Add Android 12 built-in IKEv2/IPSec VPN support

[libnumafly]

Hi all,

I recently upgraded my Pixel 3 XL to Android 12 Public Beta.

When I was looking for changes to accompany the upgrade, I found that the VPN only accepts IKEv2/IPSec combination configurations with the make new connection settings.
(Can use existing connection as is, but get a warning message it is not secure.)

Can this be handled by server-side settings?
If not, may need to add support.

(may be related: #13 )

[davidebeatrici]

#13 is the feature request for IKEv2.

[metalefty]

There's no IKEv2 support so far but maybe it is a good chance to implement IKEv2.

[andrewfer000]

I was just about to suggest an IKEv2/StrongSwan Clone Server. I've been reading about the protocol recently but I do not have the experience to implement it myself. IKEv2/StrongSwan uses the IPSec protocol suite and uses ports 500 and 4500 UDP. Just like with Wireguard, I can test the implementation if you or another developer decides to do it.

Also, L2TP/IPsec is starting to get less and less secure compared to the other protocols such as OpenVPN and SoftEther as time goes on and I think IKEv2 could be a good solution to the problem because of it's more secure key exchange. Also it adds another IPSec option to SoftEther VPN which is just a good thing overall.

[libnumafly]

Thanks reply.

This problem can be avoided with OpenVPN, but it is not a solution, too.

Adding features was discussed in #13, but I opened this issue as I began to see the concrete impact of an environment that only accepts IKEv2. (=Android 12)

[libnumafly]

Edited title to clear to need.

[libnumafly]

Hi,

The official release of Android 12 is coming soon.
If upgrading a device with saved L2TP/IPSec settings to Android 12, can continue to use the already saved settings, but cannot add new L2TP/IPSec settings.

If this is the case, will have to install a third-party VPN client (like OpenVPN) to connect from Android 12 or higher devices if add new connection settings.

I think support for IKEv2/IPSec needs to be a higher priority.

[hornos]

Is there any plan to merge Nova's IKEv2 fork? https://github.com/NovaVPN/SoftEtherVPN

[00itsm00]

Is there any update on ikev2 libraries for Android 12?

[Power2All]

Any update on this ?
It's quiet annoying to need to use a 3rd party app to make it connect to SoftEther at all now.

[supersnsd]

Hi,

The official release of Android 12 is coming soon. If upgrading a device with saved L2TP/IPSec settings to Android 12, can continue to use the already saved settings, but cannot add new L2TP/IPSec settings.

If this is the case, will have to install a third-party VPN client (like OpenVPN) to connect from Android 12 or higher devices if add new connection settings.

I think support for IKEv2/IPSec needs to be a higher priority.
Is there a recommended third-party VPN client recommended?

[libnumafly]

@supersnsd

Is there a recommended third-party VPN client recommended?

I think, using OpenVPN would be the best solution. The SEVPN Server Configuration Tool has the ability to generate a basic OpenVPN configuration file.

[firefoxcrc]

Hi. I have a Moto g100 and it's already on 12 and the "Save" is grayed out! Can't create a VPN profile. Very annoying.

[matoproject]

Hi. I have a Moto g100 and it's already on 12 and the "Save" is grayed out! Can't create a VPN profile. Very annoying.
Beacause IPSEC identifier field can nt blank....

[Battle-l]

I have a same problem, have you deal with it yet?

Hi. I have a Moto g100 and it's already on 12 and the "Save" is grayed out! Can't create a VPN profile. Very annoying.
Beacause IPSEC identifier field can nt blank....

[domosekai]

Closing in favor of #13

[KittyBua]

Go strong swan app