Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
General
General TopicsGSMBluetooth
Providers
AlltelATT WirelessCingularFidoNextelSprint PCST-MobileVerizon
Manufacturers
EricssonNokiaMotorola
Country Specific
Australian GroupUK Group
Related Topics
PocketPCPalmMore Topics ...
Cellular Phone Forum / Providers / Sprint PCS / March 2005

Tip: Looking for answers? Try searching our database.

Sprint PCS w/ VPN

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Scott - 07 Mar 2005 00:57 GMT
Hi-
Do any of the Sprint PCS smartphones have VPN capability?  My company has an
exchange mail server that can only be accessed via VPN into the corporate
network.  Suggestions for a phone that can access this?

Thanks
Scott
Reply to this Message
Bob Smith - 07 Mar 2005 11:44 GMT
> Hi-
> Do any of the Sprint PCS smartphones have VPN capability?  My company has an
[quoted text clipped - 3 lines]
> Thanks
> Scott

Not that I'm aware of for the phone, but if you are trying to do this while
tethered to your laptop, it's not big deal, as the VPN is on the laptop.

Bob
Reply to this Message
Paul Miner - 08 Mar 2005 00:08 GMT
>> Hi-
>> Do any of the Sprint PCS smartphones have VPN capability?  My company has
[quoted text clipped - 7 lines]
>Not that I'm aware of for the phone, but if you are trying to do this while
>tethered to your laptop, it's not big deal, as the VPN is on the laptop.

Also be advised that most VPN's over the well-known TCP ports,
including TCP port 80, 25, 110, 143, etc., will not work correctly
over the Vision network. If possible, configure the VPN to use other
less well known TCP ports or any UDP port and you should be fine.
Reply to this Message
Central - 08 Mar 2005 06:16 GMT
>>> Hi-
>>> Do any of the Sprint PCS smartphones have VPN capability?  My company has
[quoted text clipped - 12 lines]
> over the Vision network. If possible, configure the VPN to use other
> less well known TCP ports or any UDP port and you should be fine.

Well first off you don't want to do any kind of vpn traffic over tcp
because of the nature of tcp(can cause very bad packet loss due to
retry/window resizing). If you just want to do simple traffic forwarding
you should do what I do and just use ssh(port 22) and a remote proxy
server(such as squid). I used to use stunnel, www.stunnel.org , and run
the client on any workstation I want to have an encrypted tunnel to my
http proxy but since I am usually connected to my remote machines via
ssh I can just use the builtin support for port forwarding provided by
ssh. Which works perfectly over vision and good to do when using public
wifi hotspots.
Reply to this Message
Paul Miner - 08 Mar 2005 07:15 GMT
>> Also be advised that most VPN's over the well-known TCP ports,
>> including TCP port 80, 25, 110, 143, etc., will not work correctly
>> over the Vision network. If possible, configure the VPN to use other
>> less well known TCP ports or any UDP port and you should be fine.
>
>Well first off you don't want to do any kind of vpn traffic over tcp

I agree, but some enterprises require their folks to use TCP port 80,
for example, in order to take advantage of existing firewall rules.
It's certainly not ideal, though.

>because of the nature of tcp(can cause very bad packet loss due to
>retry/window resizing). If you just want to do simple traffic forwarding
[quoted text clipped - 5 lines]
>ssh. Which works perfectly over vision and good to do when using public
>wifi hotspots.

Good to know, thanks.
Reply to this Message
Central - 09 Mar 2005 10:57 GMT
> I agree, but some enterprises require their folks to use TCP port 80,
> for example, in order to take advantage of existing firewall rules.
> It's certainly not ideal, though.

In that case you are using a proxy not a vpn. A proxy over tcp port 80 is
fine because the applications are not only aware of the proxy's
relationship in the connection but also are not adding another tcp layer
on top of it.

With a vpn you are tunneling a new network layer for running various
frames over it such as ethernet or ppp. In those cases you would not use
tcp for your tunnel's connection but something like gre(protocol 47),
esp(protocol 50), or even udp (protocol 17) all of which can go over ip
and do not have the burden or overhead that tcp (especially tcp over tcp)
does. Keep in mind some vpn implementations, lets use pptp for example,
use a tcp port(1723) to initiate the connection and begin the handshake
for the vpn tunnel (gre in this case).

I have not had any problems running pptp or ipsec vpn setups over vision
in case anyone was wondering.
Reply to this Message
Paul Miner - 10 Mar 2005 01:49 GMT
>> I agree, but some enterprises require their folks to use TCP port 80,
>> for example, in order to take advantage of existing firewall rules.
>> It's certainly not ideal, though.
>>
>In that case you are using a proxy not a vpn.

No, a proxy is completely different, as you pointed out in the part
that I snipped. I'm talking about using a VPN over TCP port 80, (for
example), but ports 21, 110, and 143 provide the same bad results.

Plenty of Vision users attempt to use a VPN over TCP port 80, and in
most cases they discover that it doesn't work. Cisco for sure, and I
believe Nortel also, are two VPN solutions that don't work over
Vision's TCP port 80. I've never seen a complaint about it in this
group, so it may not be that big a deal. Like you said, most people
wisely choose to use UDP rather than TCP.
Reply to this Message
Central - 10 Mar 2005 08:56 GMT
> No, a proxy is completely different, as you pointed out in the part
> that I snipped. I'm talking about using a VPN over TCP port 80, (for
[quoted text clipped - 6 lines]
> group, so it may not be that big a deal. Like you said, most people
> wisely choose to use UDP rather than TCP.

For good reason since sprintpcs does a transparent proxy over port 80 for
image resizing and various speedups for their portable devices. Try port
22/tcp(ssh), and I haven't checked sprintpcs but also port 53 is usually
left open, esp 53/tcp since dns udp has it's size limit of the returned
data. In my usage of vision/tethered laptop I haven't had any port
issues, except for the before mentioned 80/tcp not that I would know if it
has changed. Unless I did a port scan to see what can reach my remote
machine these days I couldn't say with absolute certainty that anything
was open except for the services I use regularly pptp/ssh/icmp. I did test
it out before and was pretty impressed with how open it was maybe I should
check again for my own benefit.
Reply to this Message
Central - 08 Mar 2005 06:11 GMT
>> Hi-
>> Do any of the Sprint PCS smartphones have VPN capability?  My company has
[quoted text clipped - 9 lines]
>
> Bob

Bob well if the phone is using some version of ppc2002 or ppc2003 it will
support pptp vpns and if I recall the later version also has support for
basic ipsec. There are also some ppc clients you can buy for vpn access
but usually they are apart of a package deal (for use with a server
product the company is also pushing)
Reply to this Message
Rustproof - 29 Mar 2005 18:29 GMT
Hello Scott,
Yes it will work.
i've been using the sanyo 8100 and now the 7400 to VPN to work for over
two years. it is slow but keeps me mobile.

Signature

Rustproof

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.