Hey all,
So I just set up a VPN server on my OPNsense firewall. I want to connect to it using my Android 9 phone with Lineage 16.0-20190725 using IPSec Xauth RSA.
Importing the CA certificate works great, but when I import the VPN client certificate it doesn't work the way it should. I don't get an error or anything, but the certificate is not in the list of possible "IPsec user certificate" in the VPN settings. It is, however, in the list of "IPsec server certificate" in the VPN settings. I double checked the OPNsense settings, and I can see that the certificate is clearly marked as a client certificate, not a server certificate. This suggests to me that android somehow does not realize that this certificate is a client/user certificate instead of a server certificate.
What can I do?
- Jaapyse
Related
I'm trying to synchronizise with the exchange server at my work.
But for some reason it doesn't work. I've filled in everything in the right way (address, domein etc.) the fault code is 80070002.
Can somebody help me with this?
same here at home (no firewalls)
Works fine for me. Exchange server needs just some configuration.
Priit said:
Works fine for me. Exchange server needs just some configuration.
Click to expand...
Click to collapse
What kind of configuration?
First, your Outlook Web Access (yes, OWA!) can not use forms based authentication nor SSL encryption. If you don want to use these (you most probably want to use SSL) then you need to create another virtual OWA directory without SSL and force ActiveSync (and Outlook Mobile Access) to use it.
More information at
http://support.microsoft.com/default.aspx?scid=kb;en-us;817379
Check if you can access OMA (Outlook Mobile Access) using http://yourserver/oma and check also Exchange server logs.
I thought this wasn't supported on WM5 until AKU 2.0 comes out (hopefully soon)
So ur saving I have to turn Forms authentication off and ssl off on OWA for my mobile device to work ?
sounds a bit of a poor show.
I need Forms based auth ideally as it goes through firewalls where as the other type does not.
Ours works here and we use SSL.
For the server name make sure you are using the fully qualified domain name that you use from the internet. IE: mail.domain.com. You don't have to put the /exchange on the end.
username, password and domain are all the same as what you use to log in.
OH, and the certificate you use on the server should be for mail.domain.com and not servername.
Hope this helps.
@spartanrob: DirectPush needs AKU2.0. You have always had possibility to sync manually. Or if your operator provides e-mail to SMS then you have the same functionality already today.
@Karzi:
No, I'm not saying you have to turn off SSL and/or forms-based auth., but you need to create another virtual OWA directory, which does not require SSL and forms-based authentication. You can limit access to this directory to localhost only so there will be no security concerns.
@MrHappy:
Your server is probably set up in that way.
Please go read this it helped me with the same error
http://hardware.mcse.ms/archive35-2005-11-248477.html
Basicly says that you have to download the cert from https://server.domain.com/certsrv then install the certificate on your desktop and your handheld then activesync will work....
I was hesitant but it worked for me.... it changed the path in the cert from my ip to my server.domain.com
Hi,
I try to establish a vpn connection to our company-VPN.
VPN Gateway is a cisco device. "Normal" connection via notebook with cisco vpn client works.
On my TyTN i installed ncp client. But i dont know how to configure the cisco settings.
On Cisco VPN Client:
- IP Adress of Gateway
- Group Authentication
- Transport IPSec over UDP
On ncp VPN Client:
- IP Adress of Gateway is easy to find
But i cannot assign the other settings. NCP Client has a lot of settings.
Has anybody success to establish vpn connection via windows Mobile to a cisco Gateway ?
Got it. Not the vpn Client was the problem.
The Blackberry connect SW (disabled!) prevented connection via vpn.
Deinstallation of BB Connect und vpn Client from Bluefire works fine.
What did you use as the VPN client to connect into the cisco gateway?
Do you use a RSA secureID token?
I am tring to get a VPN connection running from my HTC p3600i, WM6.
New VPN Client
Since a few days i use another VPN Client: www.ncp.de
Works fine. We do not user RSA Token. Only Group Authentication (free string to identify groups) and XAUTH - user/password.
WinnieK said:
Since a few days i use another VPN Client: www.ncp.de
Works fine. We do not user RSA Token. Only Group Authentication (free string to identify groups) and XAUTH - user/password.
Click to expand...
Click to collapse
Can you write your settings? I can't configre this
Any ideas on a MPPE PPTP VPN via WM6? I have been trying to get this to work for months and can't. I am operating under the presumption that the VPN client in WM5/6/6.1 doesn't support MPPE and I am therefor up S#!T creek without a 3rd party dialer...
(It is a VPN connection to my work and yes as sorry as this is they still use an encrypted PPTP connection for all of their VPN connections. If they would just move on to something a LITTLE more current L2TP/IPsec I wouldn't be having any of these problems...)
But is there such a thing as a 3rd party PPTP VPN client for WM5/6/6.1 I haven't been able to find one...
TIA~
WinnieK said:
Since a few days i use another VPN Client: www.ncp.de
Works fine. We do not user RSA Token. Only Group Authentication (free string to identify groups) and XAUTH - user/password.
Click to expand...
Click to collapse
kindly can you show where to set the Group Authentication ?!!!
New(ish) Cisco AnyConnect VPN Client
Cisco have released an AnyConnect VPN client for Windows Mobile 5/6 (version 2.3.185). This is specifically targetted towards the ASA 5500 platform as the VPN server, however it should also work with IOS VPN devices (I am told?).
I haven't tried it, however I have seen it demonstrated and it all seemed to work.
Personally I prefer the integrated L2TP/IPSec VPN client and have posted previously on how to get this working with Cisco PIX 6.3, ASA/PIX 7.x and IOS devices.
Andy
AnyConnect VPN client will support only SSL VPN, that avaiable on Cisco ASA and IOS from 12.4(20)T or later.
Can I have two VPN connections to two different places on the same computer?
I work at two different medical facilities. I have a VPN connection to one and I'm trying to set up one for the other. When I'm in the New Connection Wizard and I pick "automatically dial connection", it makes me pick the medical facility that I already had on the computer to "automatically dial" when trying to create this new one.
cool vpn has given the users privilege to surf internet with freedom and security Thanks to VPN
Hi
I know Android has its own built-in VPN client but I would like to create my own VPN client to connect to our VPN server as I would like to add an extra layer of security on it. Can anyone help me out please?
Maybe just some guide on how to create a VPN profile using the built-in Android client programmatically (of course without accessing the hidden API) or something equivalent? Specifically I want to create a VPN profile with IPSec Xauth RSA Authentication.
I have a vpn account from a L2TP/IPSEC VPN Server and use four attributes to connect it from Android or Windows devices: IP Adress, User Name, User Password and PreShared Key. I can connect with these details successfully manually. I also want to connect it programmatically in Android 4.x.
I looked into OrbotVPN and ToyVPN projects but couldn't see any details about connecting to existing VPN server. And I think there must be some configuration(server side code) at the remote point (VPN server) to response requests from clients in these projects. But in default; a L2TP/IPSEC VPN server configured already and ready for connections.
Also googled it, all of them says "VpnService is designed for creating custom-protocol VPN applications" but there is no an example of IPSEC implementation.
Is there any example of IPSEC implementation?
I noticed something interesting today. I changed the certificate for my mail server from z.net to a.com (moving domains - long story). The mail server that is listed in the email client (using built in email client - not the gmail app - with ActiveSync) is z.net - however the email client is not complaining that the host in the SSL certificate does not match the server name. Which had me thinking - so I installed "Packet Capture" and started to capture (and did NOT install the generated certificate into the trust store - which makes the certificate an untrusted self-signed certificate which could be used in a MITM attack). Android email happily connected and checked for email. Opened up the browser to browse the webmail and it complained that the certificate is not trusted (as it should).
I'm not an expert of ActiveSync by any stretch but is this a "feature" of ActiveSync? To ignore SSL verification???? I also use Outlook 2016 and it did prompt about the certificate mismatch.
I fired up an old phone that was using activesync with the gmail app and while it did not seem to update - it also did not show any certificate mismatch errors. Outlook for Android also seems to ignore the certificate mismatch.
Am I missing something really obvious?
(This could be a wider Android issue - but I found this issue specifically on my V20)