Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 08:03:03 am

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  VPN from Android ICS or Jelly Bean to EFW 2.5.1
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: VPN from Android ICS or Jelly Bean to EFW 2.5.1  (Read 32881 times)
robert
Full Member
***
Offline Offline

Posts: 23


« on: Saturday 01 December 2012, 12:29:16 pm »

Has anyone been able to successfully VPN from Android to EFW 2.5.1?

There seems to be four choices L2TP/IPSEC, IPSEC, OpenVPN or PPTP.

L2TP/IPSEC doesn't work because Endian doesn't support it on EFW Community.

IPSEC hasn't worked for me so far but I'm still trying.

OpenVPN doesn't work because Android requires TUN and EFW requires TAP.

PPTP doesn't work because EFW doesn't support it, however with a lot of cursing and manual effort I can make it
work but without any GUI configuration support.

Suggestions?

Logged
robert
Full Member
***
Offline Offline

Posts: 23


« Reply #1 on: Wednesday 05 December 2012, 09:56:49 am »

It seems that for the most part I'm the only one that responds to my posts (probably not a good sign  Smiley)

Anyways after much research (and frustration) I've determined the following:

  • The easiest way to make this work is using the StrongSwan Android client and an updated version of StrongSwan (v 4.6.4) on the firewall.  Then
    by hacking the strongswan.conf file and the template file that generates the ipsec.conf and ipsec.secrets, I was able to create a crudely integrated
    solution.

    This used Ikev2, a certificate to authenticate the server and eap-mschapv2 to authenticate the client.
  • The next simplest way is using pptp, however there is no support from EFW so you would have to create an entire efw-* module, web pages, etc.
    I was able to make it work using manual configuration but balked at writting the EFW components.  Particularly when the final product would still be
    insecure and unencrypted.

    The one advantage to this solution is that the Android VPN client works without additional software.
  • It should be possible to figure out what is missing to make L2TP work but after a little while I ended up working on the ipsec solution instead.  I did get as far
    as having L2TP reappear in Web GUI and write the configs out.   I also got the server running but didn't work on the glue between them.

    It might turn out that this would be the simplest way to go once you figured out all the pieces but I smelled time consuming rat hole and decided on the first solution.
  • Finally OpenVPN seemed just plain hopeless since there is fundamental disagreement on the form of tunnelling.  Android wants TUN and EFW insists on TAP.

    Why can't we all just get along.

 





Logged
ecarmona
Jr. Member
*
Offline Offline

Posts: 1


« Reply #2 on: Wednesday 20 February 2013, 05:14:07 am »

I´m connect to OpenVPN Server  in Endian Firewall from Samsung Galaxy NOTE II with android 4.1.1 rooted with TAP Adapter, with OpenVPN Installer a Settings 0.4.14 of Friederich Schäffelhut. This work for me with Endian Firewall Community 2.4.1 and 2.5.1
You get OpenVPN client  from PlayStore
Logged

Eleazar Carmona
wnicholls
Jr. Member
*
Offline Offline

Posts: 3


« Reply #3 on: Friday 24 May 2013, 12:05:16 pm »

None of this complicated software stuff is required.  I've got Android JB client talking to EFW Community 2.5.1 with very little hassle, once I discovered what the simple key was. I just wish the documentation was better and made a simple point:

   Bridging = TAP
   no bridging = TUN

Another red herring is the touted Endian appliance features of "Native VPN support for mobile devices with L2TP/IPsec"  -  which doesn't actually say that OpenVPN won't/didn't work but everyone seems to take that interpretation. In fact EFW has probably supported Android Jellybean clients since 2.3 or earlier, although Jellybean wasn't around then.  

There's a lot of unnecessary instructions floating about the Internet with rooting devices and installing software here there and everywhere, but a lot of it is historical and the Android platform has matured enough. Probably any of the OpenVPN Android solutions would work, but I can only advise of my experience with "OpenVPN for Android"  by Arne Schwabe ( https: / / play.google.com/store/apps/details?id=de.blinkt.openvpn)

OpenVPN config :
OpenVPN server enabled: yes            
Bridged:               No
VPN subnet:   whatever you desire, I used "192.168.81.0/24 "  (my Green subnet is 192.168.80.*/24)

You do then need to go into the Firewall config, under VPN traffic and set up a rule -     Source <ANY>  Dest GREEN Service <ANY> if you like. With bridging (TAP) mode this isn't necessary.
 
OVPN config file, to import into the Android client app, looks something like this (note the dev tun):

# ==============================================
#  OpenVPN client config file for EFW 2.5.1  with bridging off.
#  Each user also requires:  user name, password
# ==============================================
client
dev tun
proto udp
remote HOST.NAME.OR.SERVER.IP
nobind
pull
comp-lzo
<ca>
-----BEGIN CERTIFICATE-----
.... details of certificate go here, as downloadble from OpenVPN GUI
-----END CERTIFICATE-----
</ca>
persist-key
persist-tun
auth-user-pass


All my existing road warriors (fortunately few, and technically competent) had to do, was change their client configs from "dev tap" to "dev tun" and as far as they know, nothing has changed.  And I can take my android  to Australia with me and leave the laptop at home...

I wasted several evenings trying to get a PPTP server going inside my LAN etc etc.  I may have revived an old thread but hopefully Google will find it and this will save lots of other people the bother.
Logged
wnicholls
Jr. Member
*
Offline Offline

Posts: 3


« Reply #4 on: Friday 24 May 2013, 07:24:22 pm »

I repent I repent .. now I look silly.  Serve me right for not going home before posting.
The user who tested this for me did NOT do what I told them to told and said that it was working when they actually had a PPTP network connection working. Not the OpenVPN one I was trying to check out.

So even not bridged is still using TAP .. at least if you want to work.   Changing the client to TUN mode authenticates and gets an IP addres on the new subnet but doesn't route any traffic.


Logged
jac4all
Jr. Member
*
Offline Offline

Posts: 9


« Reply #5 on: Monday 04 November 2013, 02:54:34 am »

hi all

actually im new to vpn on 2.5.1 efw.. i need some help
im traying to setup windows 7 to access using open vpn client to openvpn server..

i cant get it connect always connection time out

second i cant get my android working.. it connect succesfully then start getting TUN/TAP error code 22

it shows connected but no data comming.

im using it as bridge

i tried changing the file on efw openvpn.conf when ever i restart the service the file go back to its orignal config


any help pls.
and step by step
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com