[strongSwan] ipsec.conf strongswan.conf on Android
tobias at strongswan.org
Thu May 29 12:28:33 CEST 2014
> I used the strongswan-1.5.2 source. Then copied over the missing
> file src/libimcv/Android.mk from git checkout of 5.1.2RC1 code base.
Do you mean strongswan-5.1.2? And the fix from 5.2.0dr2? Why didn't
you use 5.1.3 (the latest stable release)?
> Place the strongswan-1.5.2 directory under Android's external/
> directory. Then use the Android's make command from
> external/strongswan-1.5.2/ directory. That would place the ipsec
> binaries to the install directory, then go back to the top level and
> do a make to package the ipsec binaries to a flashable Android
That's about the process described on our wiki .
> This build process however, does not install the ipsec.conf,
> strongswan.conf, ipsec.d, strongswan.d directories the way that the
> desktop Ubuntu Linux strongswan build would.
No these are not installed. To make them editable on the running system
the path to access them (strongswan_CONFDIR in Android.mk) has to be
changed anyway, as /system/etc is read-only by default. Depending on
that path it could be tricky to preinstall them on the system image.
> Are they statically built into the libcharon.ko, or it is not setup
> correctly so it does not build?
Correct, the plugins are statically linked into their respective
libraries (you may do this with the regular build too using the
--enable-monolithic configure option).
> Going the GUI APK path, the ipsec libs are entirely userspace and it
> does not use any of the kernel space ipsec libs right?
Yes, the app uses our own userland IPsec implementation (libipsec) and
TUN devices provided by the Android VpnService API.
> How do we go about porting the settings in the configuration files to
> the GUI APK environment?
You can't port most settings as the app has only a very limited
configuration interface between GUI and native parts.
More information about the Users