VPN Access for Atrix? Client for IpSec? - Atrix 4G Q&A, Help & Troubleshooting

This could have been already covered elsewhere so if so, I apologize. VPN is a tough thing to search for being so short.
Anyways, trying to setup VPN access to my work network via my Atrix (HP Touchpad running AOKP too). I am new to the whole VPN thing, but as far as I can tell we are using IPSec, I access via cisco vpn client from my work laptop.
Running Nottachtrix 1.3.1, from the native VPN setting under wireless I cannot generate a connection. On my touchpad booting in webOS, I am able (I think) to connect to the VPN and enter all the parameters I have:
Address ##.###.###.###
group access name
group access code
domain
my personal login username and password
It says I am connected on the touchpad in webOS, but there is no field for group access name or access code in the android VPN settings. Is there a 3rd party client software I should use? Is this unsupported at this time?

This should be pretty straight forward if simple ipsec PSK (preshared key), you should just need the server name and preshared key (vpn password, not user password) to connect. when connecting, it should ask for your user credentials, which should map you to access groups (either locally on vpn device or LDAP mapping through RADIUS). Unfortunately there isn't nearly enough info to properly diagnose.
Sent from my MB860 using xda premium

Although, if you are required to enter group info, you will likely need another client such as cisco.
Sent from my MB860 using xda premium

Related

[Q] Wireless tether for root users - DNS redirect

I'm running a Piratebox web server on my phone - Does anyone know if there's a way to adjust DNS and re-direct everyone to my phones web server when they are tethering from my phone?
+1 to this question.
I am currently trying to find a way to get some android devices, which are working as AdHoc clients), and I want an app running on them to connect to a "server" address instead of using a specific, fixed IP address. I meant to do this programatically, by creating a socket to an InetAddress resolution of the "server" address. I assume InetAddress will use the DNS defined on the wireless interface to make this translation, but its Java, and that assumption really depends on the low level impl. of InetAddress.
So yeah, DNS redirect from the DNS server running on the AdHoc host, which by association also runs Wireless Tether for root users. How can we do it?
I have tried some redirections from the hosts file (zone file), location in "system/etc/hosts". My device, like many others, comes preloaded with a bunch of IP-hostname redirections, but these only seem to work locally, e.g.:
gugle.com redirects to 127.0.0.1 (in the hosts: "gugle.com 127.0.0.1")
If I input this address on the AdHoc host, gugle.com will redirect to my http port 80 landing (I have a web server running on the device to test this).
If I input this address on an AdHoc client, it doesnt return anything. I'm guessing the DNS server running on the host does not use the zone file from the OS.
So the question remains - where can we define a redirection from the DNS server that runs on the Wireless Tethering for root users device.

IPSec tunnel SGS3 <-> Watchguard

I'm trying to setup IPSec VPN tunnel from SGS3 with stock 4.0.4 firmware to Wathguard XTM firewall. Watchguard has official support for using IOS inbuilt Cisco VPN client so I was thinking I might get it working with Android too.
I was following Watchguard guide to setup IPSec for IOS (which url I cannot paste here) and basically settings are following:
Phase 1:
Auth : SHA1
Encryption: AES-128
PFS Group 2
SA life 1h and DPD
Pre-Shared Key
Phase 2:
Type: ESP
Auth: Sha1
Encryption AES-128
Lifetime 1h
No PFS
And in addition theres Active Directory authentication. SGS3 connects to firewall but I get "WARNING: Rejected phase 1 aggressive mode from x.x.x.x to x.x.x.x (no matching policy)" to firewall log, so apparently therese problems with phase 1 configuration. I've checked shared key many times, so I was wondering if anyone knows which auth/Encryption/PFS should be working on Android client and is there any pitfalls should one know?
I too am seeking a work around for the lack of official support for VPN on Watchguard devices. I have an XTM5 and a SGS3 with 4.04 on it. There is a discussion thread here (i can't post a link, so remove the space) http ://community.spiceworks.com/topic/221632-vpn-access-to-xtm-and-xedge-devices-with-droid-or-ipad?page=2#entry-1532015 that is covering the same topic, and apparently some have been successful, but I cannot get any of the VPN types to work. PPTP connects but no network communication. IPSec doesn't connect, even when configured as the directions for iOS explain... Any feedback on the subject would be helpful.
IPSec on Android ICS
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)
End_Bringer said:
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)
Click to expand...
Click to collapse
Hello,
I faced the same issue for VPN connection to my watchguard.
Where could I find the AuthenTec VPN Client v2.5.1? Is it free ? Not avaiable from the editor's website.
Thanks for your return
It appears that the VPN client on the Samsung Galaxy S3 (USA, Verizon) is not available for other devices...
My phone connects fine, but I have many employees with other phones/tabs that may need this connection as well, so our IT team is in the process of testing out other VPN clients that we found in the google play store. Here is our starter list. We will report back here if we find one that works with our Watchguard settings. Let me know if you find one that works as well. Thanks!
Tigervpns VPN client
Tigervpns
NCP VPN Client (Trial)
NCP engineering
NCP VPN Client Premium (Trial)
NCP engineering
VpnCilla (Trial)
Matthias Meier
strongSwan VPN Client
strongSwan Project
Hi. I already test vpn cilla + npc vpn client without success. I will test rhe other one and let you know.
Thks
Sent from my GT-I9300 using xda app-developers app
I connected my sgs2 skyrocket to an x550e without problems though it didn't support encryption (gingerbread vpn is broken) haven't tried with my sgs3 (running ics) yet but might try tonight.
Sent from my SAMSUNG-SGH-I747 using xda premium
One of our guys got the Google Nexus Tablet with Android Jelly Bean (4.1.1) to work with the Watchguard XTM 5 - IPSec VPN.
He was using the Android built-in VPN client.
These were the settings he used:
ipsec exauth: psk
ipsec identifier: mobile
We tested all the apps that I previously listed and no success. It seems that some of them have a lot of settings, and maybe with more testing one of them might work... But I doubt it.
so after much testing, even with my new XTM515 (before i had a x550e - though i remember getting it working on that with no encryption....)
on my XTM515 i can get connected but cannot pass traffic....
i followed the steps on the watchguard document "Set up IPSec VPN connectivity from an Android device [Fireware XTM v11.5.x and higher" step by step.
now its time to play with it myself, if i get anywhere i'll let you know.
What im seeing is that i can connect, but no traffic is being sent (very few packets, if any.. i.e 1 packet here and there)
Opened a trouble ticket with watchguard and after a few days of troubleshooting still unable to get it working on a sgs3..
The official response now is that ipsec is broken on our phones..
WatchGuard was able to connect to my vpn with other android phones but they didn't have a sgs3 to test..
Then they sent me links of other people with other people having the exact same problem
Seems its samsung specific and not android specific. Not sure what samsung does to change ipsec... But it's broken...
With my ios device before I came over to the dark side, ipsec with the watchguard worked perfectly fine...
Sent from my SAMSUNG-SGH-I747 using xda premium
Downloaded the ncp vpn client (trial), imported wgx profile and everything works fine!
If all goes well over my next day or two of testing, going to buy the full version
Sent from my SAMSUNG-SGH-I747 using xda premium
waiters said:
Downloaded the ncp vpn client (trial), imported wgx profile and everything works fine!
Click to expand...
Click to collapse
Where can I find the wgx profle? I don't have in my "Watch Guard Mobile VPN with SSL" directory
rcravero said:
Where can I find the wgx profle? I don't have in my "Watch Guard Mobile VPN with SSL" directory
Click to expand...
Click to collapse
You need to generate it from policy manager..
Under vpn - mobile vpn - ipsec - press generate button
Also mobile vpn with SSL is not the same thing as ipsec and will not work
Sent from my SAMSUNG-SGH-I747 using xda premium

Cisco VPN IPsec

Hi,
I am seeking an advice, how to connect to vpn server via android phone. I have server address, user login and password, certificate and pass to it Propably the type as stated in headline not sure if IKEv1 or IKEv2, i was told it works to connect with those data provided thru iphone. Can someone explain to me how to do that on android please?
Sent from my GT-I9100 using xda app-developers app

[Q] Help with VPN with Mac 10.8 OS X Server

I have a Mac mini running OS X 10.8.2 with the OS X Server 2.2.1 from the app store, and I have set up the VPN using L2TP in the Server.app interface. I have tested this VPN connection using a Macbook, which works, but I can't figure out how to get Android's built-in VPN to work.
Current set-up:
I have opened ports 500, 1701, 1723, and 4500 on my router.
I am using a dynamic DNS from no-ip.com, we'll say hostname.no-ip.org
I have set a "Shared Secret", we'll say 1234567890
I have set up an account for my android phone on the server, let's say the user name is "nexus" and the password is "google"
On the Macbook, I simply use the DNS, the secret, and credentials that I have set up on the server, and it connects.
On my Android device (Nexus 4 4.2.2) I am using the following settings:
Name: Mac Server
Type: L2TP/IPSec PSK
Server address: hostname.no-ip.org
LT2TP secret: (not used)
IPSec identifier: (not used)
IPSec pre-shared key: 1234567890
When I try to connect using these settings, it prompts for the username and password, so I enter "nexus" and "google". It sits there saying "Connecting..." for maybe 30 seconds and then it just goes back to "Disconnected" with no error or other message. I have also tried putting the "Shared Secret" in the L2TP secret field, but with the same result.
Is the built-in Android VPN simply incompatible with OS X Server's VPN? Or have I misconfigured something?
Note: I would strongly prefer to continue using L2TP, and not the less-secure PPTP VPN
Ok, so I have managed to connect to the VPN when doing it INSIDE the network to the IP of the server (lets say 192.168.1.2). If I change the address to hostname.no-ip.org it won't connect, although it is working for everything else (such as web, etc).
I have tried on my iPad and I can connect just fine either from inside the network or over 3G connection.
On the Nexus I have tried to change the hostname.no-ip.org to my public IP address but it will not work either.
The funny thing is that when I try to make it work outside the server, the mac server log will show nothing, while every other test I run it logs it perfectly.
I think something is very broken in the way VPN is implemented in Android. Am I the only one finding himself in this situation?
....your missing a very large part.....
FORWARD YOUR PORTS ON YOUR ROUTER
Also in your router look for anything relating to VPN.
Also some routers will not alow you to conect from the external ip internally. I hate routers like that..
and why run osx server on a macbook?
if you want a secure home vpn, go find a old windows computer any p4 will do and install linux and install vpn services on it.

vpn server on android mobile

hello lads, I am interested in making Android application that can be use as VPN server, any tips where I can start from ? Is it possible ? I have not see any good topic about this in net
I just wonder why you consider an Android app as a VPN server.
Is it just a portal for a specific LAN? Or do you need a general VPN server for encrypted internet connections?
Even if you can implement basic functions of this VPN server, don't you worry about its concurrent & load capacity as a 'server'? ......
Its definitely possible but you'll have to likely root the phone first.
I turned a rooted Android phone into a VPN server by using the Linux Deploy app and UNIX tools "busy box app" then running CentOS on Linux Deploy. I installed SoftEther VPN Server on CentOS through SSH on the phone.
I wrote about it in a forum. If you google "Turn a flashed to verizon phone into vpn server" it will come up in Aspkin forum and you can see me work through it.
This way is 100% free and SoftEther will tunnel straight through a firewall using port 443 unlike any paid app so you can leave the phone hidden anywhere connected to WiFi and as long as you use SoftEther Client and the DNS host name to connect to the server. It wont work if you use a openVPN or L2TP/IPsec client without opening ports on the router of the wifi connection, or the server IP address (which would be a local ip if connected to wifi hidden somewhere).
Click to expand...
Click to collapse
James_Watson said:
I just wonder why you consider an Android app as a VPN server.
Is it just a portal for a specific LAN? Or do you need a general VPN server for encrypted internet connections?
Even if you can implement basic functions of this VPN server, don't you worry about its concurrent & load capacity as a 'server'? ......
Click to expand...
Click to collapse
Thank you for your reply. I just want to make a VPN server that uses a mobile network and accepts connection from 1 device(concurrent or load capacity or encryption does not matter). It is a small part of my application and not for commercial use. so, everything is possible, to root a device or another way to do my goal.

Categories

Resources