Android IKEv2 Client Setup


Send end-user instructions on how to configure Android IKEv2 VPN clients.  


Installation is a two-step process:

Step 1:  Install all three certificates.  The Administrator has sent a separate website link where you can download necessary certificates:  (a) user_device.PFX; (b) vpn_server.CER, and root.CER.  Open each attachment to start the installation.  Include the PFX password.

Step 2:  Configure the Android VPN client:  Android Settings → Connections → More Connection Settings → VPN → Add VPN.

VPN Settings (Figure 1):
N.B., Change the value for “IPSec user certificate” to “user_android”.
Figure 1.  Android IKEv2 VPN Settings.  
Hint:  VPN shortcut apps are available in the Google Play Store.  This provides a quick and easy method to connect.
For example:

Also note, your device certificate contains a private key for your client certificate.  Anyone that gets a hold of this key can impersonate your account.  Please protect your device with a passcode and encryption.  This script is not intended for rooted devices.  I encourage you to delete this email from your mailbox after you’ve configured your devices. 

That's It!


  1. What android version do you have? I've never seen type IPSec IKEv2 RSA in any adnroid OS...

    1. I tested this out with a Samsung Galaxy 7 Edge. However I also connected with the strongSwan VPN client. It's free and works great with the Windows IKEv2 VPN.

      Swan client settings:
      Server: FQDN
      VPN Type: IKEv2 Certificate
      User Certificate: Choose user certificate.
      User Identity: Default
      CA Authority: Choose your root CA.

      Alternately, use the Android SSTP client. It's $7.99 but well worth it:

  2. Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! Productized service software


My Instagram