Active Topics
-
The N900 is now 15 years old! (6)
to Nokia N900 by Macros - 1 day, 1 hr ago -
F(x)tec Pro1x (QWERTY) for sale (0)
to Buy & Sell by aln00000 - 1 day, 14 hrs ago -
n770 youtube video (0)
to General by nmdv - 5 days, 13 hrs ago - more...
|
2007-02-16
, 12:22
|
|
Posts: 3,841 |
Thanked: 1,079 times |
Joined on Nov 2006
|
#2
|
There is desktop linux support for PPtP (the MS variant) with tools, these could probably be ported to the N800. The kernel has the PPtP support too, but this is possibly not enabled in the N800 version so you would have to build your own.
There is however OpenVPN available already, and where I work we switched from PPtP to OpenVPN and thus that's where my interest is so unfortunately I'm not raising to the challenge of getting PPtP to work -- I'm more interested in getting the OpenVPN support integrated into the network applet, as now it's a hassle to use.
There is however OpenVPN available already, and where I work we switched from PPtP to OpenVPN and thus that's where my interest is so unfortunately I'm not raising to the challenge of getting PPtP to work -- I'm more interested in getting the OpenVPN support integrated into the network applet, as now it's a hassle to use.
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
 |
|
2007-02-28
, 03:48
|
|
Posts: 149 |
Thanked: 9 times |
Joined on Jan 2007
|
#3
|
Hey, another IU tablet user! (PM me and if you want we can try and get it to work over spring break). IU has a decent iu-vpn script, but if I remember correctly the N800's kernel does not have the required kernel modules, so it'll have to be replaced.
The latest firmware update might have fixed it, but my tablet is still being repaired, so I've not tested it.
The latest firmware update might have fixed it, but my tablet is still being repaired, so I've not tested it.
|
|
2007-03-01
, 02:01
|
|
Posts: 46 |
Thanked: 15 times |
Joined on Feb 2007
|
#4
|
I too go to IU, and have a N800.. and am currently completely unable to use it on the campus wifi network..
This is the email I got back from tech support:
Hello Chris. I hate to tell you this, but the only
VPN services IU provides are PPTP and L2TP over
IPSec. If your PDA's client doesn't support either of
those, then I'm afraid it won't be able to connect.
The decision to run L2TP over IPSec rather than full
IPSec over both transport and tunnel modes was made
quite some time back in order to ensure compatibility
with the largest majority of connecting clients -
Microsoft Windows computers - without the need for
additional software. Another reason was flexibility;
there's no telling what protocols might be called
for, and L2TP over IPSec provided the ability to
transport more than just TCP/IP. Granted, that
flexibility doesn't mean much nowadays - what
*doesn't* use TCP/IP? - but it was a legitimate
concern back in the planning days.
Now, the current IPSec servers are Cisco ASA 5500s.
There's no plan that I'm aware of to enable pure
IPSec connections alongside or in replacement of L2TP
over IPSec.
We do have a pool of Cisco 3000 VPN servers that's
running PPTP, but there's no plan to have them run
IPSec. On the contrary, those servers ability to use
IPSec was recently disabled; they're one year short
of their end-of-life cycle, and the administrators
intend to retire them.
Anyway, that's the state of VPN here at IU. Sorry
there's no answer to hooking your Nokia up, but L2TP
over IPSec is the way the service owners chose to set
them up. Now, I don't know much about the distro of
Linux that goes on your Nokia, but is it possible for
it to use any of the "Swans" (FreeS/Wan, OpenSwan,
or StrongSwan)? Or something like isakmpd? I don't
know what would go into that; While I've played with
Mandrake/Mandriva, Red Hat/RHE/Fedora, and Gentoo,
I've never really driven that deep into Linux, so I'm
not certain what's involved in getting those apps to
run.
This is the email I got back from tech support:
Hello Chris. I hate to tell you this, but the only
VPN services IU provides are PPTP and L2TP over
IPSec. If your PDA's client doesn't support either of
those, then I'm afraid it won't be able to connect.
The decision to run L2TP over IPSec rather than full
IPSec over both transport and tunnel modes was made
quite some time back in order to ensure compatibility
with the largest majority of connecting clients -
Microsoft Windows computers - without the need for
additional software. Another reason was flexibility;
there's no telling what protocols might be called
for, and L2TP over IPSec provided the ability to
transport more than just TCP/IP. Granted, that
flexibility doesn't mean much nowadays - what
*doesn't* use TCP/IP? - but it was a legitimate
concern back in the planning days.
Now, the current IPSec servers are Cisco ASA 5500s.
There's no plan that I'm aware of to enable pure
IPSec connections alongside or in replacement of L2TP
over IPSec.
We do have a pool of Cisco 3000 VPN servers that's
running PPTP, but there's no plan to have them run
IPSec. On the contrary, those servers ability to use
IPSec was recently disabled; they're one year short
of their end-of-life cycle, and the administrators
intend to retire them.
Anyway, that's the state of VPN here at IU. Sorry
there's no answer to hooking your Nokia up, but L2TP
over IPSec is the way the service owners chose to set
them up. Now, I don't know much about the distro of
Linux that goes on your Nokia, but is it possible for
it to use any of the "Swans" (FreeS/Wan, OpenSwan,
or StrongSwan)? Or something like isakmpd? I don't
know what would go into that; While I've played with
Mandrake/Mandriva, Red Hat/RHE/Fedora, and Gentoo,
I've never really driven that deep into Linux, so I'm
not certain what's involved in getting those apps to
run.
| The Following User Says Thank You to genome4hire For This Useful Post: | ||
|
|
2007-03-01
, 05:01
|
|
Posts: 30 |
Thanked: 1 time |
Joined on Mar 2007
|
#5
|
This is why you should go to Purdue. It is much better and it also has one of the best college wifi networks. Do you have PAL at IU? If so maybe I can help. Otherwise go Purdue.
 |
|
2007-03-01
, 05:05
|
|
Posts: 919 |
Thanked: 37 times |
Joined on Aug 2006
@ /dev/null
|
#6
|
Originally Posted by hawkfanz
Thats a nice pitching line... I dont think thats a real solution though..
This is why you should go to Purdue. It is much better and it also has one of the best college wifi networks. Do you have PAL at IU? If so maybe I can help. Otherwise go Purdue.
|
|
2007-03-01
, 08:53
|
|
Posts: 5 |
Thanked: 0 times |
Joined on Mar 2007
|
#7
|
Originally Posted by framerate
Hi,
So I'm a decent programmer myself, but with no experience with Maemo yet combined with no experience with the technical side of VPN or kernel patching, this is not something I want to attempt coding...
My school/work uses PPtP and IPSEC VPN (see http://kb.iu.edu/data/ajrq.html )
What I really want is a simple GUI that allows me to enter the required name/pass/key options and will connect using the above protocol and allow me to use my N800 @ the office.
I really have little knowledge on how big of an undertaking this is, but I know it could definitely benefit the community if something like this happened and I'd be willing to put up some cash to someone who was able to get it working (and I assume some others would do the same).
I'm not talking about owning the rights or anything gross and non-opensource friendly. Just a small reward for someone who's willing to use their valuble time to write some software they wouldn't normally take the time to write perhaps.
If you think you might be able to do this, or perhaps know some more info on the technical limitations of the N800 hardware to allow this, or even if you want to offer up some money yourself, please post here!
If it doesn't work out, at least I gave my attempt to make it happen
Thanks guys!
I just saw your posting, and I think I may know how to pull it off, though it will take me some time to put the solution together with a GUI. I can however most likely put together something that can be used from a shell much quicker while we get the GUI worked out afterwards. I've configured VPNs on a LOT of systems and routers and most of my time was spent configuring IPSec in crossplatform setups for functionality between Windows & Linux.
The GUI would be a front end to OpenSwan one of the more powerful VPN applications out there. The solution that your campus requires, to make it simpler for their Windows clients to connect is actually a hell of a lot more complicated. IPSec creates a Layer 3 tunnel from peer to peer, then L2TP tunnels PPP inside another Layer 2 GRE tunnel, and finally PPP will authenticate and give you an IP on your campus' network. This is not an easy task to configure - but due to M$'s wisdom that is how "their" version of IPSec built in clients work!
The result is that you will need a Shared Key from your campus as well as a login and password to connect.
Now on the N800, which I am going to purchase this month (yay!) runs a version of debian, it should be possible to rebuild the packages necessary for your VPN client solution, which would roughly be:
1. openswan or strongswan w/ x.509 certificate patches
2. L2TP patched version of ppp
3. kernel modules for IPSec, either native or openswan implementations as well as any other protocols we are likely to need (GRE etc etc).
4. iproute2
5. Our own custom made front end (possibly written in GTK+) that configures and Initiates/Terminates tunnels for openswan.
Now, I haven't investigated OpenVPN - it may be that much easier to implement this solution with that piece of software - but honestly, I looked at your post and said - HEY I KNOW HOW TO DO IT. So lets try!
- Mephistos
 |
|
2007-03-01
, 15:48
|
|
Posts: 11,700 |
Thanked: 10,045 times |
Joined on Jun 2006
@ North Texas, USA
|
#8
|
Mephistos, did you get the developer discount? If you're going to seriously create this tool I think you should.
Question: will the app you're talking about work with a SecureID card token?
Question: will the app you're talking about work with a SecureID card token?
|
|
2007-03-01
, 19:28
|
|
Posts: 46 |
Thanked: 15 times |
Joined on Feb 2007
|
#9
|
I believe someone already did this, for the 770.
A company called Stinghorn announced a L2TP/PPTP VPN client for the 770. It required that you flash a custom kernel, to get the support needed.
Unfortunately, their website (www.stinghorn.com) is dead now. Google for them, and you'll see quite a bit of stuff.
If someone has a backup of their cvs/subversion tree, it might make the task considerably easier, as it will just require updating things to the N800
A company called Stinghorn announced a L2TP/PPTP VPN client for the 770. It required that you flash a custom kernel, to get the support needed.
Unfortunately, their website (www.stinghorn.com) is dead now. Google for them, and you'll see quite a bit of stuff.
If someone has a backup of their cvs/subversion tree, it might make the task considerably easier, as it will just require updating things to the N800
Originally Posted by mephistos
Hi,
1. openswan or strongswan w/ x.509 certificate patches
2. L2TP patched version of ppp
3. kernel modules for IPSec, either native or openswan implementations as well as any other protocols we are likely to need (GRE etc etc).
4. iproute2
5. Our own custom made front end (possibly written in GTK+) that configures and Initiates/Terminates tunnels for openswan.
Now, I haven't investigated OpenVPN - it may be that much easier to implement this solution with that piece of software - but honestly, I looked at your post and said - HEY I KNOW HOW TO DO IT. So lets try!
- Mephistos
|
|
2007-03-02
, 07:24
|
|
Posts: 5 |
Thanked: 0 times |
Joined on Mar 2007
|
#10
|
Originally Posted by Texrat
No, wasn't aware of it. But I haven't commited to making a purchase yet (waiting on next pay day). Where do I sign up for it?
Mephistos, did you get the developer discount? If you're going to seriously create this tool I think you should.
Question: will the app you're talking about work with a SecureID card token?
My school/work uses PPtP and IPSEC VPN (see http://kb.iu.edu/data/ajrq.html )
What I really want is a simple GUI that allows me to enter the required name/pass/key options and will connect using the above protocol and allow me to use my N800 @ the office.
I really have little knowledge on how big of an undertaking this is, but I know it could definitely benefit the community if something like this happened and I'd be willing to put up some cash to someone who was able to get it working (and I assume some others would do the same).
I'm not talking about owning the rights or anything gross and non-opensource friendly. Just a small reward for someone who's willing to use their valuble time to write some software they wouldn't normally take the time to write perhaps.
If you think you might be able to do this, or perhaps know some more info on the technical limitations of the N800 hardware to allow this, or even if you want to offer up some money yourself, please post here!
If it doesn't work out, at least I gave my attempt to make it happen
Thanks guys!