strongSwan VPN Client

3.2K reviews
Content rating
Screenshot image
Screenshot image
Screenshot image
Screenshot image
Screenshot image
Screenshot image

About this app

Official Android port of the popular strongSwan VPN solution.


* Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices!
* Uses the IKEv2 key exchange protocol (IKEv1 is *not* supported)
* Uses IPsec for data traffic (L2TP is *not* supported)
* Full support for changed connectivity and mobility through MOBIKE (or reauthentication)
* Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported
* Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739
* VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app.
* IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1)
* Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it
* Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it
* The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms
* Passwords are currently stored as cleartext in the database (only if stored with a profile)
* VPN profiles may be imported from files

Details and a changelog can be found on our docs:


* READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions
* QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case


Example server configurations may be found in our docs:

Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.


Please post bug reports and feature requests via GitHub:
If you do so, please include information about your device (manufacturer, model, OS version etc.).

The log file written by the key exchange service can be sent directly from within the application.
Updated on
Aug 29, 2023

Data safety

Safety starts with understanding how developers collect and share your data. Data privacy and security practices may vary based on your use, region, and age. The developer provided this information and may update it over time.
No data shared with third parties
Learn more about how developers declare sharing
No data collected
Learn more about how developers declare collection

Ratings and reviews

3.05K reviews
A Google user
March 22, 2020
This is the absolute best VPN app out there bar none. Do others have more features? Yes. Do others have more options? Many do. This has just the right balance of options and ease of use and performs very well out of the box, unlike most. I recently learned that IKEv2 was a very robust protocol over mobile networks and switching network on the fly. You don't need the proprietary VPN on the play store that is blocked by half of the internet. This is much more stable and lighter.
87 people found this review helpful
Did you find this helpful?
Alain Paulikevitch
September 18, 2023
The rating in this review is to show my appreciation of the work done by the strongswan community, however i am writing this to report subnet based split tunneling working erratically on s10+ android 12. Vpn excluded traffic does not always work as expected and a succession of disconnect reconnect vpn as well as internet (wifi or 4g) is needed to end up having traffic routing working as expected
2 people found this review helpful
Did you find this helpful?
strongSwan Project
September 18, 2023
Might be a system problem as the app can't redirect the network traffic directly that's done via VpnService.Builder options that the system translates into various routing rules etc.
A Google user
February 12, 2019
I used an old version of strongSwan for years, it was a custom version from my VPN provider. It was good, especially with battery life and network changes, but lacked many features offered with OpenVPN like excluding apps, so I used OpenVPN instead. But I've recently upgraded to the latest version of strongSwan and it's so much better now, with Always-On support and Split Tunneling for apps it has everything I need. It's great to have my battery back. Thanks to the whole team!
35 people found this review helpful
Did you find this helpful?

What's new

# 2.4.2 #

- Increased target SDK to Android 13 and ask for permission to show status notification
- Enable hardware acceleration in OpenSSL
- Use a more stable approach to determine source IP