Hi, has anyone successfully used l2tp on their JASJAR (using a certificate, not a shared secret)?. For some reason our certificate does not seem to work on the JASJAR, it works fine with Windows Mobile 2003 SE devices, but on Windows Mobile 5 the l2tp connection just fails directly (complaining about the username/password) without sending one bit of information to the VPN server. Any help is appreciated.
Kim
I FOUND THE REASON!
It´s the smart dialer. Deactivate it by removing the operator phone skin
* The setting is at 'HKEY_LOCAL_MACHINE\Security\Phone\Skin'
* The 'Enabled' value must be set to '0' to show the default skin
In case if you like your operator´s buttons more than the default, delete or rename the 'ext' value. Unfortunately the button for video calls is removed by these actions. But L2TP VPN will work instead.
If you guys want a good and secure remote desktop program try:
http://www.logmein.com
Change resolution to 640x480 and you have a full desktop pc on yout universe.
Believe me it's the best.
df2jh said:
I FOUND THE REASON!
It´s the smart dialer. Deactivate it by removing the operator phone skin
* The setting is at 'HKEY_LOCAL_MACHINE\Security\Phone\Skin'
* The 'Enabled' value must be set to '0' to show the default skin
In case if you like your operator´s buttons more than the default, delete or rename the 'ext' value. Unfortunately the button for video calls is removed by these actions. But L2TP VPN will work instead.
Click to expand...
Click to collapse
Yeah! I can verify this, though nowadays I'm using an HTC TyTN, but the same problem still exists. Note though that you don't have to remove the operator phone skin, just disable smart dialing from the phone:
Menu/Smart Dialing Options.../[ ] Enable Smart Dialing
Now the VPN works, but it still might randomly fail IF you have your mailbox open The VPN will work again if you close the Inbox application, so no reboot is needed anymore. I have to look into the Inbox problem a bit more ...
Kim
I have tried this (diabling Smartphone) on my MDA Pro II, but still get the symptoms described above.
The basics work (PPTP, L2TP/IPSec with pre-shared key).
I have my SBS2003 CA authority cert installed in the Trusted certs stash. I assume that I need a device certificate.
I have a Windows Server CA. What type of certificate do I need to install, and how, to get the L2TP/IPSec client to pick up the right stuff.
Has anybody ever managed to get a connection to a Cisco VPN? I just can't get it to work at all :-(
G
gquipster said:
Has anybody ever managed to get a connection to a Cisco VPN? I just can't get it to work at all :-(
G
Click to expand...
Click to collapse
No - we now publish a TS session from our servers.
gquipster said:
Has anybody ever managed to get a connection to a Cisco VPN? I just can't get it to work at all :-(
G
Click to expand...
Click to collapse
Yes. Assuming that you are using IOS, you will need something like
Code:
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
! Not all of the options are necessary
interface Virtual-Template1
! BVI1 cd be some other interface
ip unnumbered BVI1
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip virtual-reassembly
ip route-cache flow
! Easier to get the IP address from a local pool
peer default ip address dhcp
ppp mtu adaptive
! optional
ppp lcp predictive
! eap only if you authenticate users by certificates
! You will need to ensure that it matches your
! aaa authentication ppp default ...
! You may also need a
! aaa authorization network ...
ppp authentication eap ms-chap-v2
! optional
ppp ipcp header-compression ack
! optional
ppp ipcp predictive
! necessary to get unique DHCP addresses
ppp ipcp username unique
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
crypto isakmp key <yourkey> address 0.0.0.0 0.0.0.0 no-xauth
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map DYN-L2TP 100
set transform-set 3DESSHA
!
!
crypto map STATIC-L2TP 100 ipsec-isakmp dynamic DYN-L2TP
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
! whatever is needed for your external interface
!
crypto map STATIC-L2TP
for pre-shared key access.
Not to be stupid but IOS?
How would I set this up?
Being able to access work would be fantastic!!!
Thanks!!!
G
Sorry, but these are configuration commands for your Cisco router.
Ah yes there in lies the rub. It's work's VPN server which I want to access :-(
Been considering seeing if i can set up a VPN tunnel through my home firewall (Netgear) so theoretically I could connect over the net to my firewall and then over my firewall to works VPN but I don't know much about it to be honest
Like many other people, my carrier filters all my GPRS through their HTTP Proxy.
- POP/SMTP email can't be polled
- Windows Live Messenger won't connect
- Streaming whatever is obviously impossible
- Whatever other network you want won't work
- All you can do is browse web pages and update RSS news
I wrote a very unpopular thread in the past about how to bypass your carrier's GPRS Proxy server
in order to access blocked ports for emails & other services. It was unpopular probably because
it only worked on a PC
http://forum.xda-developers.com/showthread.php?t=314757
Now I made it work ON your phone.
Basic Guide - This post
Tip to autoload everything once setup - Bottom of first post
Make a SSH server - Second Post
Setup your email settings - Third Post
~~~~~~STEP BY STEP GUIDE ~~~~~~~~~~
1 - Setup a SSH server to listen to port 443. Port 443 being opened to the internet OBVIOUSLy.
Linux users will have no issue with this.
However, Windows XP users need to install a SSH server, so please see my second post for how to do this.
2 - Download Pocketputty for your phone
3 - In your phone, go to: settings / system / About / Device ID (tab) | Write something unique, but in a single word, such as your username.
4 - Go in Settings / Connections / Connections / Advanced / Select Networks | Select "My Work Network" for both options.
It might not be named "My work Network" but it has to be the network which you can add a proxy server to the settings.
5 - Add your GPRS information for the "My Work Network".
6 - Go to "Edit my proxy server"
7 - Check the two boxes in proxy settings, then click on "Advanced"
HTTP : add your carrier's HTTP proxy address. Pocket IE cannot work any other way.
WAP : Useless (unless you NEED this working, add your carrier's proxy, or the same information SOCKS proxy under)
Secure WAP : useless
SOCKS : write your phone's "about" name from step 2, port is 1080
8 - Click Ok,Ok,Ok etc until you get back to "today"
9 - Load PocketPutty
TAB - Session
Hostname : your SSH server's external IP address
Port : 443
TAB - Tunnel
Source : 1080
Destination : (nothing)
Check circle "Dynamic"
Click Add (top right)
Go back to Tab - Session
Stored Session : proxy
Click Save
Click Cancel
10 - Use a registry editor & Edit the following Values (MAKE SURE IT IS DECIMAL VALUES)
HKEY_CURRENT_USER / SOFTWARE / SIMONTATHAM / PUTTY / SESSIONS / PROXY
LocalPortAcceptAll = 1
ProxyHost = (your cellphone carrier's HTTP proxy server)
ProxyPort = (Your cellphone carrier's HTTP Proxy server port, should be 80 or 8080)
ProxyMethod = 3
RemoteCommand = top
12 - Initiate a GPRS connection (Settings / Connections / Connections / Manage Existing Connections /
Select your GPRS connection, Tap & hold, click on connect)
13 - Load Putty
14 - Load settion "Proxy"
15 - Click Open & A black terminal window will appear
16 - go back to the "today" screen as soon as possible (it's the only way it will connect, while in the background,
I think it's a bug or something)
17 - Wait a few seconds, suddenly a window will appear asking you if you wish to save an encryption key. Click yes
(note : this will only happen on the first time you connect)
18 - Go back into Putty (DO NOT LOAD A NEW PUTTY WINDOW, use the task manager to bring back the ongoing session)
19 - It should ask your username then password, fill in the obvious information requirements.
20 - Once you are logged into your SSH server, type "top" and press enter, it will allow you to keep your connection alive.
21 - Go back to the "Today" screen and try loading Windows Live Messenger, for the first time, while using the proxy, it should connect!
~~~~~~TIP~~~~~
With Total Command, you can make a shortcut that will load putty and log you in AUTOMATICALLY
Find Putty.exe
Click on File, then >>>>>>>>>>>>> (A) >
Create Shortcut
Place it in \windows\start menu\programs\
Then browse to that folder with total command
find Putty.exe.ink
Tap/Hold and open properties
tab SHORTCUT
Assuming putty.exe is located in "\" write this in target:
\PUTTY.EXE" -load proxy -l yourusername -pw yourpassword
Then click on ok, tadaa, simply start up Putty fro that shortcut and go back to the today screen.
It will log you on automatically without your intervention.
You still need to initate a GPRS connection first though.
For running a SSH server in Windows
Part 1
1 - Download & Run http://www.cygwin.com/setup.exe
2 - Click - Install from the Internet / NEXT
3 - Root directory : c:\cygwin / NEXT
4 - Local Package Directory : c:\cygwin / NEXT
5 - Direct Connection / NEXT
6 - Select any download site / NEXT
7 - Click on "VIEW" on top right
8 - Click on the column title "Package" (to sort alphabetically) and find "Openssh: The OpenSSH server and client programs"
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
9 - Click on Skip on the far left column, on that row.
http://img59.imageshack.us/img59/4001/sshdpackage2xp2.gif[/IMG}
10 - Repeat step 8 & 10 for packages tcp_wrappers, procps & zlib (might already be selected)
11 - Click NEXT & wait (about 40-50MB download)
12 - Click on Finish (check or uncheck Create Icon & Add Icon to your discretion)
Part 2
1 - Go to your Control panel, then go into System (This is in Windows XP, not cygwin)
2 - Click on "Advanced" tab, then click on Environment Variables at the bottom
3 - Under "System Variables" click on "New"
4 - Name = CYGWIN / Variable Value = ntsec tty CLICK OK
5 - Back into "Environment Variables", look for the variable "Path"
6 - Click on EDIT, then WRITE EXACTLY at the END of the line: ;C:\cygwin\bin
7 - Here is my complete value for example: %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\cygwin\bin
8 - Click OK,OK,OK etc until you get out completely of the Control Panel and System
Part 3
1 - Go in your C:\cygwin\ folder
2 - Double-click: cygwin.bat | You'll see this window appear (with your computer name instead of alk)
[IMG]http://img182.imageshack.us/img182/273/terminalki1.gif
3 - type "ssh-host-config" then press enter
4 - "privilege separation", answer yes (not just "y")
5 - "create local user sshd", answer yes
6 - "install sshd as a service", answer yes
7 - When the script stops and asks you for "CYGWIN=" your answer is ntsec tty
8 - Type "chmod 0777 /etc/shhd_config" and enter
9 - In Windows, go to the file C:\cygwin\etc\sshd_config
10 - Open it with NOTEPAD
11 - Where it says "Port 22", replace it so it says "Port 443" and save the changes
12 - Back in the terminal, type "chmod 0644 /etc/sshd_config" and enter
13 - type "net start sshd"
14 - It should say the SSHD service has started
15 - Test out your server by connecting to your server with putty
httpp://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
16 - In putty, enter "127.0.0.1" as hostname and "443" as port, then click on "Open"
17 - It will ask you if you want to save the key, click "Yes"
18 - Enter your windows XP username, enter, then your XP password, enter.
19 - You should then see something like [email protected]:
20 - Success, you have a running SSH server for your phone to connect to.
Notice - Make sure that if your Windows machine is behind a router or firewall, that the port 443 is
forwarded to your computer. Otherwise, nobody on the internet would be able to connect to your
SSH server on port 443, including your phone.
POP/SMTP EMAIL SERVER ACCESS
Im going to write an example for using GMAIL. You can guess the rest for different services.
1 - Load your Proxy session, but dont connect yet.
2 - Go to the Tunnel tab
Local : 35553 (or any big unused port number)
Remote : pop.googlemail.com:993
Select "local"
Click add
Again
Local : 35554 (different from above)
Remote : smtp.googlemail.com:465
Click add
Go back to session and save the new settings
Now connect to your SSH server
Go to your Messaging
Add a new Email account
Email address : [email protected]
UNCHECK : Try to get your email settings directly from the internet
Select Provider : Internet Email
Fill everything yourself until "Incoming Mail Server"
Incoming mail server : alkizmotytn:35553 (that's MY PHONE's name, type in YOURS!!!)
Account type : pop3
Enter your gmail username & password
Outgoing Mail Server : alkizmotytn:35554 (dont be an idiot)
Check box : Outgoing server requires authentification
Click "Advanced Settings"
Check box : Require SSL for incoming
Check Box : Require SSL for outgoing
Network Connections : Work
It should be able to download/send emails now, while using Putty.
ok, so I can connect but when it does it says
Fatal error....
in the terminal it says
Bash: Top: Command not found
BTW! Thanks for this, If this works your my hero. If not well. Your still my hero. lol
Ohhh I know exactly what's wrong.
Here's how to fix it :
1 - Run "setup.exe" that you downloaded from cygwin
2 - Repeat the same steps of installation (you'll notice, it's taking your previous settings already)
3 - Find "Procps" package, click on "skip" just like you did with OpenSSH, Zlib, etc.
4 - Click next, and it will install "procps" on top of your SSH server.
5 - Reconnect, TOP will now work.
Here's WHY this happened
"top" command is a command that is sent automatically. It is added in Step 10.
"top" is ALWAYS part of a Linux system, but aparently not for the SSH server for windows.
I didnt think to check this since I run a small linux server.
now it should work
GOOD NEWS THOUGH : YOU HAVE PASSED THE HARDEST PART! TOP WAS A TINY ISSUE!!!
edit - I edited the SSH Server setup to include "procps" in the package installation list. I hope people read this thread. This is a major improvement for those stuck behind a HTTP proxy.
~~~~~~ TO RUN A SSH SERVER WITHOUT A COMPUTER ~~~~~~~
If you dont like the idea of running a PC 24/7 at home, you can turn your wireless router into a SSH server.
Look at the hardware list here
http://wiki.openwrt.org/TableOfHardware
If your router's model number and revision has "SUPPORTED" under status, you might just be in luck!!!
You can install a linux based firmware operating system on your wireless router. It will replace your router's OS completely with a MUCH MUCH more powerful one.
I recommend X-WRT since it is VERY userfriendly
http://x-wrt.org/
But OpenWRT is good for advanced linux users
http://wiki.openwrt.org/OpenWrtDocs/Installing
There's also DD-WRT for the complete n00b
http://www.dd-wrt.com/dd-wrtv2/index.php
All of them, once installed, have a SSH server right out of the box.
So your server is your router.
Thanks, I will try this.
alkizmo said:
~~~~~~ TO RUN A SSH SERVER WITHOUT A COMPUTER ~~~~~~~
If you dont like the idea of running a PC 24/7 at home, you can turn your wireless router into a SSH server.
Look at the hardware list here
http://wiki.openwrt.org/TableOfHardware
If your router's model number and revision has "SUPPORTED" under status, you might just be in luck!!!
You can install a linux based firmware operating system on your wireless router. It will replace your router's OS completely with a MUCH MUCH more powerful one.
I recommend X-WRT since it is VERY userfriendly
http://x-wrt.org/
But OpenWRT is good for advanced linux users
http://wiki.openwrt.org/OpenWrtDocs/Installing
There's also DD-WRT for the complete n00b
http://www.dd-wrt.com/dd-wrtv2/index.php
All of them, once installed, have a SSH server right out of the box.
So your server is your router.
Click to expand...
Click to collapse
If I remember correctly there are FON routers on Ebay for dirt cheap that can use this DWRT thingy.
cd85233 said:
Thanks, I will try this.
If I remember correctly there are FON routers on Ebay for dirt cheap that can use this DWRT thingy.
Click to expand...
Click to collapse
I'd recommend a Linksys WRT54GL if you are going to dish out the cash for a new router. Might as well buy a POWERFUL router. The WRT54GL can be overclocked to 250mhz (mine runs at 262mhz stable) and you can mod it to add a flash SD card to it to expand the memory to install OTHER applications.
You can run a small HTTP server with 1-2GB of storage with the SD mod.
I run an Asterisk VoIP server + HTTP + the SSH tunnel thing + router can become a relay access point (the router is a WIFI CLIENT!!) and a bunch of other linux applications.
WRT54G and WRT54GS are good too, but you need to find an older revision number.
FON routers are... meh...
edit - Im out for the night, Ill check back in the morning for questions and problems.
PLEASE READ!!!!
I forgot a VERY important registry setting for PocketPutty in Step 10
LocalPortAcceptAll = 1
VERY IMPORTANT!!!! ok?
sorry for the mistakes
Me no Likey SSH
Hmm SSH server has given me lots of trouble. I think I would rather use an HTTP proxy if this made things work.
Nothing really works, and my internet connection is messed up when I use the SSH server.
I won't give up though. THIS IS A GREAT GUIDE.
If this is the way to kick T-Mo's Butt, I'm going to drive this into the ground!
Please try this, and post your results.
Alkizmo and I will hopefully get time to get this to work.
More Alkizmo than I, I'll be the guinea pig
almost working... help please ^^
Alkizmo thanks for the great guide!
I got almost everything to work.. but I guess there's something still missing..
Pocketputty correctly connects to the SSH server with the correct tunnel settings (checked many times). Registry settings for Pocketputty are set correctly as well (also checked..). By the way, Pocketputty doesn't seem to know how to start EDGE/GPRS connection on demand, so I either manually connect, or start Opera browser and go to a random website to start the connection.
The proxy settings changed under the T-Mobile Data network, with HTTP proxy pointing to the T-Mobile well-known proxy server, and the SOCKS proxy (tried both SOCKS4 and SOCKS5) pointing to the localhost:1080 (tried 127.0.0.1, tried the id of the phone).
No luck... Windows Live Messenger still cannot connect.
Let's try to find out the missing piece!
Thank you!
p.s. using AT&T Tilt, with Dutty's hybrid ROM.
sorry for the late reply. It's been a while since i've roamed these forums.
So, you should try the SSH tunnel on another computer with the PC version of Putty and see if you can tunnel through sock4, so you can eliminate the server as a fault.
Second, you can do another test to see if it's pocketputty's fault or T-Mobile's proxy being very strange.
You test it by changing pocketputty's proxy settings to be very specific with a pop3 email server as explained in the guide. Then create a pop3 email account on your phone to connect through the pocketputty proxy.
If that doesnt work, then im thinking that there's something else at work to prevent you from tunneling. I had someone else with t-mobile that couldnt SSH tunnel for some reason.
I found your MISTAKE mmoroz!
You enter in the SOCKS proxy - localhost:1080
however, as specified in the step #3, you have to first give a unique ID name to your phone. Name it : mmoroz
Settings / System / About / Device ID / Device Name : mmoroz
THEN in SOCKS proxy, you enter - mmoroz:1080
WM5/6 dont seem to understand localhost or 127.0.0.1, that's why you got to specify your phone's Device ID as the localhost address.
windows live mail on windows mobile
Does windows live mail (hotmail) works with this method? The instruction looks complicated, but I'm willing to do it if it works with live mail with push feature. By the way, do I need static ip address for the server?
Thank a lot! This is a great guide!
navy2010 said:
Does windows live mail (hotmail) works with this method? The instruction looks complicated, but I'm willing to do it if it works with live mail with push feature. By the way, do I need static ip address for the server?
Thank a lot! This is a great guide!
Click to expand...
Click to collapse
Hotmail push email will work. The moment you're connected to messenger, all the other services will follow.
You dont need a static IP, but you'd need to have a system to either update your DNS address with your new IP every time, or manually change it yourself.
I got a dynamic IP, but since im on broadband, the connection is active all the time, so my IP pretty much never changes.
alkizmo said:
Hotmail push email will work. The moment you're connected to messenger, all the other services will follow.
Click to expand...
Click to collapse
Thanks A LOT! I'm working hard to get this work (no xbox for past 48 hrs). I'm using dd-wrt router to do the SSH server, but i have to change my verizon router to bridge mode first & i'm still trying to change it. Anyway, i will keep you update w/ my progress.
Guys, I STRONGLY recommend you setup a TEMPORARY SSH server before making all this effort to setup a permanent one. You can do this on your computer directly connected to the internet.
You should TEST with your phone BEFORE making a permanent server. That way, if your carrier blocks something special prevent SSH access, then you wouldn't have wasted your time setting up the server.
problems!
Hi,
I set up a SSH server on my Buffalo router with DD-WRT firmware. Instead of just use password, I used a private key for SSH server authorization. I did load/save the private on to the client on my phone. I got this error msg. on my phone when I try to connect to the SSH server.
PuTTY Fatal Error
"Server unexpectedly closed network connection"
I check the firewall log on the router, it confirmed that it accepted the connection from my phone. I did double check the IP address of the phone and confirmed that it's the same IP address from log:
Source IP------Protocol------Destination Port Number-----Rule
66.94.XX.XX------TCP ---------------------https------Accepted
By the way, I'm using T-Mobile USA service. Please see the attached picture for the SSH setting on my router (I did exactly as show on the picture, but I copied the pic from the web). I also enabled SSH remove management on my router.
I have been reading a lot of information regarding SSH. I can't figure out the problems yet. Please offer any suggestions.
alkizmo said:
~~~~~~ TO RUN A SSH SERVER WITHOUT A COMPUTER ~~~~~~~
If you dont like the idea of running a PC 24/7 at home, you can turn your wireless router into a SSH server.
Click to expand...
Click to collapse
I wouldn't suggest leaving any router, whether it be DD-WRT, OpenWRT or etc... open to SSH for an extended period of time... you're going to open up a bad can of worms security-wise. It's cool to do it for a short amount of time for testing, but when your done... close the hole and shut it down
navy2010 said:
Hi,
I set up a SSH server on my Buffalo router with DD-WRT firmware. Instead of just use password, I used a private key for SSH server authorization. I did load/save the private on to the client on my phone. I got this error msg. on my phone when I try to connect to the SSH server.
PuTTY Fatal Error
"Server unexpectedly closed network connection"
I check the firewall log on the router, it confirmed that it accepted the connection from my phone. I did double check the IP address of the phone and confirmed that it's the same IP address from log:
Source IP------Protocol------Destination Port Number-----Rule
66.94.XX.XX------TCP ---------------------https------Accepted
By the way, I'm using T-Mobile USA service. Please see the attached picture for the SSH setting on my router (I did exactly as show on the picture, but I copied the pic from the web). I also enabled SSH remove management on my router.
I have been reading a lot of information regarding SSH. I can't figure out the problems yet. Please offer any suggestions.
Click to expand...
Click to collapse
You're not using port 443. You need to use port 443, that's one of the only ports opened by the T-Mobile proxy.
Also, im not sure if SSHD will work with my trick. I only tested with SSH
seattleweb said:
I wouldn't suggest leaving any router, whether it be DD-WRT, OpenWRT or etc... open to SSH for an extended period of time... you're going to open up a bad can of worms security-wise. It's cool to do it for a short amount of time for testing, but when your done... close the hole and shut it down
Click to expand...
Click to collapse
Make the password extra extra long and block your router from responding to ping requests and you'll be fine. SSH is a very very very secure protocol.
tl;dr Google Talk/AndFTP/SIP can't connect over an OpenVPN connection in CM7.2
My OpenVPN configuration has worked for several months. But since 7.2 came out, I've been troubleshooting a problem with my phone's VPN connection to my home server. The symptom I'm seeing is that apps besides the web browser cannot connect to anything over the VPN, including the VPN host itself. When I use tcpdump to watch traffic going over my server's tun0 adapter, I don't see packets sent from AndFTP and SIP (the phone dialer's SIP) ever reach the server. Strangely, the web browser works just fine over the VPN. I'm able to view websites normal, and even connect to my webserver on port 8080.
Like you (probably), my first assumption is that a problem like this is due to misconfiguration somewhere. However I'm starting to think that's not the case this time. My VPN configuration is very simple, and I don't use any iptables netfilter rules anywhere (the server is behind a nat router). These apps work just fine over my VPN when I'm using the old CM7-12112011-nightly-olympus build. My Ubuntu laptop also has no issues using the VPN. I have observed the route table (# busybox route -n) after the VPN connection is made using the latest nightly, and the old build which works. Both routes are the same (for whatever reason, the default gateway isn't removed, but it works on the old build anyway).
So I have only seen this issue when I'm running CM7.2 RC1 or the latest nightly: update-cm-7-20120409-NIGHTLY-olympus-signed.zip
For now I'm back on the CM7-12112011-nightly build, and my apps work on my VPN again. But I wanted to post this here incase this issue affected anyone else. I'm not sure how to continue troubleshooting it, or whether it might even be related to a bug.
I can use Pandora just fine over VPN, as well as download stuff from the Market/Play and use GTalk.
Here's my server config if you want to compare it
Code:
$ cat /etc/openvpn/server.conf
port 12345
proto udp
dev tun
ca /etc/openvpn/blahblah.crt
cert /etc/openvpn/blahblah.crt
key /etc/openvpn/blahblah.key
dh /etc/openvpn/blahblah.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
Ok if these builds are working for you, that does indicate it's just some misconfiguration on my end.
update: I did fresh installs of the last atrix-dev-team build and the latest cm7.2 nightly. On both builds apps are working over the VPN just fine. The only thing that doesn't work is the dialer's built in SIP, it won't connect over the VPN. It works when I'm on the same lan as the server, but not otherwise over the vpn. Watching tcdump, I never see packets coming from the phone when I enable "Receive incoming calls."
So I just gave up trying to get the SIP dialer to work on my VPN, and installed CSipSimple and SIPDroid. Both work just fine over VPN. While both these apps are popular, I was only avoiding using them since I didn't think they would be necessary. I've used the dialer's SIP to proxy calls over asterisk in the past with my original A855 Droid. Not sure why it doesn't work anymore, but not a big deal either.
I am also having some difficulty with openvpn. I am running CM7.2 RC3 on my Atrix. I have never had it working before on the Atrix (recent convert to CM7), but have had it working on laptops and an iphone. Was intrigued that it appears to be built in. I just cannot get it to work.
My issues are:
1) I cannot use the tun device. If I try, it appears to connect, then errors out.
Code:
N read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
If I select tap, it will connect, but then it tells me that there are fragment errors
Code:
FRAG_IN error flags=0xfa3333ff: FRAG_TEST not implemented
2) I cannot add the 'extra arguments' under the advanced settings. I try tp put "fragment 1400" and . I'd like to add mssfix as well, but cannot figure out how to use this input block. If I try "fragment 1400" same thing:
Code:
MANAGEMENT: Client disconnected
When I use tap and keep the extra arguments clear, it appears to connect, but I get nothing: andsmb cannot see smb shares, I cannot get to the router web page, etc.
I have also configured pptp and that will allow me to connect (access shares and see the router web interface (ddwrt). I would prefer openvpn, though. Any help appreciated.
My connect script with a laptop is:
Code:
remote xxxx.dyndns-office.com 1194
client
dev tap0
proto udp
mssfix 1400
fragment 1400
resolv-retry infinite
nobind
persist-key
persist-tun
float
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
Keith