Jump to content
Welcome to our new Citrix community!
  • 0

Per App VPN for Android Enterprise (Xenmobile 10.11 & Citrix SSO)


Leo Johnson

Question

Hi all,

 

At our factory plant, we are trying to set-up Per App VPN for Android Enterprise.

We have a working iOS VPN envoriment already in place, but keep struggling to find the right steps to set-up VPN for Android Enterprise.

 

We are using the following guide, but it is not clear to us if there a additional requirements to fullfill:

 

https://docs.citrix.com/en-us/xenmobile/server/policies/android-enterprise-managed-configurations-policy.html

 

Again, we have a fully functional and operational iOS Per App VPN deployed, based on Citrix SSO.

 

We are using Xenmobile 10.11 and Android 9 and 10 mixed.

 

Please help us with this urgent matter!

 

Leo

Link to comment

8 answers to this question

Recommended Posts

  • 0

Hi Leo,

 

For Android Enterprise, try...

https://docs.citrix.com/en-us/citrix-endpoint-management/policies/android-enterprise-managed-configurations-policy.html#configure-vpn-profiles-for-android-enterprise

or

https://docs.citrix.com/en-us/xenmobile/server/policies/android-enterprise-managed-configurations-policy.html#configure-vpn-profiles-for-android-enterprise

(these are the relevant direct links for cloud or on-premises server versions).

 

The instructions are self-contained from what I can see, though there is one different behaviour of the VPN on Android and iOS to be aware of. To the best of my knowledge, iOS makes use of an 'On-Demand' function which isn't available on Android. Otherwise, the way things work on each platform should be pretty similar.

 

Best regards,

David

Link to comment
  • 0
56 minutes ago, David Egan1709157332 said:

Hi Leo,

 

For Android Enterprise, try...

https://docs.citrix.com/en-us/citrix-endpoint-management/policies/android-enterprise-managed-configurations-policy.html#configure-vpn-profiles-for-android-enterprise

or

https://docs.citrix.com/en-us/xenmobile/server/policies/android-enterprise-managed-configurations-policy.html#configure-vpn-profiles-for-android-enterprise

(these are the relevant direct links for cloud or on-premises server versions).

 

The instructions are self-contained from what I can see, though there is one different behaviour of the VPN on Android and iOS to be aware of. To the best of my knowledge, iOS makes use of an 'On-Demand' function which isn't available on Android. Otherwise, the way things work on each platform should be pretty similar.

 

Best regards,

David

 

Hi David,

 

That's the same URL I mentioned in my post.

 

Are there any requirements to fulfill before following this guide?

 

We tried to use most of the iOS settings, but this did not worked.

 

Anyhow, thanks for you help, hope you can help us further.

 

Leo

 

 

Link to comment
  • 0
15 minutes ago, Torben Nordling said:

Hi Leo,

 

does the configured Android VPN tunnel connect at all?

 

Best Regards

Torben

 

Hi Torben,

 

Is tries but does not succeed. As mentioned: iOS VPN is working as a charm. On Android Secure Hub, Secure Mail and Secure Web are also fully functional.

 

I have no clue at all where to start from here!

 

Hope you have some ideas....

 

Thanks for your help.

 

Leo

 

 

 

Link to comment
  • 0

OK, we had the same problem. iOS worked fine, but Android couldn't connect.

 

I assume you have a Netscaler where the VPN tunnel terminates?

 

If yes, try and change your eExpression in the session policy to this:

 

(REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver/CitrixVPN || REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver/NSGiOSplugin) && REQ.HTTP.HEADER Referer NOTEXISTS

 

After this my Androids started connecting.

 

Best Regards

Torben

Link to comment
  • 0
8 minutes ago, Torben Nordling said:

OK, we had the same problem. iOS worked fine, but Android couldn't connect.

 

I assume you have a Netscaler where the VPN tunnel terminates?

 

If yes, try and change your eExpression in the session policy to this:

 

(REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver/CitrixVPN || REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver/NSGiOSplugin) && REQ.HTTP.HEADER Referer NOTEXISTS

 

After this my Androids started connecting.

 

Best Regards

Torben

Thanks Torben, I hope this will fix the problem.

 

I am failry new on the Netscaler subject, how much impact does this change have?

Our environment resides on a very high critical facility and we have pretty slow change process.

 

 

 

Link to comment
  • 0
On 3/23/2020 at 9:46 AM, Torben Nordling said:

Hi Leo,

 

it will only impact the session policy configured for VPN.

 

I didn't have any issues for my VPN working iOS devices at all.

 

Best Regards

Torben

 

Okay Torben, when I get back from my holiday leave, I will look in to it further!

 

Many thanks mate!

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...