I am sure this is some where in this forum which I am just missing. I have spent 6 months searching for what seems to be a common issue by design. That is a solution to setup LAN Proxy Servers, specifically authenticated ones. I've found nothing that is a good fix, the best has been to setup an pass through proxy on a local workstation and then set your Gateway as that machine. The only issue with that is anyone on the network could do the same and all traffic would be logged as me. I work in the IT department so I could do so pretty easily, but that isn't a solution for other people on our network.
Is there anyone that has come up with a good solution, setting method or app to solve this?
If not something to think about is create an app that is a proxy server on the phone (so it acts as the local workstation) in the above example.
Better yet if it was just apart of the WiFi settings (and if you could set them per SSID), but that is probably more of a Google/OS thing.
Thanks,
John
Related
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Unfortunately there is no simple answer to your question. AFAIK you cant get a fixed ip on gprs, but if your using the right firewall and the right vpn host you dont need to.
I use and supply windows sbs 2003 servers and vpn into them regularly. I have also used citrix to achieve similar results. Might be a bit difficult to persuade your firms it dept to set up something like that for 1 person though.
PM me if youd like any advice.
BillyB said:
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Click to expand...
Click to collapse
Hello Billy,
You ask a good question, but the answer isn't simple. Most carriers do have two types of APN (Access Point Name) provision for your SIM: "private" APN (which provides a non-routable IP assignment from behind a NAT, for basic browsing and e-mail functionality) and "public" APN (that provides a routable IP assignment, which is the Minimum Requirement for a more sophisticated connection type, such as VPN, etc). However, both of them are assigned by a DHCP (Dynamic Host Configuration Protocol) Server on a GGSN (Gateway GPRS Support Node) of your particular GPRS network operator. In either case, the end result will obviously be a DYNAMIC IP address on your GPRS terminal (be it a laptop PC, a PDA, or phone)
Some carriers do offer what is called a "dedicated APN" provision, which gives the subscriber their own IP range to choose from (almost like a small subnet), but it is only available to corporate giants like Pepsi (for example).
Now, to sum it up, you must have the proper APN provisioned on your Mobile SIM account (which the provider will normally call something like a "VPN data package" in billing terms). Then, you must obviously establish a GPRS session before you can connect your VPN client (but remember that most basic VPN clients work the best). It is pretty sad to say, but Microsoft Windows-embedded VPN client on Win2k/XP Pro so far has performed the best with no quirks whatsoever. It has to be via PPTP...L2TP has also worked for me..otherwise, the fancier (and more secure) the VPN tunneling protocol, the more its likely to fail. Normally all you need for a basic MS WIndows VPN client config is the Server name (or IP address), the user name, and the password.
Hope this helps,
Let me know how it goes,
Alex
PS. PM me if you have further questions.
VPN and TS Its like pulling teeth
hi all this has got to be the most anoying problem ever. i can connect to O2 vpn access point and hence i can connect to my work vpn server. however as soon as i try to open a TS connection to my desktop (through the vpn) the VPN connection is dropped and i never connect. Can anybody tell me why? if i have a vpn connection to my work server why does TS try to make another connection and bomb out the original. Is there a fix or another way of doing this i.e. does a external IP have to be nat'd to my desktop IP on port 3389? all help greatly appreciated. Ian
Does anyone know of an app that allows your phone to become a web proxy?
Let me explain my situation... I work for a corporation that filters all their internet connections through a web proxy, which sucks cuz I can't visit any of the fun sites... one way around this I've found was to use ICS on my phone but that interferes with the default gateway on the current network.
All traffic on the network by default goes to an internal gateway on the local intranet and it really needs to stay this way because there are too many work ip's and ports to be able to statically route all of them through a specific destination and leave the default gateway as the ICS 192.168.1.1.
I have been able to create static routes to specific ip addresses (like my home computer) which override the default gateway and use ICS instead.. this is great but obviously not that great for web browsing and masking my use on the internet... what I would like to be able to do is set the HTTP proxy to my phone and have it handle all of the redirection... that would allow me to have a single route in the routing tables but span out to wherever I want on the web...
Oh, and yes, I have thought of just setting up a proxy on my home comp and routing through the phone -> home comp -> back through phone but that obviously limits me to the upstream bandwidth of my home network... which isn't TERRIBLE, and is feasible but obviously if I could eliminate the extra jump it would be much much better.
I can handle the routing tables np, they're easy to add from command-line.. problem is I need some kind of a proxy application on the phone that will handle all of the HTTP calls... anyone know of an application such as this?
Thanks
Hm can't say I know of an app that does this... it is planned for one of the upcoming releases of WMWifiRouter but that's still a while away and may give you the gateway issue again.
Chainfire said:
Hm can't say I know of an app that does this... it is planned for one of the upcoming releases of WMWifiRouter but that's still a while away and may give you the gateway issue again.
Click to expand...
Click to collapse
Ya I did more googling and still can't find anything... I just setup dante server on my linux vm at home and got a good socks proxy going.. seems to be working very well.. my upstream on cable is 80k/sec so that's not too bad I guess.
I'll keep an eye on wmwifirouter release notes though thanks
I'm an IT guy and I just got into smartphone PPCs for the first time after a long-time hiatus from PDAs when I used to be a Palm owner. After my last palm, a LifeDrive, got stolen I moved to a Moto Q wich was a big dissapointment OS wise, and I never really got into modding it or anything, just set my POP3 e-mail server and used it like that for 2 years (draw back was that I didn't have contact sync nore internal e-mail sync that got handled by my exchange server). My contract with that Q expired and I made the move to a Sprint Mogul with WM 6.1 Pro and I'm NEVER LOOKING BACK!!!
Anyways, enough about me, this is my first contribution so I wanted to do the little intro.
I had searched around a bit about how to get ActiveSync to sync my company's Exchange server through PPTP VPN (we don't have it published with a certificate for an actual push config) but all I found was info on how to setup the VPN itself, being an IT guy that was like pointing out the obvious to me as I had already got that running and connecting but couldn't get anything but the OWA site opening in IE and Opera.
Basically what I figured out was that I had to program a work URL exception in the Connections control panel under the Advanced tab. There I added my exchange server's IP address as a URL and used that IP to program the server under ActiveSync with all the usual credentials. I can't configure it to receive as items arrive, instead I had to let the configuration run on a 10 minute schedule. Every time the schedule is up I see the VPN connecting pop up and it syncs PERFECTLY and disconnects the VPN. (It doesn't turn on my screen each time, it just pops up if I'm using it; but that pop up can be turned off if it gets to annoying).
I don't know if anyone else knew about this but I though I'd share this info as I searched for a few days and found nothing, ended up figuring this out myself. If this is new info I'll post more detailed configuration information for those who desire it.
BTW, this is working over the Data Plan and WiFi as well.
Wow. your a god...
I been trying to figure why it kept disconnecting the vpn when it synced up.
Adding the work url exception works perfect...
(Im using WM6.1 on a Samsung Omnia)
Many Many thanks!
No problem dude! I'm surprised no one else has really found this helpful. Glad I could help!
BTW, those exceptions work very well for internal web sites as well. I use it to log in to web-based management consoles such as Symantec's Mail Security for Exchange, Symantec Endpoint, basically if you got an internal website of some sort you can access it through VPN using a Work URL Exception.
I was looking for this info too, i would like more detailed configuration information about this.
Thanx in advance...
Roland hendriks
What part of the configuration are you having trouble with? Configuring the VPN, the Exchange Server or the URL Exception?
Thanks
I personally am thankful for your information. Even if none of the other 1000s of readers out there say anything...
Thank you for sharing your knowledge.
Tim
Glad I could help! I know I broke my head over this one during the first week of me having a WM phone. I figured it out thanks to the Fdc Soft Task Manager using the Netstat utility. It let me know exactly what the network stack of the phone was trying to do and the URL exclussion I just stumbled upon and reading what the page said it lead me to believe that it might be a routing table for configured "WORK" connections. And it worked.
During the past month or two of using my exchange like this and switching around ROMs and cooking my own ones now I've noticed that having TCP Data Reconnect and Transmission Retry settings in your registry set to high will cause Active Sync to take a long ass time for it to actually route communications through the VPN connection. I noticed this after using custom ROMs wich some have these settings increased to ensure communications go through but they raise connection timeouts way to much. On my own custom ROM I've set these to defaults (2 and 4 respectively) and Active Sync only takes about 1 minute to start syncing onces you hit sync while you wait for it to dial the cellular line and the VPN.
you talk about the vpn..
i think you are in the very small percentage of ppl who can get that to work.
i have the activesync set to manual and have tried the vpn type to both IPSec/L2TP and PPTP
w/o success..i always get a UN PW error which i know cant be so..
i set the host ip to what was shown from "whatsmyip"..
searching for quite awhile, i see thousands of ppl who cant get it to work and have
never found a reliable method that works for anyone but the person who posted it.
if you could back track a little and post how to do it, there are probly
thousands of ppl who would find it very useful and really appreciate it.
thanx
Well one thing is how to setup a WM device's VPN client to connect to your VPN server and another is actually configuring your VPN server. Do you have a working VPN setup in your corporate network already? This usually is setup by having a static IP assigned to your corporate internet connection and a firewall configured to allow VPN access with all the necessary traffic and authentication routes.
If you don't have a static IP in your office and use a lower cost DSL or Cable connection you aren't SOL, for these types of connections you can use a service like dyndns.org to dynamically upadate your dynamic IP into a static dns name like: mycompany.dyndns.org for example. This requires you to setup your firewall or ISP modem to communicate with dyndns.org to report the changes. Most firewalls come with this funcionality already built-in, but most of them also call them by different names so you'd have to look up your equipment's documentation on how to report a dynamic dns service.
I would be happy to help you setup your VPN correctly but its more practicall for me to help you setup a checklist on which type of VPN you want to setup (IPSec or PPTP) and what your corporate network's infrastructure looks like and let you know what to look for in google; there is PLENTY of very helpful information on the web on how to setup VPN but first you have to know what you need and how you are going to achieve it and then you'll know what to look for.
Each setup is very particular to the customer's needs and the network infrastructure that is setup and how much security you want to use (IPSec is a naturally secured VPN tunnel protocol while PPTP is not secured by nature but can be secured with a Radius server in your DMZ validating authentication in an encruypted manner to your Active Directory service).
What I posted above will work for an already existing and working PPTP VPN connection wich I already had running for years in my office and I regularly use with my laptop to connect to my exchange server while on the road or at home. What I posted above is what is need to get your WM device to connect to an already functioning PPTP VPN server.
Hope this helps. And if I'm to help you make a checklist I need a lot of information:
Type of ISP (static IP or dynamic IP)
Type/Brand of firewall device
How the devices are connected together (dumb modem or internet router from your ISP to your firewall's WAN port or a full blown router provided by your ISP wich is patched into your firewall's WAN port)
Internal network configuration (both AD and Exchange on same server (SBS) or separated)
What amount of security you are looking for.
Send me some PMs and maybe I could at least point you in the right direction.
nttdemented: I'm doing the PPTP shuffle at the moment, and wanted to pick your brains..
The basic connection is running fine - e.g. when I add 192.168.0.1 as an Exception and go to http://192.168.0.1 in Pocket IE the VPN fires up and I see the page just fine.
I've also added '10.6.1.8' as an exception, but if I go to that address in PIE, I don't see any network activity (using ethereal/tcpdump) on the 'ppp0' server interface (I use Ubuntu server's pptpd) ...
Can I assume that your Exchange server is hosted on the same machine as your PPTP server? Some MS SBS or similar?
Even if I configure an http proxy (on the 192.168.0.1 IP) I see no activity when I try the 10.6.1.8 address. :/
thanks so much!!
that i didn't find/read about the "exceptions" option in WM before...
Somehow, when i got my phone, i got it to work without this workaround, it just worked, out of the box, no exception setting required. (VPN settings + exchange server location were enough)
But yesterday, from the one moment to the next, it suddenly stopped working.
In my efforts to get it to work again i deleted the exchange settings, but doing that, I deleted all my contacts and my agenda! I was in big trouble because I really needed those , but after reading your post, i got it working again! my phone is synching "as we speak" and i'm very happy!
don't know how it worked before, don't know why it stopped working, all I know is, it's working now!
you made my day
Good to know!
Cheers!
I've since stopped using this method as we got around to publishing our Exchange server with an SSL certificate so I'm actually using SSL enabled ActiveSync push on my phone now.
Excuse me but perhaps you can help me too.
My problem is that I can get/sync my mails using WIFI.
If I connect thru GPRS, y go to send/receive and I get all the mails. If I'm on my office and connect thru WIFI to the work net I also get all the mails from the exchange server.
The problem is when I'm outside my office and connect to other wifi net and try to sync my mails. I have an HTC TOUCH CRUISE with WM 6.1 original from HTC without any flash.
Thanks in advance.
VPN connection doesn't always connect for ActiveSync synchronization?
I have had ActiveSync working with an Exchange server over a PPTP VPN connection for years now, but there has been one nagging issue I can't figure out. For the most part it works, but sometimes when ActiveSync tries to sync it will not make the VPN connection. There is only one connection listed when I tap on the icon on the notification bar - the phone's data connection. So in activesync, the icon with the arrows spins for a while but nothing synchronizes. I think it ends up saying "waiting for network" or something like that. It seems to always work when I manually hit "sync", but sometimes it fails on scheduled synchronizations.
Any idea why this happens sometimes?
oh...cheers...got my brain back...
The exceptions rule has almost fixed mine now. I'm getting mail but not through Activesync (just sits waiting for network).
Hello,
If I connect via wap.cingular (my account cannot connect on isp.cingular) I am having major issues using outlook web access, rapidshare, and a few other web apps. this is apparently due to ATT rolling my IP address every few seconds.
If I go on my phone (HTC FUZE/RAPHAEL) to http://whatismyip.com/ and refresh the page a few times, I get a different IP almost every time. it is always in the same subnet, so far (only the last numbers change ie, aaa.bbb.ccc.xxx, where xxx changes all the time, and a, b, and c, don't).
I use a huge load of data. Have they put me on some blacklist because I stream media all the time? This actually doesn't affect streaming media, but it screws up legitimate work usage.
Is there some keepalive utility I could use that would fix this as a countermeasure? Is anyone else running into this, or am I just special?
Thanks in advance for your help
wwwes said:
Hello,
If I connect via wap.cingular (my account cannot connect on isp.cingular) I am having major issues using outlook web access, rapidshare, and a few other web apps. this is apparently due to ATT rolling my IP address every few seconds.
If I go on my phone (HTC FUZE/RAPHAEL) to http://whatismyip.com/ and refresh the page a few times, I get a different IP almost every time. it is always in the same subnet, so far (only the last numbers change ie, aaa.bbb.ccc.xxx, where xxx changes all the time, and a, b, and c, don't).
I use a huge load of data. Have they put me on some blacklist because I stream media all the time? This actually doesn't affect streaming media, but it screws up legitimate work usage.
Is there some keepalive utility I could use that would fix this as a countermeasure? Is anyone else running into this, or am I just special?
Thanks in advance for your help
Click to expand...
Click to collapse
I'll plead ignorance on this, but I always switch off the proxy for the media net and get great usage for doing that. I don't know if you have tried it yet, but here is what I do.
Start/settings/connections/connections
Once it brings up the page, click advanced on the bottom.
Select networks
I use media net for both drop down. Click on edit. Select Proxy Settings on the bottom. Uncheck this network uses a proxy server to connect to the internet.
If you cannot get to the edit because it is not available, all you need to do is install the HTC Connection Setup and run it. Soft reset and the settings are available. It just rewrites the information but undoes what AT&T did to the phone.
Hope this helps.
Thanks for the reply.
I also use media net without the proxy. I only have issues with timeouts on my outlook web access server, and sites like rapidshare that make you wait 30 seconds to download a file and then complain of session timeouts.
With the proxy I get an IP address range in the 162.xxx.xxx.xxx family, which interestingly enough whois reports to be a verizon dsl modem address.
Without the proxy I get an IP address range in the 32.xxx.xxx.xxx family, which is ATT.
Either way, the address rolls every few seconds.
one workaround I have found is that Opera mini apparently uses an opera-run proxy server to access the internet, and opera mini does not have this logout issue on my outlook web access server even when the IP address rolls, since the proxy is not changing.
I believe the ISP.cingular APN would also fix this issue, but I have yet to find anyone at ATT willing to add it to my account so I can try it out, since they sell it with a tethering plan as an extra feature. I would have to convince my employer to add this to my plan, which is not likely.
I have no idea what I did before this happen since I only need the service at certain places, so here goes...
I work at an airport that offers free WiFi to travelers. The WiFi is open without a key but when browsing, it redirects you to their proxy which has you click on a button that says you accept their User Agreement. Then you have full access to the Internet.
At school, the same thing. An unsecured WiFi access point, with a proxy that requires me to login with my school user id and password.
The reason I know it's the phone and not the connection, is that my Samsung Jack finds the proxy at work.
Please help,
Thanks
You never really stated what the problem was... is it not finding the proxy, or not letting you log in?
WM doesn't have proxy autoconfig script support, but Opera Mobile does. You need to type in the proxy settings yourself manually (by setting it to "Work" network). When you use the browser it should prompt you for credentials automatically.
Talk about rambling without saying anything at all...
My problem is finding the proxy server. Both IE and Opera found it. Once I get to the page, accepting the agreement and logging on worked fine. I never had to manually configure proxy settings when it did work.
I hope when I am able to get to the page I won't have that problem too.
Thanks
I figured it out. I remembered that I had installed Lookout Mobile Security and checked the Firewall settings. I disabled it and it worked.
Is a security app really necessary on a mobile?
I've never found the need for AV/Firewall software on a mobile (didn't even know firewalls for WinMo existed!)
There are very, very few WinMo viruses around and I've never got one. Then again, I've never got a Windows (PC) virus either... as long as you don't install suspicious software then you should be fine.