After rooting the HTC Magic of my country, some users are experiencing some weird issues using 1.6 (donut) based rom's...
If they try to enter to a secure site (a bank or any https site) they get the next message:
Data connectivity problem: A Secure connection could not be established
But the weirdest thing is that on any 1.5 rom they can get into secure sites...
So... I hope anybody can give me a hint on what to do about this...
Thanks in advance...
Pretty old this thread.
I'm experiencing the same problem since I run SuperD in the version 1.10.3 and 1.11
What I want to do is logging into the Rapidshare Premium Zone.
Finally the connection resets and the browser complains about "A secure connection could not be established".
It doesn't even work when I add every single SSL server certificate from the certificate chain to cacerts.bks.
The only side effect is, that my downloads from the Google Market won't work anymore after manually trusting these certs.
Related
Well I searched the forums all over the interweb for a week now, and did not find an answer so I post.
I live in China and as part of the Expat Survival Kit I run an OpenVPN service to solve my facebooktwitteryoutoube problems. The provider is strongvpn.com, or other name reliablehosting.com - reliable, they are, and responsive and helpful and everything.
The VPN uses a San Francisco server, so anytime I fire it up on my PC, I have a USA IP, and can access Youtube, Facebook, Twitter, Pandora et al. Bingo.
I struggled days to hack this connection on my Hero, and finally managed, it works, it connects. Apparently.
Now here is the hick:
- I connect on the Hero with TunnelDroid, using my original StrongVPN config file. It takes some time, but usually connects, either WiFi and Edge.
- I check my external IP, it's the good old Frisco one, I seem good to go
- I can surf sites like e.g. Amnesty International, impossible without VPN. I can use Pandora, so definitely I have US IP. Eventually if there is an embedded Youtube vid somewhere, I even can see and try to start it (although it's dead slow)!
- But, none of the social integration features work. I can not log in into twitter, facebook etc, and when I try to visit those sites with the browser, I have the same result as without VPN, nada. Timeout, service unavailable, technical problem, you name it
Now, if there is any developer / network or VPN expert / GFW operator / Google guru around... I really want to understand exactly what the problem can be - that would help some fellow Hero owners here in China
I changed the "hosts" file that I found on some forums... I tried to boost the process with some web proxy... Tried everything - nothing works.
How is it possible that I'm behind a VPN, I have American IP reported by any software you can imagine, and still I'm blocked, while everything works fine on the PC with the same VPN connection???
I can live without these apps and sites on my Hero...but can not live without finding out the truth
你有没有把DNS设置成OpenDNS的地址或者GooglePublicDNS的地址?
GFW好像会返回伪造的ip,纵然你有US的IP也无法访问一个假的IP,对吧
Ok,if you're hard to read Chinese...
Use a OpenDNS address or Google Public DNS address instead of ISP's,All of those DNS server are GFWed.They'll reply a fake ip address of Youtube.
Not working
Thanks,
I tried this way, but still no result.
How can ANY filter get through an 1024-bit secured openVPN connection anyway????
And on the PC, the same connection works flawlessly...
Is there any routetable or something like that?a modified hosts?some ROMs will do that.
a VPN connection will route all of your data in normal,but if you set a routetable,some special URL will not pass the VPN,
check them or flash a foreign ROM instead and try again.
Good luck
AFAIK the standard Hero kernel does not come with the tun.ko driver (which is necessary to capture the outgoing traffic and redirect it to the tunnel). Did you install a custom kernel, too? E.g. newer MoDaCo images have it by default.
I did nearly everything...modified hosts. Running MoDaCo 3.0 with newest 1.9 Tekn. kernel. Installed the openvpn binaries. And the connection WORKS, just not for everything...
Anybody in China who can use the social networking features on the Hero?
Ps: the reoutetable, I don't really know where to look it for...
I don't know the answer, but you can debug it yourself with a computer and wireless access point:
Hero <--wifi--> AP <--ethernet--> Computer running packet sniffer <--Internet-->
A few comments:
Don't consider Pandora as proof of a US IP. Better check on a website that gives actual info about your location.
The comments about OpenDNS and hosts files are helpful, but both assume that the wrong IPs are not already cached somewhere. Make sure all caches (DNS, browser, etc.) are flushed.
The easiest way to find out if the DNS is the problem is to do a ping to youtube.com and see if the IP range really belongs to Google or of it's a random IP elsewhere. You can use a 'whois' command or website to figure out who the IP belongs to.
Please note that OpenVPN does not encrypt at 1024-bit. 1024-bit is just the initial key length, which is unrelated to the 128-bit or 256-bit of the actual tunnel.
Btw, you don't necessarily need to use OpenVPN. Lighter protocols like PPTP and L2TP may perform better on a phone. China Unicom works well with both. China Telecom works fine with L2TP.
Greetings from Shenzhen.
open VPN
Hi,
not sure if this thread is still alive but i give it a try...
I' currently running elelinux 2.4 with [email protected] on my HTC hero and have trouble connecting to a friends VPN.
the VPN server is in Germany and it works well for my friend, who is also hosting the server. however when i try to connect the server records following:
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
and it seems that my phone is refusing the connection to the server...
any ideas?
thanks!
hero.walker said:
Hi,
not sure if this thread is still alive but i give it a try...
I' currently running elelinux 2.4 with [email protected] on my HTC hero and have trouble connecting to a friends VPN.
the VPN server is in Germany and it works well for my friend, who is also hosting the server. however when i try to connect the server records following:
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
and it seems that my phone is refusing the connection to the server...
any ideas?
thanks!
Click to expand...
Click to collapse
hi there , I don't use elelinux 2.4, but i encountered an same error with CM 7 nightly build, and I believe that is an issue of the kernel you are using for the kernel have some problem with the tun.ko moduel , here is the thread ( read from page 42 ) :
forum.cyanogenmod.com/topic/14455-cm7-discussion-of-nightlies/page__st__860
sorry , i haven't get the permission to post url here yet .
thanks for the link! seem like it does not work with my current kernel, will fash the flykernel from elelinux and try again.
Hey guys,
At my school the students have access to an open WiFi network. The internet connection is routed through a local proxy, and when we first open the web browser we are presented with an authentication page where we input username and password. Using Firefox, Chrome, or any other browser on a regular computer, this works just fine.
On my Hero however, something prevents it from working correctly. I get the authentication screen, input my username and password, I click Login, but from here nothing seems to work.
The proxy spits out a message saying something like "authentication successful, logging you on to the network", but then it says something about a DNS timeout, and that I have to restart my browser to gain internet access.
Obviously, that doesn't work. I tried once to load google.com, using its IP and it worked I think (given that the browser didn't load it from the cache). I guess the problem somehow relates to the way Android handles DNS.
My Hero is not rooted, and for various reasons I'm not planning to do it either. Running latest official ROM.
Any assistance would be greatly appreciated, as IT on my school doesn't seem to actually know anything about the authentication process.
I also have problem with secure login but in my case I can't load the securelogin page where I need to enter the user name and password.
Non android phone don't see this problem and also I don't have this problem with my android at my home with open WIFI.
I am using HTC Hero G3 with official android 1.5.
Hi, has anyone been able to make this work?
I'm also having the same experience but with my x10mp.
the browser login page is not displaying so i'm unable to use the wifi.
shameless self bump.
i have already tried 2 apps (Open Wifi Login and Browser Wifi Login) that should have solved this but did not.
can anybody help with this issue?
Some univeristies use a WLan called EduROAM.
http://www.eduroam.org/
But somehow HTC HD2 cant connect to it.Seems like a personal certificate is the problem.
Has anyone got this working on HD2 ?
It works on Nokia phones running Windows mobile 6.5
you need to download one of the latest version of securew2 client from your uni website or the developer's website. follow instruction to set up the connection given by your uni IT department.
I'm using eduroam connection now in UCL.
Thanks for your answer.
I downloaded securew2
But I still cant get it to work.
Do you have to provide this information on your campus ?
SSID: eduroam
authentication: WPA2
kryptering: AES
EAP-typ: PEAP
authentication: MSCHAP v2
For me WPA1 works better, also AES is wrong. Then you select "Secure W2" in the drop down box not peap. SecureW2 needs to be configured as well. Your university should provide you with that info. You usually don't need the radius part with the cert! That's just to protect you from connecting to the wrong network (and thus giving them your password).
Above information about WPA2 is from my campus informationsite.
After I made some settings on "Eduroam connection" i cant change them.
As soon as push eduroam it tries to connect.
The only way to change them is to install a new rom, so that the phone is
like it was from the first time.
quart666 said:
Some univeristies use a WLan called EduROAM.
http://www.eduroam.org/
But somehow HTC HD2 cant connect to it.Seems like a personal certificate is the problem.
Has anyone got this working on HD2 ?
It works on Nokia phones running Windows mobile 6.5
Click to expand...
Click to collapse
I took my mobile to my University's IT Department and they set it up for me and it works great, I get all of my student emails directly to my mobile. Hope this helps.
bahardman said:
I took my mobile to my University's IT Department and they set it up for me and it works great, I get all of my student emails directly to my mobile. Hope this helps.
Click to expand...
Click to collapse
ROM version ?
In my case,
I download SecureW2 personal client 2.04 ce, install it on my phone via active sync.
Settings>Menu>All settings>Connection>Wifi>Wireless networks>Menu>Add new
and start configuring the settings. Different network will have different settings.
I don't think ROM version matters in this case. It should work with your device, if you got the right SecureW2 client and settings set up on your phone.
Btw, IT department or university's website should provide sufficient information for you to set up the connection.
Good luck.
The IT people cant get it to work......
They say that they cant get it to work on HD2.
Thats why I turned to you guys.
Still no luck, secureW2 keeps asking for user/pass, and yes I know its the right user/pass. A friend at work tried his username and it doesnt workl either.
If I connect to Eduroam on my pc it works, so nothing wrong with user/pass
quart666 said:
The IT people cant get it to work......
They say that they cant get it to wrok on HD2.
Thats why I turned to you guys.
Still no luck, secureW2 keeps asking for user/pass
Click to expand...
Click to collapse
You might need to get another version of secureW2 client.
I tried a secureW2 client provided by my uni and i faced the same problem as you. It kept on prompting me for username and password. I changed to another client (SecureW2_Personal_Client_204_CE), downloaded from SecureW2 forum, and it worked great!
During the installation of the client, registration is needed, i could register and install it couple of times on my phone without any problem. However, yesterday when i tried to reinstall the client after upgrading my ROM, the installation failed at the registration part. Maybe because they stop providing the free version?
I managed to get it installed on my phone again via activesync though.
Cant find that version.
I downloaded version SecureW2_Enterprise_Mobile_313_GA_TRIAL.exe
bump..
I still cant get it to work
http://www.chalmers.se/insidan/SV/arbetsredskap/it/bastjanster/eduroam
Chalmers University of Technology uses Thawte premium server certificate for authentication.
What you need to do is this, go to Thawtes website and download their certificates:
(Apparently I cannot post links, but just google for "thawte root certificate" the file is at www dot thawte dot com slash roots)
The certificate you need is located in the folder Thawte Roots\Thawte SSLWeb Server Roots\thawte Premium Server CA\Thawte Premium Server CA.cer
Download that to your HTC HD2 and install it by just clicking it in the file browser on your phone.
Then you can just follow the instructions you found at their webpage.
Hope this helps.
//a
how to connect to EDUroam
Firstly, this refers to connecting an HTC android phone (specifically the HTC Desire, but what I get from the web is that they are all much the same, these HTC android interfaces).
The problem starts when an innocent user looks for a WiFi network and finds eduroam. It then asks for not particularly relevant password information and cannot connect because the configuration of the default network setup is wrong. If you try to get the phone to forget that network it appears to do so that when you reconnect it still assumes that the connection was correctly set up. In order to get it to forget their network properly you have to enter the wrong password several times so that the phone thinks you have illegally trying to access the network. It then completely forgets.
The network discovery procedure will again come up with EDUroam, and the configuration should follow the instructions on the following website from Oxford University: <search for android eduroam oxford in Google>
In fact the names given on the HTC desire setup are slightly different. The important thing is that the EAP type should be PEAP, and the secondary type should be MSCHAPv2.
You then enter the username which will be effectively your registered e-mail address at your own institution, and then use as a password the thing eduroam calls "network access token" (16 lower case alphabetic character password generated for you if you buy your institution on request.
You then connect up and miraculously you have the connection you wish!
You should check that the connection is mobile roaming capability on your phone and checking that you really do have Internet and e-mail access as you wish through the WiFi connection directly.
I have been looking for the SecureW2 Personal Client 2.0.4 for Windows CE package (original filename: "SecureW2_Personal_Client_204_CE.zip"). I have been unable to find it and the sources given in this thread no longer exist or are no longer available.
If anyone has the file, please provide it.
Hi.
I've been playing with various Android builds over the last few weeks (both NAND and SD) and have come up against the same problem with every one:
When trying to setup my work's Exchange-based push-email I get the message "unable to open connection to server" after entering the domain and server details. I know the details are correct as I can get it working every time on WinMo 6.5 but no joy with Android (and WP7 for that matter). The version of Exchange is 2003 SP2.
I've heard that there can be problems when PIN security is enforced (as it is in my case). Has anyone come across this problem before and found a solution that doesn't involve a reconfiguration of Exchange?
Thanks in advance for any help.
intgom
I have LG D800, and on certain websites I get a security warning saying "there are problems with the security certificate for this site" with options of go back, view certificate, continue.
Before I get ahead of myself the reason I want to fix this is because I want to connect to my work VPN through Junos Pulse, and I get a security certificate error there as well, and it won't allow it to connect (I can't change security options w/this app and I don't think other apps work for this vpn)
So I noticed through browsers (both native and chrome) that one some websites I get an https error through my phone and then when I try it on my computer it works fine! (the site I tried was my school's: myllu.llu.edu
For the certificate errors it says: this certificate isn't from a trusted authority. The issuing athority for myllu is listed as GeoTrust SSL CA, and for the VPN I want to connect to: VeriSign Class 3 Secure Server CA -G3.
Can anyone help me with this? I realllly would appreciate it
PS: time and date are correct on my phone, a difference was not made by getting network time, or manually inputting time and date
if you choose to trust those certificates, why don't you just go ahead and install them?