I'm looking for my app to be able to create and connect a VPN profile using ipsec/IKEv2 and eap-tls for authentication. I know that Android doesn't have an equivalent to iOS' "mobileconfig" to get the VPN configured. Weirdly, I don't even actually seem to be able to configure a VPN to do certificate only eap-tls authentication through the VPN settings on the device? It's a little unclear what the different options are, but all of them end up requiring input of a username and password even when a user certificate is selected.
I found VpnService as the android API for dealing with VPN connections, but it seems incredibly heavy-handed for what I want. It looks to be what you'd use to write your own VPN. I certainly don't want to re-implement IKEv2...
I've also had a look at the StrongSwan Android frontend, but it does in fact appear to use the VpnService class to fully implement an ipsec VPN.
Is there in fact builtin support for an ipsec/IKEv2 VPN with eap-tls authentication? If so, is there a programmatic way to make and connect such a profile without having to provide a full implementation of the VPN protocol?