569
edits
Changes
Setting up an IPsec tunnel between RUT and Android phone (view source)
Revision as of 10:50, 4 August 2023
, 10:50, 4 August 2023no edit summary
* Android phone with Android 13 or newer version;
* Android phone with Android 13 or newer version;
If you're having trouble finding any page or some of the parameters described here on your device's WebUI, you should turn on '''"Advanced WebUI"''' mode. You can do that by '''clicking''' the '''"Basic"''' button '''under''' '''"Mode,"''' which is located at the top-right corner of the WebUI.
If you're having trouble finding any page or some of the parameters described here on your device's WebUI, you should turn on '''"Advanced WebUI"''' mode. You can do that by '''clicking''' the '''"Basic"''' button '''under''' '''"Mode"''', which is located at the top-right corner of the WebUI.
[[File:Networking rut9 manual webui basic advanced mode.gif|border|center|class=tlt-border|1102x52px]]
[[File:Networking rut9 manual webui basic advanced mode.gif|border|center|class=tlt-border|1102x52px]]
==Topology==
==Topology==
[[File:IPsec android topology.png|800px|border|class=tlt-border]]
In this configuration example we have a Teltonika router on one end of the tunnel and an Android phone on the other end. Router has a Public Static IP address and is reachable from the internet, phone in this case has a Private IP provided by the ISP.
==Router configuration==
==Router configuration==
<tr>
<tr>
<th width=330; style="border-bottom: 1px solid white;></th>
<th width=330; style="border-bottom: 1px solid white;></th>
<th width=800; style="border-bottom: 1px solid white"; rowspan=2>[[|border|class=tlt-border|755x406px|right]]</th>
<th width=800; style="border-bottom: 1px solid white"; rowspan=2>[[File:Mainsettings.png|border|class=tlt-border|755x406px|right]]</th>
</tr>
</tr>
<tr>
<tr>
<tr>
<tr>
<th width=330; style="border-bottom: 1px solid white;></th>
<th width=330; style="border-bottom: 1px solid white;></th>
<th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[|border|class=tlt-border|753x368px|right]]</th>
<th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:Connection settings 1.png|border|class=tlt-border|753x368px|right]]</th>
</tr>
</tr>
<tr>
<tr>
</tr>
</tr>
</table>
</table>
===Advanced Connection settings===
===Advanced Connection settings===
----
----
<tr>
<tr>
<th width=330; style="border-bottom: 1px solid white;></th>
<th width=330; style="border-bottom: 1px solid white;></th>
<th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[|border|class=tlt-border|752x541px|right]]</th>
<th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:Advanced settings 1.png|border|class=tlt-border|752x541px|right]]</th>
</tr>
</tr>
<tr>
<tr>
</tr>
</tr>
</table>
</table>
===Proposal configuration===
----
<table class="nd-othertables_2">
<tr>
<th width=330; style="border-bottom: 1px solid white;></th>
<th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:Phase1 settings.png|border|class=tlt-border|742x254px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 4px solid white>
# Encryption - '''''AES256;'''''
# Authentication - '''''SHA256;'''''
# DH group - '''''MODP2048;'''''
</td>
</tr>
</table>
----
<table class="nd-othertables_2">
<tr>
<th width=330; style="border-bottom: 1px solid white;></th>
<th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:Phase2 connection.png|border|class=tlt-border|748x257px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 4px solid white>
# Encryption - '''''AES256;'''''
# Authentication - '''''SHA256;'''''
# DH group - '''''MODP1024;'''''
</td>
</tr>
</table>
==Android configuration==
Open Settings, navigate to '''Connections → More connection settings → VPN''' and '''Add VPN profile''' (VPN configuration could be placed in a different location, which could vary from phone to phone, if you're not able to find the settings, please refer to user manual). Configure everything as follows.
===VPN Profile configuration===
----
<table class="nd-othertables_2">
<tr>
<th width=400; style="border-bottom: 1px solid white;></th>
<th width=600; style="border-bottom: 1px solid white;" rowspan=2>[[File:Phonesettings Ipsec.png|border|class=tlt-border|742x399px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 4px solid white>
# Name - '''''Your preferred name for VPN profile;'''''
# Type - '''''IKEv2/IPSec PSK;'''''
# Server address - '''''RUT public IP;'''''
# IPSec identifier - '''''Your preferred identifier;'''''
# Pre-shared key - the '''''same password''''' you have '''''set on''''' '''''RUT''''' when configuring '''''IPsec instance;'''''
</td>
</tr>
</table>
==Testing the configuration==
If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly.
To test the connectivity, initiate connection from the Phone.
Using the <code><span class="highlight">'''ipsec status'''</span></code> command we can see that IPsec tunnel is successfully established between the devices. The command output on '''RUT''':
[[File:Classic Ipsec status command.png|border|class=tlt-border]]
Also, as the router's LAN should be reachable from the phone, we can try pinging the router using Ping tools application:
[[File:Ping from phone ping tools.png|border|class=tlt-border]]
== See also ==
[[RUTX12_VPN#IPsec|IPsec on Teltonika Networks devices]]
== External links ==
[https://openwrt.org/docs/guide-user/services/vpn/strongswan/basics OpenWrt IPsec basics]
[https://play.google.com/store/apps/details?id=ua.com.streamsoft.pingtools&hl=en&gl=US&pli=1 Ping Tools Application]
[[Category:VPN]]