Oct 1, 2010

Adding VPN connections to Android

Android platform included support for PPTP, L2TP and IPSec-based VPN connections.
This article will give an overview of where to find the settings governing VPN connections, what connection settings are required, and how to install and select certificates.
VPN settings are located in the Settings menu under Settings --> Wireless Controls --> VPN Settings:
Android Donut VPN Settings
The following types of VPN connection are supported:
  • Point to Point Tunnelling Protocol (PPTP)
  • Layer 2 Tunnelling Protocol (L2TP)
  • Layer 2 Tunnelling Protocol with IPSec Pre-Shared Key
  • Certificate based IPSec VPN with optional L2TP shared secret
Android Donut VPN Settings


Adding a PPTP-based VPN connection requires only that an identifying name be entered for the connection, and the name or IP address of the VPN server:
Android Donut VPN Settings
DNS Search domains can be entered, to identify 'domain.com' as sitting 'behind' the VPN and to use the remote DNS servers on that network when searching for entries within the specified domain.
Once saved, the VPN connection will be listed:
Android Donut VPN Settings
Tapping and holding on the entry for the connection will display a context menu allowing you to initiate the connection, edit it or remove it:
Android Donut VPN Settings
Initiating the connection will prompt you to enter your username and password:
Android Donut VPN Settings


Adding an L2TP-based connection is almost identical, except that you can select to use a shared secret and configure the details of that secret:
Android Donut VPN Settings


The IPSec Pre-Shared Key L2TP-based VPN requires the same settings, but also allows for an IPSec key to be configured:
Android Donut VPN Settings


Certificate-based VPN connections require that server and user certificates be installed on the device. These need to be exported from the VPN server in .DER format and copied onto the device. These can be loaded from the SD memory card, or can be downloaded via the browser.
ADDENDUM - whilst I found on the unit used to create this article originally that DER certificate files were required, if you find that opening your certificate in the web browser simply downloads the text content of the file, try using CRT format files instead.
When installing the certificate, you will be prompted to enter a name to identify it:
Android Donut VPN Settings
If you are prompted to enter a password before you can import the certificate:
Android Donut VPN Settings
this implies that the 'Secure Storage' feature has been enabled on the device. This is configured within Settings --> Security:
Android Donut VPN Settings
Once the certificate has been installed, when creating the VPN connection, the certificate will appear in the list of available certificates:
Android Donut VPN Settings Android Donut VPN Settings
with the name you entered to identify it.
Your VPN connection has now been configured. For details on troubleshooting mobile VPN connections, read this article: http://blog.brightpointuk.co.uk/troubleshooting-mobile-vpn-connections
For details on how to tunnel VNC via SSH on Android, read this article - http://blog.brightpointuk.co.uk/connect-ssh-vpn-vnc-android-device


Guy01 said...

Can you please tell me what theme is that? It looks really nice!

Anonymous said...

How do you use the CRT in conjunction with a L2TP shared secret? Will the user be prompted to enter this at connection time?

لاعبه الجمباز said...

waselpro vpn service is perfect for android system , you can browse the internet freely and secured with high speed


Post a Comment