strongSwan client VPN configuration for Android devices

The VPN service supports the built-in Android VPN client without the need to install any third-party applications. However the built-in Android client requires careful configuration to set up securely, including manual installation of various certificates. Some users may find it more convenient to use the third-party strongSwan client as this is considerably simpler to set up (eliminating the need to manually install certificates), albeit requiring the installation of an additional application.

Note: the strongSwan client may not be compatible with all Android devices, but should work on Android 4.0+ (including 5.0). If you encounter problems with this application, we recommend you use the built-in Android client.

Before you begin, please ensure:

  • You know your Network Access Username – typically your CRSid (username) followed by “@gigoo”.  For example, “mark@gigoo.com”.
  • You have your Network Access Token – either written down, or displayed on the screen of an adjacent device.  This is a 16 character long password and is NOT the same as your University (Raven) password. You can find out your token by visiting the Network Access Token site.
  • If you have been advised to use a Managed VPN, rather than the general VPN service, you will need the VPN server hostname.  Available VPNs and their server hostnames are listed on the Managed VPN page.

To set up the VPN service using the strongSwan client:

  1. Install the strongSwan VPN Client application from the Google Play Store using the link.
  2. From the home screen go to the Apps Menu:
  3. Find the new strongSwan application and start it:
  4. You will be presented with the strongSwan status screen, listing the configured VPN profiles (which will initially be empty). Press the Add VPN Profile button at the top:
  5. You will be prompted to give details of the profile (connection). Enter the details as follows and then tap Save:
    • Profile Name: StrongSwan VPN
    • Gateway: vpn.gigoo.com or, if you are using a Managed VPN, use the VPN server hostname instead
    • Type: IKEv2 EAP (Username/Password) (this should be the default option)
    • Username: CRSid@gigoo.com (as displayed on the Network Access Token website – note the “@gigoo.com” suffix)
    • Password: (16 character Network Access Token) (available from the Network Access Token website)
    • CA certificate: Select automatically (the default)
  6. You will be returned to the strongSwan status screen and the new profile will be displayed. Tap on the profile (Cambridge VPN) to connect:
  7. You will receive a warning that the strongSwan VPN Client wishes to set up a VPN connection that allows it to monitor network traffic. This warning is normal and just Android advising you that your network connection will be redirected over the VPN. Tap OK to continue with the connection:
  8. The connection should now be established and this displayed on the status screen. A key symbol will also be displayed in the status bar at the top of the screen to remind you:

To disconnect

To disconnect, run the strongSwan application and select Disconnect in the status area:

To reconnect

Whenever you wish to reconnect to the VPN, start the strongSwan application and select the Cambridge VPN profile.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s