FireBrick Road Warrior Android: Difference between revisions

Back up to the FireBrick Road Warrior Category Page
From AAISP Support Site
mNo edit summary
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick_IPsec_Road_Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator>
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick IPsec Road Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator>
= Android setup =
= Android setup =


Line 11: Line 11:


==Install CA Certificate==
==Install CA Certificate==
'''This is not needed if you are using Lets Encrypt on the FireBrick'''

#From the Android device, log in to the FireBrick
#From the Android device, log in to the FireBrick
##Go to Config - Certificates
##Go to Config - Certificates (Screenshot below)
##Download the CA certificate in PEM format (or email it to yourself)
##Download the CA certificate in PEM format (or email it to yourself)
#Open StrongSwan, go to (Menu) CA Certificates - (Menu) Import
#Open StrongSwan, go to (Menu) CA Certificates - (Menu) Import
##Choose the Certificate, in our example the File is ca-cert.pem is found in the Downloads folder, select it.
##Choose the Certificate, in our example the File is ca-cert.pem is found in the Downloads folder, select it.
#Review the certificate, then click Import
#Review the certificate, then click Import (Screenshot below)
(We have had reports that the downloaded .pem file, when downloaded using default browser 'Internet' is not visible to Strongswan even though the file is in the Download folder. Using an alternative Browser, such as Firefox, and re-downloading the pem file from the FireBrick works, or you can email yourself the ca-cert.pem file)
(We have had reports that the downloaded .pem file, when downloaded using default browser 'Internet' is not visible to Strongswan even though the file is in the Download folder. Using an alternative Browser, such as Firefox, and re-downloading the pem file from the FireBrick works, or you can email yourself the ca-cert.pem file)


==Configure Strongswan==
==Configure Strongswan==
#Open the Strongswan App
#Open the Strongswan App
#Tap on 'ADD VPN PROFILE' (top/right)
#Tap on 'ADD VPN PROFILE' (top/right) (Screenshot below)
#Add the details:
#Add the details:
##Profile Name: eg FireBrick
##Profile Name: e.g. FireBrick
##Gateway: IP or hostname of the FireBrick
##Gateway: IP or hostname of the FireBrick
##Type: EAPv2 EAP (Username/Password)
##Type: IKEv2 EAP (Username/Password)
##Username: this is the one as set up in the EAP Identity on the FireBrick (in this example, we had set up a user of fred with a password
##Username: this is the one as set up in the EAP Identity on the FireBrick (in this example, we had set up a user of fred with a password
##Password: Optionally add it here if you (really) want it saved
##Password: Optionally add it here if you (really) want it saved
Line 33: Line 35:
==Connect!==
==Connect!==
#Open Strongswan
#Open Strongswan
#Tap on the profile
#Tap on the profile (Screenshot below)


You can also create a 'Widget' for the connection in the 'usual' way for adding widgets to your launcher.
You can also create a 'Widget' for the connection in the 'usual' way for adding widgets to your launcher.
Line 46: Line 48:
</gallery>
</gallery>


[[Category:FireBrick_IPsec_Road_Warrior|Android]]
[[Category:FireBrick IPsec Road Warrior|Android]]

Latest revision as of 13:36, 9 October 2023

Android setup

Overview

We recommend you use the StrongSwan app on Android. The app then needs the CA certificate which you can email yourself or download from the FireBrick and install, and the settings for the host name, user name, password.

There are example screenshots at the bottom of this page.

Install StrongSwan VPN Client

  • Via the Google Play store, it's free.

Install CA Certificate

This is not needed if you are using Lets Encrypt on the FireBrick

  1. From the Android device, log in to the FireBrick
    1. Go to Config - Certificates (Screenshot below)
    2. Download the CA certificate in PEM format (or email it to yourself)
  2. Open StrongSwan, go to (Menu) CA Certificates - (Menu) Import
    1. Choose the Certificate, in our example the File is ca-cert.pem is found in the Downloads folder, select it.
  3. Review the certificate, then click Import (Screenshot below)

(We have had reports that the downloaded .pem file, when downloaded using default browser 'Internet' is not visible to Strongswan even though the file is in the Download folder. Using an alternative Browser, such as Firefox, and re-downloading the pem file from the FireBrick works, or you can email yourself the ca-cert.pem file)

Configure Strongswan

  1. Open the Strongswan App
  2. Tap on 'ADD VPN PROFILE' (top/right) (Screenshot below)
  3. Add the details:
    1. Profile Name: e.g. FireBrick
    2. Gateway: IP or hostname of the FireBrick
    3. Type: IKEv2 EAP (Username/Password)
    4. Username: this is the one as set up in the EAP Identity on the FireBrick (in this example, we had set up a user of fred with a password
    5. Password: Optionally add it here if you (really) want it saved
  • Sometimes (if you can't connect) Edit this profile and untick 'CA Certificate Select Automatically' And select the certificate that you loaded previously (it will be in the 'IMPORTED' tab

Connect!

  1. Open Strongswan
  2. Tap on the profile (Screenshot below)

You can also create a 'Widget' for the connection in the 'usual' way for adding widgets to your launcher.

Example Screenshots