12-14-17 04:16 PM
246 1234 ...
tools
  1. Rebelllious's Avatar
    What did you mean by redoing iptables options?
    I think, this is the point I am missing at the time. Otherwise, I am ready to provide you with the information necessary to give me little help...

    P.S. Thanks to Guyzer for helping with the server. I still don't understand what was wrong with my own setup though.
    Last edited by Rebelllious; 02-02-14 at 02:32 AM.
    01-29-14 05:18 AM
  2. Djlatino's Avatar
    Great guide, might have to go out and buy a small centos vps just for me. I wish you could use StrongSwan on Windows but oh well :/ I guess my 40$ RDP will be tucked away for this, crying.
    02-02-14 07:36 AM
  3. Guyzer's Avatar
    Great guide, might have to go out and buy a small centos vps just for me. I wish you could use StrongSwan on Windows but oh well :/ I guess my 40$ RDP will be tucked away for this, crying.
    not sure if it interests you but with amazon aws you get one linux instance and one windows instance free for a year. essentially windows 8 server which you can rdp into anytime you need.
    02-02-14 06:20 PM
  4. Djlatino's Avatar
    not sure if it interests you but with amazon aws you get one linux instance and one windows instance free for a year. essentially windows 8 server which you can rdp into anytime you need.
    I'll be sure to check it out!
    02-02-14 06:37 PM
  5. Evil Dead's Avatar
    Plase, help me sombomebody! Never felt myself so stupid
    Well, I created Amazon account and made instance and so on
    To cut story short, I ended up with that damned PuTTY black screen which ask me login and password. Which ones it wants?
    02-12-14 11:44 AM
  6. Guyzer's Avatar
    Login as root

    Posted via CB10
    02-12-14 02:33 PM
  7. Evil Dead's Avatar
    I found problem: for some reason server didn't accept my keypair, that's why it wanted password so I terminated instance and started new one. But headarche didn't stop yet : Permanent timeout that's only one I have. Any suggestions will be very welcomed.
    Timeout of VPN link of course
    Last edited by Evil Dead; 02-12-14 at 03:44 PM. Reason: adds
    02-12-14 03:33 PM
  8. Guyzer's Avatar
    I found problem: for some reason server didn't accept my keypair, that's why it wanted password so I terminated instance and started new one. But headarche didn't stop yet : Permanent timeout that's only one I have. Any suggestions will be very welcomed.
    Timeout of VPN link of course
    putty will time you out after a certain amount of inactivity. this setting can be changed but you shouldnt need to if you just input the commands as directed in forum...

    like you said most likely an issue with not reading the instructions correctly. though i dont claim they are perfect and Im willing to help out and explain more clearly. though you need to describe exactly what your problem is. im only guessing what you meant by time out
    02-12-14 04:10 PM
  9. Evil Dead's Avatar
    Well, I inputted exactly how You described, and nothing at all - just timeout instead of working VPN. Then I switched off FW - just timeout instead of working VPN. And "[msm] Connecting" then "Error - Timeout" then "Disconnecting" and finally "Not connected" in VPN log. After this the same funny sequence but with [tiw_sta0]. I really desperated, 'cos it's not just a fun for me: I haven't access to BBW & BBM without this damned VPN
    02-12-14 05:28 PM
  10. Guyzer's Avatar
    Timeout typically means firewall issue. Are you sure you set aws firewall


    Posted via CB10
    02-12-14 05:32 PM
  11. Evil Dead's Avatar
    It's switched off now, as I said, thru iptables save then stop and those "bla-bla-bla" system answer I got
    02-12-14 05:41 PM
  12. Evil Dead's Avatar
    If I understand correctly after FW stopped I MUST be linked to server. Internet surfing is another story, and it will be next problem, but connection with server must be established just now, right?
    02-12-14 06:01 PM
  13. Guyzer's Avatar
    No your talking about wrong firewall. There are two. You need to follow instructions in beginning

    Posted via CB10
    02-12-14 07:23 PM
  14. Evil Dead's Avatar
    It's absolutely madness!
    What I did today:
    1.Double checked public server IP - no mistakes;
    2.Double checked security group - all 4 inbound ports are in place;
    3.Double checked every config file - absolutely identical to those ones in guide
    4. inputted ipsec stop;
    5. inputted /etc/init.d/iptables save
    /etc/init.d/iptables stop
    6.inputted iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
    iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
    7.inputted ipsec start
    Still no any progress.
    Guyzer, can I send to You my auth data for VPN, maybe You will be luck to login outside my country?
    02-13-14 07:04 AM
  15. Guyzer's Avatar
    pm me the details
    02-13-14 07:14 AM
  16. Guyzer's Avatar
    also heres a test server. if you cant connect to this server your isp is preventing you

    Create a new VPN profile using the following connection details:
    Profile Name: anything
    Server Address: 54.184.95.161
    Gateway Type: Generic IKEv2 VPN Server
    Authentication Type: EAP-MSCHAPv2
    Authentication ID Type: IPv4
    MSCHAPv2 EAP Identity: anything, this field does not matter
    MSCHAPv2 Username: user1
    MSCHAPv2 Password: password2
    Gateway Auth Type: PSK
    Gateway Auth ID Type: IPv4
    Gateway Preshared Key: password1
    Perfect Forward Secrecy: not checked
    There is no need to change any "Advanced" configurations.
    02-13-14 07:17 AM
  17. Evil Dead's Avatar
    Connection was established
    Oh, sorry, forgot to check. I-net surfing O.K.
    Not sure: do You received my PM?
    Last edited by Evil Dead; 02-13-14 at 07:54 AM.
    02-13-14 07:38 AM
  18. Rebelllious's Avatar
    Please start your iptables and check its FORWARD section. If it contains any "REJECT" rules before the one you added to forward your packets, remove it by
    Code:
    iptables -D FORWARD 1
    where 1 is the number of the rule with "REJECT".
    This seemed to help me in my research (after Guyzer had made a working instance for me).
    02-13-14 03:41 PM
  19. Evil Dead's Avatar
    well, did I right?
    /etc/init.d/iptables start
    iptables -D FORWARD 1
    If it's right, it didn't bring me nothing

    I inputted iptables -L -v -n and could see some packets in INPUT chain, some packets in OUTPUT chain and absolutely no packets in FORWARD chain. I tried to connect to VPN, so something must to be here. Maybe as rejected packets, but it should be. Or it's wrong?
    Last edited by Evil Dead; 02-14-14 at 07:31 AM.
    02-14-14 06:05 AM
  20. Evil Dead's Avatar
    O.K. I finally did it! Well, what my little research showed up:
    What I found at wiki.strongswan.org about VPN creation on AWS services: Allow any incoming traffic from the pool's subnet into all VPC instances. It means You SHOULD kill any REJECT command in table "filters" -> chain "INPUT" of iptables or You'll can't get any net activity between Blackberry and server. Like me was . Next You SHOULD kill any REJECT command in table "filters" -> chain "FORWARD" of iptables or You'll can't get any internet activity between server and internet.
    P.S. My thanks to Guyzer and Rebelllious for their advance in my discoverings
    P.P.S. actually You don't need to stop iptables. Just make edit I wrote above, add 2 strings as discribed by OP and VPN will start without problems
    Last edited by Evil Dead; 02-16-14 at 03:22 PM.
    Guyzer and BCITMike like this.
    02-16-14 08:55 AM
  21. Evil Dead's Avatar
    Well, I digged a little bit deeper and found port 1701 not needed here: it's for L2TP VPN connection. Our VPN definitely not L2TP, so I deleted this one from security group and everything looks fine: I tried surfing and dowloading both without any problem. So doing it other peeps seems good idea: less open ports, less security issues.
    Guyzer likes this.
    02-16-14 03:14 PM
  22. DinLangkawi's Avatar
    Will try this out.. thanks

    Posted via CB10
    02-16-14 03:17 PM
  23. vladlem's Avatar
    Thanks a lot for this guide. Followed it to set up a VPN server on a CentOS 6.5 (64 bit). Not on Amazon though but on a JiffyBox (German VPS provider).

    Since there was no web interface to set up firewall exceptions I had to open the three ports mentioned in the beginning of the guide by editing /etc/sysconfig/iptables.
    Code:
    nano /etc/sysconfig/iptables
    Code:
    -A INPUT -m state --state NEW -m udp -p udp --dport 500 -j ACCEPT
    -A INPUT -m state --state NEW -m udp -p udp --dport 1701 -j ACCEPT
    -A INPUT -m state --state NEW -m udp -p udp --dport 4500 -j ACCEPT
    Code:
     iptables-restore < /etc/sysconfig/iptables
    I was now able to connect to the VPN but without internet connection. Adding the following line to the %default connection in ipsec.conf was what finally did it for me.
    Code:
    leftfirewall=yes
    Complete ipsec.conf now looks like this:
    Code:
    config setup
        strictcrlpolicy=no
    
    conn %default
       ikelifetime=24h
       keylife=24h
       keyexchange=ikev2
       dpdaction=clear
       dpdtimeout=3600s
       dpddelay=3600s
       compress=yes
       leftfirewall=yes
    
    conn rem
       rekey=no
       leftsubnet=0.0.0.0/0
       leftauth=psk
       leftid=SERVER_PUBLIC_IP_ADDRESS
       right=%any
       rightsourceip=192.168.2.100/29
       rightauth=eap-mschapv2
       rightsendcert=never
       eap_identity=%any
       auto=add
    Guyzer likes this.
    03-25-14 05:56 AM
  24. Guyzer's Avatar
    I will try it out and update the howto thanks for your input

    Posted via CB10
    03-25-14 06:04 AM
  25. Serge Simon's Avatar
    Hello, i tried to follow this tutorial but I got stuck here:

    [root@ip-172-31-40-7 ~]# ipsec start
    Starting strongSwan 5.1.1 IPsec [starter]...
    /etc/ipsec.conf:1: syntax error, unexpected STRING [Config]
    unable to start strongSwan -- fatal errors in config

    What should I do next?


    In this instance config setup
    strictcrlpolicy=no

    conn %default
    ikelifetime=24h
    keylife=24h
    keyexchange=ikev2
    dpdaction=clear
    dpdtimeout=3600s
    dpddelay=3600s
    compress=yes

    conn rem
    rekey=no
    leftsubnet=0.0.0.0/0
    leftauth=psk
    leftid=SERVER_PUBLIC_IP_ADDRESS
    right=%any
    rightsourceip=192.168.2.100/29
    rightauth=eap-mschapv2
    rightsendcert=never
    eap_identity=%any
    auto=add

    That bold part is to be replaced. only that one without the * at the end of the Ip... I tried this way and it does not work.

    or I got another part wrong?
    04-11-14 08:11 PM
246 1234 ...

Similar Threads

  1. Z30 Wi-Fi connection unstable.
    By young guy in forum BlackBerry Z30
    Replies: 10
    Last Post: 10-22-13, 11:18 PM
  2. Line App on BlackBerry Q10
    By gnulab in forum BlackBerry Q10
    Replies: 7
    Last Post: 10-22-13, 07:12 PM
  3. How can you copy paste text on the z10?
    By Lee Eshelman in forum BlackBerry Z10
    Replies: 10
    Last Post: 10-21-13, 02:39 PM
  4. Z30 not permitting Facebook posting
    By rosie_parent in forum General BlackBerry Discussion
    Replies: 7
    Last Post: 10-21-13, 12:21 PM
  5. How can i update my z10 software 10.2
    By chitwan in forum BlackBerry Z10
    Replies: 2
    Last Post: 10-21-13, 09:18 AM
LINK TO POST COPIED TO CLIPBOARD