[strongSwan] Working config for integrated Android IPSec Client
Bharath Kumar
cbkumar at gmail.com
Thu Apr 18 02:55:10 CEST 2013
Hi Noel,
Yes, Android 4.x built-in client works fine with Strongswan with
xauthrsasig.
This (below) works fine for me. I use PAM for XAUTH but you could choose to
have local users in ipsec.secrets if you wish.
conn android_profile
keyexchange=ikev1
auto=add
authby=xauthrsasig
xauth=server
left=%defaultroute
leftsubnet=10.12.0.0/16
leftcert=myvpnservercert.pem
right=%any
rightsourceip=%virtualippool
rightsubnet=192.168.0.0/24
rightcert=AndroidClientCert.pem
rightauth=pubkey
rightauth2=xauth-pam
The virtualippool is created using the "ipsec pool" command. Note that
you'd have to setup the sqlite3 database for which you'd need attr-sql and
sqlite plugins. I referred to this for mine.
https://lists.strongswan.org/pipermail/users/2010-October/005425.html
Once you have that, you just have to install AndroidClientCert.pem and the
CA cert on your Android device and configure the VPN (Strongswan) Gateway
address, the certificates, and the username and password and it should just
work fine. Just start the VPN connection and start using the app.
Thanks,
Bharath Kumar
On Wed, Apr 17, 2013 at 3:31 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
> Hello,
>
> I'm looking fir working configuration for xauthrsasig for the Android
> 4.x integrated IPsec clients.
> I'm trying to find out, if apps for android can communicate over vpn, if
> the integrated vpn client is used.
>
> Regards,
> Noel
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130417/a687502e/attachment.html>
More information about the Users
mailing list