BlackBerry OS 10 » History » Version 7
Version 6 (ValdikSS ValdikSS, 17.10.2015 21:25) → Version 7/8 (ValdikSS ValdikSS, 17.10.2015 21:26)
h1. BlackBerry OS 10
Blackberry 10 supports Cisco IKEv1 with XAUTH-PSK and XAUTH-PKI and IKEv2 with PSK, PKI, EAP-TLS and EAP-MSCHAPv2 authentication. You should choose "Generic IKEv2 VPN Server" as a gateway type for IKEv2. IPv6 is not supported.
Both server and client could be authenticated by IPv4 address, FQDN, Email in certificate, General or Distinguished name.
For BlackBerry OS 10 to accept a server certificate, it has to contain the serverAuth flag in the EKU (Extended Key Usage) field.
A client certificate needs to have clientAuth set in the EKU field.
Works fine with the following config:
<pre>
conn %default
# left - local (server) side
left=%any
leftauth=pubkey
leftcert=your_cert.crt
leftsendcert=always
leftsubnet=0.0.0.0/0
# right - remote (client) side
right=%any
rightauth=pubkey
rightsourceip=192.168.103.0/24
rightdns=8.8.8.8
conn ikev2-pubkey
keyexchange=ikev2
auto=add
</pre>
Blackberry 10 supports Cisco IKEv1 with XAUTH-PSK and XAUTH-PKI and IKEv2 with PSK, PKI, EAP-TLS and EAP-MSCHAPv2 authentication. You should choose "Generic IKEv2 VPN Server" as a gateway type for IKEv2. IPv6 is not supported.
Both server and client could be authenticated by IPv4 address, FQDN, Email in certificate, General or Distinguished name.
For BlackBerry OS 10 to accept a server certificate, it has to contain the serverAuth flag in the EKU (Extended Key Usage) field.
A client certificate needs to have clientAuth set in the EKU field.
Works fine with the following config:
<pre>
conn %default
# left - local (server) side
left=%any
leftauth=pubkey
leftcert=your_cert.crt
leftsendcert=always
leftsubnet=0.0.0.0/0
# right - remote (client) side
right=%any
rightauth=pubkey
rightsourceip=192.168.103.0/24
rightdns=8.8.8.8
conn ikev2-pubkey
keyexchange=ikev2
auto=add
</pre>