Setting up strongSwan VPN on Android
To install the VPN, we recommend installing F-droid. Afterwards, you can download strongSwan from F-droid.
Next, download the CA certificate. The specific certificate will come from your VPN provider. If you are running your own provider with OpenIKED, you'll want to download /etc/iked/ca/ca.crt
onto your Android mobile. OpenHTTPd can be useful for this.
Open with strongSwan VPN Client.
Attach:strongswancacrt.jpg
Verify the certificate is correct, then tap Import Certificate
. You should see Certificate successfully imported
at the bottom. Once the certificate has been imported, you may need to then tap the back button at the top left.
Attach:strongswanimportcrt.jpg
Tap Add VPN Profile
. Fill in the details:
Attach:strongswanaddvpnprofile.jpg
- Server: Replace
example.com
with your actual VPN server. - VPN Type: IKEv2 EAP (Username/Password)
- Username: Replace
username
with your actual username - Password: Replace
password
with your actual password. CA certificate: - Make sure
Select automatically
is unchecked. Tap onSelect CA certificate
and select the imported certificate. - Profile name: Replace it with your server name.
Tap Save
at the top right.
Tap on the connection.
Attach:strongswanvpnprofile.jpg
Tap OK
.
Attach:strongswanconnectionrequest.jpg
Afterwards, strongSwan will need you to disable battery optimizations. Tap OK
. Then, tap Allow
to allow the app to run in the background.
Attach:strongswanrunbackground.jpg
If it has connected properly, you should see Status: Connected
.
Attach:strongswanconnected.jpg
Make sure to test that your IP address is concealed.