diff --git a/playbooks/roles/openconnect/templates/instructions.md.j2 b/playbooks/roles/openconnect/templates/instructions.md.j2 index 63b391481..7ad174343 100644 --- a/playbooks/roles/openconnect/templates/instructions.md.j2 +++ b/playbooks/roles/openconnect/templates/instructions.md.j2 @@ -117,6 +117,33 @@ Client certificates are a mechanism by which clients can authenticate themselves ### Android ### +1. Download a [client certificate file](#clientcerts) from the list above. +1. Download [OpenConnect](https://play.google.com/store/apps/details?id=app.openconnect) from Google Play. +1. Launch the application. +1. Tap the *+* icon to add a new VPN. +1. Enter `{{ streisand_ipv4_address }}:{{ ocserv_port }}`. +1. Tap *CA certificate*. +1. Find the server certificate file you downloaded (ca.crt) and tap it. Most likely it is in the Download folder if you downloaded it using the browser on your phone. +1. Tap the *Select* button at the bottom of the screen. +1. Tap *User certificate*. +1. Find the client certificate file you downloaded and tap it. +1. Tap the *Select* button at the bottom of the screen. +1. Tap *Private key*. +1. Tap the same client certificate file you selected for *User certificate*. +1. Tap the *Select* button at the bottom of the screen. +1. Tap the Back button. +1. You should see an entry under the *PROFILES* section. +1. Tap that entry. +1. First time only: + 1. Accept the Connection Request dialog that Android displays. + 1. You will be prompted *Enter PKCS#12 pass phrase:*. Enter the password for the client certificate that you downloaded. Note: You may receive an error during this phase. If so, try again a couple of times. + 1. You will be prompted *Certificate warning*. Tap *Always connect.* +1. Each time you connect: + 1. You will be prompted *Please select your group.* The correct default has already been chosen. Tap *OK*. +1. You should be good to go! You can verify that your traffic is being routed properly by [looking up your IP address on DuckDuckGo]({{ streisand_my_ip_url }}). It should say *Your public IP address is {{ streisand_ipv4_address }}*. + +Alternate instructions using Cisco AnyConnect, in case the above instructions fail: + 1. Download [Cisco AnyConnect](https://play.google.com/store/apps/details?id=com.cisco.anyconnect.vpn.android.avf) from Google Play. 1. Launch the application. 1. Tap *OK* to accept the "Supplemental End User License Agreement for AnyConnect® Secure Mobility Client vx.x and other VPN-related Software".