[strongSwan] native android vpn client

Noel Kuntze noel at familie-kuntze.de
Thu Sep 18 19:14:58 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Cindy,

Yes, that is possible.
Most native VPN clients on Windows can only handle IKEv1.
Take that into account when configuring strongswan.
There are diverse versions of the native Android IPsec VPN client, capable of
different authentication schemes.
The thing with the credentials is, that you probably chose to create a profile with XAUTH in it.
XAUTH needs user credentials. If you don't want to have to supply those, you need to use a third party app
or try to find an IPsec profile on that phone that doesn't include XAUTH or EAP
(EAP in case the native VPN client on that phone can handle IKEv2).

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 16.09.2014 um 07:44 schrieb Cindy Moore:
> Is it possible to set up the vpn connection with Android's own vpn
> client (and NOT the strongswan app)?  I am finding conflicting
> information that suggests that at one point it did, but I am not clear
> if that is still the case.
>
> In setting up a vpn connection with L2TP/IpSEC with RSA, I find that
> the android vpn keeps demanding a username and password, even though I
> have installed the RSA certificates and included them in the vpn
> setup.  I have no idea where it thinks there's a username/password, or
> where to set that up, or how to get it to stop asking for that.
>
> (Note that the android strongswan app *does work* with this
> certificate and the current ipsec.conf, ipsec version 5.1.2)
>
>
> [More generally, I am attempting to set things up so that folks in my
> dept can connect to the vpn using native vpn apps on their respective
> OS.  I'm trying to avoid requiring users to install specific software
> to simplify the whole process.  I'm using RSA certificates so that I
> can ultimately assign specific IP addresses to individual users, but
> right now I'd be deliriously happy to just get the connections set up.
> I've got Linux down, questions on OS X, and am trying to get iPhone
> and Android going. At some point I'll also try to get Windows
> working.]
>
> Thanks muchly
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUGxMSAAoJEDg5KY9j7GZYYwoP/iK/Uv0PQSIR3VRMACMRtOz5
jjc9KBEF3YuJ2yUWwOlCG3uekFcHXULCS6yI1lqayqKcnrtOeG1ZG2PNiLITmKJJ
g4MEHBLLNOi0bJp9QAqrSEm4X4mt2WrNKJObcyiZe06WjFfpV5vXJt3hCO59HpYm
BZei+qDzvjPFAHmY5FSp1n4MHlKCE02ZqkaeMMt/oO2DE+qX24frPGqRM7v2VrtH
Fqo4x0V5t4KkeXj427RQJyvvWXeMMUxGe6/SYqKb6rd5TwVv3+4URZQ1PxVoz3Xs
4rimtx7SZVuD+MZvL7ln5J0CLyrY4IPK2msuPyKFiiiovObJXqUNzvYpeVDTzwOw
cXeXRjr/7G3rv0XmganmfTKkzuK91+w9eQ5dTNKMVpSQMQd65LT2BbC+93vrCCQ9
ozELXTvDpM7i9t+f62vbW+nrQX+Ln4SZQ8ovh0k8BX52FYSyvOs4kTs2G6BIxAq5
8GbyyfQ+xEL99o15JGuic+yT5u58vgVrw8htxMTe2RLlHoT//BADp/xpvPVads9Q
4bExSVRbs9X5Ek98YKGIJjyd8rl3HXx+dRf0NJfGwrX4NEZ3f7hf/nEdyS32xCwa
3Zxj045cc5QwZmnKd8iE0LW3+NNpKKhA2W4CuYShNUQP5Rx+tMM7ToHhVgTYd4L2
HIcvUmhDY92aWpxx0isE
=CwzT
-----END PGP SIGNATURE-----




More information about the Users mailing list