To connect to a client-to-site VPN with an Android device, you can either manually configure the built-in IPsec VPN client, or use the TINA client included in CudaLaunch for Android. The native Android IPsec VPN client supports IPsec, L2TP, and PPTP VPNs for Android version 4.0 and higher. Devices with Android version 2.3 are limited to PPTP and L2TP. Follow the steps in this article to configure an Android device to connect to a client-to-site IPsec VPN with X.509 certificates and XAUTH authentication.
In this article:
Set Up Certificates on the Android Device
- Copy the certificates to the Android device's internal storage.
- Tap Settings > Security > Install from Storage.
- Tap the root certificate.
- Enter a Certificate Name and select VPN and apps.
- Click OK.
- If prompted, enter your PIN or unlock pattern. A message stating, "Root CA installed" appears briefly at the bottom of the screen.
- Enter a Certificate Name and select VPN and apps.
- Click OK to install the certificate.
The certificate appears under the User tab at Settings > Security > Trusted Credentials.
Set Up the Android VPN Client
- Tap Settings.
- In the Wireless & Networks section, tap More.
- Tap VPN.
- Add the VPN by tapping the plus sign (+) next to VPN.
- On the Edit VPN profile page, configure these settings:
- Name – Enter a name for the VPN connection (e.g.,
WorkVPNConnection). - Type – Select IPsec Xauth RSA.
- Server address – Enter the network address for the VPN service (e.g.,
123.45.6.7). - IPsec user certificate – Select the previously installed user certificate (e.g.,
AndroidCert). - IPsec CA certificate – Select the previously install root certificate (e.g.,
RootCert).
- Name – Enter a name for the VPN connection (e.g.,
To connect to the VPN, tap its name.