wiki.ipfire.org

The community-maintained documentation platform of IPFire

User Tools

Site Tools

You are here: Welcome to the IPFire wiki! » The Web Interface » Services » IPsec » Example Configuration - Roadwarrior with Android

Sidebar

configuration:services:ipsec:example_configuration-_roadwarrior_with_android

Example Configuration - Roadwarrior with Android

  • Android 4.4 was used to create this configuration
  • First execute the first step that is described in the Windows example
  • Additionally, you need to execute the second step described in the Windows example
    • Do not modify the /etc/ipsec.conf instead, modify the /etc/ipsec.user.conf by adding the following lines:
conn "Android Phone"
    left=%defaultroute
    leftsubnet=0.0.0.0/0
    leftfirewall=yes
    lefthostaccess=yes
    leftallowany=yes
    leftcert=/var/ipfire/certs/hostcert.pem
    right=%any
    rightsourceip=%dhcp
    rightcert=/var/ipfire/certs/CONNECTION_NAMEcert.pem
    rightauth2=xauth
    keyexchange=ikev1
    ikelifetime=1h
    keylife=8h
    dpddelay=30s
    dpdtimeout=120s
    dpdaction=clear
    auto=add
    compress=yes
  • Modify the /etc/ipsec.user.secrets by adding the following lines:
USERNAME : XAUTH "PASSWORD"
  • Restart the ipsec daemon, type /etc/init.d/ipsec restart

Install certificates

  • Download the certificates to the device
    • You can attach the device to USB and copy the downloaded connection certificate
    • Alternatively: You can go to the IPSec page on the Android device and download the certificate there
    • Optionally, you can download the host certificate to the device
      • Prefixing the name with “host” can make sense

Create connection

1) Go to Settings
Under Wireless & networks click More
Select VPN
2) Add a VPN network
Choose a Name
Set the type to IPSec Xauth RSA
Set the Server address to your IPfire host name
Set the IPSec user certificate to your imported certificate
Set the IPSec CA certificate to your imported CA certificate
As an optional step, you can choose your host's certificate as IPsec server certificate
Click Save
3) Select the created connection
As Username use the user name written in the ipsec.user.secrets file.
Similarly, as Password use the password that was written in the ipsec.user.secrets
You may check
configuration/services/ipsec/example_configuration-_roadwarrior_with_android.txt · Last modified: 2016/01/18 20:41 by wolf

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki