流行的 StrongSwan VPN 解決方案的官方 Android 連接埠。

# 特點和限制#

* 使用 Android 4+ 提供的 VpnService API。某些製造商的設備似乎缺乏對此的支援 - StrongSwan VPN 用戶端無法在這些設備上運作！
* 使用 IKEv2 金鑰交換協定（*不*支援 IKEv1）
* 使用 IPsec 進行資料流量（*不*支援 L2TP）
* 全面支援透過 MOBIKE（或重新驗證）改變的連接性和移動性
* 支援使用者名稱/密碼 EAP 驗證（即 EAP-MSCHAPv2、EAP-MD5 和 EAP-GTC）以及 RSA/ECDSA 私密金鑰/憑證驗證來驗證使用者身份，也支援具有客戶端憑證的 EAP-TLS
* 透過使用 RFC 4739 中定義的兩輪身份驗證來支援組合 RSA/ECDSA 和 EAP 身份驗證
* VPN 伺服器憑證會根據使用者在系統上預先安裝或安裝的 CA 憑證進行驗證。用於驗證伺服器身分的 CA 或伺服器憑證也可以直接匯入應用程式。
* 如果 VPN 伺服器支持，則支援 IKEv2 分段（strongSwan 從 5.2.1 開始支援）
* 分割隧道允許僅透過 VPN 傳送某些流量和/或排除其中的特定流量
* 每個應用程式 VPN 允許限制 VPN 連接到特定應用程序，或排除它們使用它
* IPsec 實作目前支援 AES-CBC、AES-GCM、ChaCha20/Poly1305 和 SHA1/SHA2 演算法
* 密碼目前以明文形式儲存在資料庫中（僅當與設定檔一起儲存時）
* VPN 設定檔可以從檔案導入
* 透過企業行動管理 (EMM) 支援託管配置

詳細資訊和變更日誌可以在我們的文件中找到：https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

#權限#

* READ_EXTERNAL_STORAGE：允許在某些 Android 版本上從外部儲存空間匯入 VPN 設定檔和 CA 憑證
* QUERY_ALL_PACKAGES：在 Android 11+ 上需要選擇要排除/包含在 VPN 設定檔和可選 EAP-TNC 用例中的應用程式

# 伺服器設定範例#

範例伺服器設定可以在我們的文件中找到：https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

請注意，應用程式中使用 VPN 設定檔配置的主機名稱（或 IP 位址）*必須*作為 subjectAltName 副檔名包含在伺服器憑證中。

# 回饋 #

請透過 GitHub 發布錯誤報告和功能請求：https://github.com/strongswan/strongswan/issues/new/choose
如果您這樣做，請提供有關您的裝置的資訊（製造商、型號、作業系統版本等）。

密鑰交換服務寫入的日誌檔案可以直接從應用程式內部發送。

流行的 StrongSwan VPN 解決方案的官方 Android 連接埠。

# 特點和限制#

* 使用 Android 4+ 提供的 VpnService API。某些製造商的設備似乎缺乏對此的支援 - StrongSwan VPN 用戶端無法在這些設備上運作！
* 使用 IKEv2 金鑰交換協定（*不*支援 IKEv1）
* 使用 IPsec 進行資料流量（*不*支援 L2TP）
* 全面支援透過 MOBIKE（或重新驗證）改變的連接性和移動性
* 支援使用者名稱/密碼 EAP 驗證（即 EAP-MSCHAPv2、EAP-MD5 和 EAP-GTC）以及 RSA/ECDSA 私密金鑰/憑證驗證來驗證使用者身份，也支援具有客戶端憑證的 EAP-TLS
* 透過使用 RFC 4739 中定義的兩輪身份驗證來支援組合 RSA/ECDSA 和 EAP 身份驗證
* VPN 伺服器憑證會根據使用者在系統上預先安裝或安裝的 CA 憑證進行驗證。用於驗證伺服器身分的 CA 或伺服器憑證也可以直接匯入應用程式。
* 如果 VPN 伺服器支持，則支援 IKEv2 分段（strongSwan 從 5.2.1 開始支援）
* 分割隧道允許僅透過 VPN 傳送某些流量和/或排除其中的特定流量
* 每個應用程式 VPN 允許限制 VPN 連接到特定應用程序，或排除它們使用它
* IPsec 實作目前支援 AES-CBC、AES-GCM、ChaCha20/Poly1305 和 SHA1/SHA2 演算法
* 密碼目前以明文形式儲存在資料庫中（僅當與設定檔一起儲存時）
* VPN 設定檔可以從檔案導入
* 透過企業行動管理 (EMM) 支援託管配置

詳細資訊和變更日誌可以在我們的文件中找到：https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

#權限#

* READ_EXTERNAL_STORAGE：允許在某些 Android 版本上從外部儲存空間匯入 VPN 設定檔和 CA 憑證
* QUERY_ALL_PACKAGES：在 Android 11+ 上需要選擇要排除/包含在 VPN 設定檔和可選 EAP-TNC 用例中的應用程式

# 伺服器設定範例#

範例伺服器設定可以在我們的文件中找到：https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

請注意，應用程式中使用 VPN 設定檔配置的主機名稱（或 IP 位址）*必須*作為 subjectAltName 副檔名包含在伺服器憑證中。

# 回饋 #

請透過 GitHub 發布錯誤報告和功能請求：https://github.com/strongswan/strongswan/issues/new/choose
如果您這樣做，請提供有關您的裝置的資訊（製造商、型號、作業系統版本等）。

密鑰交換服務寫入的日誌檔案可以直接從應用程式內部發送。

流行的 strongSwan VPN 解決方案的官方 Android 端口。

# 特點和限制 #

* 使用 Android 4+ 特色的 VpnService API。某些製造商的設備似乎不支持此功能 - strongSwan VPN 客戶端無法在這些設備上運行！
* 使用 IKEv2 密鑰交換協議（*不*支持 IKEv1）
* 使用 IPsec 進行數據傳輸（*不*支持 L2TP）
* 完全支持通過 MOBIKE（或重新認證）更改的連接性和移動性
* 支持用戶名/密碼EAP認證（即EAP-MSCHAPv2、EAP-MD5和EAP-GTC）以及RSA/ECDSA私鑰/證書認證對用戶進行認證，也支持帶有客戶端證書的EAP-TLS
* 通過使用 RFC 4739 中定義的兩輪身份驗證，支持組合 RSA/ECDSA 和 EAP 身份驗證
* VPN 服務器證書根據用戶在系統上預安裝或安裝的 CA 證書進行驗證。用於驗證服務器的 CA 或服務器證書也可以直接導入到應用程序中。
* 如果 VPN 服務器支持，則支持 IKEv2 分片（strongSwan 從 5.2.1 開始支持）
* 拆分隧道允許僅通過 VPN 發送特定流量和/或從中排除特定流量
* Per-app VPN 允許限制特定應用的 VPN 連接，或排除它們使用它
* IPsec 實現目前支持 AES-CBC、AES-GCM、ChaCha20/Poly1305 和 SHA1/SHA2 算法
* 密碼當前以明文形式存儲在數據庫中（僅當與配置文件一起存儲時）
* VPN 配置文件可以從文件中導入

可以在我們的文檔中找到詳細信息和更新日誌：https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

#權限#

* READ_EXTERNAL_STORAGE：允許在某些 Android 版本上從外部存儲導入 VPN 配置文件和 CA 證書
* QUERY_ALL_PACKAGES：在 Android 11+ 上需要選擇要在 VPN 配置文件中刪除/包含的應用程序和可選的 EAP-TNC 用例

# 示例服務器配置 #

可以在我們的文檔中找到示例服務器配置：https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

請注意，在應用程序中使用 VPN 配置文件配置的主機名（或 IP 地址）*必須*作為 subjectAltName 擴展名包含在服務器證書中。

＃ 反饋 ＃

請通過 GitHub 發布錯誤報告和功能請求：https://github.com/strongswan/strongswan/issues/new/choose
如果您這樣做，請提供有關您設備的信息（製造商、型號、操作系統版本等）。

密鑰交換服務寫入的日誌文件可以直接從應用程序內部發送。

流行的 strongSwan VPN 解決方案的官方 Android 端口。

# 特點和限制 #

* 使用 Android 4+ 特色的 VpnService API。某些製造商的設備似乎不支持此功能 - strongSwan VPN 客戶端無法在這些設備上運行！
* 使用 IKEv2 密鑰交換協議（*不*支持 IKEv1）
* 使用 IPsec 進行數據傳輸（*不*支持 L2TP）
* 完全支持通過 MOBIKE（或重新認證）更改的連接性和移動性
* 支持用戶名/密碼EAP認證（即EAP-MSCHAPv2、EAP-MD5和EAP-GTC）以及RSA/ECDSA私鑰/證書認證對用戶進行認證，也支持帶有客戶端證書的EAP-TLS
* 通過使用 RFC 4739 中定義的兩輪身份驗證，支持組合 RSA/ECDSA 和 EAP 身份驗證
* VPN 服務器證書根據用戶在系統上預安裝或安裝的 CA 證書進行驗證。用於驗證服務器的 CA 或服務器證書也可以直接導入到應用程序中。
* 如果 VPN 服務器支持，則支持 IKEv2 分片（strongSwan 從 5.2.1 開始支持）
* 拆分隧道允許僅通過 VPN 發送特定流量和/或從中排除特定流量
* Per-app VPN 允許限制特定應用的 VPN 連接，或排除它們使用它
* IPsec 實現目前支持 AES-CBC、AES-GCM、ChaCha20/Poly1305 和 SHA1/SHA2 算法
* 密碼當前以明文形式存儲在數據庫中（僅當與配置文件一起存儲時）
* VPN 配置文件可以從文件中導入

可以在我們的文檔中找到詳細信息和更新日誌：https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

#權限#

* READ_EXTERNAL_STORAGE：允許在某些 Android 版本上從外部存儲導入 VPN 配置文件和 CA 證書
* QUERY_ALL_PACKAGES：在 Android 11+ 上需要選擇要在 VPN 配置文件中刪除/包含的應用程序和可選的 EAP-TNC 用例

# 示例服務器配置 #

可以在我們的文檔中找到示例服務器配置：https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

請注意，在應用程序中使用 VPN 配置文件配置的主機名（或 IP 地址）*必須*作為 subjectAltName 擴展名包含在服務器證書中。

＃ 反饋 ＃

請通過 GitHub 發布錯誤報告和功能請求：https://github.com/strongswan/strongswan/issues/new/choose
如果您這樣做，請提供有關您設備的信息（製造商、型號、操作系統版本等）。

密鑰交換服務寫入的日誌文件可以直接從應用程序內部發送。

Official Android port of the popular strongSwan VPN solution.

# FEATURES AND LIMITATIONS #

* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is *not* supported)
* Uses IPsec for data traffic (L2TP is *not* supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
* Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
* IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
* Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
* Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
* The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)
* VPN profiles may be imported from files

Details and a changelog can be found on our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

# PERMISSIONS #

* READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions
* QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case

# EXAMPLE SERVER CONFIGURATION #

Example server configurations may be found in our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.

# FEEDBACK #

Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose
If you do so, please include information about your device (manufacturer, model, OS version etc.).

The log file written by the key exchange service can be sent directly from within the application.

Official Android port of the popular strongSwan VPN solution.

# FEATURES AND LIMITATIONS #

* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is *not* supported)
* Uses IPsec for data traffic (L2TP is *not* supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
* Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
* IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
* Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
* Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
* The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)
* VPN profiles may be imported from files

Details and a changelog can be found on our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

# PERMISSIONS #

* READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions
* QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case

# EXAMPLE SERVER CONFIGURATION #

Example server configurations may be found in our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.

# FEEDBACK #

Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose
If you do so, please include information about your device (manufacturer, model, OS version etc.).

The log file written by the key exchange service can be sent directly from within the application.

Official Android 4+ port of the popular strongSwan VPN solution.
# FEATURES AND LIMITATIONS #
* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won\u0027t work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is not supported)
* Uses IPsec for data traffic (L2TP is not supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
* Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
* IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
* Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
* Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
* The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)
* VPN profiles may be imported from files (this is the only reason why the app requests android.permission.READ_EXTERNAL_STORAGE)
Details and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
# EXAMPLE SERVER CONFIGURATION #
Example server configurations may be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.
# FEEDBACK #
Please post bug reports and feature requests on our wiki: https://wiki.strongswan.org/projects/strongswan/issues
If you do so, please include information about your device (manufacturer, model, OS version etc.).
The log file written by the key exchange service can be sent directly from within the application.

Official Android 4+ port of the popular strongSwan VPN solution.
# FEATURES AND LIMITATIONS #
* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is not supported)
* Uses IPsec for data traffic (L2TP is not supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
* Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
* IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
* Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
* Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
* The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)
* VPN profiles may be imported from files (this is the only reason why the app requests android.permission.READ_EXTERNAL_STORAGE)
Details and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
# EXAMPLE SERVER CONFIGURATION #
Example server configurations may be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.
# FEEDBACK #
Please post bug reports and feature requests on our wiki: https://wiki.strongswan.org/projects/strongswan/issues
If you do so, please include information about your device (manufacturer, model, OS version etc.).
The log file written by the key exchange service can be sent directly from within the application.