Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN over GPRS

Status
Not open for further replies.

Minden32

Technical User
Feb 25, 2002
20
GB
Hi all, we're having a real nightmare here, we're trying to get the following combination working:
Compaq iPaq H3850 (PPC2002), GSM/GPRS Expansion pack.
Intel 3130 VPN Gateway
movianVPN client
Vodaphone GPRS network using mylan access.
We can connect the VPN client and gateway server and they both negotiate and create a tunnel using the external IP address of 212.183.xxx.xxx (etc), however when we try and ping from the client to the gateway it times out and vice versa. Upon looking at the VPN client status we see there is a different client public IP address of 10.48.0.116, this is then stopping our routing from one end of the tunnel to the other - we don't know where this IP address is coming from! Vodaphone denies all knowledge, Compaq are none the wiser, movian and Intel are convinced it is the carrier, therefore we need some serious sensible help with this - any offers??

Thanks very much in advance.
-Tony
 
I just stumbled upon this post - sorry if the reply is late.
I have used Motorola Timeport GPRS phone, connected via IR to my notebook and used as "IP modem". Also there is a piece of software I had to install as a "GPRS driver". I was able to browse the web on my notebook, and then I ran VPN client on the n/b and connected to our intranet - no problem. Connection speed was about 40kb (not bad!).
10.x.x.x is the IP that your GPRS device gets assigned from your GPRS provider - I actually observed on my phone's display how it is acquired. Browsing the web goes through their NAT server.

Hope this helps a bit.


 
To be able to send and recieve data over GPRS the MS (Your handset) has to perform 2 steps.

1) GPRS Attatch
2) Packet Data Protocol (PDP) Context Activation.

Its during the PDP context activation that this IP address 10.48.0.116 was assigned. This IP address is dynamic and needs to be assigned to the MS to identify that MS on the external network. This would be assigned by by your APN, this is equivalent to an ISP. AS you are with VODAPHONE, then they are most likey be your APN. You can have 5 APN (as far as ericsson platforms go ) So to deny all knowledge seems a bit feeble.

If you look at your setting for GPRS is should say who is.

unfortunately, you need this IP address to enable GPRS to work.

Hutch
 
Minden32, I am having the exact same problem. Same setup and everything. Have you resolved this problem yet? Thanks.
 
Well, kind of!
By working closely with Intel (we use Intel Netstructure VPN Manager 6.9), we found the main problem was due to IPSEC settings.
We created a "Group" tunnel with IPSEC settings, the security profile was IPSEC-Default and then we specified a key for that profile. Added the internal network address that the device would a accessing. Then in the Access Control List of the device we created a "Match by Domain Name" the name was the same as the username on the device, the password was the key specified in the IPSEC profile. Within the Access Control List we specified the client IP (from our internal network range) and Encaps IPSEC. Within the security associations we then specified the PERMIT action to allow access to the network address as specified in the IPSEC profile.

The main option to have included was the Encaps IPSEC, this allows the tunnel to go through into the GPRS network using the carriers dynamically assigned address, once we ticked this option everything started to work.

HOWEVER!! A couple of days later it stopped working for no apparent reason. After spending a couple of days trying to get it to work, I gave up prefering to wait until the carriers sort out their act and actually start to understand their own network - as yet this hasn't happended and I'm not holding my breath!

Hope this helps.
-TC
 
Thanks for the info. I actually figured mine out about an hour after I posted! I had to change my APN to a different one (that the carrier is allowing VPN access over). Of course, they want more money to allow me to get on that APN, but it does work and work well!

Thanks.
 
I am interested in learning a bit about your applications.

I have a GPRS mobile card for a laptop. It is a Nokia d211. It is supposed to give me 40 kbit/s, but I have not been reciving more then 26,8 kbit/s.

I am using citrix, and the application I wish to distribute are heavy. They are showing maps, with data about a utility companys wires. I use speed screen, 16 bit color, 1280X1024 pixels.

If you got some tuning tips, or ways of compressing the data stream, so that my boss won´t go funky on the project, I would be glad.
 
Hi, I have also been trying to get my laptop to talk to my company network over a Nortel Contivity VPN through GPRS from Vodafone via my SonyEricsson T68i. I have been told by Project Telecom that it cannot be done as it uses IPSEC, but from reading above that sounds like it isn't totally true. Joemcnabb said that he changed APN and had to pay more. I have been given a MyLan VPN but don't know what APN name I should use instead of "Internet". Also, what is the "More" that you pay? Is it an additional package?

Thanks
 
Don't bother with any VPN device that does not support NAT Traversal - this is basically UDP Encapsulation of the IPSEC packets. GPRS will ont work on any client and/or gateway that does not support this.

O2 have published a good document on this subject - contact their GPRS helpdesk for copy.

BR
-TC
 
Dudes

For those of you that dont know the intricasies of GPRS. The IP packs travel slightly differently. Instead of IP the packets used are called GIP. This is GPRS IP. They are encapsulated and encrypted. To do anything more than the most basic connection, IP header compression must be disabled. Also, Gprs networks do have the basic public connection with a particular APN. I.e in the states basic connectivity is established on internet2.voicestream.com on T-Mobiles network. If a caller wants to connect to VPN, they have to speak to customer services and upgrade to internet3.voicestream.com
I did not realise this was the case with Vodafone as the only APN I am aware of at this time is the internet APN.
The T-Mobile example I have given proves this though.

I am a level three in this field and I hope this assists in some way. I will be contacting Voda in Newbury and asking about this tomorrow so watch this space. Wireless guru
 
With regard to Voda APN, as of July, if you wanted to run VPN over GPRS, the APN to use was MYLAN (need to upgrade subscription), however, you still need to have NAT Traversal on your gateway otherwise it ain't gonna work.
 
Guys,

If you want total lan access from a laptop and mobile phone or data card, the best soloution is e2work, Check it out
People like project telecom etc have it installed and should be able to sell it to you !
 
Hi,

If the GPRS provider can only support IPSec but not PPTP in VPN connection, what problem did they encounter? How to do the troubleshooting?

Wilson
 
hi all,

i have setup A GPRS connection to the internet sucessfully.
i am using a siemens SL55 as a modem for my XP laptop. this works great
once connected to the internet i start my cisco VPN client (V3.66) and am prompted for my vpn credentials. these are authenticated ok but then when i try to connect to our exchange 5.5 server with outlook 2002 it tells me that the server is unavailable everytime. i can access the server using a standard phone 56k dialup without any issue

is there anything i need to enable at either the client or server? or is this an issue with my phone service provider?

my phone service provider is O2 in ireland who really didn't seem to have a clue as to what i wanted to accomplish
all help much appreciated
 
Try putting IP for your exchange server into the HOSTS table. Your VPN over GPRS connection may be too slow and DNS queries are timing out.

Good luck.
 
thanks for the reply.... i already have done this to no avail. to be honest i think the problem is with VPN support on the gprs apn. the speed i get browsing is better than my internal modem. I think that O2 who so far have called me twice to give me an update on my issue " there is no update.... our technical people don't deal with the public"????? probably have a different apn but no staff who understand what this means.

 
Hi,
I hope you could help me, please.

I'm looking for the design of a platform to access to a intranet via WAP and also the way for sending SMS by means of an application.

To send SMS, I think I have two options:
- Connect to a SMSC
- Do the connection to the GSM/GPRS/UMTS network by means of a GSM/GPRS modem

but, I have a few doubts:
- Where could I find information about GSM/GPRS prices? (I've only found one web page) or could you tell me more or less the price?
- There are also GSM/GPRS/UMTS modems?
- Could I use a GSM/GPRS modem to connect to the intranet via WAP? (The ways of conecting I've found are with an ISDN connection)

One more question:
- Do you know where could I found WAP or SMS gateway prices?

Please, I would be very grateful if you'd reply to some question.
Thanks in advance.
Davinia.
 
Hi,
one more question:

If I set a VPN between, for instance, Vodaphone and my gateway, does it means that users only can connect if they have a Vodaphone mobile?

It's because I'm working on the design of a WAP platform and one option is setting a VPN between a telephone operator (like Vodaphone, Movistar, Amena...) and our WAP gateway (in a future).

Thanks in advance.
Davinia.
 
hi,
i have the same problem with byrneg.
i have xp client and i am connecting to vodafone's GPRS/3G network to a Draytek Vigor 2600 VPN server.
the connection to vpn establishes with no problem, but i have some communication problem with TCP protocol.
ex. Terminal Server, PostgreSQL Server.but the netbios communication is ok. i am thinkig that a windows XP hotfix or the service pack 2 is the one who is making all the trouble. and i think that because i had a station with WinFax Pro as Fax server and when i installed sp 2 i had communication problems with the Fax clients, even i had the windows firewall disabled. So... any suggestions would be helpfull!
regards
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top