Guest Geilt Posted December 14, 2010 Report Posted December 14, 2010 (edited) I've been able to successfully establish an IPSec VPN tunnel with our corporate Cisco ASA firewalls and my Streak. I am running StreakDroid 1.5 with the TUN driver Stephen provided in the same update thread. Under the configuration I've been able to test the following: - Split tunnel and full routing of data - Internal and external DNS name resolution - Proxied connections on the Internal network - HTTP(S) connections on the Internal network - RDP and SSH connections on the Internal network - Netbios and CIF data connections on the Internal network The good news is this is working via wireless and carrier provided data services. I am still working on RADIUS authentication for LDAP (Active Directory primarily) group authentication. I'm at the point where I'd like to hear from anyone that is interested in this what functionality they'd like me to test before I put together a formal HOWTO on getting this running. As part of this I will include what had to be done not only on the Streak but on the ASAs as well to achieve this. While I do have a small lab environment at home, I am not yet to the point where I would be testing this on Shorewall or other non-Cisco security devices. That will be done once I have the last of the kinks worked out. Edited December 14, 2010 by Geilt
Guest mrmrmrmr Posted December 14, 2010 Report Posted December 14, 2010 Geilt, This was already working provided that: 1. you have a tun.ko (tunnel module) for the kernel on Streak. 2. use the "VPN connections" application I didn't understand what else you've achieved. Did you write your own application ?
Guest Geilt Posted December 14, 2010 Report Posted December 14, 2010 Geilt, This was already working provided that: 1. you have a tun.ko (tunnel module) for the kernel on Streak. 2. use the "VPN connections" application I didn't understand what else you've achieved. Did you write your own application ? I had followed the previous HOWTOs verbatim and was never able to get it to work. I had also read a number of posts where folks were able to get it working on home VPN routers but not the Cisco ASAs or IPSec enabled routers.
Guest Matthias_WL Posted December 14, 2010 Report Posted December 14, 2010 I've been able to successfully establish an IPSec VPN tunnel with our corporate Cisco ASA firewalls and my Streak. I am running StreakDroid 1.5 with the TUN driver Stephen provided in the same update thread. I use a Lancom Router instead of a Cisco ASA but your howto would be appreciated as the configuration is pretty much the same (at least for an Iphone).
Guest Geilt Posted December 15, 2010 Report Posted December 15, 2010 (edited) I use a Lancom Router instead of a Cisco ASA but your howto would be appreciated as the configuration is pretty much the same (at least for an Iphone). What type of authentication are you using for VPN and are you using any type of two-factor? We also need to make sure the Lancom router is not using Blowfish or CAST encryption on the tunnel. I don't believe VPNC supports those algorithms. Edited December 15, 2010 by Geilt
Guest brokenpixel Posted December 15, 2010 Report Posted December 15, 2010 I've been able to successfully establish an IPSec VPN tunnel with our corporate Cisco ASA firewalls and my Streak. I am running StreakDroid 1.5 with the TUN driver Stephen provided in the same update thread. Under the configuration I've been able to test the following: - Split tunnel and full routing of data - Internal and external DNS name resolution - Proxied connections on the Internal network - HTTP(S) connections on the Internal network - RDP and SSH connections on the Internal network - Netbios and CIF data connections on the Internal network The good news is this is working via wireless and carrier provided data services. I am still working on RADIUS authentication for LDAP (Active Directory primarily) group authentication. I'm at the point where I'd like to hear from anyone that is interested in this what functionality they'd like me to test before I put together a formal HOWTO on getting this running. As part of this I will include what had to be done not only on the Streak but on the ASAs as well to achieve this. While I do have a small lab environment at home, I am not yet to the point where I would be testing this on Shorewall or other non-Cisco security devices. That will be done once I have the last of the kinks worked out. Where is the option to enable split tunneling? My vpn works but internet is not provided by the vpn server so I wan't to be able to browse anything, so I want to use my local 3G connection for the internet, like I usually do on windows.
Guest Geilt Posted December 15, 2010 Report Posted December 15, 2010 Where is the option to enable split tunneling? My vpn works but internet is not provided by the vpn server so I wan't to be able to browse anything, so I want to use my local 3G connection for the internet, like I usually do on windows. Just so I understand what your tunnel is doing... when you establish a connection all traffic is routed through the tunnel. The remote network does not allow your Internet traffic to pass back out. You want to have a split tunnel so when you're connected, only the traffic destined for the remote network is sent over the tunnel while everything else is routed through your 3G connection. Does your phone use the same VPN profile as your PC does or is there one dedicated to smart phone connectivity? Is this a company provided VPN tunnel or are you connecting to your personal network at home? Routing is defined on the remote VPN terminating system. When a connection is made the remote system looks at the profile/policy you authenticated against and pushes the configuration down to the client. From there the client tells the local operating system how to modify the routing tables. You may be able to manually change the routing tables but tunnel stability may suffer as a result. There are a couple options available depending on your scenario and the willingness of your network admin to work on this.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now