VPN with PPTP and GPRS

---

I have been trying to establish a VPN connection with my xda over gprs to my office computer (PPTP) but I am not sure I have made the appropriate settings. There is no place to type in my username and password (except for the gprs connection).

Can anyone guide me on how to ensure a proper connection?

Also, I am not sure what the VPN connection will mean in terms of pocket pc functionality. Will it mean that I can access my office e-mail which would otherwise require a direct dial in? Will I be able to synchronize with my office outlook?

I would greatly appreciate your help. Thanks, apap

VPN

---

hi,

suggest ringing 0845 6006886 (O2 GPRS Helpline).

They have a PDF Doc that may help. They will e-mail it to you.

Doc Title VPN_Access_over_mobile_web.

Good luck
Ric.

Thanks for your help Ric.

I have followed the settings as discussed in the pdf file but I have not had any success. I will call the helpline.

private networks

---

Please note that if you are using O2 and your office have a private network range in the 10.0.0.0 range, you will have problems due to the subnet mask used, and the fact that O2 use NAT.

I have written a utility which monitors the routing table, and overcomes this problem by narrowing the net mask. Anyone who is interested, contact me for this software: martin@rozel.net

I tried to 'give' this software to O2, but they didn't seem to care. They didn't really seem to understand the problem.

Re: private networks

---

Quote:

Originally Posted by martinlong1978

[...]

I have written a utility which monitors the routing table, and overcomes this problem by narrowing the net mask. Anyone who is interested, contact me for this software: martin@rozel.net

I tried to 'give' this software to O2, but they didn't seem to care. They didn't really seem to understand the problem.

How about this: we'll dedicate a page to it on this site, and possibly even include a small tutorial that deals with networking stuff in general. If everyone in the know contributes a bit of their knowledge, I'll lay it all out, add the screenshots and put it on a page.

Re: private networks

---

Thanks.

Here's the gist of it.

Often, corporate networks use addresses in the range 10.0.0.0 - 10.255.255.255 in order to create private networks. This address range is designated for this purpose, and is the only class A range designated as such.

O2's GPRS network uses NAT in order to cut down the number of IP addresses they require. In doing so, they also use the private address range.

It is not recommended practice to use NAT for subscription networks, as they do not provide a 'complete' internet service. Certain peer-to-peer services will not work through NAT, as they require both devices to be publicly addressable - this however, is not the cause of this issue.

Lets look at the process of connecting to a VPN.

1) a 'dial up' connection is made to the GPRS service. When I say 'dial up' I do not mean a circut switched call is made (before you techies correct me), but still, some kind of PPP connection is made.

2) IP addresses are negotiated. An address is allocated to the device in the 10.0.0.0 range. During this allocation proceedure no subnet mask is specified, and the device assumes 255.0.0.0 as for a class A network.

3) The device adds a route to 10.0.0.0 mask 255.0.0.0 on the GPRS virtual adapter.

The connection to the VPN can now be made

1) a 'dial up' connection is made to the VPN service.

2) IP addresses are negotiated. An address is allocated to the device in the 10.0.0.0 range (depending on corporate config). During this allocation proceedure no subnet mask is specified, and the device assumes 255.0.0.0 as for a class A network.

3) The device adds a route to 10.0.0.0 mask 255.0.0.0 on the VPNvirtual adapter.

All seems fine - no? Try connecting to any host on the private network. Mail server, terminal server, web server. I bet you it doesn't work. That's because two routes have been allocated on the 10.0.0.0 mask 255.0.0.0 network. When you try and connect to your mail server (eg 10.0.0.6) the packets go straight out through the first matching route - the GPRS, and never even see the VPN route.

My software tool watches the route table (I use a function in the IPhlpapi.dll for those interested), and waits for a change. When it spots a change, it re-writes the routing table, narrowing the routing entries to 24 bit masks (it works out the missing octets from the gateway address).

So an example would be:

10.0.0.0 mask 255.0.0.0 gw 10.34.23.254 if GPRS
10.0.0.0 mask 255.0.0.0 gw 10.0.0.1 if VPN

becomes

10.34.23.0 mask 255.255.255.0 gw 10.34.23.254 if GPRS
10.0.0.0 mask 255.255.255.0 gw 10.0.0.1 if VPN

This allows you to access stuff in the 10.0.0.0 network.

Drawback:

You won't be able to peer to peer with other O2 XDA's who aren't on the same class C netowork - big deal, does anyone do this?

You are limited to contacting hosts on the same class C within your private network. I am working on broadening this range.



Files:

There is 1 file required - the executable, which should be placed in the startup folder. Let me know where to send this, and it can be made public.

util.

---

To keep you updated. I've just updated this slightly. It no longer requires MFC. It is 1 x 5.5 K executable.

Regards

Martin

Please note, not everyone will need this update. Only if your office uses a 10.0.0.0 subnet.

Thanks for all the enquiries.

Can I share the files - VPN_Access_over_mobile_web.pdf?

---

ops:
Hi ,

Can I share the files - VPN_Access_over_mobile_web.pdf? I am also testing the VPN conection over XDA GRPS, but if it is possible , pls mail me that PDF files. li.ding@storaenso.com

Thx

Li

CAn anyone please email me the VPN_Access_over_mobile_web.pdf file? Please Please Please!

Thanks
Ian
ian_mordey@yahoo.co.uk