Google Play Info
Keywords
Downloads/Revenue
User Usage
More Services

2K+

View Trend>
strongSwan VPN Client
An easy to use IKEv2/IPsec-based VPN client.
Bundle ID
org.strongswan.android
3.29K ratings
3.80
Category Ranking
-
Communications
Price
Free
Free App
Developer
strongSwan Project
Accumulated Global Downloads
500,000+
Unlock targeted value
Recently Updated
02/26/2024
2.5.1 Version
Version History
Update Comparison
App Status
  • Latest Version
    2.5.1
  • Time Since Latest Version
    139days11Hour
  • Total Updated Versions (last 1 year)
    3

Version Timeline

Hover over "Icon" to view updates. Click "Icon" to view comparison
Version History
Display Content
Date
  • -
2024 years
4 month
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
5 month
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
6 month
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
7 month
1
2
3
4
5
6
7
8
9
10
11
12
13
14

Version History

  • Version2.5.1
    02/26/2024
    Pre-Order-to-Listing Date
    03/11/2024
    strongSwan VPN Client

    An easy to use IKEv2/IPsec-based VPN client.

    Update Log

    # 2.5.1 #

    - Fix for existing shortcuts and automation via Intents

    # 2.5.0 #

    - Support for managed configurations via enterprise mobility management (EMM)

    Screenshots
    App Description

    Official Android port of the popular strongSwan VPN solution.

    # FEATURES AND LIMITATIONS #

    * Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
    * Uses the IKEv2 key exchange protocol (IKEv1 is *not* supported)
    * Uses IPsec for data traffic (L2TP is *not* supported)
    * Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
    * Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
    * Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
    * VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
    * IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
    * Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
    * Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
    * The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
    * Passwords are currently stored as cleartext in the database (only if stored with a profile)
    * VPN profiles may be imported from files
    * Supports managed configurations via enterprise mobility management (EMM)

    Details and a changelog can be found on our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

    # PERMISSIONS #

    * READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions
    * QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case

    # EXAMPLE SERVER CONFIGURATION #

    Example server configurations may be found in our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

    Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.

    # FEEDBACK #

    Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose
    If you do so, please include information about your device (manufacturer, model, OS version etc.).

    The log file written by the key exchange service can be sent directly from within the application.

  • Version2.5.0
    02/22/2024
    strongSwan VPN Client

    An easy to use IKEv2/IPsec-based VPN client.

    Update Log

    # 2.5.0 #

    - Support for managed configurations via enterprise mobility management (EMM)

    Screenshots
    App Description

    Official Android port of the popular strongSwan VPN solution.

    # FEATURES AND LIMITATIONS #

    * Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
    * Uses the IKEv2 key exchange protocol (IKEv1 is *not* supported)
    * Uses IPsec for data traffic (L2TP is *not* supported)
    * Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
    * Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
    * Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
    * VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
    * IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
    * Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
    * Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
    * The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
    * Passwords are currently stored as cleartext in the database (only if stored with a profile)
    * VPN profiles may be imported from files
    * Supports managed configurations via enterprise mobility management (EMM)

    Details and a changelog can be found on our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

    # PERMISSIONS #

    * READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions
    * QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case

    # EXAMPLE SERVER CONFIGURATION #

    Example server configurations may be found in our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

    Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.

    # FEEDBACK #

    Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose
    If you do so, please include information about your device (manufacturer, model, OS version etc.).

    The log file written by the key exchange service can be sent directly from within the application.

  • Version2.4.2
    08/30/2023
    strongSwan VPN Client

    An easy to use IKEv2/IPsec-based VPN client.

    Update Log

    # 2.4.2 #

    - Increased target SDK to Android 13 and ask for permission to show status notification
    - Enable hardware acceleration in OpenSSL
    - Use a more stable approach to determine source IP

    Screenshots
    App Description

    Official Android port of the popular strongSwan VPN solution.

    # FEATURES AND LIMITATIONS #

    * Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
    * Uses the IKEv2 key exchange protocol (IKEv1 is *not* supported)
    * Uses IPsec for data traffic (L2TP is *not* supported)
    * Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
    * Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
    * Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
    * VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
    * IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
    * Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
    * Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
    * The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
    * Passwords are currently stored as cleartext in the database (only if stored with a profile)
    * VPN profiles may be imported from files

    Details and a changelog can be found on our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

    # PERMISSIONS #

    * READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions
    * QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case

    # EXAMPLE SERVER CONFIGURATION #

    Example server configurations may be found in our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

    Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.

    # FEEDBACK #

    Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose
    If you do so, please include information about your device (manufacturer, model, OS version etc.).

    The log file written by the key exchange service can be sent directly from within the application.

  • Version2.4.1
    02/18/2023
    strongSwan VPN Client

    An easy to use IKEv2/IPsec-based VPN client.

    Update Log

    # 2.4.1 #

    - Changed order of DH groups to avoid issue with Zyxel Firewalls

    # 2.4.0 #

    - Switched from BoringSSL to OpenSSL
    - Added support for the following algorithms: Curve448 ECDH, AES-CCM, Camellia (CBC/CTR/XCBC), SHA-3 (HMAC/PKCS#1)
    - Fixed an issue that caused file descriptor leaks when fetching OCSP/CRLs
    - Improved translation for simplified Chinese
    - Correctly included Ukrainian translation
    - Increased minimum SDK version to 21 (Android 5.0)

    Screenshots
    App Description

    Official Android port of the popular strongSwan VPN solution.

    # FEATURES AND LIMITATIONS #

    * Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
    * Uses the IKEv2 key exchange protocol (IKEv1 is *not* supported)
    * Uses IPsec for data traffic (L2TP is *not* supported)
    * Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
    * Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
    * Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
    * VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
    * IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
    * Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
    * Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
    * The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
    * Passwords are currently stored as cleartext in the database (only if stored with a profile)
    * VPN profiles may be imported from files

    Details and a changelog can be found on our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

    # PERMISSIONS #

    * READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions
    * QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case

    # EXAMPLE SERVER CONFIGURATION #

    Example server configurations may be found in our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

    Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.

    # FEEDBACK #

    Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose
    If you do so, please include information about your device (manufacturer, model, OS version etc.).

    The log file written by the key exchange service can be sent directly from within the application.

  • Version2.4.0
    02/15/2023
    strongSwan VPN Client

    An easy to use IKEv2/IPsec-based VPN client.

    Update Log

    # 2.4.0 #

    - Switched from BoringSSL to OpenSSL
    - Added support for the following algorithms: Curve448 ECDH, AES-CCM, Camellia (CBC/CTR/XCBC), SHA-3 (HMAC/PKCS#1)
    - Fixed an issue that caused file descriptor leaks when fetching OCSP/CRLs
    - Improved translation for simplified Chinese
    - Correctly included Ukrainian translation
    - Increased minimum SDK version to 21 (Android 5.0)

    Screenshots
    Video
    App Description

    Official Android port of the popular strongSwan VPN solution.

    # FEATURES AND LIMITATIONS #

    * Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
    * Uses the IKEv2 key exchange protocol (IKEv1 is *not* supported)
    * Uses IPsec for data traffic (L2TP is *not* supported)
    * Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
    * Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
    * Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
    * VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
    * IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
    * Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
    * Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
    * The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
    * Passwords are currently stored as cleartext in the database (only if stored with a profile)
    * VPN profiles may be imported from files

    Details and a changelog can be found on our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

    # PERMISSIONS #

    * READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions
    * QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case

    # EXAMPLE SERVER CONFIGURATION #

    Example server configurations may be found in our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

    Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.

    # FEEDBACK #

    Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose
    If you do so, please include information about your device (manufacturer, model, OS version etc.).

    The log file written by the key exchange service can be sent directly from within the application.

  • Version2.3.3
    07/13/2021
    strongSwan VPN Client

    An easy to use IKEv2/IPsec-based VPN client.

    Update Log

    # 2.3.3 #

    - Adds a button to install user certificates

    # 2.3.2 #

    - Don't mark VPN connections as metered (the default changed when targeting Android 10 with the last release)

    # 2.3.1 #

    - Optionally use IPv6 transport addresses for IKE and ESP. Can only be enabled if the server supports UDP encapsulation for IPv6 (the Linux kernel only supports this since 5.8, so many servers will not support it yet)

    Screenshots
    Video
    App Description

    Official Android port of the popular strongSwan VPN solution.

    # FEATURES AND LIMITATIONS #

    * Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
    * Uses the IKEv2 key exchange protocol (IKEv1 is *not* supported)
    * Uses IPsec for data traffic (L2TP is *not* supported)
    * Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
    * Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
    * Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
    * VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
    * IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
    * Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
    * Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
    * The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
    * Passwords are currently stored as cleartext in the database (only if stored with a profile)
    * VPN profiles may be imported from files

    Details and a changelog can be found on our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

    # PERMISSIONS #

    * READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions
    * QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case

    # EXAMPLE SERVER CONFIGURATION #

    Example server configurations may be found in our docs: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

    Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.

    # FEEDBACK #

    Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose
    If you do so, please include information about your device (manufacturer, model, OS version etc.).

    The log file written by the key exchange service can be sent directly from within the application.

  • Version2020-12-02
    12/02/2020
    Size:7.0M
    strongSwan VPN Client

    An easy to use IKEv2/IPsec-based VPN client.

    Update Log

    # 2.3.2 #
    - Don't mark VPN connections as metered (the default changed when targeting Android 10 with the last release)
    # 2.3.1 #
    - Optionally use IPv6 transport addresses for IKE and ESP. Can only be enabled if the server supports UDP encapsulation for IPv6 (the Linux kernel only supports this since 5.8, so many servers will not support it yet)
    - Shows an error message if the UUID in a profile is invalid (e.g. contains no dashes)

    Screenshots
    App Description

    Official Android 4+ port of the popular strongSwan VPN solution.
    # FEATURES AND LIMITATIONS #
    * Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
    * Uses the IKEv2 key exchange protocol (IKEv1 is not supported)
    * Uses IPsec for data traffic (L2TP is not supported)
    * Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
    * Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
    * Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
    * VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
    * IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
    * Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
    * Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
    * The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
    * Passwords are currently stored as cleartext in the database (only if stored with a profile)
    * VPN profiles may be imported from files (this is the only reason why the app requests android.permission.READ_EXTERNAL_STORAGE)
    Details and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
    # EXAMPLE SERVER CONFIGURATION #
    Example server configurations may be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
    Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.
    # FEEDBACK #
    Please post bug reports and feature requests on our wiki: https://wiki.strongswan.org/projects/strongswan/issues
    If you do so, please include information about your device (manufacturer, model, OS version etc.).
    The log file written by the key exchange service can be sent directly from within the application.

  • Version2.3.2
    12/02/2020
    Size:7.0M
    strongSwan VPN Client

    An easy to use IKEv2/IPsec-based VPN client.

    Update Log

    # 2.3.2 #
    - Don't mark VPN connections as metered (the default changed when targeting Android 10 with the last release)
    # 2.3.1 #
    - Optionally use IPv6 transport addresses for IKE and ESP. Can only be enabled if the server supports UDP encapsulation for IPv6 (the Linux kernel only supports this since 5.8, so many servers will not support it yet)
    - Shows an error message if the UUID in a profile is invalid (e.g. contains no dashes)

    Screenshots
    App Description

    Official Android 4+ port of the popular strongSwan VPN solution.
    # FEATURES AND LIMITATIONS #
    * Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won\u0027t work on these devices!
    * Uses the IKEv2 key exchange protocol (IKEv1 is not supported)
    * Uses IPsec for data traffic (L2TP is not supported)
    * Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
    * Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
    * Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
    * VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
    * IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
    * Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
    * Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
    * The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
    * Passwords are currently stored as cleartext in the database (only if stored with a profile)
    * VPN profiles may be imported from files (this is the only reason why the app requests android.permission.READ_EXTERNAL_STORAGE)
    Details and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
    # EXAMPLE SERVER CONFIGURATION #
    Example server configurations may be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
    Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.
    # FEEDBACK #
    Please post bug reports and feature requests on our wiki: https://wiki.strongswan.org/projects/strongswan/issues
    If you do so, please include information about your device (manufacturer, model, OS version etc.).
    The log file written by the key exchange service can be sent directly from within the application.

  • Version2.3.1
    10/29/2020
    Size:7.0M
    strongSwan VPN Client

    An easy to use IKEv2/IPsec-based VPN client.

    Update Log

    # 2.3.1 #
    - Optionally use IPv6 transport addresses for IKE and ESP. Can only be enabled if the server supports UDP encapsulation for IPv6 (the Linux kernel only supports this since 5.8, so many servers will not support it yet)
    - Shows an error message if the UUID in a profile is invalid (e.g. contains no dashes)
    - Fixes a potential crash with the power whitelist dialog and handles screen rotation and other Activity restarts better if the corresponding information dialog is shown

    Screenshots
    App Description

    Official Android 4+ port of the popular strongSwan VPN solution.
    # FEATURES AND LIMITATIONS #
    * Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
    * Uses the IKEv2 key exchange protocol (IKEv1 is not supported)
    * Uses IPsec for data traffic (L2TP is not supported)
    * Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
    * Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
    * Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
    * VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
    * IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
    * Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
    * Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
    * The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
    * Passwords are currently stored as cleartext in the database (only if stored with a profile)
    * VPN profiles may be imported from files (this is the only reason why the app requests android.permission.READ_EXTERNAL_STORAGE)
    Details and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
    # EXAMPLE SERVER CONFIGURATION #
    Example server configurations may be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
    Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.
    # FEEDBACK #
    Please post bug reports and feature requests on our wiki: https://wiki.strongswan.org/projects/strongswan/issues
    If you do so, please include information about your device (manufacturer, model, OS version etc.).
    The log file written by the key exchange service can be sent directly from within the application.