[strongSwan] native android vpn client

Noel Kuntze noel at familie-kuntze.de
Thu Sep 18 19:14:58 CEST 2014

Hash: SHA256

Hello Cindy,

Yes, that is possible.
Most native VPN clients on Windows can only handle IKEv1.
Take that into account when configuring strongswan.
There are diverse versions of the native Android IPsec VPN client, capable of
different authentication schemes.
The thing with the credentials is, that you probably chose to create a profile with XAUTH in it.
XAUTH needs user credentials. If you don't want to have to supply those, you need to use a third party app
or try to find an IPsec profile on that phone that doesn't include XAUTH or EAP
(EAP in case the native VPN client on that phone can handle IKEv2).

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 16.09.2014 um 07:44 schrieb Cindy Moore:
> Is it possible to set up the vpn connection with Android's own vpn
> client (and NOT the strongswan app)?  I am finding conflicting
> information that suggests that at one point it did, but I am not clear
> if that is still the case.
> In setting up a vpn connection with L2TP/IpSEC with RSA, I find that
> the android vpn keeps demanding a username and password, even though I
> have installed the RSA certificates and included them in the vpn
> setup.  I have no idea where it thinks there's a username/password, or
> where to set that up, or how to get it to stop asking for that.
> (Note that the android strongswan app *does work* with this
> certificate and the current ipsec.conf, ipsec version 5.1.2)
> [More generally, I am attempting to set things up so that folks in my
> dept can connect to the vpn using native vpn apps on their respective
> OS.  I'm trying to avoid requiring users to install specific software
> to simplify the whole process.  I'm using RSA certificates so that I
> can ultimately assign specific IP addresses to individual users, but
> right now I'd be deliriously happy to just get the connections set up.
> I've got Linux down, questions on OS X, and am trying to get iPhone
> and Android going. At some point I'll also try to get Windows
> working.]
> Thanks muchly
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

Version: GnuPG v2


More information about the Users mailing list