Android VPN Instructions for Sonic.net

Last Update: 10 December 2012

VPN Terminology

For those not familiar with VPN, it can be maddening to figure out the proper set-up because there are so many different terms used for the same thing between different vendors of VPN clients. So the first thing I'll do is to present a table with some of the equivalencies.

Equivalent VPN Terminology

(Read Across)

Cisco AnyConnect Term Android VPN Term VPNC Term VPNCilla Term Other Terms Sonic.net Value
IPSec UDP IPSec Xauth PSK XAuth XAuth Cisco IPsec, Plain VPN This is the only VPN type Supported

Host

Server address

IPSecGateway VPN Server Address IP Address, Hostname ipsec.vpn.sonic.net

Group Authentication Name

IPSec Identifier

IPSecid Group ID key-idGroup Name Standard VPN or Standard\ VPN

Group Authentication Password

IPSec pre-shared key

IPSecSecret Group Password GroupPwd, key standard

User Name

Username

XAuthUsername

 Your User Name

  Sonic user name (not e-mail address)

User Password

UserPassword

XAuthPassword

Password

passwd Sonic password

Does Your Android Device Support "Plain VPN?"

Only Ice Cream Sandwich and Jelly Bean (Android 4.x) have the plain, iPSec, VPN networking infrastructure built in, and apparently not all 4.x devices have it. For Android 2.x devices the device must be rooted and have the tun.ko module installed. Then you can use a free app from the Google Play Store, VPNC, to get VPN working.

Sonic.net

Sonic.net is one of the only ISPs that includes VPN termination at no extra cost. I don't think that a lot of their customers understand the value of this service or even realize that it's included on their account. To sign up for an external VPN provider costs about $70 per year, so factor that cost in when you're selecting an ISP.

90% of tablets are Wi-Fi only versions, so there is a lot more use of free Wi-Fi services than in the past. Additionally, many smart phone users opt for low cost prepaid services which don't require a data plan, relying on Wi-Fi for most of their data usage. The number of businesses and institutions providing free Wi-Fi increases daily. Hotels, restaurants, retail stores, car dealers, coffee houses, libraries, parks, and government buildings now routinely provide free Wi-Fi. It's very dangerous to use these open Wi-Fi networks without VPN.

When should you use VPN?

  1. When connected to any unknown, open, Wi-Fi network and accessing sites where you provide passwords or personal information.

  2. When you need to access web sites that are blocked in certain areas (i.e. Facebook in China, Facebook in many high schools).

When should you not use VPN?

If you're printing to wireless printers on your own network (or to a print server on your own network) you need to turn VPN off. You don't really need it on your secure home network anyway.

Which Version of VPN does sonic.net Use?

Sonic.net uses IPSec VPN with a pre-shared key also known as IPSec Xauth PSK VPN, Cisco IPSec VPN, or "Plain VPN." Sonic does not support PPTP VPN, L2TP VPN, L2TP/IPSec PSK VPN, or L2TP/IPSec CRT VPN. If you are using the Cisco AnyConnect client on your laptop then you're probably using the version that Sonic.net supports.

What Do You Need for Different Versions of Android?

For Ice Cream Sandwich and Jelly Bean (Android 4.x), there is a VPN client built into the operating system, you do not need to install any additional applications or drivers. This is provided that you see the choice " IPSec Xauth PSK" when you choose the type of VPN service. If this choice does not appear then you should try to use VPNCilla from the Google Play store (try the trial version first). VPNCilla does not require rooting.

For Froyo and Gingerbread (Android 2.2 and 2.34), there is no VPN client that will work with devices running these versions unless the device is rooted. Once it is rooted, you have some choices, at least in theory. However I have only ever gotten VPNC to work on my older Android phones. I could not get the Cisco Rooted AnyConnect client to work with Sonic.net, and I don't think anyone else has either.

Using Sonic.net VPN with built-in VPN app (that supports IPSec Xauth PSK) on Android Ice Cream Sandwich & Jelly Bean.

The Cisco AnyConnect App for Android does not work with sonic.net, even on Android devices that have the VPN networking infrastructure built in.

Rooting is not necessary. This should be easy, but the instructions on Sonic.net for Cisco AnyConnect use very different terminology than the Android VPN service, so it can be confusing to those not familiar with VPN. Note that there are other good reasons to root your Ice Cream Sandwich or Jelly Bean Android device, but VPN is not one of them.

 

Cisco Term

Android Term

Value

Host

Server address

ipsec.vpn.sonic.net

IPSec over UDP

IPSec Xauth PSK

IPSec Xauth PSK

Group Authentication Name

IPSec identifier

Standard VPN

Group Authentication Password

IPSec pre-shared key

standard

User Name Username Your sonic.net user name
User Password UserPassword Your sonic.net password

If your choices look like the image below then you can use the built-in Android VPN on sonic.net because you have the IPSec Xauth PSK option:

If your choices look like the image below then you can't use the built-in Android VPN on sonic.net because you don't have the IPSec Xauth PSK option (try VNPCilla trial (see below) which might work):

  1. From settings->Networks->More->VPN, tap "Add VPN"

  2. For Name type: sonic.net

  3. Tap: IPSec Xauth PSK (If this choice does not appear then you can't use the built-in VPN networking. Apparently not all Ice Cream Sandwich and Jelly Bean devices include this choice.  Try VPNCilla (not VPNC) instead (see below))

  4. For "Server Address" type: ipsec.vpn.sonic.net

  5. For "IPSec identifier" type: Standard VPN (watch capitalization)

  6. For "IPSec pre-shared key" type: standard (all lower case)

  7. Tap "Save".

  8. Tap the VPN entry you just saved (i.e. "sonic.net").

  9. Enter your sonic.net username/password (not your e-mail address, just the part before "@sonic.net").

  10. Tap "Connect".

Verify that you're connected to Sonic.net VPN

    Go to http://ipchicken.com to check your IP address. When VPN is connected you should have an IP address of 209.204.163.x (or something close). With Opera Mini, but not with Opera Mobile, you will get the IP address of the Opera Mini server, not the Sonic.net VPN IP address.

If you have problems ("Unsuccessful" rather than "Connected"):

  1. Ensure that you have Wi-Fi or 3G turned on.

  2. If you have a rooted Android device with DroidWall installed be sure that you give "VPN Networking" access to Wi-Fi and 3G.

Using Sonic.net VPN with Older, Rooted, Android devices using the VPNC Widget from the Google Play store.

The VPN routing infrastructure is not built into the Android device firmware of Froyo (2.2.x) or Gingerbread (2.3.x). Therefore, your device must be rooted and the tun.ko drivers must be added. There is no way to use VPN on Sonic.net on an older Android device that is not rooted. This is an inherent limitation of older versions of Android combined with the type of VPN supported by Sonic.

 

Cisco Term

VPNC Term

Value

Host

IPSecGateway

ipsec.vpn.sonic.net

IPSec over UDP

XAuth

No need to set anything

Group Authentication Name

IPSecID

Standard\ VPN

Group Authentication Password

IPSecSecret

standard

User Name XAuthUsername Your sonic.net user name
User Password XAuthPassword Your sonic.net password

Install the VPNC app/widget from the Google Play Store

https://play.google.com/store/search?q=vpnc

Configure VPNC

  1. Under apps (not on the widget screen), tap "VPNC Widget" then tap "Dismiss."

  2. Tap on "Set Preferences"

  3. Tap the down triangle to the right of "IPSecGateway" and enter: ipsec.vpn.sonic.net

  4. Tap the down triangle to the right of "IPSecID" and enter: Standard\ VPN (pay close attention to the capitalization and ensure that you use a \ not a /).

  5. Tap the down triangle to the right of "IPSecSecret" and enter: standard (pay close attention to the capitalization (none)).

  6. Tap the down triangle to the right of "XAuthUsername" and enter your sonic.net username (not your e-mail address, just the part before "@sonic.net").

  7. Tap the down triangle to the right of "XAuthPassword" and enter your sonic.net password.

Place the VPNC Widget on Your Home Screen

  1. Go to your home screen (Press the “Home” key).

  2. Find an empty space for the new widget.

  3. Tap and hold the empty space until the “Add to Home screen” menu appears.

  4. Tap the “Widgets”.

  5. Tap the VPNC widget.

Install the proper tun.ko driver module

You must install TUN.ko before VPNC will work. tun is a module that is required by VPNs. It is possible, but unlikely, that it is present on your rooted phone already.

  1. Check for your phone model, Android OS revision, and build at http://droidvpn.com/tun-repository.php (on your phone, find this information at Settings>About phone)

  2. Install the TUN.ko Installer app from the Play Store (https://play.google.com/store/apps/details?id=com.aed.tun.installer)

  3. Run the installer.

Turn on VPN

    Tap the VPNC Widget and VPN Networking will be turned on. No need to enter your user name and password every time.

Verify that you're connected to Sonic.net VPN

Go to http://ipchicken.com to check your IP address. When VPN is connected you should have an IP address of 209.204.163.x (or something close). With Opera Mini, but not with Opera Mobile, you will get the IP address of the Opera Mini server, not the Sonic.net VPN IP address.

If you have problems ("Unsuccessful" rather than "Connected"):

  1. Ensure that you have Wi-Fi or 3G turned on.

  2. If you have a rooted Android device with DroidWall installed be sure that you give "VPN Networking" access to Wi-Fi and 3G.

Send Donation to VPNC Author

Using Paypal, send $5 to mjm4456@gmail.com for a beer (he is in Switzerland)

I have personally used VPNC on the HTC Incredible (CDMA) running Android 2.2 (Froyo) and the ZTE Z990/AT&T Avail (GSM) running Android 2.3.4 (Gingerbread).

Using Sonic.net VPN with Unrooted, Newer Android devices (Ice Cream Sandwich or Jelly Bean) , using the VPNCilla app (if the built-in Android VPN application doesn't support IPSec Xauth PSK)

You can try this, but if the Android 4 VPN routing infrastructure is not built into the device firmware then it won't work. You'll need to root your device, install the tun.ko module, and use VPNC (above).

If you try setting up VPN using the built-in VPN service, and the only choices you get are PPTP, L2TP, L2TP IPSec PSK, and L2TP IPSec CRT, then your device probably does not have the Android 4 VPN routing infrastructure. You're probably out of luck using "plain VPN" even with some other client unless you root the device and install the tun.ko module. They may have left out VPN because it's harder for the carrier to detect unauthorized tethering when the user is using VPN (though not impossible). Still, it doesn't hurt to try the VPNCilla trial.

 

Cisco Term

VPNCilla  Term

Value

Host

VPN Server Address

ipsec.vpn.sonic.net

IPSec over UDP

XAuth

No need to set anything

Group Authentication Name

Group id

Standard VPN

Group Authentication Password

Group Password

standard

User Name Your Username Your sonic.net user name
User Password User Password Your sonic.net password

Install the VPNCilla trial app from the Google Play Store

https://play.google.com/store/search?q=vpncilla

Configure VPNCilla

  1. Under apps, tap "VPNCilla Trial

  2. Click + to create a new connection

  3. Name the new connection: sonic.net

  4. For "VPN Server Address" enter: ipsec.vpn.sonic.net

  5. For "Group ID" ender: Standard VPN (pay close attention to the capitalization)

  6. For "Group Password" and enter: standard (pay close attention to the capitalization (none)).

  7. For "Your Username" enter your sonic.net username (not your e-mail address, just the part before "@sonic.net").

  8. For "User Password" enter your sonic.net password.

Turn on VPN

Click on the name of your connection (sonic.net). It should connect

Verify that you're connected to Sonic.net VPN

Go to http://ipchicken.com to check your IP address. When VPN is connected you should have an IP address of 209.204.163.x (or something close). With Opera Mini, but not with Opera Mobile, you will get the IP address of the Opera Mini server, not the Sonic.net VPN IP address.

If you have problems ("Unsuccessful" rather than "Connected"):

  1. Ensure that you have Wi-Fi or 3G turned on.

  2. If you have a rooted Android device with DroidWall installed be sure that you give "VPN Networking" access to Wi-Fi and 3G.

Buy the Full VPNCilla App

The trial version expires after 10 days so you'll need to buy the full app. It costs $4.99.

I have personally used VPNCilla on the Google/Asus Nexus 7 running Jelly Bean (4.1.2).