Knowledgebase

Portal Home > Knowledgebase > VPN - All platforms > Setting up on Blackberry


Setting up on Blackberry




While BlackBerry can connect to the VPN, the number of applications that can use the VPN are VERY limited. The VPN only works with WiFi.

Requirements:

  1. Ability to install the P12 certificate. (Re-)Install Blackberry Desktop Manager 5.01, choose a "custom" install so you can enable the "Certificate Synchronization" feature. Version 6.0 does NOT have this feature; you'll have to downgrade to 5.01. (Supposedly it's also possible to install the certificate through e-mail or by copying it to the Media Card, but this did not work for us. It resulted in the error "error reading file". See KB18586KB23666 on the Blackberry website).
  2. Your phone's key store password. If you've never used your key store, the phone will ask you to configure a key store password. If you've used it in the past, you'll have to remember the old password.

Installing the personal identity certificate:

  1. Download the P12 certificate from https://12vpn.com/bb/ and save it to your computer (don't open it). The file will be called something like "vpn123456.v2.p12".
  2. Start the Blackberry Desktop Manager 5.01. (Version 6.0 will NOT work.)
  3. Connect your phone and wait for the Desktop Manager to establish a connection.
  4. Click "Synchronize Certificates". (You may be asked to provide your key store password.)
  5. The Desktop Manager will start to load the certificates, this can take a few minutes.
  6. Click import certificate.
  7. Import the certificate you downloaded in step 1. (You will have to change the filter in the file select window from "Certificates" to "Personal Information Exchange" to be able to see the P12 file.
  8. You will be asked for the private key password. The certificate password is "import" (without the quotes).
  9. After importing the certificate, click "Synchronize". (You may be asked to provide your key store password.)
  10. Exit the Blackberry Desktop Manager and disconnect your phone.

Trusting the certificate:

Before the Blackberry allows you to use the imported certificate for VPN usage, you'll have to tell the Blackberry that you "trust" it.

  1. Go to Options->Security Options->Advanced Security Options->Certificates
  2. Highlight the "VPN Services" certificate (usually at the bottom of the list).
  3. Press the Blackberry button to reveal the menu.
  4. Select "Trust" and confirm by selecting "OK".
  5. The "VPN Services" certificate should now have a "?" symbol in front of it. (It was an "x" symbol before).
  6. Repeat this procedure for the "*.12vpn.com" certificate.

Create the VPN profile:

  1. Go to Options->Security Options->Advanced Security Options->VPN
  2. Press the BlackBerry button and select "New" from the menu.
  3. Select "Cisco VPN Concentrator 3000 Series" when asked for the vendor type.
  4. Match our profile settings:
    1. Name: Fremont
    2. Gateway type: "Cisco VPN Concentrator 3000 Series" ("Cisco IOS with Easy VPN Server" may also work.)
    3. Concentrator address: ifmg.12vpn.com
    4. Group name:
    5. Group password:
    6. User name: vpn
    7. User password: vpn
    8. Save passphrase: enabled
    9. Client certificate: vpn123456.12vpn.com
    10. CA certificate: VPN Services
    11. Dynamically determine DNS: enabled
    12. IP address:
    13. Subnet mask:
    14. Primary DNS:
    15. Secondary DNS:
    16. Domain name:
    17. IKE DH group: Group 2
    18. IKE cipher: AES (128-bit key)
    19. IKE hash: HMAC MD5 (128-bits)
    20. Perfect Forward Secrecy: disabled
    21. IPSec crypto and hash suite: AES128-SHA1
    22. Nat timeout (in minutes): 1
    23. Use hard token: disabled
    24. Software Token Serial Number:
    25. Disable VPN banner: disabled
  5. Press the Blackberry button and save the profile. (You may be asked for your key store password).

Select the VPN profile in your WiFi settings:

  1. Go to Options->WiFi
  2. Select the WiFi network you wish to use with the VPN.
  3. Press the Blackberry button and select "Edit".
  4. Scroll down to "VPN profile" and select the VPN profile you created earlier.
  5. Press the Blackberry button and select "Save".

Starting the VPN:

  1. Go back to Options->Security Options->Advanced Security Options->VPN
  2. Select "Log In"

Using the VPN:

Most BlackBerry applications bypass the VPN and fail to work. We've tested the following applications to work properly:

  1. TwitterBerry/Openbeak: in the Configuration screen set the Twitter Connection Mode to WiFi. Also enable "Use HTTPS connections to Twitter".

Common problems:

  • Error on VPN screen: "VPN state: Profile is missing or not specified". This usually means that you did not select the VPN profile in a WiFi profile. Edit your WiFi profile and select the VPN there, then go back to the VPN screen.
  • Error on VPN screen: "Error - General". It's unclear what causes this, but we could only get rid of it by removing the VPN profile entirely and creating it from scratch.

Diagnostics:

If you want to know your internal VPN IP address you can view this in the WiFi Diagnostic screen:

  1. Go to Option->WiFi
  2. Press the Blackberry button and select WiFi-Tools -> WiFi Diagnostics

 



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Additional Viscosity licenses (Views: 512)
OpenVPN: creating a split configuration (Views: 457)
OpenVPN error: TLS Error: local/remote TLS keys are out of sync (Views: 2660)
Installing Shrew on Windows XP (Views: 1395)
OpenVPN and Norton Personal Firewall (Views: 716)