[strongSwan] ikev2 vpn using PKI auth with a Blackberry Z10

Tobias Brunner tobias at strongswan.org
Thu Sep 5 11:00:15 CEST 2013


Hi,

> It looks like I can't communicate with the server at all from the z10,
> and vice versa.  I will try and work this out on my own when I have more
> time.  Let me know if you have any suggestions to improve my current config.

leftsourceip has no effect on the server.  Due to your leftsubnet
setting the server will use its address in the 192.168.16.0/24 subnet
inside the tunnel.  leftid=%any has no effect either, the identity will
fall back to the server certificate's DN.  I'm also not sure what
exactly you want to achieve with your rightsubnet/rightsourceip settings.

I recommend you read [1] and [2], and refer to [3] for some IKEv2 config
samples.

Regards,
Tobias

[1] http://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp
[2]
http://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
[3] http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2Examples




More information about the Users mailing list