Connecting to an Endian UTM via L2TP (IPSec) using Android – Endian

Versions 2.5, 3.0, & 5.0

Applies to platform: Any device running Android, except ICS 4.X.X.

Warning

Some users reported that they can not connect to the Endian UTM Appliance via IPsec/L2TP using Android devices, version ICS 4.X.X. After some investigation, we found out that this is a bug (#23124) in Android's VPN implementation, which sends malformed packets to the IPsec tunnel. We will keep you informed about the resolution of this bug.

This lesson describes how to connect a smartphone or tablet device with Android to an existent and running IPsec installation on the Endian UTM Appliance using PSK (password) authentication.

Note

Remember that PSK and certificate-based connections are mutually exclusive, so you can't have both in one single connection. This lesson introduces only the PSK method, which is simpler and the most widely used.

The connection via L2TP/IPsec requires the following data, that should have been previously configured on the Endian's VPN > IPsec section:

The IP address or hostname of the Endian UTM appliance where IPsec runs.
The PSK secret, i.e., the password of the IPSsec tunnel, that can be retrieved under Menubar > VPN > IPsec, by clicking on the Edit icon next to the connection, and then looking in the Authentication box.
The username and password of the L2TP user. The username is retrievable from Menubar > VPN > VPN users, and the user must be allowed to use L2TP.

You should write the above mentioned data down or remember it, since you will have to enter them in the corresponding configuration sections of your device.

Setup of a VPN connection to the Endian UTM Appliance

Go under Settings and click on Search button, which is the magnifying glass icon.

Type vpn into the search field, then tap on VPN voice under the result list.

Tap VPN again.

Tap on "+" icon to add a new VPN.

Here, tapping on each of the fields, you can enter the data you have written down earlier as follows:

Name: the name to identify the connection, at your will.
Type: Select L2TP/IPSec PSK.
Server address: The IP address or hostname of the VPN Server.
IPSec pre-shared key. The PSK secret as configured on Endian UTM Appliance.
Username: type IPsec username as configured on Endian UTM Appliance.
Password: type IPsec password as configured on Endian UTM Appliance.

The connection is now set up. To start using it, just tap on the connection's name (Acme, Inc in our example) to open the following screen:

Enter your username.
Enter your password.
For your convenience. you can tick Save account information, so you won't be asked for it every time.
Select Connect.

Connected will appear under VPN profile name, and it means the connection has been successfully established.

Comments

J. Schuh GmbH August 09, 2012 16:31

IPsec does still not work with Android (S3/Android 4.0.4)

Comment actions Permalink
Daniele De Lorenzi August 10, 2012 07:38

Thank you for your feedback. We wrote this howto while setting up the connection on a HTC Desire running Android 2.3.7 we also tested this howto on a Samsung Galaxy Nexus ICS 4.0 and HTC Desire with custom ROM running Android ICS 4.0.4. What exactly does not work and which is the error message displayed?

Comment actions Permalink
J. Schuh GmbH August 10, 2012 14:02

The message is "Timeout". The same configuration is working with an iPhone.

Comment actions Permalink
Daniele De Lorenzi August 10, 2012 14:42

We suggest that you open a ticket and allow us to acces your appliance for a further investigation.

Comment actions Permalink
Christian Herdegen August 11, 2012 13:54

for me the same, i always " ciht erfolgreich" i tested with Desire HD and ICS, ans Samsung Galaxy tab 10.1 with ICS

Comment actions Permalink
Daniele De Lorenzi August 13, 2012 06:49

Christian as you commented here -> https://endian.zendesk.com/entries/21129081 you have an endian 2.4 release so this release doesn't have L2TP feature.

If you are interested to this feature you can open a ticket to upgrade your appliance to 2.5

Comment actions Permalink