[strongSwan] Strongswan on android gingerbread

Federico.Mancini at ffi.no Federico.Mancini at ffi.no
Fri Oct 21 13:03:39 CEST 2011 

> Hi Federico,

> I still get some .orig files after patching although no .rej file is
 > produced and no error messages are given when I patch.
 
>Perhaps patch is aliased to 'patch -b' on your system (check with 
>'alias' in a console window).

Doesn't seem like there is any alias either, but once I delete the orig files everything compiles just fine, so I hope that the problem does not lie there.

> Problem is that it looks like when I try to use the VPN, charon
 > doesn't start.

>Did you apply all the patches?  Please have a look the the init.rc file 
>in system/core/rootdir in the Android sources.  There you should have a 
>service entry for charon.  Also make sure charon does actually run. 
>Just connect to the emulator via 'adb shell' and execute charon.

I checked and that entry is there in init.rc:

Service charon /system/bin/charon
Socket charon stream 600 system system
#charon will setuid up after getting necessary resources
Group net_admin
Disabled
Oneshot
 

I have even opened the ramdisk.img file and the correct init.rc file is also there.
What does not seem to be there instead is the charon service itself. When I went in the adb shell and tried to start it, I got an error, and 
noticed that in /system/bin/ of the running emulator, there is no charon command at all.....which would explain a lot.
What can be the cause? Is it supposed to be there by default or is it enabled by some of the patches, or as a module of the kernel?

>> We are planning to use IPsec on a IPv6 network. Does the StrongSwan
>> IKEv2 port for android fully support IPv6, or only IPv4?
>
> It should (although I did not test it) if the corresponding modules are
> activated in the kernel (see [1]).

>Unfortunately, I have to amend this statement.  It looks like strongSwan 
>currently does not support IPv6 on Android because there seems to be no 
>way to get and set the local IP address when sending/receiving packets 
>over an IPv6 UDP socket.  At least struct in6_pktinfo is not defined in 
>Android's header files, not sure if that's intentional or not (strangely 
>IPV6_PKTINFO and IPV6_RECVPKTINFO are defined).  It might work if we 
>define that struct ourselves, as the kernel is supposed to understand it 
>anyway...

I see, I will come back to this problem after I get it running at least on a normal IPv4 network :)

Federico

More information about the Users mailing list