Follow

Connecting to an Endian UTM via L2TP (IPSec) using Android

Versions 2.5, 3.0, & 5.0

Applies to platform: Any device running Android, except ICS 4.X.X.

Warning

Some users reported that they can not connect to the Endian UTM Appliance via IPsec/L2TP using Android devices, version ICS 4.X.X. After some investigation, we found out that this is a bug (#23124) in Android's VPN implementation, which sends malformed packets to the IPsec tunnel. We will keep you informed about the resolution of this bug.

This lesson describes how to connect a smartphone or tablet device with Android to an existent and running IPsec installation on the Endian UTM Appliance using PSK (password) authentication.

Note

Remember that PSK and certificate-based connections are mutually exclusive, so you can't have both in one single connection. This lesson introduces only the PSK method, which is simpler and the most widely used.

The connection via L2TP/IPsec requires the following data, that should have been previously configured on the Endian's VPN > IPsec section:

  1. The IP address or hostname of the Endian UTM appliance where IPsec runs.
  2. The PSK secret, i.e., the password of the IPSsec tunnel, that can be retrieved under Menubar > VPN > IPsec, by clicking on the Edit icon next to the connection, and then looking in the Authentication box.
  3. The username and password of the L2TP user. The username is retrievable from Menubar > VPN > VPN users, and the user must be allowed to use L2TP.

You should write the above mentioned data down or remember it, since you will have to enter them in the corresponding configuration sections of your device.

Setup of a VPN connection to the Endian UTM Appliance

Screenshot_20180905-161442.jpg

Go under Settings and click on Search button, which is the magnifying glass icon.

Screenshot_20180905-161448.jpg

Type vpn into the search field, then tap on VPN voice under the result list.

Screenshot_20180905-161455.jpg

Tap VPN again.

Screenshot_20180905-161501.jpg

Tap on "+" icon to add a new VPN.

Screenshot_20180905-161719.jpg

Here, tapping on each of the fields, you can enter the data you have written down earlier as follows:

  1. Name: the name to identify the connection, at your will.
  2. Type: Select L2TP/IPSec PSK.
  3. Server address: The IP address or hostname of the VPN Server.
  4. IPSec pre-shared key. The PSK secret as configured on Endian UTM Appliance.
  5. Username: type IPsec username as configured on Endian UTM Appliance.
  6. Password: type IPsec password as configured on Endian UTM Appliance.

Screenshot_20180905-161726.jpg

The connection is now set up. To start using it, just tap on the connection's name (Acme, Inc in our example) to open the following screen:

Screenshot_20180905-161803.jpg

  1. Enter your username.
  2. Enter your password.
  3. For your convenience. you can tick Save account information, so you won't be asked for it every time.
  4. Select Connect.

Screenshot_20180905-161817.jpg

Connected will appear under VPN profile name, and it means the connection has been successfully established.
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    J. Schuh GmbH

    IPsec does still not work with Android (S3/Android 4.0.4)

  • Avatar
    Daniele De Lorenzi

    Thank you for your feedback. We wrote this howto while setting up the connection on a HTC Desire running Android 2.3.7 we also tested this howto on a Samsung Galaxy Nexus ICS 4.0 and HTC Desire with custom ROM running Android ICS 4.0.4. What exactly does not work and which is the error message displayed?

  • Avatar
    J. Schuh GmbH

    The message is "Timeout". The same configuration is working with an iPhone.

  • Avatar
    Daniele De Lorenzi

    We suggest that you open a ticket and allow us to acces your appliance for a further investigation.

  • Avatar
    Christian Herdegen

    for me the same, i  always " ciht erfolgreich"  i tested with Desire HD and ICS,  ans Samsung Galaxy tab 10.1 with ICS

  • Avatar
    Daniele De Lorenzi

    Christian as you commented here -> https://endian.zendesk.com/entries/21129081 you have an endian 2.4 release so this release doesn't have L2TP feature.

    If you are interested to this feature you can open a ticket to upgrade your appliance to 2.5