package icon

strongSwan VPN Client

An easy to use IKEv2/IPsec-based VPN client.
New in version 2.5.2
# 2.5.2 #

- Increased target SDK to Android 14
- Due to a bug in Android 14, a new permission is necessary to start a profile in the background from the status tile
- Fix crash when listing installed apps for new profiles

# 2.5.1 #

- Fix for existing shortcuts and automation via Intents

# 2.5.0 #

- Support for managed configurations via enterprise mobility management (EMM)
Official Android port of the popular strongSwan VPN solution.

# FEATURES AND LIMITATIONS #


  • Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!

  • Uses the IKEv2 key exchange protocol (IKEv1 is not supported)

  • Uses IPsec for data traffic (L2TP is not supported)

  • Full support for changed connectivity and mobility through MOBIKE (or reauthentication)

  • Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported

  • Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739

  • VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.

  • IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)

  • Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it

  • Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it

  • The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms

  • Passwords are currently stored as cleartext in the database (only if stored with a profile)

  • VPN profiles may be imported from files

  • Supports managed configurations via enterprise mobility management (EMM)



Details and a changelog can be found in our documentation: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html

# PERMISSIONS #


  • READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions

  • QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case



# EXAMPLE SERVER CONFIGURATION #

Example server configurations may be found in our documentation: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration

Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.

# FEEDBACK #

Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose
If you do so, please include information about your device (manufacturer, model, OS version etc.).

The log file written by the key exchange service can be sent directly from within the application.

Versions

Although APK downloads are available below to give you the choice, you should be aware that by installing that way you will not receive update notifications and it's a less secure way to download. We recommend that you install the F-Droid client and use that.

Download F-Droid
  • Version 2.5.2 (84) suggested Added on Aug 12, 2024

    arm64-v8a armeabi-v7a x86 x86_64

    This version requires Android 5.0 or newer.

    It is built by F-Droid and guaranteed to correspond to this source tarball.

    Permissions
    • view network connections
      Allows the app to view information about network connections such as which networks exist and are connected.
    • run foreground service
      Allows the app to make use of foreground services.
    • run foreground service with the type "specialUse"
      Allows the app to make use of foreground services with the type "specialUse"
    • have full network access
      Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.
    • show notifications
      Allows the app to show notifications
    • query all packages
      Allows an app to see all installed packages.
    • read the contents of your shared storage
      Allows the app to read the contents of your shared storage.
    • ask to ignore battery optimizations
      Allows an app to ask for permission to ignore battery optimizations for that app.
    • This app can appear on top of other apps
      This app can appear on top of other apps or other parts of the screen. This may interfere with normal app usage and change the way that other apps appear.
    • org.strongswan.android.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

    Download APK 11 MiB PGP Signature | Build Log

  • Version 2.4.2 (80) - Added on Sep 06, 2023

    arm64-v8a armeabi-v7a x86 x86_64

    This version requires Android 5.0 or newer.

    It is built by F-Droid and guaranteed to correspond to this source tarball.

    Permissions
    • view network connections
      Allows the app to view information about network connections such as which networks exist and are connected.
    • run foreground service
      Allows the app to make use of foreground services.
    • have full network access
      Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.
    • show notifications
      Allows the app to show notifications
    • query all packages
      Allows an app to see all installed packages.
    • read the contents of your shared storage
      Allows the app to read the contents of your shared storage.
    • ask to ignore battery optimizations
      Allows an app to ask for permission to ignore battery optimizations for that app.

    Download APK 10 MiB PGP Signature | Build Log

  • Version 2.4.1 (79) - Added on Feb 20, 2023

    arm64-v8a armeabi-v7a x86 x86_64

    This version requires Android 5.0 or newer.

    It is built by F-Droid and guaranteed to correspond to this source tarball.

    Permissions
    • view network connections
      Allows the app to view information about network connections such as which networks exist and are connected.
    • run foreground service
      Allows the app to make use of foreground services.
    • have full network access
      Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.
    • query all packages
      Allows an app to see all installed packages.
    • read the contents of your shared storage
      Allows the app to read the contents of your shared storage.
    • ask to ignore battery optimizations
      Allows an app to ask for permission to ignore battery optimizations for that app.

    Download APK 10 MiB PGP Signature | Build Log