Windows Mobile 5/6 Networking Profiles, Proxy and VPN setup

After the last rant on Windows Mobile networking, I’ll go over a few actual solutions to the issues I encountered: hopefully a few people may find this more helpful.

Note that the following explanations, definitions of features and so on are the product of my own observation and experimentation with various WM5 and WM6 mobile devices. I have found some documentation on their functions but the majority of information I have discovered through trial and error. If there is some official documentation somewhere which contradicts what I say here (and I wouldn’t be at all surprised) then so be it: what I can say for sure is mine works.

That said, Windows Mobile networking is in my experience notoriously flaky and even though the stuff here works for my device, your mileage may vary considerably.

Ok, lets get into it.

Golden rule: Anytime you change anything at all in the networking profiles, after you have saved the changes, disable and re-enable the wireless network/adapter. I have a control utility for this on my device – (HTC Hermes) – but this will vary between devices. Following this step  every time I change anything has reduced my frustrations considerably – not doing this means settings often just don’t take effect, and after doing this sometimes things just start working.

A quick explanation of terms I’ve used:

  • “Config Profiles” refer to the named settings you can create and assign to different networks in “Network Management” (Start -> Settings -> Connections -> Connections -> Advanced -> Select Networks) – Some of the existing config profiles are ‘My ISP” and “My Workplace” (and you will have others automatically created for your ISP if you have mobile internet access on your SIM card via a 3G or GPRS network).

Explanation of how WM decides which network to use (And hence which attached config profile is used to decide how to connect)

Windows mobile networking is whack (but you knew that already, right?). Here’s how it breaks down: It decides how to handle a http network request based on whether there are any decimals (periods) in the dns name.

By its logic, anything with a decimal/period is ‘internet’ and anything without a decimal/period is ‘work’.


  1. http://bogus.internal” is handled with the config profile attached to the“Internet” network
  2. http://bogus” is handled with the config profile attached to the“Private Network” network

You can create multiple different named config profiles and assign any of them to either “Internet” or “Private Network”.

An important thing to note is, a config cannot have a VPN server added to it (or use an already setup VPN) when applied to the ‘Internet’ network. If you want to use a VPN you’ll have to do it through the ‘Work’ network (see exceptions hint below).

Explanation of the ‘Exceptions’ settings.

Now – anything in the ‘Exceptions’ list goes through the “My Work” profile regardless of whether the dns name has decimals in it to not. The good news is you can use wildcards here to force a wide range of sites through the ‘My Work’ profile if you want – hint: http:/*.* and https://*.* . I didn’t end up using this for my solution, but you might find it useful.

I’m sure this flavor of networking makes sense to some software engineer in Microsoft land, but to me it just spells confusion. Once I worked out what was actually going on, I figured out some shortcuts/config hacks which can be used to railroad the networking into doing more or less what you tell it to.

So here’s what I’ve done to make mine work:

First, I access everything using its FQDN – no dotless machinename shortcuts. This makes sure everything is using the profile assigned to “Internet” (regardless of whether I’m on a work network or not).

Make sure the ‘Exceptions’ section has no entries.

Next, tell windows mobile that every wireless network you connect to is “The Internet”. Forget about the “Work” option . As far as my usage goes, that option is useless. All the wireless networks I connect to are set to “Internet”. If you have already added a wireless network and don’t know if its tagged to “Work” or “Internet, you can go into settings -> wireless networks, find existing networks, and change which network it connects to.

Next, create a couple of new custom network configs, as follows:

  • ‘Direct Connection’ – this does as it says, and contains no settings for proxy or vpn.
  • ‘Proxy Connection’ – this has my work proxy server entered

You do this via Settings –> connections (tab) –> connections (icon) –> Advanced (tab), Select Networks (button). Here you can edit existing or create new config profiles.

Incidentally, my workplace uses VPNs to grant authenticated access to the wireless network – so not allowing a VPN connection to a host on a “private network” just breaks everything.

Once you’ve done that and entered your proxy authentication credentials in the appropriate places, you’re ready to go. Whenever you want to change how you’re connecting to the net go to network settings, and change “internet” to one of your created profiles. Remember to start/stop the wireless to force the change, and your next network access should be using either direct, proxy, (or VPN – see below), whichever you’ve chosen.

By doing this you lose any pretense of windows Mobile networking transparently working from whichever location / network you are connected to, but it never worked properly for me anyway, and at least this way you have some control back.

Connecting to a VPN

The above covered getting web access only, either direct or via a proxy. To get a VPN connection active (eg for skype and the like) heres what you have to do instead:

  1. Assign a config profile to the ‘work’ network
  2. Add a VPN connection to the config profile you used. You can add VPN connections to a config profile by assigning it to to the “Internet” connection, hitting OK, going back to the ‘Tasks’ tab and clicking the ‘Add a new VPN server connection’.
  3. Add the appropriate wildcard exceptions (to the ‘exceptions’ section) to trigger the VPN connection for every hostname.

Once I get a VPN up at my work from inside the wireless I can make direct connections to outside hosts, for example using PocketPutty. Be warned though that even if it does connect, Windows Mobile likes to shut down the VPN connection once it decides it is no longer in use, eg after you haven’t looked at web pages for a while, regardless of whatever else you are doing on the network, (say in a live SSH session). Parking pocket IE on a web page with an auto-refresh might possibly fool it into keeping the VPN alive, but I haven’t experimented with that yet.

Hopefully there is some useful info in here and it eases the pain of getting your mobile device networking in a saner fashion.

This is a fairly quick covering of networking with WM5/6 and its highly likely there are holes, inaccuracies and/or bits left out:  If anyone has queries, corrections or extra to add, go ahead and comment or hit up the contact form for direct email.


Leave a Reply

Your email address will not be published. Required fields are marked *