VPN in Android 2/Droid?


Last Updated:

  1. cyberranger

    cyberranger Active Member This Topic's Starter

    Joined:
    Nov 2, 2009
    Messages:
    42
    Likes Received:
    1
    Greetings! I'm liking what I see in the Droid (BB Storm user here) but I'll need VPN capability to access my work email via POP. Anyone know if cisco vpn is now available in Android 2.0?
     

    Advertisement
  2. cyberranger

    cyberranger Active Member This Topic's Starter

    Joined:
    Nov 2, 2009
    Messages:
    42
    Likes Received:
    1
    off twitter I heard from RonDutt

    Sounds promising!
     
  3. cybercruiser

    cybercruiser Well-Known Member

    Joined:
    Oct 28, 2009
    Messages:
    378
    Likes Received:
    29
    I saw in one of the videos VPN Settings, I'm wondering too, if I can get it to work with my work email. Its Lotus Notes, so doubt it :-(
     
  4. Carl C

    Carl C Well-Known Member

    Joined:
    Sep 11, 2009
    Messages:
    6,062
    Likes Received:
    38
    Theirs VPN support in Donut {1.6} :)

     
  5. cyberranger

    cyberranger Active Member This Topic's Starter

    Joined:
    Nov 2, 2009
    Messages:
    42
    Likes Received:
    1
    I'm on Notes too behind a firewall. From what I see of the VPN options we should be good as long as your Notes server is running POP.
     
  6. bimmer95

    bimmer95 Member

    Joined:
    Nov 4, 2009
    Messages:
    5
    Likes Received:
    0
    Donut added IPSEC VPN support, but left out the group ID and password section required for connecting to Cisco VPN devices. There is a VPNC client that has the required fields in the Market, but it only works on rooted phones. Whether or not Eclair adds the required fields will likely determine if I return my Hero back to Sprint in the next 26 days since no one has rooted a Sprint Hero yet and one of my primary reasons for picking up a new phone was to be able to VPN in to clients' networks and telnet to their routers and switches.
     
  7. cybercruiser

    cybercruiser Well-Known Member

    Joined:
    Oct 28, 2009
    Messages:
    378
    Likes Received:
    29
    I asked one of our tech guys in that area and he said it won't support any VPN coming into email, except for BB. Don't know if not support means technologically, or company policy??

    But, either way, it looks like it will be for personal use only, oh well, my work's loss....
     
  8. cyberranger

    cyberranger Active Member This Topic's Starter

    Joined:
    Nov 2, 2009
    Messages:
    42
    Likes Received:
    1
    He must mean company policy. For my network, one you are on the VPN, it's just like you are at work - mail and internal web servers are all available.

    The group ID and password limitation does have me worried. I know the iPhone vpn client can connect to my work but I'm not that familiar with it's client. Need to go steal my buddies iPhone for a minute!
     
  9. araskin01

    araskin01 Member

    Joined:
    Nov 5, 2009
    Messages:
    13
    Likes Received:
    0
    I'm interested in moving to the Droid - current Blackberry user. I know my company supports BB, GoodLink and iPhones - the iPhones use the VPN client to access email. Will one of those methods work on the Droid?
     
  10. cyberranger

    cyberranger Active Member This Topic's Starter

    Joined:
    Nov 2, 2009
    Messages:
    42
    Likes Received:
    1
    Anyone tried VPN now that the phone is out? I'll be connecting to a Cisco Access server with a RADIUS server for authentication.
     
  11. araskin01

    araskin01 Member

    Joined:
    Nov 5, 2009
    Messages:
    13
    Likes Received:
    0

    I'd love to here any feedback about that as well! Thanks
     
  12. cybercruiser

    cybercruiser Well-Known Member

    Joined:
    Oct 28, 2009
    Messages:
    378
    Likes Received:
    29
    Especially with Lotus Notes...
     
  13. araskin01

    araskin01 Member

    Joined:
    Nov 5, 2009
    Messages:
    13
    Likes Received:
    0
    ...Exchange here :)
     
  14. cyberranger

    cyberranger Active Member This Topic's Starter

    Joined:
    Nov 2, 2009
    Messages:
    42
    Likes Received:
    1
    +1! I have IMAP running on our Notes servers. So ... if the VPN works, I'll be golden (Already tested the IMAP with Thunderbird having a VPN connection.)
     
  15. rags

    rags New Member

    Joined:
    Nov 9, 2009
    Messages:
    3
    Likes Received:
    0
    My corporate VPN PPTP requires user selected pin + RSA token. This doesn't work.
     
  16. ADMAN

    ADMAN New Member

    Joined:
    Nov 10, 2009
    Messages:
    4
    Likes Received:
    0
    Yeah, I am trying to find app for Cisco ASA. I used to be able to connect via BB to Cisco VPn Concentrator in past. But, not now...
     
  17. syntrix

    syntrix Well-Known Member

    Joined:
    Nov 6, 2009
    Messages:
    2,418
    Likes Received:
    303

    Most cisco vpn configs will use a group ID and password. This is not an option in any of the android 2.0 options right now :(

    Maybe someone will create an app, or there will be an update. I wonder what the proper procedure is to submit feature requests in android?
     
  18. araskin01

    araskin01 Member

    Joined:
    Nov 5, 2009
    Messages:
    13
    Likes Received:
    0
    We only support native IPSEC, so the VPN options on the Droid will not work. Macintosh licensed the Cisco VPN client, which would work in my situation, but I haven't seen any support for the Cisco VPN client (I think there is something on the Internet about that, but you must have a rooted phone, etc, etc; nothing I am interestd in delving in to). Anyone know if there will be Goodlink support for the Droid?
     
  19. cyberranger

    cyberranger Active Member This Topic's Starter

    Joined:
    Nov 2, 2009
    Messages:
    42
    Likes Received:
    1
    I know the iPhones on my network use the IPSEC via the Cisco VPN client to connect. However, my network does not require a group ID and password. So maybe there is hope with the native IPSEC client.

    I swear I'm going to need to buy a freakin' Droid to test it. Or, maybe I can try to set it up in the store. Will Verizon store staff let you play that much with the phone?
     
  20. zerohorn

    zerohorn New Member

    Joined:
    Nov 11, 2009
    Messages:
    1
    Likes Received:
    0
    We run a Cisco IPSEC VPN at my company. I am the network administrator and manage the VPN. The Cisco VPN Client on the iPhone works with our configuration but the Droid does not. As was stated earlier, Apple licensed the Cisco VPN Client for the iPhone which is why it works properly on the iPhone.
    If your VPN configuration requires the Group Name like most Cisco IPSEC VPN Configurations do, the Droid does not currently support them. We will have to wait for an app or an update to add the additional functionality.
     
  21. mc2wheels

    mc2wheels New Member

    Joined:
    Nov 9, 2009
    Messages:
    4
    Likes Received:
    0
    Issue 3902 - android - Feature Request: "pure" ipsec vpn client (cisco-compatible) - Project Hosting on Google Code

    Above is the link to the request for enhancement on the android code project pages. If you log in with your google account, you can "star" it, or vote to raise its priority. Everyone who cares should go and do that.

    I myself need the resources on my company's corporate websites. This is a real pain. I can get to our email through the touchdown app, but not these sites. IMHO, this is a big miss on the droid. I was sick of waiting for an iPhone on verizon, but perhaps I made the wrong choice. I keep hearing rumors of a verizon iPhone next year. Now, I am locked in for 2 years...:(
     
  22. syntrix

    syntrix Well-Known Member

    Joined:
    Nov 6, 2009
    Messages:
    2,418
    Likes Received:
    303
    Voted! Is there some gpl code out there for other platforms already?

    I just downloaded the sdk last night, but my biggest problem is free time.
     
  23. cyberranger

    cyberranger Active Member This Topic's Starter

    Joined:
    Nov 2, 2009
    Messages:
    42
    Likes Received:
    1
    At my work, I've seen the same. iPhone's can connect to our Cisco IPSEC VPN. They don't have to put in the group id or password. So I was hopeful. I picked up a Droid on Friday. Over the weekend, I tried everything I could think of (and called some lifelines) but no luck. The Droid would not connect. So, no access to my intranet sites and only email access via a web interface.

    I liked the Droid A LOT but it went back today. I voted and wait with fingers crossed for this issue to be resolved.

    :(
     
  24. Tekmazter

    Tekmazter Member

    Joined:
    Nov 18, 2009
    Messages:
    7
    Likes Received:
    2
    Well I posted this on the Droid forums site and it seems to make sense to post it here as well. I've done some testing in this area and I"m pretty close. Please have a look ...

    I'm successful in completing both Phase 1 and Phase II of the tunnel negotiation using the Droid and CISCO 3000 concentrator. I am able to complete the VPN handshake noting that I see packets encap, encrypt, decap, decrypt etc...

    At this point, something in the auth process fails once the device is connected to my CISCO concentrator. In other words, I can get the VPN to connect and build a tunnel but once it's on the network, it goes no further. This proves out the group ID and password as both happen during Phase I which I am successful in completing.

    Just as I see traffic being passed, I get bumped. Logs are below. Anyone else working with CISCO 3000's can also validate my work.

    %IKE-5-120: RPT=28091: 75.195.28.21: Group [75.195.28.21] PHASE 2 COMPLETED (msgid=d0a5afb9

    %L2TP-5-57: RPT=4: 75.195.28.21: Tunnel to peer 75.195.28.21:50662 established

    %L2TP-5-53: RPT=4: 75.195.28.21: Session started on tunnel 75.195.28.21:50662

    L2TP-5-47: RPT=4: 75.195.28.21: Session closed on tunnel 75.195.28.21:50662 (peer 59497, local 21768, serial 302617193), reason: Call disconnected for administrative reasons

    %L2TP-5-33: RPT=4: 75.195.28.21: Exceeded rexmit limit of 4 to 75.195.28.21:50662 (Ss:3, last Nr:2)

    %L2TP-5-46: RPT=4: 75.195.28.21: Tunnel to peer 75.195.28.21:50662 closed, reason: Peer no longer responding


    The group is set to use Domain authentication, not RADIUS. I'm not sure where it's failing in the auth process at this point, but that is where I'll continue to troubelshoot. Most likely I'll add a local user account on the 3000 and see if I can get it to successfully auth from there.

    The one caveat here which tells us how close this thing is to prime time is the group name. I had to create a new group on my Concentrator and set it to the IP address of my phone at the time of the connection. It appears that Verizon changes their IP's far less frequently than say AT&T and a BB I have. I've confirmed this using WhatIsMyIP.com. If you do not set the group name on the Concentrator to the IP of the phone at the time, the 3000 will not recognize the Droid VPN connection group and simply drop you at the door. This is important information however, as one would think that adding a field to specify a Group name would be easier than adding other functionality such as true IPsec VPN capabilities which BTW the Droid does not do!

    Here are my notes from the setup:

    Group Name is IP Address of Phone
    Password for group name matches password I used on my Phone
    You must enable L2TP over IPsec on the CISCO appliance
    My IPsec SA on the CISCO 3000 is set to use ESP-L2TP-TRANSPORT

    I'll update this post again with more information when I have some more time to troubleshoot.
     
  25. johninbigd

    johninbigd Well-Known Member

    Joined:
    Jun 3, 2009
    Messages:
    314
    Likes Received:
    7
    Same here. We have an ASA and cannot connect using the Droid, but we can using the iPhone 3G, which is what I used to have. There is an enhancement request open for this. Feel free to go there and add a star. Don't add a "me too" comment, though.

    Issue 3902 - android - Feature Request: "pure" ipsec vpn client (cisco-compatible) - Project Hosting on Google Code
     

Share This Page

Loading...