[strongSwan] ikev2 vpn using PKI auth with a Blackberry Z10

Tobias Brunner tobias at strongswan.org
Thu Sep 5 11:00:15 CEST 2013


> It looks like I can't communicate with the server at all from the z10,
> and vice versa.  I will try and work this out on my own when I have more
> time.  Let me know if you have any suggestions to improve my current config.

leftsourceip has no effect on the server.  Due to your leftsubnet
setting the server will use its address in the subnet
inside the tunnel.  leftid=%any has no effect either, the identity will
fall back to the server certificate's DN.  I'm also not sure what
exactly you want to achieve with your rightsubnet/rightsourceip settings.

I recommend you read [1] and [2], and refer to [3] for some IKEv2 config


[1] http://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp
[3] http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2Examples

More information about the Users mailing list