So there I was, up late trying to set up a VPN on my new android phone.

In the past I used NCP VPN software that I purchased on the marketplace because it had the most configurable options and "real" IPSEC support, not just IPSEC over L2TP. The problem with NCP is that it is a cpu hog. just sitting there it will randomly go from 1% cpu to 30% cpu. Needless to say this killed that battery pretty quick.

Not that android 4.3.x onward support real IPSEC I thought I would see what the maximum settings it would take are. Finding these things out on-line is basically impossible so I did some TCP dumps and looked at some logs from the firewall during session negotiation and have discovered the following:

THE GOOD:
SHA-256 is supported for IPSEC authentication algorithms
AES-256 is supported for encryption algorithms
Group 24 (2048/256bit) is supported for key exchange groups
NAT-T, initial contact, and encrypt final aggressive mode packet are supported

THE BAD:
Android 4.3.x does not support Perfect Forward Secrecy (PFS) at all. The NCP software I used to use did support PFS, but it only supported KEX group 14 and SHA-1

So, no PFS for now, and I'll look into what the 4.4.x features hold.

I hope this was helpful, and I'll update it with information when I upgrade to the latest version.