strongSwan

strongSwan 1.9.6 APK for Android

Updated: February 8, 2018

Downloads: 152

Official Android 4+ port of the popular strongSwan VPN solution.# FEATURES AND LIMITATIONS # * Uses the VpnService API featured by Android 4+. Devices by some manufacturers ... Read More > or Download APK >

strongSwan (org.strongswan.android) specifications

Download App

Install

8.72 MB

Google Play

Tech Specs

User Reviews

  • aggregateRating
  • • Rating Average
  • 4.3 out of 5
  • • Rating Users
  • 1312

Download Count

  • • Total Downloads
  • 152
  • • Current Version Downloads
  • 33
  • • File Name: strongswan.apk
Share on Facebook   Share on Twitter   Share on Google+   Share on Gmail   Share on Reddit   Share on StumbleUpon   Share on LinkedIn   Share on Tumblr   Save to Pocket   Save to Instapaper   Share on Pinterest   Save to Evernote   Share on Telegram   Share on VK   Email this Page   View QR Code

strongSwan / Screenshots

strongSwan / Description

Official Android 4+ port of the popular strongSwan VPN solution.

# FEATURES AND LIMITATIONS #

* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is not supported)
* Uses IPsec for data traffic (L2TP is not supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS is also supported
* Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN gateway certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the gateway can also be imported directly into the app.
* IKEv2 fragmentation is supported if the VPN gateway supports it (strongSwan does so since 5.2.1)
* Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
* Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
* The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)
* VPN profiles may be imported from files (this is the only reason why the app requests android.permission.READ_EXTERNAL_STORAGE)

Details and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient

# EXAMPLE GATEWAY CONFIGURATION #

This client can be used with the following gateway configuration that is also compatible with the Windows 7+ Agile VPN client:

https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig

But please note that the host name configured with a VPN profile in the app *must be* contained in the gateway certificate as subjectAltName.

# FEEDBACK #

Please post bug reports and feature requests on our wiki: https://wiki.strongswan.org/projects/strongswan/issues
If you do so, please include information about your device (manufacturer, model, OS version etc.).

The log file written by the key exchange daemon can be sent directly from within the application.

Download strongSwan APK for Android

strongSwan / Changelog / What's New in v1.9.6

  1. # 1.9.6 #
  2. Always sends the user certificate (if applicable)
  3. # 1.9.5 #
  4. IKE/ESP algorithms configurable
  5. Removes MODP-1024 from the default IKEv2 proposal. If the server only allows this DH group, a custom IKE proposal has to be configured in the VPN profile
  6. # 1.9.4 #
  7. Supports delta CRLs
  8. # 1.9.3 #
  9. Verifies server certificates via OCSP
  10. Caches CRLs in the app directory (can be cleared via main menu)
  11. Adds a 'reconnect' button in the 'currently connected' dialog

More Apps to Consider (Similar or Related)