Task:
Send end-user instructions on how to configure Android IKEv2 VPN clients.
Solution:
Installation is a two-step process:
Step 1: Install all three certificates. The Administrator has sent a separate website link where you can download necessary certificates: (a) user_device.PFX; (b) vpn_server.CER, and root.CER. Open
each attachment to start the installation. Include the PFX password.
Step 2: Configure the Android VPN client: Android
Settings → Connections → More Connection Settings → VPN → Add VPN.
VPN Settings (Figure 1):
N.B., Change the value for “IPSec user certificate” to “user_android”.
N.B., Change the value for “IPSec user certificate” to “user_android”.
Figure 1. Android IKEv2 VPN
Settings.
|
Hint: VPN shortcut apps are available in the Google
Play Store. This provides a quick and easy method to connect.
For example: https://play.google.com/store/apps/details?id=com.rosaneng.vpnsettings&hl=en
For example: https://play.google.com/store/apps/details?id=com.rosaneng.vpnsettings&hl=en
Also note, your device certificate contains a private key for your
client certificate. Anyone that gets a hold of this key can impersonate
your account. Please protect your device with a passcode and
encryption. This script is not intended for rooted devices.
I encourage you to delete this email from your mailbox after you’ve configured
your devices.
That's It!
MDM
Network Administration
VPN
3 Comments
What android version do you have? I've never seen type IPSec IKEv2 RSA in any adnroid OS...
ReplyDeleteI tested this out with a Samsung Galaxy 7 Edge. However I also connected with the strongSwan VPN client. It's free and works great with the Windows IKEv2 VPN.
Deletehttps://play.google.com/store/apps/details?id=org.strongswan.android
Swan client settings:
Server: FQDN
VPN Type: IKEv2 Certificate
User Certificate: Choose user certificate.
User Identity: Default
CA Authority: Choose your root CA.
Alternately, use the Android SSTP client. It's $7.99 but well worth it:
https://play.google.com/store/apps/details?id=it.colucciweb.sstpvpnclient
Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! Productized service software
ReplyDelete