[strongSwan] ipsec.conf strongswan.conf on Android

[Tobias Brunner]

Hi Peter,

> I have compiled the strongswan source using the Android (ARM) make
> system (using Android.mk instead of the Linux autoconf Makefiles) with
> the intent of running it on Android the same way like it does on an
> Ubuntu PC.

Unless you run strongSwan on a rooted device (possibly with a modified
kernel, as some kernels missed required modules) this won't work because
the IKE daemon will not be able to access the kernel's IPsec stack.  You
could perhaps try to use the kernel-libipsec backend but you'll still
need root permission to create TUN devices.

> However, if in the stronswan.conf, we set load_modular = yes, then
> regardless of what is in strongswan.d/* it would crash when starting it
> with "ipsec start".   If we set load_modular = no, then it won't crash,
> but no plugins.

I can't reproduce either one of these issues.  What codebase did you use?

> Is it possible to run strongswan ipsec on Android using the command line
> ipsec and configuration files?

Theoretically, yes.  But due to the limitations mentioned above it's
definitely not the recommended way of building/using it anymore on Android.

> Is the ipsec.conf configuration files method compatible
> with the Android GUI apk?

No.

> Looking at $TOP/external/strongswan-5.1.2/src/libcharon/Android.mk,
> where it adds all the plugin source file, it does not seem to build any
> of the plugins under the plugin directory.  Any idea what is missing?

How exactly are you building strongSwan?

Regards,
Tobias