Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire.

Please join in and help us improving it!

Example Configuration - Roadwarrior with Android

  • Android 4.4 was used to create this configuration
  • First execute the first step that is described in the Windows example
  • Additionally, you need to execute the second step described in the Windows example
    • Do not modify the /etc/ipsec.conf instead, modify the /etc/ipsec.user.conf by adding the following lines:

conn "Android Phone"
left=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
lefthostaccess=yes
leftallowany=yes
leftcert=/var/ipfire/certs/hostcert.pem
right=%any
rightsourceip=%dhcp
rightcert=/var/ipfire/certs/CONNECTION_NAMEcert.pem
rightauth2=xauth
keyexchange=ikev1
ikelifetime=1h
keylife=8h
dpddelay=30s
dpdtimeout=120s
dpdaction=clear
auto=add
compress=yes

  • Modify the /etc/ipsec.user.secrets by adding the following lines:

USERNAME : XAUTH "PASSWORD"

  • Restart the ipsec daemon, type /etc/init.d/ipsec restart

Install certificates

  • Download the certificates to the device
    • You can attach the device to USB and copy the downloaded connection certificate
    • Alternatively: You can go to the IPSec page on the Android device and download the certificate there
    • Optionally, you can download the host certificate to the device
    • Prefixing the name with "host" can make sense

Create connection

1) Go to Settings \ Under Wireless & networks click More \ Select VPN
2) Add a VPN network \ Choose a Name \ Set the type to IPSec Xauth RSA \ Set the Server address to your IPfire host name \ Set the IPSec user certificate to your imported certificate \ Set the IPSec CA certificate to your imported CA certificate \ As an optional step, you can choose your host's certificate as IPsec server certificate \ Click Save
--- ---
3) Select the created connection \ As Username use the user name written in the ipsec.user.secrets file. \ Similarly, as Password use the password that was written in the ipsec.user.secrets \ You may check
--- ---
Edit Page ‐ Yes, you can edit!

Older Revisions • January 18, 2016 at 8:41 pm