FireBrick Road Warrior Android: Difference between revisions
(Created page with "== Android setup == We recommend you use the [https://play.google.com/store/apps/details?id=org.strongswan.android&hl=en_GB StrongSwan app on Android]. The app then needs the...") |
|||
(14 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick IPsec Road Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator> |
|||
= Android setup = |
|||
==Overview== |
|||
We recommend you use the [https://play.google.com/store/apps/details?id=org.strongswan.android&hl=en_GB StrongSwan app on Android]. The app then needs the CA certificate which you can email yourself and install, and the settings for the host name, user name, password. |
We recommend you use the [https://play.google.com/store/apps/details?id=org.strongswan.android&hl=en_GB StrongSwan app on Android]. The app then needs the CA certificate which you can email yourself or download from the FireBrick and install, and the settings for the host name, user name, password. |
||
There are example screenshots at the bottom of this page. |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
'''This is not needed if you are using Lets Encrypt on the FireBrick''' |
|||
⚫ | |||
#From the Android device, log in to the FireBrick |
#From the Android device, log in to the FireBrick |
||
##Go to Config - Certificates |
##Go to Config - Certificates (Screenshot below) |
||
##Download the CA certificate in PEM format |
##Download the CA certificate in PEM format (or email it to yourself) |
||
#Open StrongSwan, go to (Menu) CA Certificates - (Menu) Import |
#Open StrongSwan, go to (Menu) CA Certificates - (Menu) Import |
||
##Choose the Certificate, in our example the File is ca-cert.pem is found in the Downloads folder, select it. |
##Choose the Certificate, in our example the File is ca-cert.pem is found in the Downloads folder, select it. |
||
#Review the certificate, then click Import |
#Review the certificate, then click Import (Screenshot below) |
||
(We have had reports that the downloaded .pem file, when downloaded using default browser 'Internet' is not visible to Strongswan even though the file is in the Download folder. Using an alternative Browser, such as Firefox, and re-downloading the pem file from the FireBrick works.) |
(We have had reports that the downloaded .pem file, when downloaded using default browser 'Internet' is not visible to Strongswan even though the file is in the Download folder. Using an alternative Browser, such as Firefox, and re-downloading the pem file from the FireBrick works, or you can email yourself the ca-cert.pem file) |
||
==Configure Strongswan== |
|||
#Open the Strongswan App |
#Open the Strongswan App |
||
#Tap on 'ADD VPN PROFILE' (top/right) |
#Tap on 'ADD VPN PROFILE' (top/right) (Screenshot below) |
||
#Add the details: |
#Add the details: |
||
##Profile Name: |
##Profile Name: e.g. FireBrick |
||
##Gateway: IP or hostname of the FireBrick |
##Gateway: IP or hostname of the FireBrick |
||
##Type: |
##Type: IKEv2 EAP (Username/Password) |
||
##Username: this is the one as set up in the EAP Identity on the FireBrick (in this example, we had set up a user of fred with a password |
##Username: this is the one as set up in the EAP Identity on the FireBrick (in this example, we had set up a user of fred with a password |
||
##Password: Optionally add it here if you (really) want |
##Password: Optionally add it here if you (really) want it saved |
||
*Sometimes (if you can't connect) Edit this profile and untick 'CA Certificate Select Automatically' And select the certificate that you loaded previously (it will be in the 'IMPORTED' tab |
|||
⚫ | |||
⚫ | |||
#Open Strongswan |
#Open Strongswan |
||
#Tap on the profile |
#Tap on the profile (Screenshot below) |
||
You can also create a 'Widget' for the connection in the 'usual' way for adding widgets to your launcher. |
You can also create a 'Widget' for the connection in the 'usual' way for adding widgets to your launcher. |
||
==Example Screenshots== |
|||
<gallery widths="200"> |
|||
IPsec_Android_Certificates_Menu.png|The Certificates menu |
|||
IPsec_Android_Certificates.png|Our CA Certificate installed |
|||
IPsec_Android_config.png|Strongswan settings |
|||
IPsec_Android_Connected.png|IPsec Connected! |
|||
</gallery> |
|||
[[Category:FireBrick IPsec Road Warrior|Android]] |
Latest revision as of 13:36, 9 October 2023
Android setup
Overview
We recommend you use the StrongSwan app on Android. The app then needs the CA certificate which you can email yourself or download from the FireBrick and install, and the settings for the host name, user name, password.
There are example screenshots at the bottom of this page.
Install StrongSwan VPN Client
- Via the Google Play store, it's free.
Install CA Certificate
This is not needed if you are using Lets Encrypt on the FireBrick
- From the Android device, log in to the FireBrick
- Go to Config - Certificates (Screenshot below)
- Download the CA certificate in PEM format (or email it to yourself)
- Open StrongSwan, go to (Menu) CA Certificates - (Menu) Import
- Choose the Certificate, in our example the File is ca-cert.pem is found in the Downloads folder, select it.
- Review the certificate, then click Import (Screenshot below)
(We have had reports that the downloaded .pem file, when downloaded using default browser 'Internet' is not visible to Strongswan even though the file is in the Download folder. Using an alternative Browser, such as Firefox, and re-downloading the pem file from the FireBrick works, or you can email yourself the ca-cert.pem file)
Configure Strongswan
- Open the Strongswan App
- Tap on 'ADD VPN PROFILE' (top/right) (Screenshot below)
- Add the details:
- Profile Name: e.g. FireBrick
- Gateway: IP or hostname of the FireBrick
- Type: IKEv2 EAP (Username/Password)
- Username: this is the one as set up in the EAP Identity on the FireBrick (in this example, we had set up a user of fred with a password
- Password: Optionally add it here if you (really) want it saved
- Sometimes (if you can't connect) Edit this profile and untick 'CA Certificate Select Automatically' And select the certificate that you loaded previously (it will be in the 'IMPORTED' tab
Connect!
- Open Strongswan
- Tap on the profile (Screenshot below)
You can also create a 'Widget' for the connection in the 'usual' way for adding widgets to your launcher.