05-19-2013 12:27 PM - edited 05-19-2013 12:27 PM
I can get the Z10 to connect to strongswan (ikev2) and use it for a default route, which lets me get my ActiveSync email, but then Blackberry Link won't work with my laptop on the local wifi. It's also slower for web browsing since I send my network traffic to my office just to go out on the Internet again.
On my iPad I can solve similar problems by using a client SSL certificate with activesync (so I don't need the VPN) but the Z10 doesn't seem to support this (although for some reason it supports SSL client certificates for VPN and WIFI).
If I enable split tunnels in strongswan, my iPad works fine, and while the Z10 connects and shows the correct subnets in the VPN status screen, I can't actually do any network traffic to the Internet.
I could also use the host-to-host configuration since my work hosts all have public IP addresses. I wouldn't even need NAT traversal, but alas if I enable this config in strongswan, the Z10 rejects the config and repeatedly requests a virtual IP.
Anyone have any ideas?
05-20-2013 02:43 AM
In case anyone's interested, here's my ipsec.conf conf:
# Z10 VPN client doesn't work with split-tunnel