Setting up strongSwan VPN on Android

To install the VPN, we recommend installing F-droid. Afterwards, you can download strongSwan from F-droid.

Next, download the CA certificate. The specific certificate will come from your VPN provider. If you are running your own provider with OpenIKED, you'll want to download /etc/iked/ca/ca.crt onto your Android mobile. OpenHTTPd can be useful for this.

Open with strongSwan VPN Client.

Verify the certificate is correct, then tap Import Certificate. You should see Certificate successfully imported at the bottom. Once the certificate has been imported, you may need to then tap the back button at the top left.

Tap Add VPN Profile. Fill in the details:

  1. Server: Replace with your actual VPN server.
  2. VPN Type: IKEv2 EAP (Username/Password)
  3. Username: Replace username with your actual username
  4. Password: Replace password with your actual password.
  5. CA certificate: Make sure Select automatically is checked.
  6. Profile name: Replace it with your server name.

Tap Save at the top right.

Tap on the connection.

Tap OK.

Afterwards, strongSwan will need you to disable battery optimizations. Tap OK. Then, tap Allow to allow the app to run in the background.

If it has connected properly, you should see Status: Connected.

Make sure to test that your IP address is concealed.