OfficialAndroid4+portofthepopularstrongSwanVPNsolution.
#FEATURESANDLIMITATIONS#
*UsestheVpnServiceAPIfeaturedbyAndroid4+.Devicesbysomemanufacturersseemtolacksupportforthis-strongSwanVPNClientwon'tworkonthesedevices!
*UsestheIKEv2keyexchangeprotocol(IKEv1isnotsupported)
*UsesIPsecfordatatraffic(L2TPisnotsupported)
*FullsupportforchangedconnectivityandmobilitythroughMOBIKE(orreauthentication)
*Supportsusername/passwordEAPauthentication(namelyEAP-MSCHAPv2,EAP-MD5andEAP-GTC)aswellasRSA/ECDSAprivatekey/certificateauthenticationtoauthenticateusers,EAP-TLSwithclientcertificatesisalsosupported
*CombinedRSA/ECDSAandEAPauthenticationissupportedbyusingtwoauthenticationroundsasdefinedinRFC4739
*VPNservercertificatesareverifiedagainsttheCAcertificatespre-installedorinstalledbytheuseronthesystem.TheCAorservercertificatesusedtoauthenticatetheservercanalsobeimporteddirectlyintotheapp.
*IKEv2fragmentationissupportediftheVPNserversupportsit(strongSwandoessosince5.2.1)
*Split-tunnelingallowssendingonlycertaintrafficthroughtheVPNand/orexcludingspecifictrafficfromit
*Per-appVPNallowslimitingtheVPNconnectiontospecificapps,orexcludethemfromusingit
*TheIPsecimplementationcurrentlysupportstheAES-CBC,AES-GCM,ChaCha20/Poly1305andSHA1/SHA2algorithms
*Passwordsarecurrentlystoredascleartextinthedatabase(onlyifstoredwithaprofile)
*VPNprofilesmaybeimportedfromfiles(thisistheonlyreasonwhytheapprequestsandroid.permission.READ_EXTERNAL_STORAGE)
Detailsandachangelogcanbefoundonourwiki:https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
#EXAMPLESERVERCONFIGURATION#
Exampleserverconfigurationsmaybefoundonourwiki:https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
Pleasenotethatthehostname(orIPaddress)configuredwithaVPNprofileintheapp*mustbe*containedintheservercertificateassubjectAltNameextension.
#FEEDBACK#
Pleasepostbugreportsandfeaturerequestsonourwiki:https://wiki.strongswan.org/projects/strongswan/issues
Ifyoudoso,pleaseincludeinformationaboutyourdevice(manufacturer,model,OSversionetc.).
Thelogfilewrittenbythekeyexchangeservicecanbesentdirectlyfromwithintheapplication.
Show More