VPN & multiple PPCs running Windows Mobile/PPC 2003/WinCE

VPN & multiple PPCs running Windows Mobile/PPC 2003/WinCE

Post by clymme » Sun, 11 Jan 2004 02:38:03

I'm trying to configure an iPAQ 4150 handheld to connect to our wi-fi
network and use vpn to get to our interior network. So far, I can get
the 4150 on our wi-fi network successfully (i.e. I can browse to
internet sites, etc.) however, I've not been able to get the VPN
settings to work. In fact, beyond the configuration screen where I
define the VPN settings, it doesn't seem like the wireless connection
is even acknowleding that VPN settings exist.

I've configured an iPAQ 3950 successfully already (that's running PPC
2003 & using a sleeve with a Cisco wireless card). It connects to the
wi-fi network AND lets me use the VPN server to get into our network.
When I tap the connection icon (the one with the two arrows on the
start bar), the connection dialog shows that there's an Internet
Connection and a VPN connection. When I tap that same icon on the
4150, it only shows the Internet Connection in that dialog box.

I've also run into the same issue on a 1940 using a SanDisk wifi card
and an older 3670 in a sleeve using a Cisco Wireless card. Only the
3950 configuration works.

Since I can successfully do this on one PPC, it seems like this is an
issue with the other handhelds moreso than anything that's a problem
with our wifi network.

Any ideas? I checked with HP's online tech support chat and they
punted me to the tech support phone line. Unfortunately, the support
phone line tried to punt me back to the tech support chat, but opted
to send me to their tech support forum . . . which isn't particularly
active . . . *sigh*


VPN & multiple PPCs running Windows Mobile/PPC 2003/WinCE

Post by clymme » Wed, 14 Jan 2004 23:16:30

Anyone out there?

Please help.




VPN & multiple PPCs running Windows Mobile/PPC 2003/WinCE

Post by Mangled&Mu » Thu, 15 Jan 2004 00:41:18

I have an Ipaq h4150, and have MovianVPN -> Nortel Contivity
working, as well as the Ipaq to PopTop ( PPTP with 128 bit RC4 encryption)
working. Thus we have proof points that it can be done.

Also, on the CD-ROM that came with the Ipaq, there are
pointers, and software, for connecting to various other VPNs.

Without more details as to what is not working, in your environment,
it is not possible to help you.


VPN & multiple PPCs running Windows Mobile/PPC 2003/WinCE

Post by Bob Murra » Thu, 15 Jan 2004 02:45:38


I just went through a similar setup nightmare with my iPaq 5455 w/PocketPC
2003 trying to connect it via 802.11b to my XP PC , the Internet and my Home
Office network. I have an HP Wireless PSC 2510 All-in-one photo
printer/scanner/copier. Then I have my iPaq 5455 with built in 802.11b

I am not a technical guy but when I set up my Home Office network, I let
Windows XP Network Setup Wizard make the choices for me. I have two PCs one
running XP Home and one running XP Pro. I have a Microsoft MN-700 Wireless
Base Station/router that provides Access Point and DHCP services.

The wizard set up the Network Authentication for 802.1x as EAP Type "Smart
Card or Certificate". Once I changed this to PEAP it would allow password
login to the XP PCs from the iPaq. I don't know how to get my Certificate
onto my iPaq so this seemed to be the best way for me.

Specifically, the steps I used are as follows.

1. Right Click "My Computer" and select "Properties". Click the "Remote"
tab and select the "Allow Remote Assistance". (I don't know if this is
necessary, but I did it on advicew from MS Help/Support).

2. Open Network Connections from the Control Panel. Right click on
"Incoming Connections" and select "Properties". On the General form check
the "Allow Others to Make Private Connections" box.

3. Click on the "Users" tab and select one or more users as authorized to
make a connection.

4. Click the "Networking" tab, highlight "Internet Protocol (TCP/IP)" and
select the "Properties" button. Then check the box "Allow callers to access
my Local Area Network". Click "OK".

5. Back on the Network Connection panel, right click "Local Area
Connection" and select "Properties". On the "General" form you should have,
at minimum, the client "Client For Microsoft Networks" installed and the
service "File and Printer Sharing for Microsoft Networks" installed and the
protocol "Internet Protocol (TCP/IP)" installed.

6. Click on the "Authentication" tab and check the box "Enable IEEE 802.1x
Authentication for this network".

7. Change the "EAP Type" option box to be "Protected EAP (PEAP)". Click

Again, I am not a technician, but these settings worked for me. I am sure
more knowledgeable people will have suggestions as to why or why not one or
more of these steps are needed.

Good Luck

The following I got from forum at PocketPCMag.com for setting up Activesync
over wireless. I think it doesz a good job of describing the iPaq end of
the setup.

1) Step one Dock your device and let it Sync. If you can not get it to Sync
in the cradle, it is unlikely you will get it to sync using 802.11b. If it
completes the Sync with no errors, we are ready to proceed. Remove it from
the cradle, undock it. This sets some info with in the iPAQ, that we will
use later, by the way.

2) Start (menu) | ActiveSync | Tools | Options...|
You should be on the |PC (tab)| now. Write down the Name of your PC just as
it is shown in the first Drop down box. We will use this name later in
setting up the connections.
Un-check the first box, "Use mobile schedule to sync with this PC"
Check "Sync with this PC during manual sync"
{All 802.11b sync must start from the mobile device on the Start (menu) |
ActiveSync | page, by pressing "Sync" by the way. They can not be started
from the PC}
Press the | Options... (box) | and check the "Maintain connection" button.
Tap | OK |

VPN & multiple PPCs running Windows Mobile/PPC 2003/WinCE

Post by clymme » Fri, 16 Jan 2004 00:47:59

Sorry about that, here's the additional detail:

We're attempting to use the simple VPN client that comes on the PPC
out of the box so that we don't have another vendor in our already
full mix of (hundreds of?) vendors in our organization (I work in a
hospital system). Aside from that, we're trying to minimize the
amount of fiddling our Doctor/users will have to do to get into our
WLAN/VPN. Our WLAN consists of a Cisco Wireless network. We can get
the VPN to work with the simple VPN on our Palm Tungsten C's without a
hitch. The simple VPN on the PPCs is the one that is giving us
issues. We're using WEP encryption, but no LEAP/EAP/PEAP.

Any insights into how to get the base VPN on a PPC to work properly?
My observations, after numerous hard resets and reconfigurations is
that the 4150 isn't acknowledging the VPN settings at all. I'm
starting to suspect a weird sequencing issue here (i.e. configure the
vpn first, turn on WiFi, configure the AP/WEP settings vs. turn on
WiFi, configure the AP/WEP settings and then VPN settings or some
weird thing like that).

Any ideas would be greatly appreciated.


VPN & multiple PPCs running Windows Mobile/PPC 2003/WinCE

Post by clymme » Fri, 16 Jan 2004 01:06:07

Thanks for the info. I tried the handheld configuration settings that
you attached towards the bottom of you posting . . . alas, I'm still
getting the same result. Our WLAN is a Cisco setup, so the home-XP
advise probably doesn't apply directly to our situation at work.

I saw another posting where someone was implying that the built-in PPC
VPN might only work with MS-based VPN solutions -- could that be true
and/or part of the issue here?

I'm thinking it's not, mainly because I'm not even getting that far on
the handheld yet. The VPN settings I configure aren't being
acknowledged by the connection icon (the two-arrows on the start bar)
dialog box. I'm starting to wonder if I'm missing some really basic
step here or sequencing in getting this to work. <checks to see if PC
is plugged in . . . *g*>

Just curious if anyone else has the base PPC VPN working in a Cisco
environment . . . or if I've got something else configured
incorrectly. As NASA would put it: a configuration anomaly, as it
were. :-)


VPN & multiple PPCs running Windows Mobile/PPC 2003/WinCE

Post by Mangled&Mu » Fri, 16 Jan 2004 01:51:14


Let's walk through this, since I have an Ipaq h4150 and it is
working perfectly with the built-in VPN. I am going through
the setup on my Ipaq h4150 as I write this posting :-)

The process below will create a PPTP tunnel and uses
MS-ChapV2 and 128 Bit RC4 encryption.

Steps to get it working.

1. Click on the double arrow thing (top right)
2. Click on settings.
3. Click on the "Advanced" tab.
4. Click on "Select Networks"
5. There are two dialog boxes in this screen.
Below the second dialog, click on "New"
6. Fill in the name for this VPN.
7. Click on the "vpn" tab.
8. Click on "New"
9. Fill in the IP address of the VPN gateway you are using.
10. Under "VPN type" click on PPTP
11. Click "Next"
12. Fill in the "User name"
13. Fill in the "Password"
14.Click "finished"
15. Click on "Proxy settings"
Make sure that no boxes are checked.
16. Click "Ok" in upper right hand corner.
17. Click "Ok" in upper right hand corner.
18. Click "Ok" in upper right hand corner.
19. Click double arrow,
Examine the drop down box.. It should now contain
"Turn wireless off"
"Connect VPN_name"
20. Click on "Connect VPN_name" (In the drop down list)
You should now see as pop-up dialog that tells you that
it is connecting to the VPN.

Validation phase:

1. Install the vxUtils software. (http://www.cam.com)
2. Click on vxUtil
3. Click the "I" at the bottom left.
4. Under Current IP, you should see your IP address
that is connecting you to the VPN gateway. (outside the VPN)
5. Use the scroll bar (on the right)
Scroll down to the section named "RAS VPN"
In this section you should see the IP address that was assigned
by the VPN. (Inside the VPN)
You should also see: Subnet mask, Default Gateway, Primary DNS,
Secondary DNS... all filled in by the VPN gateway.
6. Click "Ok" in the upper right hand corner.
7. Click on the icon that looks like two ping pong paddles.
8. Fill in the "host" with an IP address of another system inside
the VPN.
9. Click "Ping"
10 When finished... Click "ok" in the upper right hand corner.
11. Click "ok" in the upper right hand corner.

Shutdown VPN:
1. Click on the double arrow icon.
2. Click on the "Disconnect" button.

Email, auto start VPN:
1. Click on Start, then scroll down to "Inbox"
2. If you already have an email account....
Click on tab named "Accounts"
3. In the list from #2 above, select "Accounts"
4. The screen now has a list of accounts.
Click on the email account of interest.
This will popup the dialog "Email-address"
5. Click the next button. This will popup the User Information screen.
6. Click on the "next" button. This will popup the account information
7. Click on the "next" button. This will popup the Server information
8. Click on the "Options" button. This will popup the Options menu.
9. Click on the arrow, inside the Connections box.
Scroll down to the VPN (name that you created in above steps)
10. Click "next"
11. Click "next"
12. Click "finish"
13. Click "ok" in upper right hand corner.
14. Click on the icon, at the bottom, that loo

VPN & multiple PPCs running Windows Mobile/PPC 2003/WinCE

Post by clymme » Fri, 16 Jan 2004 06:22:00

Well, thanks to Capp & Mangled/Mungled (two users over the 'net), I
got the answer I was looking for.

The problem was that I was trying to make the default network entry
"My Work Network" do double duty in a sense. I was trying to configure
that entry to reference my VPN server. Capp explained to me that "My
Work Network" is a special entry that really is reserved for WiFi
activesync (I think that's what was explained to me). Too bad that
wasn't documented somewhere. Aaanyway, I created a new network entry
"XXX VPN" with the VPN connection configuration and I was basically
good to go.

The Google Groups server must be behind because I'm not seeing
Mangled&Mungled's entry, but Capp emailed me the content so I could
work from that. And so . . . it's nice to be moving forward again.

Capp did also say that there's one bit to watch out for: if you
attempt to sync two pop email accounts, then your PPC backup/restore
functionality ceases to work. I'll have to take his word on that one
for now as we're not even touching that yet. He did mention that he's
working with the company from New Zealand on beta software fixes for
this issue and that he was going to make suggestions to HP once
they're solid.

Hope this helps someone else.


VPN & multiple PPCs running Windows Mobile/PPC 2003/WinCE

Post by David Hett » Fri, 16 Jan 2004 06:43:09

hanks Mangled&Munged. Hope you don't mind if I save your instructions and
make use of them in the future?

David Hettel
Microsoft MVP Mobile Devices

This posting is provided "as is" with no warranties, and confers no rights.
You assume all risks for your use.

Handhelds, mobile: http://www.geekzone.co.nz
Bluetooth guides: http://www.geekzone.co.nz/content.asp?contentid=449

"Mangled&Munged" < XXXX@XXXXX.COM > wrote in message
news:6seNb.13981$ XXXX@XXXXX.COM ...


VPN & multiple PPCs running Windows Mobile/PPC 2003/WinCE

Post by Mangled&Mu » Fri, 16 Jan 2004 07:48:50


Actually the guy you mentioned is Capps not Capp. He's the
maintainer of Iozone (See: http://www.yqcomputer.com/ )

Glad to hear that you are now up and running.