[Guyzer]

Replace completely *serverip* with ip

Posted via CB10

[Serge Simon]

Replace completely *serverip* with ip

Posted via CB10

Like this:




Well.. the same... the mess is in another place.

I am going verify all tomorrow if nothing is found i will terminate/erase all and start from scratch...

[Guyzer]

Please use imgur.com

Can't see cb attachment s

Posted via CB10

[Serge Simon]

Don't have an imgur account... here is a box link:

https://app.box.com/s/xq6cmdmjke64xf3o8d25

[Guyzer]

There is no accounts needed to upload and host and share on imgur

Posted via CB10

[BCITMike]

Like this:




Well.. the same... the mess is in another place.

I am going verify all tomorrow if nothing is found i will terminate/erase all and start from scratch...

It provides a hint: /etc/ipsec.conf:1: syntax error, unexpected STRING [Config]

Take a look at yours.. "Config"

Take a look at the example on pg 1. "config"

Linux is anal about case.

[Serge Simon]

It provides a hint: /etc/ipsec.conf:1: syntax error, unexpected STRING [Config]

Take a look at yours.. "Config"

Take a look at the example on pg 1. "config"

Linux is anal about case.

He shoots and scoores!!!

ok... got it working... i'll keep that in mind... thank you.

[Serge Simon]

i checked and double checked and even triple and then some more...

I get to one resolutin: Autentification error. The users and passwords are correct.

I am using a Z10 os 10.3. i set up the 2 IDs to both IPv4 and email address, i came to the same error. server is started and restarted...
Authentication ID Type: email address
Gateway Auth ID Type: email address

[Serge Simon]

I also got time out when i tried the Test server posted earlier.

[Guyzer]

If you pm me I can help test/configure server. It's most likely another typo considering you did not copy and paste configuration.

Posted via CB10

[Serge Simon]

I am no longer able to connect via Putty.. the keys are not recognised... by keys I mean that i added new ones and deleted old to make them work... no idea... i wish i could erase all to start over...

Actually i look at this as the possibility to learn coding so i will take a crack at it a few more times and re-re-re and re-check everything and if that does not work i will contact you, Guyzer. Thank you!


Is there any method to use this VPN with my Torch 9860?

[BB99USER]

I followed the every step. but I've got -bash: ipsec: command not found at the last stage.

[Rebelllious]

Guys, I got one offer. Right now I am working on a script to make the installation and first run of the Strongswan VPN server completely automatic. For configuration, it will just ask you for the server's IP address, gateway preshared key, user name (one user only, just to test if the server is working at all) and user password.
The part of the procedure including iptables editing is scripted already. Now I am doing the config files editing. Hope to finish everything till the end of the weekend. When finished, I will post the script here.
What do you say about this idea? In my opinion, it should help those not very friendly with *NIX systems (like me at the beginning of this thread).

[Serge Simon]

Guys, I got one offer. Right now I am working on a script to make the installation and first run of the Strongswan VPN server completely automatic. For configuration, it will just ask you for the server's IP address, gateway preshared key, user name (one user only, just to test if the server is working at all) and user password.
The part of the procedure including iptables editing is scripted already. Now I am doing the config files editing. Hope to finish everything till the end of the weekend. When finished, I will post the script here.
What do you say about this idea? In my opinion, it should help those not very friendly with *NIX systems (like me at the beginning of this thread).

if it works i'm in, i am still waiting on my friend to come help me hunt the Autentification failed error...

[BCITMike]

Guys, I got one offer. Right now I am working on a script to make the installation and first run of the Strongswan VPN server completely automatic. For configuration, it will just ask you for the server's IP address, gateway preshared key, user name (one user only, just to test if the server is working at all) and user password.
The part of the procedure including iptables editing is scripted already. Now I am doing the config files editing. Hope to finish everything till the end of the weekend. When finished, I will post the script here.
What do you say about this idea? In my opinion, it should help those not very friendly with *NIX systems (like me at the beginning of this thread).

Would be appreciated. I did successfully set up a server, but it wasn't quick.

Posted via CB10

[Guyzer]

Sounds like a great idea. I'll definitely update the main post with all you provide.

Make it so #1

Posted via CB10

[Rebelllious]

Finished with the script. It is now available at https://www.dropbox.com/s/xk8jaqv67m8h15o/vpn.sh (just in case anybody is interested in its contents, or in order to check there is no Trojan horse in the code). Guys, sorry for absence of comments in the script, I am a little lazy to do this...
So the new procedure for installing Strongswan VPN for BlackBerry 10 is suggested as follows:
Step 1
Repeat all steps Guyzer offers you concerning AWS setup till the moment you log into your server with root.
Step 2 (copy and paste the commands if you feel you could make a typo)
Install wget package to be able to download the installation script.

Code:

yum -y install wget

Run the script directly from the web:

Code:

bash <(wget -qO- --no-check-certificate https://www.dropbox.com/s/xk8jaqv67m8h15o/vpn.sh)

The script will offer you 4 steps for configuring your installation: IP address of your server (found in AWS control panel), gateway pre-shared key, user name and user password. Please, take care when entering this info in order not to make mistakes. Otherwise you will need to abort the script with Ctrl+C combination or get a non-working installation at the end, this leading to a frustration of yours and the need of editing all configuration files on your own.
Pleasant thing: the whole installation process from installing wget till having a working VPN server takes 11 minutes (I did test this on a micro instance 15 minutes ago and this was exactly how long it took me).
Enjoy!

P.S. This work was acomplished as a thanks to Guyser for his help with setting everything up for me at the beginning of this thread. If you feel it help you (I am sure it will!) - you can thank him for his topic and me for my script

[Serge Simon]

Great!

I was actually planning to give this Vpn another try this weekend!

I will try tomorrow and let you know how it goes.

Thank you again!

Posted via CB10

[Guyzer]

You the man. I'm going to update when I get home

Posted via CB10

[Guyzer]

i appreciate all the work you put into the script. I tested it out and it works great.

one question is could you find a host to put the file up on which allows us to direct download with wget/bash implementation.

i tried here on sendspace. not sure if it would work with the bash script
Download vpn.sh from Sendspace.com - send big files the easy way

could you help test?

also there are few other things we could add to the script to make it good on the server. one is adding a few lines to rc.local which would allow us to shutdown the server and start it back up with ipsec autostarting...

though this is where it gets kind of difficult. we need to input the IP into the config for it to be configured properly
we can request the IP with specific linux commands but im not sure how to get themto put them into your script

im tired sorry if this doesnt make any sense....

[Rebelllious]

1. Dropbox is just fine for the purpose of downloading the script with bash. Why would you look for another place? For sure, Dropbox link will last longer, in my opinion.
2. Why do you need several lines to be added to rc.local? My script already has this functionality So, when you use it, the VPN server will start automatically with your server reboot (you can check the last but one line of the script to see this).

Are there any other thing you would suggest improving?
Sure thing there are some. I am planning to make a kind of check for correctness of the data input (offer the person to review and confirm the IP address, gateway key, username and password). But this is not a major task for now, as the major part is done already.

[Guyzer]

1. Dropbox is just fine for the purpose of downloading the script with bash. Why would you look for another place? For sure, Dropbox link will last longer, in my opinion.
2. Why do you need several lines to be added to rc.local? My script already has this functionality So, when you use it, the VPN server will start automatically with your server reboot (you can check the last but one line of the script to see this).

Are there any other thing you would suggest improving?
Sure thing there are some. I am planning to make a kind of check for correctness of the data input (offer the person to review and confirm the IP address, gateway key, username and password). But this is not a major task for now, as the major part is done already.

ohhhh im just tired i must have missed it. well ill try to highlight what can be improved upon.

now when this server stops being free some might like to have the ability to turn the server off for long periods of time when not in use. this would cause the vpn to restart with a new IP which would invalidate the ipsec.config since the ip is now outdated. I remember reading about how linux can take the IP and turn it into a variable which you could use with a script like yours.

so i was just thinking if you could find a way to simplify the setup for the script by removing the need to input the external IP address and just using linux to read it for itself and input it as a variable into your script. i remember reading about this just cant recall right now.

also about dropbox, if you move the location of your file it might mess up with the links on this forum. also another random host might help others be more at peace with security since dropbox can be modified simply by yourself (not that you would do that).

the script is super dope! seriously it made making a vpn a billion times easier. im glad someone figured out how to do it. thanks rebellious for your hard work. Im only recommending these things if you got time. most likely this is just a hobby for you, like myself, and if you are looking for something to do why not.

one other thing I was thinking about adding was a dynamic dns agent to the linux install. this would alllow us to input something generic like "blackberry.dyndns.org" as the ip, and everytime the ip changes (after we restart the sever after a long time) then it would update the IP which links to the hostname "blackberry.dyndns.org". this would make it easier for us to reconnect to those vpns whenever we need them, with less work on the end side.

PROJECT

• Dynamic DNS
• Using Linux to update External IP Automatically
• secure/random host for script

[Rebelllious]

PROJECT

• Dynamic DNS
• Using Linux to update External IP Automatically
• secure/random host for script

1. Looking now into this. If you know any good and free service, let me know.
2. Possible. I have just looked into it and I have a strong belief I will implement this. All I need is to play with it a little.
3. Well, nobody can edit my script in my Dropbox, except me. At least I hope so. In fact, I will not move it anywhere, so this is no problem. Yet, if you need to be 100% secure and sure, I can upload it to my personal website and provide the link to it. But I guess Dropbox is better, as I host my website at home and it might happen electric power goes off - and bump, no script is available... With Dropbox this is unlikely.

[Rebelllious]

The link in the initial post now links to the updated version of the script. It includes the dynamic DNS configuration client (user decides on whether or not to use it). Please be patient. Till I make the complete tutorial on all this stuff, use "no" as your answer to the question the script asks about using dynamic DNS. I will write the tutorial soon, presumably during the weekend.
Now concerning the PROJECT:
1. Done. Tested. Works smooth, needs minimum initial configuration.
2. Done. Tested. Works flawlessly, even keeps initial formatting of the configuration file.
3. I am still convinced of sticking to Dropbox. Any other/better alternative for hosting script? Thinking also of Github as a place to store the script. Any ideas concerning this?

[Richard Buckley]

Just like to give you guys a shout out. Just got around to doing this today and I'm using CB10 through the VPN to post this.

Good work!

Posted via CB10