more vpn pain - Touch HD General

hi all ppl, i was wondering if anyone could help with setting up a vpn on my home.
the router/firewall that acts as a server is a netgear dg834g and I would like to connect my HD. i never get to connecting and the errors are:
- when i use ip address it asks for log & password. I haven't set up any log/pass in the router as there is NO possibility to do that! then i try to login as administrator (from the local PCs) and the error is "the remote party has ended this connection." same thing if i leave both fields blank.
- when i use the dyndns alias everything happens the same way but the error msg i get then is "VPN server problems. Verify your username and password, and try again etc etc".
note that i have setup both machines to use ipsec with a pre-shared key which is typed correctly (it seems to be recognized/accepted by the router)
am i missing something stupid here or simply my router does not support winmo ?
any help/tip will be highly appreciated. thanks!

check the mac address filtering tables, or try to experiment with different authentications mode.

Related

Wifi access to internet via ISA firewall

I've just set up a small wireless network at home through which I intend to use several devices to connect to the internet through my LAN!
The LAN gateway is running ISA 2004 and my home computer is running the necessary Firewall client (a completely secure connection with username and password)!
Now everything's working fine... the pocket pc hooks up just right and i can browse the network and do what I could probably do using my own personal computer BUT the internet doesn't work!
It keeps asking me for a username and password (which like i usually provide in internet explorer on my personal computer) which i do supply... three times in a row after which it gives me an error saying that ISA cannot authenticate me!
The home computer doesn;t run the internet without the firewall client, and i'm supposing the pocket pc is facing the same dilemma! is there any way to circumvent this issue? perhaps a mobile version of the isa firewall client?
Please help. Thanks!
afaik there isn't a mobile version of the firewall client.
I set my ISA server to allow anonymous internet access ,and set all my machines up as secure nat clients (set isa servers ip as default gateway, I use a dhcp scope to do this). There is lots of info on this on microsofts ISA server website, I'd suggest a look there first, or try a google for secure nat.
Good luck, works well for me but ymmv.

GPRS and Static IP with VPN

HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Unfortunately there is no simple answer to your question. AFAIK you cant get a fixed ip on gprs, but if your using the right firewall and the right vpn host you dont need to.
I use and supply windows sbs 2003 servers and vpn into them regularly. I have also used citrix to achieve similar results. Might be a bit difficult to persuade your firms it dept to set up something like that for 1 person though.
PM me if youd like any advice.
BillyB said:
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Click to expand...
Click to collapse
Hello Billy,
You ask a good question, but the answer isn't simple. Most carriers do have two types of APN (Access Point Name) provision for your SIM: "private" APN (which provides a non-routable IP assignment from behind a NAT, for basic browsing and e-mail functionality) and "public" APN (that provides a routable IP assignment, which is the Minimum Requirement for a more sophisticated connection type, such as VPN, etc). However, both of them are assigned by a DHCP (Dynamic Host Configuration Protocol) Server on a GGSN (Gateway GPRS Support Node) of your particular GPRS network operator. In either case, the end result will obviously be a DYNAMIC IP address on your GPRS terminal (be it a laptop PC, a PDA, or phone)
Some carriers do offer what is called a "dedicated APN" provision, which gives the subscriber their own IP range to choose from (almost like a small subnet), but it is only available to corporate giants like Pepsi (for example).
Now, to sum it up, you must have the proper APN provisioned on your Mobile SIM account (which the provider will normally call something like a "VPN data package" in billing terms). Then, you must obviously establish a GPRS session before you can connect your VPN client (but remember that most basic VPN clients work the best). It is pretty sad to say, but Microsoft Windows-embedded VPN client on Win2k/XP Pro so far has performed the best with no quirks whatsoever. It has to be via PPTP...L2TP has also worked for me..otherwise, the fancier (and more secure) the VPN tunneling protocol, the more its likely to fail. Normally all you need for a basic MS WIndows VPN client config is the Server name (or IP address), the user name, and the password.
Hope this helps,
Let me know how it goes,
Alex
PS. PM me if you have further questions.
VPN and TS Its like pulling teeth
hi all this has got to be the most anoying problem ever. i can connect to O2 vpn access point and hence i can connect to my work vpn server. however as soon as i try to open a TS connection to my desktop (through the vpn) the VPN connection is dropped and i never connect. Can anybody tell me why? if i have a vpn connection to my work server why does TS try to make another connection and bomb out the original. Is there a fix or another way of doing this i.e. does a external IP have to be nat'd to my desktop IP on port 3389? all help greatly appreciated. Ian

WiFi settings

I want to make a WiFi connection on my school. But I have to make some setting changes. I have the HTC Trinity with WM6.
I have to satisfy to these settings:
- Wlan network name: tue
- Security mode: 802.1x with dynamic WEP keys
- Authentication protocol: PEAP with MSCHAPv2
- Root certificaat: GTE Cybertrust Global Root
Where do I make these changes?
On your's school router or wifi access point in your school
but sadly I have to make these changes on my pda
According to school these are the settings specially made for smartphones/pda
Markos said:
but sadly I have to make these changes on my pda
According to school these are the settings specially made for smartphones/pda
Click to expand...
Click to collapse
If it is set on your's router in school, then your PDA or smartphone will see these settings automatically
Otherwise look in start-settings(instellingen)-connections(verbindingen)-wi-fi, there you can add new network connection and apply these settings
But that's the problem.. I can't apply these settings.
When I configure Netwerk Authentication I'll come till "Use IEEE 802.x network acces control"
When I select this and choose for PEAP and I want to change the Properties I get this message:
Warning
Cannot log on to the wireless network. This network requires a personal certificate to positively identify you
Click to expand...
Click to collapse
Where can I make and/or change this personal certification?
been having the same message, anyone knows where to find the certificate?
Hi,
So,
1. You want to connect wirelessly to your School's network, right? .......and that
2. The network settings that you stated in your opening post were given to you by your School Network Administrator, right? ......finally, that
3. Your School Network Administrator had indeed, ACTUALLY given authority to your device (HTC Trinity) in the Access Control List to access the school's network, right?
In that case, he (the School Network Administrator) MUST have assigned an IP Address to your device (or entered its MAC address and configured it as such, inside the router/wireless access point.
Did you make sure that he did actually do so? Ask him to confirm this for you. I'm saying this because if he (the School Network Administrator) hadn't configured your device to have access to your school's network, you'll be wasting your time trying to access it, 'cos as you know, it is a secure network hence, it can not identify your device.
The only way that your device could be identified to access the school's network (never mind the settings provided in your opening post), is only, and only if, it had been configured in the ACL - Access Control List within the router, otherwise every Tom, **** and Harry would simply access the school's network, willy-nilly and wreak all sorts of havoc. See what I mean?
If indeed, he (the School Network Administrator) had given you access to the school's network, just ask him or her to give you the IP Address that he assigned to your device and then enter it in the Wi-Fi configuration of your network in Trinity, as you had been doing and everything should work fine - no more headaches!!
BOTTOM LINE:
If there is no entry for your device in the Access Control List of the school's router/wireless access point, you've got no chance 'cos your device would be refused access at all times because the router/wireless access point does NOT recognise it.
You ask him (the School Network Administrator) to give access to your device - either by using it's MAC address or IP Address), then you'll be laughing 'cos then you'll be able to have access, wirelessly.
I do hope that this gives you pointers to help solve your problem 'cos that's the only solution that I can offer.
kiwi992.
Sorry to bring alive an old post, but I have been receiving the exact same message requiring a "personal certificate." What I don't understand is that the network prompts me for my username/password - each device is not set up individually. For example, I can take my laptop to school and connect to the network as long as I have my username and password. What is the difference between XP and WM6 in this respect? Why can't I just enter my user/pass on my Wing and connect just like I would with a laptop?
Absence said:
Sorry to bring alive an old post, but I have been receiving the exact same message requiring a "personal certificate." What I don't understand is that the network prompts me for my username/password - each device is not set up individually. For example, I can take my laptop to school and connect to the network as long as I have my username and password. What is the difference between XP and WM6 in this respect? Why can't I just enter my user/pass on my Wing and connect just like I would with a laptop?
Click to expand...
Click to collapse
This has bugged me for a long time with Windows Mobile 5/6 & 802.1x with PEAP (WEP & WPA/WPA2). You should in theory be able to just use MSCHAPv2 and a Username/Password to authenticate yourself but there seems to be no way of turning off the client checking the servers validity - i.e. having a valid & trusted certificate (you can disable this checking with Windows XP's 802.1x supplicant). So all you should need is the servers public certificate installed on your device.
When I was testing this a while ago I had some sucess but the 'personal certificate' message was a problem. In the end I just enrolled the device with the domains CA and have a personal certificate installed (as well as the CA's certificate which gets installed at the same time).
Enrolling for certificates is much easier now with Windows Mobile 6 and ActiveSync 4.5 since you can enroll the device from ActiveSync on the host PC.
HTH
Andy
Interesting, Andy,
I haven't yet had the chance to test this change yet, but a few searches has turned up a registry key that we can add -
(quoted from somewhere on the internet)
"The only thing you have to do is to add a DWORD Regestry Entry under HKEY_LOCAL_MAICHNE-->Comm-->EAP-->Extension-->25
Name:"ValidateServerCert"
Value: 1 to activate Validation, 0 to turn it off"
Have you tried making this change before just registering a certificate? If it doesn't work, do you remember the basic steps for retrieving a certificate from a computer via activesync? If I do transfer a certificate from a laptop, do I need to register the device with the administrator? It seems that everyone from the IT department I've talkd to has no idea what they're talking about.

network share on domain controller

I'm having a problem authenticating to network shares over wifi. I don't have any problems authenticating to regular workgroup computers but in this instance I'm trying to connect to my server which is a domain controller. It appears wm6 is having problems with the authentication when using domain accounts versus regular local computer ones...
I checked the event viewer and as far as the server is concerned the login was successful but wm6 is saying login failed....
does anyone know how I might be able to connect to these shares?
thanks very much

wifi network questions on HTC HD2

Hi,
Using a HTC HD2 I am trying to access my home network via WIFI (WPA2/PSK - AES). Some of it works, some of it doesn't and I was hoping some of you would be able to point me in the right direction:
I can connect to intranet pages (for instance utorrent web interface) via IP, but not via hostname.
I cannot connect to network (smb) shares at all, either via IP or hostname.
A program which requires the hostname to work (since I use it over Hamachi VPN as well as locally and don’t want to change the IP based on how I use it) does work over Hamachi and not over WIFI.
I'm quite confused
Any help would be greatly appreciated!
Cheers,
Elco
Sounds like your DNS isn't working. Do you have custom DNS servers configured in the "Name Servers" tab of network card config?
Yhanks for responding!
It should get it from DHCP (though I have tried assigning a static IP and dns, but this gave the same result)
Also, I have another older win mobile device, and with the same setttings it does allow me to access the network shares (by IP and hostname)
I've combed all settings regarding wifi and network, but since they are the same I am guessing it is probably a different at the registry level?
The HTC HD2 does have 2 broadcom wifi adapters mentioned though, a normal one and one with a DHD postfix.
Cheers,
Elco
@Talisman_: same problem here. have you solved it?
Exactly same problem on xperia x2. I just set on manual temporary.
Are you using Hamachi on your phone?
Did you have this problem prior to installing Hamachi?
The reason being is Hamachi installs a network interface which exists whether or not Hamachi is running
You may want to check your Data Connection settings and see if it has applied the "requires a proxy" setting
What are you using as your DNS server though, that is the question.
If it's your broadband router, then chances are it won't be able to serve DNS requests for internal devices (ie computers on your home network).
If that's the case, you'll need a proper DNS server (get an old PC and install Linux) and create a local domain such as home.local, or if you've got a registered domain, you can even set it up the same (domain.com for instance) just tell the DNS server it's the domain master.
It's been yonks since I played around with Linux so I can't tell you how, much easier with Windows Server
Some people advise against using the same public domain name as an internal domain name, but it just means you add A records for any public addressess such as WWW.domain.com or mail.domain.com if it's accessable outside your network as well as inside.
Alternatively, if you're only going to be accessing them via the home network then you could try adding a few hosts to your registry (use the windows calc or similar to convert each IP address number to Hex)
http://windowsmobilepro.blogspot.com/2006/04/etchosts-file-equivalent-in-windows.html
As always, you modify the registry at your own risk.

Categories

Resources