[strongSwan] ipsec.conf strongswan.conf on Android

Tobias Brunner tobias at strongswan.org
Thu May 29 12:30:17 CEST 2014

Hi Peter,

> This call is invoked from strongswan/src/pki/pki.c. I see in other
> places of the source, this call can be replaced by adding
> #ifdef HAVE_GEPTASS to replace 'secret = getpass(buf);'
> with 'secret = "";' Is this the right thing to do?

Unfortunately, until we have a portable replacement for getpass() we
can't do much else.  I added ifdefs to the other places we use it [1].

> I did not have this issue when building with Android.mk.

That's because pki is not built via Android.mk.

> Is the Android.mk generated from the Makefile or was it created
> separately, and has a very different build configuration?

Yes they were created separately, and the configuration is also quite
different (check the top-level Android.mk for details).

> Android.mk is designed to build the command line strongswan and not
> the GUI JNI variant, right?

Kinda the GUI uses the same Android.mk files to build the libraries.
But it uses a separate top-level Android.mk that does not include e.g.
the starter and charon executables (see
src/frontends/android/jni/Android.mk in our repository).

> So, seems there are potentially 3 ways to build strongswan: 1) Build
> as command line app, with the Android build flow, using Android.mk 2)
> Build as command line app, with Android NDK gnu tools, using
> Makefile 3) Build as Android GUI app, but it cannot run the command
> line strongswan's configuration files.


> For example, Android does not have the /lib/modules/...kernel/
> directory.  The equivalent is in /system/lib/modules/ on Android.

How is this related to the strongSwan configuration files?


[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=b2b54bd71

More information about the Users mailing list