strongSwan VPN Client
An easy to use IKEv2/IPsec-based VPN client.
新版本 2.4.1
# 2.4.1 #
- Changed order of DH groups to avoid issue with Zyxel Firewalls
# 2.4.0 #
- Switched from BoringSSL to OpenSSL
- Added support for the following algorithms: Curve448 ECDH, AES-CCM, Camellia (CBC/CTR/XCBC), SHA-3 (HMAC/PKCS#1)
- Fixed an issue that caused file descriptor leaks when fetching OCSP/CRLs
- Improved translation for simplified Chinese
- Correctly included Ukrainian translation
- Increased minimum SDK version to 21 (Android 5.0)
- Changed order of DH groups to avoid issue with Zyxel Firewalls
# 2.4.0 #
- Switched from BoringSSL to OpenSSL
- Added support for the following algorithms: Curve448 ECDH, AES-CCM, Camellia (CBC/CTR/XCBC), SHA-3 (HMAC/PKCS#1)
- Fixed an issue that caused file descriptor leaks when fetching OCSP/CRLs
- Improved translation for simplified Chinese
- Correctly included Ukrainian translation
- Increased minimum SDK version to 21 (Android 5.0)
Official Android port of the popular strongSwan VPN solution.
# FEATURES AND LIMITATIONS #
Details and a changelog can be found in our documentation: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html
# PERMISSIONS #
# EXAMPLE SERVER CONFIGURATION #
Example server configurations may be found in our documentation: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration
Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.
# FEEDBACK #
Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose
If you do so, please include information about your device (manufacturer, model, OS version etc.).
The log file written by the key exchange service can be sent directly from within the application.
# FEATURES AND LIMITATIONS #
- Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
- Uses the IKEv2 key exchange protocol (IKEv1 is not supported)
- Uses IPsec for data traffic (L2TP is not supported)
- Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
- Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
- Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
- VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
- IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
- Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
- Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
- The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
- Passwords are currently stored as cleartext in the database (only if stored with a profile)
- VPN profiles may be imported from files
Details and a changelog can be found in our documentation: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html
# PERMISSIONS #
- READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions
- QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case
# EXAMPLE SERVER CONFIGURATION #
Example server configurations may be found in our documentation: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration
Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.
# FEEDBACK #
Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose
If you do so, please include information about your device (manufacturer, model, OS version etc.).
The log file written by the key exchange service can be sent directly from within the application.
版本
尽管下面提供了 APK 安装包的下载选项,但你应该注意,以这种方式安装将不会收到更新通知,这是一种不太安全的下载方式。 我们建议你安装使用 F-Droid 客户端。
下载 F-Droid-
arm64-v8aarmeabi-v7ax86x86_64该版本需要 Android 5.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
arm64-v8aarmeabi-v7ax86x86_64该版本需要 Android 5.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
arm64-v8aarmeabi-v7ax86x86_64该版本需要 Android 4.0.3 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
