Read-only archive of the All About Symbian forum (2001–2013) · About this archive
All About Symbian Forum Archive

NCP VPN client for S60 3rd

17 replies · 36,757 views · Started 17 July 2008

md27514 19 Jul 2008, 11:18

Anyne knows how to use the new nokia vpn client with cisco concentrator or openswan? The instructions are only for nokia VPN or checkpoint.

sezuan 23 Jul 2008, 10:48

Hi,

md27514 wrote:Anyne knows how to use the new nokia vpn client with cisco concentrator or openswan? The instructions are only for nokia VPN or checkpoint.

I've outlined my VPN setup (Nokia E71) on http://wiki.paepstin.info/nokia:vpn
The main difference to the previous nokia clients (E60) was:

1. XAUTH seems to be required. If I disable it on both sides, it does not work. Currently unsure if it's an Nokia or Openswan issue.
2. I needed a small change in the NAT Traversal priorities, since the 'new' RFC style NAT traversal does not work, as long as both sides are NATed.
3. Great thing: no need to sign the VPN configuration anymore.

matthias

sezuan 24 Jul 2008, 15:00

Hi,

md27514 wrote:Matthias,

I don't understand you comment
"It does not work with the E51 and the E71. The pre-shared setup works on my E60."
you posted on your wiki.

What exactly doesn't work on E51 and E71 but does on E60?

I transfered my working preshared-key VPN config from the E60 to a E51 and E71 and it didn't work.

Then I tried a certificate config (I never tried this on the E60) and it didn't worked on the E51 and E71.

After activating XAUTH on both ends, the VPN works with the E51 and E71, too. Both, pre-shared key and certificate based. So, both configs on that wiki page should work with Openswan and the new Nokia VPN Client.

matthias

md27514 24 Jul 2008, 17:43

sezuan wrote:
After activating XAUTH on both ends, the VPN works with the E51 and E71, too. Both, pre-shared key and certificate based. So, both configs on that wiki page should work with Openswan and the new Nokia VPN Client.

So XAUTH is now required. I'm going to try it on my N95, I have an older setup working on it now (using old VPN client intended for N80).

md27514 25 Jul 2008, 17:20

I had not trouble getting the new nokia VPN client to work using PSK (activating XAUTH). But for some reason the RSA authorization using certificates doesn't. My VPN policy refuses to install.

sezuan 26 Jul 2008, 08:10

Hi,

md27514 wrote:I had not trouble getting the new nokia VPN client to work using PSK (activating XAUTH). But for some reason the RSA authorization using certificates doesn't. My VPN policy refuses to install.

I forgot to add two things to the wiki.

1. You have to add the certificate files. Then .p12 file, which contains the mobiles certificate and keys. I assume the name doesn't matter and it should have just the extension .p12. This is file refered as user-1.cer and user-1.key in the mobile's configuration.

2. You have to add the root ca (ca.crt in the wiki) file. But it must be converted to the DER format. You can do that with this command:

openssl x509 -inform PEM -outform DER -in ca.crt -out ca.cer

In the mobile's config it's:

CAs: 1
FORMAT: BIN
DATA: certvpn-ca.cer

matthias

hooba 15 Aug 2008, 13:19

md27514 wrote:I had not trouble getting the new nokia VPN client to work using PSK (activating XAUTH). But for some reason the RSA authorization using certificates doesn't. My VPN policy refuses to install.

I'm trying to set up a policy with the Nokia Mobile VPN Client Policy Tool.
How on earth do I set up a policy that uses Xauth with username and password, and that includes a 'Shared secret' for the group name?

darkbasic 18 Mar 2010, 11:40

Hi, I followed this (http://wiki.paepstin.info/nokia:vpn) guide, but when I try to install the policy files (both .pol and .pin zipped into .vpn) in tells me "Failed to install policy 'policyname', reason code -1".

I am trying to install the psk policy (e71.conf - PSK) with no xauth.

My phone is a Nokia Xpressmusic 5630.

Cheers