strongSwan VPN Client

strongSwan VPN Client


Official Android 4+ port of the popular strongSwan VPN solution.

# FEATURES AND LIMITATIONS #

* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is currently not supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA private key/certificate authentication to authenticate users
* Combined RSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN gateway certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the gateway can also be imported directly into the app.
* The IPsec implementation currently supports the AES-CBC, AES-GCM and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)

# EXAMPLE GATEWAY CONFIGURATION #

This client can be used with the following gateway configuration that is also compatible with the Windows 7 Agile VPN client:

http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig

But please note that the host name configured with a VPN profile in the app *must be* contained in the gateway certificate as subjectAltName.

# FEEDBACK #

Please post bug reports and feature requests on our wiki: http://wiki.strongswan.org/projects/strongswan/issues
If you do so, please include information about your device (manufacturer, model, OS version etc.).

The log file written by the key exchange daemon can be sent directly from within the application.

Recent changes:
# 1.4.0 #

- Adds the ability to import CA and server certificates directly into the app. On Android 4.4+ the SAF is used to allow users to browse for certificate files. On older systems the files may be opened from third-party file managers
- The GUI now indicates if the connection is being reestablished
- A DNS proxy resolves the VPN server's hostname while reestablishing (plaintext is blocked otherwise)
- Supports ECDSA private keys on recent Android systems (verified on Android 4.4.4)
Add to list
Free
84
4.2
User ratings
382
Installs
50,000+
Concerns
0
File size
2238 kb
Screenshots
Screenshot of strongSwan VPN Client Screenshot of strongSwan VPN Client Screenshot of strongSwan VPN Client

About strongSwan VPN Client
Official Android 4+ port of the popular strongSwan VPN solution.

# FEATURES AND LIMITATIONS #

* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is currently not supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA private key/certificate authentication to authenticate users
* Combined RSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN gateway certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the gateway can also be imported directly into the app.
* The IPsec implementation currently supports the AES-CBC, AES-GCM and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)

# EXAMPLE GATEWAY CONFIGURATION #

This client can be used with the following gateway configuration that is also compatible with the Windows 7 Agile VPN client:

http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig

But please note that the host name configured with a VPN profile in the app *must be* contained in the gateway certificate as subjectAltName.

# FEEDBACK #

Please post bug reports and feature requests on our wiki: http://wiki.strongswan.org/projects/strongswan/issues
If you do so, please include information about your device (manufacturer, model, OS version etc.).

The log file written by the key exchange daemon can be sent directly from within the application.

Recent changes:
# 1.4.0 #

- Adds the ability to import CA and server certificates directly into the app. On Android 4.4+ the SAF is used to allow users to browse for certificate files. On older systems the files may be opened from third-party file managers
- The GUI now indicates if the connection is being reestablished
- A DNS proxy resolves the VPN server's hostname while reestablishing (plaintext is blocked otherwise)
- Supports ECDSA private keys on recent Android systems (verified on Android 4.4.4)

Visit Website
User reviews of strongSwan VPN Client
Write the first review for this app!
Android Market Comments
A Google User
Jul 19, 2014
It just works
A Google User
Jun 13, 2014
Nexus 5谷歌服務更新后不能鏈接 Nexus 5谷歌服務更新后,由於安全機制改變,封鎖了VPN連接確認按鈕,希望尽快更新解决!
A Google User
Jun 13, 2014
Works. Got this working after wasting a few hours wrestling with Android's built-in VPN settings.
A Google User
Jun 11, 2014
Stops working with android 4.4.3 Please fix it.
A Google User
Feb 22, 2014
Time wasting app