strongSwan VPN Client for Android 4+

The strongSwan VPN Client for Android 4 and newer is an app that can be downloaded directly from Google Play.

Client Configuration

Since version 1.8.0 of the app it is possible to import VPN profiles from files.

Client certificates and keys, and CA certificates may be added by bundling them into a PKCS#12 file and then importing that file into the Android system keystore. CA certificates and server certificates may also be imported directly into the app since 1.4.0. Importing CA certificates into the Android system keystore may trigger a warning since Android 4.4 (Network may be monitored by an unknown third party), whereas importing CA certificates directly into the app will work fine.

The app allows creating shortcuts to initiate individual VPN profiles. These can be added to the launcher to quickly start specific connections. In combination with apps such as Llama or Tasker they also enable triggering VPN connections based on e.g. location, WiFi hotspots, system start or other events.

Server Configuration

The app is compatible to the Windows example configurations we provide. Since strongSwan 5.2.1 and version 1.4.5 of the app fragmentation=yes may be added to the server config to use IKEv2 fragmentation, which avoids problems with IP fragmentation during connection establishment (due to large certificates or lots of certificate requests).

Important: The hostname/IP of the VPN server, as configured in the VPN profile, has to be contained as subjectAltName extension in the VPN server's certificate. Since 1.6.0 the server identity may also be configured explicitly.

Known Limitations/Issues

  • Only IKEv2 is supported
  • Client authentication is limited to:
    • EAP authentication based on username/password (EAP-MSCHAPv2, EAP-MD5, EAP-GTC)
    • RSA/ECDSA authentication with private key/certificate
    • EAP-TLS with private key/certificate (see 1.4.5 for limitations)
  • The server always has to be authenticated with RSA/ECDSA (even when using EAP-TLS, see 1.4.5)
  • Split tunneling has to be enforced by the VPN server (the client proposes 0.0.0.0/0 as remote traffic selector), since 1.5.0 the user may opt to block all traffic not destined for the VPN if the server does narrow the traffic selector.
  • Only a single tunnel can be established at a time
  • The IPsec proposal is limited to AES encryption with SHA2/SHA1 data integrity or AES-GCM authenticated encryption. Optionally, using PFS with one of a number of proposed ECP/MODP DH groups.
  • The app is not compatible with Google's Project Fi, which provides its own always-on VPN connection. To use the app this to be disabled first using the following procedure.

  • Note: There are some serious issues on Android 4.4 before 4.4.3 (see #462)
  • If you have problems with the app, find bugs or have feature requests you may open a new issue report (please use the search function first to avoid duplicates). You may also send us the log file via email directly from within the app.

Further Information

Changelog

1.8.0 (2017-01-20)

1.7.2 (2016-12-10)

  • Re-adds support for the ECC Brainpool DH groups (BoringSSL doesn't provide these)

1.7.1 (2016-12-09)

  • Fixes a crash (regarding libtpmtss.so) on older Android systems

1.7.0 (2016-12-08)

  • Adds a permanent notification while connected (or connecting) that shows the current status and which allows running the VpnService instance as foreground service. This in turn should prevent Android from terminating it when low on memory.
  • Supports the ChaCha20/Poly1305 AEAD and Curve25519 DH algorithms
  • Properly validates entered server port and MTU values in the GUI
  • Logs the installed DNS servers
  • Uses BoringSSL instead of OpenSSL
  • Based on strongSwan 5.5.1

1.6.2 (2016-05-06)

  • Fixes a crash when importing CA/server certificates via SAF

1.6.1 (2016-05-04)

  • Fixes an interoperability issue with Windows Server. 5.4.0 changed the order of the algorithms in the default IKE proposal. Algorithms that provide a security of less than 128-bit were moved to the end of the list. Now Windows Server 2012 R2 (in its default configuration at least) only supports modp1024. The problem is that Microsoft's IKEv2 implementation only seems to consider the first fifteen algorithms of a specific transform type in the proposal. Because strongSwan supports quite a lot of DH groups and due to the reordering modp1024 was now at position 17 in the proposal, which meant Microsoft Server rejected the IKE_SA_INIT message with a NO_PROPOSAL_CHOSEN error. This has been fixed by removing some of the weaker and rarely used DH groups from the default proposal (fae18fd201).
  • Also corrects the label for the password field in the login dialog

1.6.0 (2016-05-02)

  • Based on 5.4.0, which e.g. adds support for IKEv2 redirection
  • Configuration of the server identity. If it is set the identity is sent as IDr during authentication and must match the server's identity exactly (i.e. it disables loose identity matching against all subjectAltNames, see #1268)
  • Selection of the client identity if certificate authentication is used (see #1403)
  • GUI changes:
    • Removed the progress dialogs during dis-/connecting
    • Redesign of the profile editor (reordered, floating labels, helper texts, "gateway"->"server")
    • Tabs in CA certificate manager have been updated (sliding tabs with ViewPager)
    • Switched to the AppCompat theme (Material-like)
  • Increases the NAT-T keepalive interval to 45s (#1326), no attempt to send keepalives is made anymore if there is no connectivity
  • Fixed the font in the log view on Android 5+
  • Native 64-bit build

1.5.0 (2015-07-28)

  • Based on 5.3.2
  • Roaming between networks on Android 5 and newer has been fixed (#865)
  • Adds new advanced profile settings:
    • A custom MTU can be specified (currently between 1280 and 1500)
    • The server port can be changed (default is 500, with a switch to 4500 - there is no switch if a custom port is set), #847
    • Split tunneling can be disabled by blocking all traffic that is not destined for the VPN
      • Only on Android 5 and newer will split tunneling fully work if only one address family is tunneled via VPN (#782)
  • Sets the preferred language for remediation instructions to the system language
  • EAP-TNC does not require a client certificate anymore
  • Fixes a linker issue on Android M

1.4.6 (2015-06-08)

1.4.5 (2014-11-06)

  • Based on 5.2.1 including improved MOBIKE handling and support for IKEv2 fragmentation
  • Enables optional PFS for IPsec SAs. Proposed are cipher suites with and without DH groups, so it's up to the VPN server whether PFS is used or not.
  • Adds basic support for EAP-TLS. Limitations are:
    • EAP-only authentication is not allowed because the AAA identity is not configurable. So to prevent anyone with a valid certificate from impersonating the AAA server and thus the VPN server, the server is authenticated with a certificate (like we do with other authentication methods)
    • It's currently not possible to select a specific CA certificate to authenticate the AAA server certificate, so it either must be issued by the same CA as that of the VPN server or automatic CA certificate selection must be enabled in the VPN profile

1.4.0 (2014-07-22)

  • Adds the ability to import CA and server certificates directly into the app. On Android 4.4+ the SAF is used to allow users to browse for certificate files (if the MIME-type is not set properly the advanced view has to be used to see all files). On older systems the files may be opened from third-party file managers
  • The GUI indicates if the connection is being reestablished
  • A DNS proxy resolves the VPN server's hostname while reestablishing (plaintext is blocked otherwise)
  • Supports ECDSA private keys on recent Android systems (tested on Android 4.4.4)

1.3.4 (2014-04-25)

  • Based on 5.1.3 (fixes a security vulnerability)
  • Links libcrypto (OpenSSL) statically
  • Doesn't limit the number of packets during EAP-TTLS

1.3.3 (2013-11-13)

  • Based on 5.1.1
  • Fixed issues with IV generation and padding length calculation for AES-GCM
  • Removes the Vstr dependency

1.3.2 (2013-09-26)

  • Fixed a regression causing remediation instructions to pile up (EAP-TNC)

1.3.1 (2013-09-23)

  • Improved recovery after certain connectivity changes

1.3.0 (2013-07-08)

  • Added support for EAP-TNC
  • Disabled listening on IPv6 because the Linux kernel currently does not support UDP encapsulation of ESP packets for IPv6

1.2.3 (2013-05-03)

  • Added support for AES-GCM
  • Support for IPv6-in-IPv4 tunnels
  • Uses kernel-netlink to handle interface/IP address enumeration

1.2.2 (2013-03-07)

  • Added support for combined certificate/EAP authentication (RFC 4739)
  • Added Polish, Ukrainian, and Russian translations
  • Fixed a race condition during reauthentication and a potential freeze while disconnecting

1.2.1 (2012-11-21)

  • Added shortcuts to VPN profiles to quickly start specific connections from the launcher
  • Added a confirmation dialog if a connection is started but one is already established
  • Fixed a few Android 4.2 specific issues

1.2.0 (2012-10-18)

  • Added support for MOBIKE e.g. allows switching between different interfaces (e.g. Wifi and 3G/4G)
  • The app tries to keep the connection established until the user disconnects manually

1.1.3 (2012-09-24)

  • Workaround for a private key issue on Android 4.1

1.1.2 (2012-09-18)

  • Added loose ID matching: While the client expects the hostname/IP of the VPN server to be contained as subjectAltName in the certificate this allows the responder to use a different IDr than that, as long as it is confirmed by the certificate (the client does not send an IDr anymore)

1.1.1 (2012-09-17)

  • Fixed a Unicode issue when converting Java to C strings

1.1.0 (2012-09-06)

  • Added certificate authentication and fixed reauthentication