Android 12 IKEv2/IPSec RSA Setting

[sleepingmoonmoon]

Thank you for your wonderful script! I want to use the native VPN of android 12 (type: IKEv2/IPSec RSA) instead of the Strongswan client but I don't know how setup the native VPN. What should I place in the IPSec Identifier and how should I use the certificate I have imported (.p12 file)?

Note: Other VPN types available are IKEv2/IPSec MSCHAPv2 and IKEv2/IPSec PSK

Add VPN Profile:

Imported p12 certificate:

Thank you!

[hwdsl2]

@sleepingmoonmoon Hello! You can use the native Android 12/13 IKEv2 client, but I have not yet added instructions in the docs in this repo.

For the IPsec Identifier, you can put anything in that field. The field shouldn't be required which is a bug in Android. For the IPsec user certificate, select your imported certificate. For the IPsec CA certificate, also select your imported certificate. Leave the IPsec server certificate as "received from server".

If this works for you please go ahead and close this issue.

[hwdsl2]

@sleepingmoonmoon Hello! Did you get a chance to try the instructions above?

[sleepingmoonmoon]

Hello! I tried it initially on my android 11 tablet with IKEv2/IPSec rsa in the settings but I can't seem to make it connect to the vpn. I can connect it using strongswan but not with the native VPN setting. I'll try this again later on another device to see if it will work on android 12. Thank you!

[sleepingmoonmoon]

@hwdsl2 I still cannot connect to the VPN even with android 12. Is there something I need to change in the server? thank you!

[ATLANTIS159]

I have the same problem. I'm trying to set up a native VPN client on Poco with Android 12. I installed and specified the certificate in 2 parameters and entered the IP in the IPSec identifier. When I try to connect, it constantly hangs in the "Connecting" state.

[RoyWesseling]

Hey! Just tried this and it is working flawlessly. IPsec ID: random IPsec User Cert: imported certificate IPsec CA: imported certificate

Save & connect!

I'm using a P5 with the latest updates.

[hwdsl2]

@sleepingmoonmoon There is no need to change anything on the VPN server. As @RoyWesseling mentioned, you should be able to use the native IKEv2 client in Android 12 or above to connect. First import the .sswan file using the Android IKEv2 instructions [1], then follow the steps in my comment [2]. Let us know if this resolves the issue.

[1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md#android [2] https://github.com/hwdsl2/setup-ipsec-vpn/issues/1189#issuecomment-1171452648

[sleepingmoonmoon]

Hello! It's still not working for me. Connection is OK when using the strongswan app. Is there a way to generate the CA and user certs separately? I'd like to test if it is the certificates that is causing the problem

[hwdsl2]

@sleepingmoonmoon You can find instructions to generate CA and/or user certificates in the "manually set up IKEv2" section. Expand to see details. This is for advanced users only. https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md#manually-set-up-ikev2

[sleepingmoonmoon]

I have generated the certificates and installed them to my device but android native VPN still does not work for me. I guess I'll stick to Strongswan for the meantime.

[5k1n]

Hi there! Do we have solution for Android 12 native client??

[5k1n]

WORKING !!!!!!!!