Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Z10

Reply
Contributor
geocar
Posts: 13
Registered: ‎05-19-2013
My Device: Z10
My Carrier: VodafoneUK

Need Client SSL certificates, or VPN split routing, or host-to-host ipsec (operate without virtualip)

[ Edited ]

I can get the Z10 to connect to strongswan (ikev2) and use it for a default route, which lets me get my ActiveSync email, but then Blackberry Link won't work with my laptop on the local wifi. It's also slower for web browsing since I send my network traffic to my office just to go out on the Internet again.

 

On my iPad I can solve similar problems by using a client SSL certificate with activesync (so I don't need the VPN) but the Z10 doesn't seem to support this (although for some reason it supports SSL client certificates for VPN and WIFI).

 

If I enable split tunnels in strongswan, my iPad works fine, and while the Z10 connects and shows the correct subnets in the VPN status screen, I can't actually do any network traffic to the Internet.

 

I could also use the host-to-host configuration since my work hosts all have public IP addresses. I wouldn't even need NAT traversal, but alas if I enable this config in strongswan, the Z10 rejects the config and repeatedly requests a virtual IP.

 

Anyone have any ideas?

Please use plain text.
Contributor
geocar
Posts: 13
Registered: ‎05-19-2013
My Device: Z10
My Carrier: VodafoneUK

Re: Need Client SSL certificates, or VPN split routing, or host-to-host ipsec (operate without virtualip)

In case anyone's interested, here's my ipsec.conf conf:

 

conn x-common
auto=add
authby=psk
left=%defaultroute
leftfirewall=yes
right=%any

 

conn x-ikev2
also=x-common
keyexchange=ikev2
# Z10 VPN client doesn't work with split-tunnel
#leftsubnet=10.2.150.0/24,10.10.0.0/16
leftsubnet=0.0.0.0/0
rightsourceip=10.0.3.0/24
rightauth=eap-radius
rightsendcert=never

Please use plain text.
Contributor
geocar
Posts: 13
Registered: ‎05-19-2013
My Device: Z10
My Carrier: VodafoneUK

Re: Need Client SSL certificates, or VPN split routing, or host-to-host ipsec (operate without virtualip)

Found another issue: DLNA doesn't work either because my television isn't on my office VPN.

Please use plain text.