Andre Paques
Sep 12, 2018
2:25 pm

How to create profile with GenericVpnPolicy no error Json

Dear friends,
I have two questions:
1: Through the GenericVpnPolicy Class, can I create a Vpn without the need for a screen lock? This information not content in the documentation of the Api.

2: The following exception: "Error VPN error 103: Invalid JSON format" is constant for me in all attempts to create a VPN with class GenericVpnPolicy, I have already taken several examples Json to build the profile and always generate the error.
Here's the data I've been passing the string in: createVpnProfile (String profileInfo).
String VPN_PROFILE_JSON_FORMAT = "" +
            "\" KNOX_VPN_PARAMETERS \ ":" +
            "{" +
                "\" profile_attribute \ ":" +
                    "{" +
                        "\" profileName \ ": \" ExampleGeneric \ "," +
                        "\" vpn_type \ ": \" ipsec \ "," +
                        "\" vpn_route_type \ ": 0" + "
                    "}," +
                "\" vendor \ ":" +
                    "{" +
                        "\" basic \ ":" +
                            "{" +
                                "\" host \ ": \" x.x.x.x \ "," +
                                "\" username \ ": \" vpn \ "," +
                                "\" password \ ": \" vpn \ "," +
                                "\" authentication_type \ ": 2" +
                            "}," +
                        "\" ipsec_xauth_psk \ ":" +
                            "{" +
                                "\" identifier \ ": \" ***** \ "" +
                                "\" pre_shared_key \ ": \"*****x1234\ "" +
                            "}" +
                    "}," +
            "}";

 

How to can i to manager this problem?

Jenna Slomowitz
Sep 12, 2018
6:40 pm

Hello Andre

Please look at this line:

                        "\" vpn_route_type \ ": 0" + "

I believe that the last quotation mark is what is causing the issue. Please try looking into the format there, and let me know if the issue still persists.

Best regards,

Jenna

Andre Paques
Sep 12, 2018
7:39 pm

Hi Jenna,

Thank you for responding quickly.

I've already tried the suggested fix, tried the string contained in the vpn example app on the sdk page and without success, look how I write the string in full:
String VPN_PROFILE_INFO_JSON_FORMAT = "{\" KNOX_VPN_PARAMETERS \ ": {\" profile_attribute \ ": {\" profileName \ ": \" Autotrac \ ", \" vpn_type \ ": \" ipsec \ ", \" vpn_route_type \ ": 1 } "\" "\" \ "\" \ "\" \ "\" \ test \ ", \" authentication_type \ ": 2}, \" ipsec_xauth_psk \ ": {\" identifier \ ": \" Autotrac \ ", \" pre_shared_key \ ": \" bdca1234 \ "}}}}";
One question, do you think I'm filling in the fields correctly, and am I just wrong in the format?

Andre Paques
Sep 12, 2018
8:12 pm

Correcting the previous message, follows the mode with which I tried:

String VPN_PROFILE_INFO_JSON_FORMAT = "{'KNOX_VPN_PARAMETERS': {'profile_attribute': {'profileName': 'Autotrac', 'vpn_type': 'ipsec', 'vpn_route_type': 1}, 'vendor':{'basic': {'host':'10.239.239.161', 'username':'test', 'password':'test', 'authentication_type':2}, 'ipsec_xauth_psk':{'identifier':'Autotrac', 'pre_shared_key':'bdca1234'}}}} ";

Jay Himanshu Jha
Sep 12, 2018
11:15 pm

Hi Andre,

Have you tried manually setting up the VPN with these values?

We have a sample app on SEAP for VPN configuration. Following is the JSON from that, which can successfully create a VPN profile:

{
  "KNOX_VPN_PARAMETERS":{
    "profile_attribute": {
        "profileName":"genericvpn", 
        "host":"1.1.1.1", 
        "isUserAuthEnabled":true,
        "vpn_type":"ipsec", 
        "vpn_route_type":1 
      }, 
      "ipsec": { 
        "basic": { 
          "username":"test", 
          "password":"test", 
          "authentication_type":1, 
          "psk":"example", 
          "ikeVersion":2, 
          "dhGroup":2, 
          "p1Mode":2, 
          "identity_type":0, 
          "identity": "test@test.com", 
          "splitTunnelType":0, 
          "forwardRoutes":[ ] 
      }, 
      "advanced": { 
        "mobikeEnabled":false, 
        "pfs":false, 
        "deadPeerDetect":false, 
        "dhGroup":2, 
        "p1Mode":2 
      }, 
      "algorithms": { } 
      }, 
      "ssl": { 
        "basic": { }, 
        "algorithms":{ } 
      }, 
      "knox": { }, 
      "vendor":{ } 
  } 
}

 

Can you try following this format for your JSON? Note that those values are configured for the Strongswan server. Your VPN server might not require all the values, in which case you can leave the keys blank.

Regards,
Jay

Pedro Gomes
Dec 04, 2018
10:19 am

Good news It's working now.

{
  "KNOX_VPN_PARAMETERS":{
    "profile_attribute": {
        "profileName":"NAME", 
        "host":"IP", 
        "isUserAuthEnabled":true,
        "vpn_type":"ssl", 
        "vpn_route_type":1 
      }, 
      "ipsec": { 
        "basic": { 
          "username":"test", 
          "password":"test", 
          "authentication_type":1, 
          "psk":"example", 
          "ikeVersion":2, 
          "dhGroup":2, 
          "p1Mode":2, 
          "identity_type":0, 
          "identity": "test@test.com", 
          "splitTunnelType":0, 
          "forwardRoutes":[ ] 
      }, 
      "advanced": { 
        "mobikeEnabled":false, 
        "pfs":false, 
        "deadPeerDetect":false, 
        "dhGroup":2, 
        "p1Mode":2 
      }, 
      "algorithms": { } 
      }, 
      "ssl": { 
        "basic": { }, 
        "algorithms":{ } 
      }, 
      "knox": { }, 
      "vendor":{ } 
  } 
}

Comments

Dear,

For the test, we downloaded the sample app that is available on the site, in sampe apps / knox.

We replaced the license value and String Json value for Vpn creation and it did not work, I do the App steps:
1. Activate Admin; Sucess.
2. Activate Knox license; Success.
3. Install VpnClient; Success.
4. EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance (getApplicationContext ()); or EnterpriseKnoxManager and km = EnterpriseKnoxManager.getInstance (this); Success.
GenericVpnPolicy genericVpnPolicy = ekm.getGenericVpnPolicy (Constants.VPN_PACKAGE_NAME,
                    0); Not successful (Always generates error 102).

And when it worked, without changing anything, it generates error 103.

Do you have any test App that is running to make it available for us to do the tests?

Here is the String example I set up to pass the createVpnProfile (String profileInfo) method:

String JSON_SAMSUNG =
            {\ "Profile_attribute \": {\ "profileName \": \ "vpn_knox \", \ "host \": \ "***** \", \ "isUserAuthEnabled \": vpn_type \ ": \" ssl \ ", \" vpn_route_type \ ": 1}," +
                  \ "vpn_user \", \ "vpn_user \", \ "authentication_type \": 1, \ "psk \ "dcGroup \": 2, \ "p1Mode \": 2, "+
                  "\" identity_type \ ": 0, \" identity \ ": \" test@test.com \ ", \" splitTunnelType \ ": 0, \" forwardRoutes \ ": []}," +
                  \ "p1Mode \": false, \ "deadPeerDetect \": false, \ "dhGroup \": 2, \ "p1Mode \": +
                  "\" algorithms \ ": {}}," +
                  "\" ssl \ ": {\" basic \ ": {}, \" algorithms \ ": {}}," +
                  "\" knox \ ": {}, \" vendor \ ": {}}}";

Andre PaquesDec 05, 2018 at 6:17 pm
Pedro Gomes
Dec 05, 2018
10:38 pm

New issue...

I need to connect to an OpenVPN server every client uses the same CA CR and KEY but different clients use different logins (username and password) 

How can I make this work ? 

Regards,

Pedro

Jenna Slomowitz
Dec 07, 2018
12:06 am

Hello Andre,

Looking through your JSON string, it does not look like it is formatted correctly. Please look over it again and let us know if you are still having issues once it is correctly formatted. 

Best regards,

Jenna