🚀 About IKEv2 & strongSwan
IKEv2 (Internet Key Exchange v2) is a modern VPN protocol offering exceptional speed, security, and reliability. strongSwan is a professional-grade, open-source IKEv2 client for Android that provides advanced features and excellent battery efficiency.
Why Choose IKEv2 with strongSwan?
✨ IKEv2 Protocol Benefits
VPN Protocol Comparison
IKEv2 (Recommended)
- ✅ Fastest connection speed
- ✅ Best battery life
- ✅ Instant reconnection
- ✅ Native mobile support
- ✅ MOBIKE for roaming
- ❌ May be blocked in some regions
OpenVPN
- ✅ Highly configurable
- ✅ Works everywhere
- ✅ Stealth options available
- ❌ Slower than IKEv2
- ❌ Higher battery drain
- ❌ Slower reconnection
WireGuard
- ✅ Modern & fast
- ✅ Good battery life
- ✅ Simple configuration
- ❌ Less mature
- ❌ Limited obfuscation
- ❌ May require manual config
strongSwan App Features
Step-by-Step Setup Guide
Download strongSwan VPN Client
Install the official strongSwan VPN Client from Google Play Store:
📱 Download strongSwan from Play StoreThe app is free, open-source, and contains no ads or in-app purchases.
Download TorGuard Certificate
Download the TorGuard IKEv2 certificate. This will automatically prompt to import into strongSwan:
🔐 Download TorGuard IKEv2 CertificateWhen prompted, tap "Import Certificate" to add it to strongSwan.
📋 About the Certificate
This certificate verifies TorGuard's server identity and ensures you're connecting to legitimate TorGuard servers, preventing man-in-the-middle attacks.
Create VPN Profile
In the strongSwan app, tap ADD VPN PROFILE in the top-right corner:
Configure Connection Settings
Enter the following configuration details:
| Server | Enter your preferred server (e.g., uk.torguard.org)View all server locations → |
| VPN Type | IKEv2 EAP (Username/Password) |
| Username | Your TorGuard VPN username |
| Password | Your TorGuard VPN password Manage credentials → |
| CA certificate | Uncheck "Select automatically" Tap "Select CA certificate" → "Imported" → Select "torguard" |
| Profile name | TorGuard IKEv2 (or any name you prefer) |
Advanced Settings
Check "Advanced settings" to reveal additional options:
| Server identity | vpn.torguard.org (important!) |
| MTU | 1400 (optional, for better performance) |
| NAT keepalive | 20 seconds (for firewalls) |
Tap SAVE when done. Your configuration should look like this:
Connect to VPN
Return to the main screen and tap your TorGuard profile to connect. You'll see the connection status change to "Connected":
✅ You're now connected! Check your IP at TorGuard IP Check
Battery Optimization
🔋 Maximize Battery Life
IKEv2 is already battery-efficient, but you can optimize further:
Android Battery Settings
- Go to Settings → Battery → Battery Optimization
- Find strongSwan in the list
- Select "Don't optimize" to prevent disconnections
strongSwan Settings
- Use IKEv2 instead of IKEv1 (already configured)
- Enable "Block connections without VPN" for security
- Use split tunneling to exclude local apps if needed
Performance Comparison
| Metric | IKEv2 | OpenVPN | L2TP/IPsec |
|---|---|---|---|
| Connection Speed | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐ |
| Battery Usage | ⭐⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐ |
| Reconnection Speed | < 1 second | 5-10 seconds | 10-15 seconds |
| Stability | Excellent | Very Good | Good |
Advanced Features
🔧 strongSwan Advanced Options
Split Tunneling
Configure which apps use the VPN:
- Long-press your VPN profile
- Select "Edit"
- Scroll to "Applications"
- Choose included or excluded apps
Always-On VPN
Keep VPN active at all times:
- Android Settings → Network & Internet → VPN
- Tap gear icon next to strongSwan
- Enable "Always-on VPN"
- Enable "Block connections without VPN"
Multiple Profiles
Create profiles for different locations:
- Work VPN (nearest server)
- Streaming (optimized server)
- Privacy (double VPN)
- Travel (regional servers)
Troubleshooting
Certificate Import Failed
- Ensure you're downloading the correct certificate file
- Try downloading with a different browser
- Manually import: strongSwan → Settings → CA certificates
- Clear strongSwan app data and try again
Connection Timeout
- Verify server address is correct
- Try a different server location
- Check if IKEv2 is blocked on your network
- Switch to mobile data to test
- Ensure correct Server Identity: vpn.torguard.org
Authentication Failed
- Double-check username and password
- Ensure using VPN credentials, not account login
- Reset credentials at managecredentials.php
- Check account is active and not suspended
Frequent Disconnections
- Disable battery optimization for strongSwan
- Increase NAT keepalive interval
- Try TCP fallback if UDP is unstable
- Check for VPN-blocking apps or firewalls
Security Features
🔒 IKEv2 Security Specifications
- Encryption: AES-256-GCM
- Integrity: SHA-256, SHA-384
- DH Groups: 14, 15, 16, 19, 20, 21
- Perfect Forward Secrecy: Enabled
- Certificate Validation: Required
- EAP Methods: MSCHAPv2, TLS
Alternative IKEv2 Options
🔄 Other Ways to Use IKEv2
Need Help?
If you're having trouble with strongSwan setup:
Include your Android version and any error messages
💡 Pro Tips
- IKEv2 is ideal for mobile devices due to MOBIKE support
- Works seamlessly when switching between Wi-Fi and mobile data
- Lower battery usage compared to OpenVPN
- Perfect for users who frequently change networks
- Consider using IKEv2 as your primary protocol on mobile