(No comment was entered for this change.)

A lot of people are waiting for this request. and I am one of them :).

Seconded!  I would love this feature.

Agreed.  There is a 3rd party app that does provide this but not on a stock system. 
It would be nice to see basic group authentication added.

This would help me a lot as I am on call 24/7 for work and vpn then ssh into work to
fix problems without taking out the laptop would be really nice.

same here, just spent hour with an employee trying to get the new donut release vpn
client to work with a cisco 3000 concentrator.  No place to enter group id/password.
 This is a huge deal!

Thank

Comments stolen from Issue #1919:

"Just a friendly reminder... if you're about to post a comment that says "me too!" or
"you've got my vote" or "+1" or similar... please just star this issue and leave the
comments-space clean.  When you star the issue, your vote counts.  Issues with a
larger number of people starring the issue are likely going to get more attention.
More comments, however, are just going to clutter the system and annoy those who have
already starred the issue, possibly encouraging them to unstar the issue, lowering
its perceived importance.  Again, comments should be used to update progress on the
issue itself, not for voting... please leave this to the star.  Thanks."

scoob8000, are you talking about http://code.google.com/p/get-a-robot-vpnc/ ? I've
had a lot of trouble getting this to work reliably... If you're aware of another app,
please let me know!

vpnc-robot uses ROOT access. it won't work with a standard ROM.

Click the star!  I was so happy to hear that VPN support was included with no
additional apps needed but so disappointed to find out that plain vanilla ipsec
(groupid/group password) was not supported yet.  I still love you though, Android. 
If ever a beta tester is needed for an ipsec vpn on an ADP1 ROM, feel free to drop me
a note.  Thanks.

Almost every university in Germany uses a Cisco system being incompatible with 
Android's VPN. 

There should be a huge demand by German students because they are not able to use WiFi 
on campus.

Ditto, I need Cisco VPN as well.  Looking forward to you adding this asap!

Thanks..

Yes, everybody needs to have fully functional vpn client for android. Why do not have
group id?

This is required to have these phones at our company.

needed badly

desparately need this please

LESS THAN FRIENDLY REMINDER - Stop posting "i need this fix". Of course you need this
fix if you're here. Just star the issue and wait, don't comment because it emails
everyone watching the issue.

I want to see comments about the developments related to this fix, not how you
personally need this fix to use your phone with your company VPN.

- from someone else waiting for this fix, not the developer. 

the IPsec client on this phone works. it does DES for phase 2 tunnel negotiation,
which really should be changed to 3DES. i think that is everyones problem here. 

marcelliotnet: i don't think it's just ipsec that we want. for instance: how do you 
enter the group username/group password for cisco-based vpns?

I believe the Pre-shared Key is the "Group Password" for Cisco.  

So it may only be the "Group Name" that is missing (and this may be another Cisco 
moniker for "tunnel group")

Somebody please confirm this understanding

The big question regarding this is what underlying system service
will provide this function. Nothing can be done until those that
are responsible for deciding what will be included in the source
tree make this decision.

> I believe the Pre-shared Key is the "Group Password" for Cisco.  
>
> So it may only be the "Group Name" that is missing (and this may
> be another Cisco moniker for "tunnel group")

No, that isn't correct.

The underlying system service for the existing IpSec VPN
support is not capable (and may never be) of providing the
Xauth support being requested here.

I am a Cisco Engineer with my company and I have been trying to get the Android to connect to my Cisco VPN.  
From what I have found you can root the phone and use two Cisco VPN Applications on the Market.  I would 
prefer not to do this.  I have seen posts from people saying that they were able to connect to their corporate VPN 
but I am unable to get the Android to establish a complete VPN session with a Cisco ASA firewall.  I have a TAC 
open and have worked with Cisco with no success in connecting.  So until there is an update from the OS it 
seems the only way to connect to a Cisco firewall is to root the phone.

I'll have to send my Droid back unless we can get some Cisco VPN functionality.  We use 
IPSEC group name/password on our Cisco 2811.  I'd be happy to create a separate VPN for 
our Droids but there doesn't seem to be any options but IPSEC group name/password on 
the router.

The sales guy that just got his phone yesterday will also have to send it back.  The 
owner was thinking about changing the entire company to Droids but that won't happen 
unless we can get Cisco VPN functionality.  

@ikent88 -- the vpnc client for us linux users has been able to work for years and
the code is GPLv2 licensed. From a 10,000ft view it seems like the Android platform
should be able to borrow that logic and re-implement on the OS stack...

http://www.unix-ag.uni-kl.de/~massar/vpnc/

Honestly when I first read about VPN coming in Donut this is exactly what I thought
they would have done - why reinvent the wheel? It appears not to be the case, though.

I'm Trying to infer details from an OS X article b/c I believe they are both using 
the same underlying library (racoon): http://bit.ly/3k6gjM

This article mentions that before the "Group Name" field was added to the client 
configuration, the router could be configured to use the default Tunnel group 
("DefaultRAGroup") and that would allow connections from clients that didn't specify 
a "Group Name."

@gober.steve or any other person who has access to the Cisco router logs, can you try 
to connect using the info above and verify whether this is true (that the client will 
use "DefaultRAGroup")?

@patrick -- in another issue that's somewhat similar/dovetailed to this one I posted
some VPN logs, not seeing my device even get far enough to present a user/group:

http://code.google.com/p/android/issues/detail?id=4111

If you read that OS X article a little more closely you'll see they are instructing
you to set up L2TP over IPSec which is not the same as this bug/issue, a pure IPSec
need. On our Cisco 3005s the two are mutually exclusive in the device setup and both
cannot be enabled at the same time.

What comes through as no username or password in the logs.  I doesnt seem to get out of phase1.  This is what I 
believe.  
It looks like only root users can create the virtual adapter needed to facilitate an IPSEC connection.  When you 
create an IPSec connection your computer creates a virtual adapter that receives IP addressing info from the 
firewall you are connecting to.  The user that is running the UI for the Android is not root and therefore cannot 
create this virtual adapter.  I believe this is why you must root the phone to be able to create IPSec connections.  
This is my guess.  It would be really nice if you could have a VPN application that could Sudo these rights.
Currently im looking in to how to root my phone.

I vote for this feature...

or you can trade your ASA for a sonicwall...hahah...had to say it. did not root my
phone, and i can connect using the built-in VPN client on the droid...the phone uses
DES for phase2 tunnel negotiation i think thats everyones problem, or that the fact
that it isn't a "pure" IPsec client and is coupled with L2TP which i had to enable on
the sonicwall to be able to connect.

im using DES now and i still cannot get past phase 2.  Im running DES/SHA/Group 2 Diffie-Hellman Group 1.

if you have a sonicwall gen4 or gen5 with enhanced firmware. i can give you a paypal
link and i'll configure it for you...hahah...the client on this phone works fine.
google probably won't change it for you. so i guess all of you will be taking your
phones back.

it is really important in germany for students using the wlan in university

No IPSec grops? We need to have them....

I just moved from the iPhone 3G to the Droid. My company has an IPSEC VPN set up that
mobile users can connect to. The iPhone 3G connects with no problems whatsoever. I
cannot connect using the same settings from my Droid, which is a bit frustrating. It
gives the appearance of trying to work, but it never connects. I don't know if this
provides any additional troubleshooting information. Perhaps knowing that the iPhone
3G VPN connects with no issues will help others pinpoint the specific problem here.

I am able to connect over WiFi to my university's Cisco VPN (IPSec w/ pre-shared key,
no L2TP secret.) It does NOT work when using the Verizon 3G data connection. I tried
to troubleshoot it with the campus VPN engineer, and he said that the logs show an
initial connection from my phone, but then it just hangs.

We won't be able to buy the Droid for our company until it supports Cisco VPN 
support. 

I left the Iphone which had this functionality.  The Droid does not.  Not living up 
to expectations.  Odd to think that the Iphone is more of a corporate business phone 
than the Droid.

I am interested in this feature as well.

ipsec vpn is essential for me, a phone that does not Cisco's ipsec is useless for me.
Please add.

VPN in droid is worthless without this.

I would appreciate this added as it is useless for my needs without it.

I need the cisco vpn as well.

I agree this would be very helpful

yes please help would be way helpful

please use the star feature in the upper-left corner of the page so we don't all get
flooded with the "yes I need this" email notifications.  :)

Badly need this.  

I must have Cisco IPSEC/TCP Group Authentication.  thank you.

i need this ability as well.

this is exactly what I need!!!

FOR GOD'S SAKE, STOP POSTING "OH I NEED THIS TOO" WE ALL NEED IT!!!!! THAT'S WHY 
THIS REQUEST EXISTS!!!!

so please, press the star next to the post name. Thanks!

Just signed in to star this.  Please add, would be a major benefit for me.

Did anyone try http://code.google.com/p/get-a-robot-vpnc/ and get positive results?

http://code.google.com/p/get-a-robot-vpnc/ requires root. From what I understand, the
OS needs to allow the installation of a virtual adapter for this issue to be
resolved. Root access allows this, which is why existing apps support it on Android.
But the fact that the Moto Droid has not (to my knowledge) been rooted is what I
believe is leading so many folks to come and star (and misguidedly leave "me too"
comments on) this issue.

Sorry for the additional notification spam to those watching this issue and in
addition, "me too!"

Will not buy an Android phone without support for this. Mission critical for my 
profession.

If this gets added, it should have the ability to do the "less secure" DES standard
as well as 3DES. For some reason, my company VPN only runs with DES and I was unable
to reliably use the other "VPN Connections" app on the market (although they
eventually added an option to specify a command line option to vpnc, where I could
disable strong encryption) -- but I never got it to run reliably in either case, so
I'm still hoping for a solution that is built into the OS.

I am really surprised this is not working... Please FIX this. Critical, Critical,
critical!

This really needs to get fixed soon

need to connetect to my AVM Fritz.Box Router a pure IPSec

Really need this to continue to use this device for business.

I have a SonicWall 1260 and would love any input you all can give to help me
configure the VPN settings there so I can connect my Droid to it. Thanks!

*

Yes please, it is a must for any business person.

As someone who also wants this might I kindly beg those of you who are new to this
list to please take the sage advice of post number: 8

"Just a friendly reminder... if you're about to post a comment that says "me too!" or
"you've got my vote" or "+1" or similar... please just star this issue and leave the
comments-space clean.  When you star the issue, your vote counts.  Issues with a
larger number of people starring the issue are likely going to get more attention.
More comments, however, are just going to clutter the system and annoy those who have
already starred the issue, possibly encouraging them to unstar the issue, lowering
its perceived importance.  Again, comments should be used to update progress on the
issue itself, not for voting... please leave this to the star.  Thanks."


I am about to unstar this b/c I am tired of all you people who feel the need to tell
the other 377 of us that you need this. We know that. Please just click the star and
move along, unless you have something to actually add that will help.

Please add Cisco IPSEC VPN capability

I need this! ;oP

OMFG i really really need this for work

I have just unstared this issue because i have gotten sick and tired of receiving an
e-mail every time some dingbat couldn't resist the urge to post a comment.

Best of luck to you all, i will root my phone and get vpnc installed myself.

I like many others on here are sick and tired of people not reading before posting.
Hopefully this will be the last comment you'll receive in your email if you follow
these instructions. I went ahead and created a mail filter in Gmail to auto-archive
any messages received from 'codesite-noreply@google.com'. To set this up, check the
box next to the message, click on the 'More actions' button and select 'Filter
messages like these'. The 'From' box should already be filled in with
'codesite-noreply@google.com' (if it's not, add it), then click the 'Next Step'
button. Check 'Skip the Inbox (Archive it)' and 'Also apply filter to 1 conversation
below' then click the 'Create Filter' button. Now you'll no longer see these emails
appear in your Inbox. If you're using another mail service or client, there should be
a way to setup filtering as well, but the steps will vary. Hope this helps! 

P.S. Not to be mean, but if you cannot figure out how to setup filtering, do a Google
search for it and don't flood this discussion with questions asking for help. Thanks!

I would also love to see this feature!

Please bring the cisco client... i need it to connect to the w-lan in our college...

i need also the cisco client...

Would be nice if you add this to stock android!

This would be great.

Please add this functionality.

Thanks

Jim

Need the Cisco VPN IPSEC support.

Thanks
Blake

as much as i want this change, i'm unstarring just so my mailbox doesn't get
destroyed by idiots who don't realize commenting doesn't get this looked at, only
starring does.

Good luck with getting this functionality.

Hi Guys, for those that are angry because they see these annoying emails, why dont 
you setup the "filter" in gmail to auto remove as long as the subject match, so you 
dont have to unstar it.

This feature would be greatky appreciated!  Thanks

Please note that if you add a stupid comment like "me too" then all 400+ people get
an email.  If you are too stupid to read simple directions, you probably shouldn't
have access to secure networks anyways.
 
Please keep the comments to relevant ideas for workarounds and 3rd party solutions
that may be of help until this is resolved.  Thanks to those who starred but didn't
comment.
 
For all the really cool smart people that starred but did not comment:  Sorry for the
extra email.

On fedora 12 vpnc with networkmanager just works. Import pcf file for all settings. 

i'm a student and i really need a proper Cisco VPN support

Unstarred thanks to the 294 illiterate idiots like the one above me.

I am unstaring this issue too.  I'm getting too many superfluous emails that do not 
add to the solution.

Need this feature in a bad way.  Kind of limits my use of the Droid.

Also would find this very helpful.

people, please do not unstar this to avoid the spam - we need to keep this request
hot.  Instead, from gmail's More Actions dropdown choose "filter messages like
these", put the words "issue 3902" in the subject box, and choose action of "skip the
inbox (archive)"

This is a must have for Android to succeed in the business space.  

Cisco VPN would be great!

I'd be thankful for it, too!

I need this badly. 

I'm waiting for this to happen, not sure why google left this out.  Was this a huge oversight or was it left out 
intentionally?!?!  A mistake...I thought Droid Does in a world of Does Not... DROID DOES NOT DO VPN!!!

I have some good news I will share on my VPN trial and errors....I took a Linksys
RV042 VPN router and was able to simply add me as a user, turn on the PPTP Server and
then I was able to connect to my network at our office via the Droid just fine!
Obviously there still needs to be support for a "pure" cisco compatible VPN client on
the Droid (hence this entire thread), but this does what I need...and hopefully may
help others that land here.

Until this is available, I am without a Droid.

me too :/ it would be awesome to use cisco on android :)

*

I'm actually looking for an IPSec/IPSec client for connectivity to a
Juniper/Netscreen VPN device.  I'm sure if one is set that will work with Cisco, I
can make it work with the Juniper...just get us a native IPSec client. I'm going to
have to forgo my android phone if I cannot get this functionality....and I REALLY
don't want to do that.

Ditto

ASA user here, and being able to connect to my network through VPN would be great.

STAR

I am also a Net Admin. This would help tremendously in my ability to manage our 
company systems, so I say this only thinking about myself. Please expedite Thanks!

@networksecurityguy-
Tried the same thing. Was able to get past phase 1 but not phase 2. 
FWIW, you can do l2tp only and forego the tunnel encryption. Just make sure you only
permit encrypted protocols over the tunnel...May or may not be an acceptable
workaround, but fyi.

Being able to specify crypto parameters would be incredibly useful. Or at least
document which ones are usable to the device...

add me to the list waiting for this feature

I'd love to see this enhancement.

Add me to the waiting list

//being relevant input
Using:
   cyanogen rom
   VPN Connections app 
      from the market and latest from their website:
   T-Mmobile's 3G network (HTC my touch) //will test with WiFi later Today

Situation:
   Am able connect/auth. sometimes on first click sometimes on 2nd or 3rd attempt
      When connected issue `sh vpn-sessiondb remote` on the ASA 
         shows my connection and a certain quantity or TX/bits but 0(none) RX/bits
           This is after ping/ssh... attempts
Will furnish logs, later on Today when I get a chance. 
Will attempt to gather the following:
   packet capture between android and ASA
   syslog from ASA
   Android log from log viewer

If anyone has any suggestions in addition to this please don't hesitate to speak up.
Additionally does anyone know if there is (s/l/p)trace, tcpdump or similar compiled
for android?
//end relevant input

-----

//begin RANT
@enthusiastic yet useless commenters(your comments are useless, you're not):

Please and I am asking this as nicely as possible, please stop flooding the forum
with useless dross.  
You are potentially doing more harm than good by irritating people to the point where
they are unstarring the request. 
This is obviously counter productive, in addition it make more chaff for the devs to
weed through in their attempt to parse out relevant(useful) input.
//end RANT

Much needed in today's coorporate world.

Yes please help with this. My company would buy dozens of these RIGHT NOW if this was
supported!

This would be a huge bonus!

Please do!

I need it

Can anyone tell me how the phones pass the xauth?  PAP, CHAP, MS-CHAP, MS-CHAPv2?  I
am a Cisco Engineer working on getting this working.  The ASA can do this using L2TP
over IPSec.  I can post a sample config after I get things working :)

*

I am sure I will hear about this if it ever gets fixed.... the daily "I need it" "must 
have stuff is crazy"...

Needed badly.  

I think what many of the folks here are asking for is true native Cisco VPN Client 
support (not just standard IPSEC VPN support).  Cisco has implemented a number of 
proprietary features that make VPN actually usable (like split tunneling support, 
split DNS support, Xauth, IPSEC over UDP and IPSEC over TCP encapsulation to deal 
with NAT's, etc...)

This functionality is now beautifully implemented in the Mac OS and the iPhone and 
frankly, it is what the Android really needs.

If the developers need a reference as to what should be targeted here, what is 
implemented in the Mac OS should be your guide.

-Eric

Cisco base VPN is a must for Droid

Essential.  Deal breaker without.

This is a must for us as we do not support AT&T phone plans. Currently BB is our only
option. +1 on this waiting list.

Do you folks seriously think that the Android team care about this? Especially when
there are so many other more serious FAILs that they have ignored for more than a
year now!

FYI, This issue came to light for me a few months ago when I found out that my
colleagues had no trouble doing VPN (natively) from their iPhones. Meanwhile, with my
pathetic Android OS 1.5... than can't even connect to hidden SSID WiFi... didn't have
a hope in heck of connecting to our Cisco VPN.

Good luck with this one.... :-(

Sorry for the negativity.... but after looking through more than a dozen issues that
also affect me, noticing how long these issues are outstanding and unresolved (at
year in many cases), noticing how few or none have any comments from the Android
teams... just leads me to believe that I've wasted my time and money on this technology! 

I feel mislead by the promise of Android!

please add support of cisco vpn.

The only way to get a internet connection over wlan on my college is over cisco vpn
concentrator 3000.
So i really need a Cisco VPN Client for my android phone!!

I am IT manager majority of my IT life is supporting and building 
ERP systems. I view this feature (ability to connect to corporate networks and emails) 
as must have in order to increase adoption of Android OS or devices. I currently use 
Motorola Droid - love it - also working on building enterprise applications for field 
sales or distributed workforce. I believe in the platform and attempting to influence, 
this feature (or lack thereof) is a big handicap.

Cisco VPN and PPTP both work on Windows Mobile 6 on Verizon XV6800.  Neither works on
Motorola Droid 2.0.1.  

Google engineers,  surely you have the resources to either buy a solution or find a
team to solve this.  Talk to the people at AnthaVPN or Microsoft.  They know how to
get it to work.  While you're at it, solve the Bluetooth DUN issue on OS X too. 
PLEASE????????  Thank you.

Please get IPSec VPN Client support and PPTP support using RSASecure ID based
authentication on Android. that would open up businesses gates to Andriod.

Thanks
Manoj

Please get VPN working to Cisco VPN 3000 Concentrator!!!

This feature is very much needed for me as well.

Same here.  We are holding off on switching to droid from iPhone because of this.

Working Cisco VPN (requires root):

  http://code.google.com/p/get-a-robot-vpnc/wiki/Motorola_Droid_Support

:)

-John

Oh yeah so great that it needs root but some people want to hold onto their 2 years
of warranty....

Yes, please add this feature.

i need this feature für university wlan access.
Need it REALLY soon. Would be great!

seconded!

Big need for this feature, hope its coming soon.

jumping on the "i need it too!" bandwagon

1 MO VOTE!

I am working on campus (in Switzerland). We use Cisco concentrators and I would love
to have access to the campus network too.

best regards

worked with iPhone, need to make it work with droid

Hi Guys, for those that are angry because they see these annoying emails, why dont 
you setup the "filter" in gmail to auto remove as long as the subject match, so you 
dont have to unstar it.

PS: Has to send periodically otherwise some new people will not read it and keep 
putting the comments.

If someone thinks about putting VPN support into Android's core, then I would vote for adding support for 
OpenVPN, too.

C'mon Android!  Apple's got support for Group Authentication to get into Cisco's L2TP
VPN, and they're by no means an Open Source outfit.  Please don't let this feature go
uncompleted. 

What a Joke that the Motorola Droid doesn't support this.

i would also like to see that!!!

This could mean the difference between the Droid and an iPhone.  I'd prefer to be 
able to use a Droid.

Is this issues seriously still unassigned and "new".  I agree, for me this is the
difference in buying a droid or keeping my blackberry.   And depending on your
business model you may want to reconsider the priority, if this is a show stopper for
others (as it is with me) then google is loosing potential customers.  Seriously, the
iPhone has had this support for a long time now, and back in the day my treo
supported this.  

I've been doing demo testing on smartphones and the Motorola Droid was going to be 
the next text device I was going to test, my company is looking for a suitable 
replacement device for the aging BBs. Unfortunately not having an IPSec VPN client 
compatible with Cisco will probably force us to go with the iphones. Google is 
definitely loosing potential customers unless they get this resolved.

Definitely need this!!!  I used to use Bluefire VPN on my Palm Treo 650 and I
currently use vpnc on my netbook.  I COULD tether but it would be nice to only have
to take my phone and leave my netbook at home.

Um, is anyone from Google going to comment/weigh in on this? Hello, Android core
developers. Any word? Any thoughts? Anything?

I agree with Marshall, would be nice to see some response from the developers or 
someone that can give an accurate update. Lots of folks want this.

Badly need this.

Well not a show stopper in my case, but our network core is Cisco and they will not
view any products other then that. We used to have open POP3 for our mail servers,
but security concerns locked it down to BlackBerry Users. But we have to buy licenses
for rim. 

This is a highly needed an anticipated feature as this would allow us a truely mobile
experience