Leo Johnson Posted March 20, 2020 Share Posted March 20, 2020 Hi all, At our factory plant, we are trying to set-up Per App VPN for Android Enterprise. We have a working iOS VPN envoriment already in place, but keep struggling to find the right steps to set-up VPN for Android Enterprise. We are using the following guide, but it is not clear to us if there a additional requirements to fullfill: https://docs.citrix.com/en-us/xenmobile/server/policies/android-enterprise-managed-configurations-policy.html Again, we have a fully functional and operational iOS Per App VPN deployed, based on Citrix SSO. We are using Xenmobile 10.11 and Android 9 and 10 mixed. Please help us with this urgent matter! Leo Link to comment
0 David Egan1709157332 Posted March 20, 2020 Share Posted March 20, 2020 Hi Leo, For Android Enterprise, try... https://docs.citrix.com/en-us/citrix-endpoint-management/policies/android-enterprise-managed-configurations-policy.html#configure-vpn-profiles-for-android-enterprise or https://docs.citrix.com/en-us/xenmobile/server/policies/android-enterprise-managed-configurations-policy.html#configure-vpn-profiles-for-android-enterprise (these are the relevant direct links for cloud or on-premises server versions). The instructions are self-contained from what I can see, though there is one different behaviour of the VPN on Android and iOS to be aware of. To the best of my knowledge, iOS makes use of an 'On-Demand' function which isn't available on Android. Otherwise, the way things work on each platform should be pretty similar. Best regards, David Link to comment
0 Leo Johnson Posted March 20, 2020 Author Share Posted March 20, 2020 56 minutes ago, David Egan1709157332 said: Hi Leo, For Android Enterprise, try... https://docs.citrix.com/en-us/citrix-endpoint-management/policies/android-enterprise-managed-configurations-policy.html#configure-vpn-profiles-for-android-enterprise or https://docs.citrix.com/en-us/xenmobile/server/policies/android-enterprise-managed-configurations-policy.html#configure-vpn-profiles-for-android-enterprise (these are the relevant direct links for cloud or on-premises server versions). The instructions are self-contained from what I can see, though there is one different behaviour of the VPN on Android and iOS to be aware of. To the best of my knowledge, iOS makes use of an 'On-Demand' function which isn't available on Android. Otherwise, the way things work on each platform should be pretty similar. Best regards, David Hi David, That's the same URL I mentioned in my post. Are there any requirements to fulfill before following this guide? We tried to use most of the iOS settings, but this did not worked. Anyhow, thanks for you help, hope you can help us further. Leo Link to comment
0 Torben Nordling Posted March 23, 2020 Share Posted March 23, 2020 Hi Leo, does the configured Android VPN tunnel connect at all? Best Regards Torben Link to comment
0 Leo Johnson Posted March 23, 2020 Author Share Posted March 23, 2020 15 minutes ago, Torben Nordling said: Hi Leo, does the configured Android VPN tunnel connect at all? Best Regards Torben Hi Torben, Is tries but does not succeed. As mentioned: iOS VPN is working as a charm. On Android Secure Hub, Secure Mail and Secure Web are also fully functional. I have no clue at all where to start from here! Hope you have some ideas.... Thanks for your help. Leo Link to comment
0 Torben Nordling Posted March 23, 2020 Share Posted March 23, 2020 OK, we had the same problem. iOS worked fine, but Android couldn't connect. I assume you have a Netscaler where the VPN tunnel terminates? If yes, try and change your eExpression in the session policy to this: (REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver/CitrixVPN || REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver/NSGiOSplugin) && REQ.HTTP.HEADER Referer NOTEXISTS After this my Androids started connecting. Best Regards Torben Link to comment
0 Leo Johnson Posted March 23, 2020 Author Share Posted March 23, 2020 8 minutes ago, Torben Nordling said: OK, we had the same problem. iOS worked fine, but Android couldn't connect. I assume you have a Netscaler where the VPN tunnel terminates? If yes, try and change your eExpression in the session policy to this: (REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver/CitrixVPN || REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver/NSGiOSplugin) && REQ.HTTP.HEADER Referer NOTEXISTS After this my Androids started connecting. Best Regards Torben Thanks Torben, I hope this will fix the problem. I am failry new on the Netscaler subject, how much impact does this change have? Our environment resides on a very high critical facility and we have pretty slow change process. Link to comment
0 Torben Nordling Posted March 23, 2020 Share Posted March 23, 2020 Hi Leo, it will only impact the session policy configured for VPN. I didn't have any issues for my VPN working iOS devices at all. Best Regards Torben Link to comment
0 Leo Johnson Posted March 24, 2020 Author Share Posted March 24, 2020 On 3/23/2020 at 9:46 AM, Torben Nordling said: Hi Leo, it will only impact the session policy configured for VPN. I didn't have any issues for my VPN working iOS devices at all. Best Regards Torben Okay Torben, when I get back from my holiday leave, I will look in to it further! Many thanks mate! Link to comment
Question
Leo Johnson
Hi all,
At our factory plant, we are trying to set-up Per App VPN for Android Enterprise.
We have a working iOS VPN envoriment already in place, but keep struggling to find the right steps to set-up VPN for Android Enterprise.
We are using the following guide, but it is not clear to us if there a additional requirements to fullfill:
https://docs.citrix.com/en-us/xenmobile/server/policies/android-enterprise-managed-configurations-policy.html
Again, we have a fully functional and operational iOS Per App VPN deployed, based on Citrix SSO.
We are using Xenmobile 10.11 and Android 9 and 10 mixed.
Please help us with this urgent matter!
Leo
Link to comment
8 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now