I am trying to set up a vpn connection on the xda. I can get this to work if I set up my firewall to accept un-encrypted data, but obviously this is not the best.
Does WM2003 support MPPE encryption? At what level (ie. 40 bit, 50-whatever bit, 128 bit)?
Thanks,
Cuinn.
VPN connection from XDA
Unless you use a client for your firewall (SecuRemote for Checkpoint / EasyVPN and others for Cisco) you can only initiate L2TP or PPTP connections which will terminate fine onto a 2000 server / ISA server even over a Natted connection.
Bear in mind if you use a client, SecuRemote grinds my connection to a halt over GPRS as the processing overhead on the XDA is horrendous. L2TP/PPTP terminated on an MS ISA server seems the best solution. You can always hide ISA behind your proper firewall for added security, but the licensing will cost you unless you already use it as a proxy etc.
Thanks Pete,
I am running a PPTP VPN currently, which should support MPPE Data Encryption, but which does not seem to work. I have a PIX firewall, so I have also tried Movian VPN client, but I also am unable to get this to work at all. I can use PPTP if I accept un-encrypted data, but would prefer all data to be encrypted. I am terminating the VPN on my PIX which supports either 40 bit or 128 bit MPPE and the question I really want answered is does WM2003 PPTP VPN support MPPE and at what encryption level?
Cuinn.
PPTP Vpn
Following earlier post, I found this in the Checkpoint SecureClient for PPC docs.
3. Is the Client supposed to be able to connect to the Check Point gateway when cradled?
When cradled, the client may use the ActiveSync pass-through connection mechanism.
Since the current version of Win CE SecureClient does not support encryption via pass-through connection, you will be able to authenticate to your gateway, if it allows unencrypted authentication. This means that you will be able to add a new site this way, but not to use VPN (encrypted) communications with it.
Just thought of your situ, maybe this helps. And it's about time Checkpoint write a client that works with WM2003!. Just my two penneth!
The pass-through connection only supports TCP/IP (up to a certain point) and does not support UDP at all.
Hence VPN connections via the cradle will not work (PPTP and L2TP both use UDP, and I assume the other VPN/IPSec implementations do as well)
VPN client connection over GPRS
After some serious texting I can confirm on Windows 2003 server (not 2000) and ISA server 2000 on it, you can successfully run GPRS connection with L2TP or PPTP happily via a natted GRPS IP address. This has saved me LOADS of hastle with a business implementation. It hands over between cells on the mobile network, can get new IP address (which seems to happen on Vodafone handover a lot) and still maintain the connection (well really quickly re-make it, almost seamlessley)
Finally, I have raised a call with Checkpoint about Securemote client for WM 2003 and they still will give no fixed date, stating still within 6 months..... I hate them!
Anyway, the full MS implementation is working well, currently around 250 handsets on it, only another 350+ to go!
I wanted to implement the application specific VPN client in android, that is vpn connection once established should be only available to our application and rest of the apps in android device should make use of normal internet connection.
To elaborate my need more, i have an application already which connects to corporate email, files and other data from internet normally but for some security reason we need it to be go through tunnel within our application and access everything within via tunnel basically want we are looking here is security while accessing company corporate network.
Since we are new to something like this we don't have a hint on how to start what protocols to use etc (we are assuming ipsec l2tp for now), any information, hint or redirects to useful resource will be really helpful.
And between we are just looking to send and receive data over tunnel, there is nothing more or need to control computer on the network all we need is to route data through corporate firewall and should support multiple vpn servers such as cisco, microsoft etc. Can any one say how complex or how feasible to implement it.
If your goal is just for establishing a secure connection and not controlling other computers or resource on network how about going with SSL encryption.
You are asking about complexity and i assume you are naive with this technology, as per my knowledge its quite a complex and may account to as big as your present application, Here are few pointers as you may look into: Split tunneling, Low level Network protocols, feasibility of implementation depends on size of your team and their expertise level in socket programming and remember your attempting to accomplish something which is already built into most of the OS and more complex. one of our dev team worked on split tunneling for months finally gave up since client settled for non PPTP application
__________________
Dave
Current Device: Samsung Galaxy Nexus
Fed up of bricking devices
Text from the ZTE main website:
" The MF680is capable of an incredibly fast download speed of 42MBps and can establish an internet connection within 15 seconds, providing users with fast and simple mobile broadband access.
The device is attached via a USB port anddoes not require the installation of any hardware or software. It can be used with Windows 7, Windows XP, Windows Vista, Linux and Mac OS. Because of this, the dongle prevents compatibility problems, significantly simplifies customization required by operators and increases efficiency, further reducing operating costs and enhancing online service capabilities.
The MF680 also utilizes continuous packet connectivity (CPC) technology, which enhances network efficiency and helps avoid network congestion. The increase in network capacity made possible by CPC can double both the number of online users and the network’s VOIP user capacity.
With the MF680’s Web UI (user interface), users can manage the device and online services such as messaging and contact lists. Operators can customise the UI to enable online upgrades and promotions.
This MF680 data card from ZTE provides extreme speed for heavy data users, further advancing the global development of the mobile broadband market."
Click to expand...
Click to collapse
Seems like this device might work on the prime. Does anyone know if this is plug-and-play compatible?
Everytime i start maps a dialog box asks me to turn on wifi to improve my location. Does it really help? If so, how?
It just provides a better data connectivity speed (Wi-Fi) than that of a network speed (3G or 4G) for faster location. Thats all that message is for, as a suggestion to improve location with faster connectivity through Wi-Fi for GPS.
Sent from my MB865 using xda's premium carrier pigeon service
Apex_Strider said:
It just provides a better data connectivity speed (Wi-Fi) than that of a network speed (3G or 4G) for faster location. Thats all that message is for, as a,suggestion to improve location with faster connectivity for GPS.
Sent from my MB865 using xda's premium carrier pigeon service
Click to expand...
Click to collapse
No, Google knows exactly where each WiFi hot spot is, and when you're going pass a hotspot Google would know where you are.
It improves your location even when you're not connected to WiFi.
Xxx oops! accidentally beamed from my awesome NEXUS S! xxX
Okay, perhaps I didn't explain well enough for some. What happens is it turns on Wi-Fi so that when near a hotspots it switches from network connection to Wi-Fi connection for faster locating and better accuracy. (Better than that of network connectivity speed) Problem is this: your Wi-Fi stays on all the time, which obviously lessens battery life.
When not connected to Wi-Fi, you're connected to network (3G, 4G) so "improved" location still relies on the network, which isn't some magical being that gives better accuracy off of Wi-Fi... it's still network connectivity.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my MB865 using xda's premium carrier pigeon service
If your connected to a wifi network then the IP address of the router can be found, and thus your location to within the range of the router can be found far quicker than a GPS lock (and would work if your inside) this is what that means, its a bit of a gramma error really should ready 'connect to wifi network' or something like that
You can always check to never show it again, its just advice to help speed up finding your location
That explains it, thanks for your replies! Perhaps that dialog box is incomplete and should read "turn on WiFi and connect to a network"
Sent from my MB525 using xda app-developers app
mdsaif92 said:
That explains it, thanks for your replies! Perhaps that dialog box is incomplete and should read "turn on WiFi and connect to a network"
Sent from my MB525 using xda app-developers app
Click to expand...
Click to collapse
Wrong! You don't have to connect to a network to see its Mac address, as long as you have signal of it. By checking the Mac address against Google's database, it knowns where you are. So you DONT HAVE TO CONNECT to a WiFi network to improve accuracy.
Xxx oops! accidentally beamed from my awesome NEXUS S! xxX
I reached this forum wondering about the same thing, but i think i found my own answer to this.
Basically Wifi is not a technology standard for use in Identifying a device's exact coordinates. GPS is designed for that. But Google somehow made way to make use of wifi signal to improve its location based services. As to how they do it, technically, we don't really know. Unless anyone here works at Google to tell us more about it.
Remember the news when Google went around on vehicles collecting wifi data and got into trouble because it collected too much more than expected?
Yeah this is it.
Sent from my GT-N7000 using Xparent ICS Tapatalk 2
Google Explains on Maps for Mobile site
Reposted from google site because I can't post external links.
Location source and accuracy
Location accuracy depends on which of the following location data sources are available to My Location or Latitude from your device.
You can improve location accuracy by turning on WiFi (wireless network), especially when indoors where the GPS signal is weak. You don’t even need to be connected to a network for location accuracy to improve with WiFi.
Data sources
The following location data sources may be used to derive location:
GPS: GPS accuracy can be up to several meters depending on your GPS signal and connection. Your phone must support GPS, have it enabled, and allow Google Maps access to it.
WiFi: WiFi (wireless network) accuracy should be similar to the access range of a typical WiFi router, or about 200m or better. Your phone must support WiFi and have it enabled.
Cell ID: Cell ID (cell tower) accuracy depends on cell tower density and available data in Google's cell ID (cell tower) location database. Accuracy may be approximated at distances up to several thousand meters. Note: Some devices do not support cell ID location.
Other sources
Other available device sensors, such as accelerometer, compass, gyroscope and barometer, are also used to improve the overall location experience. This includes but is not limited to capabilities like improving fine-scale positioning and improving battery life.
Location accuracy
Coverage for Google's cell ID and WiFi location databases varies by location and is not complete. We are always working to improve both coverage and accuracy over time as usage of our location-based services continues to grow.
Note: When Latitude is running in the background, it will default to cell ID (cell tower) location on most phones to preserve your battery life.
Click to expand...
Click to collapse
piorivas said:
I reached this forum wondering about the same thing, but i think i found my own answer to this.
Basically Wifi is not a technology standard for use in Identifying a device's exact coordinates. GPS is designed for that. But Google somehow made way to make use of wifi signal to improve its location based services. As to how they do it, technically, we don't really know. Unless anyone here works at Google to tell us more about it.
Click to expand...
Click to collapse
Actually it's very similar to GPS... just different data stream.
GPS works by analyzing the time it takes a signal to go from a satellite travelling around the earth to your device (in this case your phone). If you know your distance from three (or more) satellites, you can get the exact location of your device. However, the satellites are far away, so the accuracy can be not so great sometimes... also, it tends to take a bit of time to get the signals and find your location.
The way that Google makes this better by using WiFi is by "sniffing" the packets around you. This allows it to find the MAC address of the WiFi access points that are nearby. Annnnd since Google already went around the US (and the globe) with its wardriving (and photo-taking) vehicles for street view, it knows exactly where these access points are! (well, at least where they WERE when it drove by).
Thus now your phone can quickly ask Google's servers for "hey, I'm standing near an access point with a MAC address of '338501ABC48DF' -- where am I?" and then google can quickly reply with: "Oh, you must be near -120.49012332; 34.13932131 +- 10 meters!"
Here's a good analogy:
You're in a park and your friend is trying to find you -- so you call him up and say:
"Hey, I'm right near the big tree and the swing set"
"Oh, great, I know where that is, you must be by the Bathrooms"
Similarly, the Google WiFi location service uses WiFi Access Points and your phone says:
"Hey, I'm right near a WiFi AP of '3417134abc903df' and '40df81bace0341234'"
"Oh, great, I know where that is, you must be at 7th and Pine in Seattle, WA"
at least, in essence.
EDIT: ALSO -- this service does not require you AT ALL to connect to a WiFi Access Point. That would take too long to do (imagine when you're driving down the freeway) and for most cases, impossible to do (as most routers require passwords now-a-days). You're just using a signal that Access Points are broadcasting ANYWAY.... so there's nothing shady about it. Furthermore, there is no record of you using this service on the individual router... so Bob-Joe's lil' wifi access point that you just used to hone-in on your location? He's none the wiser. Of course, Google know where you are -- but only because you've specifically asked Google to help you out.
Yes exactly that is what happens and also please note that even if Google does not know your area or something which is unexplored area for Google, they create the database with the help of users.
So let's say your Wi-Fi is on and/or GPS is on. So once the GPS locks, the app in background can look for nearby Wi-Fi hotspots and reports it back to the Google with very precise location and then when some users device also confirms the same, they feel that this data is ready for use and then they use it to lock other users location much faster.
All these concepts work on the amount of data which needs to be gathered over a period of time to work it accurately and faster.
Sent from my Nexus 4 using xda app-developers app
I get it now
The "accuracy" that is mentioned being improved is not on the phones end, It is on Google's end. Your phone maps and other apps already have very good accuracy from your gps. However Google cannot collect your gps location without your consent and even if you Grant then permission for one app they are still at risk for the other. With wifi they are not taking your gps but the secondary Wi-Fi information ipaddress which by law all isps are required to track and is not seen as a violation of privacy. So in short your gps is private, and your (someone else's) ipaddress is fair game to track and record without violation. SO this is not about accuracy but instead about privacy.
1. Introduction to Wi-Fi Sharing
We've grown accustomed to having to spend time connecting our devices to Wi-Fi networks in new locations. Requesting and entering a Wi-Fi password can often be a hassle, and sometimes it can prove to be a major frustration. But perhaps more importantly, this process also comes with password leakage risks. HUAWEI Nearby Service offers a Wi-Fi sharing feature. When this feature is integrated, your app will be equipped to help users connect a wide range of smart devices to the Wi-Fi networks they encounter.
2. Wi-Fi Sharing Principles and Highlights
2.1 Principles
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
As shown in the figure above, users can use Bluetooth to enable their phones to discover devices, such as other phones, smart TVs, TV boxes, or smart speakers. Then they can simply select a device, after which Nearby Service will automatically configure the Wi-Fi settings and connect the device to the Wi-Fi network.
2.2 Hassle-Free Wi-Fi Connections
With the Wi-Fi sharing feature, users can connect their devices to Wi-Fi without needing to request and enter a Wi-Fi password, manually turn on the Wi-Fi switch for the device to be connected, or spend time determining a suitable Wi-Fi network, greatly enhancing the user experience across the board.
2.3 Effective Safeguards for User's Wi-Fi Information
1. Only the currently connected Wi-Fi network on the user's device can be shared. Wi-Fi networks that are saved on the device but not connected cannot be shared, ensuring that they are not affected.
2. Wi-Fi passwords are not disclosed, preventing password leakage.
3. HMS Core encrypts Wi-Fi passwords before transmission, preventing them from being eavesdropped.
4. HMS Core automatically configures the Wi-Fi on the device to be connected. The SSID and Wi-Fi passwords are not provided externally.
5. Only nearby devices (for example, devices within 10 meters) are eligible to share Wi-Fi.
6. A verification mechanism is provided for users to reject applications from untrusted devices.
3. Integration of Wi-Fi Sharing
3.1 Integration Process
1. Enable Wi-Fi sharing.
a. Call WifiSharePolicy to set or share Wi-Fi as required.
b. Register WifiShareCallback to process callback events.
c. Call the startWifiShare() API to enable Wi-Fi sharing.
2. Share Wi-Fi.
Call the shareWifiConfig() API to share Wi-Fi with the remote endpoint.
3. Disable Wi-Fi sharing.
Call the stopWifiShare() API to disable Wi-Fi sharing on the local endpoint.
3.2 Integration Restrictions
1. Devices whose Wi-Fi is to be shared must be Huawei phones that run EMUI 4 or later and have HMS Core installed.
2. Devices to be connected to Wi-Fi must run Android 5.0 or later and have HMS Core installed.
3. The Wi-Fi to be connected should be encrypted in WPA2-PSK mode.
4. Learn More
For more information, please visit HUAWEI Developers-Nearby Service.
For detailed instructions, please visit Development Guide.
To download the demo and sample code, please visit Github.