Knox VPN Client - Android VPN Management for Knox

Knox Generic VPN framework

The Samsung Knox Virtual Private Network (VPN) framework enables advanced configurations using VPN clients from various vendors. Each client has unique features that can be researched to find the best match for your needs. Once you’ve selected a VPN client, you can download and deploy the client to your mobile devices, and can then use an MDM system to define and activate VPN profiles on devices.

Android VPN client

The built-in Android VPN client—also called strongSwan—is available on all Samsung devices but until now was limited to simple VPN configurations on individual devices. Samsung devices come with an enhanced version of the Android VPN Service. The built-in Android VPN client wasn’t designed to take advantage of these enhancements, limiting its use in enterprise environments. Modifying the client to support these enhancements would require us to maintain our own version of the client. This would require us to have our client separately certified for FIPS-compliance.

Android VPN Management for Knox

We chose to leave the Android VPN client unmodified and instead added a new management app to sit in between our enhanced VPN framework and the VPN client. This management app is called Android VPN Management for Knox and unlocks the following extra Knox VPN features for the built-in Android VPN client:

  • per-app connections
  • on-demand connections
  • device-wide connections
  • always-on connections
  • blocking routes to prevent data leakage if a mandatory VPN connection drops

MDM solutions can push VPN profiles to the built-in clients on multiple devices


Getting Started


Already enrolled?


This sample uses the Gradle build system. To build this project, use the "gradlew build" command or use "Import Project" in Android Studio.


To use the Knox SDK, you need to get its license key, then provide it through your app as follows:

  • If you do not yet have a license, go to License Keys for the Knox SDK. For details about the different license types, see Knox licences.
    Note: To see these linked web pages, you need to log into a Knox Partner Program account that has a developer role. If you have not yet registered as a developer, go to Knox Partner Program Enrollment.
  • In the app source code, edit the file
  • Search for the string variable LICENSE_KEY and assign it your license key value.
  • Compile the source code, deploy the APK package to a device, and install the package.