iOS-style dual IPsec tunnel on Android?
-
On iOS, when devices are supervised and configured through Profile Manager or some other MDM/EMM, they can be set to have a tunnel on each interface (cellular and WLAN) so they transition seamlessly. They also aggressively maintain these tunnels too. iOS is amazing for this.
On Android (strongSwan) though, I can't even bring up a single tunnel on Wi-Fi without blocking something so the intranet isn't accessible Android devices regardless if the subnets don't overlap at allfrom he Android device doesn't see it's on the same network. That's most likely the lack of experience I have with it I think, I'd like to know though if it's possible to configure dual tunneling like on iOS to save a little time beforehand trying to find non-existent documentation. Is it?
PS I have an MDM solution for Android too, if it happens to be required like on iOS. It's super basic but then again, for Android all are. Currently I'm using non-domain-joined EAP-TLS auth with a temporary CA but I'll move to EAP-RADIUS eventually since there are device user (not machine) accounts already and a proper PKI -- any extra advice is welcome.