Problems with certificates & proxy - Desire General

Hi,
I have been fighting with my Desire the last days to connect to my company network and e-mail without any success.
There are serious issues with Android wrt handling certificates and proxies.
For the moment I still haven't found anything which will allow me to access the internet from work via WiFi through a proxy. Did any one manage to do this with success ?
Apparently it is possible to use a proxy with Android 1.5 and 1.6 but only for browsing, not for other services, but this doesn't work with the Desire ;-)
Regarding certificates, Android doesn't support .p7b or .pcs certificates, so I was afraid I wouldn't be able to connect at all to the company WiFi. To my surprise when I tried to connect by entering MSCHAP it actually worked, so this is worth a try if you have issues with certificates to connect to WiFi.
Another problem of the certificates is that I need a certificate to connect via SSL to my e-mail server. Unfortunately Android doesn't support installation of .p7b or .pcs certificates, so I don't manage to connect. Did anyone encounter a solution for this problem ?
In global I am really surprised by the lack of support for standard functionality like certificates and proxy in Android. All my colleagues using Iphone have no issues at all with this
Kind regards

Related

IPSec VPN client for HTC3300

Does anybody tryed VPN client for HTC3300, supporting Windows Mobile 5.0 and Nortel Contivity switch?
I have tried several solutions, incl. Bluefire VPN, AnthaVPN, ApaniVPN, NCP client - but could not get satisfactory result - some of them doesn't work at all, some of them couldn't establish connection or run on Windows Mobile 2003
Some experience with Bluefire VPN:
I have installed trial, it works on WiFi connection, but doesn't work on cellular (GSM/GPRS). An error -56 appears (no physical connection is present) although device connects to GPRS successfully and I could browse Internet
Could anybody advice?
Pavel
My experience
I had to set up such a connection to my company VPN. Ok, I wasn't working on HTC p3300 but I was in the same condition for days. At last, I discovered that the provider was masking off the VPN frames. I had to buy another service and I had to connect to another "access point". (I don't remember how it is called exactly in GPRS). From then on I could either navigate internet or use vpn, but they are mutually exclusive for the provider policy. "we did it for security purposes..." they said. The problem is that one technician on 100 knows it. The compant was Vodafone ITALY. So I suggest you have a check with your provider. Maybe there's nothing wrong in your configuration.
Bluefire VPN is currently not compatible with WM5 AKU3. It works on devices wiht AKU2 and below. This has something to do with the way AKU3 names the GPRS data connection. It is different than previous versions.
Bluefire is aware of the issue and said they will have this corrected in the next release, due anytime now. I am running a pre-release build that the sent me and can confirm that it works with GPRS. The problem is this build breaks wifi on the device.

VPN Software

Anyone have any experience with a working VPN client freeware or not on the TP2?
dezoris said:
Anyone have any experience with a working VPN client freeware or not on the TP2?
Click to expand...
Click to collapse
Google is your friend..
http://www.google.com/search?client...reeware+windows+mobile+vpn&btnG=Google+Search
Google is indeed one's friend, and I expect the OP has done many searches exactly like the one above, as I have.
However if you go beyond looking at the google headlines you soon discover that none of these solutions is in fact freeware, as he had requested.
So far I've spent many many hours trying to find a decent winmo IPSec client, free or reasonably priced, and my conclusion so far is that there isn't one. None I can find are free, and the ones that don't cost ridiculous money all have serious functional issues and/or stupid design decisions like requiring you to run their PC version to be able to create security profiles for the mobile one.
Dennis
Actually I see the OP in fact asked for free or otherwise, but they also asked if people had experience with such things, not just were they around.
What about
http://www.zeroshell.net/eng/openvpn-client/#OpenVPN-Windows-Mobile
OpenVPN is extremely nice, but it only works against OpenVPN servers. If you're trying to do IPsec VPN, OpenVPN won't help.
I have done a google search but the results are so generic. I figured people using some of the best WinMo phones would have tried some of these.
I tried searching XDA but did not really come up with anything.
Open VPN probably will not work for me unfortunately.
I need something compatible with cisco.
There are numerous kinds of ipsec, you'd need to tell us which ones your cisco device supports. I've used the openvpn client on the tp2 to some success.
This page has always had the most info in ipsec, I recommend checking some of the various guides on it.
http://www.jacco2.dds.nl/networking/openswan-l2tp.html#No_MSCHAP
Here's a quote from it:
Windows Mobile and Pocket PC 2003 ship with a built-in L2TP/IPsec client. Requires MS-CHAP support in pppd.
Click to expand...
Click to collapse
I think it's relatively easy to connect to Windows based VPN servers running MS software but I'm not so sure how well it fares with Cisco kit. I'd be surprised if the cisco box didn't support the l2tp protocol, I think it's very common. I believe the incompatibilities come about from the authentication part, which is what the MS-CHAP support mentioned above refers to. Further down the linked page it mentions Cisco kit.
I use the Bluefire Security Technologies Mobile Security VPN 2.7.5.706 .
However it seems Bluefire is out of business...
But it works perfectly for establishing VPN connections to Cisco routers and PIX/ASA's, even with token authentication.
Previously I used the Bluefire client for a few years and it was the only reliable one for Cisco concentrators, but as you said they have gone out of business now.
Also recently I've found I can't get the Bluefire client to work with some of the newer roms I've flashed (NRG etc.), perhaps changes in the newer winmo network stack or something.
I have tried the others and they are expensive and to be honest too much hassle to set up and have lousy error reporting to work out what you did wrong, I've wasted days, literally.
If you have the newer Cisco VPN kit they have dropped IPSec and gone for SSL VPN instead and do their own client for Windows Mobile which is OK.
rdleeuw what rom are you using, stock?
G
I'm using the stock ROM 1.19.401.0 (51489) WWE with Radi0 3.44.25.27 .

VPN issues on Rooted EVO.. help!

I'm not certain if this is a kernel, ROM or software issue. I am running Fresh ROM 1.0.1 with the Netarchy 3.7.5 kernel, I have enabled the JIT compiler, and I have purchased the Xtralogic Remote Desktop Client version 1.14.0 and also use ES File Explorer for FTP/Samba.
I am able to authenticate and connect to our corporate VPN server. Once connected, I AM able to ping both from within the network to my device, and from adb-shell on my device to devices on the network. DNS resolution is working as expected over the VPN; search domains are setup properly.
However, upon establishing a connection (UDP or TCP) to any device on the remote network, my VPN connection dies (server side -- the android client still reads as connected). No bytes are received from the client anymore (per the corporate vpn software). I've tried this with RDP (UDP), SMB (UDP) and FTP (TCP). All three had the same result; upon initiating the socket, the VPN connection comes to a halt.
I know this worked when I was stock rooted.. and have only tried it again recently for a business trip in which RDP access to some remote servers would be a great big help. My changes are listed above: Fresh Rom 1.0.1, Netarchy 3.7.5 kernel, JIT enabled.
LogCat provides plenty of output for the VPN connection, but there is NOTHING logged when the "disconnect" occurs.
Any ideas?!
I received a response from the software vendor:
I received other reports about problem with VPN on Android. Unfortunately I don't have any solution to this problem. It is not RDP client specific, it looks like it is triggered by certain amount of network traffic. You will get the same result if you try to browse Internet on the phone when connect over VPN.
Click to expand...
Click to collapse
So, I ask if anyone can confirm or deny from their own device?

[Q]How to use University WPA2 Enterprise Wi-Fi?

Hello fellow XDA users,
I've tried to connect to my universities Wi-fi network but they use WPA2 Enterprise. They have a page for the Iphone on how to set up the connection, http://itdfaq.aus.edu/faq/index.php?action=artikel&cat=5&id=159&artlang=en.
However I can't seem to find the same exact settings on my Desire.
Can you help me connect to my network?
I am using Sense Froyo right now, any help is really appreciated!
Don't think you can connect to that type or network with the Desire, might be wrong though
EddyOS said:
Don't think you can connect to that type or network with the Desire, might be wrong though
Click to expand...
Click to collapse
I really hope it's not true. Because we have a high end phone & because the Iphone can do it.
Hmm here WPA2 Radius Auth. is working fine out of the box with Open Desire ... also Stock unrooted is working fine.
Radius is working fine, even VPN. As fast as with an Iphone! ;-) (a little bit faster ... no benchmark, personal feelings )
You need the Username and Password and some auth settings (can also be done with testing), thats all ... perhaps the admin uses an cert., so you have to ask for one ... but i dont think that you will need an Cert ... too much admin work for so many students ;-)
I don't see why you wouldn't be able to use WPA2. However, many universities and schools use SecureW2 or similar software for authentication. Just pay a visit to your university's helpdesk.
philJ said:
Hmm here WPA2 Radius Auth. is working fine out of the box with Open Desire ... also Stock unrooted is working fine.
Radius is working fine, even VPN. As fast as with an Iphone! ;-) (a little bit faster ... no benchmark, personal feelings )
You need the Username and Password and some auth settings (can also be done with testing), thats all ... perhaps the admin uses an cert., so you have to ask for one ... but i dont think that you will need an Cert ... too much admin work for so many students ;-)
Click to expand...
Click to collapse
I have zero understanding about networking. So can you please take a look at this and help me understand: http://itdfaq.aus.edu/faq/index.php?action=artikel&cat=5&id=19&artlang=en
Thank you.
My university uses a WPA2 Enterprise secured wireless network and the good news is that I was able to connect with my stock HTC Desire. The bad news is of course that it isn't as simple as it should be.
What I did was reset my phone's so called Credential Storage and assign a new personal password to it. Then I proceeded to identify some specific Root Certificate Authority certificate needed to establish a connection between a random device and the university networks in my country. In Switzerland, I had to download the QuoVadis Root CA2 certificate and install it into the Credential Storage. After that, the phone determined after connecting to the secured network what parameters were necessary to get internet access.
I was able to simply specify my account and password and link those parameters to that network. Since then, everything works as expected.
/rant/ said:
My university uses a WPA2 Enterprise secured wireless network and the good news is that I was able to connect with my stock HTC Desire. The bad news is of course that it isn't as simple as it should be.
What I did was reset my phone's so called Credential Storage and assign a new personal password to it. Then I proceeded to identify some specific Root Certificate Authority certificate needed to establish a connection between a random device and the university networks in my country. In Switzerland, I had to download the QuoVadis Root CA2 certificate and install it into the Credential Storage. After that, the phone determined after connecting to the secured network what parameters were necessary to get internet access.
I was able to simply specify my account and password and link those parameters to that network. Since then, everything works as expected.
Click to expand...
Click to collapse
So I need to download the .cert file and install it through the credentials storage. I will try that and report, thank you guys.
I use WPA2 Enterprise at uni all the time, and it downloaded the certificate upon first connect. Requires secure credentials to be enabled, but i think if its disabled it will prompt you at the time.
There are different Settings in your Link (first page) and the xp infos on the site. ... i thought that the following infos will do it for you.
Download the cert to sd
Add an connection (manually)
Network name: AUS_Wireless (makes sure it is typed exactly this way)
Security type: 802.1x
PEAP / EAP
Encryption type: WPA/TKIP
Leave the security key field empty
User name: b000xxxxx/g000xxxxx (without adding @aus.edu)
Enter your network password (provided by IT via email)
Now you should be able to connect.
I did it.
A weird thing happened. I connected to the network and this time I was asked to add a password for the credential. So it seems that my phone downloaded it this time and saved it.
Thank you guys for your help.

L2TP VPN Doesn't work on native MIUI 11.0.3

Hello everyone,
as noted in the title of this thread, I cannot connect to L2TP/IPSec VPN Server from my phone (Redmi Note 8 Pro, running MIUI 11.0.3 stock).
I've done extensive troubleshooting and appears that phone never even contacts the server. When i configure everything and toggle the VPN, it will try to connect but never does, and then times out.
I'm watching the logs on the server, nothing appears.
I'm watching tcpdump on the server, no packet is even received from phone.
I've connected to WiFi network from i which i know i can connect to VPN (for example from PC or my MikroTik router) and it cannot even connect from that network.
I've enabled packet sniffer on root MikroTik router to sniff the packets, filtering MAC address of my phone, and guess what... When i click on VPN, it doesn't even try to connect to VPN serever. VPN server IP address doesn't even appear on sniff.
I'm wondering why is this happening, is anyone else having issues with L2TP/IPSec VPN? How do i inform Xiaomi of this issue since I've placed couple of feedbacks back in the day, never received an answer and those issues still persists so i don't even thing they are reading the feedback that is sent to them from phone app.
Hoping to get to the bottom of this!
Any help would be greatly appreciated !
Any chance you can try the OpenVPN app? I used to have an issue with my old phone where sometimes it would say connected but it wouldn't be. With the rn8pro, OpenVPN works every time.
Edit: try posting on the Mi forums for a better chance of a response from someone at Xiaomi
https://c.mi.com/global/forum-2234-1.html
Might not just be Xiaomi....https://github.com/SoftEtherVPN/SoftEtherVPN/issues/571
I would hate having two VPN servers installed at the same time. There are times when i want to connect my root mikrotik router to VPN server i question to forward all web traffic via VPN, unfortunately, OpenVPN support is very limited on MikroTik , there are new cipher suites missing and with new OpenVPN servers in place it's impossible to connect tik to OpenVPN.
I know however that OpenVPN app works great with android, but it's weird that native L2TP doesn't seem to be working at all.
I could fall back to PPTP maybe. Both Android and MikroTik works flawlessly with PPTP. But... It's PPTP..
Thanks, i will try posting to Xiaomi forums as well.

Categories

Resources