strongSwan VPN Client

strongSwan VPN Client


Official Android 4+ port of the popular strongSwan VPN solution.

# FEATURES AND LIMITATIONS #

* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is currently not supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS is also supported
* Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN gateway certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the gateway can also be imported directly into the app.
* IKEv2 fragmentation is supported if the VPN gateway supports it (strongSwan does so since 5.2.1)
* The IPsec implementation currently supports the AES-CBC, AES-GCM and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)

Details and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient

# EXAMPLE GATEWAY CONFIGURATION #

This client can be used with the following gateway configuration that is also compatible with the Windows 7+ Agile VPN client:

https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig

But please note that the host name configured with a VPN profile in the app *must be* contained in the gateway certificate as subjectAltName.

# FEEDBACK #

Please post bug reports and feature requests on our wiki: https://wiki.strongswan.org/projects/strongswan/issues
If you do so, please include information about your device (manufacturer, model, OS version etc.).

The log file written by the key exchange daemon can be sent directly from within the application.

Recent changes:
# 1.5.0 #

- Fixes roaming between networks on Android 5 and newer
- New advanced profile settings: MTU, server port, disable split tunneling
- EAP-TNC does not require a client certificate anymore
- Fixes a linker issue on Android M

# 1.4.6 #

- Fixes an information leak vulnerability (refer to our blog for details).

# 1.4.5 #

- Based on strongSwan 5.2.1, which adds e.g. improved MOBIKE handling and support for IKEv2 fragmentation
- Adds basic support for EAP-TLS
- Enables PFS for IPsec SAs
Add to list
Free
85
4.3
User ratings
639
Installs
100,000+
Concerns
0
File size
3616 kb
Screenshots
Screenshot of strongSwan VPN Client Screenshot of strongSwan VPN Client Screenshot of strongSwan VPN Client
About strongSwan VPN Client
Official Android 4+ port of the popular strongSwan VPN solution.

# FEATURES AND LIMITATIONS #

* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is currently not supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS is also supported
* Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN gateway certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the gateway can also be imported directly into the app.
* IKEv2 fragmentation is supported if the VPN gateway supports it (strongSwan does so since 5.2.1)
* The IPsec implementation currently supports the AES-CBC, AES-GCM and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)

Details and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient

# EXAMPLE GATEWAY CONFIGURATION #

This client can be used with the following gateway configuration that is also compatible with the Windows 7+ Agile VPN client:

https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig

But please note that the host name configured with a VPN profile in the app *must be* contained in the gateway certificate as subjectAltName.

# FEEDBACK #

Please post bug reports and feature requests on our wiki: https://wiki.strongswan.org/projects/strongswan/issues
If you do so, please include information about your device (manufacturer, model, OS version etc.).

The log file written by the key exchange daemon can be sent directly from within the application.

Recent changes:
# 1.5.0 #

- Fixes roaming between networks on Android 5 and newer
- New advanced profile settings: MTU, server port, disable split tunneling
- EAP-TNC does not require a client certificate anymore
- Fixes a linker issue on Android M

# 1.4.6 #

- Fixes an information leak vulnerability (refer to our blog for details).

# 1.4.5 #

- Based on strongSwan 5.2.1, which adds e.g. improved MOBIKE handling and support for IKEv2 fragmentation
- Adds basic support for EAP-TLS
- Enables PFS for IPsec SAs

Android Market Comments
A Google User
Jul 29, 2015
Good but issues moving between wifi/3g On Android >= 5.0.1 there is a problem when moving between wifi and mobile networks, forcing you to restart the connection manually. I see there is an issue #865 registered in their bug tracker so guess it will be fixed soon.
A Google User
Jun 9, 2015
Data problems Good at getting me on to my VPN but is using way to much data. Even when connected to Wi-Fi it still ate through 80MBs on my cell network. This is a serious problem that needs to be fixed.
A Google User
Jun 4, 2015
MotoX 2014 Running Android 5.1. Looking @ my Battery Stats right now. I have used 86% today (14% left). strongSwan is at the TOP of the Battery Useage with 21%. I've cleared cache several times over the last few days, and still similar battery useage. I love this program otherwise, but this high battery usage is making it unuseable. UPDATE: Didn't realize high battery usage was unavoidable with an App like this. The App is otherwise FANTASTIC, so revising my rating to 5 Stars. Leaving in the information on Battery Drain so others can be forewarned/prepared.
A Google User
Jun 4, 2015
Flawless! I could not get Android's native VPN to work. In contrast, everything worked right away with the strongswan client. The access to logs, which greatly simplifies debugging is just the cherry on top.
A Google User
Jun 1, 2015
Battery Usage!!!! MotoX 2014 Running Android 5.1. Looking @ my Battery Stats right now. I have used 86% today (14% left). strongSwan is at the TOP of the Battery Useage with 21%. I've cleared cache several times over the last few days, and still similar battery useage. I love this program otherwise, but this high battery usage is making it unuseable. Will update rating when/if addressed.