[strongSwan] data path in strongswan android

Noel Kuntze noel at familie-kuntze.de
Fri Dec 12 22:15:22 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Ravi,

StrongSwan on Android uses a tun device and libipsec to make the tunnel usable and do the en- and decryption
of esp and espinudp packets. Look at the libipsec code to find out how it does it.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 12.12.2014 um 22:10 schrieb Ravi Kanth Vanapalli:
> Dear all,
>
>   How is the data path handled by charon daemon in android.   Strongswan VPN android can also be installed on the user binary. 
>
> i) How would a user space application without root access, have access to installing kernel rules for doing ESP encryption or decryption. I am assuming strongswan android uses  linux 'ip xfrm' for doing encryption/decryption .
>
> ii)    I have a samsung phone. Using Basic VPN I connected to my corporate network.
>
>  I ran the commands 'ip -s xfrm state' and 'ip -s xfrm policy'   from adb shell. I see no rules in place.
>   Which portion of code handles ESP encryption/decrytpion in android.
>   When i capture the pcap traces on all interfaces, I see ESP packets being sent/received. ?
>
>   Does charon perform the ESP encryption/decryption.  I see a tunneling interface 'ipsec0' being created in this case.
> 
>
> --
> Regards,
> RaviKanth
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUi1roAAoJEDg5KY9j7GZYr6oP/jus+Dg7XJgSeR7gwpmfIPeb
jbuL12sOxTvM2EU/QkJPRF0cfT/HXSZODuZf4r2k28Bs/FgdBglJL8DssdZJ4TO4
8ZkKvksafQX8MoaJaEKc1joMJ4ZEqXIEHQn8+GNtu7dYA2TDqsamE8++n84X0+aH
YFmviC6xeBDFU32AICUTmL4IhYVDrUyHo80Q0bh8xF7PIOSFeiPqaR9gVIEd3knk
9j3jugfIcF7FYklSaUEsE8EGCwi6SM73dVfiUemAhM/xonbw5qo1vxyvsixkzoZe
IipAE5PjuR9SIgfuiONf4T1jfXObaA69xCot6e5m+dMlUMiyOZR0LQQilMfsSstU
TF/7rP7vlt0CE0vE1074m4bJzaATI+77CGSipmqPWjOdZ/DzmkEd6K3gAU/kdByp
udbxvJagk/hPrG8UBngX2jzZfI53SGTcr41IIg2H6hyr2ED6fHA0sJdoH2H0ill5
0g+gLZH65K/KpVCspWabxYeLrM9qS2LMtQfv78PoRME3IiNz5x9vKao4km9CwARm
eJ5cQNOIRXQuzVnvgRxZIBlrRxw5rnr75U9d4U5SEL71lks0JUTHHQwFAaaMMAVw
LRk6eC1/4aTqLj7te1tguuklg8sV+NSWdKWH9w21VaYEIQVj22pJBs53uEPR5wAx
lgd15E0wtkyecTy59NCd
=6O51
-----END PGP SIGNATURE-----



More information about the Users mailing list