IPSec tunnel SGS3 <-> Watchguard - Galaxy S III Q&A, Help & Troubleshooting

I'm trying to setup IPSec VPN tunnel from SGS3 with stock 4.0.4 firmware to Wathguard XTM firewall. Watchguard has official support for using IOS inbuilt Cisco VPN client so I was thinking I might get it working with Android too.
I was following Watchguard guide to setup IPSec for IOS (which url I cannot paste here) and basically settings are following:
Phase 1:
Auth : SHA1
Encryption: AES-128
PFS Group 2
SA life 1h and DPD
Pre-Shared Key
Phase 2:
Type: ESP
Auth: Sha1
Encryption AES-128
Lifetime 1h
No PFS
And in addition theres Active Directory authentication. SGS3 connects to firewall but I get "WARNING: Rejected phase 1 aggressive mode from x.x.x.x to x.x.x.x (no matching policy)" to firewall log, so apparently therese problems with phase 1 configuration. I've checked shared key many times, so I was wondering if anyone knows which auth/Encryption/PFS should be working on Android client and is there any pitfalls should one know?

I too am seeking a work around for the lack of official support for VPN on Watchguard devices. I have an XTM5 and a SGS3 with 4.04 on it. There is a discussion thread here (i can't post a link, so remove the space) http ://community.spiceworks.com/topic/221632-vpn-access-to-xtm-and-xedge-devices-with-droid-or-ipad?page=2#entry-1532015 that is covering the same topic, and apparently some have been successful, but I cannot get any of the VPN types to work. PPTP connects but no network communication. IPSec doesn't connect, even when configured as the directions for iOS explain... Any feedback on the subject would be helpful.

IPSec on Android ICS
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)

End_Bringer said:
Well, I finally got my Android Samsung Galaxy S3 (ICS) phone to connect to the Watchguard XTM 5 Firmware: 11.5.2 using IPSec. I followed the directions given by watchguard for connecting an IOS/OSX device. Then it was a matter of what VPN client to use. The default Android ICS VPN client under network settings would not work. I noticed that Samsung included a Third Party IPSec VPN client "AuthenTec VPN Client v2.5.1" (not able to find it in the Google Play store). This app did the trick with the default IPSec settings for Preshared Key IKEv1, with the Aggressive mode checked. My co-worker has the Samsung Nexus Tablet with Jellybean (4.1.1) and the native VPN tool works from that version, with default settings.
This discovery brings happiness and rejoicing to our entire IT team who all have Android phones or Tabs. I use 2X for RDP, (which works well), and "ES File Explorer" (free) for SMB file browsing. With these two tools I can do just about everything I did on my laptop. Anyone have better or more tools than these?
I have also tested IOS and Mac OSX 10.6.8 native VPN tool and they work well, as well as the original SSL client that has always worked.
WatchGuard should totally go public with this, many would benefit. It works great! (I wonder if there are some security holes that they are aware of that's preventing them from announcing Android support officially...)
Click to expand...
Click to collapse
Hello,
I faced the same issue for VPN connection to my watchguard.
Where could I find the AuthenTec VPN Client v2.5.1? Is it free ? Not avaiable from the editor's website.
Thanks for your return

It appears that the VPN client on the Samsung Galaxy S3 (USA, Verizon) is not available for other devices...
My phone connects fine, but I have many employees with other phones/tabs that may need this connection as well, so our IT team is in the process of testing out other VPN clients that we found in the google play store. Here is our starter list. We will report back here if we find one that works with our Watchguard settings. Let me know if you find one that works as well. Thanks!
Tigervpns VPN client
Tigervpns
NCP VPN Client (Trial)
NCP engineering
NCP VPN Client Premium (Trial)
NCP engineering
VpnCilla (Trial)
Matthias Meier
strongSwan VPN Client
strongSwan Project

Hi. I already test vpn cilla + npc vpn client without success. I will test rhe other one and let you know.
Thks
Sent from my GT-I9300 using xda app-developers app

I connected my sgs2 skyrocket to an x550e without problems though it didn't support encryption (gingerbread vpn is broken) haven't tried with my sgs3 (running ics) yet but might try tonight.
Sent from my SAMSUNG-SGH-I747 using xda premium

One of our guys got the Google Nexus Tablet with Android Jelly Bean (4.1.1) to work with the Watchguard XTM 5 - IPSec VPN.
He was using the Android built-in VPN client.
These were the settings he used:
ipsec exauth: psk
ipsec identifier: mobile
We tested all the apps that I previously listed and no success. It seems that some of them have a lot of settings, and maybe with more testing one of them might work... But I doubt it.

so after much testing, even with my new XTM515 (before i had a x550e - though i remember getting it working on that with no encryption....)
on my XTM515 i can get connected but cannot pass traffic....
i followed the steps on the watchguard document "Set up IPSec VPN connectivity from an Android device [Fireware XTM v11.5.x and higher" step by step.
now its time to play with it myself, if i get anywhere i'll let you know.
What im seeing is that i can connect, but no traffic is being sent (very few packets, if any.. i.e 1 packet here and there)

Opened a trouble ticket with watchguard and after a few days of troubleshooting still unable to get it working on a sgs3..
The official response now is that ipsec is broken on our phones..
WatchGuard was able to connect to my vpn with other android phones but they didn't have a sgs3 to test..
Then they sent me links of other people with other people having the exact same problem
Seems its samsung specific and not android specific. Not sure what samsung does to change ipsec... But it's broken...
With my ios device before I came over to the dark side, ipsec with the watchguard worked perfectly fine...
Sent from my SAMSUNG-SGH-I747 using xda premium

Downloaded the ncp vpn client (trial), imported wgx profile and everything works fine!
If all goes well over my next day or two of testing, going to buy the full version
Sent from my SAMSUNG-SGH-I747 using xda premium

waiters said:
Downloaded the ncp vpn client (trial), imported wgx profile and everything works fine!
Click to expand...
Click to collapse
Where can I find the wgx profle? I don't have in my "Watch Guard Mobile VPN with SSL" directory

rcravero said:
Where can I find the wgx profle? I don't have in my "Watch Guard Mobile VPN with SSL" directory
Click to expand...
Click to collapse
You need to generate it from policy manager..
Under vpn - mobile vpn - ipsec - press generate button
Also mobile vpn with SSL is not the same thing as ipsec and will not work
Sent from my SAMSUNG-SGH-I747 using xda premium

Related

[Q] What is the Best VPN app for cisco firewall

Which is the best VPN software for Windows Mobile 6.5? I am wanting to connect to our work firewall which is a cisco concentrator using Ipsec and group authentication.
I have Tried NCP secure client, AnthaVPN
NCP Secure Client - Works but not well, constantly crashes and the gui is not very friendly for non techy staff which i want to roll VPN access out to.
AnthaVPN - Can not get this to work at all!
Bluefiresecurity - Looks like they have gone bust as their website no longer exists.
Is there a way to make 6.5 work out of the box or using scripts to connect? If not I am willing to pay for software just needs one that works properly and with a half decent GUI.
Thanks Guys.
Gazos
Can anyone help? Pretty desperate.
Gazos said:
Which is the best VPN software for Windows Mobile 6.5? I am wanting to connect to our work firewall which is a cisco concentrator using Ipsec and group authentication.
I have Tried NCP secure client, AnthaVPN
NCP Secure Client - Works but not well, constantly crashes and the gui is not very friendly for non techy staff which i want to roll VPN access out to.
AnthaVPN - Can not get this to work at all!
Bluefiresecurity - Looks like they have gone bust as their website no longer exists.
Is there a way to make 6.5 work out of the box or using scripts to connect? If not I am willing to pay for software just needs one that works properly and with a half decent GUI.
Thanks Guys.
Gazos
Click to expand...
Click to collapse
Update on Status:
NCP Secure Client - Still buggy
AnthaVPN - does not work well with 6.5 as it messes with registry and kills wifi
BlueFiresecurity - No Longer Available
Symantec Mobile VPN - Awesome app works a treat NO LONGER AVAILABLE TO PURCHASE ARHHHHHHHHHHHHHHHHHH!!!!!!!!!!!
Comebody must know the answer to this
Looks like its using the terrible le NCP then
Sent from my Desire HD using XDA App
I dont think this will help, but I use the Cisco AnyConnect client. Unfortunately the VPN concentrator has to be AnyConnect compatible. The standard PIX, FWSM and 3000 series concentrators aren't. But we are in the process of changing to a Cisco ASA solution, and while testing this it's the first time I can connect my HD2 to works VPN reliably.
996r said:
I dont think this will help, but I use the Cisco AnyConnect client. Unfortunately the VPN concentrator has to be AnyConnect compatible. The standard PIX, FWSM and 3000 series concentrators aren't. But we are in the process of changing to a Cisco ASA solution, and while testing this it's the first time I can connect my HD2 to works VPN reliably.
Click to expand...
Click to collapse
Thanks for the reply, Unfortunately our network is behind several firewalls and we actually use an ASA but the first firewall in the line which we use to connect through to our network on a vpn is an old concentrator which we have no control/access over.

[Q] Cisco VPN in new touchwiz

Hi
I have updated the Tab to Touchwiz today.
I read that Cisco VPN was meant to be available - and yet I can't see it.
Am I missing something?
Do I need to download from somewhere?
I tried AnyConnect ...is that the one?
It does not seem to work with our VPN Setup
M
I'm with you. I don't see a Cisco VPN app, and the native VPN seems unchanged.
I downloaded the one from the market and it worked. It is listed as Anyconnect. Tab 10.1 is not listed but it works.
Does it only work with certificate mode? Our VPN is set up with group password
Our network at work uses Group Secret IPSEC Cisco VPN with RSA Secure ID cards. I'm currently lead tech on the IPAD2 project to get all our executives using IPAD2's. We got them working without the anyconnect software using the built in Cisco VPN on the IPAD2. It connects faster than anything I've used before. Flick VPN on at the switch and it's there as soon as you put in the password. Very slick.
I was hoping for something similar on the Galaxy Tab just so I know it works. I'll download the update over the weekend and give it a shot early next week.
Once we get that working, I'll just have to get Citrix connectivity going and I'll be laughing
Did you look under Setting>Wireless and networks>VPN
cisco
Hi
yes I checked under the VPN settings - but they do not seemed changed since the update. Nothing seem to match the credential I need to input like a group password authentication
i can confirm also that its not there :/
Dang. I was really hoping TW had this as advertised. I can't connect to a lot of university services from home without AnyConnect. Part of the reason I picked up the SGT10.1 was to read PDFs I downloaded from EBSCO for my research.
Cisco AnyConnect for Samsung devices is the VPN that was referenced as being supported after the update. It's an SSL VPN client. If you are using IPSEC then I think you can use the native Android VPN.
From my understanding, SSL needed deeper access to the OS in order to function and that's why the TouchWiz update is fixing it... because somehow TouchWiz has access to those areas of the OS that were locked. It already worked if you had root... same deal I guess. Deeper access.
Please keep in mind the following:
To use the Cisco AnyConnect, you will need to download the app from the market. Once you do this, you must make sure your ASA has the AnyConnect Mobile license on it. If it does not, you will not be able to use AnyConnect on your Tablet.
I have it working on mine, pre-TW and will test it after I install TW.
~Scott~ said:
Cisco AnyConnect for Samsung devices is the VPN that was referenced as being supported after the update. It's an SSL VPN client. If you are using IPSEC then I think you can use the native Android VPN.
From my understanding, SSL needed deeper access to the OS in order to function and that's why the TouchWiz update is fixing it... because somehow TouchWiz has access to those areas of the OS that were locked. It already worked if you had root... same deal I guess. Deeper access.
Click to expand...
Click to collapse
And I had it from the market from before and can tell you that after the TW update
it's able to ping our VPN server properly and properly prompt for login details. Now to get IT to enable the license for access....
Please use the Q&A Forum for questions Thanks
Moving to Q&A

[Q] VPN Connection

does anyone know how to make a working vpn connection with the touchpad?
i couldnt get one.
i have win 7
tried vnc too,
did anyone get an working vpn connection?
works for me. my proxy server uses pptp so i download pptp plugin from market and all's good.
I think if you have an ASA you can try the built in anayconnect client provided you have a mobile license activated on the Cisco otherwise use IPSEC on your gateway device. I never played with pptp on the touchpad before.
I saw this but what can I do by joining a VPN?
is there someone who can write up an a quick tutorial for the ones that dont know how to do it.
that would be apriated.
i want to control windows 7 remotly with it
jlove said:
is there someone who can write up an a quick tutorial for the ones that dont know how to do it.
that would be apriated.
i want to control windows 7 remotely with it
Click to expand...
Click to collapse
Bump... Same question. Out of all the people who have recently bought the touchpad, there has to be someone out there that can give a short explanation on how to use the native VPN capability to connect to a Windows system. I have searched all over the net for the answer and have come across many unanswered forum threads.
Below are instructions I used on Win 7 to create an incoming VPN connection to make it available to be connected to.
pcworld. com/article/210562/how_to_set_up_vpn_in_windows_7. html (take the two spaces out of the link, cant post links yet since Im a NOOB!!)
Step by Step: Building a VPN (Incoming)
Step 1 Click the Start button, and, in the search bar, type Network and Sharing.
Step 2 Click Change Adapter Settings in the left-hand menu.
Step 3 Click File, and then New Incoming Connection.
Step 4 Select the users you'd like to give access to and click Next.
Step 5 Click Through the Internet and select Next.
Step 6 Select the Internet Protocol you'd like to use. (The default TCP/IPv4--the line highlighted in the screenshot below--will work fine.)
Click to expand...
Click to collapse
On the touchpad when using the Cisco AnyConnect VPN connection type and enter the host name, I get this error "Connection attempt has failed due to configuration issue with server"
When using the VPNC connection type, and enter the host name and password, I am prompted to fill in several fields that I dont know what to enter.
I use my laptop to log into my Win7 desktop all the time easily via the Remote Desktop Connection app. Hopefully there is something similar coming to the touchpad.
I have an openvpn subscription with strongvpn - this works well for the technically deficient peeps like myself to have an added layer of security when using windows machines in a public wifi area (i.e. hotels)
I asked strongvpn about any support for webos, and they were not sure of any workarounds to date. Any new ideas on this? I am using an open vpn (as opposed to their ptpp). They said that on rooted android devices open vpn will work following one of their tutorials.
If you are technically sound only then you will be able to set up a VPN and solve these kind of issues yourself..Average PC users like me will avoid indulging in these configurations as they are too complicated for us
Why not try an already established, reliable VPN service provider for touchpad??
you can definitely Google them and can choose amongst the choices you get..That would be far easier believe me
[Q] VPN support
I was wondering if anyone has tried vpn support on the touchpad? I am looking at using it overseas as a way to watch amazon VOD while I travel.
Edit: Found out I needed to download a free app from app catalog for PTP support. Works now when I connect to my school network. Also I found out that playon services work too on touchpad so I might try that for netflix.

[Q] Using http proxy over VPN connection?

Hello
I need to connect to my companies network using the Cisco AnyConnect VPN client. At the same time, I also need to use my companies web proxy, when I wish to access the internet and even some internal sites.
Would anyone know, how this can be configured on rooted Nexus 5 or 7 devices (with OmniRom) and on a Note 3 with stock rom, all using Android 4.4.4?
I do know that I can set a http proxy in the Wi-Fi connection settings and also for the mobile data connection. But this does not seem to have an effect, when I connect to the VPN.
Well…? Any ideas how to set this up? Would be quite a blast - company is actually considering buying iPhone 6 Plus… :crying: For rather obvious reasons, that's not my preferred solution
Thanks a lot,
Alexander

vpn server on android mobile

hello lads, I am interested in making Android application that can be use as VPN server, any tips where I can start from ? Is it possible ? I have not see any good topic about this in net
I just wonder why you consider an Android app as a VPN server.
Is it just a portal for a specific LAN? Or do you need a general VPN server for encrypted internet connections?
Even if you can implement basic functions of this VPN server, don't you worry about its concurrent & load capacity as a 'server'? ......
Its definitely possible but you'll have to likely root the phone first.
I turned a rooted Android phone into a VPN server by using the Linux Deploy app and UNIX tools "busy box app" then running CentOS on Linux Deploy. I installed SoftEther VPN Server on CentOS through SSH on the phone.
I wrote about it in a forum. If you google "Turn a flashed to verizon phone into vpn server" it will come up in Aspkin forum and you can see me work through it.
This way is 100% free and SoftEther will tunnel straight through a firewall using port 443 unlike any paid app so you can leave the phone hidden anywhere connected to WiFi and as long as you use SoftEther Client and the DNS host name to connect to the server. It wont work if you use a openVPN or L2TP/IPsec client without opening ports on the router of the wifi connection, or the server IP address (which would be a local ip if connected to wifi hidden somewhere).
Click to expand...
Click to collapse
James_Watson said:
I just wonder why you consider an Android app as a VPN server.
Is it just a portal for a specific LAN? Or do you need a general VPN server for encrypted internet connections?
Even if you can implement basic functions of this VPN server, don't you worry about its concurrent & load capacity as a 'server'? ......
Click to expand...
Click to collapse
Thank you for your reply. I just want to make a VPN server that uses a mobile network and accepts connection from 1 device(concurrent or load capacity or encryption does not matter). It is a small part of my application and not for commercial use. so, everything is possible, to root a device or another way to do my goal.

Categories

Resources