Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jdominguez
Explorer
Jump to solution

Problem with checkpoint vpn android app

I have a problem and I hope someone can help me. We have checkpoint 5600 firewalls in version R80.30. When I try to connect from the outside with the checkpoint mobile applications, the Iphone mobiles work fine but the android phones with the checkpoint vpn app seem to connect, they take ip but then it is as if they were not really connected. They can't ping, they can't https ... Does anyone know the solution?

0 Kudos
1 Solution

Accepted Solutions
Awacs2000
Participant

STOP STOP STOP, BREAKING NEWS 😉
I just tried it on my iPad and there it is working with the "I".
Then I checked the Android again and there you have to click ">" right of the connection name and you are then able to "Edit site". Now I was able to change to SSL and it is working (pretty fast)

Thanks a lot!

View solution in original post

(1)
24 Replies
PhoneBoy
Admin
Admin

We talking the Capsule VPN?
What version of client?
What version of Android?
What do you see on the gateway side when the Android tries to connect?

0 Kudos
jdominguez
Explorer

Hello, thank you for your help. Yes, I Am talking capsule vpn. As soon as I know the version of android app and app version I will tell you.

0 Kudos
frass
Explorer

Hi PhoneBoy.
The condition I experienced was similar, when the user connected through Capsule VPN with version 1.600 experience the user got the error "KMP server returned an error" and also got the error "Failed in setting command - Permission denied". But if I check from the log, the action is "Log In" but does not get IP Office Mode which is our vpn ip pool.

KMP server returned an error.pngPermission denied.pngPoV log.png

 

If got the vpn pool, in section "Session" will occur IP Office Mode.

0 Kudos
the_rock
Legend
Legend

Phoneboy is right, we need wayyyy more info. What do you see on the gateway? One phone issue, multiple? Any specific logs when this problem occurs? Capture?

0 Kudos
jdominguez
Explorer

j

0 Kudos
jdominguez
Explorer

Hello, thank you very much for your help. I think the error is from the android app. I have no problems with the iphone app. However, with the android app, it seems that it connects, receives the ip but from that moment on, nothing else can be done. The firewall logs only indicate that it has connected but then I do not see anything else. As soon as I can try it again  I will put an app and android version.

0 Kudos
Nicolas_Calvo
Explorer

Hello, We have the same issue.

  • CheckPoint Capsule 1.600.72
  • Phones Samsung with Android 11 (Kernel 4.14.113-22340597). Several models with this issue (S10, A53, xcover 4s, xcover 5, ...)
  • Firewall R81 Gaiga Kernel 3.10

 

Screenshot from a Samsung S10. (look at "Decrypted Packets" and "Decrypted bytes"):

Screenshot_20220302-152944_Capsule.jpg

Screenshot from console (Although I have generated traffic, no traffic is reflected):

Screenshot 2022-03-02 153802.png

The same thing happens to other colleagues from other companies

Could you help us?

Thanks in advance.

Denis_Davila
Participant

Hi Nicolas, 

In my situation, the error is exactly the same. I can´t find any solution for this case. 

Do you have any idea?.

0 Kudos
Awacs2000
Participant

Hi,

is there any solution for this?
I have the same issue with my Samsung S22 and Capsule. I can´t reach anything in my network.
With my Notebook it works fine.

0 Kudos
jdominguez
Explorer

Hello.

My problem was solved by tapping the connection type on the Android mobile, by default it was set to IPSEC when it was a vpn.

Regards.

0 Kudos
the_rock
Legend
Legend

I would say thats common "mistake" people make, but easy fix.

Best,

Andy

0 Kudos
Awacs2000
Participant

Where in Android should this be?
I can't find anything about it in the settings. In the "VPN" settings of Capsule (Version 1.601.26) I can only set whether the VPN should always be on or delete the profile. That's it

0 Kudos
the_rock
Legend
Legend

I use Iphone, so cant test it myself, sorry, but I know for a fact it used to be there before. Do you not see it once you are creating a site?

Best,

Andy

0 Kudos
Awacs2000
Participant

It looks like this:

0 Kudos
the_rock
Legend
Legend

Does not give option to change connection type once connected?

Best,

Andy

0 Kudos
Awacs2000
Participant

No, there is no option. I clicked every single dots, points or whatever, but I cannot find anything to change this.
Does no one use Android here? Maybe this is only a Android version issue. As mentioned, I use a Samsung S22 with newest software.

0 Kudos
the_rock
Legend
Legend

Lets see if someone with that exact phone can test it. Sorry, I honestly would not know then : (

0 Kudos
the_rock
Legend
Legend

I see one screenshot says tunnel type ipsec, if you are inside connection properties, you dont see anywhere where you can click to change it to vpn instead or ssl vpn or something?

Andy

0 Kudos
Awacs2000
Participant

No, the only thing I can click in the upper right is the "I"-Button
Inside this I can just see "All rights reserved.........." bla bla bla and in the upper right I can configure logs and send them via mail.
Thats´ it.

0 Kudos
the_rock
Legend
Legend

OK, I did a test on my Iphone in the mean time, so you tell me if you see something similar. So I created brand new site on capsule app, it asks you for auth method (bla bla bla), once you choose so, then, on my phone, you can hit "i" icon and choose there type of connection, ipsec or ssl vpn.

You dont see that on your phone at all?

Andy

0 Kudos
Awacs2000
Participant

No, I tried those steps again, but there is no chance to change anything.
I will try with my iPad later.

0 Kudos
the_rock
Legend
Legend

Then I got nothing else, sorry : - (

Andy

0 Kudos
Awacs2000
Participant

STOP STOP STOP, BREAKING NEWS 😉
I just tried it on my iPad and there it is working with the "I".
Then I checked the Android again and there you have to click ">" right of the connection name and you are then able to "Edit site". Now I was able to change to SSL and it is working (pretty fast)

Thanks a lot!

(1)
the_rock
Legend
Legend

I knew had to be something minor. Excellent job! 🙂

Best,

Andy

0 Kudos
Upcoming Events

    CheckMates Events