- Strongswan IKEv2 BB10
**(im not responsible if your machine becomes alive and eat your cat or becommes BRICK , BEE CAREFUL)**
GUIDE for RaspberryPI (Raspbian OS)
*tested on openWRT (trunk) with same configurations different install procedure*
(should work on any Linux distro with Strongswan 5.0.4)
1.INSTALL STRONGSWAN 5.0.4:
Code:sudo nano /etc/apt/sources.list
Code:deb http://p.quinput.eu/debfarm/ unstable all
Code:sudo apt-get-update sudo apt-get install strongswan
2. FIREWALL:
Code:sudo iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE sudo iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
3.KERNEL PARAMETERS:
Code:sudo nano /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 1
net.ipv4.conf.default.arp_accept = 1
net.ipv4.conf.default.proxy_arp_pvlan = 1
4.make backup of existing conf:
Code:sudo cp /etc/ipsec.conf /etc/ipsec.conf.backup sudo cp /etc/strongswan.conf /etc/strongswan.conf.backup sudo rm /etc/ipsec.conf sudo rm /etc/strongswan.conf
5. MAKE NEW .CONF FILES:
Code:sudo nano /etc/ipsec.conf
config setup
strictcrlpolicy=no
conn %default
ikelifetime=24h
keylife=24h
keyexchange=ikev2
dpdaction=clear
dpdtimeout=3600s
dpddelay=3600s
compress=yes
conn rem
rekey=no
leftsubnet=0.0.0.0/0
leftauth=psk
leftid=xxx.xxx.xxx.xxx #(What Is My IP Address? Lookup IP, Hide IP, Change IP, Trace IP and more...)
right=%any
rightsourceip=192.168.2.1/29 #(if behind router check your router ip MUST be different, my router ip is 192.168.10.1)
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
auto=add
Code:sudo nano /etc/ipsec.secrets
: PSK "FREE_CHOICE1" #(Gateway Preshared Key)
alice : EAP "FREE_CHOICE2" #(MSCHAPv2 Username)
bob : EAP "FREE_CHOICE3" #(MSCHAPv2 Password)
Code:sudo nano/etc/strongswan.conf
threads = 16
dns1 = 208.67.222.222 #(itsOpenDNS you can choose yours)
dns2 = 208.67.220.220
}
pluto {
}
libstrongswan {
}
5(a)
PORTS TO OPEN UDP 500,4500
6.CONNECT TO BB10:
Profile Name: (free choice)
Server Address: VPN's public IP (What Is My IP Address? Lookup IP, Hide IP, Change IP, Trace IP and more...)
Gateway Type: Generic IKEv2 VPN Server
Authentication Type: EAP-MSCHAPv2
Authentication ID Type: IPv4(playbook) / email(BB Z/Q10 e mail doesent matter can be enything) (CAUTION)
MSCHAPv2 EAP Identity: (can be enything)
MSCHAPv2 Username: (alice , username in ipsec.secrets)
MSCHAPv2 Password: (FREE_CHOICE2 ,alice pasword in ipsec.secrets)
Gateway Auth Type: PSK
Gateway Auth ID Type: IPv4
Gateway Preshared Key: (PSK password in ipsec.secrets)
*everything else default!
REMEMBER for connecting must be on different connection eg. 3G/LTE or frend's
IF SERVER REBOTS REMEMBER TO SET IPTABLES AGAIN (or just google how to set iptables)
7.thx to blogers :teebeenator , Howard
here is pastebin of the same guide : Strongswan for BB10 :: lpaste ? Lambda pastebin
i hope this guide will help ! regards Wario
ps. for this you need some linux knowledge not for beginners , im not responsible if your machine becomes alive or explodeLast edited by Warios; 09-22-13 at 03:46 PM. Reason: port must be open :)
flyingsolid likes this.09-19-13 05:51 AMLike 1 - Strongswan IKEv2 BB10
**(im not responsible if your machine becomes alive and eat your cat or becommes BRICK , BEE CAREFUL)**
GUIDE for RaspberryPI (Raspbian OS)
*tested on openWRT (trunk) with same configurations different install procedure*
(should work on any Linux distro with Strongswan 5.0.4)
1.INSTALL STRONGSWAN 5.0.4:
Code:sudo nano /etc/apt/sources.list
Code:deb http://p.quinput.eu/debfarm/ unstable all
Code:sudo apt-get-update sudo apt-get install strongswan
2. FIREWALL:
Code:sudo iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE sudo iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
3.KERNEL PARAMETERS:
Code:sudo nano /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 1
net.ipv4.conf.default.arp_accept = 1
net.ipv4.conf.default.proxy_arp_pvlan = 1
4.make backup of existing conf:
Code:sudo cp /etc/ipsec.conf /etc/ipsec.conf.backup sudo cp /etc/strongswan.conf /etc/strongswan.conf.backup sudo rm /etc/ipsec.conf sudo rm /etc/strongswan.conf
5. MAKE NEW .CONF FILES:
Code:sudo nano /etc/ipsec.conf
config setup
strictcrlpolicy=no
conn %default
ikelifetime=24h
keylife=24h
keyexchange=ikev2
dpdaction=clear
dpdtimeout=3600s
dpddelay=3600s
compress=yes
conn rem
rekey=no
leftsubnet=0.0.0.0/0
leftauth=psk
leftid=xxx.xxx.xxx.xxx #(What Is My IP Address? Lookup IP, Hide IP, Change IP, Trace IP and more...)
right=%any
rightsourceip=192.168.2.1/29 #(if behind router check your router ip MUST be different, my router ip is 192.168.10.1)
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
auto=add
Code:sudo nano /etc/ipsec.secrets
: PSK "FREE_CHOICE1" #(Gateway Preshared Key)
alice : EAP "FREE_CHOICE2" #(MSCHAPv2 Username)
bob : EAP "FREE_CHOICE3" #(MSCHAPv2 Password)
Code:sudo nano/etc/strongswan.conf
threads = 16
dns1 = 208.67.222.222 #(itsOpenDNS you can choose yours)
dns2 = 208.67.220.220
}
pluto {
}
libstrongswan {
}
6.CONNECT TO BB10:
Profile Name: (free choice)
Server Address: VPN's public IP (What Is My IP Address? Lookup IP, Hide IP, Change IP, Trace IP and more...)
Gateway Type: Generic IKEv2 VPN Server
Authentication Type: EAP-MSCHAPv2
Authentication ID Type: IPv4(playbook) / email(BB Z/Q10 e mail doesent matter can be enything) (CAUTION)
MSCHAPv2 EAP Identity: (can be enything)
MSCHAPv2 Username: (alice , username in ipsec.secrets)
MSCHAPv2 Password: (FREE_CHOICE2 ,alice pasword in ipsec.secrets)
Gateway Auth Type: PSK
Gateway Auth ID Type: IPv4
Gateway Preshared Key: (PSK password in ipsec.secrets)
*everything else default!
REMEMBER for connecting must be on different connection eg. 3G/LTE or frend's
7.thx to blogers :teebeenator , Howard
here is pastebin of the same guide : Strongswan for BB10 :: lpaste ? Lambda pastebin
i hope this guide will help ! regards Wario
ps. for this you need some linux knowledge not for beginners , im not responsible if your machine becomes alive or explodeWarios likes this.09-20-13 03:55 AMLike 1 - 09-22-13 01:57 PMLike 2
-
-
- blog open vith guides for VPN , iptables and dynamic IP update (automatic) , its easier for me to add and edit things !
http://wario-linux.blogspot.dk/mexicangangboss and flyingsolid like this.09-25-13 02:00 PMLike 2 -
did you set static ip on your server ? and its strange just check on my servers for that and i dont get those ?10-14-13 02:50 AMLike 0 - Alright so I followed this guide and this is what I got. I managed to connect to my internal network. So when i type my router address I can log into it and I can access my other Pi servers from my Q10 as though I was inside my network. But I do not get access to the internet. Meaning that in the browser I do not get anything. Why I am to vpn is to get access to my network and when I suf on the phone all trafic be encrypted and secure and have a proxy to filter add servers. Now I have no internet. When I look at the log in the q10 I get something very interesting. This entry:
[Raspberry Pi home][msm0]#2 default gateway - 25.56.129.41.
I was like WTF is that IP. So i do a reverse lookpup and BAM this:
IP Lookup Location For IP Address: 25.56.129.41
Continent: Europe (EU)
Country: United Kingdom (GB)
Capital: London
State: Unknown
City Location: Unknown
ISP: DINSA, Ministry of Defence
Organization: DINSA, Ministry of Defence
Time zone: Europe/London
So WTF is going on here. Why do I have this. Needless to to say i stopped the Strongswan Ipsec daemon.
So any one has a clue?
EDIT:
Alright so I got the internet going by fixing this line:
The guide has this in theipsec.conf:
rightsourceip=192.168.2.1/29 #(if behind router check your router ip MUST be different, my router ip is 192.168.10.1)
I changed it to this:
rightsourceip=%dhcp
So that it uses my routers dhpc server. So now the phone is vitually on my network. Next step add privoxy to advert filter all connections going to the outside from this Pi server. This weird IP is still worrysome thoughLast edited by vipernig; 10-14-13 at 05:36 PM.
10-14-13 05:06 PMLike 0 - BTW is it me or this uses massive amount of data. I browsed to ign.com and I was having a look at the realtime ip bandwidth on the pi and just loading a couple of pages used 90mb upload and 90mb download. I hope this doesn't mean that I used 180mb of LTE data just to browse for 5 minutes.10-14-13 06:48 PMLike 0
- i have strongswan insalled on my pi, partly due to this tutorial and others that i found online. works great from my bb10 phone but having issues on windows 8.
i can get my CA.crt installed to the trusted root certificate folder in mmc, but i'm not sure what to do with the cakey.pem. it looks like windows doesn't know what to do with it, and i've tried converting to .p12 with no success. if i use mschapv2, username/pw fails, and with machine certification i get 'IKE failed to find machine certificate'
any ideas?01-08-14 04:25 PMLike 0 - sry i dont have Winmachine so i cant test that !
try to check this link
i have strongswan insalled on my pi, partly due to this tutorial and others that i found online. works great from my bb10 phone but having issues on windows 8.
i can get my CA.crt installed to the trusted root certificate folder in mmc, but i'm not sure what to do with the cakey.pem. it looks like windows doesn't know what to do with it, and i've tried converting to .p12 with no success. if i use mschapv2, username/pw fails, and with machine certification i get 'IKE failed to find machine certificate'
any ideas?01-09-14 02:06 AMLike 0 -
Posted via the BlackBerry Q5 using CB10.01-10-14 09:23 PMLike 0 - Everything You Need to Know About Your 127.0.0.1 IP Address
The driving force guiding each of the names of the web addresses of Websites are a group of numbers known as IP addresses. IP is short for Internet Protocol, and represents the main network layer for use on the Internet.
What is My IP - 127.0.0.1?
This specific IP address, also referred to as a local host, is the groundwork for which loop back connections are handled.
Loopback indicates returning back, which is exactly what 127.0.0.1 does, since it is the address of your unit. Making use of telnet, file transfer protocol, or try in in any manner to get to 127.0.0.1, you will end up back to the hosting server, which is your computer.
On the other hand, it is just the first three numbers (127) that are required; make use of a variety combination with 127 and the outcome will be the exact same if you type it into your address bar.01-29-14 02:48 AMLike 0 - I have followed all the steps and everything works just fine, only problem is when my raspberry is connected to my network my router is unable to affect dhcp IP's to all my devices, I have to use static IP with Mac to make them work, a soon as I turnoff or unhook my raspberry my router dhcp works again as it should be... any idea what parameter is causing this conflict in my raspberry !?06-04-17 07:41 PMLike 0
- I have followed all the steps and everything works just fine, only problem is when my raspberry is connected to my network my router is unable to affect dhcp IP's to all my devices, I have to use static IP with Mac to make them work, a soon as I turnoff or unhook my raspberry my router dhcp works again as it should be... any idea what parameter is causing this conflict in my raspberry !?06-04-17 08:00 PMLike 0
- It's the case, having only one dhcp server/router and my raspberry configuration as mentioned in this forum.
Any chance my raspberry is acting as a dhcp and doing a conflict in my local lan!? Any command that I can use to check this conflict !?
I do not have dhcp server installed on my raspberry and I'm using a different IP range than my local lan under rightsourceip.
My router dhcp = 192.168.0.x
My raspberry rightsourceip = 10.10.0.x
When my raspberry is connected, my devices try to obtain an automatic IP from my router and they are ending up with a 169.254.... instead of 192.168... , when raspberry is disconnected all goes well.Last edited by hertomas; 06-04-17 at 08:48 PM.
06-04-17 08:07 PMLike 0 - It's the case, having only one dhcp server/router and my raspberry configuration as mentioned in this forum.
Any chance my raspberry is acting as a dhcp and doing a conflict in my local lan!? Any command that I can use to check this conflict !?
I do not have dhcp server installed on my raspberry and I'm using a different IP range than my local lan under rightsourceip.
My router dhcp = 192.168.0.x
My raspberry rightsourceip = 10.10.0.x
When my raspberry is connected, my devices try to obtain an automatic IP from my router and they are ending up with a 169.254.... instead of 192.168... , when raspberry is disconnected all goes well.
Wireshark https://www.wireshark.org/ will allow you to see what is happening on the wire.
The following links will explain what your are seeing.
https://www.ietf.org/rfc/rfc2131.txt
https://en.wikipedia.org/wiki/Zero-c...ion_networkingLast edited by DrBoomBotz; 06-04-17 at 10:06 PM.
06-04-17 09:54 PMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
Homemade VPN server (raspberryPI+raspbian)
Similar Threads
-
NO option to "leave copy of message on server"
By Summarizer in forum BlackBerry Q10Replies: 83Last Post: 11-19-13, 07:16 PM -
Any free VPN on PlayBook?
By zantetsuken1983 in forum BlackBerry PlayBookReplies: 4Last Post: 10-09-13, 10:11 AM -
Run a VPN server on PlayBook ?
By AnimalPak200 in forum BlackBerry PlayBookReplies: 1Last Post: 09-19-13, 09:41 AM -
POP e-mail sync with server - won't store e-mail on Q10 phone?
By Derek Keddie in forum BlackBerry 10 OSReplies: 1Last Post: 09-17-13, 05:39 PM -
Update server status?
By nomloj in forum BlackBerry PlayBookReplies: 3Last Post: 09-17-13, 01:26 PM
LINK TO POST COPIED TO CLIPBOARD