First, install Ubuntu. E.g. v14.04 LTS, server edition, as a virtual machine, with static LAN IP.

Run these commands to install StrongSwan:

Firewall settings:

After installing iptables-persistent, confirm to save the current rules when finishing the wizard.

Open /etc/sysctl.conf with vi or nano and modify or add these lines:

Move ipsec.conf and strongswan.conf original files:

New content for /etc/ipsec.conf:

New content for /etc/strongswan.conf:


New content for /etc/ipsec.secrets:


Configure your firewall / router: Open incoming UDP ports 500 and 4500 to be redirected to your VPN server’s local IP address.

Open your BB10 mobile’s connection settings and create a new VPN profile:

Profile Name (free choice)
Server Address your public IP or domain
Gateway Type Generic IKEv2 VPN Server
Authentication Type EAP-MSCHAPv2
Authentication ID Type E-Mail (can be anything)
MSCHAPv2 EAP Identity (can be anything)
MSCHAPv2 Username alice (username in ipsec.secrets)
MSCHAPv2 Password FREE_CHOICE2 (alice’s password in ipsec.secrets)
Gateway Auth Type PSK
Gateway Auth ID Type IPv4
Gateway Preshared Key (PSK password in ipsec.secrets)

Leave the default values for the other settings.

For testing, make sure you have disabled your local WiFi access.


  [email protected]