[strongSwan] ipsec.conf strongswan.conf on Android

[Tobias Brunner]

Hi Peter,

> I used the strongswan-1.5.2 source.  Then copied over the missing
> file src/libimcv/Android.mk from git checkout of 5.1.2RC1 code base.

Do you mean strongswan-5.1.2?  And the fix from 5.2.0dr2?  Why didn't
you use 5.1.3 (the latest stable release)?

> Place the strongswan-1.5.2 directory under Android's external/ 
> directory. Then use the Android's make command from 
> external/strongswan-1.5.2/ directory.  That would place the ipsec
> binaries to the install directory, then go back to the top level and
> do a make to package the ipsec binaries to a flashable Android
> image.

That's about the process described on our wiki [1].

> This build process however, does not install the ipsec.conf, 
> strongswan.conf, ipsec.d, strongswan.d directories the way that the
> desktop Ubuntu Linux strongswan build would.

No these are not installed.  To make them editable on the running system
the path to access them (strongswan_CONFDIR in Android.mk) has to be
changed anyway, as /system/etc is read-only by default.  Depending on
that path it could be tricky to preinstall them on the system image.

> Are they statically built into the libcharon.ko, or it is not setup
> correctly so it does not build?

Correct, the plugins are statically linked into their respective
libraries (you may do this with the regular build too using the
--enable-monolithic configure option).

> Going the GUI APK path, the ipsec libs are entirely userspace and it
> does not use any of the kernel space ipsec libs right?

Yes, the app uses our own userland IPsec implementation (libipsec) and
TUN devices provided by the Android VpnService API.

> How do we go about porting the settings in the configuration files to
> the GUI APK environment?

You can't port most settings as the app has only a very limited
configuration interface between GUI and native parts.

Regards,
Tobias

[1] http://wiki.strongswan.org/projects/strongswan/wiki/Android