I have been trying to establish a VPN connection with my xda over gprs to my office computer (PPTP) but I am not sure I have made the appropriate settings. There is no place to type in my username and password (except for the gprs connection).

Can anyone guide me on how to ensure a proper connection?

Also, I am not sure what the VPN connection will mean in terms of pocket pc functionality. Will it mean that I can access my office e-mail which would otherwise require a direct dial in? Will I be able to synchronize with my office outlook?

I would greatly appreciate your help. Thanks, apap

hi,

suggest ringing 0845 6006886 (O2 GPRS Helpline).

They have a PDF Doc that may help. They will e-mail it to you.

Doc Title VPN_Access_over_mobile_web.

Good luck
Ric.

Thanks for your help Ric.

I have followed the settings as discussed in the pdf file but I have not had any success. I will call the helpline.

Please note that if you are using O2 and your office have a private network range in the 10.0.0.0 range, you will have problems due to the subnet mask used, and the fact that O2 use NAT.

I have written a utility which monitors the routing table, and overcomes this problem by narrowing the net mask. Anyone who is interested, contact me for this software: martin@rozel.net

I tried to 'give' this software to O2, but they didn't seem to care. They didn't really seem to understand the problem.

[...]

I have written a utility which monitors the routing table, and overcomes this problem by narrowing the net mask. Anyone who is interested, contact me for this software: martin@rozel.net

I tried to 'give' this software to O2, but they didn't seem to care. They didn't really seem to understand the problem.


How about this: we'll dedicate a page to it on this site, and possibly even include a small tutorial that deals with networking stuff in general. If everyone in the know contributes a bit of their knowledge, I'll lay it all out, add the screenshots and put it on a page.

Thanks.

Here's the gist of it.

Often, corporate networks use addresses in the range 10.0.0.0 - 10.255.255.255 in order to create private networks. This address range is designated for this purpose, and is the only class A range designated as such.

O2's GPRS network uses NAT in order to cut down the number of IP addresses they require. In doing so, they also use the private address range.

It is not recommended practice to use NAT for subscription networks, as they do not provide a 'complete' internet service. Certain peer-to-peer services will not work through NAT, as they require both devices to be publicly addressable - this however, is not the cause of this issue.

Lets look at the process of connecting to a VPN.

1) a 'dial up' connection is made to the GPRS service. When I say 'dial up' I do not mean a circut switched call is made (before you techies correct me), but still, some kind of PPP connection is made.

2) IP addresses are negotiated. An address is allocated to the device in the 10.0.0.0 range. During this allocation proceedure no subnet mask is specified, and the device assumes 255.0.0.0 as for a class A network.

3) The device adds a route to 10.0.0.0 mask 255.0.0.0 on the GPRS virtual adapter.

The connection to the VPN can now be made

1) a 'dial up' connection is made to the VPN service.

2) IP addresses are negotiated. An address is allocated to the device in the 10.0.0.0 range (depending on corporate config). During this allocation proceedure no subnet mask is specified, and the device assumes 255.0.0.0 as for a class A network.

3) The device adds a route to 10.0.0.0 mask 255.0.0.0 on the VPNvirtual adapter.

All seems fine - no? Try connecting to any host on the private network. Mail server, terminal server, web server. I bet you it doesn't work. That's because two routes have been allocated on the 10.0.0.0 mask 255.0.0.0 network. When you try and connect to your mail server (eg 10.0.0.6) the packets go straight out through the first matching route - the GPRS, and never even see the VPN route.

My software tool watches the route table (I use a function in the IPhlpapi.dll for those interested), and waits for a change. When it spots a change, it re-writes the routing table, narrowing the routing entries to 24 bit masks (it works out the missing octets from the gateway address).

So an example would be:

10.0.0.0 mask 255.0.0.0 gw 10.34.23.254 if GPRS
10.0.0.0 mask 255.0.0.0 gw 10.0.0.1 if VPN

becomes

10.34.23.0 mask 255.255.255.0 gw 10.34.23.254 if GPRS
10.0.0.0 mask 255.255.255.0 gw 10.0.0.1 if VPN

This allows you to access stuff in the 10.0.0.0 network.

Drawback:

You won't be able to peer to peer with other O2 XDA's who aren't on the same class C netowork - big deal, does anyone do this?

You are limited to contacting hosts on the same class C within your private network. I am working on broadening this range.



Files:

There is 1 file required - the executable, which should be placed in the startup folder. Let me know where to send this, and it can be made public.

To keep you updated. I've just updated this slightly. It no longer requires MFC. It is 1 x 5.5 K executable.

Regards

Martin

Please note, not everyone will need this update. Only if your office uses a 10.0.0.0 subnet.

Thanks for all the enquiries.

:oops:
Hi ,

Can I share the files - VPN_Access_over_mobile_web.pdf? I am also testing the VPN conection over XDA GRPS, but if it is possible , pls mail me that PDF files. li.ding@storaenso.com

Thx

Li

CAn anyone please email me the VPN_Access_over_mobile_web.pdf file? Please Please Please!

Thanks
Ian
ian_mordey@yahoo.co.uk

Don't have this file to hand, but if it is the one I think (provided by o2 UK) it is on their site somewhere.

VPN to Win2k server (with fixed ip, and internal ip of 192.168.blah-de-blah) worked first time following those instructions, as did Terminal Server used to remotely control it.

HTH


CAn anyone please email me the VPN_Access_over_mobile_web.pdf file? Please Please Please!

Thanks
Ian
ian_mordey@yahoo.co.uk

For goodness sake.

http://www.o2.co.uk/mobileweb

Select the VPN Access tab!

Download the PDF from there.

A little surfing goes a long way

Hi Martin, I tried to mail you for the VPN fix but it bounced, any chance you could email it to me or attach it here? paul_w at cix dot co dot uk.

Thanks,

Paul

--
To: martin@rozel.net
Subject: XDAII VPN fix
Sent: Sat, 28 Feb 2004 13:15:42 -0000

did not reach the following recipient(s):

martin@rozel.net on Sat, 28 Feb 2004 13:30:55 -0000
The recipient name is not recognized
The MTS-ID of the original message is: c=us;a= ;p=trace computers
;l=DATA1504022813301W4WRN23
MSEXCH:IMS:Trace Computers PLC:Datawise:DATA15 0 (000C05A6) Unknown
Recipient



To keep you updated. I've just updated this slightly. It no longer requires MFC. It is 1 x 5.5 K executable.

Regards

Martin

Does anyone have this file? Or any contact details for martinlong?

Thanks,

Paul

Me and my significant other have 3 servers in our closet and host exchange (email), Active Directory, and outlook mobile access as well as things like ftp, web, and most importantly VPN. All my email that comes to us goes into my Outlook box on the exchange server then activesync sends a text message to my tmo pda phone and activesync begins downloading my mail and synchronizes my contacts and calendar. Once that is complete, a VPN connection is started up and the pda syncs with my desktop computer, so programs like vindigo and files like my documents are up to date. I even have the option of installing over the air or browsing my files on my computer at home.

Hey Sytris, I'm setup the same way pretty much but I've tried with 2 different devices and I can't get it to sync with the local computer. The active synce with exchange works fine and the vpn connects just fine. The active Sync app on the server then gets the connection from the PPC but shows connected as guest instead of my device and the active sync on the PPC still shows connecting but never goes anywhere. Did you run into that when setting yours up? Any suggestions? Thanks - Jim