FREE VPN: Strongswan Ipsec/IKEv2 Z10/Z30/Q10
New and Improved!
Only takes 11 minutes from time you SSH into your box. Copy and paste 2 commands
The howto is broken down into two main sections.
1. Amazon EC2 Setup
2. Linux Setup (strongswan)
Reasons why you might want a VPN
watch american/british television freely on services like hulu or bbc. or watch those respective regional netflix offerings.
security using an open wifi hotspot (coffee shops, etc.)
to be cool when showing off your z10
Sources
The reason I am doing this write up is for those who like me, have very little understanding of linux. Though these other guides are helpful there are some steps they miss. i am going to try and fill in those missing steps.
Amazon EC2
FREE EC2 instance from Amazon (free tier for one year)
-click create free account
-its helpful if you already have an amazon account. it asks for your credentials and asks that you re-enter in your credit card number. this is if you go over free tier usage limits which are very large. 30 gigs of data transfer (i never use this) and even if you go over its like $0.01 a gig so don't worry. If any charges will be on your account they are quite nominal. Interestingly if you were to run this server for your own purposes, mildly, it could run maybe $5 a month. There are services out there that charge about this, but its more fun doing it yourself, and this way you know its secure.
-sign up now as first step may take a couple hours to get approved by amazon
After you have been approved by amazon (you should receive an email) then you goto this website to manage your ec2 instance
https://aws.amazon.com/marketplace/p...=1382353859417
Please take note of the region it is launching in. If you were interested in the free BBC material from its app then you would need to change this to Ireland. Likewise if you live on the west coast you might want to pick Oregon. This would also give you american tv content if you live somewhere else. Interestingly I use the ABC app even though I'm canadian. This is where you instance will be launched.
imgur: the simple image sharer
The next screen will now provide you with the details. You change any details you like, the only thing that is truly important is KEYPAIR. This is required!!! You need it to access your linux box securely to then make modifications to turn it into a VPN server. Download this Keypair and keep it in a safe place. if you ever lose this you will then lose the ability to access your own server. the security group we can modify later to allow specifically for your server.
imgur: the simple image sharer
Putty
Your instance is now being deployed. this takes a while as it is essentially booting up for the first time and installing or configuring whatever options you have previously selected. While this is being done you can be getting setup to access your server. For this you will need an SSH client. I personally use Putty. If you use putty you can get it here. You will need two files. Putty.exe and puttygen.exe. puttygen converts your keypair.pem to keypair.ppk for use specifically with putty.
PuTTY Download Page
run puttygen
click load
change filetypes to "all files" (from ppk)
locate keypair.pem
save private key > "save without passphrase" (I said yes but do what you want)
saved as keypair.ppk in same location
Photo Album - Imgur
now run putty.exe
click ssh (in options side left menu)
click auth > browse > locate keypair.ppk
in side-left menu go back to Session
input hostname in main menu now (ip you were assigned)
Photo Album - Imgur Hostname
you get this from your amazon ec2 page. highlight the instance that you launched and it will give you a hostname on
also while on this page i would get the name of the security group you have been assigned. this will need to be changed next
imgur: the simple image sharer
Security Groups
You need ports tcp22 open ( which should already be set) and udp (500,4500)
select the group from the top
in the bottom half add new rules
select custom UDP
then add 500
then do it again, add 4500
then make sure to APPLY changes otherwise nothings changed
imgur: the simple image sharer
Now go back to putty
i would recommend saving this infor so you dont have to do it again. but do as you want... click open
now a window asking if you want to use that certifcate pops up. say yes.
now a black window pops up and asks you to login. with this specific distro you login as
"root"
NEW AND IMPROVED WITH SCRIPT FROM REBELLIOUS
New Way [Post63]
Old Way [Post4]
Finished with the script. It is now available at https://www.dropbox.com/s/xk8jaqv67m8h15o/vpn.sh (just in case anybody is interested in its contents, or in order to check there is no Trojan horse in the code). Guys, sorry for absence of comments in the script, I am a little lazy to do this...
So the new procedure for installing Strongswan VPN for BlackBerry 10 is suggested as follows:
Step 1
Repeat all steps Guyzer offers you concerning AWS setup till the moment you log into your server with root.
Step 2 (copy and paste the commands if you feel you could make a typo)
Install wget package to be able to download the installation script.
Code:
yum -y install wget
Run the script directly from the web:
Code:
bash <(wget -qO- --no-check-certificate https://www.dropbox.com/s/xk8jaqv67m8h15o/vpn.sh)
The script will offer you 4 steps for configuring your installation: IP address of your server (found in AWS control panel), gateway pre-shared key, user name and user password. Please, take care when entering this info in order not to make mistakes. Otherwise you will need to abort the script with Ctrl+C combination or get a non-working installation at the end, this leading to a frustration of yours and the need of editing all configuration files on your own.
Pleasant thing: the whole installation process from installing wget till having a working VPN server takes 11 minutes (I did test this on a micro instance 15 minutes ago and this was exactly how long it took me).
Enjoy!
Now setup your BlackBerry
Create a new VPN profile using the following connection details:
Profile Name: anything
Server Address: VPN server's public Internet address
Gateway Type: Generic IKEv2 VPN Server
Authentication Type: EAP-MSCHAPv2
Authentication ID Type: IPv4
MSCHAPv2 EAP Identity: anything, this field does not matter
MSCHAPv2 Username: user1 (username specified in ipsec.secrets)
MSCHAPv2 Password: password2 (user password specified in ipsec.secrets)
Gateway Auth Type: PSK
Gateway Auth ID Type: IPv4
Gateway Preshared Key: password1 (the PSK password specified in ipsec.secrets)
Perfect Forward Secrecy: not checked
There is no need to change any "Advanced" configurations.
Other links you may be interested in
PPTP VPN
Tired Of "Snoopfest"? Stop It in [Market-Ticker]
http://aws.amazon.com/console/mobile/
https://forums.crackberry.com/e?link...token=eO5NtEXp