SSL VPN Client for HD2/WinMo6.5? - HD2 General

Hi all,
I've done the requisite searches, and as best as I can tell the IPSEC VPN functionality in the HD2 has some critical problems - mostly characterized by connections dropping when VPN data is accessed.
Is there a good pay/free SSL VPN client for our phone/platform? I'm currently running a Windows Server 2008 R2 box, but wouldn't mind springing for an appliance if it's going to make this work reliable and securely.
So for the more experienced WinMo users, would an updated set of libraries from Microsoft maybe help the problems with the built in solution (which doesn't appear to support SSL VPN connections anyways...)?
I'd prefer to work with the standards on this one, so while I realize that people have found effective ways to get VPN access on their HD2s, I'd like to stick to the Microsoft DirectAccess framework.
Regards,
Slarti, mobile networking neophyte

Been looking for the same for a while, would also appriciate alot if someone can help
bump bumpi bum

Related

VPN Client For Cisco Concentrator

While I was looking for a *working* VPN client solution to work with a Cisco concentrator, I found a couple of potential solutions:
1. Bluefire VPN client (http://www.bluefiresecurity.com/)
2. AnthaVPN (http://www.anthavpn.com/webmaker/portal/wmlink_360)
Both claim to work with the Cisco concentrator (3000 series to be precise). Before I go ahead and install either/both on my MDA Pro (with Imate ROM), I was wondering if anyone had any good/bad things to say about the software?
Any help would be appreciated.
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
rukna said:
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
Click to expand...
Click to collapse
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
rukna said:
here's an update:
I went ahead and installed the BlueFire VPN client. In general, the installation was a breeze. The UI is also nice and elegant. The configuration isn't too obtruse, either, except I can't get it to work with my Cisco concentrator! It would authenticate with the server fine, but would always choke on "IKE phase 2", which I think is when the client and server negotiate on the IPSec security association (SA) parameters.
I've tried several combination of IPSec configuration on both client and server to no avail. The server throws the following error on every login attempt:
39019 03/29/2006 14:04:59.840 SEV=4 IKE/0 RPT=575 192.168.51.120
Group [***obfuscated***] User [***obfuscated***]
All IPSec SA proposals found unacceptable!
Anyone got any suggestions on how to get around this?
Click to expand...
Click to collapse
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
Did you try the VPN client from APANI
There is a trial version for CISCO VPN 3000 Series for PDA and Mac
http://www.apani.com/vpnclients.html
italos said:
Did you uncheck PFS (Perfect forward secrecy) flag ? I can connect with this flag unchecked and compression algorithm=none
Click to expand...
Click to collapse
I tried that already, didn't work. It may just be issues with the configuration on the concentrator. I'm going to play with it this weekend to see if I get anywhere. Thanks for the reply, nonetheless.
pierrelp1 said:
Did you try the VPN client from APANI
There is a trial version for CISCO VPN 3000 Series for PDA and Mac
http://www.apani.com/vpnclients.html
Click to expand...
Click to collapse
I filled out an eval request yesterday with Apani and got the instructions to download the client this morning. I'll install it over the weekend to see if it works "out of the box". Thanks for the suggestion, dude!
It appears that Apani doesn't really support the universal. Got the following from one of their support reps. Back to the drawing board, I guess.
The Client does not support the use of Windows Mobile 5. We currently
support Windows Mobile 2003 only.
Sincerely,
Janet
Apani Networks
[email protected]
714-674-1700
Click to expand...
Click to collapse
Bluefire VPN
be careful when installing Bluefire... It is a mess if you install it on the SD card..
it's a nuisance to uninstall it... all advice i got from "Bluefire support" was to try a hard reset.... most helpfull
(apparently this problem is well explained in their "product documentation"... but no solution has been found.. yet
NCP Secure Entry Client works
Have a working environment against a CISCO-PIX with NCP
http://www.ncp.de/english/services/testsoftware/index_entry.html
=) Georg
I got the BlueFire client to work finally! I had to enable the PFS (Perfect Forward Secracy) on the concentrator along with the encryption set to 1024 bits on my group profile.
After I got past that, I got the DirectPush client to work with my exchange server! Now I can confidently say this phone has been worth it for me!
OpenVPN
FYI - I just came across this openVPN port for windows mobile and thought it might be of interest for some of you guys:
http://www.ziggurat29.com/OVPNPPCAlpha/OVPNPPCAlpha.htm
Its still in the alpha stage and is continually being worked on by the author, David G. Lemley, III
I am in the same boat - need to use IPsec VPN to connect to our corporate Exchange server.
I am testing BlueFire 2.3.0 client for more than a week now. Overall it is very good - it does its job done. But after running it extensively for a week I discovered several issues with it, mostly cosmetic, but they are really annoying. Especially, if you want to have Direct Push. Those issues are:
1. "Save credentials for auto-reauthentication" does not work - you have to enter your password every time you connect.
2. It does not reconnect on its own, if it looses the connection (i.e. EDGE/GPRS goes down temporarily)
3. Detection of disconnect is not very reliable - sometimes when you loose signal and GPRS connection wants to disconnect, it cannot do it because of VPN still thinks it is connected and prevents GPRS from reconnecting.
4. Extensive use of on-screen push-buttons instead of soft-keys. And soft-keys are mapped to rarely used functions, like About - poor interface design. It woldn't be so bad, if the VPN client was not requiring user interaction to reconnect and authenticate...
5. After several minutes of standby, it brings its window on top of Today screen, kinda like letting user know that he better check his tunnel/connection, because it could be already disconnected... In most cases it is not true, because the unit wakes half the way up every several minutes to check email or sent a heat-beat packet, which keeps connection up (this only applies to GPRS/EDGE connection and not WiFi, unfortunatelly). But sometimes the VPN tunnel becomes dead, and you have to click "Disconnect", "Connect" and enter your password again.
Ok, that is my impression about BlueFire VPN client. Now the question is - is there any better IPsec client for PPC (WM5), which allows you to have Direct Push email over IPsec all day long without your intervention to check the connection status and reconnect manually?
Thanks for your time.
Im also trying to connect to our corporate network using a vpn client.
with my laptop i usually do this with the cisco vpn client and a very simple configuration.
My target is doing the same with the universal.
I tried Bluefire VPN, and AnthaVPN.
Eventhough i tried a lot of times, i couldn't make a connection with bluefire
With Antha, the results were better. I could connect , but after installing it, wifi stop working, and the active sync, sometimes doesnt recognize the device ( i saw in this forum somebody with exactly the same problem).
Is there anybody that use Antha in Universal without problems?
I checked the official web of Antha, and universal is not supported.
Do you know any other vpn software that works with Cisco?
Thanks

vpn client for wizard?

I recently purchased a tmobile mda and was trying to access my campus's network. But when I logged on, the only page I could view was about downloading a vpn client for multiple os's (but no windows mobile) to use the network.
Is there a vpn client for windows mobile?
Any help would be great.
Thanks!
There's a built-in client that will handle L2TP and PPTP VPNs. If you go into Settings/Connections and click "Edit my VPN servers" you can configure the client for your VPN. It's worth a try.
Tried that, didn't work... I decided to ask my University about their network, they said it was a cisco 3000 or something... And also informed me that "to their knowledge" the windows mobile 5 built in client isn't compatible...
I then went to the College of computer science help desk to see if some peers could help me. They said someone had bought a $100 program to be able to connect to the concentrator but didn't know who made it or where to get it.
Does anyone know of such a thing? Or a cheaper alternative?
AnthaVPN
I have found AnthaVPN wich is about from 40$ to 100$ depending what you need.
I'm trying also to open VPN without this IMHO too expensive solution. But if it's the only way - then I need to buy....
Maybe some kind of tunneling from own Linux-server (With Swan) might be the free solution....
I have been testing Bluefire Security's VPN and it works great, but my employer is using a Nortel system sio I cannot comment on the Cisco compatibility. It costs $79. I have also tries Antha but is cause problems enabling Wifi and Gprs.
John
Long time I could’t make connection with the built-in VPN client. After the latest ROM update from Qtek it works (I tested only PPTP). I can make VPN to SBS server and Windows XP. Also I can use Terminal Services true VPN connection.
The only thing I can’t get working is to access network shares (I tried GSFinder+ and NetUse).
Guka

VPN in Windows Mobile 6

Hi,
I'm currently on a HTC Trinity using Mary's 3.3.5 ROM and want to be able to connect to my universities WiFi network but to do so I need to use a VPN tunnel, anyone recommend a good PPC App that will allow me to connect to my universities VPN?
Cheers,
Mike
mikecsmith said:
Hi,
I'm currently on a HTC Trinity using Mary's 3.3.5 ROM and want to be able to connect to my universities WiFi network but to do so I need to use a VPN tunnel, anyone recommend a good PPC App that will allow me to connect to my universities VPN?
Cheers,
Mike
Click to expand...
Click to collapse
WM6 Pro includes both a PPTP & a L2TP/IPSec VPN client. This will work with most VPN routers & firewalls, however they may not be configured to support it. If you can connect using Windows 2000/XP's built-in PPTP or L2TP/IPSec VPN Client then you can almost certainly connect with WM6's.
A lot if VPN Routers & Firewalls are supplied with a 'free' Windows client that has the documentation geared around it. However most (if not all?) of these products will work with the native VPN client in Windows 2000+ (and WM5/6). I would try and stick with the L2TP/IPSec client but this requires some additional steps over setting up PPTP - on both the client & server (router). It is worth the extra steps in my opinion though.
Andy
I have the same problem ... I am not able to connect using the default VPN client ...
Hi,
There's a great review of vpn clients by Menneisyys in the Wiki. It's entitled:
'Access Your Desktop PC From Your Pocket PC!'
I'm sure you'll find it very useful because it would point you in the right direction as regards VPN tunnelling to your Uni's server.
kiwi992.
kiwi992 said:
Hi,
There's a great review of vpn clients by Menneisyys in the Wiki. It's entitled:
'Access Your Desktop PC From Your Pocket PC!'
I'm sure you'll find it very useful because it would point you in the right direction as regards VPN tunnelling to your Uni's server.
kiwi992.
Click to expand...
Click to collapse
HI!
Thank you for your reply, but this articles are about "Remote desktop" - like solutions for WM - based devises. Not for connecting to VPN.
Did anybody have had any success so far?
Any working 3-rd party VPN clients / Solutions?
Thank you in advance.
Dmitry.
====
keyword list: VPN; connection; VNP over WIFI; VPN WM5; VPN WM6; VPN problem; VPN client;
Hi,
You might find Manneisyys' review very long but if you take your time to read it, you'll see that he talks about the various VPN clients and how they compare. VNC, VNC+, etc are all mentioned there.
Just take your time to read it.
kiwi992.
Nice article, is the VPN working?
Do you have the WM6 VPN client working? Specifically the ActiveSync -> VPN -> MS Exchange functionality that was there under WM5?
kiwi992 said:
Hi,
You might find Manneisyys' review very long but if you take your time to read it, you'll see that he talks about the various VPN clients and how they compare. VNC, VNC+, etc are all mentioned there.
Just take your time to read it.
kiwi992.
Click to expand...
Click to collapse
Thank you for your answer!
But. Once again: the article talks about REMOTE CONTROL with the use of things like: RAdmin, MS RDP, etc.
This sofware - are remote desktops, so called VNC, not VPN clients in a classic way.
There is a little mess we get at the moment. (I've defenetelly got)
Let me describe in detail:
People need VPN here for many reasons, for me it is:
- to connect to some VPN through WIFI with our WM5 \ 6 device.
In my case- this is a public WIFI internet provider, which has a wifi coverage in the city.
Wifi is open PPTP. I need to type in a login \ pass on the web page I get, to start using the internet in current wifi session.
The ALTERNATIVE way to conect to internet - is to establish a VPN connection over the wifi.
I can successfully do in on the laptop.
With my UNI, WM5, AKU 3.5 - I can connect to VPN with the built-in VPN Client, but the first request to internet (via browser or Messaging send-receive) - drops my VPN connection, as it described here in the forum.
So: we need some software that can work.
I tried so far:
1. BlueFire VPN - just can't connect.
2. Antha VPN - just doesn't work.
I have heard thah on some other ROMs there is no problem with the built-in VPN client for PPTP, will try with some other WM6 ROMs later.
Any solution so far?
Thank you, kiwi992
Thanks to everybody!
Hi, im sorry for my bad english.
I have the same Problem. I search for an VPN tool. I have wm6. I know ther ist an VPN client but it doesn't work. To connect to the VPN in my University I need the L2TP/IPSec "safety andcertificate" but I don't kwon where I can load this.
thank's for helping
IronMaster1987 said:
Hi, im sorry for my bad english.
I have the same Problem. I search for an VPN tool. I have wm6. I know ther ist an VPN client but it doesn't work. To connect to the VPN in my University I need the L2TP/IPSec "safety andcertificate" but I don't kwon where I can load this.
thank's for helping
Click to expand...
Click to collapse
Hi! The L2TP/IPSec is a special story.
It is widely discussed here at forum: xda-developers > General discussion > Networking >
Search for *VPN* string on this forum.
This is the: http://forum.xda-developers.com/showthread.php?t=302520&page=2&highlight=*VPN* one of the success stories.
You need to obtain the certificate from the system administrators of your network. You may also have some "magic" URL in your campus network, where you can download the required certificate. This URL should point to the inranet web page of the web interface of the VPN server.
If your goal is to securely connect to some specific computer on the network, you should use one of the VNC programs: the VNC server part on the computer, and the VNC client on your device.
In any case - first check your certificate \ settings on, say, Windows XP laptop, connected through WIFI, first, then continue with the device.
Good luck!
Dmitry
VPN problems
I don't know if this issue is specific to my device (pharos gps 600 gps phone), or to windows mobile 6 which I'm running.
I can't connect to my vpn through wifi, the reason being is that I cannot associate any connections through the wifi card with the vpn info.
Wifi card doesn't show as a selectable modem in the modem tab next to the vpn tab in the vpn config. Only modems are cellular line modems, bluetooth, and one "hayes compatible com1" which is my usb I would guess.
Does anybody know how I might get around this?

VPN Client for WinMo 6.1 (or 6.5) working with Cisco on the other side???

HI to all
I am looking for a working VPN Client (the Iphone has one which is working) to connect my Touch Cruise to the intranet of my firm.
I read that NCP has one, but it is quite expensive ...
is there any other solucion?
For free?
Shrew is working fine on my laptop, but y would like to check something out of mi WinMo Polaris.
I actually am using WinMo 6.1 but if necessary I also could change to 6.5
Thanks
Isidar
OpenVPN has a free client for WinMo but I don't know if it will work for your VPN, give it a shot.
you can use hamachi-0.0.3.1
http://rapidshare.com/files/83751409/hamachi-0.0.3.1.rar (for your mobile)
https://secure.logmein.com/products/hamachi/list.asp (for your pc)
clmbngbkng said:
OpenVPN has a free client for WinMo but I don't know if it will work for your VPN, give it a shot.
Click to expand...
Click to collapse
i think openvpn is not compatible with cisco vpn since cisco uses ipsec and openvpn uses a simply tunnel created on udp port 1194 (no need for gre,ike,or pptp port's/protocols open).
it's much simpier but work very well and just with the p12 certificate (ok my certificate is 2048bit so i think it is minimally secure, nothing like a dynamic generated rsa key but even better than just a ssh tunnel or something like).
Back in the days of Windows Mobile 2003 I used to use "MovianVPN" to connect to my university network. The software is now superseded by AnthaVPN (www.anthasoft.com). It is designed for Windows Mobile 5 and they have no mention of WM6 compatibility, but I think its worth a shot.
I also read about another product called "Bluefire VPN", but I can't seem to find it online at the moment.
Edit: The above solutions are not free, but the price might be refundable by your company.
Cisco AnyConnect for Pocket PC
There is an application from Cisco itself that you can download and try.
It's based an Cisco's new Anyconnect module
anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
http://cisco.quanza.net/anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
The website http://www.tycoon.mxm.cx/ has a couple of VPN software apps for all OS
Shawn Botha said:
There is an application from Cisco itself that you can download and try.
It's based an Cisco's new Anyconnect module
anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
http://cisco.quanza.net/anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
The website http://www.tycoon.mxm.cx/ has a couple of VPN software apps for all OS
Click to expand...
Click to collapse
The Cisco device at the other end has to be setup for SSL VPN otherwise Anyconnect does not work. This is somewhat new and SSL VPN licenses are expensive.
Personally I use AnthaVPN on my HTC Touch (WinMo 6.1 Pro) and it works great with our IPSec Cisco VPN (the old way since we're too cheap to buy the licenses for the SSL VPN).
EDIT: And if your company is setup for SSL VPN, you should not need to download a client. Your admin should give you a website and it connects to the router/firewall/VPN concentrator and downloads the proper client for you. Better than going to some random site to download something.
The integrated L2TP/IPSec client?
I have posted previously on here about VPN clients and Cisco Routers & Firewalls. The integrated L2TP/IPSec client works with both Cisco PIX/ASA Firewalls as well as IOS Routers - it is dependant on how these are configured though. I posted two configurations from PIX 6.3(5) and PIX 7.2(4) - both of which I had working. It seems there are some limitations when setting up groups however my testing didn't include this.
http://forum.xda-developers.com/showthread.php?t=444948&highlight=Cisco
I was going to test the Group issues someone reported but never got around to it - I have a full-time job as well
Andy
Shawn Botha said:
There is an application from Cisco itself that you can download and try.
It's based an Cisco's new Anyconnect module
anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
http://cisco.quanza.net/anyconnect-wince-ARMv4I-activesync-2.3.2016-k9.msi
The website http://www.tycoon.mxm.cx/ has a couple of VPN software apps for all OS
Click to expand...
Click to collapse
Cisco nice good work,try it with my Dopod and router working.
thank you guys to put the links.
AnyConnect Secure Mobility Client 2.5
Hi guys
Could anyone post the link for Cisco AnyConnect Secure Mobility Client 2.5 as it is one of the only vpn client solutions having WM6.5 and Cisco routers work together
Could you propose any other solution for WM6.5 and Group authentication cisco servers
Thanks
I have just downloaded the AnyConnect Secure Mobility Client, v2.5 and it works a treat thanks for this post, it was released in Aug and works with 6.5
Please note, i legally have a CCO account and valid service contracts for Cisco ASA and VPN gateways.
To the previous poster, please buy relevant CCO access to download.

[Q]proxy blocked vpn connection

hi guys,the company i am current working at uses a proxy connection for accessing the internet.(you have to go through the proxy in order to access the internet).but the proxy blocked most websites,so i tried to use a vpn connection over the company proxy to bypass the internet restriction.The problem is ,vpn connections are not allowed to go through the proxy.is there any way to bypass the block to use vpn or bypassing the proxy?I am currently using my company's wifi on an android device.please kindly help me to solve this problem.Sorry for my bad english and thank you for any help.
best wishes,
sunnytse1
*thanks button will be clicked if helped!
Anyone?
Sent from my LG-P880 using XDA Premium HD app
sunnytse1 said:
hi guys,the company i am current working at uses a proxy connection for accessing the internet.(you have to go through the proxy in order to access the internet).but the proxy blocked most websites,so i tried to use a vpn connection over the company proxy to bypass the internet restriction.The problem is ,vpn connections are not allowed to go through the proxy.is there any way to bypass the block to use vpn or bypassing the proxy?I am currently using my company's wifi on an android device.please kindly help me to solve this problem.Sorry for my bad english and thank you for any help.
best wishes,
sunnytse1
*thanks button will be clicked if helped!
Click to expand...
Click to collapse
the company i am current working also use VPN by setting the IP adress
the concrete operation is a little complicated, you'd better google for help
Good luck
The easiest solution would be to use 3G/4G and thus avoid any filter/proxy that your company WiFi has.
Assuming you don't want to do that, you should try to figure out what kind of VPN you're using. There are 4 main types:
1) PPTP - This one is old but supported in almost every OS natively (including Android). It's easy to setup a server for these using any Pro version of Windows. It's also easy to block.
2) L2TP - This one is more secure but also less supported. This one is also fairly easy to block. I think only Server editions of Windows can create this type of VPN.
3) IPSec - This is your Cisco-type VPNs. These tend to be more difficult to setup on the server side. Depending on how the network is configured this may be blocked too (but less likely).
4) OpenVPN - This is probably your best bet to avoid workplace blocking. You can configure it to use any protocol or port that you want, however it is very difficult to configure for a first time user. There are tutorials available online to help. You'll need an app (and maybe root) to use an OpenVPN-based VPN.

Categories

Resources