We recommend you use the StrongSwan app on Android. The app then needs the CA certificate which you can email yourself or download from the FireBrick and install, and the settings for the host name, user name, password.
There are example screenshots at the bottom of this page.
Install StrongSwan VPN Client
- Via the Google Play store, it's free.
Install CA Certificate
This is not needed if you are using Lets Encrypt on the FireBrick
- From the Android device, log in to the FireBrick
- Go to Config - Certificates (Screenshot below)
- Download the CA certificate in PEM format (or email it to yourself)
- Open StrongSwan, go to (Menu) CA Certificates - (Menu) Import
- Choose the Certificate, in our example the File is ca-cert.pem is found in the Downloads folder, select it.
- Review the certificate, then click Import (Screenshot below)
(We have had reports that the downloaded .pem file, when downloaded using default browser 'Internet' is not visible to Strongswan even though the file is in the Download folder. Using an alternative Browser, such as Firefox, and re-downloading the pem file from the FireBrick works, or you can email yourself the ca-cert.pem file)
- Open the Strongswan App
- Tap on 'ADD VPN PROFILE' (top/right) (Screenshot below)
- Add the details:
- Profile Name: e.g. FireBrick
- Gateway: IP or hostname of the FireBrick
- Type: IKEv2 EAP (Username/Password)
- Username: this is the one as set up in the EAP Identity on the FireBrick (in this example, we had set up a user of fred with a password
- Password: Optionally add it here if you (really) want it saved
- Sometimes (if you can't connect) Edit this profile and untick 'CA Certificate Select Automatically' And select the certificate that you loaded previously (it will be in the 'IMPORTED' tab
- Open Strongswan
- Tap on the profile (Screenshot below)
You can also create a 'Widget' for the connection in the 'usual' way for adding widgets to your launcher.