FireBrick Road Warrior Android: Difference between revisions

From AAISP Support Site
Line 33: Line 33:
You can also create a 'Widget' for the connection in the 'usual' way for adding widgets to your launcher.
You can also create a 'Widget' for the connection in the 'usual' way for adding widgets to your launcher.


<gallery widths="200">
IPsec_Android_Certificates_Menu.png|The Certificates menu
IPsec_Android_Certificates.png|Our CA Certificate installed
IPsec_Android_config.png|Strongswan settings
IPsec_Android_Connected.png|IPsec Connected!
</gallery>


[[Category:FireBrick_IPsec_Road_Warrior]]
[[Category:FireBrick_IPsec_Road_Warrior]]

Revision as of 20:37, 30 July 2015

Android setup

We recommend you use the StrongSwan app on Android. The app then needs the CA certificate which you can email yourself and install, and the settings for the host name, user name, password.

Install StrongSwan VPN Client

Via the Google Play store, it's free.

Install CA Certificate

  1. From the Android device, log in to the FireBrick
    1. Go to Config - Certificates
    2. Download the CA certificate in PEM format
  2. Open StrongSwan, go to (Menu) CA Certificates - (Menu) Import
    1. Choose the Certificate, in our example the File is ca-cert.pem is found in the Downloads folder, select it.
  3. Review the certificate, then click Import

(We have had reports that the downloaded .pem file, when downloaded using default browser 'Internet' is not visible to Strongswan even though the file is in the Download folder. Using an alternative Browser, such as Firefox, and re-downloading the pem file from the FireBrick works.)

Configure Strongswan

  1. Open the Strongswan App
  2. Tap on 'ADD VPN PROFILE' (top/right)
  3. Add the details:
    1. Profile Name: eg FireBrick
    2. Gateway: IP or hostname of the FireBrick
    3. Type: EAPv2 EAP (Username/Password)
    4. Username: this is the one as set up in the EAP Identity on the FireBrick (in this example, we had set up a user of fred with a password
    5. Password: Optionally add it here if you (really) want it saved
  • Sometimes (if you can't connect) Edit this profile and untick 'CA Certificate Select Automatically' And select the certificate that you loaded previously (it will be in the 'IMPORTED' tab

Connect!

  1. Open Strongswan
  2. Tap on the profile

You can also create a 'Widget' for the connection in the 'usual' way for adding widgets to your launcher.