- App :strongSwan VPN Client
- 版本 :2.1.1
- 系統 :4.0.3 以上版本
- 提供者 :strongSwan Project
- 開發人員 :Home
strongSwan VPN Client介紹 :
Official Android 4+ port of the popular strongSwan VPN solution.
# FEATURES AND LIMITATIONS #
* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this – strongSwan VPN Client won't work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is not supported)
* Uses IPsec for data traffic (L2TP is not supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
* Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
* IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
* Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
* Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
* The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)
* VPN profiles may be imported from files (this is the only reason why the app requests android.permission.READ_EXTERNAL_STORAGE)
Details and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
# EXAMPLE SERVER CONFIGURATION #
Example server configurations may be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.
# FEEDBACK #
Please post bug reports and feature requests on our wiki: https://wiki.strongswan.org/projects/strongswan/issues
If you do so, please include information about your device (manufacturer, model, OS version etc.).
The log file written by the key exchange service can be sent directly from within the application.流行strongSwan VPN解決方案的官方Android 4+端口。
#功能和限制#
*採用VpnService API由Android 4+特色。一些製造商的設備似乎缺乏這種支持 – strongSwan VPN客戶端將無法在這些設備上工作!
*使用IKEv2的密鑰交換協議(不支持的IKEv1)
*使用IPSec的數據流量(不支持L2TP)
通過MOBIKE(或再認證),用於改變的連接性和移動性*完全支持
*支持用戶名/密碼EAP認證(即EAP-MSCHAPv2的,EAP-MD5和EAP-GTC)以及RSA / ECDSA私鑰/證書認證用戶進行身份驗證,EAP-TLS與客戶端證書,也支持
*組合RSA / ECDSA和EAP認證是通過使用兩個認證兩輪如RFC 4739定義的支持的
* VPN服務器證書驗證對CA證書預先安裝或系統上的用戶安裝。用於驗證服務器的CA或服務器證書也可直接導入到該應用。
如果VPN服務器支持支持IKEv2的*碎片(strongSwan這樣做,因為5.2.1)
*分割隧道允許通過VPN僅發送一定的流量和/或從它不包括特定的流量
*每個應用VPN允許限制對特定應用的VPN連接,或者用它排除他們
*本IPsec實現目前支持AES-CBC,AES-GCM,ChaCha20 / Poly1305和SHA1 / SHA2算法
*密碼當前存儲在數據庫中的明文(僅當存儲用的譜)
* VPN配置文件可以從文件導入(這就是為什麼應用程序請求android.permission.READ_EXTERNAL_STORAGE的唯一原因)
詳細信息以及更新可以在我們的wiki上找到:https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
#示例服務器配置#
例如服務器配置可以在我們的wiki上找到:https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
請註意,與應用程式* VPN配置文件配置的主機名(或IP地址)必須包含*服務器證書subjectAltName擴展英寸
# 反饋 #
https://wiki.strongswan.org/projects/strongswan/issues:請我們的wiki上張貼的bug報告和功能要求
如果你這樣做,請附上您的設備(製造商,型號,操作系統版本等)的信息。
通過密鑰交換服務寫入日誌文件可以直接從應用程序內發送。