Hoping that someone can (re)compile the required VPN components which would allow PPTP encryption to work.
I've seen a couple of posts which state (I'm merely parroting here) that the vpn wasn't compiled with MPPE encryption enabled. I suspect that chasing this down is probably a little beyond my unused-for-10-years-and-fading memory of Unix commands
Ref 1:
forum.xda-developers.com/showthread.php?t=783157
Thanks,
AoN
Related
Hi all,
I've done the requisite searches, and as best as I can tell the IPSEC VPN functionality in the HD2 has some critical problems - mostly characterized by connections dropping when VPN data is accessed.
Is there a good pay/free SSL VPN client for our phone/platform? I'm currently running a Windows Server 2008 R2 box, but wouldn't mind springing for an appliance if it's going to make this work reliable and securely.
So for the more experienced WinMo users, would an updated set of libraries from Microsoft maybe help the problems with the built in solution (which doesn't appear to support SSL VPN connections anyways...)?
I'd prefer to work with the standards on this one, so while I realize that people have found effective ways to get VPN access on their HD2s, I'd like to stick to the Microsoft DirectAccess framework.
Regards,
Slarti, mobile networking neophyte
Been looking for the same for a while, would also appriciate alot if someone can help
bump bumpi bum
G'day
I am wondering if the IPSEC implementation is crippled somehow in 2.1? I was trying to connect to a known (working) IPSEC peer with an Iphone 4 as my control; and trying from Galaxy-S - I put wireshark on the line and notice the Galaxy-S is failing in IKE key negotiation phase. Iphone succeeds.
Has anyone had an success with geting IPSEC VPN going, can confirm issues or knows if there will be a "fix" in 2.2 ?
cheers
-k
Have set up IPSec/L2TP no problems Android 2.1
Good morning,
I've managed to set up both PPTP to my Windows 7 home network as well as IPSec L2TP (PSK) and they both work without problems; it may be a peculiarity of the implementation that is causing hiccoughs--the web has various documentation of the quirks of Cisco and Microsoft VPN implementations and workarounds; here's one such page regarding modifications to IPSec-L2TP (openswan) for connecting Windows VPN clients to Ubuntu server running VPN:
[QR CODE REMOVED CUZ APPARENTLY IM A NOOB]
*** Ok, well, it seems since I just registered on the board, it won't let me post either an URL to the QR Code for the URL, or the URL itself, so we'll have to do this the hard way until my account is verified:
Go to http-colon-slash/robincheung.info/mbalog/ubuntu-IPSec-L2TP and it will redirect the the wholly-too-long URL to the notebook
***
If it's failing during key negotiation, perhaps you've specified MD5 on one VPN client and SHA1 on the other (or AES on one and 3DES on the other type deal?), or if you're using certificates rather than PSK, perhaps there's an issue with the certificates in the Android unit but not your iPhone?
RobIncAMDSPhD @Milestone XT720 (windmobile.ca)
Hi,
I had a wild idea... is it possible to run Cisco Anyconnect within a chroot Ubuntu install and then setup the andrioid side of things to route all its IP traffic through to Ubuntu... and then out through the secure tunnel (and vice versa)? Essentially using the chroot Ubuntu as a proxy server for incoming/outgoing vpn traffic.
It seams like this could be quite a light weight solution, or even have vpnc running inside a stripped down lightweight (non-gui) ubuntu.
I'm guessing this might work if NAT is allowed by the vpn server, but I have no idea how to go about doing it... iptable manipulation on both the the ubuntu and android side of things I guess. This all assumes that ubuntu is trully being multitasked and not suspended.... sorry bit of a new comer to android so not entirely sure how it all works yet.
As I say, a wild idea.... no cisco vpn support is a bit of a show stopper for my xoom adoption (note I spent a couple of days trying to get vpnc running but it dies with library issues).
I was under the impression that OpenVPN connected to Cisco Anyconnect devices. If so, someone has that working already:
http://forum.xda-developers.com/showthread.php?t=972550&highlight=vpn
Cisco IPSEC VPNs are still not working, the tun.ko module in the above link either doesn't work with VPNConnections or VPNConnections doesn't work with the Xoom.
Thanks for the reply!
Yep, I installed OpenVPN and the tun.ko on Saturday... then I hit a brick wall working out how to configure openvpn for my coropoate VPN. I use Cisco AnyConnect on both Linux and Windows to connect to their radius server. My iPhone connects just fine as well.... over IPSEC __with__ a group id.
After doing quite a bit of web searching I came to the conclusion that OpenVPN doesn't work well with Cisco VPN?!? Hence the reason I was looking at vpnc and subsequently wondering about the chrooted linux vpn bridge type solution.
rinsewin said:
Thanks for the reply!
Yep, I installed OpenVPN and the tun.ko on Saturday... then I hit a brick wall working out how to configure openvpn for my coropoate VPN. I use Cisco AnyConnect on both Linux and Windows to connect to their radius server. My iPhone connects just fine as well.... over IPSEC __with__ a group id.
After doing quite a bit of web searching I came to the conclusion that OpenVPN doesn't work well with Cisco VPN?!? Hence the reason I was looking at vpnc and subsequently wondering about the chrooted linux vpn bridge type solution.
Click to expand...
Click to collapse
I've gotten OpenVPN to work on my Motorola Droid using VPN connections and a Cisco VPN. You just have to get the configuration settings right but it will work.
Just thought I'd share....
My idea definitely won't work for cisco anyconnect since it is compiled for i386.... kind of stupid of me not to think that one through .
I tried running vpnc in a chroot ubuntu on the xoom and apparently the tun device can't be found. I did an apt-get on openvpn and I see "tun" referenced in various places but for some reason it just isn't setup correcting doing apt-get install in this ubuntu image.
So, unfortunately I think I'll be flashing my poor little xoom back to stock and taking it back :-(. Really wanted to keep this little guy, with all its future potential but with no _easy_ workable cisco vpn solution... and no solid plans (i.e. date!) from google/cisco for supporting IPSEC vpn (with group id) out of the box my dreams of a thin client in meetings are dead. Looks like an iPAD 2 is my best bet, definitely not my first choice but oh well the android is what it is.
Carl C.
rinsewin said:
Just thought I'd share....
My idea definitely won't work for cisco anyconnect since it is compiled for i386.... kind of stupid of me not to think that one through .
I tried running vpnc in a chroot ubuntu on the xoom and apparently the tun device can't be found. I did an apt-get on openvpn and I see "tun" referenced in various places but for some reason it just isn't setup correcting doing apt-get install in this ubuntu image.
So, unfortunately I think I'll be flashing my poor little xoom back to stock and taking it back :-(. Really wanted to keep this little guy, with all its future potential but with no _easy_ workable cisco vpn solution... and no solid plans (i.e. date!) from google/cisco for supporting IPSEC vpn (with group id) out of the box my dreams of a thin client in meetings are dead. Looks like an iPAD 2 is my best bet, definitely not my first choice but oh well the android is what it is.
Carl C.
Click to expand...
Click to collapse
Look up ssh tunneling, you could do like you wanted in the first post really easily I bet. The ssh command can be run to tunnel any port or ports you want through another machine very easily. I don't have the setup on hand, but googling ssh tunnel should be enough to get you going.
I was using vpnc get-a-robot (https://code.google.com/p/get-a-robot-vpnc/downloads/list) successfully on froyo for connection to my Cisco ipsec VPN.
When I upgraded to GB, vpnc would force close (guessing because the module was missing) so I compiled the tun.ko.
Now, vpnc connects, but doesn't pass traffic. When connecting to the VPN, I see these errors on the VPN side:
Code:
Mismatch: Overriding phase 2 DH Group(DH group 5) with phase 1 group(DH group 2)
IKE could not recognize the version of the client! IPSec Fragmentation Policy will be ignored for this connection!
IKE Receiver: Runt ISAKMP packet discarded on Port 4500
I didn't change any of the vpn settings.
I'm not sure where to go from here.... I tried compiling other modules that looked like they could be related but that was of no help. Is this kernel missing some needed ipsec support? Or, could it just be that app is no longer compatible?
I will look for another app to use while this post sits out here. If anyone is interested in the tun.ko, I'll happily post it.
Ok, what a waste of my (& anyone else who went any further than reading my post's) time! IT WAS THE APP!
Using the more recent VPNC Widget, all is well!
EDIT: Here is the tun.ko zipped. Thought I was going to have to find somewhere to host it, or I would have included it in the first post.
Are there any known-to-work out-of-the -box Android TV devices that can use VPN with PPTP MPPE?
So far I have tried Firestick and Nvidia Shield, but neither of them have the part of Android OS that allows for internal VPN support like a Cell Phone does.
Please note, OpenVPN is not an option as it does not support PPTP MPPE so it cannot connect to any of our existing media servers.
For anyone getting ready to type a message saying how much better OpenVPN is and how unsecure MPPE is, please know that we already know this.
The servers are strictly used as pass-through video feeders and there is nothing that needs to be secured at all.
Changing them over to OpenVPN would slow them down too much (we already tried that) and OpenVPN does not support Local IP addressing for remote devices. (i.e. making a Remote Connection look like it's local to the server)
All we need is just plain old PPTP MPPE VPN on a Android device that can run Plex and supports a Remote Control .... seems simple enough.
Ideas?