Has anyone tried using an IPSEC VPN connection - type PSK with XAUTH to connect to a VPN?
I've used the settings I've entered on iphones, ipads and with numerous software VPN clients, both Windows and Mac. I simply cannot get it to connect.
I've looked at the logs on the firewall - The SA and username look correct, but it still says that there is no match found.
Has anyone tried this or any other VPN type with any success?
Thanks!
This is a known open issue (bug) - no. 23124
Sucks.
Thanks for the info! Wish it had been better news :-D
Related
Using XDA VPN client to make PPTP tunnel to a Cisco PIX via the O2 GPRS network. PIX is set-up for PPTP and works when I use a Windows XP client. Using XDA, the tunnel connects but won't pass traffic. Cause seems to be that XDA and PIX endlessly have a PPP negotiation argument about MPPE compression standard. Tried 40 bit and 128 bit, no luck. Anybody ever succeed with XDA VPN client at all please?
Colin
I wonder if you are having the same routing confilct I have. I can email you a fix for this if you like.
Hi Martin, thanks for reply. We don't have a 10.x.x.x subnet, although it is possible that somewhere they may have a 192.168.x.x conflicting with us. I see evidence of 10.x.x.x and 172.x.x.x by probing. As the tunnel gets set up and authenticated, I supposed it wasn't routing causing my problem. From the PIX I see the PPP negotiation problem. Have you had success with the XDA VPN client?
Yes I have, but I was using an MS RAS server on the other end (and GPRS as the carrier network).
Hi Martin,
OK, it looks like the PPP negotiation problems have gone away, no clue why. Now I do have a routing problem it seems. Traceroute on XDA to my target 192.168.1.74 shows the following, up to a point where ICMP gets denied:-
172.26.248.210 (PRIVATE)
193.113.199.59 (GENIE/BT)
193.113.235.161 (Genie/BT)
193.113.199.130 (BT)
62.7.239.1 (BT)
*.*.*.* no response
Looks like BT have a 192.168.x.x subnet ot there beyond 62.7.239.1. Is this similar to the routing problem you found a fix for? If so, what did you do please?
martinlong1978 said:
I wonder if you are having the same routing confilct I have. I can email you a fix for this if you like.
Click to expand...
Click to collapse
hi same here, i establish the VPN connection but then no use as nothing works no remote desktop, no intranet site. Please let me know the fix. my email is [email protected]
I tested the WM5/6 PPTP VPN Client on the Wizard with a PIX running 6.3(5) and had problems with MPPE - like you the VPN would connect however I couldn't pass any traffic. I debugged the PIX and it was pointing to the encryption. I disabled encryption on the PIX and it worked, obviously though this isn't acceptable. I tested the same but using a Windows 2003 Server as the VPN device and this worked so it is some incompatiblity between the PIX implementation of MPPE and the WM5/6 PPTP client (XP client worked OK with the PIX).
I ended up getting L2TP/IPSec working and have used this since, there is more to configure on the PIX side but it's still achievable and its more secure than PPTP, plus this is where the technology is moving to anyway. PIX version 7 doesn't support PPTP anymore either.
Andy
does anyone know how to make a working vpn connection with the touchpad?
i couldnt get one.
i have win 7
tried vnc too,
did anyone get an working vpn connection?
works for me. my proxy server uses pptp so i download pptp plugin from market and all's good.
I think if you have an ASA you can try the built in anayconnect client provided you have a mobile license activated on the Cisco otherwise use IPSEC on your gateway device. I never played with pptp on the touchpad before.
I saw this but what can I do by joining a VPN?
is there someone who can write up an a quick tutorial for the ones that dont know how to do it.
that would be apriated.
i want to control windows 7 remotly with it
jlove said:
is there someone who can write up an a quick tutorial for the ones that dont know how to do it.
that would be apriated.
i want to control windows 7 remotely with it
Click to expand...
Click to collapse
Bump... Same question. Out of all the people who have recently bought the touchpad, there has to be someone out there that can give a short explanation on how to use the native VPN capability to connect to a Windows system. I have searched all over the net for the answer and have come across many unanswered forum threads.
Below are instructions I used on Win 7 to create an incoming VPN connection to make it available to be connected to.
pcworld. com/article/210562/how_to_set_up_vpn_in_windows_7. html (take the two spaces out of the link, cant post links yet since Im a NOOB!!)
Step by Step: Building a VPN (Incoming)
Step 1 Click the Start button, and, in the search bar, type Network and Sharing.
Step 2 Click Change Adapter Settings in the left-hand menu.
Step 3 Click File, and then New Incoming Connection.
Step 4 Select the users you'd like to give access to and click Next.
Step 5 Click Through the Internet and select Next.
Step 6 Select the Internet Protocol you'd like to use. (The default TCP/IPv4--the line highlighted in the screenshot below--will work fine.)
Click to expand...
Click to collapse
On the touchpad when using the Cisco AnyConnect VPN connection type and enter the host name, I get this error "Connection attempt has failed due to configuration issue with server"
When using the VPNC connection type, and enter the host name and password, I am prompted to fill in several fields that I dont know what to enter.
I use my laptop to log into my Win7 desktop all the time easily via the Remote Desktop Connection app. Hopefully there is something similar coming to the touchpad.
I have an openvpn subscription with strongvpn - this works well for the technically deficient peeps like myself to have an added layer of security when using windows machines in a public wifi area (i.e. hotels)
I asked strongvpn about any support for webos, and they were not sure of any workarounds to date. Any new ideas on this? I am using an open vpn (as opposed to their ptpp). They said that on rooted android devices open vpn will work following one of their tutorials.
If you are technically sound only then you will be able to set up a VPN and solve these kind of issues yourself..Average PC users like me will avoid indulging in these configurations as they are too complicated for us
Why not try an already established, reliable VPN service provider for touchpad??
you can definitely Google them and can choose amongst the choices you get..That would be far easier believe me
[Q] VPN support
I was wondering if anyone has tried vpn support on the touchpad? I am looking at using it overseas as a way to watch amazon VOD while I travel.
Edit: Found out I needed to download a free app from app catalog for PTP support. Works now when I connect to my school network. Also I found out that playon services work too on touchpad so I might try that for netflix.
I'm trying to setup IPSec VPN tunnel from SGS3 with stock 4.0.4 firmware to Wathguard XTM firewall. Watchguard has official support for using IOS inbuilt Cisco VPN client so I was thinking I might get it working with Android too.
I was following Watchguard guide to setup IPSec for IOS (which url I cannot paste here) and basically settings are following:
Phase 1:
Auth : SHA1
Encryption: AES-128
PFS Group 2
SA life 1h and DPD
Pre-Shared Key
Phase 2:
Type: ESP
Auth: Sha1
Encryption AES-128
Lifetime 1h
No PFS
And in addition theres Active Directory authentication. SGS3 connects to firewall but I get "WARNING: Rejected phase 1 aggressive mode from x.x.x.x to x.x.x.x (no matching policy)" to firewall log, so apparently therese problems with phase 1 configuration. I've checked shared key many times, so I was wondering if anyone knows which auth/Encryption/PFS should be working on Android client and is there any pitfalls should one know?
I too am seeking a work around for the lack of official support for VPN on Watchguard devices. I have an XTM5 and a SGS3 with 4.04 on it. There is a discussion thread here (i can't post a link, so remove the space) http ://community.spiceworks.com/topic/221632-vpn-access-to-xtm-and-xedge-devices-with-droid-or-ipad?page=2#entry-1532015 that is covering the same topic, and apparently some have been successful, but I cannot get any of the VPN types to work. PPTP connects but no network communication. IPSec doesn't connect, even when configured as the directions for iOS explain... Any feedback on the subject would be helpful.
IPSec on Android ICS
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)
End_Bringer said:
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)
Click to expand...
Click to collapse
Hello,
I faced the same issue for VPN connection to my watchguard.
Where could I find the AuthenTec VPN Client v2.5.1? Is it free ? Not avaiable from the editor's website.
Thanks for your return
It appears that the VPN client on the Samsung Galaxy S3 (USA, Verizon) is not available for other devices...
My phone connects fine, but I have many employees with other phones/tabs that may need this connection as well, so our IT team is in the process of testing out other VPN clients that we found in the google play store. Here is our starter list. We will report back here if we find one that works with our Watchguard settings. Let me know if you find one that works as well. Thanks!
Tigervpns VPN client
Tigervpns
NCP VPN Client (Trial)
NCP engineering
NCP VPN Client Premium (Trial)
NCP engineering
VpnCilla (Trial)
Matthias Meier
strongSwan VPN Client
strongSwan Project
Hi. I already test vpn cilla + npc vpn client without success. I will test rhe other one and let you know.
Thks
Sent from my GT-I9300 using xda app-developers app
I connected my sgs2 skyrocket to an x550e without problems though it didn't support encryption (gingerbread vpn is broken) haven't tried with my sgs3 (running ics) yet but might try tonight.
Sent from my SAMSUNG-SGH-I747 using xda premium
One of our guys got the Google Nexus Tablet with Android Jelly Bean (4.1.1) to work with the Watchguard XTM 5 - IPSec VPN.
He was using the Android built-in VPN client.
These were the settings he used:
ipsec exauth: psk
ipsec identifier: mobile
We tested all the apps that I previously listed and no success. It seems that some of them have a lot of settings, and maybe with more testing one of them might work... But I doubt it.
so after much testing, even with my new XTM515 (before i had a x550e - though i remember getting it working on that with no encryption....)
on my XTM515 i can get connected but cannot pass traffic....
i followed the steps on the watchguard document "Set up IPSec VPN connectivity from an Android device [Fireware XTM v11.5.x and higher" step by step.
now its time to play with it myself, if i get anywhere i'll let you know.
What im seeing is that i can connect, but no traffic is being sent (very few packets, if any.. i.e 1 packet here and there)
Opened a trouble ticket with watchguard and after a few days of troubleshooting still unable to get it working on a sgs3..
The official response now is that ipsec is broken on our phones..
WatchGuard was able to connect to my vpn with other android phones but they didn't have a sgs3 to test..
Then they sent me links of other people with other people having the exact same problem
Seems its samsung specific and not android specific. Not sure what samsung does to change ipsec... But it's broken...
With my ios device before I came over to the dark side, ipsec with the watchguard worked perfectly fine...
Sent from my SAMSUNG-SGH-I747 using xda premium
Downloaded the ncp vpn client (trial), imported wgx profile and everything works fine!
If all goes well over my next day or two of testing, going to buy the full version
Sent from my SAMSUNG-SGH-I747 using xda premium
waiters said:
Downloaded the ncp vpn client (trial), imported wgx profile and everything works fine!
Click to expand...
Click to collapse
Where can I find the wgx profle? I don't have in my "Watch Guard Mobile VPN with SSL" directory
rcravero said:
Where can I find the wgx profle? I don't have in my "Watch Guard Mobile VPN with SSL" directory
Click to expand...
Click to collapse
You need to generate it from policy manager..
Under vpn - mobile vpn - ipsec - press generate button
Also mobile vpn with SSL is not the same thing as ipsec and will not work
Sent from my SAMSUNG-SGH-I747 using xda premium
I have a Mac mini running OS X 10.8.2 with the OS X Server 2.2.1 from the app store, and I have set up the VPN using L2TP in the Server.app interface. I have tested this VPN connection using a Macbook, which works, but I can't figure out how to get Android's built-in VPN to work.
Current set-up:
I have opened ports 500, 1701, 1723, and 4500 on my router.
I am using a dynamic DNS from no-ip.com, we'll say hostname.no-ip.org
I have set a "Shared Secret", we'll say 1234567890
I have set up an account for my android phone on the server, let's say the user name is "nexus" and the password is "google"
On the Macbook, I simply use the DNS, the secret, and credentials that I have set up on the server, and it connects.
On my Android device (Nexus 4 4.2.2) I am using the following settings:
Name: Mac Server
Type: L2TP/IPSec PSK
Server address: hostname.no-ip.org
LT2TP secret: (not used)
IPSec identifier: (not used)
IPSec pre-shared key: 1234567890
When I try to connect using these settings, it prompts for the username and password, so I enter "nexus" and "google". It sits there saying "Connecting..." for maybe 30 seconds and then it just goes back to "Disconnected" with no error or other message. I have also tried putting the "Shared Secret" in the L2TP secret field, but with the same result.
Is the built-in Android VPN simply incompatible with OS X Server's VPN? Or have I misconfigured something?
Note: I would strongly prefer to continue using L2TP, and not the less-secure PPTP VPN
Ok, so I have managed to connect to the VPN when doing it INSIDE the network to the IP of the server (lets say 192.168.1.2). If I change the address to hostname.no-ip.org it won't connect, although it is working for everything else (such as web, etc).
I have tried on my iPad and I can connect just fine either from inside the network or over 3G connection.
On the Nexus I have tried to change the hostname.no-ip.org to my public IP address but it will not work either.
The funny thing is that when I try to make it work outside the server, the mac server log will show nothing, while every other test I run it logs it perfectly.
I think something is very broken in the way VPN is implemented in Android. Am I the only one finding himself in this situation?
....your missing a very large part.....
FORWARD YOUR PORTS ON YOUR ROUTER
Also in your router look for anything relating to VPN.
Also some routers will not alow you to conect from the external ip internally. I hate routers like that..
and why run osx server on a macbook?
if you want a secure home vpn, go find a old windows computer any p4 will do and install linux and install vpn services on it.
Hello
I need to connect to my companies network using the Cisco AnyConnect VPN client. At the same time, I also need to use my companies web proxy, when I wish to access the internet and even some internal sites.
Would anyone know, how this can be configured on rooted Nexus 5 or 7 devices (with OmniRom) and on a Note 3 with stock rom, all using Android 4.4.4?
I do know that I can set a http proxy in the Wi-Fi connection settings and also for the mobile data connection. But this does not seem to have an effect, when I connect to the VPN.
Well…? Any ideas how to set this up? Would be quite a blast - company is actually considering buying iPhone 6 Plus… :crying: For rather obvious reasons, that's not my preferred solution
Thanks a lot,
Alexander