1. AnimalPak200's Avatar
    What is your symptom? I think my BBM voice is broken.., or I'm confirming what you see.

    I went to just call my bro, which I know worked 1+ years ago, and now it just opens a black active frame. When I disconnected the VPN, the BBM call looked like it was going to go through.

    So we need someone with a sniffer to capture the traffic and find out what traffic and port its using to connect to BlackBerry servers.
    Not only the actual call, but you'll notice that the BBM Call/Video icon turns dark/disabled. What's interesting is that when I connect to the same VPN using Android (using the instructions in this thread), BBM calls work fine.
    03-13-15 05:16 PM
  2. cycle_wala's Avatar
    What is your symptom? I think my BBM voice is broken.., or I'm confirming what you see.

    I went to just call my bro, which I know worked 1+ years ago, and now it just opens a black active frame. When I disconnected the VPN, the BBM call looked like it was going to go through.

    So we need someone with a sniffer to capture the traffic and find out what traffic and port its using to connect to BlackBerry servers.
    When I call someone via bbm (with VPN connected), I get a black screen. The call doesn't go through. I'm guessing it's a bug with the BlackBerry10.

    Posted via CB10
    03-14-15 01:03 PM
  3. AnimalPak200's Avatar
    When I call someone via bbm (with VPN connected), I get a black screen. The call doesn't go through. I'm guessing it's a bug with the BlackBerry10.

    Posted via CB10
    No, it's not a bug with 'the BlackBerry 10'. It has to do with the strongswan vpn left and right side ip configuration. The XAUTH configuration that applies to Android is slightly different and bbm calls still work through that.

    Posted via CB10
    03-15-15 04:12 PM
  4. cycle_wala's Avatar
    No, it's not a bug with 'the BlackBerry 10'. It has to do with the strongswan vpn left and right side ip configuration. The XAUTH configuration that applies to Android is slightly different and bbm calls still work through that.

    Posted via CB10
    It's not just with strongswan. I've used hide.me VPN too. Also another paid service (IKeV2 method). The same black screen. I highly doubt BlackBerry10's implementation of this than the VPN service provider.

    Posted via CB10
    03-16-15 12:59 AM
  5. AnimalPak200's Avatar
    It's not just with strongswan. I've used hide.me VPN too. Also another paid service (IKeV2 method). The same black screen. I highly doubt BlackBerry10's implementation of this than the VPN service provider.

    Posted via CB10
    Ah ok. I thought it might have to do with how the ikev2 ipsec config has non-overlapping left and right IP ranges while the XAUTH config has the same IPs.

    Posted via CB10
    03-16-15 08:09 AM
  6. fishlove73's Avatar
    Had anyone had a success of using OpenIKED instead of strongSwan as a vpn server for BB10?

    Attachment 341776

    bℯ��ℯř ฬ�ђ bℓ�ckbℯřřɣ
    03-16-15 08:29 PM
  7. anon9391691's Avatar
    +1 to that. Unable to use BBM calls when connected to VPN.

    Found this thread. Thought was something with my settings on server. Using my own ipsec v1 server (pfSense). Everything worked over wifi connected to my server over ipsec, until upgrade to 10.3.1. Now I am getting a black bbm voice calling screen. Call is not being made. Must be something changed in 10.3.1 or a bug.

    How to report this to Blackberry?
    04-02-15 08:55 AM
  8. cycle_wala's Avatar
    Bbm calls over vpn worked in 10.2.1??

    +1 to that. Unable to use BBM calls when connected to VPN.

    Found this thread. Thought was something with my settings on server. Using my own ipsec v1 server (pfSense). Everything worked over wifi connected to my server over ipsec, until upgrade to 10.3.1. Now I am getting a black bbm voice calling screen. Call is not being made. Must be something changed in 10.3.1 or a bug.

    How to report this to Blackberry?


    Posted via CB10
    04-02-15 11:49 PM
  9. anon9391691's Avatar
    Yes! BBM calls and video did work in 10.2.1 over wifi. Not sure if it worked over 3g/4g. Frequently used my ipsec (ikev1) connection all day long and made multiple calls. Never seen the black bbm call screen before updating to 10.3.1.
    04-03-15 08:58 AM
  10. I will be back's Avatar
    Please add check for bzip2
    I just tried script and there were no bzip2 on Contos7 image at my provider.

    Does script work on CentOS 7?
    Code:
    The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status).
     For other actions, please try to use systemctl.
    sed: can't read /etc/sysconfig/iptables: No such file or directory
    Redirecting to /bin/systemctl restart  iptables.service
    Failed to issue method call: Unit iptables.service failed to load: No such file or directory.
    Starting strongSwan 5.1.3 IPsec [starter]...
    So I checked the folder
    Code:
    [root@localhost ~]# ls /etc/sysconfig/iptables
    ls: cannot access /etc/sysconfig/iptables: No such file or directory
    [root@localhost ~]# ls /etc/sysconfig
    authconfig  cpupower         firewalld  ip6tables-config  kdump   modules     network-scripts  rsyslog    selinux
    cbq         crond            grub       iptables-config   kernel  netconsole  rdisc            run-parts  sshd
    console     ebtables-config  init       irqbalance        man-db  network     readonly-root    saslauthd  wpa_supplicant
    Should I just go for the version 6 instead?

    Thanks
    05-02-15 01:13 PM
  11. BCITMike's Avatar
    Please add check for bzip2
    I just tried script and there were no bzip2 on Contos7 image at my provider.

    Does script work on CentOS 7?
    Code:
    The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status).
     For other actions, please try to use systemctl.
    sed: can't read /etc/sysconfig/iptables: No such file or directory
    Redirecting to /bin/systemctl restart  iptables.service
    Failed to issue method call: Unit iptables.service failed to load: No such file or directory.
    Starting strongSwan 5.1.3 IPsec [starter]...
    So I checked the folder
    Code:
    [root@localhost ~]# ls /etc/sysconfig/iptables
    ls: cannot access /etc/sysconfig/iptables: No such file or directory
    [root@localhost ~]# ls /etc/sysconfig
    authconfig  cpupower         firewalld  ip6tables-config  kdump   modules     network-scripts  rsyslog    selinux
    cbq         crond            grub       iptables-config   kernel  netconsole  rdisc            run-parts  sshd
    console     ebtables-config  init       irqbalance        man-db  network     readonly-root    saslauthd  wpa_supplicant
    Should I just go for the version 6 instead?

    Thanks
    Read posts 171 and 174.

    Posted via CB10
    05-02-15 03:33 PM
  12. I will be back's Avatar
    Thank you.

    I have to do it the hard way
    05-02-15 07:53 PM
  13. I will be back's Avatar
    Didn't work for me

    BB disconnects on timeout without any errors on server.
    May 9 16:50:41 localhost charon: 03[NET] received packet: from 216.58.105.210[4500] to 162.248.142.222[4500]
    May 9 16:50:41 localhost charon: 03[NET] waiting for data on sockets
    May 9 16:50:41 localhost charon: 08[MGR] checkout IKE_SA by message
    May 9 16:50:41 localhost charon: 08[MGR] IKE_SA IPSec-IKEv2[11] successfully checked out
    May 9 16:50:41 localhost charon: 08[NET] received packet: from 216.58.105.210[4500] to 162.248.142.222[4500] (1708 bytes)
    May 9 16:50:41 localhost charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi CERT AUTH CPRQ(ADDR MASK DNS DNS NBNS NBNS VER) N(INIT_CONTACT) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
    May 9 16:50:41 localhost charon: 08[IKE] received retransmit of request with ID 1, retransmitting response
    May 9 16:50:41 localhost charon: 08[NET] sending packet: from 162.248.142.222[4500] to 216.58.105.210[4500] (524 bytes)
    May 9 16:50:41 localhost charon: 08[MGR] checkin IKE_SA IPSec-IKEv2[11]
    May 9 16:50:41 localhost charon: 08[MGR] check-in of IKE_SA successful.
    May 9 16:50:41 localhost charon: 05[NET] sending packet: from 162.248.142.222[4500] to 216.58.105.210[4500]
    May 9 16:50:51 localhost charon: 03[NET] received packet: from 216.58.105.210[4500] to 162.248.142.222[4500]
    May 9 16:50:51 localhost charon: 03[NET] waiting for data on sockets
    May 9 16:50:51 localhost charon: 12[MGR] checkout IKE_SA by message
    May 9 16:50:51 localhost charon: 12[MGR] IKE_SA IPSec-IKEv2[11] successfully checked out
    May 9 16:50:51 localhost charon: 12[NET] received packet: from 216.58.105.210[4500] to 162.248.142.222[4500] (1708 bytes)
    May 9 16:50:51 localhost charon: 12[ENC] parsed IKE_AUTH request 1 [ IDi CERT AUTH CPRQ(ADDR MASK DNS DNS NBNS NBNS VER) N(INIT_CONTACT) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
    May 9 16:50:51 localhost charon: 12[IKE] received retransmit of request with ID 1, retransmitting response
    May 9 16:50:51 localhost charon: 12[NET] sending packet: from 162.248.142.222[4500] to 216.58.105.210[4500] (524 bytes)
    May 9 16:50:51 localhost charon: 12[MGR] checkin IKE_SA IPSec-IKEv2[11]
    May 9 16:50:51 localhost charon: 12[MGR] check-in of IKE_SA successful.
    May 9 16:50:51 localhost charon: 05[NET] sending packet: from 162.248.142.222[4500] to 216.58.105.210[4500]
    May 9 16:51:02 localhost charon: 07[MGR] checkout IKE_SA
    May 9 16:51:02 localhost charon: 07[MGR] IKE_SA IPSec-IKEv2[11] successfully checked out
    May 9 16:51:02 localhost charon: 07[MGR] checkin IKE_SA IPSec-IKEv2[11]
    May 9 16:51:02 localhost charon: 07[MGR] check-in of IKE_SA successful.
    Firewall tells:
    dmz (default, active)
    interfaces: ens33
    sources:
    services: ssh
    ports: 500/udp 4500/udp
    masquerade: yes
    forward-ports:
    icmp-blocks:
    rich rules:
    rule protocol value="esp" accept
    rule protocol value="ah" accept
    there is
    Ports 4500/UDP, 500/UDP, 51/UDP and 50/UDP opened in the firewall.
    I think I should open ports 50, 51
    Last edited by I will be back; 05-09-15 at 04:16 PM.
    05-09-15 03:52 PM
  14. BCITMike's Avatar
    Didn't work for me

    BB disconnects on timeout without any errors on server.


    Firewall tells:


    there is
    I think I should open ports 50, 51
    I believe so. Also, does netstat show 1701 as listening? If so, that might need to be opened in fw as well.

    Posted via CB10
    05-09-15 08:59 PM
  15. I will be back's Avatar
    Adding 50,51 didn't help and ss(replacement for netstat) didn't show anything listening on the port, so I deleted them.

    1701 is not listed anywhere.

    Strange.
    05-09-15 11:48 PM
  16. BCITMike's Avatar
    Adding 50,51 didn't help and ss(replacement for netstat) didn't show anything listening on the port, so I deleted them.

    1701 is not listed anywhere.

    Strange.
    netstat isn't currently showing 1701 as listening, but I did copy it from another of my working strongswan servers (before it died at provider's fault). So probably can disregard that.

    Code:
    firewall-cmd --list-all
    public (default, active)
      interfaces: ens33
      sources:
      services: ipsec ssh
      ports: 1701/udp 51/udp 50/udp 2222/tcp 500/udp 4500/udp
      masquerade: yes
      forward-ports:
      icmp-blocks:
      rich rules:
            rule protocol value="ah" accept
            rule protocol value="esp" accept
    (I just used public instead of dmz, same thing as long as its active, AFAIK)

    Try testing your server from outside your home, or disable your Wifi at home and use cell data. For some reason (firewall I'm guessing), it doesn't work for me at home where it does outside or on cell data. It has similar symptom as you, server shows no errors but BB10 says timeout. I had two changes when that problem appeared for me. I changed to Centos 7, and I changed my router from Tomato based router to a Ubnt Edgerouter. I'll try my old Tomato router tomorrow.
    I will be back likes this.
    05-10-15 07:06 AM
  17. I will be back's Avatar
    Tried those ports, tried through mobile network - and no luck

    At the same time Amazon script works just like a charm. Works from mobile connection and home WiFi.

    Thank you for help.
    I'll try to talk to my vps provider as I see no other possible cause of trouble.
    05-10-15 09:41 PM
  18. BCITMike's Avatar
    Tried those ports, tried through mobile network - and no luck

    At the same time Amazon script works just like a charm. Works from mobile connection and home WiFi.

    Thank you for help.
    I'll try to talk to my vps provider as I see no other possible cause of trouble.
    One of my home routers works and one doesn't. Unfortunately for you, not same problem.

    Are you trying this on an openvz VPS? Doesn't work with openvz.

    Did you want to test against my server? You're quite sure you're doing everything right on the phone side? Are you using certificates or pre-shared keys?
    05-11-15 03:23 AM
  19. lmsilvam's Avatar
    Quite happy with the VPN, clear and easy to follow instructions. Works flawlessly for the most part on my Passport but I've noticed I cannot get a connection to Blend. Anyone else on the same boat?
    Guyzer likes this.
    05-14-15 12:22 PM
  20. Guyzer's Avatar
    Quite happy with the VPN, clear and easy to follow instructions. Works flawlessly for the most part on my Passport but I've noticed I cannot get a connection to Blend. Anyone else on the same boat?
    cant believe this thread is still somewhat active. glad its still helping people out.

    as regards blend i am going to guess it has something to do with the changes bb made in 10.3.1. It appears bb services, like bbm voice calling and such worked on previous versions with the vpn connected, but not something has changed. from whats been posted above it also appears the vpn works with android and bbm voice calls. so it has to be something that bb changed with the new version os

    have to wait for someone to figure out what was changed and try to make it work again. sorry I could not be of more help but im just happy this thread is still going strong and I just had to post something. I'm actually going through it to see if I can setup the vpn with strongswan and certificates.

    i was interested in this because of what was said as a side note in security now.
    Security Now 509 | TWiT.TV


    it talked about this website which will supposedly provide free certificates. I know I can create my own, but I am wondering about getting the vpn working with publicly issued certs.

    https://letsencrypt.org/

    if i learn anything new not posted in this thread already ill keep you posted
    BCITMike and lmsilvam like this.
    06-02-15 06:33 PM
  21. redcubicle's Avatar
    DO NOT use any free VPN service, your traffic is being monitored and your identity and personal information will be stolen.


    http://www.personalvpn.org/danger_proxy_servers.htm
    06-02-15 07:12 PM
  22. Guyzer's Avatar
    as a side note, found a really interesting use for both VPN's and AWS. Got it working in under an hour, works good to.

    So if your like me and have a crappy laptop, and dont ever plan on upgrading it yet occasionally want to play some highend games, aws can do that. It works along with a VPN, Win2k Server, and Steam. Cost is about $0.50/hr. You also need 10mbit wired or 5ghz wireless net connect

    Run your own high-end cloud gaming service on EC2

    In his setup I used zerotier option and realvnc viewer for setup. He gives good tips and links to expand on other info. I am not living in the states so my ping ranged from 90ms to 100ms. Not the greatest but it works nicely. You need Steam and you can play any steam game you own or they offer for demo or free. Cost is about $0.50/hr. Not bad, for those who used to go to arcades, I wish 50 cents would last me an hour of gaming.
    06-03-15 03:52 AM
  23. Rebelllious's Avatar
    Sorry, guys, I didn't come back here for quite a while. Got lots to do in my real life...
    OK, back to VPN things. Does anyone have clear tutorial on Strongswan installation for OpenWRT? I have Asus RT-N56U router at home and it now runs Padavan's modded firmware (based on Asus's OpenWRT). Generally, as it runs 24/7 and has got pretty much unused potential in MHz and MB, I could load it with Strongswan. The setups I found were not really nice enough to script them. I never got it working.
    Any additional info would be welcome. I could test it using my gear and publish it on GitHub as well.
    06-04-15 04:26 PM
  24. anon(9016157)'s Avatar
    DO NOT use any free VPN service, your traffic is being monitored and your identity and personal information will be stolen.


    http://www.personalvpn.org/danger_proxy_servers.htm
    http://www.kernel-panic.it/openbsd/vpn/vpn2.html

    Posted via CB10
    11-09-15 04:47 AM
  25. revnil's Avatar
    Has anyone done this with strongswan 5.3.5? There have been a lot of updates and I'd like to use the latest software. I tried following the script but I'm missing something. I'm able to connect to the server, but I can't get out. I believe I have done everything correctly but I have a feeling somehow iptables is causing the trouble.

    Actually, it looks like a DNS issue. I can access websites via IP but not by name. The configuration for strongswan changed a bit it looks like and recommends putting the dns entries in another file, which I did, but no luck.
    12-22-15 02:00 AM
246 ... 678910

Similar Threads

  1. Z30 Wi-Fi connection unstable.
    By young guy in forum BlackBerry Z30
    Replies: 10
    Last Post: 10-22-13, 10:18 PM
  2. Line App on BlackBerry Q10
    By gnulab in forum BlackBerry Q10
    Replies: 7
    Last Post: 10-22-13, 06:12 PM
  3. How can you copy paste text on the z10?
    By Lee Eshelman in forum BlackBerry Z10
    Replies: 10
    Last Post: 10-21-13, 01:39 PM
  4. Z30 not permitting Facebook posting
    By rosie_parent in forum General BlackBerry News, Discussion & Rumors
    Replies: 7
    Last Post: 10-21-13, 11:21 AM
  5. How can i update my z10 software 10.2
    By chitwan in forum BlackBerry Z10
    Replies: 2
    Last Post: 10-21-13, 08:18 AM
LINK TO POST COPIED TO CLIPBOARD