BlackBerry OS 10 » History » Version 6
Version 5 (Noel Kuntze, 03.10.2015 00:41) → Version 6/8 (ValdikSS ValdikSS, 17.10.2015 21:25)
h1. BlackBerry OS 10
Blackberry 10 supports Cisco IKEv1 with XAUTH-PSK and XAUTH-PKI and IKEv2 with PSK, PKI, EAP-TLS and EAP-MSCHAPv2 authentication. You should choose "Generic IKEv2 VPN Server" as a gateway type for IKEv2. type.
Both server and client Server could be authenticated by IPv4 address, FQDN, Email in certificate, General or Distinguished name.
For BlackBerry OS 10 to accept a server certificate, it has to contain the serverAuth flag in the EKU (Extended Key Usage) field.
A client certificate needs to have clientAuth set in the EKU field.
Works fine with the following config:
<pre>
conn %default
# left - local (server) side
left=%any
leftauth=pubkey
leftcert=your_cert.crt
leftsendcert=always
leftsubnet=0.0.0.0/0
# right - remote (client) side
right=%any
rightauth=pubkey
rightsourceip=192.168.103.0/24
rightdns=8.8.8.8
conn ikev2-pubkey
keyexchange=ikev2
auto=add
</pre>
Blackberry 10 supports Cisco IKEv1 with XAUTH-PSK and XAUTH-PKI and IKEv2 with PSK, PKI, EAP-TLS and EAP-MSCHAPv2 authentication. You should choose "Generic IKEv2 VPN Server" as a gateway type for IKEv2. type.
Both server and client Server could be authenticated by IPv4 address, FQDN, Email in certificate, General or Distinguished name.
For BlackBerry OS 10 to accept a server certificate, it has to contain the serverAuth flag in the EKU (Extended Key Usage) field.
A client certificate needs to have clientAuth set in the EKU field.
Works fine with the following config:
<pre>
conn %default
# left - local (server) side
left=%any
leftauth=pubkey
leftcert=your_cert.crt
leftsendcert=always
leftsubnet=0.0.0.0/0
# right - remote (client) side
right=%any
rightauth=pubkey
rightsourceip=192.168.103.0/24
rightdns=8.8.8.8
conn ikev2-pubkey
keyexchange=ikev2
auto=add
</pre>