- Would it be possible to also run a PPTP server concurrently with this IKEV2 server? Id like to have the IKEV2 for BB10 devices directly and then a regular PPTP to be connected to by a router running DDWRT in order to feed things like roku, fire TV, etc.
Edit: just saw the "other links" regarding pptp in the OP. Time to break things I suppose.
Posted via CB10Last edited by AnimalPak200; 11-22-14 at 09:21 PM.
11-22-14 06:00 PMLike 0 - Would it be possible to also run a PPTP server concurrently with this IKEV2 server? Id like to have the IKEV2 for BB10 devices directly and then a regular PPTP to be connected to by a router running DDWRT in order to feed things like roku, fire TV, etc.
Edit: just saw the "other links" regarding pptp in the OP. Time to break things I suppose.
Posted via CB1011-22-14 11:05 PMLike 0 -
Want the same? | Sideload.it11-22-14 11:07 PMLike 0 - Well, didn't go so well.
I tried setting up the pptpd service on a separate ubuntu instance, and then a separate CentOS instance. I was able to connect to the vpn in both cases, but was not able to get internet access despite all my attempts.
Modified iptables, disabled the iptables firewall, tried using the UFW (more friendly firewall), opened up all ports to all traffic on the EC2 security group, nothing.
If anyone can give it a try,.. the set up is actually really easy (and widely documented). I just can't seem to get the port forwarding or firewall to let my client traffic through to the internet and back.
After trying that,.. I have to give an even bigger kudos to the OP and the script authors. Had the IKEV2 vpn up and running in less than an hour.
Posted via CB10Guyzer likes this.11-24-14 08:33 AMLike 1 -
If you want to use 'CentOS 7 (x86_64) with Updates HVM' as amazon EC2 instance.
The following presentation provides a tutorial to help you:
So the new procedure for installing Strongswan VPN for BlackBerry 10 is suggested as follows:
Step 1
- 1 Repeat all steps Guyzer offers you concerning AWS setup.
- 2 CentOS 7 (x86_64) with Updates HVM
https://aws.amazon.com/marketplace/pp/B00O7WM7QW - 3 Assign an Elastic IP Address to Your Instance
Step 4: Assign an Elastic IP Address to Your Instance - Amazon Virtual Private Cloud - 4 Log into your server with root:
Code:$ ssh -i /path/key_pair.pem centos@Your_Elastic_IP [centos@ip-Private_IP ~]$ sudo passwd root Changing password for user root. New password: Retype new password: passwd: all authentication tokens updated successfully. [centos@ip-Private_IP ~]$ su root passwd: [root@ip-Private_IP centos]# cd [root@ip-Private_IP ~]#
Step 2
(copy and paste the commands if you feel you could make a typo)
Install wget package to be able to download the installation script.
Code:yum -y update yum -y install wget bash <(wget -qO- --no-check-certificate https://www.dropbox.com/s/9fb7muwagi9yrr6/CentOS7vpn.sh)
Guyzer likes this.11-24-14 01:30 PMLike 1 - 1 Repeat all steps Guyzer offers you concerning AWS setup.
-
Code:vim /etc/sysctl.conf
Code:net.ipv4.ip_forward = 1
Code:net.ipv4.ip_forward = 0
Also, I am curious why you would want a PPTP VPN connection. I don't see the point of it while having IPsec configured. If you need that for an iOS or Android device, I could just share the piece of a configuration file that would enable IPsec VPN access for those devices.
Just let me know if you need that.11-24-14 01:41 PMLike 0 - I guess you did not enable traffic pass-through for VPN clients.
Code:vim /etc/sysctl.conf
Code:net.ipv4.ip_forward = 1
Code:net.ipv4.ip_forward = 0
Also, I am curious why you would want a PPTP VPN connection. I don't see the point of it while having IPsec configured. If you need that for an iOS or Android device, I could just share the piece of a configuration file that would enable IPsec VPN access for those devices.
Just let me know if you need that.
The only reason I want pptp is because I'm sending my mom back to el salvador with a dd-wrt flashed router, and it doesn't let me configure it as a IKEV2 vpn client. It's just so that she can connect a roku/fire TV to the router and watch amazon prime.
Posted via CB1011-24-14 02:24 PMLike 0 -
Posted via CB1011-24-14 03:36 PMLike 0 - I did enable it. It was listed in all the instructions and I also doubled checked the original set of instructions here.
The only reason I want pptp is because I'm sending my mom back to el salvador with a dd-wrt flashed router, and it doesn't let me configure it as a IKEV2 vpn client. It's just so that she can connect a roku/fire TV to the router and watch amazon prime.
Posted via CB10
https://github.com/corporate-gadfly/Tunlr-Clone
Posted via CB1011-24-14 03:54 PMLike 0 - By the way, is there any need for an Ubuntu-based script for StrongSwan installation? Just finished one yesterday, though it still needs some testing to polish things.11-25-14 01:52 AMLike 2
- Anybody willing to test the VPN server installation script for Ubuntu?
You should have an EC2 instance with Ubuntu or any Ubuntu installation where you can check this for connectivity.
PM me for details.11-25-14 02:18 PMLike 0 - By the way, if anyone is intending to use an Android or an iOS device with Strongswan installation one currently has, it is easy.
Just doCode:vim /etc/ipsec.conf
Code:conn ios keyexchange=ikev1 authby=xauthpsk xauth=server left=%defaultroute leftsubnet=0.0.0.0/0 leftfirewall=yes right=%any rightsubnet=10.10.71.0/24 rightsourceip=10.10.71.2 auto=add
Code:vim /etc/ipsec.secrets
Code:iphone : XAUTH "password" android : XAUTH "password"
Reload the settings byCode:ipsec restart
Tested both on iPhones and Androids - works fine. Though some Androids (like LG G2) seemed to have problems with Internet access through native web browser, yet Chrome connected fine at the same time.
Good luck to everyone.11-25-14 02:31 PMLike 3 - I also went wrong somewhere.. How can i reset the server and rerun the script? I always get a "timeout" error..
SOLUTION: i had added a security group instead of editing the one -.-. Now works
BUT, i would also be interested in how to make it work on windowsLast edited by charity47; 12-05-14 at 09:35 PM.
12-05-14 09:19 PMLike 0 - I got this to work with both BlackBerry and ios/android devices. Also installed the no-ip.com ddns updater into the instance and now I don't have to manually change my vpn ip whenever I turn on the ec2 instance.
I also played around with OpenVPN to set up a router-to-router vpn (instead of the pptp alternative I had mentioned above). Flashed two Linksys routers with tomato and went through the instructions posted online (have to generate certificates and keys) to configure a server and client (also tried two windows clients). Definitely much more complicated than the OP's script! But I did get it to work and now my mom has a separate vpn wifi network back home in el salvador to which her roku stick is connected to.
I have to say that I ran some speed tests and pptp was brutally much slower than either this solution or the OpenVPN solution. The only advantage is how easy it is to set up clients on android and windows.
I also set up a "free-tier exceeded alarm" on the amazon workspace console. Still can't figure out exactly what the limits are based on (time the instance is running, amount of processing used, bandwidth used, or some combination?). At least the alarm will send you an email when you have started incurring charges (i.e. $0.01)
Posted via CB10Guyzer likes this.12-06-14 08:23 AMLike 1 - Hey guys,.. I've noticed that whenever myself (using a Passport) or my mom (using a Z10) are connected to the strongswan VPN, we are unable to use BBM voice/video features (to anyone). Just wondering if this is something to be expected or if we need to modify iptables to allow the BBM video/voice ports through, as described here:
http://btsc.webapps.blackberry.com/b...ListHelperImpl
Edit: I should add that while both BlackBerry devices are unable to do bbm voice and video,.. when I connect a Samsung S4 to the vpn (using the XAUTH modification provided in this thread) it is still able to make and receive BBM voice calls.
So,.. Seems like either the Android OS routes things differently or BBM voice on non-BlackBerry devices is implemented through a different port/protocol.
Posted via CB10Last edited by AnimalPak200; 12-07-14 at 10:00 PM.
12-07-14 09:43 PMLike 0 - Has anyone experienced any problems with this hijacking gateways for other PC's?
Last year, I setup centos in a VM at home with StrongSwan. It seemed to work, but I found out one of my Windows machines with static IP was sending packets to the wrong place, basically making it not able to get out to the Internet. I couldn't make sense of it, given the static IP and all. I shut it down and just kept using the VPS.
Today I got notice from my VPS provider that my VPS was hijacking IP's on the subnet. He showed me a screenshot of my MAC address with my IP, another IP and the gateway showing up in the Windows VPS. It looks like my VPS is going an arp poisoning, causing the other VPS from being able to get traffic back out to the net. The only thing I can think of, is the masquerade in iptables?
I happened to be using the VPN on my lunch break and VPS was disconnected by VPS hoster by the time I got back from lunch. It seems to correlate that when I was connected, this hijacking was happening at the VPS hoster.
This has happened 3 times now, and both previous times I got angry with VPS provider because I thought this was very unlikely I was the cause and they had nothing for me to investigate, so I didn't do anything other than make sure I wasn't infected or hacked and used in a bot storm or something
There was a month or more where I was running a 10.3.1 hack where VPN didn't work with hotspots and so I didn't use the VPN. It seems that these VPS issues did not occur during this time. The VPS provider seems to have a fairly simple network with no separation or protection (sticky arp? VLAN's?), so its possible this is prevented with Amazon or other VPS's and just happened to be noticed for me at home and with the crappy VPS hoster.02-18-15 03:09 AMLike 0 - Not with this script, but I setup a centos 7 on latest StrongSwan with certs on both sides and perfect forward secrecy.
https://raymii.org/s/tutorials/IPSEC..._CentOS_7.html
There's two typos to fix. First in ipsec.conf about rightauth2, and the second about firewall-cmd at the bottom. I emailed the website but got no response.
Posted via CB10Guyzer likes this.02-26-15 02:47 PMLike 1 - Not with this script, but I setup a centos 7 on latest StrongSwan with certs on both sides and perfect forward secrecy.
https://raymii.org/s/tutorials/IPSEC..._CentOS_7.html
There's two typos to fix. First in ipsec.conf about rightauth2, and the second about firewall-cmd at the bottom. I emailed the website but got no response.
Posted via CB1003-04-15 01:08 AMLike 0 - +1 to that. Unable to use BBM calls when connected to VPN. Not just this method. Even when using IKeV2 gateways.Hey guys,.. I've noticed that whenever myself (using a Passport) or my mom (using a Z10) are connected to the strongswan VPN, we are unable to use BBM voice/video features (to anyone). Just wondering if this is something to be expected or if we need to modify iptables to allow the BBM video/voice ports through, as described here:
http://btsc.webapps.blackberry.com/b...ListHelperImpl
Edit: I should add that while both BlackBerry devices are unable to do bbm voice and video,.. when I connect a Samsung S4 to the vpn (using the XAUTH modification provided in this thread) it is still able to make and receive BBM voice calls.
So,.. Seems like either the Android OS routes things differently or BBM voice on non-BlackBerry devices is implemented through a different port/protocol.
Posted via CB10
Posted via CB1003-12-15 06:26 PMLike 0 -
Replace with: rightauth2=pubkey
Search: firewall-cmd --permanent --set-default-zone=dmz
Replace with: firewall-cmd --set-default-zone=dmz
firewall-cmd --permanent
I am not 100% confident in the firewall-cmd, but I can say that the original gives errors and doesn't apply (didn't like both being set at same time), and my suggested change applies and works across reboot.
So if you update your auto installer script, this has the benefit of enabling the firewall permanently, where your previous script set iptables but didn't save it persistently. So newbies who didn't notice that would run into problems after reboot.03-12-15 09:18 PMLike 0 -
I went to just call my bro, which I know worked 1+ years ago, and now it just opens a black active frame. When I disconnected the VPN, the BBM call looked like it was going to go through.
So we need someone with a sniffer to capture the traffic and find out what traffic and port its using to connect to BlackBerry servers.03-12-15 09:25 PMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
FREE VPN: Strongswan Ipsec/IKEv2 Z10/Z30/Q10
« BB presenter
|
Guide on how to unlock blackberry passport with picture only even after 5 failed times »
Similar Threads
-
Z30 Wi-Fi connection unstable.
By young guy in forum BlackBerry Z30Replies: 10Last Post: 10-22-13, 10:18 PM -
Line App on BlackBerry Q10
By gnulab in forum BlackBerry Q10Replies: 7Last Post: 10-22-13, 06:12 PM -
How can you copy paste text on the z10?
By Lee Eshelman in forum BlackBerry Z10Replies: 10Last Post: 10-21-13, 01:39 PM -
Z30 not permitting Facebook posting
By rosie_parent in forum General BlackBerry News, Discussion & RumorsReplies: 7Last Post: 10-21-13, 11:21 AM -
How can i update my z10 software 10.2
By chitwan in forum BlackBerry Z10Replies: 2Last Post: 10-21-13, 08:18 AM
LINK TO POST COPIED TO CLIPBOARD