Workaround For Lack Of Android IPSec VPN
As you may know, I normally rely heavily on connecting to Fortinet Firewalls via IPSec VPN whether from my phone, netbook or laptop for all sorts of purposes – email, file transfer, viewing security cameras.
One thing that has been a royal pain in the butt since I started using my new Droid X Android based phone is the lack of a Fortinet (CISCO compatible) IPSec VPN client. Judging by the success of Fortinet’s stock IPO, I would say they can afford to allocate some resources for iPhone and Android IPSec connectivity.
In the meantime, however, I have found a free application (with a paid upgrade, of course) NeoRouter.
I won’t go into the full details about how NeoRouter functions, but I will cover what I have discovered.
- The documentation for NeoRouter is clear as mud. There is a support forum which does help some, although many answers point to the clear-as-mud documentation.
- Create a free account at NeoRouter.com. Make note of that “domain” name you create and the password, you will need it when you setup the server and clients.
- I needed to install the NeoRouter (free version) software on a PC (preferably with a static IP) that runs all the time, inside my network. I chose a Windows 7 (32bit) PC I had just setup. Fortunately, the programmers who created NeoRouter set it up as a service so you don’t have to login. That’s especially great in case the PC reboots or someone logs it off (like they should) when they are done using it.
- I needed to choose an IP schema for the NeoRouter server, one which I presumed would not interfere with the network that the PC is physically attached to. Since I run a class C network with 255.255.255.0 mask, I just changed the third octet.
- In the documentation, they do have links to some utilities that will give you your current IP address and also tell you if their servers can “see” your server. If you have a router/firewall (and you should) you likely will need to redirect port 32976 to that machine – which is why a static IP on that PC is highly recommended. You can use other ports (like 80 or 443) if necessary to “bypass” a corporate firewall with the clients you will use to connect to that server.
- You can then add “servers” such as that machine itself to be available to clients that login.
- Then I downloaded the free app to my Droid X and configured it to log in to the domain (not the server) / password setup at NeoRouter.com.
- Once you login (and thankfully you can save your settings including password), you should see your “servers” that you have setup. Long press a server and you have the choice to access via SSH, VNC or RDP. Obviously you need those services running on those “servers” to connect that way.
- Next, you need an App on your smartphone (or PC) to access the server. With Windows, RDP is built in, so I downloaded RDP Lite (free) for my Droid X.
- The way you access your Windows server with RDP lite is to select a server IP of 127.0.0.1 (the loopback address which NeoRouter is redirecting to the server chosen using the port chosen – 32976 by default). RDP Lite is really slick! (Paid upgrade available, of course, the Lite version only allows 1 remote entry.
- Thankfully, again, the programmers have given us an “exit” option when we are finished using NeoRouter, otherwise is runs in the background with an icon on the status bar of the Android phone.
The NeoRouter software creates a secure VPN and even has “bridging” capabilities that I will probably look into. However, considering the clarity (or lack thereof) of the documentation I may or may not pursue that option.
Cisco is rumored to have an IPSec VPN in the works for Android by the end of the year, and that should work with Fortinet’s Fortigate firewalls. We’ll see on both counts.