- App :strongSwan VPN Client
- 版本 :2.1.1
- 系统 :4.0.3 及更高版本
- 提供者 :strongSwan Project
- 开发者 :Home
strongSwan VPN Client介绍 :
Official Android 4+ port of the popular strongSwan VPN solution.
# FEATURES AND LIMITATIONS #
* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this – strongSwan VPN Client won't work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is not supported)
* Uses IPsec for data traffic (L2TP is not supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
* Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
* IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
* Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
* Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
* The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)
* VPN profiles may be imported from files (this is the only reason why the app requests android.permission.READ_EXTERNAL_STORAGE)
Details and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
# EXAMPLE SERVER CONFIGURATION #
Example server configurations may be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.
# FEEDBACK #
Please post bug reports and feature requests on our wiki: https://wiki.strongswan.org/projects/strongswan/issues
If you do so, please include information about your device (manufacturer, model, OS version etc.).
The log file written by the key exchange service can be sent directly from within the application.流行strongSwan VPN解决方案的官方Android 4+端口。
#功能和限制#
*采用VpnService API由Android 4+特色。一些制造商的设备似乎缺乏这种支持 – strongSwan VPN客户端将无法在这些设备上工作!
*使用IKEv2的密钥交换协议(不支持的IKEv1)
*使用IPSec的数据流量(不支持L2TP)
通过MOBIKE(或再认证),用于改变的连接性和移动性*完全支持
*支持用户名/密码EAP认证(即EAP-MSCHAPv2的,EAP-MD5和EAP-GTC)以及RSA / ECDSA私钥/证书认证用户进行身份验证,EAP-TLS与客户端证书,也支持
*组合RSA / ECDSA和EAP认证是通过使用两个认证两轮如RFC 4739定义的支持的
* VPN服务器证书验证对CA证书预先安装或系统上的用户安装。用于验证服务器的CA或服务器证书也可直接导入到该应用。
如果VPN服务器支持支持IKEv2的*碎片(strongSwan这样做,因为5.2.1)
*分割隧道允许通过VPN仅发送一定的流量和/或从它不包括特定的流量
*每个应用VPN允许限制对特定应用的VPN连接,或者用它排除他们
*本IPsec实现目前支持AES-CBC,AES-GCM,ChaCha20 / Poly1305和SHA1 / SHA2算法
*密码当前存储在数据库中的明文(仅当存储用的谱)
* VPN配置文件可以从文件导入(这就是为什么应用程序请求android.permission.READ_EXTERNAL_STORAGE的唯一原因)
详细信息以及更新可以在我们的wiki上找到:https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
#示例服务器配置#
例如服务器配置可以在我们的wiki上找到:https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
请注意,与应用程式* VPN配置文件配置的主机名(或IP地址)必须包含*服务器证书subjectAltName扩展英寸
# 反馈 #
https://wiki.strongswan.org/projects/strongswan/issues:请我们的wiki上张贴的bug报告和功能要求
如果你这样做,请附上您的设备(制造商,型号,操作系统版本等)的信息。
通过密钥交换服务写入日志文件可以直接从应用程序内发送。