    Hello crackberry,

    I've been banging my head against all sorts of walls for the past 3-4 days trying to provide a number of blackberry devices access to some resources behind a VPN server while letting them keep their regular default gateway to access the internet.
    The VPN server of choice is Strongswan. I've posted my ipsec.conf & ipsec statusall at pastebin.com/hrtF1d8M and the how-to I provided to the blackberry clients at pastebin.com/kDaa59XN

    I'm pushing 2 routes to the clients: and The problem is that when a client connects to the VPN it no longer has access to the internet.
    I've checked the WiFi status of the device - it's still connected, it still has default gateway through the wifi router. The VPN logs show that it only receives the 2 routes and no route for 0/0.
    Eventually I set up a software access point to tcpdump the traffic and I saw that when connected to the internet, the blackberry tries to access the internet with the VPN IP as source (which kinda defies logic since the traffic is sent over the WiFi interface).

    Could anyone tell me what I'm doing wrong or if it's even possible to provide VPN for only 2 routes and let the blackberries access the Internet using their default connections when connected to the VPN server ?


    Can you provide info how/where you run server (device/linux/win etc.) ?
    Can you provide info how/where you run server (device/linux/win etc.) ?
    Sure. It's a fully updated Ubuntu 14.04.01 LTS Server
    # ipsec --version
    Linux strongSwan U5.1.2/K3.13.0-45-generic
    Institute for Internet Technologies and Applications
    University of Applied Sciences Rapperswil, Switzerland

    ipsec.conf and ipsec statusall are in the original post (pastebin links)
