It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see for further information on our EoS policy.

How to Configure Android Devices for Client-to-Site IPsec VPN Connections

  • Last updated on

IPsec VPNs are supported for Android version 4.0 and above. Devices with Android version 2.3 are limited to PPTP and L2TP.

The native Android VPN client supports IPsec, L2TP, and PPTP VPNs. Follow the steps in this article to configure an Android device to connect to a client-to-site IPsec VPN with X.509 certificates and XAUTH authentication.

In this article:

Set Up Certificates on the Android Device

  1. Copy the certificates to the Android device's internal storage.
  2. Tap Settings > Security > Install from Storage.
  3. Tap the root certificate.
  4. Enter a Certificate Name and select VPN and apps
  5. Click OK.
  6. If prompted, enter your PIN or unlock pattern. A message stating, "Root CA installed" appears briefly at the bottom of the screen.
  7. Enter a Certificate Name and select VPN and apps.
  8. Click OK to install the certificate. 

The certificate appears under the User tab at Settings > Security > Trusted Credentials.

Set Up the Android VPN Client

  1. Tap Settings.
  2. In the Wireless & Networks section, tap More.
  3. Tap VPN.
  4. Add the VPN by tapping the plus sign (+) next to VPN.
  5. On the Edit VPN profile page, configure these settings:
    • Name –  Enter a name for the VPN connection (e.g., WorkVPNConnection).
    • Type – Select IPsec Xauth RSA.
    • Server address – Enter the network address for the VPN service (e.g.,
    • IPsec  user certificate – Select the previously installed user certificate (e.g., AndroidCert).
    • IPsec CA certificate – Select the previously install root certificate (e.g., RootCert).

To connect to the VPN, tap its name.

Last updated on