Hello, i am new here, and i will begin with this post
What do you need:
Android phone (obviously)
Windows 7 PC (XP are not tested, testers welcome)
X-Plore File Manager
Home WiFi Network
Steps:
1. Download X-Plore file manager at Play Market. (i cannot post links now)
2. Go to Control Panel > Network and Sharing center > Advanced sharing settings > click all to on. (if you are unsure / have an unsecured network just do this everytime you want to transfer!)
3. Connect your phone to your wifi network
4. Open X-Plore
5. Set up the LAN (if hidden click show > show LAN)
6. Add server. (Scan is not working on me.)
7. fill in the blanks. path and domain do not need to be filled. Username is your windows username and password if you use (blank if not used).
8. fill the IP with 192.168.1.2 (you can try with 192.168.1.3 / 1.4 etc.. 1.2 usually works if you connect the PC first.)
9. click test. (if connection failure go back to step 8!)
10. now you can open your Users directory! (if you want to open the C:/ D:/.. open the settings in X-Plore and switch Show Hidden Files to on)
now you can upload and download files from or to your PC!
if there is any questions you can ask here. I will reply as soon as i can.
i do all the steps correct, i find my server, but when i try to enter in the server i get wrong username password, i enter my windows user id and i dont have any password to my account.
good advice, but i find the SGY screen too small for browsing my PC.
I prefer using Samba Filesharing (https://play.google.com/store/apps/details?id=com.funkyfresh.samba) and access my SD Card from my windows PC
wifi file transfr pro
Sent from my GT-S5360 using xda app-developers app
Just use airdroid )
Sent from my GT-S5360 using xda premium
blackjack1942 said:
Just use airdroid )
Sent from my GT-S5360 using xda premium
Click to expand...
Click to collapse
Yep. Airdroid is the best of all Ive tried!
for me this is the best,full Access and exchange data whenever I want and when tethering.:good:give it a try,its awesome.
http://forum.xda-developers.com/showthread.php?t=1752928
LoL I'm always using bluetooth D:
Airdroid is better.
With airdroid you don't need to install nothing in your computer. And it's better because you can install apps, read your messages, call to somebody and it's all in your web browser.
but with the method from my post u have full acces of all files on the device,you can install apps,full acces of system files,send sms,costomize your phone,you can make all what you want and many more and thats all in tethering mode.with airdroid it doesnt go.for me tha best.and its all in your webbrowser too.
Tested and fully working on vista
thanks
Confirmed working on Win 8.1
however my setting is different
in X-plore windows, the fields need to be filled are Server; Username; Password
[Server]
you can find the IP by opening up cmd and type "ipconfig"
look at IPv4 Address, that's what you have to type in server field
[Username]
this field, type your windows ID (the ID you use with windows store)
[Password]
the password of your windows ID
Hope it helps for Win 8.1 user
revomalik said:
Confirmed working on Win 8.1
however my setting is different
in X-plore windows, the fields need to be filled are Server; Username; Password
[Server]
you can find the IP by opening up cmd and type "ipconfig"
look at IPv4 Address, that's what you have to type in server field
[Username]
this field, type your windows ID (the ID you use with windows store)
[Password]
the password of your windows ID
Hope it helps for Win 8.1 user
Click to expand...
Click to collapse
Thank you for the ipconfig info; I couldn't get it to work because I didn't know what the server address was. X-plore should include this information in their wiki page.
I constantly get 0xC00000BB error from X-Plore eventhough i properly configured my Windows 7 to be logged in.
Is there anyone having problems related to X-Plore's LAN feature that is not working properly?
kimiraikkonen85 said:
I constantly get 0xC00000BB error from X-Plore eventhough i properly configured my Windows 7 to be logged in.
Is there anyone having problems related to X-Plore's LAN feature that is not working properly?
Click to expand...
Click to collapse
I was using X-plore on my Xiaomi mi Box 4s without any issues but after reset my router X-plore doesn't find my pc on Lan network....
I didn't find a solution yet....
Related
You may also call this reversed USB tether.
This might come in handy if you're near a computer (Win XP/Win7) and there's no Wifi to connect to etc..
So after some research and trying I've found some information on how to do this.
Requirements:
* Android 2.2 (or an older version with a root tethering app)
* ADB from Android SDK, or a rooted Android 2.2 with terminal in root mode
STEP 1:
Install USB drivers from Android SDK.
STEP 2:
Connect USB cable and activate USB Tethering.
You should see a new network interface. (On XP you might need to install the RNDIS driver manually, see below)
If you're also missing RNDIS driver on Win7, look here.
Win XP manual driver install Android USB Ethernet/RNDIS: (You can skip this if you're on Win 7)
1. Download the following configuration file inside the *.zip attached to this post (tetherxp.inf) to your Windows XP computer.
2. Use the USB cable that came with your phone to connect your phone to your computer.
3. On the Android phone, press Home > Menu > Settings to open the Settings application.
4. Press Wireless & networks > Tethering & portable hotspot.
5. Check USB tethering.
6. When Windows XP’s New Hardware Wizard opens, select No, not at this time and click Next.
7. Select Install from a list or specific location and click Next.
8. Click Browse to browse to the directory where you installed the configuration file you downloaded in Step 1 and click Next. Windows XP uses the configuration file to configure itself to support USB tethering with the Android phone. (This might take a while)
9. When Windows XP finishes installing the software for Android USB Ethernet/RNDIS, click Finish.
STEP 3:
Bridge the 2 network interfaces.
STEP 4:
Setup usb0 interface of your phone. You have to options:
1. From your computer, execute:
./adb shell netcfg usb0 dhcp
2. Or in a root terminal on your phone, type:
su
netcfg usb0 dhcp
You should now be able to connect to Internet on your phone using your computer's Internet connection.
Try to do a ping www.google.com to be sure.
STEP 5:
To shut down the reverse-tethering, first unbridge interfaces on your computer:
sudo ifconfig eth0 down
sudo ifconfig usb0 down
sudo ifconfig br0 down
sudo brctl delbr br0
sudo ifconfig eth0 up
sudo dhclient eth0
Then on your phone, uncheck the USB Tethering option.
Quote...
It is working now. After setting up ICS type in console emulator on your phone:
ifconfig usb1 192.168.2.2 netmask 255.255.255.0 up
route add default gw 192.168.2.1 dev usb0
iptables -F
iptables -F -t nat
setprop net.dns1 8.8.8.8
setprop "net.gprs.http-proxy" ""
Click to expand...
Click to collapse
Hope this helps some one who wants this to the right direction.
And maybe we're able to create an app to do this all automated.
Known issues but does not apply to all users:
1. Internet in browser application does not work.
2. Can't ping domain name.
For a little more info check out the sources, this includes the Linux version too.
Sources: Google android, Mycila
Nice info
Going to post a link on the hero forum where someone was wanting to do this. I wonder if this will work on a froyo hero too...
it would be cool if one of the devs could write a small app to switch this on n off great find tho shoemeistah
Thank you for the guide, It worked fine. There are several things not working though:
- can't download apps from market, they stuck on "downloading"
- my google account don't sync
- other apps don't update themselves. For example my twitter app won't show any new tweets until I open it and manually press "refresh"
I searched for this long time ago, even created a thread about it awhile back, didnt have luck like you did though
I gave up on it eventually, it would be nice to make an app out of it.
mind asking how did you confirm the net to be working on browser? by pinging google.com?
since i saw the last line you put "Internet in browser application does not work."
You can do that in the terminal
[U][B] Internet connection on your Android phone via your PC [/B][/U]
I think I found the best solution. Check it out connectify.me
I wanted to use my PC wired internet & I was astonished that this wasn't available in my HTC Desire & 1st Android device!. I looked over the net, I found many options but most asked for a rooted device! I didn't want to root my brand new Desire.
Connectify is an easy to use software router for Windows 7 computers. After downloading and installing the lightweight application, Connectify utilizes your computers' built in Wi-Fi card to wirelessly share any available Internet connection: a cable modem, a cellular card, or even another Wi-Fi network. Other Wi-Fi enabled devices including laptops, smart phones, music players, and gaming systems can see and join your Connectify hotspot just like any other Wi-Fi access point and are kept safe and secure by password-protected WPA2 Encryption.
I tried it & it's working perfectly for me .. It's a free app.
-----------
Phone: HTC Desire (SIM Free)
Type: Desire
Build: HTC Desire 2.2, 2.10 (kernel: htc 2.6.32.15)
Baseband: 5.09.05.30
Network: UMTS auto (EGY)
By me it didn't work. Using OpenDesire with Froyo 2.2
So I made it work, by edititng the .inf file.
Here the file for USB\VID_0BB4&PID_0C02.
For all which still have a problem(USB TETHERING ON DEVICE MUST BE ACTIVE, ALSO THE IDs DIFFERS BETWEEN CONNECTED WITH ADB OR NOT), go into the device manager -> open the device -> goto tab details -> choose device id
look at it, you see somewhere vid_XXXX and further pid_XXXX
open my file -> goto line 31 -> change vid_YYYY and pid_YYYY with what you see in your device dialog. the same you do on line 35. be careful with 0 or o.
Regards
Ralph
I am also using connectify, easy to install, set it up, connect with Desire, anything works fine.
Thanks GhostOfTheNet.
chrismast said:
I am also using connectify, easy to install, set it up, connect with Desire, anything works fine.
Click to expand...
Click to collapse
I appreciate the recommendations for other solutions.
But as you can see this thread is for a internet solution at places where is no Wifi available.
So please keep it on topic, thanks!
browser & webviews
Any idea why browser won't work?
I'm interested in testing against internal sites (of course no WAP here.. cuz they be scared i guess).. both Browser and embedded webviews.
connectify great program.works fine
its a default feature in hd roms but that doesnt work in all programs
Connectify doesn't work correctly with my Galaxy 5. It keeps connected for a short time then disconnects and then, connects again, connect, disconnect...
Does anyone know how to fix it?
Thanks Man
plz make a video tutroial of this
its difficult to under stand
does it actualy work?? anyone tried this and actualy worked??? just a simple yes or no.
thanks
small proble plz solve it
hi
I have a small problem in it when my device is not in usb tethering mode
i can see it in my adb devices
as soon as is start usbtethering it say no device found
plz help me
thanks a lot !!!
realy nice guide! Thanks!
I need help viewing my shared files over my VPN.
OK so I have setup a VPN on my Win7 machine, port forwarded pptp in my router and have successfuly added the VPN on my DHD. The Android device connects OK (something has popped up in Win7 about RAS (Dial In) Interface, not too sure about this) but I cannot seem to view any of my shares in ES File Explorer under LAN.
I have added a new server (while connected to VPN) in ES File Explorer using the IP of my Win7 wireless network connection (192.168.0.103) but it wont display anything.
server: 192.168.0.103
Username: username
Password: *******
Each tme I try to connect it says:
"smb://192.168.0.103/
Network path not found or time out"
Anybody got any ideas on how to get this working?
fubofo said:
I need help viewing my shared files over my VPN.
OK so I have setup a VPN on my Win7 machine, port forwarded pptp in my router and have successfuly added the VPN on my DHD. The Android device connects OK (something has popped up in Win7 about RAS (Dial In) Interface, not too sure about this) but I cannot seem to view any of my shares in ES File Explorer under LAN.
I have added a new server (while connected to VPN) in ES File Explorer using the IP of my Win7 wireless network connection (192.168.0.103) but it wont display anything.
server: 192.168.0.103
Username: username
Password: *******
Each tme I try to connect it says:
"smb://192.168.0.103/
Network path not found or time out"
Anybody got any ideas on how to get this working?
Click to expand...
Click to collapse
Try use ciffs manager. )
Sent from my Desire HD using XDA App
mero01 said:
Try use ciffs manager.
Click to expand...
Click to collapse
Just one "f" - you can find it in the market by searching for CifsManager or just Cifs.
Note that you will need to have the correct kernel modules (i.e. slow-work.ko and cifs.ko) for your kernel inserted (i.e. loaded, on your rooted phone) for CifsManager to work.
You can find more info here:
http://forum.xda-developers.com/showthread.php?t=821717
Thanks for the replies guys. In the end I just gave up and setup an ftp server on my PC
Sent from my Desire HD using XDA App
Hello Guys.
I bought a WiFi Disk-Case Systec PX-4709 or Powson PX-4709. Because its very small.
For this disk exists a app named "AirStor" (Power7 Technology).
A test is in androidpit. this device is shown in the app, but i cannot move anything or create folders on the device.
The software is very too basic. Oter software like "WiDisk" and so on is not working too.
So i tried with "Total Commander" and FTP or LAN plugin. But with LAN (port 80) and FTP (port 21) i get no access.
A try with "ES Datei Explorer" and the LAN, WEB and FTP options but the device will not be found.
The procedure to have access to the drive is:
- Connect to accesspoint / Server of the drive over WiFi-Network
- Start the app AirStor: the device is shown now as empty
- It is possible to change the drive parameter like SSID and IP, but this was not function. So i take the default
- Select a file and copy it to the disk, but this is not going
With which software can i get a access on the device? I see the mac and the IP address, but i not know the ports for communication.
Can i find out which communication-protocols are running and on which port? Or which protocol is using by AirStor?
Unfortunately in Windows i cannot have access too. I cannot ping and see the device.
Over USB i have with Windows 7 pro 64Bit also no access. Its only possible to connect with AirStor?
Can anybody help me?
Kind regards
robitobi
What is the username to access via SSH in Windows Phone 10 , I discovered that there is an active port 22 ssh works. The password is displayed on the screen in the developer pairing options
danpio said:
What is the username to access via SSH in Windows Phone 10 , I discovered that there is an active port 22 ssh works. The password is displayed on the screen in the developer pairing options
Click to expand...
Click to collapse
The password is displayed on the screen in the developer pairing options
It's Sirepuser, but unfortunately they're using cert pinning for the SSH, so if you try accessing it you'll be treated with a pretty message.
Now what SSH is used for is for Windows 10 app deployment (When you enable Device Discovery for winappdeploycmd and for the wconnect app).
snickler said:
It's Sirepuser, but unfortunately they're using cert pinning for the SSH, so if you try accessing it you'll be treated with a pretty message.
Now what SSH is used for is for Windows 10 app deployment (When you enable Device Discovery for winappdeploycmd and for the wconnect app).
Click to expand...
Click to collapse
WTF so close ... but thanks !!
ssh [email protected]
Permission denied ([email protected],publickey).
I try connect to adbd server from mac os in WP10
I got around this.
http://forum.xda-developers.com/win...de-filesystem-access-sftp-windows-10-t3185766
BTW, don't try connecting via SSH as they don't have an actual shell. If you're using a mac, you'll need to pass the private key along with your request.
L2TP work as well.
IKEv2 not route , and can not get the vaild IP address.
Can anyone solve this problem?
0oVicero0 said:
L2TP work as well.
IKEv2 not route , and can not get the vaild IP address.
Can anyone solve this problem?
Click to expand...
Click to collapse
are you on Redstone build ?
seems VPN broken on Redstone , not only IKEV2
It's working fine for me. IKEv2 IPsec, Strongswan server.
Requires editing the connections file on the phone, though. Windows 10 mobile (same for PC) will not use the default route provided by the VPN server and there is no toggle to send all the traffic through the VPN like there was on Windows Phone 8/8.1 in the VPN connection settings GUI.
So, 'IpPrioritizeRemote=1' has to be set manually for the connection in rasphone.pbk on the phone. This can be achieved and requires an NTFS formatted SD card with the modified rasphone.pbk and a symbolic link to 'C:\Data\USERS\DefApps\APPDATA\ROAMING\MICROSOFT\Network\Connections' (you can make this symbolic link on the PC).
First you have to create a VPN connection on the phone, then delete it. This will make 'C:\Data\USERS\DefApps\APPDATA\ROAMING\MICROSOFT\Network\Connections\Pbk\' user writable and you can put a modified rasphone.pbk file in that location by accessing it through the symbolic link on the SD card.
If you don't know how to make the rasphone.pbk file, first configure the connection as it should be on the phone, then copy rasphone.pbk from the phone, edit it on PC and add 'IpPrioritizeRemote=1'. Delete the VPN connection from the phone, and put the modified rasphone file in its place.
Reboot might be required after copying the file manually.
^ This is for phones that can't be interop unlocked like my Lumia 950XL. It's much easier for other phones which can be unlocked and full FS access is achievable.
Pretty stupid omission on Microsoft's part. I've been shouting about it on windows feedback since Windows 10 Mobile was released to insiders, but no one listens.
VPN is broken in Windows 10. Period! Microsoft it's not going to fix it.
w.bogdan said:
VPN is broken in Windows 10. Period! Microsoft it's not going to fix it.
Click to expand...
Click to collapse
No period. It's broken, but it can be made to work. Who put you in charge of dropping the period?
DLS123 said:
No period. It's broken, but it can be made to work. Who put you in charge of dropping the period?
Click to expand...
Click to collapse
Search for "Windows 10 DNS resolution" or other VPN related issues in Windows 10. It's not a bug, it's a feature ... for NSA, the government of China and so on.
w.bogdan said:
Search for "Windows 10 DNS resolution" or other VPN related issues in Windows 10. It's not a bug, it's a feature ... for NSA, the government of China and so on.
Click to expand...
Click to collapse
I know about it and took measures against it. They call it Smart multi-homed name resolution. It can be disabled on Desktop and also the order of DNS servers used can be set for each VPN connection. This isn't really caused by the broken built-in VPN client, but the way Windows 10 itself works out of the box.
DLS123 said:
I know about it and took measures against it. They call it Smart multi-homed name resolution. It can be disabled on Desktop and also the order of DNS servers used can be set for each VPN connection. This isn't really caused by the broken built-in VPN client, but the way Windows 10 itself works out of the box.
Click to expand...
Click to collapse
It's not just desktop. On W10M, DNS leaks, VPN connected icon is barely visible and you don't get notified if the VPN connection drops. Is hard to believe Satya Nadella is so dumb not to notice.
w.bogdan said:
It's not just desktop. On W10M, DNS leaks, VPN connected icon is barely visible and you don't get notified if the VPN connection drops. Is hard to believe Satya Nadella is so dumb not to notice.
Click to expand...
Click to collapse
I know there are DNS leaks on W10Mobile and multi-homing can't be disabled, but I don't have a problem with that. The purpose of VPN for me is to gain access to other private networks and encrypt the communication with them. DNS leaks aren't that critical. It's not like I don't want my employer to know what websites I access while connecting to VPNs from their network. I couldn't care less to be honest that they're logging my DNS querries. And I also don't live in China.
Even if they have my DNS records they still won't ever be able to break the encrypted IPsec tunnels and get any glimpse of what's passing through them.
Wasn't able to download rasphone.pbk from the phone but could upload one.
I used my Windows 10 PC and created the connections there. Then I disabled IpPrioritizeRemote and used the powershell cmdlet Add-VpnConnectionRoute to add a route to the pbk file pointing to my local subnet.
I am now able to connect to the internet and access corporate resources at the same time.
I however couldn't connect from one particular app which worked in 8.1. There may be issues with non universal apps.
DLS123 said:
It's working fine for me. IKEv2 IPsec, Strongswan server.
Requires editing the connections file on the phone, though. Windows 10 mobile (same for PC) will not use the default route provided by the VPN server and there is no toggle to send all the traffic through the VPN like there was on Windows Phone 8/8.1 in the VPN connection settings GUI.
So, 'IpPrioritizeRemote=1' has to be set manually for the connection in rasphone.pbk on the phone. This can be achieved and requires an NTFS formatted SD card with the modified rasphone.pbk and a symbolic link to 'C:\Data\USERS\DefApps\APPDATA\ROAMING\MICROSOFT\Network\Connections' (you can make this symbolic link on the PC).
First you have to create a VPN connection on the phone, then delete it. This will make 'C:\Data\USERS\DefApps\APPDATA\ROAMING\MICROSOFT\Network\Connections\Pbk\' user writable and you can put a modified rasphone.pbk file in that location by accessing it through the symbolic link on the SD card.
If you don't know how to make the rasphone.pbk file, first configure the connection as it should be on the phone, then copy rasphone.pbk from the phone, edit it on PC and add 'IpPrioritizeRemote=1'. Delete the VPN connection from the phone, and put the modified rasphone file in its place.
Reboot might be required after copying the file manually.
^ This is for phones that can't be interop unlocked like my Lumia 950XL. It's much easier for other phones which can be unlocked and full FS access is achievable.
Pretty stupid omission on Microsoft's part. I've been shouting about it on windows feedback since Windows 10 Mobile was released to insiders, but no one listens.
Click to expand...
Click to collapse
Thanks!!! It's working fine!
I think Microsoft do not want to fix it.
0oVicero0 said:
I think Microsoft do not want to fix it.
Click to expand...
Click to collapse
Yeah, looks like that's the case. There is very little feedback in insider hub about VPN problems. Very few care about these issues so probably MS has no incentive to fix and prefer to rely on MDM for VPN configuration on these devices. Now if only that were an option for mere mortals...
How to import self-signed key or export builtin cert for a strongswan server?
DLS123 said:
It's working fine for me. IKEv2 IPsec, Strongswan server.
Click to expand...
Click to collapse
How did you get the VPN connection set up properly (aside from the IpPrioritizeRemote setting)?
I've set up a strongswan server and generated my own self-signed keys using ipsec pki, but when I import the key to my Lumia 1520 (by tapping it using the Files app and tapping import at the prompt), the VPN connection will not send that cert. Instead it sends a certificate issued by CN=Microsoft Genuine Windows Phone CA15" with an OU that looks like a GUID.
So I tried punting and just exporting that certificate to place on my strongswan server ... but I can't figure out how to get the certificate off the phone either. So how do I do either one?
rlively said:
How did you get the VPN connection set up properly (aside from the IpPrioritizeRemote setting)?
I've set up a strongswan server and generated my own self-signed keys using ipsec pki, but when I import the key to my Lumia 1520 (by tapping it using the Files app and tapping import at the prompt), the VPN connection will not send that cert. Instead it sends a certificate issued by CN=Microsoft Genuine Windows Phone CA15" with an OU that looks like a GUID.
So I tried punting and just exporting that certificate to place on my strongswan server ... but I can't figure out how to get the certificate off the phone either. So how do I do either one?
Click to expand...
Click to collapse
I don't know what self generated certificate your phone sends, but you shouldn't use that.
You should generate a client certificate on the strongswan server then you should include both the root CA and the client certificate and pack them together in a PKCS 12 file (.p12) which you open on the phone and import. The phone will choose the proper certificate stores to import to. Did you do that?
https://www.zeitgeist.se/2013/11/22/strongswan-howto-create-your-own-vpn/
Just follow this tutorial., with the only mention that you should add "--flag clientAuth" to the command line for generating the client certificate.
DLS123 said:
I don't know what self generated certificate your phone sends, but you shouldn't use that.
You should generate a client certificate on the strongswan server then you should include both the root CA and the client certificate and pack them together in a PKCS 12 file (.p12) which you open on the phone and import. The phone will choose the proper certificate stores to import to. Did you do that?
Just follow this tutorial., with the only mention that you should add "--flag clientAuth" to the command line for generating the client certificate.
Click to expand...
Click to collapse
Thanks, that is a good tutorial - I definitely did not use the clientAuth flag (the ipsec tutorial for openWRT didn't include it: openwrt doc/howto/vpn.ipsec.roadwarrior), so I tried generating new certs with clientAuth. Unfortunately I got the same results. My Win10 phone sent the same "Microsoft Genuine Windows Phone CA15" cert.
Did you import the PKCS 12 file just by tapping it in the Microsoft "Files" app on the phone or did you use another method? I'm verifying the certs with the Microsoft "Certificates" app, which does show that the original cert I generated has no "Enhanced usages" but the second has "Client Authentication." Still the builtin VPN client won't pick it to send to my strongSwan server.
I did away completely with my configuration and started over with the win7 configuration here: strongswan wiki: Win7CertReq but none of it will help if I can't get my phone to actually send the correct certificate ... this configuration did something a little different though:
My phone sent the correct certificate in the "received TLS peer certificate" line followed by these error messages:
no trusted certificate found for 'my-CN-here' to verify TLS peer
sending fatal TLS alert 'certificate unknown'
Despite the fact that I have the certificate pem in /etc/ipsec.d/certs ...
in any case it continues on and sends the Microsoft cert afterwards and then the server throws "no peer config found" (since I don't have the public cert loaded for that MS cert).
Followed up on the error here: strongswan wiki /issues/785
I also tried it with "eap_identity=%identity" instead of "eap_identity=%any".
Frustrating that it works great for Win7 but I just can't get a Win10 phone working. Any guides out there specifically for Windows phone + Strongswan?
rlively said:
Thanks, that is a good tutorial - I definitely did not use the clientAuth flag (the ipsec tutorial for openWRT didn't include it: openwrt doc/howto/vpn.ipsec.roadwarrior), so I tried generating new certs with clientAuth. Unfortunately I got the same results. My Win10 phone sent the same "Microsoft Genuine Windows Phone CA15" cert.
Did you import the PKCS 12 file just by tapping it in the Microsoft "Files" app on the phone or did you use another method? I'm verifying the certs with the Microsoft "Certificates" app, which does show that the original cert I generated has no "Enhanced usages" but the second has "Client Authentication." Still the builtin VPN client won't pick it to send to my strongSwan server.
I did away completely with my configuration and started over with the win7 configuration here: strongswan wiki: Win7CertReq but none of it will help if I can't get my phone to actually send the correct certificate ... this configuration did something a little different though:
My phone sent the correct certificate in the "received TLS peer certificate" line followed by these error messages:
no trusted certificate found for 'my-CN-here' to verify TLS peer
sending fatal TLS alert 'certificate unknown'
Despite the fact that I have the certificate pem in /etc/ipsec.d/certs ...
in any case it continues on and sends the Microsoft cert afterwards and then the server throws "no peer config found" (since I don't have the public cert loaded for that MS cert).
Followed up on the error here: strongswan wiki /issues/785
I also tried it with "eap_identity=%identity" instead of "eap_identity=%any".
Frustrating that it works great for Win7 but I just can't get a Win10 phone working. Any guides out there specifically for Windows phone + Strongswan?
Click to expand...
Click to collapse
I import the certificates from file explorer on phone or from the OneDrive app, doesn't matter.
Have you actually set the EAP identity correctly in the client certificate? CN has to be exactly the same as --san
That's the eap_identity which has to be known if you use EAP-TLS.
I don't know what else to say, maybe post your ipsec.conf with censored IPs
DLS123 said:
I import the certificates from file explorer on phone or from the OneDrive app, doesn't matter.
Have you actually set the EAP identity correctly in the client certificate? CN has to be exactly the same as --san
That's the eap_identity which has to be known if you use EAP-TLS.
I don't know what else to say, maybe post your ipsec.conf with censored IPs
Click to expand...
Click to collapse
For the moment I just have mschap authentication with no certificate and it works. The certificate is just giving me fits.
On my client certificate my CN is not the same as the san. My san is set to the FQDN of my VPN server ... the CN of my client certificate is an identifier for my client.
What does the VPN server use for eap_identity - the CN from the client certificate when set to eap_identity=%identity ?
---------- Post added at 10:01 PM ---------- Previous post was at 09:35 PM ----------
rlively said:
For the moment I just have mschap authentication with no certificate and it works. The certificate is just giving me fits.
On my client certificate my CN is not the same as the san. My san is set to the FQDN of my VPN server ... the CN of my client certificate is an identifier for my client.
What does the VPN server use for eap_identity - the CN from the client certificate when set to eap_identity=%identity ?
Click to expand...
Click to collapse
My server certificate does have a CN and san that match. I thought I read somewhere that having that same value in the client san would help the client match up the cert to send to the server, at least for Windows Phone. Of course I can't find that guide now, so maybe I misread. I do see that in the example on https://www.zeitgeist.se/2013/11/22/strongswan-howto-create-your-own-vpn/ that the server CN and san match and the client CN and san match each other.
In the client certificate you should have [email protected]_FQDN --san server_FQDN --flag clientAuth
the eap_identity used by strongswan is the part before @ from CN.
It won't match anything when using eap_idenity=%identity if you don't do it like this.
Are there any relevant registry files we can access with interop tools?
DLS123 said:
It's working fine for me. IKEv2 IPsec, Strongswan server.
Requires editing the connections file on the phone, though. Windows 10 mobile (same for PC) will not use the default route provided by the VPN server and there is no toggle to send all the traffic through the VPN like there was on Windows Phone 8/8.1 in the VPN connection settings GUI.
So, 'IpPrioritizeRemote=1' has to be set manually for the connection in rasphone.pbk on the phone. This can be achieved and requires an NTFS formatted SD card with the modified rasphone.pbk and a symbolic link to 'C:\Data\USERS\DefApps\APPDATA\ROAMING\MICROSOFT\Network\Connections' (you can make this symbolic link on the PC).
First you have to create a VPN connection on the phone, then delete it. This will make 'C:\Data\USERS\DefApps\APPDATA\ROAMING\MICROSOFT\Network\Connections\Pbk\' user writable and you can put a modified rasphone.pbk file in that location by accessing it through the symbolic link on the SD card.
If you don't know how to make the rasphone.pbk file, first configure the connection as it should be on the phone, then copy rasphone.pbk from the phone, edit it on PC and add 'IpPrioritizeRemote=1'. Delete the VPN connection from the phone, and put the modified rasphone file in its place.
Reboot might be required after copying the file manually.
^ This is for phones that can't be interop unlocked like my Lumia 950XL. It's much easier for other phones which can be unlocked and full FS access is achievable.
Pretty stupid omission on Microsoft's part. I've been shouting about it on windows feedback since Windows 10 Mobile was released to insiders, but no one listens.
Click to expand...
Click to collapse
Hi I tried your manual, unfortunately without any success
If I Read it correctly you do the following steps:
1) Format sd card on NTFS
2) On the sd card create symbolic link to: C:\Data\USERS\DefApps\APPDATA\ROAMING\MICROSOFT\Network\Connections
3) Insert sd in phone
4) Create a vpn connection on the phone
5) Delete al the vpn connections on the phone
6) Use the phone to put a new (modified) rasphone.pbk file on the sd card (though onedrive??). I cant access my sd om my pc when usb is connected
7) Reboot the phone
8) Make a new vpn connection (can it have a different name?)
Can someone verify if i miss something?
I'll be very happy if this works