06-17-2013 02:56 PM - edited 06-17-2013 03:00 PM
I'm now under OS 10.1.0.2312 and use PureVPN service. In my case as a solution to make it work I installed two certificates from different VPN provider. One as "Personal Trusted CA" and one as "Personal Client".
After it my VPN started to work as it should. I know that this certificates is not necessary for IKEv2 but it helped. Several people with the same problem reported that this decision helped them.
I have no explanation for this phenomenon.
Don't know will it help in your case but you can try.
Download certificates by this link http://files.mail.ru/F0B7A7B4CA6F44A2AD3B1F296D04B
That follow this procedure (be carefull).
First we need to import our SSL certificates to your Blackberry device. We can do that on two ways via USB or WiFi.
1. To import the certificate using a USB connection, connect your BlackBerry device to your computer using a USB cable. If necessary, on your computer, enter your device password. Then click on Network , wait some time until your Blackberry device doesn’t show up and double click on device , then double click on Certs folder.
2. Click on Settings icon on your Blackberry device then click on About Tab. After that under Category select Network and write down your IP address . In our example its 192.168.1.131 .
Click again on Settings icon on your Blackberry device then click on Storage and Access tab. Switch “Access Using WiFI” to On. Then setup access password.
If your computer uses a Windows operating system, in a Run command, type the IP address in the following format: \\xx.xxx.xxx.xxx. eg. \\192.168.1.131
If your computer uses a Mac operating system, select Go > Connect to Server. Type the IP address in the following format: smb://xx.xxx.xxx.xxx. eg. smb://192.168.1.131
Open the certs folder. If necessary, enter the username and storage access password. Default username is Blackberry.
Go to folder where you saved our LimyVPN SSL Certificates which we sent you previously. Select both, then click on copy.
Now paste both files into Certs folder of your connected Blackberry Z10 , Blackberry Q10 or any other Blackberry OS 10 device. Go back to your Blackberry Device
On your Blackberry device, click on Settings icon then on Security and Privacy tab. Once inside click on Certificates tab.
Once inside Certificates section click on Import. For Class select “Personal Trusted CA”. Check VPN, Web and Wi-Fi then click Next. On next screen select caCert.p12 file ONLY then click on Import. When asked for password enter “1234″ without “” to install certificate.
Now click on Back tab, then click again on Import. Under Class select “Personal Client”. Check VPN, Web and Wi-Fi then click Next. On next screen select clientCert.p12 file ONLY then click on Import. When asked for password enter “1234″ without “” to install certificate.
I hope that this will help.
In any case please report about results with you OS version and VPN log.
06-23-2013 12:13 PM
06-23-2013 11:44 PM - edited 06-23-2013 11:50 PM
Success!! I am able to use my IKEv2 using my own root CA, and vpn cerficates.
So here's what I did after recreating a fresh VPN profile. (doubt this is necessary)
1. I noticed on my device at least that after updating to 10.1 that my root CA cert was missing, although the VPN cert was still there. wierd.
2. re-imported the root CA cert by redumping the .cer file into the certs share via wifi.
3. Instead of using the VPN cert in the Microsoft IKEV2 VPN Profile where it says Gateway CA certificate, I changed this to the Root CA's cert from the dropdown list. (my server address at the top does match the name of my vpn cert) THIS IS THE IMPORTANT PART. Even with the root CA cert imported, leaving this section configured with the VPN Cert will not work.
4. turned off the home wifi connection so that I could connect though my cell network.
5. Left all my other settings the same,
- GW type: Microsoft IKEv2 VPN Server
- Authen Type: EAP-MSCHAPv2
- Authen ID Type: Fully Qualified Domain Name
- Auth ID : DOMAIN\Username
- pass etc..
- Gate Auth Type: PKI
- Gate Auth ID Type: Identity Certifcate Distinguished Name
- Gateway CA Cert : Root CA Cert (NOT the VPN Cert)
Upon connecitng, everything just worked. YAY!! I hope this helps others out there.