EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Saturday 23 November 2024, 11:46:39 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the Official Endian Reference Manual
HERE
14258
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
VPN Support
VPN from Android ICS or Jelly Bean to EFW 2.5.1
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: VPN from Android ICS or Jelly Bean to EFW 2.5.1 (Read 32780 times)
robert
Full Member
Offline
Posts: 23
VPN from Android ICS or Jelly Bean to EFW 2.5.1
«
on:
Saturday 01 December 2012, 12:29:16 pm »
Has anyone been able to successfully VPN from Android to EFW 2.5.1?
There seems to be four choices L2TP/IPSEC, IPSEC, OpenVPN or PPTP.
L2TP/IPSEC doesn't work because Endian doesn't support it on EFW Community.
IPSEC hasn't worked for me so far but I'm still trying.
OpenVPN doesn't work because Android requires TUN and EFW requires TAP.
PPTP doesn't work because EFW doesn't support it, however with a lot of cursing and manual effort I can make it
work but without any GUI configuration support.
Suggestions?
Logged
robert
Full Member
Offline
Posts: 23
Re: VPN from Android ICS or Jelly Bean to EFW 2.5.1
«
Reply #1 on:
Wednesday 05 December 2012, 09:56:49 am »
It seems that for the most part I'm the only one that responds to my posts (probably not a good sign
)
Anyways after much research (and frustration) I've determined the following:
The easiest way to make this work is using the StrongSwan Android client and an updated version of StrongSwan (v 4.6.4) on the firewall. Then
by hacking the strongswan.conf file and the template file that generates the ipsec.conf and ipsec.secrets, I was able to create a crudely integrated
solution.
This used Ikev2, a certificate to authenticate the server and eap-mschapv2 to authenticate the client.
The next simplest way is using pptp, however there is no support from EFW so you would have to create an entire efw-* module, web pages, etc.
I was able to make it work using manual configuration but balked at writting the EFW components. Particularly when the final product would still be
insecure and unencrypted.
The one advantage to this solution is that the Android VPN client works without additional software.
It should be possible to figure out what is missing to make L2TP work but after a little while I ended up working on the ipsec solution instead. I did get as far
as having L2TP reappear in Web GUI and write the configs out. I also got the server running but didn't work on the glue between them.
It might turn out that this would be the simplest way to go once you figured out all the pieces but I smelled time consuming rat hole and decided on the first solution.
Finally OpenVPN seemed just plain hopeless since there is fundamental disagreement on the form of tunnelling. Android wants TUN and EFW insists on TAP.
Why can't we all just get along.
Logged
ecarmona
Jr. Member
Offline
Posts: 1
Re: VPN from Android ICS or Jelly Bean to EFW 2.5.1
«
Reply #2 on:
Wednesday 20 February 2013, 05:14:07 am »
I´m connect to OpenVPN Server in Endian Firewall from Samsung Galaxy NOTE II with android 4.1.1 rooted with TAP Adapter, with OpenVPN Installer a Settings 0.4.14 of Friederich Schäffelhut. This work for me with Endian Firewall Community 2.4.1 and 2.5.1
You get OpenVPN client from PlayStore
Logged
Eleazar Carmona
wnicholls
Jr. Member
Offline
Posts: 3
It's much simpler - turn VPN bridging off that is TUN mode.
«
Reply #3 on:
Friday 24 May 2013, 12:05:16 pm »
None of this complicated software stuff is required. I've got Android JB client talking to EFW Community 2.5.1 with very little hassle, once I discovered what the simple key was. I just wish the documentation was better and made a simple point:
Bridging = TAP
no bridging = TUN
Another red herring is the touted Endian appliance features of "Native VPN support for mobile devices with L2TP/IPsec" - which doesn't actually say that OpenVPN won't/didn't work but everyone seems to take that interpretation. In fact EFW has probably supported Android Jellybean clients since 2.3 or earlier, although Jellybean wasn't around then.
There's a lot of unnecessary instructions floating about the Internet with rooting devices and installing software here there and everywhere, but a lot of it is historical and the Android platform has matured enough. Probably any of the OpenVPN Android solutions would work, but I can only advise of my experience with "OpenVPN for Android" by Arne Schwabe ( https: / / play.google.com/store/apps/details?id=de.blinkt.openvpn)
OpenVPN config :
OpenVPN server enabled: yes
Bridged: No
VPN subnet: whatever you desire, I used "192.168.81.0/24 " (my Green subnet is 192.168.80.*/24)
You do then need to go into the Firewall config, under VPN traffic and set up a rule - Source <ANY> Dest GREEN Service <ANY> if you like. With bridging (TAP) mode this isn't necessary.
OVPN config file, to import into the Android client app, looks something like this (note the
dev tun
):
# ==============================================
# OpenVPN client config file for EFW 2.5.1 with bridging off.
# Each user also requires: user name, password
# ==============================================
client
dev tun
proto udp
remote HOST.NAME.OR.SERVER.IP
nobind
pull
comp-lzo
<ca>
-----BEGIN CERTIFICATE-----
.... details of certificate go here, as downloadble from OpenVPN GUI
-----END CERTIFICATE-----
</ca>
persist-key
persist-tun
auth-user-pass
All my existing road warriors (fortunately few, and technically competent) had to do, was change their client configs from "dev tap" to "dev tun" and as far as they know, nothing has changed. And I can take my android to Australia with me and leave the laptop at home...
I wasted several evenings trying to get a PPTP server going inside my LAN etc etc. I may have revived an old thread but hopefully Google will find it and this will save lots of other people the bother.
Logged
wnicholls
Jr. Member
Offline
Posts: 3
Aaargh - I recant (never trust something you didn't test YOURSELF)
«
Reply #4 on:
Friday 24 May 2013, 07:24:22 pm »
I repent I repent .. now I look silly. Serve me right for not going home before posting.
The user who tested this for me did NOT do what I told them to told and said that it was working when they actually had a PPTP network connection working. Not the OpenVPN one I was trying to check out.
So even not bridged is still using TAP .. at least if you want to work. Changing the client to TUN mode authenticates and gets an IP addres on the new subnet but doesn't route any traffic.
Logged
jac4all
Jr. Member
Offline
Posts: 9
Re: VPN from Android ICS or Jelly Bean to EFW 2.5.1
«
Reply #5 on:
Monday 04 November 2013, 02:54:34 am »
hi all
actually im new to vpn on 2.5.1 efw.. i need some help
im traying to setup windows 7 to access using open vpn client to openvpn server..
i cant get it connect always connection time out
second i cant get my android working.. it connect succesfully then start getting TUN/TAP error code 22
it shows connected but no data comming.
im using it as bridge
i tried changing the file on efw openvpn.conf when ever i restart the service the file go back to its orignal config
any help pls.
and step by step
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.109 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com