Connect to Cisco VPN from Android
Tested on:
- Rooted G1 (clean JesusFreke v1.51 US image)
Prerequisites:
- VPN connection settings or a pcf file
- If you need to decrypt enc_GroupPwd from pcf, Linux box with vpnc installed
- Something to extract bz2 files
- BusyBox (or alternative copy method that doesn’t use tar)
- Get-a-robot-vpnc package
- Root access!
First of all, this is an alternative version of instructions from xda-developers post by Phlogiston. I’ve included more complete details for those people who wouldn’t know the first thing about getting started with vpnc. Big win credit to wmealing for bringing vpnc to Android!
Extract the bz2 file (not on the phone yet). Note the directory structure is /data/data/org.codeandroid.vpnc/..., this is designed to be extracted directly to the root of the phone.
Open /data/data/org.codeandroid.vpnc/etc/vpnc/vpnc.conf and place your VPN connection settings in there. Very important that you remove or comment out the line “IKE authmode hybrid” or later you will have errors about missing openssl components. If you are not sure about the vpnc.conf settings and you have the .pcf file, map the following values…
| Typical .pcf | vpnc.conf |
|---|---|
| Host | IPSec gateway (lowercase) |
| GroupName | IPSec ID |
| GroupPwd* | IPSec secret |
| Username (usually omitted) | Xauth username |
| UserPassword (usually omitted) | Xauth password |
You should know your user name and password. Of course I’m not going to recommend that you store them in plain text in this file, but it sure does make life a whole lot simpler.
*If GroupPwd is blank and instead you have enc_GroupPwd you need to use the cisco-decrypt tool that usually comes with a standard vpnc installation (in my distro it’s found at /usr/lib/vpnc/cisco-decrypt). Simply run:
/usr/lib/vpnc/cisco-decrypt <enc_GroupPwd hash>
Open /data/data/org.codeandroid.vpnc/etc/vpnc/vpnc-script and change the first line to “#!/system/bin/sh” (replace bash with just sh).
Now you need to get it all on to your phone. Confirm you have the tar command on the phone by opening up the terminal app and typing “tar“. If you don’t have it, you might want to get BusyBox.
From the directory where you extracted the bz2 file, run the following to make a tarball:
$ tar -cvf vpnc.tar ./data/data
Copy that to the phone’s sdcard. While you have the sdcard mounted on your PC, create a directory called vpnc and create two empty files in there named go and prep (you can name them anything really).
Open go and paste the following (this is one single long line of text):
/data/data/org.codeandroid.vpnc/bin/vpnc /data/data/org.codeandroid.vpnc/etc/vpnc/vpnc.conf --script /data/data/org.codeandroid.vpnc/etc/vpnc/vpnc-script --pid-file /data/data/org.codeandroid.vpnc/etc/vpnc/vpnc-pid --no-detach --debug 1
Open prep and paste the following:
modprobe tun
lsmod
mkdir /dev/net
ln -s /dev/tun /dev/net/tun
These scripts will help you type less on the handset. Now unmount the sdcard and wait for the phone to check it. Open up a terminal and run the following:
$ su
# cp /sdcard/vpnc.tar /data
# cd /data
# tar xvf vpnc.tar
# rm vpnc.tar
# cd /sdcard/vpnc
# sh prep
# sh go
If all went well you should see the following happy little message!
… and to later kill the VPN connection, just press Ball+C. Note: You only need to run the prep script the first time during the session (when the phone reboots you’ll need to run it again).
If you want to undo it all and start from scratch, just do a recursive delete of /data/data/org.codeandroid.vpnc directory and reboot.
[...] Der Artikel trägt den Titel: Connect to Cisco VPN from Android (Link) [...]
Thank you very much. Greetings from Bulgaria’s Android fans.
Go ahead.
My pleasure. I’m glad you found it useful.
I am unable to transfer the .tar file to the / directory. I am getting a “read only” directory error. I have an ADP1 phone with the JF 1.51 image installed on it. Do you have any ideas why I don’t have permission. I am a super user (#) in the ADB shell. Thanks
If you are using the ADB shell, you should be able to extract it all first and then copy the directory structure across with “adb push ./ /” from the directory you extracted the bz2 file. Check out the xda-developers post, they use the ADB shell in the steps listed there. Take care or you may put everything in the wrong place. Good luck!
@Justin, you are quite correct though, there was a problem with my instructions since you can’t write to /. Go one directory deeper when taring the files and copying. I’ve updated the instruction starting from just below the first screen shot. Thanks for catching that.
Hello – wondering if I can get some specification. When creating the two files – go and prep… what kind of files are they. I just put these into text editor but busybox says it can’t open prep and can’t open go.
That’s odd, what text editor did you use?
[...] appear to be a simple app available to accomplish this feat. About two weeks ago, I stumbled upon this page which described how to configure vpn for Android. Using those directions (with help from the xda [...]
[...] [...]
[...] [...]
Hi,
the modprobe command does not work.
it says that the module can not be found. How can I install the tun.ko by myself?
thanks
I get the error that it was built without openssl and can’t do hybrid or cert mode, is there a ‘simple’ mode option?
@Jared Have a look at 3rd paragraph, 2nd sentence… “Very important that you remove or comment out the line “IKE authmode hybrid” or later you will have errors about missing openssl components.”. Is that your problem?
Hi, is the vpn client only used for cisco? I tried to login my school’s vpn, i can’t identify whether it is cisco vpn, does that mean i maybe can’t sucess? thanks
Yes, just CISCO. If the school was using CISCO you’d probably know about it since the VPN client is branded.
Gday Guys,
Original author of the project, we have an APK release now.. Requires root and “tun” support on your phone (most modern roms will have this).
Check out the instructions here:
http://code.google.com/p/get-a-robot-vpnc/
Does it also work on a standard G1 dev phone (not a tmobile) with cupcake ?
Don’t want to install JF1.51 image…
Anyone ?
Thanks alot
Anyone tried this on the motorola droid?
Well what can i do if i simply does not have tun module? have cyanogen 4.2.7.1 kernel 2.6.29.6-cm42 1.6 FW but cant modprobe tun or find it anywhere..
Ok so it does not have kernel module cos module is compiled in kernel already.
>>Anyone tried this on the motorola droid?
Yes, i don’t work without root…
However, i’ll try a quick&dirty patch this weekend to unroot this application und use the built-in tunnel.
I’ don’t make no promises – i’ll try and tell about.
/Robert
@robertpic71
Did you get this working on The Moto Droid? I have a rooted Droid with 2.01 and would like to get this working.
I take some barriers – but i think it is a deadend. Without root there is noaccess to /dev/… devices, no rerouting….
@tkpd
Maybe root is not enough, you need the su command. Check with a terminal (i.e. connectbot to local) and try to enter su.
Is this working?
I’ve done some tests with a milestone (the european version of the droid), but there is no root (the root-zip is not working for the european stones). So i can’t do any testing.
/Robert
I’ve seen, there is update on the wiki:
http://code.google.com/p/get-a-robot-vpnc/wiki/Motorola_Droid_Support
/Robert
@robertpic71
Yes I have root and I have used su with connectbot. That seems to work. However the problem in my view is that the kernel does not have tun support compiled in. I will try the tun.ko mentioned in the wiki and post updates.
@robertnic
Got it working. Dumped the tun.ko in the /system/lib/modules dir and insmod to lad it. Downloaded busybox into /system/xbin and created symlinks in the same directory for the two commands openvpn needs (ifconfig and route). It seems to work fine. Now to figure out how to load the module automatically at startup and more importantly how lo unload it. Killing vpn leaves the tun interface up unlike on my linux box.
[...] [...]
[...] te zien is het niet zo eenvoudig en is root access benodigd. Uber Geeky! Blog Archive Connect to Cisco VPN from Android xda-developers – View Single Post – VPNC on android Ik ben zelf geen programmeur dus ik kan je [...]
check this
pcf2vpnc company.pcf vpnc.conf
There is a converter on centos 5 dist
http://wiki.centos.org/HowTos/vpnc
The vpnc website has a online password decryptor.
I have a Nexus One froyo 2.2
I have tried with diferents versions of tun.ko but didn’t work.
Where can I download a tun.ko for my kernel?
# sh prep
modprobe: chdir(/lib/modules): No such file or directory
mkdir failed for /dev/net, File exists
link failed File exists
# insmod /system/lib/modules/tun.ko
insmod: init_module ‘/system/lib/modules/tun.ko’ failed (Exec format error)
# dmesg
tun: version magic ’2.6.32.9-27220-g328f560 preempt mod_unload ARMv7 ‘ should be ’2.6.32.9-27227-g3c98b0d prempt mod_unload ARMv7 ‘