Results 1 to 10 of 10
  1. cue79's Avatar
    Posts
    357 Posts
    Global Posts
    366 Global Posts
       #1  
    Ok - First let me say this -

    There needs to be more forums for T600 users, so we can post questions appropriate to the phone - now that is' been releasd, I would say we need a forum for those of us who are trying to do "PDA type things with the phone, and get certain apps to work", an accessories forum, a newbie forum, a phone forum, etc. Sorting thru these posts is becoming quite a task every morning Just my .0002

    Now, onto the subject. Obviously, there is a working PPTP VPN Client out there for the Palm, however, I need a working IPSC client. Now that I've successfully tested PalmVNC, the Treo becomes an absolute tool for me and my clients. If I have VPN access, I can actually monitor servers, and work on them from the phone itself. Yes, it will be slow, yes it will be a pain to look at on the small low res screen, but I can do it from anywhere... which makes my task as a consultant a hellofalot easier. I wish there was a PCAnywhere client for Palm, or a RDP client, but there isn't. VNC will suit me for the moment, but VPN is a requirement. So.. anyone know of any good IPSec VPN clients I could use? I would like to try before I buy to ensure it works. Any suggestions?
  2. KKenna's Avatar
    Posts
    418 Posts
    Global Posts
    419 Global Posts
    #2  
    Are you sure you want IPSec ? This is usually reserved for permanent VPN solutions (router to router). If you are asking this because you have a LinkSys VPN router, get another router (I recommend SnapGear).

    Mergic (http://www.mergic.com) makes the only OS5 compatible VPN solution. It's currently in beta, but they will probably e-mail you a link to it if you ask them to. I use this with VNC with all my clients and it works great.
  3. #3  
    That's not really the case, most VPN solutions are based off IPsec, Cisco's, Netscreen's Checkpoint's etc. And all offer client -> VPN concentrator connectivity for remote access.

    Regards,

    Adam
    Adam Mazza
  4. KKenna's Avatar
    Posts
    418 Posts
    Global Posts
    419 Global Posts
    #4  
    You're right, but what I was trying to get at was if he has a Cisco or LinkSys that forced IPSec and 3DES, or if he has simply configure an IPSec passthru to a Win2K or WinNT box. If the later, all he needs is the PPTP client. If not, I'd replace the router with one that either does the authentication itself, or can handle a passthru and let the server handle the authentication. In my case, I've just been through replacing several Cisco routers with SnapGear VPN appliances. The VPN options for the Ciscos are tremdously expensive and very cumbersome to use.

    My point is that I don't believe there exists a true IPSec client for the Palm, or are there plans to develop one. The world of VPN over the internet is changing from a setup to link co-located campuses to one for secure remote client connections. Might as well make the jump and replace the old-school equipment with new.

    No ?
  5. #5  
    Originally posted by cue79
    So.. anyone know of any good IPSec VPN clients I could use? I would like to try before I buy to ensure it works. Any suggestions?
    Hmm...I know that SoftRemotePDA from SafeNetBiz supports IPsec, but it apparently only works on CDPD wireless networks...
    SoftRemotePDA is a VPN software client that extends industry-standard VPN capabilities to Palm Powered™ handhelds. Based on the latest IPSec standards, SoftRemotePDA allows client-to-gateway communications to be securely established over CDPD wireless networks. It is interoperable with IPSec-compliant firewalls, routers, and security gateways, and offers a simple user interface for device configuration. The security services offered by SoftRemotePDA include packet confidentiality through encryption and packet authentication through keyed hash.
    Also, Winhand is another good alternative to VNC...
    _________________
    aka Gfunkmagic

    Current device: Palm Pre
    Device graveyard: Palm Vx, Cassiopeia E100, LG Phenom HPC, Palm M515, Treo 300, Treo 600, Treo 650, Treo 700p, Axim X50v, Treo 800w



    Please don't PM me about my avatar. For more info go here.

    Restore your Pre to factory settings using webos doctor and follow these instructions
  6. cue79's Avatar
    Posts
    357 Posts
    Global Posts
    366 Global Posts
       #6  
    Well, VPN solution should be IPSec for me. Yes, PPTP is more commonly used, but IPSec is more secure, and the majority of the sites I setup use Sonicwall units, which natively support IPSec. IPSec is also a hell-of-a-lot more secure then a PPTP connection. so....

    My point is that I don't believe there exists a true IPSec client for the Palm, or are there plans to develop one. The world of VPN over the internet is changing from a setup to link co-located campuses to one for secure remote client connections. Might as well make the jump and replace the old-school equipment with new.
    Well, the equipment I'm using is brand new. Sonicwall and many of the other providers for SOHO VPNs.

    Hmm...I know that SoftRemotePDA from SafeNetBiz supports IPsec, but it apparently only works on CDPD wireless networks...
    The SafeNet solution might be a good bet, considering they also created the original VPN client for Windows boxes for VPN connectivty w/ Sonicwall. Only downside is, as you said CDPD as well as the fact that there is no demo version of the Palm software to try out. I don't want to buy a $40 piece of software only to find out it doesn't work.

    As to the remote access, the universal solution is better. If I need to do quick down and dirty maintence to see why a server crapped out, the Treo works. If I want to be online thru my laptop to check things out, I need that solution up and running as well. RDP works very well in the regard for laptops, as well as PCAnywhere. VNC pretty much just works... which is sufficent.. but not good enough. Moreover, the current revision of PalmVNC doesn't really support the T600 yet - enter key doesn't work
  7. willp2's Avatar
    Posts
    115 Posts
    Global Posts
    116 Global Posts
    #7  
    movianVPN looks like it may work. They it works on older Treo's and it looks like it will work now or will soon on the new models.

    Click me

    Anyone know if there is a terminal services client for Palm OS? I tend to use this as much or more than VNC these days.
  8. jrv
    jrv is offline
    jrv's Avatar
    Posts
    41 Posts
    #8  
    Originally posted by KKenna
    My point is that I don't believe there exists a true IPSec client for the Palm, or are there plans to develop one. The world of VPN over the internet is changing from a setup to link co-located campuses to one for secure remote client connections. Might as well make the jump and replace the old-school equipment with new.No ?
    The trend with low-cost hardware firewalls (< $200) seems to be to include the ability to terminate and sometimes initiate an IPsec VPN (ZyWall, Netgear, Linksys). IPsec VPN can certainly be used to connect campus networks but can just as easily connect single systems to a network. I have always understood IPsec security to be better than the older Microsoft protocols.

    Support for Microsoft’s VPN schemes seems less common and confined to more-expensive “enterprise” hardware. I don’t know why this is. Microsoft was forced to upgrade their IPsec support in Windows recently (adding NAT-T) so clearly IPsec is becoming important to someone (although IPsec configuration under Windows is pathetically awkward, even by Redmond’s low standards).

    Perhaps the biggest problem to using an IPsec VPN in a Treo to connect to your desktop at home (terminating the VPN at your $100 hardware firewall) is that the Palm is presumably behind a NAT on Vision. IPsec security is normally too strict to allow a NAT since a NAT looks like a “man in the middle” attack. An IPsec client on the Treo would need to support “NAT-T” to have a realistic chance of reaching your home net via IPsec.

    There is also the issue of dynamic IP assigned by your ISP. Your home PC/net may get a new IP address frequently. Hardware firewalls can use dyndns.org and the like to solve this these days but the IPec software on the Treo would have to know to re-resolve an FQDN rather than caching the address after lookup.

    The biggest problem to using the Microsoft VPN or PPTP protocols is that for most people this means exposing a Windows server to the Internet to terminate the connection, and exposing a Windows box to potential attack like that is a bad idea.

    For all of these reasons I think that IPsec on a Treo is a desirable thing to do and that it is reasonable for users to implement IPsec endpoints on their networks. Whether or not it is practical to implement IPsec initiation on a Treo I do not know.
  9. jrv
    jrv is offline
    jrv's Avatar
    Posts
    41 Posts
    #9  
    Originally posted by willp2
    movianVPN looks like it may work. They it works on older Treo's and it looks like it will work now or will soon on the new models.

    Click me
    They use all of the right buzzwords (and all of your RAM at 1.6MB). Hopefully they will support Palm OS5 soon – I would be willing to network sync that way.

    Their tested-hardware consists solely of the high-dollar enterprise gear. I’m surprised they don’t list anything cheaper.
  10. cue79's Avatar
    Posts
    357 Posts
    Global Posts
    366 Global Posts
       #10  
    JRV - I agree with all your comments. Thanks for the support

    Yeah, NAT-T will be necessary, and quite frankly, Win2k's implementation of IPSec is absolutely abysmal. Most of the VPN hardware out there is now either including free of charge, or for minimal charge, a VPN IPSec client that can run on your Windows box which can automatically figure out your IP address, even if dynamic, and work with it as necessary. I've done deployment w/ Sonicwall's GlobalVPN client successfully to some clients. Works like a charm - even issues a Dynamic IP address from the firewall when the connection is established (allowing users to have a second IP, DNS, and so forth for authentication purposes, as well as local server look ups).

    On the Palm side, don't need all that AS much. Just would like simple NAT-T access so I can hit servers and look at them using Treo. Would be very nice

    In regards to Certicom's program, tried it.. It told me the demo I had just installed had expired I dunno... I'm probably going to contact them on Tuesday, see if they have anything to contribute.

Posting Permissions