Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

  1. The Web Interface
  2. Services
  3. IPsec
  4. Example Configuration - Roadwarrior with Android

Example Configuration - Roadwarrior with Android

  • Android 4.4 was used to create this configuration
  • First execute the first step that is described in the Windows example:
  • Additionally, you need to execute the second step described in the Windows example
    • Do not modify the /etc/ipsec.conf instead, modify the /etc/ipsec.user.conf by adding the following lines:
conn "Android Phone"
    left=%defaultroute
    leftsubnet=0.0.0.0/0
    leftfirewall=yes
    lefthostaccess=yes
    leftallowany=yes
    leftcert=/var/ipfire/certs/hostcert.pem
    right=%any
    rightsourceip=%dhcp
    rightcert=/var/ipfire/certs/CONNECTION_NAMEcert.pem
    rightauth2=xauth
    keyexchange=ikev1
    ikelifetime=1h
    keylife=8h
    dpddelay=30s
    dpdtimeout=120s
    dpdaction=clear
    auto=add
    compress=yes
  • Modify the /etc/ipsec.user.secrets by adding the following lines:
USERNAME : XAUTH "PASSWORD"
  • Restart the ipsec daemon, type /etc/init.d/ipsec restart

Install certificates

  • Download the certificates to the device
    • You can attach the device to USB and copy the downloaded connection certificate
    • Alternatively: You can go to the IPSec page on the Android device and download the certificate there
    • Optionally, you can download the host certificate to the device
    • Prefixing the name with "host" can make sense

Create connection

  1. Go to Settings:
    • Under Wireless & networks click More
    • Select VPN
  2. Add a VPN network:
    • Choose a Name
    • Set the type to IPSec Xauth RSA
    • Set the Server address to your IPfire host name
    • Set the IPSec user certificate to your imported certificate
    • Set the IPSec CA certificate to your imported CA certificate
    • As an optional step, you can choose your host's certificate as IPsec server certificate
    • Click Save
  3. Select the created connection:
    • Username use the user name written in the ipsec.user.secrets file.
    • Similarly, as Password use the password that was written in the ipsec.user.secrets
    • You may check
Edit Page ‐ Yes, you can edit!

Older Revisions • August 31 at 9:12 pm • Jon