Example Configuration - Roadwarrior with Android
- Android 4.4 was used to create this configuration
- First execute the first step that is described in the Windows example:
- Additionally, you need to execute the second step described in the Windows example
- Do not modify the /etc/ipsec.conf instead, modify the /etc/ipsec.user.conf by adding the following lines:
conn "Android Phone"
left=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
lefthostaccess=yes
leftallowany=yes
leftcert=/var/ipfire/certs/hostcert.pem
right=%any
rightsourceip=%dhcp
rightcert=/var/ipfire/certs/CONNECTION_NAMEcert.pem
rightauth2=xauth
keyexchange=ikev1
ikelifetime=1h
keylife=8h
dpddelay=30s
dpdtimeout=120s
dpdaction=clear
auto=add
compress=yes
- Modify the /etc/ipsec.user.secrets by adding the following lines:
USERNAME : XAUTH "PASSWORD"
- Restart the ipsec daemon, type
/etc/init.d/ipsec restart
Install certificates
- Download the certificates to the device
- You can attach the device to USB and copy the downloaded connection certificate
- Alternatively: You can go to the IPSec page on the Android device and download the certificate there
- Optionally, you can download the host certificate to the device
- Prefixing the name with "host" can make sense
Create connection
- Go to Settings:
- Under Wireless & networks click More
- Select VPN
- Add a VPN network:
- Choose a Name
- Set the type to IPSec Xauth RSA
- Set the Server address to your IPfire host name
- Set the IPSec user certificate to your imported certificate
- Set the IPSec CA certificate to your imported CA certificate
- As an optional step, you can choose your host's certificate as IPsec server certificate
- Click Save
- Select the created connection:
- Username use the user name written in the ipsec.user.secrets file.
- Similarly, as Password use the password that was written in the ipsec.user.secrets
- You may check