betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

Nokia VPN Config Files

Plain text config files to create a Nokia VPN client config

As an alternative to the Nokia VPN Clicky-Config, the VPN policy settings file (.vpn that is loaded on the phone), can also be created using plain text files. These have DOS line endings, but I don't know if that is mandatory - I just took care to do them like that and they seemed to be read.

Like I've learned on wiki.paepstin.info/nokia:vpn, you create two files (more if using certificates instead of PSK):

You then zip them up into one somename.zip file using zip somename.zip somename.pol somename.pin - I don't know if ordr matters. Note: older information on that intarweb-thing states that you have to jump through multiple hoops to get that zip file into a signed .sit file. That is all outdated, as far as I can tell.

After you zipped, just rename: mv somename.zip somename.vpn. Last step, get it on the phone and open it in the file viewer or from the messages application.

So, here are my pin and pol files, with some sanitizing applied.

bebu.pin:

[POLICYNAME]
bebu
[POLICYVERSION]
1.1
[POLICYDESCRIPTION]

[ISSUERNAME]

[CONTACTINFO]

bebu.pol:

SECURITY_FILE_VERSION: 1
[INFO]
bebu
[POLICY]
sa bebu_1 = {
esp
encrypt_alg 12
max_encrypt_bits 128
auth_alg 3
identity_remote 0.0.0.0/0
src_specific
hard_lifetime_bytes 0
hard_lifetime_addtime 3600
hard_lifetime_usetime 3600
soft_lifetime_bytes 0
soft_lifetime_addtime 3600
soft_lifetime_usetime 3600
replay_win_len 0
}



remote 0.0.0.0 0.0.0.0 = { bebu_1(*SERVER_ADDR*) }
inbound = { }
outbound = { }

[IKE]
IKE_VERSION: 1
MODE: Main
ADDR: *SERVER_ADDR* 255.255.255.255
ID_TYPE: 11
FQDN: *SOMEID*
PRESHARED_KEYS:  
FORMAT: STRING_FORMAT
KEY: *LEN* *YOUR_SECRET_KEY_STRING*
REPLAY_STATUS: FALSE
USE_MODE_CFG: FALSE
IPSEC_EXPIRE: TRUE
USE_XAUTH: FALSE
USE_COMMIT: FALSE
ESP_UDP_PORT: 0
SEND_NOTIFICATION: TRUE
INITIAL_CONTACT: TRUE
USE_INTERNAL_ADDR: TRUE
DPD_HEARTBEAT: 90
NAT_KEEPALIVE: 60
REKEYING_THRESHOLD: 90
DNS_SERVER: *SERVER_ADDR*
GROUP_DESCRIPTION_II: MODP_1024
USE_NAT_PROBE: FALSE
PROPOSALS: 2
ENC_ALG: AES128-CBC
AUTH_METHOD: PRE-SHARED
HASH_ALG: SHA1
GROUP_DESCRIPTION: MODP_1024
GROUP_TYPE: DEFAULT
LIFETIME_KBYTES: 0
LIFETIME_SECONDS: 86400
PRF: NONE
ENC_ALG: AES256-CBC
AUTH_METHOD: PRE-SHARED
HASH_ALG: SHA1
GROUP_DESCRIPTION: MODP_1024
GROUP_TYPE: DEFAULT
LIFETIME_KBYTES: 0
LIFETIME_SECONDS: 86400
PRF: NONE

These files are what came out of my playing with the Nokia VPN Clicky-Config. Back when things weren't working, for half the time I tried editing config files, the other half I was clicking around in the GUI tool. In the end the GUI thing worked, but the plain text files are easier to reproduce.

Things I'm not quite certain about:

Some things you will have to adapt, things you will have to take care:

Other notes: