strongSwan VPN Client

by strongSwan Project


Communication

free



An easy to use IKEv2/IPsec-based VPN client.

Read more

Official Android port of the popular strongSwan VPN solution.# FEATURES AND LIMITATIONS # * Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client wont work on these devices! * Uses the IKEv2 key exchange protocol (IKEv1 is not supported) * Uses IPsec for data traffic (L2TP is not supported) * Full support for changed connectivity and mobility through MOBIKE (or reauthentication) * Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported * Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739 * VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app. * IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1) * Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it * Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it * The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms * Passwords are currently stored as cleartext in the database (only if stored with a profile) * VPN profiles may be imported from filesDetails and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient# PERMISSIONS # * READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions * QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case# EXAMPLE SERVER CONFIGURATION #Example server configurations may be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-ConfigurationPlease note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.# FEEDBACK #Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/chooseIf you do so, please include information about your device (manufacturer, model, OS version etc.).The log file written by the key exchange service can be sent directly from within the application.# 2.3.3 #- Adds a button to install user certificates# 2.3.2 #- Dont mark VPN connections as metered (the default changed when targeting Android 10 with the last release)# 2.3.1 #- Optionally use IPv6 transport addresses for IKE and ESP. Can only be enabled if the server supports UDP encapsulation for IPv6 (the Linux kernel only supports this since 5.8, so many servers will not support it yet)

Read trusted reviews from application customers

Please can someone post how I open the Vpn I tried it tells me error Some should give me a step

Branda Emily

Sehr gut

Vlad L

You need the ability to add IPs that pass through the VPN.

Fox Mulder

Strong 👊👊

EBi Dehghani

This app is (was) awesome (fast and light on resources) but for some reason it stopped getting DNS from VPN server and cannot connect to network services behind the VPN with fqn anymore, only with IP address. Had to go back with OpenVPN :(

Patrick Rolo

it's pretty awesome

mahmoud mm

It doesn't support IKEv2 PSK. What the hell? Why don't you allow me to do what I want? Just warm me about lower security, but don't stop me. All other OSes support any type, including PSK. Strongswan for Android doesn't. Very bad!

Alexander Fomichev

Best

KA TB

It's good but have a big problem.... I wish I could share my all profiles with others in an easy way or even make a backup of them. Plz add it.

hasan asadian

I searched for a PPTP client and this was one of the top results so I tried it. There is no support for PPTP. Uninstalled

Adam C