How-To Configure a IPSec Tunnel with 802.1X Authentication on Android?

In this article, we will take a look at how to configure an IPSec VPN Tunnel with xAuth on an Android Device.

We will go over the following steps:

Configuration of the Zyxel USG/ATP/VPN

• Setting up the needed Objects

• Setting up the User and if needed a User Group

• Setting up the needed Address Objects

• Confirming the Firewall rules

• Setting up the VPN Gateway

• Setting up the VPN Connection

Configuration on your Android

• Accessing the VPN Menu

• Adding the VPN Connection

• Testing the VPN Connection

Configuration of the Zyxel USG/ATP/VPN

Please Login to Your Device.

Default Settings:

Object Setup:

User Setup:

Configuration -> User/group -> User

Click on "Add"

and fill in the Needed Information.

In this example I use:

In addition, You can change the Time the User can stay logged in without reauthenticating.

The Default Setting here is, 1440 minutes or 24 hours.

If You want to use the VPN with multiple Users, You can also set up a User Group.

Setting up the needed Address Objects:

Now we need to set up some address Objects which we will need later on.

Configuration -> Object -> Address/Geo IP -> Address

Click on "Add"

and create the 2 needed Objects:

The IP Pool I am using can differ in Your Usecase!

!(It is important that the Range is not used by any other Interface/Zone/Site2Site Tunnel/...)!

Confirming the Firewall rules:

Now we confirm that we have 2 very Important Firewall rules:

Configuration -> Security Policy -> Policy Control

The Rules in question are the following default Rules:

IPSec_VPN_Outgoing
IPSec_VPN_to_Device

Setting up the VPN Gateway

Now we can Setup the VPN Gateway.

Configuration -> VPN -> IPSec VPN -> VPN Gateway

Click on "Add"

and fill out the following:

As "Preshared-Key" I used "123456789" but You can obviously use whatever You want.

as "Allowed User" You can choose the User or the Group which we created in the First Step

(User Setup)

Setting up the VPN Connection

In this step, we configure the VPN Connection for the Gateway.

Configuration -> VPN -> IPSec VPN -> VPN Connection

Click on "Add"

and fill in the needed information.

In this Scenario, I activated "Enable NetBIOS broadcast over IPSec", because I used an App that worked with NetBIOS Name Resolution.

That's this and now on to the configuration on the Android Device.

Configuration on your Android

Accessing the VPN Menu:

Use the Dropdown Access and choose the little "gear" Symbol.

Choose "Network & Internet"

Click on "Advanced"

and choose "VPN"

Adding the VPN Connection:

Click on the "+" Symbol

and fill in the Information from the VPN Connection that we created earlier and click on "Save".

(Creating a VPN Connection)

As IPSec Identifier You can put almost! anything.

!The Identifier needs to be unique per Device!

Testing the VPN Connection:

Choose the VPN and click on "Connect"

And we are done.