[Q] OpenVPN in Froyo - Droid Eris Q&A, Help & Troubleshooting

I wasn't sure if I should post this here or in Development. It was a 50/50 chance so I flipped a coin and here I am.
As I was browsing through the settings on my Eris with my new KaosFroyo v34 I noticed VPN connections. I took a look, and much to my surprise OpenVPN was listed. That's awesome because my company uses OpenVPN.
There are two options that I am having a problem with, "Set CA Certificate" and "Set user certificate". Unfortunately nothing but "cancel" shows up when I select either of these two options. I have created the user key and cert, and the ca cert on my server and copied them to a directory on the phone. I am assuming that I need to install my certificates before I am able to use them, but I have no clue how to do that. I Googled for documentation and found nothing. Can anyone help?

Related

Cert not installing?

OK. I've app unlocked my phone as per post 188 here -> http://forum.xda-developers.com/showthread.php?t=372717 (Thanks Erofich) and now when I try and install my server certificate I no longer get the message that my I don't have permission but I don't get the message saying it's been installed either (nothing seems to happen) and I still get a cert error when I try and sync. Any ideas?
Thanks
If you have changed the 1017 policy to 144, then it should allow it.
You dont get a confirmation message on installation though. So check settings, security, certificates, root certificates to make sure it has gone into the right place.
If its there and you get the error then the cert doesnt match the server...
Thanks. The cert is there.
It is the same cert I have been using successfully on my Ameo (where you do get a confirmation message) so I'm now stumped
Its definitely in the root certs?
I would start at the beginning and double check server name and sync settings on device.
Its definitely in the root certs.
The name on the cert is the server name I connect to and everything 'seems' fine, but I still get 0x80072F0D invalid cert.
I downloaded the cert from my certsrv and have double checked my ActiveSync settings and confirmed the server name, user name, password and domain.
Anything else I can check?
Thanks
Hmmm... as long as you are using the FQDN for the server, then there is no reason for it not to work.
I wonder if you delete the partnership and recreate it (now the certificate is installed) it might help?
Deleted the account and tried again. Still no joy. And I am using the FQDN.
I'm hopefully going to update to WM6 over the w/e so will try again then.
Thanks for your help.
Ah... I thought you might have already done the WM6 thing. It does resolve some issues like this.
I just flashed an 8500 to WM6 this week using the guides here and it went fine (as did exchange syncing).
Well...
Just upgraded to WM6 and still the same problem
Do you have access to the server itself? Or is it a work/hosted server?
If its your own server, you could try a fresh cert export (just in case yours is in the wrong format) by opening up an MMC and Add a SnapIn - Certificates, select Local Machine. In the Personal Folder, export the Root trusted cert that you are using for your SSL. Export it in the DEP x.509 cert format. Copy it to your PPC and
click on it to install it.
OK - went to server and my FQDN was in my root certs 3 times!
I exported all 3 and imported to phone and it's now happily syncing away.
Many thanks for all your help and your clear instruction s on how to export my certs. So simple even I could follow them.
Now running WM6 AKU 0.5 - pity you can't get it in English but I can understand American.
Thanks again for all your help.
Superb news.
Most people have problems with just one certificate!
That's what I like about this site - not only are people amaisingly helpful, but they seem genuinely pleased when a problem gets resolved
Thanks again
Hi folks,
sorry for being late, i think I can point you to the right direction:
As per Daniel Melanchton (german MVP for Mobile Devices), you need two certificates. One ist the cert for the server and one is the root cert. The root cert is needed for the mobile device checks also the origin of your cert (in german called "Zertifzierungstelle" e.g. Thawte). There's a perfect documentation floating around in the web, but it's only in available in german (called ex2k3_clientzugriff_1.wmv). He shows how to set up your mobile device and how to get the certs by exporting them from internet explorer using outlook web access.
Best regards,
tsfnet
tsfnet said:
As per Daniel Melanchton (german MVP for Mobile Devices)
Click to expand...
Click to collapse
Just a small correction
Daniel has never been MVP for mobile devices. He was MVP for Exchange Server and is now working for MS.
Bye
OK - so which one of you two is going to translate ex2k3_clientzugriff_1.wmv into English for us?
äääähhhhmmmmm,
i'll try to provide a pdf with screenshots and explanation if this would help. But this will take some time as i am in heavy business at the moment due to changing our erp-software at work.
He actually got it working about three days ago.
tsfnet said:
due to changing our erp-software at work.
Click to expand...
Click to collapse
What from and too? we're looking at Dynamics AX because they're too cheap to get JDE...
unwired4 said:
He actually got it working about three days ago.
Click to expand...
Click to collapse
yep, i know, but it could be helpful for other users, couldn't it ?
I just love people tributing to this forum AFTER solving their problem and not just "hey, it works now, perfect, thanks and bye forever" (maybe that's too hard, i know a lot of users do contribute a lot and spend a lot of time after solving their problem).
We need to understand why it works now. Do you know the difference between a cert and a root cert ? If you know it, you don't run into the same problem. That's why i will provide a simple pdf about installing the needed certs on your mobile device for acceesing an exchange server with ssl.

Scripts for XDA_UC

I've been trying for the last couple of days to solve an issue (it's not really a problem) that has been irritating me for a while. The issue is that everytime i flash a new rom i have to spent a coupe of hours after configuring everything again. Now, I use the 6.5.x tree of NRGZ28's energy rom series, specifically the standard variant and i want to create some scripts that will automatically setup things like my exchange server, hotmail, opera user-agent string and wifi. I already have a script that is supposed to work for exchange (not tested it yet) and one for the wifi. The wifi one just doesn't work but i've just done some reading and i think i know why (More on that in a mo). So, i was wondering, has anyone tried this already? If so do you have the scripts that are needed or know where i can find them?
Now, back to the wifi script. The reason i believe it doesn't work is because it would appear that the wifi has to be on for the WLAN driver to accept the new configuration. Now when you install a new rom, as most of you will know, the wifi is turned off and those of you familiar with the energy rom series will know that xda_uc runs right after first boot allowing no time for the wifi to be enabled manually. So, i was thinking, is it possible to write some code that will enable the wifi at first boot so the configuration script will successfully modify the wifi configuration?
Thanks for your thoughts in advance guys and girls.
Have a look in the FAQ for the ROM and there is post for sample scripts. I used them last night and got hotmail and exchange working. Here's the link:
http://forum.xda-developers.com/showpost.php?p=7333558&postcount=19477
Check the FAQ - each time I re-read it I figure something else out.
lol and there was me thinking it would be a lot harder. i always skip past the faq because 9 times out of 10 they are always filled with things like "How do i flash a rom" etc but i do still have a feeling it's not going to cover all my questions, things like can i write some code to enable the wifi at first boot or some other things i haven't meantioned like can i write a script that will automatically configure omarket with my login details.
I want to go all out on this and have it set up so i have to do as little manual configuration as possible so some code samples and/or further pointer would be really handy.
Just had another look at the faq and found i already had the xml generator listed in the energy addons page. One small problem... I have no idea what the hotmail server configuration is. Any clues? if not i will google it later.
Got my hotmail script. No idea if it works, guess i'll have to test it at some point.
I'm still looking for info on how to enable the wifi at first boot. Although at this point i am open to suggestions on different methods that could be used.
I am also a little disappointed. i thought this one had more legs to it. oh well, you can't always get everything you want i guess.
Just a litlle update. I got the wifi to take the settings without turning it on. Well i say i did it when really it just seemed to work. i think it might have somethig to do with some new drivers that were cooked into the rom i use.
I dropped the hotmail script because i do actually use windows live fair often and i ended up with 2 hotmail email accounts in the email tab but with a couple of tweaks i did get my exchange settings script to work like a dream.
I'm now looking into setting the phone identity using a reg file. I gave it a go using a script i picked up but instead of doing what it was supposed to it just stopped the windows and HTC sms clients from working correctly and i can't figure out why (it caused the phone to create several undeleteable sms messages). I'll post the code at the bottom. I'm also wondering if it is possbile to have a script that will copy files (ringtones specifically) to the right location. I think XDA_UC will do this if you create the directory structure in a folder in the XDA_UC folder on the sd card (hope you followed that one). Can anyone confirm that? I also created a script to configure quickgps but that didn't seem to work, i'll post the code for that too.
I'm still wondering if it would be possible to configure the opera user agent string using some form of script or reg file and it would be really nice if i could something similar with BSB tweaks, agps, HTC location service and pretty much everything else tbh. So if anyone has any scripts, reg files or cab files they wanna share i will certainly welcome them and i'm sure that many others will too.
Anyway, to posting those reg files:
Code:
[HKEY_LOCAL_MACHINE\Ident]
"Name"="Lucifer"
"Desc"="HTC HD2"
"OrigName"="Lucifer"
Code:
[HKEY_LOCAL_MACHINE\Software\HTC\QuickGPS]
"auto"=dword:00000001
"actSync"=dword:00000001
"ExpiredTime"=dword:00002760
"remind"=dword:00000001
Check this out for reference [XDA_UC][UC][SASHIMI][S4X] S4X_Auto & S4X_Backup [AUG.10.2010] XDA_UC Mods & Answers
id some looking up on the device name thing and found this: http://msdn.microsoft.com/en-us/library/aa924188.aspx seems my reg key was a little wrong.
I've also managed to create a cab file that will install my ringtones and then setthem with all related options as the defaults. I know it's not very impressive but it's a step in the right direction. I think i may have a look at exporting the bsb tweaks settings later and see how that goes.
Oh one question: i have been looking for an .reg to xml converter but my google results all seem a little vague and i don;t know if can trust the programs i'm finding. Has anyone got any suggestions?
M3PH said:
Oh one question: i have been looking for an .reg to xml converter but my google results all seem a little vague and i don;t know if can trust the programs i'm finding. Has anyone got any suggestions?
Click to expand...
Click to collapse
I don't think you need to convert reg to xml. Just leave the .reg files in the XDA_UC directory and it should run automatically.
darkblak said:
I don't think you need to convert reg to xml. Just leave the .reg files in the XDA_UC directory and it should run automatically.
Click to expand...
Click to collapse
No, you're right. I have no idea what i was thinking.
Another little update. I have working reg files for opera ua string and quickgps. I've decided not to bother with bsb tweaks because it's so easy to setup but being able to preconfigure windows live would be cool. Also being able to preconfigure agps would be nice

[Q] Citrix Receiver on rooted NC

So, I'm having a blast with my new nook. So far it's done just about everything I've asked of it. But not this. My office has citrix remote access that is working fine for the ipad, and is in testing for a few approved android devices. Since I work with the guys who manage it, I ran a test or two today to see how the NC performs.
The good? Got connected. The bad? I get an SSL/TLS JSSE error when I try to launch apps. So, what's the deal? Do I need to get android 2.2 or is my fix something else? If it's just 2.2, then I'll wait for the rumored update probably.
Would a nookie froyo boot sd work well enough to test this out? If so I've got a spare card with honeycomb that might be getting wiped.
*rooted nook color 1.1 with the 'monster pack' bootable sd image*
also have the same problem! Let me know if you find a solution.
Yes you need at least 2.2. I'm running CM7 on my nook and the Citrix receiver works great. I also use it on my HTC EVO on 2.2 and it works there as well.
Yes the bookie froyo SD bootable should work fine.
huh, got busy and never got a chance to check back. from what I've read, if you install the certificate you can get access. however, there's no option on my nook to install from SD card.
still looking into this when i have time, just haven't really had time.
That's weird. I am using the Citrix receiver on my stock rooted NC and haven't seen any issues (yet). Granted, I only used the VNC app to remote into my work computer but it worked flawlessly.
Are you using the Citrix Receiver or the Citrix Labs Receiver. I know I have just the Receiver. Not sure what the difference is between the two (haven't really looked that closely) but it might be somthing to check.
Try to save the link to the app usually in the form of *.ica file type. Then launch that file through astro. I used this workaround on my Streak.
Using CM7 n30, Citrix wouldn't accepting SSL certificate initially but problem went away after n12 or so, working fine since.
Ok, did a little reading, and found the system reqs for citrix reciever.
Device
Citrix Receiver supports Android mobile devices with operating system 2.0 or later.
About Secure Connections and SSL Certificates
When securing remote connections using SSL, the mobile device verifies the authenticity of the remote gateway's SSL certificate against a local store of trusted root certificate authorities. The device automatically recognizes commercially issued certificates (such as VeriSign and Thawte) provided the root certificate for the certificate authority exists in the local keystore.
Private (Self-signed) Certificates
If a private certificate is installed on the remote gateway, the root certificate for the organization's certificate authority must be installed on the mobile device in order to successfully access Citrix resources using the Citrix Receiver.
Note: If the remote gateway's certificate cannot be verified upon connection (because the root certificate is not included in the local keystore), an untrusted certificate warning appears. If a user chooses to continue through the warning, a list of applications is displayed; however, application fails to launch.
Importing Root Certificates on Android Devices
Android devices currently do not support automatic import of root certificates. More importantly, gaining root access to a device or changing the keystore can result in an inoperable device.
Click to expand...
Click to collapse
Pretty sure we're using self signed certificates at my workplace, and I can get it, I just am not sure how to install/import it. Our remote access guy mentioned that on his android device he can go to security and then import a cert from the SD card, but if that option is on the Nook, I missed it under Nook Color Tools.
The other thing is that the cert needs to be exported to .p12, which should be trivial if we can actually find/activate the import from SD option.
rico posted on a thread on androidtablets.net
The setting in stock Android 2.1, can allow for apps secure certificates. In the NC, most SSL sites work automatically, but for those which require a more manual approach, I think the stock Android setting is need. So far I haven't found how to turn this setting on.
Click to expand...
Click to collapse
soo..... looks like unless i go from rooted to rom'ed, i'm scr*wed.
maybe after the rumored/legendary/elusive/mythical update that is coming any day now from B&N?
Nook Certs Import
I'm using CM7, running Gingerbread. Under Settings>Location & Security there is an option to Install from SD card.
I just don't know where to get a certificate that works.
envygreen said:
Ok, did a little reading, and found the system reqs for citrix reciever.
Pretty sure we're using self signed certificates at my workplace, and I can get it, I just am not sure how to install/import it. Our remote access guy mentioned that on his android device he can go to security and then import a cert from the SD card, but if that option is on the Nook, I missed it under Nook Color Tools.
The other thing is that the cert needs to be exported to .p12, which should be trivial if we can actually find/activate the import from SD option.
rico posted on a thread on androidtablets.net
soo..... looks like unless i go from rooted to rom'ed, i'm scr*wed.
maybe after the rumored/legendary/elusive/mythical update that is coming any day now from B&N?
Click to expand...
Click to collapse
Try running one of the SD card builds of CM7.
as suggested, I got a working SD bootable CM7 build running, and was able to connect with no issues, so it's purely a problem with older (2.1?) builds of android. The remote access guy here says that he believes that was resolved in 2.2 or even a late build of 2.1.
to clarify, i did NOT have to import a root or mid level cert from the SD card. once I was on (CM7) 2.3, citrix reciever just worked but on (rooted) 2.1 it did not.
Not sure what the fix is, if any, for anyone running a rooted nook instead of a custom rom. if I find a fix I'll update though.
I too find i can't get citrix working on a stick 1.1 rooted nook. It'll make the initial connection but wont bring up the desktop window. Is there an explanation and a workaround?
wkearney99 said:
I too find i can't get citrix working on a stick 1.1 rooted nook. It'll make the initial connection but wont bring up the desktop window. Is there an explanation and a workaround?
Click to expand...
Click to collapse
For me it works perfectly on my Epic 4g (Froyo), but not on my Xoom (HC3.1), where it would obviously be much more useful. Get my list of published apps but when I launch just sits at waiting. Same exact settings, very fustrating.
Citrix Reciever "The Server encountered an error"
All, I'm have a rooted NC that's at 1.2 running 2.2 (sorry, I'm not 100% on the right verbiage to use)
I downloaded and installed Citrix Receiver from the market. I enter all of my settings and it shows me my published apps. However, when I try to click on anyone of them I gett the following.
Server error "The server encountered an error."
Any idea on the fix?

[Q]Running Cisco AnyVPN for Atrix4G

Doesn't look like the app is ported to any android device except maybe samsungs.
Anyway to get this on the Atrix? Would be huge paired with my dock
I had it running on stock Froyo with a kernel that had tap/tun support. i downloaded it from the market...? I think it barked about samsung was the only "supported" device, but it worked for me on my atrix. also, it doesnt support any other cisco vpn other than "Any Connect" access, so if you are like me and wanted a full blown client youre SOL
Also, I didnt like the actual anyconnect client so I swapped it for "vpn widget" (which is pretty boss in my opinion). it allows for easy configuring and places an On/Off widget on your phone's home screen. works like a champ on CM7 and Gingrbread.
Sure it is. Works great on my Atrix. You need to be rooted and have a file placed in a system directory (turn.ko if I remember correctly).
It is a full VPN client securing the entire device. Tragic is rooted according to the administrators settings.
Check it out here:
market.android.com/details?id=com.cisco.anyconnect.vpn.android.rooted[/url]
Ok so first order of business would be to root the device...
So I found that tun.ko file, in which directory would it need to be placed?

Trouble setting up VPN on Android.

Hello everyone, I looked around and have never came close to finding something remotely similar to this so I might as well just post it here.
I'm trying to set up the hamachi VPN on my android in hopes I'll be able to use ES file explorer to access my computer files SMB from anywhere since it worked with a friends computer to mine, I don't see why I can't apply the same principal there so I might as well try.
Anyway, it sends me the certificates in an email, I install them, turn on VPN, forces a passcode and yada, yada, yada,
The problem is save is always greyed out and it's become frustrating. I mean Hamachi gives you screen shots of what to insert the settings. It should be that simple, enter the credentials and hit save. But no. It's grey and not letting me save and I have no idea why.
Could be something simple but I couldn't find a solution. I've only seen like 2 webpages related to hamachi on android period.
Thanks in advance for the assistance,
Aarix said:
Hello everyone, I looked around and have never came close to finding something remotely similar to this so I might as well just post it here.
I'm trying to set up the hamachi VPN on my android in hopes I'll be able to use ES file explorer to access my computer files SMB from anywhere since it worked with a friends computer to mine, I don't see why I can't apply the same principal there so I might as well try.
Anyway, it sends me the certificates in an email, I install them, turn on VPN, forces a passcode and yada, yada, yada,
The problem is save is always greyed out and it's become frustrating. I mean Hamachi gives you screen shots of what to insert the settings. It should be that simple, enter the credentials and hit save. But no. It's grey and not letting me save and I have no idea why.
Could be something simple but I couldn't find a solution. I've only seen like 2 webpages related to hamachi on android period.
Thanks in advance for the assistance,
Click to expand...
Click to collapse
I'm actually trying to do the same on my S4 with 4.3 os and I'm not even able to install the certificates. I got 3 of them in the email, hamachi.pfx, hamachiIntCA.crt and hamachiRootCA.crt and when I try to open them the system is asking me which program I want to open them in. Not quiet sure if it's just my handheld's settings but the instructions from Logmein state to just open them and they will istall automatically.
TIA
---------- Post added at 02:19 PM ---------- Previous post was at 01:44 PM ----------
Actually I got everything installed, just had a brain spazm before. LOL
Save is grayed out if you don't select a certificate for user and server. As soon as you select those from drop-down, save becomes available.
Now my only issue is it's not connecting, need to figure out what's going on.

Categories

Resources