Setting up an IPsec tunnel between RUT and Android phone

From Teltonika Networks Wiki
Revision as of 12:23, 15 October 2024 by Edvardas.kilbauskas (talk | contribs)

(diff) ← Older revision | Approved revision (diff) | Latest revision (diff) | Newer revision → (diff)
Main Page > General Information > Configuration Examples > VPN > Setting up an IPsec tunnel between RUT and Android phone

The information in this page is updated in accordance with firmware version 00.07.10

Introduction

In this example, we're going to configure IPsec tunnel between RUT and Android phone. Since L2TP VPN configuration is not available on the newest Android phones, only IPsec tunnel has to be configured.

Configuration overview and prerequisites

Before we begin, let's take a look at the configuration that we are attempting to achieve and the prerequisites that make it possible.

Prerequisites:

  • RUT/RUTX series router with RUTOS firmware and Public IP (information about public and private IPs can be found here);
  • An end device (PC, Laptop) for configuration;
  • Android phone with Android 13 or newer version;

If you're having trouble finding any page or some of the parameters described here on your device's WebUI, you should turn on "Advanced WebUI" mode. You can do that by clicking the "Advanced" button which is located at the top-right corner of the WebUI.

Topology

In this configuration example we have a Teltonika router on one end of the tunnel and an Android phone on the other end. Router has a Public Static IP address and is reachable from the internet, phone in this case has a Private IP provided by the ISP.

Router configuration

Start by configuring the router. Login to the WebUI, navigate to Services → VPN → IPsec and add a new IPsec instance. Configure everything as follows.

Note: Not specified fields can be left as is or changed according to your needs.

Instance configuration
  1. Enable instance;
  2. Authentication method - Pre-shared key;
  3. Pre-shared key - your desired password;
  4. Local identifier - LAN IP of RUT;

Connection configuration
  1. Local subnet - 0.0.0.0/.0;
  2. Key exchange - IKEv2;

Advanced Connection settings
  1. Remote source IP - 10.0.2.0/24;

Proposal configuration
  • Phase 1
  1. Encryption - AES256;
  2. Authentication - SHA256;
  3. DH group - MODP2048;
  • Phase 2
  1. Encryption - AES256;
  2. Authentication - SHA256;
  3. DH group - MODP1024;

Android configuration

Open Settings, navigate to Connections → More connection settings → VPN and Add VPN profile (VPN configuration could be placed in a different location, which could vary from phone to phone, if you're not able to find the settings, please refer to user manual). Configure everything as follows.

VPN Profile configuration
  1. Name - Your preferred name for VPN profile;
  2. Type - IKEv2/IPSec PSK;
  3. Server address - RUT public IP;
  4. IPSec identifier - Your preferred identifier;
  5. Pre-shared key - the same password you have set on RUT when configuring IPsec instance;

Testing the configuration

If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly.

To test the connectivity, initiate connection from the Phone.

Using the ipsec status command we can see that IPsec tunnel is successfully established between the devices. The command output on RUT:

Also, as the router's LAN should be reachable from the phone, we can try pinging the router using Ping tools application:

See also

IPsec on Teltonika Networks devices

External links

OpenWrt IPsec basics

Ping Tools Application

Retrieved from "https://wiki.teltonika-networks.com/index.php?title=Setting_up_an_IPsec_tunnel_between_RUT_and_Android_phone&oldid=134218"