Setting up strongSwan VPN on Android

To install the VPN, we recommend installing F-droid. Afterwards, you can download strongSwan from F-droid.

Next, download the CA certificate. The specific certificate will come from your VPN provider. If you are running your own provider with OpenIKED, you'll want to download /etc/iked/ca/ca.crt onto your Android mobile. OpenHTTPd can be useful for this.

Open with strongSwan VPN Client.

Attach:strongswancacrt.jpg

Verify the certificate is correct, then tap Import Certificate. You should see Certificate successfully imported at the bottom. Once the certificate has been imported, you may need to then tap the back button at the top left.

Attach:strongswanimportcrt.jpg

Tap Add VPN Profile. Fill in the details:

Attach:strongswanaddvpnprofile.jpg

  1. Server: Replace example.com with your actual VPN server.
  2. VPN Type: IKEv2 EAP (Username/Password)
  3. Username: Replace username with your actual username
  4. Password: Replace password with your actual password. CA certificate:
  5. Make sure Select automatically is unchecked. Tap on Select CA certificate and select the imported certificate.
  6. Profile name: Replace it with your server name.

Tap Save at the top right.

Tap on the connection.

Attach:strongswanvpnprofile.jpg

Tap OK.

Attach:strongswanconnectionrequest.jpg

Afterwards, strongSwan will need you to disable battery optimizations. Tap OK. Then, tap Allow to allow the app to run in the background.

Attach:strongswanrunbackground.jpg

If it has connected properly, you should see Status: Connected.

Attach:strongswanconnected.jpg

Make sure to test that your IP address is concealed.