It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Native Android IPsec VPN Client

  • Last updated on

If you are not using the integrated TINA VPN client in CudaLaunch for Android, you can also manually configure the native IPsec client on the mobile device. This setup must be completed on every device that connects to the client-to-site VPN and is valid only for IPsec IKEv1 VPN configurations. Changes to the VPN configuration must be replicated manually on every connected device.

Manually configuring and managing IPsec VPN connections on mobile devices is not recommended. Due to the large number of device types, operating system variants and the frequency of system updates manually configured IPsec VPN connections often do not work. Instead of manually configuring IPsec VPN connections on mobile devices, we strongly recommend using CudaLaunch  to automatically manage the VPN connection and to keep the client configuration up-to-date.

For more information, see CudaLaunch.

Before You Begin

Configure the Native Android IPsec VPN Client for Client-to-Site IPsec VPNs with PSK

  1. On the Android device, tap Settings.
  2. In the Wireless & Networks section, tap More.
  3. Tap VPN.
  4. Add the VPN by tapping the plus sign (+) next to VPN.
  5. On the Edit VPN profile page, configure these settings: 
    • Name – Enter a name for the VPN connection (e.g., IPsec PSK).
    • Type – Select IPSec Xauth PSK.
    • Server address – Enter the network address for the VPN service (e.g., 10.0.0.2).
    • IPSec identifier – Enter a random string. This string is used to as part of the IP Group identifier on the VPN > Client-to-Site page.
    • IPSec pre-shared key – Enter the PSK.
      IPsecPSKAndroidClient.png
  6. To connect to the VPN, tap its name (e.g., IPsec PSK).
    IPsecPSKAndroidTapToConnect.png
  7. Enter your Username and Password, and then tap Connect.
    IPsecPSKAndroidUserPasswordPrompt.png

Configure the Native Android IPsec VPN Client for Client-to-Site IPsec VPNs with Client Certificate Authentication

Step 1. Set up Certificates on the Android Device
  1. Copy the certificates to the Android device's internal storage.
  2. Tap Settings > Security > Install from Storage.
  3. Tap the root certificate.
  4. Enter a Certificate Name and select VPN and apps
  5. Click OK.
  6. If prompted, enter your PIN or unlock pattern. A message stating, 'Root CA installed' appears briefly at the bottom of the screen.
  7. Enter a Certificate Name and select VPN and apps.
  8. Click OK to install the certificate. 

The certificate appears under the User tab at Settings > Security > Trusted Credentials.

Step 2. Set up the Android VPN Client
  1. Tap Settings.
  2. In the Wireless & Networks section, tap More.
  3. Tap VPN.
  4. Add the VPN by tapping the plus sign (+) next to VPN.
  5. On the Edit VPN profile page, configure these settings:
    • Name –  Enter a name for the VPN connection (e.g., WorkVPNConnection).
    • Type – Select IPsec Xauth RSA.
    • Server address – Enter the network address for the VPN service (e.g., 123.45.6.7).
    • IPsec  user certificate – Select the previously installed user certificate (e.g., AndroidCert).
    • IPsec CA certificate – Select the previously install root certificate (e.g., RootCert).

To connect to the VPN, tap the VPN configuration entry you just created.