Connectivity

Open Mobile supports a variety of network connectivity types, including Mobile Broadband, Wi-Fi, Ethernet, DSL, and dial. These types can be individually enabled in the Open Mobile Portal, to permit only the connectivity types you prefer.

Hotspot Finder: The iPass website includes a Hotspot finder that can be used to locate iPass Network access points, located at http://hotspot-finder.ipass.com/. However, Open Mobile can also be used to connect to non-iPass network access points, making Open Mobile truly a universal connection manager. When online, the Hotspot Finder can also be launched directly from within Open Mobile through the system tray icon.

iPass Hotspot Finder provides brief information about the particular network you are connecting to.

Mobile Broadband

Open Mobile serves as a universal Mobile Broadband (3G) connection manager that can be used with more than 125 Mobile Broadband adapters, including embedded and external adapters. For a complete list of support devices, see the document Supported Mobile Broadband Devices, available from the iPass Portal.

In order to utilize a Mobile Broadband adapter with Open Mobile, the hardware drivers for the adapter must first be installed on the user’s machine. In addition, the card must also be activated and ready for service.

When Open Mobile detects a Mobile Broadband adapter, it will attempt to detect an available wireless signal. Detected networks will appear in the Available Networks list. The end user can then select the Mobile Broadband network and connect.

Mobile Broadband networks can also be configured for Auto-Connect.

Open Mobile can display usage statistics for Mobile Broadband adapters. (Click Options | Usage Stats.) Customers with pricing plans based on usage can quickly determine their accumulated usage.

Open Mobile should be exited or the iMobility service should be stopped before upgrading any Mobile Broadband drivers or related software such as SDKs. Otherwise, Open Mobile will crash during the installation.

Usage Alerts

To minimize costs, you can configure thresholds for roaming and non-roaming usage, and then have users alerted when their usage approaches or exceeds these thresholds. You can also choose to have users disconnected from the network when their usage exceeds the thresholds you set.

SMS

If the user has an SMS-compatible device, you can configure Open Mobile to receive SMS messages directly. These will be displayed in the Open Mobile interface. Users with 1.4 or later clients can also send replies to received messages.

Open Device Framework

Although over 100 Mobile Broadband device models are fully integrated in Open Mobile, the Open Device Framework (ODF) toolkit enables you to integrate and use other devices not officially supported by iPass. Consult the iPass ODF Training Workbook for more information.

Wi-Fi

Open Mobile serves as a universal Wi-Fi connection manager that can be used to connect to various types of Wi-Fi networks.

Open Mobile relies on Windows OS WLAN capabilities. If this capability has been disabled by the user, or by some other Wi-Fi connection manager that does not utilize Windows OS WLAN, Open Mobile will not be able to function for Wi-Fi connectivity.

Network Types

Open Mobile can be used to connect to home and other personal Wi-Fi networks.

  • Private and public Wi-Fi: if the proper credentials are used, Open Mobile can be used to connect to Wi-Fi hotspots in hotels, cafes and other venues.
  • Home Wi-Fi: home Wi-Fi networks can be added to the user’s Personal Networks list, enabling quick and easy connections at home.
  • Campus Networks and On-Campus Roaming: if On Campus Roaming is enabled, users can log in to a corporate network and then roam a corporate campus without having to log in repeatedly.

Open Mobile only supports use of a single WLAN adapter at any one time.

Security

Open Mobile supports the following security types:

  • Open (None)
  • WEP-Open (key index 1-4)
  • WEP-Shared (key index 1-4)
  • WPA-PSK/TKIP
  • WPA-PSK/AES
  • WPA2-PSK/TKIP
  • WPA2-PSK/AES

In addition, connectivity to non-broadcast networks is supported.

iPass Hotspot Connectivity

Open Mobile can be used to connect to Wi-Fi hotspots that are part of the iPass network. Using Open Mobile at these locations with an accompanying iPass account allows the user to bypass the normal login and billing associated with that location.

Log in to an iPass hotspot may fail if the user's credentials need to be updated, or in rare cases, a non-iPass hotspot is incorrectly detected as an iPass hotspot because it shares an SSID with an iPass hotspot. If a login attempt to an iPass Hotspot fails, Open Mobile will provide the following choices:

  • Retry: Restart the log in process.
  • Log in manually: Log in using the network provider’s page in a browser window.
  • Cancel: Cancel the connection and try another network.
  • Ignore: Continue to be associated to the network without logging in. You may have access to some internal network services such as printers and shared servers but you may not have access to the Internet.
  • Help: Open the help file.

Non-iPass Hotspot Connectivity

Open Mobile can also be used to assist with login at hotspots that are not part of the iPass network service.

If a hotspot login procedure is needed, Open Mobile launches a small browser window that allows the user to complete the log in to that hotspot. The user can click the box next to Remember this login and Open Mobile will attempt to automatically log in whenever the user connects to that network (without launching the browser window). The user can click Launch external browser if there is any trouble viewing the page or the user prefers to log in through an external browser (such as Chrome, Internet Explorer, Firefox, or Safari). After logging in, Open Mobile will complete any other procedures that the administrator has configured for that user (such as VPN launch, Event Action launch, and so on.)

The browser login window has a non-configurable timeout of 5 minutes.

Browser login, by design, bypasses any proxy settings a user might have configured in preferred browser settings. Self-contained browser login simplifies the user experience, since the user does not need to change proxy settings temporarily to log in, and the browser does not need to rely on a proxy server.

On-Campus Roaming (OCR)

If On-Campus Roaming (OCR) is enabled, users can log in to a corporate network with an 802.1x connection. Although Wi-Fi is ubiquitous, security and authentication standards may widely vary from location to location. OCR enables users to be more productive on a far-flung corporate campus, and allows easy access for guests and contractors, without needing to use multiple connection managers.

Campus hotspots are automatically detected and presented as Wi-Fi networks. Open Mobile sets the proper SSID and security method. OCR hotspots can include any or all of the policy enforcement settings that other Wi-Fi hotspots can include.

Open Mobile supports the following authentication types for use with OCR, on the listed Windows platforms.

Type Windows 8 Windows 7 Windows Vista Windows XP (SP3 only)
EAP-TLS Yes Yes Yes Yes
PEAP-GTC Yes Yes Yes No
PEAP-MSCHAPV2 Yes Yes Yes Yes
PEAP-TLS Yes Yes Yes Yes
TTLS-MSCHAPV2 Yes Yes Yes No
TTLS-GTC Yes Yes Yes No
TTLS-PAP Yes Yes Yes No
EAP-FAST-MSCHAPV2 Yes Yes Yes No
FAST-GTC Yes Yes Yes No
FAST-TLS Yes Yes Yes No

In addition, Open Mobile supports 64-bit Windows OS platforms with multiple certificate environments.

802.1x connections on Windows XP require the appropriate Windows hotfix available from the Microsoft support site.

Individual Network Settings: In addition, OCR connections can be configured by individual users. A profile setting in the Open Mobile Portal enables a user to save OCR connection settings to an exportable file, which can then be collected by IT administrators for use by other users. For more information on exporting OCR settings, consult the tech note Configuring OCR with Open Mobile for Windows.

Inherited Connections

Open Mobile will detect Wi-Fi connections made with other connection managers that utilize Windows OS WLAN capabilities and can inherit such connections, becoming the connection manager of choice. The user can view the status and usage statistics for those sessions, and can even use Open Mobile to disconnect from them. An inherited connection can launch an integrated VPN, if one is configured. However, other policy settings will not be enforced.

Data is collected from inherited connections, and will be displayed in Open Mobile Insight reports.

If Open Mobile fails to detect the Internet on an inherited Wi-Fi connection, then no DataCollector record is generated.

OpenAccess

You can make the free OpenAccess Wi-Fi access points available to your users in the iPass Portal. Use of an OpenAccess hotspot will not incur the user any cost to connect and are marked with this icon:

For some free networks, Open Mobile may display both the free, OpenAccess version and the iPass (pay) version of the network.

If a user attempts to connect to a free OpenAccess network and the connection fails, then if there is an alternate iPass network available, the user will be connected to the iPass network instead. However, depending on your access plan, there may be an additional charge incurred for connection to the iPass access point. This capability is currently not configurable.

Gogo Inflight Internet

Gogo Inflight Internet access points are found on many major airlines and may be included in the iPass directory, if your organization chose this service. Gogo Inflight requires you to enter a CAPTCHA phrase to verify a person (not a machine) requested access.

If your organization has not opted-in to this service, Gogo will launch a browser window for you to log in using your own Gogo Inflight account information or credit card.
Script Error

If you are using an Internet Explorer browser to connect to Gogo and a Script Error window appears, follow the instructions below:

  1. Click on the Tools gear icon in the Internet Explorer browser.
  2. Click Internet options in the menu.
  3. Click the Advanced tab.
  4. Under Browsing, un-check “Display a notification about every script error.”
  5. Click OK and try to connect to Gogo again.

Auto-Connect for Wireless Connections

The Auto-Connect feature lets users automatically connect to their preferred wireless networks, either by Mobile Broadband or by Wi-Fi. Networks can include Mobile Broadband, personal Wi-Fi, or iPass Wi-Fi network access points. In addition, the user can choose to prefer known Wi-Fi or instead to always select Mobile Broadband for automatic connectivity. Properly configured, Auto-Connect can make connecting to the Internet a ‘zero-click’ experience.

If Auto-Connect is enabled, Open Mobile will automatically re-connect to a network when the user is unintentionally disconnected. Auto-reconnect helps automate the connection process if the user temporarily loses signal or loses a connection because of some other factor.

You can enable Auto-Connect policies in the Open Mobile Portal. (The Auto-Connect setting for personal networks is enabled by individual users in Open Mobile, under Options.)

For a true Auto-Connect experience, you should also make sure that the Save Password option is turned on, or else users will be prompted to enter their passwords upon each connection.

When multiple networks are available in the same location, Open Mobile uses a sophisticated algorithm for determining which network to choose for Auto-Connect. This algorithm chooses from the available networks using a combination of connection history, signal strength, user preference, and administrator-defined preferences.

If a user chooses to disconnect, it would not be desirable to be automatically re-connected to the same network. As a result, manually disconnecting from a network will automatically turn off Auto-Connect for all networks. Auto-Connect will be turned back on automatically after the user establishes another connection, reboots, or returns from sleep or hibernation mode.

Prefer, Prohibit, Rename (PPR) Networks

Special rules to prefer or prohibit networks can be set for individual networks in your Wi-Fi and Mobile Broadband directories, as well as for different security types, controlling how Open Mobile will display these networks to users. Prefer and prohibit rules supersede any Network Policy settings.

  • Preferred Networks: A network (name or MAC address) defined as preferred will always be used for connections (if possible), and shown at the top of the Available Networks list.
  • Prohibited Networks: A network (name or MAC address) defined as prohibited will never be used for connections. A prohibited network can be shown as disabled or even hidden entirely from the user.
  • Rename: A rule can also be used to rename a network in the list of Available Networks, choosing a display name that is clearer and more convenient for your users. For example, if your corporate network has a non-descript SSID (for example, corp-hq-east), Open Mobile could display the SSID as something friendlier like My Corporate Network.
    • Annotation: In addition to display name, an annotation can be used to explain details about the network, which would be displayed to users in Open Mobile when the network is detected.
  • Disabled Security Types: You can set a policy to disable a single security type, such as WPA-PSK-AES, from use in Open Mobile.

Ethernet

Open Mobile can be used to connect to hotel Ethernet locations that are part of the iPass Network. Open Mobile users connecting at these locations can use their iPass credentials to log in and are charged at iPass rates.

One Network or Multiple Networks at a Time

One Network at a Time (ONAAT)

The One Network at a Time (ONAAT) feature is enabled by default and controls which networks take precedence over other networks when a connection is already established. ONAAT automatically disconnects any detected Wi-Fi and Mobile Broadband sessions when an Ethernet connection is detected, to help control connectivity costs and aid in Ethernet anti-bridging. The chart below shows the result to an existing connection when a new connection is established.

Existing Connection Second Connection Type
Ethernet Wi-Fi Inherited Wi-Fi Mobile Broadband
Ethernet N/A Ethernet connected. All other connections terminated. Ethernet connected. All other connections terminated. Ethernet connected. All other connections terminated.
Wi-Fi Ethernet connected. All other connections terminated. First connection is disconnected, and the second connection is established. If both connections are on the same device, the first is disconnected and the second connection is established. If second connection is made on different Wi-Fi device, both connections are maintained and shown in Open Mobile. First connection is disconnected, and the second connection is established.
Inherited Wi-Fi Ethernet connected. All other connections terminated. Inherited Wi-Fi connection will be terminated, new Wi-Fi connection established First connection will be terminated by Windows and second connection will be established. Both are shown as connected.
Mobile Broadband Ethernet connected. All other connections terminated. First connection is disconnected, and the second connection is established. (Note: On Windows, if the Wi-Fi connection is non-Open Mobile, both are shown as connected.) Both are shown. Inherited Wi-Fi will be in connected/associated state. N/A

Multiple Networks at a Time (MNAAT)

When enabled in the Open Mobile Portal (in Advance Mobile Broadband Settings and Advanced Wi-Fi Settings), Open Mobile allows the client to stay connected to multiple networks at a time. If this feature is enabled, for example, a user can stay connected to a Mobile Broadband or Wi-Fi network while they dock their laptop to connect by Ethernet, and then, the user will not have to re-establish the Mobile Broadband or Wi-Fi connection when they undock.

Dial and ISDN Connections

Open Mobile can be used to establish dial-up connections in more than 100 countries. If dial-up connections are enabled, the user can search for dial-up access points by country, city, and in some countries, state or prefecture. The iPass network includes ISDN access points as well; proper ISDN hardware is required for connection.

Dial Properties

Dial-up connections may require the user to configure special settings, called dial properties. These can include the following:

  • Dialing Prefix: When using Open Mobile for establishing dial-up connections, it may be important to set a dialing prefix, such as a 9, if calling from a hotel room or an extension in an office building. Use a comma character (“,”) to represent a short pause if needed after the dialing prefix.
  • Dial Location: The user also has an option to set the dial location. In most cases, the default value of Location same as selected number is the correct setting as the user will want to use a local phone number. In those cases where a local number is not, the user can change this setting to indicate the correct dialing location. This will assist Open Mobile in determining the right dialing sequence.

DSL

Open Mobile supports DSL connectivity over PPPoE connections.

Corporate Network Detection

Open Mobile can be configured to detect when a user is connected to a corporate or campus network at a given venue. Corporate network detection (CND) is important if you want Open Mobile to apply VPN launch policies to users. For example, using a CND test, a user's VPN can be configured to launch when only connected to the Internet and not to a corporate network.

Corporate Network Test Methods

A variety of different test methods are available for CND testing. Typically, a CND test will involve either checking a local test criterion (such as a specific registry entry on the machine), or a remote test criterion (such as whether a specific URL can be reached). Local tests are preferred to remote tests, since these tend to be faster and do not affect network traffic. CND tests for an Open Mobile profile are configured in the Open Mobile Portal. A detailed summary of these tests is given here.

The complexity and number of tests used will depend upon the size and uniqueness of the corporate network being detected. Multiple tests can improve the chances of making a successful corporate network detection. In some cases, a combination of tests is required to determine whether Open Mobile detects a corporate network.

For example, in the course of connecting, a user could receive a DHCP IP address within the normal DHCP IP range. However, because public addressing is used, the same user could receive the same DHCP IP address on an entirely different network. By adding a second corporate network detection method, such as detection by DNS Server address, you can ensure that corporate networks are more accurately detected.

Note that configuring too many corporate network detection methods can significantly affect the performance of the Open Mobile client, as each test method uses processing time, and may use network bandwidth as well. You should use as few methods as possible to get the optimal performance results for your users.

Internet Connection Testing

Upon connecting, Open Mobile performs an Internet Connection network test to determine whether the user has an Internet connection. The Internet Connection test is also known as an amion (“Am I On?”) test.

By default, an HTTP request is sent to an iPass Web sniff server (sniff1.i-pass.com or sniff2.i-pass.com). If a valid response to the request is received, Open Mobile proceeds with actions requiring an Internet connection, such as VPN launch or other configured event actions. Typically, a check of these URLs requires the following:

  • Whitelisting the URL of the sniff server, or,
  • Configuring an alternate URL visible to users both inside and outside the corporate network.

However, for some customers, neither of these steps may be optimal for their own network requirements. For example, there may be a security issue associated with whitelisting a specific URL. In addition, alternate URLs visible to users both inside and outside the network at the same time may not be available. To accommodate such customers, in Windows 1.4.1 clients, the amion test uses these supplemental steps.

  • Amion tests will be performed with basic proxy settings (including authenticated proxy with Windows credentials).
  • Amion tests will check local Corporate Network Detection (CND) rules before issuing an HTTP request. If the local CND rule passes, the user will also be deemed to be on the Internet.
  • To reduce performance impact from checking multiple URLs, amion tests will try alternate URLs in parallel when more than one URL is configured. As soon as any URL tested yields a positive result, the user will be deemed to be on the Internet.
  • Amion tests will only try alternate URLs when the other tests have failed.

Antivirus Solutions and Amion: Some antivirus solutions can interfere with amion testing, or block it completely. You should make sure that the sniff server URLS are accessible by Open Mobile through any antivirus solution configured on the host system. You may need to whitelist the URLs in your antivirus software in order to ensure accessibility.

Go to: Open Mobile for Windows Help


 

©2015 iPass Inc. All rights reserved. Terms of Use