VPN in Android 2/Droid?

[cyberranger]

Greetings! I'm liking what I see in the Droid (BB Storm user here) but I'll need VPN capability to access my work email via POP. Anyone know if cisco vpn is now available in Android 2.0?

 

[cyberranger]

off twitter I heard from RonDutt

OpenVPN and PPTP/IPsec is supported natively, Sonicwall is avail via the App Market.

Sounds promising!

 

[cybercruiser]

Greetings! I'm liking what I see in the Droid (BB Storm user here) but I'll need VPN capability to access my work email via POP. Anyone know if cisco vpn is now available in Android 2.0?

I saw in one of the videos VPN Settings, I'm wondering too, if I can get it to work with my work email. Its Lotus Notes, so doubt it :-(

 

[Carl C]

Theirs VPN support in Donut {1.6}

• L2TP/IPSEC pre-shared key based VPN
• L2TP/IPsec certificate based VPN
• L2TP only VPN
• PPTP only VPN

 

[cyberranger]

to work with my work email. Its Lotus Notes, so doubt it :-(

I'm on Notes too behind a firewall. From what I see of the VPN options we should be good as long as your Notes server is running POP.

 

[bimmer95]

Donut added IPSEC VPN support, but left out the group ID and password section required for connecting to Cisco VPN devices. There is a VPNC client that has the required fields in the Market, but it only works on rooted phones. Whether or not Eclair adds the required fields will likely determine if I return my Hero back to Sprint in the next 26 days since no one has rooted a Sprint Hero yet and one of my primary reasons for picking up a new phone was to be able to VPN in to clients' networks and telnet to their routers and switches.

 

[cybercruiser]

I asked one of our tech guys in that area and he said it won't support any VPN coming into email, except for BB. Don't know if not support means technologically, or company policy??

But, either way, it looks like it will be for personal use only, oh well, my work's loss....

 

[cyberranger]

I asked one of our tech guys in that area and he said it won't support any VPN coming into email, except for BB. Don't know if not support means technologically, or company policy??

But, either way, it looks like it will be for personal use only, oh well, my work's loss....

He must mean company policy. For my network, one you are on the VPN, it's just like you are at work - mail and internal web servers are all available.

The group ID and password limitation does have me worried. I know the iPhone vpn client can connect to my work but I'm not that familiar with it's client. Need to go steal my buddies iPhone for a minute!

 

[araskin01]

I'm interested in moving to the Droid - current Blackberry user. I know my company supports BB, GoodLink and iPhones - the iPhones use the VPN client to access email. Will one of those methods work on the Droid?

 

[cyberranger]

Anyone tried VPN now that the phone is out? I'll be connecting to a Cisco Access server with a RADIUS server for authentication.

 

[araskin01]

Anyone tried VPN now that the phone is out? I'll be connecting to a Cisco Access server with a RADIUS server for authentication.

I'd love to here any feedback about that as well! Thanks

 

[cybercruiser]

I'd love to here any feedback about that as well! Thanks

Especially with Lotus Notes...

 

[araskin01]

...Exchange here

 

[cyberranger]

Especially with Lotus Notes...

+1! I have IMAP running on our Notes servers. So ... if the VPN works, I'll be golden (Already tested the IMAP with Thunderbird having a VPN connection.)

 

[rags]

My corporate VPN PPTP requires user selected pin + RSA token. This doesn't work.

 

[ADMAN]

Yeah, I am trying to find app for Cisco ASA. I used to be able to connect via BB to Cisco VPn Concentrator in past. But, not now...

 

[syntrix]

Donut added IPSEC VPN support, but left out the group ID and password section required for connecting to Cisco VPN devices.

Most cisco vpn configs will use a group ID and password. This is not an option in any of the android 2.0 options right now

Maybe someone will create an app, or there will be an update. I wonder what the proper procedure is to submit feature requests in android?

 

[araskin01]

We only support native IPSEC, so the VPN options on the Droid will not work. Macintosh licensed the Cisco VPN client, which would work in my situation, but I haven't seen any support for the Cisco VPN client (I think there is something on the Internet about that, but you must have a rooted phone, etc, etc; nothing I am interestd in delving in to). Anyone know if there will be Goodlink support for the Droid?

 

[cyberranger]

We only support native IPSEC, so the VPN options on the Droid will not work. Macintosh licensed the Cisco VPN client, which would work in my situation..

I know the iPhones on my network use the IPSEC via the Cisco VPN client to connect. However, my network does not require a group ID and password. So maybe there is hope with the native IPSEC client.

I swear I'm going to need to buy a freakin' Droid to test it. Or, maybe I can try to set it up in the store. Will Verizon store staff let you play that much with the phone?

 

[zerohorn]

We run a Cisco IPSEC VPN at my company. I am the network administrator and manage the VPN. The Cisco VPN Client on the iPhone works with our configuration but the Droid does not. As was stated earlier, Apple licensed the Cisco VPN Client for the iPhone which is why it works properly on the iPhone.
If your VPN configuration requires the Group Name like most Cisco IPSEC VPN Configurations do, the Droid does not currently support them. We will have to wait for an app or an update to add the additional functionality.

 

[mc2wheels]

Issue 3902 - android - Feature Request: "pure" ipsec vpn client (cisco-compatible) - Project Hosting on Google Code

Above is the link to the request for enhancement on the android code project pages. If you log in with your google account, you can "star" it, or vote to raise its priority. Everyone who cares should go and do that.

I myself need the resources on my company's corporate websites. This is a real pain. I can get to our email through the touchdown app, but not these sites. IMHO, this is a big miss on the droid. I was sick of waiting for an iPhone on verizon, but perhaps I made the wrong choice. I keep hearing rumors of a verizon iPhone next year. Now, I am locked in for 2 years...

 

[syntrix]

Voted! Is there some gpl code out there for other platforms already?

I just downloaded the sdk last night, but my biggest problem is free time.

 

[cyberranger]

We run a Cisco IPSEC VPN at my company. I am the network administrator and manage the VPN. The Cisco VPN Client on the iPhone works with our configuration but the Droid does not.

At my work, I've seen the same. iPhone's can connect to our Cisco IPSEC VPN. They don't have to put in the group id or password. So I was hopeful. I picked up a Droid on Friday. Over the weekend, I tried everything I could think of (and called some lifelines) but no luck. The Droid would not connect. So, no access to my intranet sites and only email access via a web interface.

I liked the Droid A LOT but it went back today. I voted and wait with fingers crossed for this issue to be resolved.

 

[Tekmazter]

At my work, I've seen the same. iPhone's can connect to our Cisco IPSEC VPN. They don't have to put in the group id or password. So I was hopeful. I picked up a Droid on Friday. Over the weekend, I tried everything I could think of (and called some lifelines) but no luck. The Droid would not connect. So, no access to my intranet sites and only email access via a web interface.

I liked the Droid A LOT but it went back today. I voted and wait with fingers crossed for this issue to be resolved.

Well I posted this on the Droid forums site and it seems to make sense to post it here as well. I've done some testing in this area and I"m pretty close. Please have a look ...

I'm successful in completing both Phase 1 and Phase II of the tunnel negotiation using the Droid and CISCO 3000 concentrator. I am able to complete the VPN handshake noting that I see packets encap, encrypt, decap, decrypt etc...

At this point, something in the auth process fails once the device is connected to my CISCO concentrator. In other words, I can get the VPN to connect and build a tunnel but once it's on the network, it goes no further. This proves out the group ID and password as both happen during Phase I which I am successful in completing.

Just as I see traffic being passed, I get bumped. Logs are below. Anyone else working with CISCO 3000's can also validate my work.

%IKE-5-120: RPT=28091: 75.195.28.21: Group [75.195.28.21] PHASE 2 COMPLETED (msgid=d0a5afb9

%L2TP-5-57: RPT=4: 75.195.28.21: Tunnel to peer 75.195.28.21:50662 established

%L2TP-5-53: RPT=4: 75.195.28.21: Session started on tunnel 75.195.28.21:50662

L2TP-5-47: RPT=4: 75.195.28.21: Session closed on tunnel 75.195.28.21:50662 (peer 59497, local 21768, serial 302617193), reason: Call disconnected for administrative reasons

%L2TP-5-33: RPT=4: 75.195.28.21: Exceeded rexmit limit of 4 to 75.195.28.21:50662 (Ss:3, last Nr:2)

%L2TP-5-46: RPT=4: 75.195.28.21: Tunnel to peer 75.195.28.21:50662 closed, reason: Peer no longer responding


The group is set to use Domain authentication, not RADIUS. I'm not sure where it's failing in the auth process at this point, but that is where I'll continue to troubelshoot. Most likely I'll add a local user account on the 3000 and see if I can get it to successfully auth from there.

The one caveat here which tells us how close this thing is to prime time is the group name. I had to create a new group on my Concentrator and set it to the IP address of my phone at the time of the connection. It appears that Verizon changes their IP's far less frequently than say AT&T and a BB I have. I've confirmed this using WhatIsMyIP.com. If you do not set the group name on the Concentrator to the IP of the phone at the time, the 3000 will not recognize the Droid VPN connection group and simply drop you at the door. This is important information however, as one would think that adding a field to specify a Group name would be easier than adding other functionality such as true IPsec VPN capabilities which BTW the Droid does not do!

Here are my notes from the setup:

Group Name is IP Address of Phone
Password for group name matches password I used on my Phone
You must enable L2TP over IPsec on the CISCO appliance
My IPsec SA on the CISCO 3000 is set to use ESP-L2TP-TRANSPORT

I'll update this post again with more information when I have some more time to troubleshoot.

 

[johninbigd]

Yeah, I am trying to find app for Cisco ASA. I used to be able to connect via BB to Cisco VPn Concentrator in past. But, not now...

Same here. We have an ASA and cannot connect using the Droid, but we can using the iPhone 3G, which is what I used to have. There is an enhancement request open for this. Feel free to go there and add a star. Don't add a "me too" comment, though.

Issue 3902 - android - Feature Request: "pure" ipsec vpn client (cisco-compatible) - Project Hosting on Google Code