizard and WM6 Black on the Hermes
Ok I am still confused can you tell me exactly how you are connecting to your work network. Wifi or gprs.
Can you check also.
Under settings/connections/advanced/select networks make sure you have a separate ie different connections for the internet and private network. The Intenet settings will be your service provider grps settings.
For the private network mine is set as My Work Network. Edit this and make sure sure you do not have any modem connection listed ie we want to make sure it goes out over our existing connection and does not try to make a new connection. Make sure the vpn tab has your vpn settings as required they must be listed here and not under the Internet connection.
If you are using WiFi you must make sure the network setup is Connects to: The Internet and not set to Work. If it is work the VPN will not connect. You can not change this on the fly need to disconnect and setup again.
PM Me When you get to work given time diff I should be home. Might be able to test connection to my server at home then can check logs etc
Also use Task manger v2.7 to view netsats on phone to confirm udp ports and ip routes etc. It will show you if the phone is indeed sending should see upd ports 500 4500 and 1701 being used.
Stephen
sebjepb said:
Sorry didn't have signature updated I'm running WM6 MBE on the wizard and WM6 Black on the Hermes
Ok I am still confused can you tell me exactly how you are connecting to your work network. Wifi or gprs.
Can you check also.
Under settings/connections/advanced/select networks make sure you have a separate ie different connections for the internet and private network. The Intenet settings will be your service provider grps settings.
For the private network mine is set as My Work Network. Edit this and make sure sure you do not have any modem connection listed ie we want to make sure it goes out over our existing connection and does not try to make a new connection. Make sure the vpn tab has your vpn settings as required they must be listed here and not under the Internet connection.
If you are using WiFi you must make sure the network setup is Connects to: The Internet and not set to Work. If it is work the VPN will not connect. You can not change this on the fly need to disconnect and setup again.
PM Me When you get to work given time diff I should be home. Might be able to test connection to my server at home then can check logs etc
Also use Task manger v2.7 to view netsats on phone to confirm udp ports and ip routes etc. It will show you if the phone is indeed sending should see upd ports 500 4500 and 1701 being used.
Stephen
Click to expand...
Click to collapse
I am using WiFi, this is all in a test environment so I have full control over everything. Under Connections I have 'My ISP' and 'My Work Network' listed. 'My ISP' has a modem entry, 'My Work Network' has no modem but has a VPN listed with the IP Address of the VPN server and set to L2TP/IPSec using a certificate on the device (I have tried with pre-shared key also). The WiFi entry is configured as 'Connects to The Internet'.
I enable the WiFi and verify I have connectivity, I then go to Connections, click on My Work Network, 'Manage existing connections' select the VPN tab, hold down the stylus on the entry and click connect and I almost immediately get the dialogue box saying 'cannot connect'. If I edit the VPN entry so it is PPTP it works every time. As I said I have a sniffer on so I can see what the Wizard transmits and it when set to L2TP/IPSec it doesnt transmit anything whatsoever, with PPTP I can capture the whole conversation.
Thanks for any help you can give me.
Andy
Ok I have now also tried using certificates and your right it does not seem to sending any info at all. It might ahve something to do with checking the certificate store first I ahve had issues before with Cisco vpn and certificates you have to get the nameing and certification justs right before it even starts the connection.
So first thing lets try pre shared keys as I have got that working. I will PM you my server details if you wish to try that first.
Stephen
sebjepb said:
Ok I have now also tried using certificates and your right it does not seem to sending any info at all. It might ahve something to do with checking the certificate store first I ahve had issues before with Cisco vpn and certificates you have to get the nameing and certification justs right before it even starts the connection.
So first thing lets try pre shared keys as I have got that working. I will PM you my server details if you wish to try that first.
Stephen
Click to expand...
Click to collapse
I have just re-tested this and using a pre-shared key - same result
There is a brief flash of 'connecting' when you click connect but then the 'Cannot Connect' dialogue box appears, nothing gets transmitted. I have tried entering different IP addresses (public, private etc) just to see if it will transmit anything - it doesn't regardless of the IP address I enter.....
Andy
Andy
check your pm
Are you sure the wireless ap is actually passing the ipsec/l2tp traffic.
Working, well sort of.....
After a lot of messing around I now have this working, at least partially........
Following a soft-reset I can connect to a Wireless network OK (either a new one or one that is pre-configured), I can then connect the VPN using L2TP/IPSec. I can also manually disconnect the VPN and re-connect without any issues. However, when the wireless is disconnected (i.e. turned off from CommManager) and then re-connected the VPN will never work again, unless the Wizard is soft-reset.
Does anyone know what is likely to be causing this? some application in memory or a registry 'state' entry
Does anyone else see this behaviour?
Andy
I had exactly this with L2TP/IPSec on the MDA Vario II, but the same settings work as they should on my Athena.
ADB100 said:
After a lot of messing around I now have this working, at least partially........
Following a soft-reset I can connect to a Wireless network OK (either a new one or one that is pre-configured), I can then connect the VPN using L2TP/IPSec. I can also manually disconnect the VPN and re-connect without any issues. However, when the wireless is disconnected (i.e. turned off from CommManager) and then re-connected the VPN will never work again, unless the Wizard is soft-reset.
Does anyone know what is likely to be causing this? some application in memory or a registry 'state' entry
Does anyone else see this behaviour?
Andy
Click to expand...
Click to collapse
HI!
How can you DISCONNECT?? Do you get a "Disconnect" button or menu item somewhere??
How do you know you are connected to VPN?
Thank you,
Dmitry.
A bit late but...
I have a possible solution to the fact it doesn't send ANY traffic on a connect attempt - on my XDA mini S (HTC Wizard) it requires me to put something in the 'domain' field on the username/pwd screen before it will start the IPSec negotiation....
Now I just have to get it o complete the process with the sonicwall...
David
Revisiting this
I can't get PPTP going on my HD2. Thoughts?
bumping this message
I have tried all the usual vpn software (for 3g connectivity) the only third party software that connects is the ncp software, but I get stuck because it wont accept a challenge response grid.
Symantic - won't auth
Green something - doesn't connect
MS VPN - doesn't connect
I have been able to connect in the past with an iPhone, but without a java i can't connect to most motorola hardware devices at work so it's useless. I'm testing a G1 on 1.6 now and it fails to connect also. Going to try openvpn today sometime. MY friend has his Eris working, so I know droid OS works.
I work for a large company and switching vpn hardware is out of the question, so if anyone has a 3g resolution for winmo, I won't have to trade my HD2.
Hi,
L2TR VPN with the Windows Mobile is working !!
The trick with L2TR VPN on WM is to use: a IP address (and NOT a hostname)
Strange, because using a hostname with PPTP VPN on the Windows Mobile it works.
With the trick L2TR works perfectly.
Chris
Hello. This is my first foray into VPN on Win Mo. I can establish a PPTP connection between my Imagio (stock Win Mo 6.5 R1) and my SBS 2008 server. I can ping the server and can browse the company web page. But I am having no luck accessing file shares. I have Schaps Network Plugin installed, but it doesn't see/can't access the shares. Will switching to IpSec VPN work? If so, any guidance on how to set it up on SBS 2008.
Can anyone please recommend a UK mobile provider that offers a public IP address (and that allows incoming connections) as part of their pay-as-you-go data plan?
I use 3G dongles hanging out of branch office routers (Draytek 2800s) as a backup internet route as a contingency in the case of an ADSL line failure, and until now I thought this solution worked quite well. However towards the backend of last week the ADSL line of our main office went down (or more accurately BT decided to randomly disconnect it!) and it was only then did I discover the ‘standard’ provision from Vodafone (via their ‘public’ APN of “internet”) is a private (Vodafone) IP address that is NAT’d through their proxies – this obviously works fine for outgoing connections but not for incoming connections (ie. to our mail server from the outside world, employees accessing our intranet and webmail from home etc). Further investigations suggest such a configuration is common practise amongst mobile providers and with it seemingly being confirmed Vodafone at least do not offer any alternative provision (with the exception of either a ‘vpn only’ APN which gives you a public IP address but blocks outgoing internet routing on most non-vpn protocols).
I have seen it suggested that Three do give you a public IP address (conflicting reports suggest this to be as standard or by request f.o.c.), similarly maybe Orange too. Can anyone please confirm/deny? To clarify I do not require a static IP address, just a publically addressable IP address that accepts incoming connections (and thus not NAT’d nor proxied), and ideally as part of a PAYG / top-up style plan (as these would be unused for most of the year, hopefully..!).
Many thanks in advance,
Simon
I have enabled multiple APN's in my ROM (Vodafone UK SIM) by changing the registry entries:
Code:
HKEY_LOCAL_MACHINE\Software\OEM\RIL\OperatorContexts\23415] ;Vodafone UK
"GPRSContextNumber"=dword:3
"UMTSContextNumber"=dword:3
This allows me to have two simultaneous data connections (HSDPA/3G/GPRS). I noticed yesterday that when a voice call is made or received the 2nd data connection is disconnected and then reestablished when the call has ended. I changed each of the registry entries to 5 but the behaviour is still the same.
Is this a limitation of the ROM or the mobile contract? Is it possible to have two data connections as well as a voice call active at the same time? I use BlackBerry Connect and this keeps its data connection permanently active, if I browse the web or open another application that uses the Internet then the Vodafone GPRS connection gets established. I have now started to use Office Communicator Mobile 2007 R2 quite a lot and this uses the Internet data connection, however if a voice call is established then the OC 2007 R2 connection gets broken since the 2nd data connection is disconnected. This then screws up the presence status of OC 2007 R2.
Cheers
Andy
Solved....
I have now been moved over to Exchange ActiveSync and have removed BlackBerry Connect (thankfully..). However I am still having an issue
With BlackBerry Connect there was always a permanent data connection to the BlackBerry APN. Opening an Internet connection would cause a 2nd data connection to be made (to Vodafone APN). However if a voice call was made the Internet connection was dropped for the duration of the voice call. Now I have removed BlackBerry Connect I assumed that the data call would no longer disconnect as there is now only ever one active data connection. It seems I was wrong?
I have verified the GPRSContextNumber & UMTSContextNumber values in the registry for the Vodafone UK OperatorContexts are set to 3 (as they were previously) but the data connection is dropped when a voice call is made?
Solved it now after a bit more searching
There is a registry value that can be changed 'AllwaysOn' for each of the data connections that are configured on your device. On mine it was this:
Code:
[HKEY_LOCAL_MACHINE\Comm\ConnMgr\Providers\{7C4B7A38-5FF7-4bc1-80F6-5DA7870BB1AA}\Connections\Vodafone GPRS]
"AlwaysOn"=dword:00000001
Some of the tweak utilities allow you to change this as well.
I assume on other devices the GUID will vary as well as the name you gave the connection settings - I used Vodafone GPRS.
Cheers
Andy
Andy,
Thanks for sharing your findings!
7C4B7A38-5FF7-4bc1-80F6-5DA7870BB1AA is the default GUID for ConnMgr providers, will be the same on all devices. Connection names will vary indeed.
As regards your original problem, I think there could be several causes:
1. Concurrent PDP contexts limit in hardware, see
http://www.qualcomm.com/common/documents/white_papers/Multiple_PDP_Contexts_UMTS.pdf
2. ConnMgr is dropping insecure connection(s) when a connection to a secure network is required
I'm afraid your Internet APN may still go down when you place a phone call, however due to AlwaysOn it's reactivated instantly. Personally I never played with 2 contexts, but I've seen this behavior with AlwaysOn VPN connections.
stepw said:
Andy,
Thanks for sharing your findings!
7C4B7A38-5FF7-4bc1-80F6-5DA7870BB1AA is the default GUID for ConnMgr providers, will be the same on all devices. Connection names will vary indeed.
As regards your original problem, I think there could be several causes:
1. Concurrent PDP contexts limit in hardware, see
http://www.qualcomm.com/common/documents/white_papers/Multiple_PDP_Contexts_UMTS.pdf
2. ConnMgr is dropping insecure connection(s) when a connection to a secure network is required
I'm afraid your Internet APN may still go down when you place a phone call, however due to AlwaysOn it's reactivated instantly. Personally I never played with 2 contexts, but I've seen this behavior with AlwaysOn VPN connections.
Click to expand...
Click to collapse
What about the value under \HKLM\Software\OEM\RIL\SAPOperatorList? Can this be trusted to be my providers OperatorContext number(s)?
Rob
Rob
stepw said:
Andy,
Thanks for sharing your findings!
7C4B7A38-5FF7-4bc1-80F6-5DA7870BB1AA is the default GUID for ConnMgr providers, will be the same on all devices. Connection names will vary indeed.
As regards your original problem, I think there could be several causes:
1. Concurrent PDP contexts limit in hardware, see
http://www.qualcomm.com/common/documents/white_papers/Multiple_PDP_Contexts_UMTS.pdf
2. ConnMgr is dropping insecure connection(s) when a connection to a secure network is required
I'm afraid your Internet APN may still go down when you place a phone call, however due to AlwaysOn it's reactivated instantly. Personally I never played with 2 contexts, but I've seen this behavior with AlwaysOn VPN connections.
Click to expand...
Click to collapse
As I said it is now fixed as I only ever have a single APN connection as I have moved over to Exchange ActiveSync and have also changed the 'AllwaysOn' registry value for the default GPRS connection.
Andy