BlackBerry OS 10 » History » Version 7
ValdikSS ValdikSS, 17.10.2015 21:26
| 1 | 2 | ValdikSS ValdikSS | h1. BlackBerry OS 10 |
|---|---|---|---|
| 2 | 2 | ValdikSS ValdikSS | |
| 3 | 7 | ValdikSS ValdikSS | Blackberry 10 supports Cisco IKEv1 with XAUTH-PSK and XAUTH-PKI and IKEv2 with PSK, PKI, EAP-TLS and EAP-MSCHAPv2 authentication. You should choose "Generic IKEv2 VPN Server" as a gateway type for IKEv2. IPv6 is not supported. |
| 4 | 6 | ValdikSS ValdikSS | Both server and client could be authenticated by IPv4 address, FQDN, Email in certificate, General or Distinguished name. |
| 5 | 3 | ValdikSS ValdikSS | |
| 6 | 5 | Noel Kuntze | For BlackBerry OS 10 to accept a server certificate, it has to contain the serverAuth flag in the EKU (Extended Key Usage) field. |
| 7 | 5 | Noel Kuntze | A client certificate needs to have clientAuth set in the EKU field. |
| 8 | 5 | Noel Kuntze | |
| 9 | 3 | ValdikSS ValdikSS | Works fine with the following config: |
| 10 | 3 | ValdikSS ValdikSS | |
| 11 | 3 | ValdikSS ValdikSS | <pre> |
| 12 | 3 | ValdikSS ValdikSS | conn %default |
| 13 | 3 | ValdikSS ValdikSS | # left - local (server) side |
| 14 | 3 | ValdikSS ValdikSS | left=%any |
| 15 | 3 | ValdikSS ValdikSS | leftauth=pubkey |
| 16 | 3 | ValdikSS ValdikSS | leftcert=your_cert.crt |
| 17 | 3 | ValdikSS ValdikSS | leftsendcert=always |
| 18 | 3 | ValdikSS ValdikSS | leftsubnet=0.0.0.0/0 |
| 19 | 3 | ValdikSS ValdikSS | |
| 20 | 3 | ValdikSS ValdikSS | # right - remote (client) side |
| 21 | 3 | ValdikSS ValdikSS | right=%any |
| 22 | 3 | ValdikSS ValdikSS | rightauth=pubkey |
| 23 | 3 | ValdikSS ValdikSS | rightsourceip=192.168.103.0/24 |
| 24 | 3 | ValdikSS ValdikSS | rightdns=8.8.8.8 |
| 25 | 3 | ValdikSS ValdikSS | |
| 26 | 3 | ValdikSS ValdikSS | conn ikev2-pubkey |
| 27 | 3 | ValdikSS ValdikSS | keyexchange=ikev2 |
| 28 | 3 | ValdikSS ValdikSS | auto=add |
| 29 | 4 | ValdikSS ValdikSS | </pre> |