SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
|  reply to SoonerAl
Re: [PocketPC] - OpenVPN client for the PocketPC
A quick update...
Using the intermediate build supplied by the developer all network traffic from my iPAQ is being channeled through the OpenVPN tunnel when connected to the server while I am connected to an 802.11b wireless link. My OpenVPN server is configured to force this, ie. split-tunneling is not allowed.
There is still an issue if I use a 56K dial modem, which I only use for testing, with some traffic being channeled through the tunnel, some not and an irritating dropped dial connection in certain circumstances.
As always, with any alpha software...YMMV...
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| reply to SoonerAl
said by SoonerAl  :I am now running a special test version given to me by the developer. This is running well on my iPAQ 5555 in my short tests and all traffic is being sent from the client to the server just like I want, ie. split tunneling is disabled... Well, I am not sure if this is working as well as I thought. I am having a hard time determining if in fact the actual traffic flow is through the VPN tunnel all the time. Looking at numerous log files on my OpenVPN server PC is confusing at best.
So...on to more testing...
Since this is Alpha software, YMMV... 
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
|  reply to SoonerAl
I am now running a special test version given to me by the developer. This is running well on my iPAQ 5555 in my short tests and all traffic is being sent from the client to the server just like I want, ie. split tunneling is disabled...
I am not sure when he will incorporate the fix into the next general release... As always you can check that in the Release Announcements forum on the OpenVPN for PocketPC forums...
»ovpn.sq7ro.net/ovpnforum/viewfor···44873e1b
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| reply to SoonerAl
The developer has been busy making bug fixes and has also added desktop installers in various languages for those of you that don't want to use a .cab file for installation.
The current 12 May release is pretty stable on my iPAQ 5555. The big issue for me is the split tunneling issue. That is still not working...
The Change Log...
»www.ziggurat29.com/OVPNPPCAlpha/changes.htm
The main page...
»www.ziggurat29.com/OVPNPPCAlpha/···lpha.htm
The forum...
»ovpn.sq7ro.net/ovpnforum/
As always...YMMV...
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
3 edits | reply to SoonerAl
OK... I have the PocketPC client working again on my iPAQ 5555 via a 56K dial connection to my ISP then to my OpenVPN server. I am now using the new 3 May 2006 release. This line in the server config file...
»theillustratednetwork.mvps.org/O···ovpn.txt
...needs to be commented out as illustrated in order for the PocketPC to connect and be able to access LAN nodes...
quote:
Change this line:
push "redirect-gateway def1"
To this:
;push "redirect-gateway def1"
The upside is that I can access shared files and folder on my home LAN via the OpenVPN tunnel and ping hosts by name or by IP. The downside is that other internet traffic from my PocketPC client is not redirected through my OpenVPN server... 
Attached is a copy of my my PPC client config file.
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK | reply to DocLarge
Check your email...
I would do a backup before installing just in case you have problems. I have not, but its better to be safe than sorry... |
|
DocLarge
Premium
join:2004-09-08 | reply to SoonerAl
Crap,
I was getting ready to download it and see if I could get my ppc to run openvpn. Al, do you still have the old setup files saved somewhere?
Doc |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
|  reply to SoonerAl
vxUtil dump of OpenVPN session |
The advertised fix for the key password issue worked, ie. I can now password protect the user key which is good.
The problem now is the onboard TAP interface does not get a valid IP from the server, ie. it gets a 169.X.X.X address. See the attached screen shot... The PocketPC does get a valid IP from the OpenVPN server though, ie. the 10.8.0.31 IP...
I'll do a bit more testing over a 56K dial link later if I get a chance but right now I can not get beyond my OpenVPN server and my local LAN...bummer... |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| reply to SoonerAl
The client has been updated...
»www.ziggurat29.com/OVPNPPCAlpha/changes.htm
...and there is also an online discussion forum for the client...
»server.sq7ro.net/ovpnforum/index.php
Download from...
»www.ziggurat29.com/OVPNPPCAlpha/···lpha.htm
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
1 edit | reply to SoonerAl
Success...
Changing the server config file to force all client traffic through the server...
»Re: OpenVPN - a working example
...results in my being able to access my home LAN and shared files/folders, check email, surf the web, etc through the OpenVPN tunnel. I use my normal Work settings in the PocketPC Connection Manager as illustrated here...
»theillustratednetwork.mvps.org/W···ger.html
Note that I also use the Pocket Hosts program, as I noted earlier, to map my home PC names to their private LAN IP addresses...
This is on an iPAQ 5555 and a wireless connection to the public internet at the library...
The only thing not working is ActiveSync through the tunnel, but that is a minor irritant at this point...
HTH someone...
Later...
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| reply to SoonerAl
Well another test, this time from Panera Bread, also failed. I simply can not ping the server or remote network by IP or by name. I connect just fine to the server and get an assigned IP but that's it. This is using WiFi by the way.
Now the only difference between the dial-up to my ISP, which works (ie. I can ping remote network devices and access shares), and the library/Panera Bread test are the Connection Manager settings. The Connection Manager is configured like the following for a dial-up connection to my ISP...
»theillustratednetwork.mvps.org/W···tup.html
So my next test will be with the setting configured like this...
»theillustratednetwork.mvps.org/W···bVPN.htm
...versus like this where the Connection Manager is configured for Work, which is my normal wireless setting...
»theillustratednetwork.mvps.org/W···ger.html
More later when it happens...
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
2 edits | reply to SoonerAl
Testing again this morning on a real stable telephone link and after installing Marc Zimmermann's Pocket Hosts program I made some progress.
»www.handango.com/PlatformProduct···Id=54305
I was able to ping by name, access both of my XP Pro desktops using the built-in Terminal Services Client (TSC) by name and access shared files/folders on each PC by name through the OpenVPN tunnel. Attached is a screen shot of my Pocket Hosts file which corresponds to the hosts file I have on my XP Pro desktops and XP Pro laptop.
»theillustratednetwork.mvps.org/O···osts.txt
»theillustratednetwork.mvps.org/L···kLAN.htm
Now I need to test from some public wireless hotspots again including the library...
Note that I also modified the PocketPC configuration file by adding this...
# Special for PocketPC only
ip-win32 ipapi
...to the desktop/laptop OpenVPN config file...
The new PocketPC config file is at...
»theillustratednetwork.mvps.org/O···ovpn.txt
More later when it happens...
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| reply to SoonerAl
Well, my first attempt using the client from a wireless remote site (the local public library) failed...
I was able to connect to my OpenVPN server just fine and get an IP assigned by the server. See the attached screen shot. The problem was that I could not ping the server by name or IP or access any network shares...Hmmm...
The server and client logs show only a good connection but nothing beyond that...
I think I need to compare the PPC client config file with my laptop config file to see if I am missing something...
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| reply to SoonerAl
Settings tab | | 
TAP tab | | 
VPN tab | | 
Main Menu | |
Note that both the TAP and VPN tabs are shown in a not connected state...
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
1 edit | reply to SoonerAl
Ok...
The basic connection is working over a slow 56K dial-up link from my iPAQ 5555 PocketPC to my ISP and back to my OpenVPN server. I am able to ping both of my XP Pro desktops and access shared files/folders using Resco Explorer through the tunnel. See the attached image...
I could not ActiveSync over the link or access my XP Pro desktop with TSC (ie. Remote Desktop) but that is probably because the dial link kept dropping out...
I will test this from the local library, they have free wireless internet access, sometime this weekend (I hope) on a faster and more reliable data connection...
All in all though it looks good. The example PocketPC configuration file is on my small networking web page at...
»theillustratednetwork.mvps.org/L···ork.html
The configuration file is simply a modified version of the sample.ovpn file that was installed by the CAB installer. If someone wants to use it then you need to modify the server address/port number (note I normally use a high non-standard UDP port) and the Al.crt and Al.key file names. Obviously the files need to be on the PocketPC. I placed them, and changed the path in the config file, to the Program Files\OpenVPN\config folder.
The bottom line is that if you read the page carefully including Known Issues section you should be able to make this work on at least a WM2003 device.
As always...YMMV...
--
"When all else fails, read the instructions..." |
|
OZO
Premium
join:2003-01-17
| reply to SoonerAl
It's interesting!
I do not have PocketPC therefore can't help with tests. But may be some day...
Please keep us in touch with your tests.
--
Keep it simple, it'll become complex by itself... |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| reply to SoonerAl
Well, I have a basic connection up and running over my local home LAN from my iPAQ 5555 PocketPC to my XP Pro box acting as my OpenVPN server. The next test is from a dialup connection to my cable ISP from the iPAQ and on to my home LAN through my router from the public internet. That happens later today or more probably early tomorrow while the wife is asleep and not in need of the telephone...
So far so good...
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| I just now ran across this...Its still an alpha release so be warned...
»www.ziggurat29.com/OVPNPPCAlpha/···lpha.htm
As always...YMMV...
--
"When all else fails, read the instructions..." |
|
