I am trying to use PPTP VPN with MPPE encryption enabled to connect to a network with a WRT54GL running dd-wrt-vpn running the vpn server. I know I have the server setup right, and I have added scripts to the server pptpd options file to require encryption "MPPE required" and disable compression "nodeflate". Using a rooted EVO 4G with stock 2.2 Froyo, I am able to connect successfully over 3G or 4G, however traffic only works for about 20 seconds, after that, no web pages will load, no ping, nothing, but the vpn stays connected and never disconnects. I know this has been an issue with Android since 1.6, and you can see the post on code.google, issue 4067, it's been there since november 2009, and has still not been fixed. I'm not asking a question about "what's causing the issue", so please don't tell me to use search just yet , what is strange to me is that if I use my Samsung Galaxy Tab 10.1 running Android 3.1 to tether to my Evo with wireless tether, then I can use the PPTP VPN client in 3.1, and it connects and creates a stable pptp tunnel, and I was able to have stable traffic for hours without anything going wrong (except for the Evo battery temp reaching 100F after some time ). They had reported on that issue 4067 that even the later versions of android don't have a working pptp and ppp0 client, so that's obviously not correct.
Anyway, I read a post here (in the Samsung Epic 4G forum) by member "drunix" from september of last year that said he was going to try to recompile the client with MPPE encryption enabled (assuming that is the issue in 2.2) if no one else has done it yet or tried to fix this yet. I don't think it's just the encryption that is the issue, because even with encryption disabled both on the server and client, traffic dies again after about 20 seconds.
So judging from what that member wrote, even though SO many android phone owners have complained so far about the pptp vpn client not working properly in Android versions 1.x and 2.x, no one has so far successfully fixed this issue yet, no one has even acknowledged or attempted to look at this issue yet so far other than that one member, not even the OS manufacturer. I have a hard time believing that the independent developers here and everywhere else make all these custom roms and kernels and other very impressive things from scratch, but no one has even touched this issue when functional pptp and ppp0 already exists almost on all other computer OS's and other platforms, and iPhone, WinMo and linux ALL have functional clients. All apple users say that they can successfully use the phone to connect to a pptp vpn. I guess this must not be important enough to catch the attention of any devs not only from google, but not even here. Is there any way some of the very knowledgable devs here, who can so easily root any new android version that comes out, take a look at this to see if they can fix it so android can be fully functional in all its included features like apple? I think this is the only major issue where android does not function as well as iOS, otherwise it is ahead of the iphone in every other aspect, so why not try to fix this for those who have the knowledge and fix things that are way more complicated than this?
Thanks
Are you referring specifically to 2.2 versions? If so I cannot answer since I am running 2.3.4 modified stock sense 3.0
Also I have successfully used at least three of the available VPN clients to support a IP/Sec connection to both secured servers and routers (mostly routers) with no drops, lock ups or related.
For me, the VPN clients work and have worked but maybe you are referring to something specifically different.
Hope that helps
Related
Hey, I have been looking forward to the 2.1 update for our Heros because I thought it was going to finally give us simple VPN access... *to Cisco concentrators*. Unfortunately, it only gives us IPSec/L2TP PSK or CRT... whereas I need a pure IPSec client that supports Group Authentication in order to connect to my corporate VPN.
So, I, and I am sure many others, need to revert back to the Get-A-Robot-VPNC client to connect to our corporate networks, but apparently do not have a correct tun.ko module. Trying to insmod a tun.ko module, I get "invalid format" or "failed executable" - So, can someone provide a tun.ko that we can use, or explain how to get one installed in these new 2.1 ROMs?
I am currently using the ZenHero 2.1 ROM
Thanks! Once I get VPN access again, the Hero will really be something pretty damn awesome again.
Or, does anyone know of any VPN clients coming down the pipe for Android? or any other projects in development?
I heard Shew Soft was coming out with a mobile variant... not sure if it'll be on Android though..
I have no use for it or way to try it, but I did find vpn connections in the market when searching for something else and remembered this thread. It said on the comments though to go to the site for the latest version. http://code.google.com/p/get-a-robot-vpnc/
actually, a search for vpn in the market turned up a few options. Take a look, I don't know exactly what you need.
I have been trying multiple ways. I even tried the tun.ko. I have not been successful but I would like to hear if anyone is successful.
danaff37 said:
actually, a search for vpn in the market turned up a few options. Take a look, I don't know exactly what you need.
Click to expand...
Click to collapse
Unfortunately, none support, what I think to be the most popular VPN type, from a corporate stand-point: pure IPSec that supports Group Authentication. Most in the market are just for VPNC.
Thanks for your post though.
Yes the android app is lacking.
I have a Cisco concentrator working with MY phone. I just dumped all Group based auth. We wanted a device that would work with 99.999% of devices on the market and our little Asa-5505 does the trick.
You should be able to configure policies on the cisco to handle either clients, that is really your or your admins choice.
Otherwise the stock android vpn client MY only complaint is it will NOT let me vpn over mobile network.. only wifi. Kinda pointless if I have wifi I would use my laptop to vpn to work. WTF?
Sprint is the problem
kkruse said:
Yes the android app is lacking.
I have a Cisco concentrator working with MY phone. I just dumped all Group based auth. We wanted a device that would work with 99.999% of devices on the market and our little Asa-5505 does the trick.
You should be able to configure policies on the cisco to handle either clients, that is really your or your admins choice.
Otherwise the stock android vpn client MY only complaint is it will NOT let me vpn over mobile network.. only wifi. Kinda pointless if I have wifi I would use my laptop to vpn to work. WTF?
Click to expand...
Click to collapse
I realize this post has been sitting here for a while, but I thought this might help some others who may run into similar issues. At my work, we have all Cisco equipment and have a Cisco ASA configured with PSK mobile VPN. We are having basically no luck getting in using Sprint-connected devices (Sprint EVO 4G) on anything but Wifi. I CAN, however, connect just fine on my Samsung Captivate over AT&T 3G signal using the same built-in android VPN client. We've gone the rounds with the Sprint Engineers on this and they have nothing they can pinpoint that is causing this outage. I would really like for either Cisco or Sprint to come up with a good explanation as it shouldn't matter if you're on Wifi or 3G, it should work either way. The point is that it works on AT&T for us, but not Sprint, as far as 3G/4G data connection is concerned.
Okay, part of this is based on running Linux for the last 7 years. Part is assumption and part is what I have gathered from Motorola 3rd Level Techs/Devs and ATT. We all know the phone is just released. I think it is a totally nice phone. Initially, I had problems with one major thing -- being able to use wifi. I think I found an app called Android Status which basically can show you a view of netstat -lnt. EVERY socket is running on tcp6. Now this is a world/quad band phone so it needs IPV4/6. I was connected to my router and could see a udp connection pinging really fast from the phone to router and disappearing. The wierd thing is the tcp6 sockets are looking like IPV4 addresses. I am assuming a tunnel of some sort.
When I called ATT their line was, "I'm sorry we don't support home wifi's." So I went to one of their wifi HotSpots and I can join but get kicked off for supposed none eligibility for access. ATT swears I am all set. But I loved telling them that I'm sorry I don't support ATT HotSpot technical difficulities. I "fixed" my issue by adding my own DNS servers and making a static IP on my wifi network. I don't have or want to use the time to "fix" ATT. I just want it to work. This issue with wifi is seeming to be occuring on the IPhone4 and Windows Phones being released. I'm betting it's the same problem.
Linux by default comes with IPV6 on in the kernel. So if it is to be a world phone they have to have support. Another option for techies is to blacklist IPV6. "If" you've rooted your phone. OR wait for Motorola/ATT to put out a patch/toggle switch like is done with wifi, GPS, BT and the like so a user can toggle wifi support based on where they are travelling or living in the world. This last to me seems to be the best idea.
Now for the techie in me I don't travel overseas or in a native IPV6 country at all. So I would rather just blacklist the file. Wifi right now is running about as fast as a squashed snail on a hot day because it is looking for both sets of addresses. My kernel is old 2.6.29, and it has Android 2.1.1 but I would like to go to the most current Froyo. Looking in this section of the forum seems to have Debian directions: I run ArchLinux. Though using Astro FM there is dpkg stuff inside the FS of the phone. Or the instructions are for Windows, which don't help me at all either. Plus I want to get rid of some of this garbageware ATT has put on the phone itself.
So in closing I would like Froyo if in my best interests, and that it changes the kernel. But I have to shut off IPV6 at config/module level, and not at kernel level.
dap
This phone DOES ROOT with Z4root app with no issues I can detect. Loading a new busybox also doesn't seem to cause any issues.
I was trying to figure this out for a while, and even went so far as to install an entire different DLNA server on my Netgear Stora. I was able to access them fine on my wife's Epic, but not my Aria. And I also was able to ping the Epic, but not the Aria. So then with a simple search I was able to find this thread , which allowed me to then ping the device. Much to my delight, I could then see all of the DLNA servers from my aria ^_^. I just thought I would throw this out there for anybody else that may be banging their head on a wall like I was.
But I am now kind of wondering, why did I have to ping the Aria to get it to detect the DLNA servers? Some newer security feature, or missing feature from previous builds (I swear I could use DLNA fine before without any problems)?
What ROM are you using? I believe the ping problem only exists in CM6.1+ and CM7.
Doh, guess I could've mentioned that. CM7 nightlies.
Also, I've noticed that I have to repeat the procedure if I am disconnected from the network for a certain amount of time. I've been experimenting with creating a shortcut that will ping the server, but I still think I have to do it from the other end as well. Will confirm later.
Ok, so after messing with it for a while, I found a solution that works for me. If I cannot detect the dlna server (if I leave the network and come back for example), all I have to do is open up an ssh session to the server, and that way I don't have to ping the Aria from the server. Sure, it is a little hassle to click the ssh shortcut, and put the password in, but I have the pw stored in swype so it is really easy.
Yea...I've noticed this as well..it's truly a GIANT pain...and no matter how many times this gets asked, anywhere, it either always gets over looked or no one cares to answer the question. Something is a little quirky but I haven't a clue as to what it is...
My Xoom usually disconnects the VPN immediately after opening any file from an SMB Share using ES File Explorer. I preferred Astro but the SMB addon doesn't work with Honeycomb yet. A variation of different vpn clients all do the same, as soon as data is done being transferred from a single download, the VPN will disconnect.
Is there a workaround for this? It would be great to only have the VPN connect when resources on the network were accessed or written.
I haven't found a workaround or solution to keep the VPN up and stable.
(btw, this is a typical MS 2008 PPTP on a Windows Domain)
At the moment, I'm having to reconnect after every file transfer- again, the wireless network doesn't seem to make a difference (although the 3g connection is obviously poor)
I've done a little troubleshooting on this in the last few days using the magic of wireshark. MS PPTP Server, makes the connection and then drops after SMB traffic is attempted, as well any website will not load, and no email / communication will work.
I believe this fully involves a Default Gateway setting on the Xoom, being it's a client-side setting and the Xoom doesn't appear allow that option to be changed (silly that it's missing, imo).
When I make a connection, Verizon's firewall policies see a foreign IP return traffic at some point on their network and blocks the transmission completely, eventually causing PPTP to timeout.
Here's a good read on how to get around the restriction:
http://jbenisek.wordpress.com/2010/10/05/android-2-1-and-2-2-vpn-pptp-over-verizon/
I myself have been on the phone this morning regarding this issue, I'm up to about a 3rd level of tech support and he is trying to tell me 'nothing is blocked at all on the Verizon network'...
I'm awaiting a call back now... at which I'll try to show him the above site/resource and maybe he'll move me to an unrestricted IP block. We bought 3 Xooms with the intention of working remotely in the field using PPTP- 4 more coming soon---
At this point, I'm still tempted to go back to Sprint and just wait on their Xoom release.
*btw, you can verify the above by tethering to the Xoom and changing your default gateway on a laptop/pc, the connection will work fine.
edit:
AH-HAH!
And more info;
http://code.google.com/p/android/issues/detail?id=4706
Apparently this is a known issue.
Encrypted PPTP is broken on Android: http://code.google.com/p/android/issues/detail?id=4706
I've posted about this problem in this thread:
http://forum.xda-developers.com/showthread.php?t=992876
I've tried it on every version of Android since 2.1. I tried it with my Xoom on 3.0 and the problem remains. It appears to be a pretty low priority for Google.
sangreal06 said:
Encrypted PPTP is broken on Android: http://code.google.com/p/android/issues/detail?id=4706
Click to expand...
Click to collapse
Turned off encryption on the server and all was well. I can't believe google let that slide... !?
I guess I'll transition to a L2TP VPN...
One thing I've been enjoying greatly (and use VERY frequently) is the Cisco IPSec client that has been standard in iOS.
Since getting my iPhone in 2009, I've been able to connect to my work systems and get a lot of stuff done that would have otherwise required a trip to my desk.
I haven't seen any Cisco IPSec support in the native AOSP or CyanogenMod builds. Is this even possible with Android?
With more and more Android devices comes out (and I have three now), it would be nice to have more options other than always going to iOS.
I saw Cisco AnyConnect in the Market. That (unfortunately) requires Root, something that may not always be possible. There was nothing for Cisco IPSec connectivity.
I had a friend tell me that it is an issue with the linux kernel that is being used not the rom. Doubtful that cisco ipsec vpn will be available on android anytime soon.
Currently it has been done for Samsung devices: https://market.android.com/details?id=com.cisco.anyconnect.vpn.android
And 4.0 is supposed to introduce a new VPN API, meaning that once ICS is ported to this device, you should have what you're looking for.
you can try the cisco anyconnect for rooted phones- for whatever reason it works on my rooted epic 4g but refuses to connect on my nook color. The other option which works is vpnconnections