Cannot connect to company VPN

Discussion in 'Android Devices' started by Jeremy Robertson, Sep 9, 2019.

  1. Jeremy Robertson

    Thread Starter

    We had to update our security for CPI compliance last week. We changed our VPN to AES128 and DH group 14. Since then I cannot connect my android phone to the VPN. I am told by Meraki that some devices do not support DH 14. Is there a way I can connect my S7 to the VPN?

  2. Dannydet

    Dannydet Extreme Android User

    Contact your IT technician at work.
    They control that.
    mikedt and GameTheory like this.
  3. Jeremy Robertson

    Thread Starter

    I am the network admin at work. I am the guy, that is why I am asking if anyone else has had issues with compatibility on the android connecting to DH group of 14 and how they resolved it.
  4. mikedt

    mikedt 你好

    Is it any Android devices that can't connect, or just this Galaxy S7? Does Cisco give you any specifics, as to which Android devices or versions that doesn't support DH?
    #4 mikedt, Sep 9, 2019
    Last edited: Sep 9, 2019
  5. Jeremy Robertson

    Thread Starter

    I only have two S7's and neither will connect. I have a colleage that has an iPhone and she can connect without issue.

    This is the responce from Meraki support
    Thank you contacting Cisco Meraki Technical Support.
    I understand you are facing an issue with respect to client vpn.
    AES128 and DH group to 14 was configured. However, it be a scenario where the change it may have a negative impact on the ability for different devices to connect to the client VPN if they are not compatible with that DH group. If any devices they try to connect to the client VPN do not support DH group 14, they will be unable to connect. we cas
    Please let me know if you have any questions"
    Dannydet likes this.
  6. svim

    svim Extreme Android User

    OK, so after re-reading that Meraki support response I got the sense that a) I'm guessing it really wasn't an answer to your original query at all and b) there's a 'English is not they're primary language' issue but even that aside just going by intent it was more about using verbage as a misdirection.
    That said, instead of DH 14, any chance you can bump that up to DH 19 or more and see how that works out? DH 14 being the original 'modulus' Diffie-Hellman as opposed to newer 'elliptic-curve' Diffie-Hellman, at this time ECDH is more prevalent than the original DH.


    Jeremy Robertson likes this.
  7. Jeremy Robertson

    Thread Starter

    That is a great read, really helps. I thought since it worked with DH 5 that the device must not support DH 14 but if I understand correctly I can raise the DH group to maybe 19 and it should work?
  8. Deleted User

    Deleted User Guest

    You could build a Android app that connects to the vpn
  9. svim

    svim Extreme Android User

    Well, I'm just assuming it will work given how dated DH 14 is at this point. Note that primer article is from 2013, which predates the release of those 'problematic' Galaxy S7 phones (early 2016). So my assumption is based on supposition for the most part.
    Another clue to this puzzle is I rely on Signal Private Messenger as my texting messaging app, which also uses ECDH -- which I recall was working fine on an even more dated Galaxy S3 back in its day (released in 2012).
  10. LewisH99

    LewisH99 Newbie

    If your VPN client isn't connecting, try opening a website without connecting through a VPN to see if your internet connection is working. If it's not, restart your router by unplugging it for 30 seconds and plugging it back in. If your internet is still down, it may be a problem at your ISP's end. Also, there is an alternative to using virtual server hosting. Though it won't solve your whole problem at least you can use your other applications on other system and regarding your S7 there are various apps which provide VPN. You can use them.
    I hope this leads you to the solution.

