VPN over public wifi - Networking

Hello!
I was on a vacation abroad recently and tried out something novel for me: To use VPN while on a public wifi. Another neatness was that the PPTP VPN server was running on my ASUS RT-AC66U router back home, an endpoint I'm pretty comfortable with
However, there was one thing that griped me: Whenever I established a connection to a wireless network, Viber or Facebook Messenger or something would pop up a message before I could establish the VPN connection. Now, since I don't know how these services work, I don't know if there was a brief period in there that my device communicated messages and credentials in the open. Hopefully there remains some sort of encryption certificates from a previously negotiated session, but I'd like to be confident that it's not possible to send unencrypted credentials or messages.
Ideally, the phone should remain passive until all traffic is routed through the secure tunnel. Is there any way to do this? Android introduced "Always-On VPN" that sounds like it claims to be what I'm looking for. However, it only works for L2TP as far as I understand.
The usage case scenario here allows for no data by default/block all ports/route everything locally. Then if wifi connection is established, open port for VPN connection, establish VPN, then open all ports. Presently I've switched to OpenVPN also, and installed the "OpenVPN for Android" application. I have no problems establishing a VPN connection, it's just tightening any holes I'm interested in.

Related

I can't VPN with GPRS anywhere!

I'm trying to VPN using GPRS to several networks which I have access to but I can't seem to be able to VPN them with my PDA2K. I can VPN them easily with no special configuration with my XP.
My i-mate keeps trying "Connectioning XX VPN..." and then aborts after about half a minute saying to check the username and password. The username and password are correct.
I called my cellular provider and they said that I should be able to connect to a VPN only if 'UDP Encapsulation' is defined on the VPN server?!?!? Well.. What is this thing? I'm trying to connect to big corp VPN, they wouldn't even listen to 'special requests'. I tried to connect to 4 different VPNs and I could not connect to any single one of them!
I really need that VPN connection via GPRS with my PDA2K. Any help would be more than appreciated. Maybe a different client than the built in VPN client of the WM2003SE ?
Thanks in advance.
Sorci
anyone?
bump for help. this gotta be a common prob.
Your GPRS connection will be subject to some form of NAT (Network Adress Translation) through your provider. VPNs don't get along well with NAT as the firewall doing the address translation modifies the packet header after it has had it's hash value calculated by the client (in this case your PDA). The receiving firewall will reject the packet as the hash values for the (now modified) packet don't match.
UDP encapsulation gets around this by encapsulating the encrypted and authenticated (secure) packet in a UDP packet which will be happily modified by the NAT'ing firewall. The receiving firewall will decapsulate(is that even a word?) the UDP packet and process secure packet inside as normal.
James
Thanks a lot Jamz for the thorough detailed info. I appreciate it.
So what's the fix? I tried several other VPNs and was unable to access them as well.. I can't just call all these providers and make some strange requests for a 'one guy with a pda2k and a gprs connection' that wants them to change their VPNs, enabling or disabling protocols or port.
Any other solution?
sorci said:
Any other solution?
Click to expand...
Click to collapse
Are you sure you're using the built-in VPN client in Windows, and not something like a Cisco VPN client?
You could try something like the Movian VPN client (not sure this is still made). I've used this previously with a Cisco VPN and it is fully configurable to handle multiple VPN types.
I've got a similar problem. Am trying to set up a temporary GPRS connection into my work LAN (I work for myself but 2nd child due shortly so want to be able to connect in from home for a couple of weeks only). I've got MS Win2000 Server set up to accept incoming VPN connections and it works fine on a dial-up connection but refuses to authenticate my username/pasword whenever I try to get the GPRS working.
As it's only going to be used for a short period of time, I'm loathe to spend out on any specific hardware/software but if anyone's got any suggestions, I'd be grateful.
If it helps, the LAN is behind a Netgear DG834GT ADSL modem/router/firewall and VPN PPTP and IPSEC are allowing in and out on it. The server is on a static IP address in the range 192.168.99.x.
GPRS Connections and VPN
With O2 you have to aks for VON connectivity to be enabled and connect to vpn.o2.co.uk instead of mobile.o2.co.uk. (by the way you can't access the web whilst connected to the vpn.o2.co.uk AP)
I suspect that most providers have simalair requirements
Dave

Best IPsec VPN client?

I am testing BlueFire 2.3.0 client for more than a week now. Overall it is very good - it does its job done. But after running it extensively for a week I discovered several issues with it, mostly cosmetic, but they are really annoying. Especially, if you want to have Direct Push. Those issues are:
1. "Save credentials for auto-reauthentication" does not work - you have to enter your password every time you connect.
2. It does not reconnect on its own, if it looses the connection (i.e. EDGE/GPRS goes down temporarily)
3. Detection of disconnect is not very reliable - sometimes when you loose signal and GPRS connection wants to disconnect, it cannot do it because of VPN still thinks it is connected and prevents GPRS from reconnecting.
4. Extensive use of on-screen push-buttons instead of soft-keys. And soft-keys are mapped to rarely used functions, like About - poor interface design. It woldn't be so bad, if the VPN client was not requiring user interaction to reconnect and authenticate...
5. After several minutes of standby, it brings its window on top of Today screen, kinda like letting user know that he better check his tunnel/connection, because it could be already disconnected... In most cases it is not true, because the unit wakes half the way up every several minutes to check email or send a heart-beat packet, which keeps connection up (this only applies to GPRS/EDGE connection and not WiFi, unfortunatelly). But sometimes the VPN tunnel becomes dead, and you have to click "Disconnect", "Connect" and enter your password again.
Ok, that is my impression about BlueFire VPN client. Now the question is - is there any better IPsec client for PPC (WM5), which allows you to have Direct Push email over IPsec all day long without your intervention to check the connection status and reconnect manually?
Thanks for your time.
Hi!
Where did you get version 2.3?? I just can find 2.2 on their website...
I wasn't able to connect to my uni's Cisco VPN with version 2.2 and had a lot of issues with other VPN clients (NCP and Antha kind of disrupted the connection manager) - so basically I haven't found any client which is working properly. Hope that will change with one of the next versions...
Thomas
DoctorT said:
Hi!
Where did you get version 2.3?? I just can find 2.2 on their website...
I wasn't able to connect to my uni's Cisco VPN with version 2.2 and had a lot of issues with other VPN clients (NCP and Antha kind of disrupted the connection manager) - so basically I haven't found any client which is working properly. Hope that will change with one of the next versions...
Thomas
Click to expand...
Click to collapse
Apparently, even though their web site says 2.2, they are giving out 2.3 here for trial:
http://www.bluefiresecurity.com/orders/
As of other VPNs for me so far:
NCP killed all my connections - GPRS and WiFi didn't work anymore. It is overcomplicated and I had to uninstall it to get my connections to work properly again.
Antha is promising, especially its DPD (Dead Peer Detection) feature, but I cannot connect with it to our VPN server no matter what I do. I copied all the settings from Bluefire, which can connect, but stil no success.

Bluefire VPN over 3G

HI there,
Has anyone experienced an issue whereby bluefire or similar contivity VPN client connects seamlessly over WIFI and 3G however will only allow RDP or VNC over WIFI.
I am currently running bluefire and am able to authenticate through 3G but thats it, I have no other functionality.
Any help would be great!
Thx
I've seen it where specific ports are blocked on the 3G providers network, but given that you're establishing a vpn tunnel, that should be irrelevent, as all the traffic should be tunneled via the VPN. I wonder if the Device isn't picking up the new route to send the traffic via the VPN, and is instead sending it via the 3g connection to a non-existant device.
Does your VPN-endpoint give you any logs to show if its actually receiving the traffic from the device? Are you able to ping anything within the remote network (assuming ping is allowed) from the device?
One thing I have noticed is that if you have a 3G connection open, then establish a wifi connection, the routing table doesn't seem to update to use the wifi connection and you actually have to kill the 3G session. I wonder if something like that is happening here - the 3g session establishes a default route, the VPN session then comes up but the device doesn't realise to send traffic via the VPN session. Or are you getting any traffic through the 3G/VPN connection?
I have the option to turn on verbose logging. I ll give that a go and see if it highlights anything really obvious.

VPN calling data number while connected to wifi

I have a 6800 with Verizon and I attend Penn State at the main campus. We have group authenticated VPN security for our on campus wireless. I downloaded BlueFire mobile VPN because it has group authentication capabilities. I connect to the Penn State wireless and then connect with the VPN client, however I notice that my phone calls the 777 number to access the VPN server for some reason, even though I have wireless. I messed around with connection settings, but got no results. My issue with this is that I don't have any data plan because I don't want to pay for it and the data call eats up my minutes.
Does anyone know how to properly set up the connection settings so that I don't pour money into Verizon's pockets?
Also, I don't think this is possible but I might as well ask... is there any way to use the VPN software included with WM to connect to group authenticated VPN servers?
Any clues?
Have you tried turning off data connection?

GCM push on new WiFi

My office has recently changed our networking. We now have a separate WiFi for personal devices and company devices.
Since this change, I don't receive any GCM push notifications when connected to the WiFi. As far as I can tell it's either that the router is fixed to IPv6, or that incoming traffic on the port is blocked. But don't have admin access to the router.
Any ideas on solutions?
krs360 said:
My office has recently changed our networking. We now have a separate WiFi for personal devices and company devices.
Since this change, I don't receive any GCM push notifications when connected to the WiFi. As far as I can tell it's either that the router is fixed to IPv6, or that incoming traffic on the port is blocked. But don't have admin access to the router.
Any ideas on solutions?
Click to expand...
Click to collapse
Not received at all or very much delayed?
Looks like GCM keeps an open connection opened and reopens it router informed that it cuts the connection or 15mn heartbeat hasn't been seen.
If it's not working at all then it could be that server are blacklisted or fw/proxy playing fool with https certificates. You could try accessing server using https from a browser.
If delayed then the stateful firewall times out for this connection (normal) but doesn't inform so through a FINish or ReSeT TCP flag (not normal)
Connection is initiated by the phone and falls back to https so ipv6 shouldn't be a problem.

Categories

Resources