[strongSwan] data path in strongswan android

Ravi Kanth Vanapalli vvnrk.vanapalli at gmail.com
Fri Dec 12 22:10:24 CET 2014

Dear all,

  How is the data path handled by charon daemon in android.   Strongswan
VPN android can also be installed on the user binary.

i) How would a user space application without root access, have access to
installing kernel rules for doing ESP encryption or decryption. I am
assuming strongswan android uses  linux 'ip xfrm' for doing
encryption/decryption .

ii)    I have a samsung phone. Using Basic VPN I connected to my corporate

 I ran the commands 'ip -s xfrm state' and 'ip -s xfrm policy'   from adb
shell. I see no rules in place.
  Which portion of code handles ESP encryption/decrytpion in android.
  When i capture the pcap traces on all interfaces, I see ESP packets being
sent/received. ?

  Does charon perform the ESP encryption/decryption.  I see a tunneling
interface 'ipsec0' being created in this case.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141212/bb1f9147/attachment.html>

More information about the Users mailing list