Which is the best VPN software for Windows Mobile 6.5? I am wanting to connect to our work firewall which is a cisco concentrator using Ipsec and group authentication.
I have Tried NCP secure client, AnthaVPN
NCP Secure Client - Works but not well, constantly crashes and the gui is not very friendly for non techy staff which i want to roll VPN access out to.
AnthaVPN - Can not get this to work at all!
Bluefiresecurity - Looks like they have gone bust as their website no longer exists.
Is there a way to make 6.5 work out of the box or using scripts to connect? If not I am willing to pay for software just needs one that works properly and with a half decent GUI.
Thanks Guys.
Gazos
Can anyone help? Pretty desperate.
Gazos said:
Which is the best VPN software for Windows Mobile 6.5? I am wanting to connect to our work firewall which is a cisco concentrator using Ipsec and group authentication.
I have Tried NCP secure client, AnthaVPN
NCP Secure Client - Works but not well, constantly crashes and the gui is not very friendly for non techy staff which i want to roll VPN access out to.
AnthaVPN - Can not get this to work at all!
Bluefiresecurity - Looks like they have gone bust as their website no longer exists.
Is there a way to make 6.5 work out of the box or using scripts to connect? If not I am willing to pay for software just needs one that works properly and with a half decent GUI.
Thanks Guys.
Gazos
Click to expand...
Click to collapse
Update on Status:
NCP Secure Client - Still buggy
AnthaVPN - does not work well with 6.5 as it messes with registry and kills wifi
BlueFiresecurity - No Longer Available
Symantec Mobile VPN - Awesome app works a treat NO LONGER AVAILABLE TO PURCHASE ARHHHHHHHHHHHHHHHHHH!!!!!!!!!!!
Comebody must know the answer to this
Looks like its using the terrible le NCP then
Sent from my Desire HD using XDA App
I dont think this will help, but I use the Cisco AnyConnect client. Unfortunately the VPN concentrator has to be AnyConnect compatible. The standard PIX, FWSM and 3000 series concentrators aren't. But we are in the process of changing to a Cisco ASA solution, and while testing this it's the first time I can connect my HD2 to works VPN reliably.
996r said:
I dont think this will help, but I use the Cisco AnyConnect client. Unfortunately the VPN concentrator has to be AnyConnect compatible. The standard PIX, FWSM and 3000 series concentrators aren't. But we are in the process of changing to a Cisco ASA solution, and while testing this it's the first time I can connect my HD2 to works VPN reliably.
Click to expand...
Click to collapse
Thanks for the reply, Unfortunately our network is behind several firewalls and we actually use an ASA but the first firewall in the line which we use to connect through to our network on a vpn is an old concentrator which we have no control/access over.
Related
Using XDA VPN client to make PPTP tunnel to a Cisco PIX via the O2 GPRS network. PIX is set-up for PPTP and works when I use a Windows XP client. Using XDA, the tunnel connects but won't pass traffic. Cause seems to be that XDA and PIX endlessly have a PPP negotiation argument about MPPE compression standard. Tried 40 bit and 128 bit, no luck. Anybody ever succeed with XDA VPN client at all please?
Colin
I wonder if you are having the same routing confilct I have. I can email you a fix for this if you like.
Hi Martin, thanks for reply. We don't have a 10.x.x.x subnet, although it is possible that somewhere they may have a 192.168.x.x conflicting with us. I see evidence of 10.x.x.x and 172.x.x.x by probing. As the tunnel gets set up and authenticated, I supposed it wasn't routing causing my problem. From the PIX I see the PPP negotiation problem. Have you had success with the XDA VPN client?
Yes I have, but I was using an MS RAS server on the other end (and GPRS as the carrier network).
Hi Martin,
OK, it looks like the PPP negotiation problems have gone away, no clue why. Now I do have a routing problem it seems. Traceroute on XDA to my target 192.168.1.74 shows the following, up to a point where ICMP gets denied:-
172.26.248.210 (PRIVATE)
193.113.199.59 (GENIE/BT)
193.113.235.161 (Genie/BT)
193.113.199.130 (BT)
62.7.239.1 (BT)
*.*.*.* no response
Looks like BT have a 192.168.x.x subnet ot there beyond 62.7.239.1. Is this similar to the routing problem you found a fix for? If so, what did you do please?
martinlong1978 said:
I wonder if you are having the same routing confilct I have. I can email you a fix for this if you like.
Click to expand...
Click to collapse
hi same here, i establish the VPN connection but then no use as nothing works no remote desktop, no intranet site. Please let me know the fix. my email is [email protected]
I tested the WM5/6 PPTP VPN Client on the Wizard with a PIX running 6.3(5) and had problems with MPPE - like you the VPN would connect however I couldn't pass any traffic. I debugged the PIX and it was pointing to the encryption. I disabled encryption on the PIX and it worked, obviously though this isn't acceptable. I tested the same but using a Windows 2003 Server as the VPN device and this worked so it is some incompatiblity between the PIX implementation of MPPE and the WM5/6 PPTP client (XP client worked OK with the PIX).
I ended up getting L2TP/IPSec working and have used this since, there is more to configure on the PIX side but it's still achievable and its more secure than PPTP, plus this is where the technology is moving to anyway. PIX version 7 doesn't support PPTP anymore either.
Andy
this ROM uses internet sharing and when I try to use my Cisco VPN dialer... it craps out and says VPN sub-system not avail. It worked fine before through the modem settings..... any suggestions to get it working??? I am at a loss.
and its kind of driving me crazzy because I really need the VPN (but not willing to give up the all the nice enhancements with the new rom)
MetalSiren
P.S. I removed the auto detect on PIE and when I used internet sharing I can surf the web just fine... I dont get it.
metalsiren said:
this ROM uses internet sharing and when I try to use my Cisco VPN dialer... it craps out and says VPN sub-system not avail. It worked fine before through the modem settings..... any suggestions to get it working??? I am at a loss.
and its kind of driving me crazzy because I really need the VPN (but not willing to give up the all the nice enhancements with the new rom)
MetalSiren
P.S. I removed the auto detect on PIE and when I used internet sharing I can surf the web just fine... I dont get it.
Click to expand...
Click to collapse
Same issue with other VPN clients. The client is not binding to the PAN adapter. I'm looking to get this to work with Check Point client. I'll let you know what I find.
I'm having the same issue... just tried connecting to VPN using cisco client and it hangs up, I tried switching my to TCP (instead of UDP NAT/PAT) and avoided the hanging issue.
Any idea what the port would be if you want to use TCP??
sduarte said:
I'm having the same issue... just tried connecting to VPN using cisco client and it hangs up, I tried switching my to TCP (instead of UDP NAT/PAT) and avoided the hanging issue.
Any idea what the port would be if you want to use TCP??
Click to expand...
Click to collapse
by default (unless you tech changed it) its TCP 10,000 on a Cisco Concentrator or ASA. but it wont work... I tried TCP as well and its the same thing.
anyone have any ideas??????? please...... I am trying everything and still nothing...
metalsiren said:
anyone have any ideas??????? please...... I am trying everything and still nothing...
Click to expand...
Click to collapse
TCO is right. Your VPN software is not binding to the PAN adpater. I don't know if there is a solution to it.
edwinyuen said:
TCO is right. Your VPN software is not binding to the PAN adpater. I don't know if there is a solution to it.
Click to expand...
Click to collapse
Cisco VPN now runs as a service.... so I dont think a binding would be needed... would it?
metalsiren said:
Cisco VPN now runs as a service.... so I dont think a binding would be needed... would it?
Click to expand...
Click to collapse
Most client run as a service. They still bind to existing drivers....per Cisco:
you must have Administrator privileges to install the VPN Client on Windows NT and Windows 2000 because these operating systems require Administrator privileges to bind to the existing network drivers or to install new network drivers. The VPN Client software is networking software. You must have Administrator privileges to install it.
The problem is with binding to the driver for the PAN adapter. Still poking around to make this work
Any news on how to get VPN to work with AKU 3.X?? is there a way to install the old wireless modem program, so that we can at least have a work around while a solution is developed...
Where can i download the client cisco VPN for wm6 ?
metalsiren said:
this ROM uses internet sharing and when I try to use my Cisco VPN dialer... it craps out and says VPN sub-system not avail. It worked fine before through the modem settings..... any suggestions to get it working??? I am at a loss.
and its kind of driving me crazzy because I really need the VPN (but not willing to give up the all the nice enhancements with the new rom)
MetalSiren
P.S. I removed the auto detect on PIE and when I used internet sharing I can surf the web just fine... I dont get it.
Click to expand...
Click to collapse
Has anyone been able to find a solution to this?
Using Bluetooth PAN Internet Sharing, I am unable to use my Cisco VPN client to access my corporate network.
Thanks,
Phil
I have gone through the steps in the development post for [Module] tun.ko for stock 2.6.32.9 (for openvpn/vpnc/etc), http://forum.xda-developers.com/showthread.php?t=1013513. I am still unable to connect to my companies Cisco VPN router. I have rooted my Atrix and confirmed that tun.ko is running. Every time I try VPN Connections, it will not connect with no response after an attempt. I have also tried VPNC Widget which tells me "0:unexpected operatorError: root access missing! Waringin:'Advanced Routing' feature missing - VPN Conectivity might be lost after a while"
VPN access is all I am missing to get RDP working, at least I hope as I can use it on my home domain with my Windows server.
I am somewhat new to Android devices, other than tinkering with my old AT&T Tilt with Android 2.2 on NAND. Any help to resolve is much appreciated.
I am still unable to connect through my company's VPN. I have found out that we use a Cisco 3000 Concentrator. If anyone else has had luck with this model, I would like to hear about it.
I had a lot of issues getting mine to work too..
After hours of hunting and lots of logcats later I figured out VPNConnections is very picky about your busybox version. Something to do with the output of the ps command.
Check this thread (Mostly my last two posts on page 5): http://forum.xda-developers.com/showthread.php?p=13859822
Cliff Notes version:
I got it working with VPN Connections .6, Busybox 1.17.1, and the tun.ko posted by rozzco in that thread.
BB 1.17.1 is available from Stericsons BB installer under alternate versions.
If you need the APK for it or the VPN app lemme know and I'll post it.
FWIW, I never got VPNC widget to work. I had your same error,
I tried your suggestions, using the specific versions. Still no luck. Look at logcat, it appears to attempt to connect but ultimately finishes with "process stderr: no response from target".
scoob8000 do you know what VPN device through which you are connecting? I don't know if it is a issue with the Cisco VPN 3000 Concentrator we are using. There was a mention of retiring the device, but they do not know when or with what it will be replaced.
Did you try this one?
http://code.google.com/p/get-a-robot-vpnc/
That is the VPN Connections app scoob8000 has mentioned.
rgbaxter said:
I tried your suggestions, using the specific versions. Still no luck. Look at logcat, it appears to attempt to connect but ultimately finishes with "process stderr: no response from target".
scoob8000 do you know what VPN device through which you are connecting? I don't know if it is a issue with the Cisco VPN 3000 Concentrator we are using. There was a mention of retiring the device, but they do not know when or with what it will be replaced.
Click to expand...
Click to collapse
From memory I think it's juist a old 26xx series router.. (Don't quote me on this lol)
It almost sounds like your at least hitting the network. Can anyone try to see your attempted connections on the concentrator?
Working IPSEC VPN Client for Cisco VPN Concentrator
I know this is an old thread, but thought I would post an update anyway.
I recently started looking for a VPN client I could use with our Cisco VPM Concentrator, and ran across the one mentioned in this topic, VPN Connections. I installed it from the same link also posted by lhurtado earlier.
I think this may be a newer version than what was available at that time, though. Either way, I've got it working without any issues, and I'm able to VPN into my network, and use RDP without any issues.
I did try this on a non-rooted Asus Transformer TF-101, and it did not work. I only got a "Failed to Connect" message in VPN Connections. I'll have to see if I can find the logcat mentioned previously for any information on why it is failing, but I'm guessing the stock Kernel/ROM does not have tun.ko.
Here's the specs on what I've got:
Acer Iconia A500 (rooted), custom ROM (Taboonay 2.2) and Kernel (HoneyVillain 3.4)
BusyBox 1.19.2
VPN Connections 0.99
2X Client
Cisco VPN Concentrator 3005
Hope this helps someone else who is looking for a VPN client that works with the Cisco VPN Concentrators.
As long as your kernel support tap/tun configs, you can use the VPN Widget. I use it with our cisco equipment at the hospital I work for. It works like a champ! You will need to get your information to get it to work properly but its the only one I have found so far to work out of the box (with the proper kernel).
As for the OP, being this is an old thread I sure he gave up- however if he was trying to RDP using the hostname, that is not possible (without hackery). Always use your IP until we have CIFS support. NetBIOS name are not resolved on a linux platform without it. I use RDP/VNC with my VPN over 4G almost daily.
Beating a dead horse
OK...First off, thank you to everyone for looking into this.
I'm a Network Engineer that has the pleasure of supporting a Cisco 3030 VPN Concentrator from the stone age. For those with Iphones we just give the Facutly/Staff the IPSEC/PSK and use the native VPN client and all is well.
The Androids (which I'm a die hard fan of) don't work....UNTIL version 4.0.x arrived.
There is an app called VPNCILLA (or for those rooted VPN WIDGET) that works with the old style concentrators. VPNCILLA has a 10 day trial, but afterward is a $4.95 one time fee.
They both work flawlessly and are easily setup.
Just wanted to pass the word in case the one person in the world out there is still trying to get it to work (like me).
Thanks
Shayne
Hi
I have updated the Tab to Touchwiz today.
I read that Cisco VPN was meant to be available - and yet I can't see it.
Am I missing something?
Do I need to download from somewhere?
I tried AnyConnect ...is that the one?
It does not seem to work with our VPN Setup
M
I'm with you. I don't see a Cisco VPN app, and the native VPN seems unchanged.
I downloaded the one from the market and it worked. It is listed as Anyconnect. Tab 10.1 is not listed but it works.
Does it only work with certificate mode? Our VPN is set up with group password
Our network at work uses Group Secret IPSEC Cisco VPN with RSA Secure ID cards. I'm currently lead tech on the IPAD2 project to get all our executives using IPAD2's. We got them working without the anyconnect software using the built in Cisco VPN on the IPAD2. It connects faster than anything I've used before. Flick VPN on at the switch and it's there as soon as you put in the password. Very slick.
I was hoping for something similar on the Galaxy Tab just so I know it works. I'll download the update over the weekend and give it a shot early next week.
Once we get that working, I'll just have to get Citrix connectivity going and I'll be laughing
Did you look under Setting>Wireless and networks>VPN
cisco
Hi
yes I checked under the VPN settings - but they do not seemed changed since the update. Nothing seem to match the credential I need to input like a group password authentication
i can confirm also that its not there :/
Dang. I was really hoping TW had this as advertised. I can't connect to a lot of university services from home without AnyConnect. Part of the reason I picked up the SGT10.1 was to read PDFs I downloaded from EBSCO for my research.
Cisco AnyConnect for Samsung devices is the VPN that was referenced as being supported after the update. It's an SSL VPN client. If you are using IPSEC then I think you can use the native Android VPN.
From my understanding, SSL needed deeper access to the OS in order to function and that's why the TouchWiz update is fixing it... because somehow TouchWiz has access to those areas of the OS that were locked. It already worked if you had root... same deal I guess. Deeper access.
Please keep in mind the following:
To use the Cisco AnyConnect, you will need to download the app from the market. Once you do this, you must make sure your ASA has the AnyConnect Mobile license on it. If it does not, you will not be able to use AnyConnect on your Tablet.
I have it working on mine, pre-TW and will test it after I install TW.
~Scott~ said:
Cisco AnyConnect for Samsung devices is the VPN that was referenced as being supported after the update. It's an SSL VPN client. If you are using IPSEC then I think you can use the native Android VPN.
From my understanding, SSL needed deeper access to the OS in order to function and that's why the TouchWiz update is fixing it... because somehow TouchWiz has access to those areas of the OS that were locked. It already worked if you had root... same deal I guess. Deeper access.
Click to expand...
Click to collapse
And I had it from the market from before and can tell you that after the TW update
it's able to ping our VPN server properly and properly prompt for login details. Now to get IT to enable the license for access....
Please use the Q&A Forum for questions Thanks
Moving to Q&A
I'm trying to setup IPSec VPN tunnel from SGS3 with stock 4.0.4 firmware to Wathguard XTM firewall. Watchguard has official support for using IOS inbuilt Cisco VPN client so I was thinking I might get it working with Android too.
I was following Watchguard guide to setup IPSec for IOS (which url I cannot paste here) and basically settings are following:
Phase 1:
Auth : SHA1
Encryption: AES-128
PFS Group 2
SA life 1h and DPD
Pre-Shared Key
Phase 2:
Type: ESP
Auth: Sha1
Encryption AES-128
Lifetime 1h
No PFS
And in addition theres Active Directory authentication. SGS3 connects to firewall but I get "WARNING: Rejected phase 1 aggressive mode from x.x.x.x to x.x.x.x (no matching policy)" to firewall log, so apparently therese problems with phase 1 configuration. I've checked shared key many times, so I was wondering if anyone knows which auth/Encryption/PFS should be working on Android client and is there any pitfalls should one know?
I too am seeking a work around for the lack of official support for VPN on Watchguard devices. I have an XTM5 and a SGS3 with 4.04 on it. There is a discussion thread here (i can't post a link, so remove the space) http ://community.spiceworks.com/topic/221632-vpn-access-to-xtm-and-xedge-devices-with-droid-or-ipad?page=2#entry-1532015 that is covering the same topic, and apparently some have been successful, but I cannot get any of the VPN types to work. PPTP connects but no network communication. IPSec doesn't connect, even when configured as the directions for iOS explain... Any feedback on the subject would be helpful.
IPSec on Android ICS
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)
End_Bringer said:
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)
Click to expand...
Click to collapse
Hello,
I faced the same issue for VPN connection to my watchguard.
Where could I find the AuthenTec VPN Client v2.5.1? Is it free ? Not avaiable from the editor's website.
Thanks for your return
It appears that the VPN client on the Samsung Galaxy S3 (USA, Verizon) is not available for other devices...
My phone connects fine, but I have many employees with other phones/tabs that may need this connection as well, so our IT team is in the process of testing out other VPN clients that we found in the google play store. Here is our starter list. We will report back here if we find one that works with our Watchguard settings. Let me know if you find one that works as well. Thanks!
Tigervpns VPN client
Tigervpns
NCP VPN Client (Trial)
NCP engineering
NCP VPN Client Premium (Trial)
NCP engineering
VpnCilla (Trial)
Matthias Meier
strongSwan VPN Client
strongSwan Project
Hi. I already test vpn cilla + npc vpn client without success. I will test rhe other one and let you know.
Thks
Sent from my GT-I9300 using xda app-developers app
I connected my sgs2 skyrocket to an x550e without problems though it didn't support encryption (gingerbread vpn is broken) haven't tried with my sgs3 (running ics) yet but might try tonight.
Sent from my SAMSUNG-SGH-I747 using xda premium
One of our guys got the Google Nexus Tablet with Android Jelly Bean (4.1.1) to work with the Watchguard XTM 5 - IPSec VPN.
He was using the Android built-in VPN client.
These were the settings he used:
ipsec exauth: psk
ipsec identifier: mobile
We tested all the apps that I previously listed and no success. It seems that some of them have a lot of settings, and maybe with more testing one of them might work... But I doubt it.
so after much testing, even with my new XTM515 (before i had a x550e - though i remember getting it working on that with no encryption....)
on my XTM515 i can get connected but cannot pass traffic....
i followed the steps on the watchguard document "Set up IPSec VPN connectivity from an Android device [Fireware XTM v11.5.x and higher" step by step.
now its time to play with it myself, if i get anywhere i'll let you know.
What im seeing is that i can connect, but no traffic is being sent (very few packets, if any.. i.e 1 packet here and there)
Opened a trouble ticket with watchguard and after a few days of troubleshooting still unable to get it working on a sgs3..
The official response now is that ipsec is broken on our phones..
WatchGuard was able to connect to my vpn with other android phones but they didn't have a sgs3 to test..
Then they sent me links of other people with other people having the exact same problem
Seems its samsung specific and not android specific. Not sure what samsung does to change ipsec... But it's broken...
With my ios device before I came over to the dark side, ipsec with the watchguard worked perfectly fine...
Sent from my SAMSUNG-SGH-I747 using xda premium
Downloaded the ncp vpn client (trial), imported wgx profile and everything works fine!
If all goes well over my next day or two of testing, going to buy the full version
Sent from my SAMSUNG-SGH-I747 using xda premium
waiters said:
Downloaded the ncp vpn client (trial), imported wgx profile and everything works fine!
Click to expand...
Click to collapse
Where can I find the wgx profle? I don't have in my "Watch Guard Mobile VPN with SSL" directory
rcravero said:
Where can I find the wgx profle? I don't have in my "Watch Guard Mobile VPN with SSL" directory
Click to expand...
Click to collapse
You need to generate it from policy manager..
Under vpn - mobile vpn - ipsec - press generate button
Also mobile vpn with SSL is not the same thing as ipsec and will not work
Sent from my SAMSUNG-SGH-I747 using xda premium