I was having trouble setting up my Motorola Droid with my sonicwall VPN. The reason I couldn’t connect is because Android (for some reason unbeknownst to me) uses DES instead of 3des for Phase 2 of IPSec Negotiation. This is far less secure than DES, but for the purposes of getting the droid connected we’ll just ignore that fact. My setup is a Motorola Droid running android 2.2.1 (FRG83D) and I am connecting to a Sonicwall NSA240 with firmware of SonicOS Enhanced 5.1.1.1-18o. Here’s some step by step instructions:
UPDATE 12/30/11: I have this working on my Sonicwall TZ100 Wireless-N router, with SonicOS Enhanced 5.6.0.11-61o and my Droid Bionic With Android 2.3.4. I’ve also added some additional instructions regarding setting up an L2TP Server that are necessary to get this to work.
1. On the Sonicwall Go to VPN Settings Pages (make sure “enable VPN” is checked) and then click on the Edit button for the WAN Group VPN.
2. On the General Tab “IKE using Preshared Secret” , and then enter your preshared secret.
3. On the Proposals tab make sure all your settings look like so:
4. On the advanced tab make sure your settings look like the following:
5. On the Client Tab make sure it looks like this:
6. Now Also under VPN go to the the L2TP Server. Make sure that “Enable L2TP Server” is checked.
7. Click the “Configure button” and put in your dns servers, and IP address range that you would like to use. UPDATE: Please see the update below (step 11 for additional info on this)
8. Next go to the “Users” menu and click on “Local Users” and click on “Add User”. On the User Settings Tab, enter the username/password combo you want to use
9. On the Group Tab make sure you have the following: I think you can leave off Sonicwall Administrators and Limited Administrators but i’m not sure, so for testing just leave them in, and remove them later and see if you can still connect and browse the network.
10. On the VPN Access Page make sure you have “Lan Subnets” in the “Access List” then click OK to Finish.
UPDATE: 12/30/2011
11. Now that we have that done we also need to setup L2TP. To do this perform the following:
a. On the sonicwall go to VPN menu, then click on L2TP Server
b. Click “enable L2TP server” and then click “Configure”
c. The fields should look like this
1. Keep Alive: 60
2. DNS Server 1 and 2: 208.67.222.222 (this is opendns but you can enter anything here)
3. Wins Server 1 and 2: not necessary unless you use them. Mine say 0.0.0.0
4. Click Use the Local L2TP IP Pool
5. For the start IP and End IP. You need to enter a Subnet Other than the subnet that the Sonicwall is currently on. I actually put in a subnet that does not exist on my network. For instance, My network is 192.168.4.0, but I entered for the start 192.168.5.101 and for the end 192.168.5.110 as the start and end addresses. This has to do with L2TP needing to route traffic, i guess that’s why it cannot be on the same network.
6: User Group For L2TP users should be set to “Trusted Users” or whatever group you would like
UPDATE: 12/30/2011
Now for the DROID BIONIC Setup
1. Go to Settings, then Wireless & Networks, then VPN Setup
2. Click “Basic VPN”, Then Click “Add VPN”
3. Choose Add L2TP/IPSec PSK VPN
4. Set your all your parameters like VPN Name, Server, Pre-shared key, Do not check Enable L2TP Secret, and I did not put in any DNS Search Domains
5. Click on the VPN name that you just created, and it should ask you for your credentials. That should be it.
NOW FOR THE OG DROID SETUP I DON”T HAVE SCREENSHOTS FOR THIS BECAUSE YOU NEED TO BE ROOTED IN ORDER TO DO THAT:
1. Go to your applications menu, click on “Settings”, and then click on “Wireless& Network Settings”, then “VPN Settings”
2. Click “Add VPN”
3. Choose “Add L2TP/IPSec PSK VPN”
4. Click “VPN Name” and enter a name.
5. click VPN and enter the URL that points to your sonicwall device, or enter the IP address of your sonicwall device. If you don’t know your IP address, and are behind the Sonicwall, go to the settings tab and look at the WAN address. If you have a dynamic address, consider using a tool like Dynamic DNS which will update your changing IP address by using a tool installed on a computer on the same subnet as your sonicwall.
6. Click “Set IPSec pre-shared key” and enter the key that you entered in Step 2 of the sonicwall setup.
7. Leave the rest of the fields empty and save the VPN.
8. Now click on your VPN that you just setup, enter the password you entered in step 8 of the Sonicwall Setup and it should connect. If it doesn’t look at the logs and see if it says anything there. if you don’t see anything in the logs then you might want to double check that you entered the correct IP Address/URL in step 5 of the droid setup. You can get back to edit the settings by “Long-Pressing” your the VPN name.
What can you do now? To test out if it’s working download a Ping tool from the Android Market. I download one called DNS and Ping. Then try to ping something on your network like a printer or computer without a firewall. Another thing I use this for is for Remote Desktop and VNC. A really good client that I use is called xtralogic remote desktop client. It does cost $18 or something like that, but the UX is great and allows you to use your finger as the mouse and your keyboard like a regular keyboard as well as having options for Function Keys and such. It is invaluable when your an admin and you get an emergency call with no computer. Here’s some more information on it: http://www.xtralogic.com/rdpclient.shtml
UPDATE 12/30/11 – Obviously now that I am on the Bionic I don’t have a keyboard. I will give some feedback on the Xtralogic program in the future when i install it.
There’s also a free VNC client out there that works pretty well and there might be a few other free RDP clients or trials that you can use. i just haven’t looked at the market in a while.
Another one called pocket cloud allows you to use a google account and install a client on your computer to connect. this is ok for your home computer, not sure how safe it is to use with servers. Enjoy.
Vin's Mostly Admin Blog 