Project

General

Profile

strongSwan on Android » History » Version 10

Tobias Brunner, 06.09.2012 12:26

1 1 Tobias Brunner
h1. strongSwan on Android
2 1 Tobias Brunner
3 8 Tobias Brunner
h2. strongSwan VPN Client for Android 4+
4 1 Tobias Brunner
5 9 Tobias Brunner
We recently released "strongSwan VPN Client for Android 4 and newer":https://play.google.com/store/apps/details?id=org.strongswan.android an App that can be downloaded directly from "Google Play":https://play.google.com/store/apps/details?id=org.strongswan.android.
6 1 Tobias Brunner
7 8 Tobias Brunner
There are some limitations at the moment:
8 1 Tobias Brunner
9 8 Tobias Brunner
 * Only IKEv2 is supported
10 8 Tobias Brunner
 * User authentication is limited to EAP authentication based on username/password (EAP-MSCHAPv2, EAP-MD5)
11 8 Tobias Brunner
 * No support for MOBIKE yet
12 8 Tobias Brunner
 * The IPsec implementation is also limited (only AES and SHA1/SHA2 are supported)
13 8 Tobias Brunner
14 10 Tobias Brunner
More details can be found on a [[AndroidVPNClient|separate page]].
15 10 Tobias Brunner
16 8 Tobias Brunner
h2. Native build
17 8 Tobias Brunner
18 8 Tobias Brunner
strongSwan can also be built for inclusion in the "Android":http://www.android.com system image, that is, directly within the Android source tree.  The rest of this document describes how to do so.
19 8 Tobias Brunner
20 8 Tobias Brunner
A while ago we also created a patch that [[AndroidFrontend|integrates strongSwan into the default Android 2.2 VPN frontend]].
21 8 Tobias Brunner
22 1 Tobias Brunner
h2. Android Source Tree
23 1 Tobias Brunner
24 8 Tobias Brunner
You will need the complete Android source tree to build strongSwan. Instructions on how to download and build it can be found on the "Android website":http://source.android.com/source/downloading.html.
25 1 Tobias Brunner
26 1 Tobias Brunner
To checkout a specific branch or tag of the sources, specify it with the @-b@ parameter when using the @repo init@ command.
27 1 Tobias Brunner
28 8 Tobias Brunner
Since building the whole source tree takes quite a while you should probably start with this first (use @-j@ to speed this up on multi-core machines):
29 1 Tobias Brunner
<pre>
30 1 Tobias Brunner
cd /path/to/android/source
31 1 Tobias Brunner
. build/envsetup.sh
32 1 Tobias Brunner
lunch 1
33 8 Tobias Brunner
make -j<jobs>
34 1 Tobias Brunner
</pre>
35 1 Tobias Brunner
36 3 Tobias Brunner
h2. Android Kernel
37 1 Tobias Brunner
38 1 Tobias Brunner
The prebuilt kernel that is used for the emulator lacks some modules required for strongSwan to work correctly. It is therefore required to build a custom kernel.
39 8 Tobias Brunner
To get the current kernel config you can use the "Android Debug Bridge":http://developer.android.com/tools/help/adb.html to download it from the running emulator. After starting the emulator use
40 1 Tobias Brunner
<pre>
41 4 Tobias Brunner
adb pull /proc/config.gz config.gz
42 1 Tobias Brunner
</pre>to copy the config to the current directory. Then enable the missing modules, this is mainly @CONFIG_XFRM_USER@ and @CONFIG_INET_XFRM_MODE_TUNNEL@ but might include other modules.
43 1 Tobias Brunner
Please compare your config to the list of [[KernelModules|required modules]] in this wiki (please note that some modules, especially all the IPv6 related modules, are not really required).
44 1 Tobias Brunner
45 8 Tobias Brunner
Clone the kernel sources and check out an appropriate tag (check the version of the kernel in the emulator). For example (this is for Android 2.2):
46 1 Tobias Brunner
<pre>
47 8 Tobias Brunner
git clone https://android.googlesource.com/kernel/goldfish kernel
48 1 Tobias Brunner
cd kernel
49 1 Tobias Brunner
git checkout -t origin/android-goldfish-2.6.29
50 1 Tobias Brunner
</pre>
51 3 Tobias Brunner
52 1 Tobias Brunner
You can then copy your config to this directory and compile the kernel sources using
53 1 Tobias Brunner
<pre>
54 1 Tobias Brunner
export ARCH=arm
55 1 Tobias Brunner
export CROSS_COMPILE=/path/to/android/source/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi-
56 1 Tobias Brunner
make oldconfig
57 8 Tobias Brunner
make -j<jobs>
58 1 Tobias Brunner
</pre>
59 1 Tobias Brunner
60 3 Tobias Brunner
To start the emulator using your custom kernel use the following command.
61 1 Tobias Brunner
<pre>
62 1 Tobias Brunner
emulator -kernel /path/to/kernel/source/arch/arm/boot/zImage &
63 2 Tobias Brunner
</pre>
64 1 Tobias Brunner
65 2 Tobias Brunner
h2. Vstr Library
66 2 Tobias Brunner
67 3 Tobias Brunner
strongSwan can be fully integrated in the Android build system. But the required "Vstr string library":http://www.and.org/vstr/ can not (yet). Therefore, you will have to build that library first using "droid-gcc":http://github.com/tmurakam/droid-wrapper.
68 2 Tobias Brunner
69 2 Tobias Brunner
h3. droid-gcc
70 2 Tobias Brunner
71 2 Tobias Brunner
Since droid-gcc is written in Ruby you'll obviously need *Ruby* installed on your build system. Then download droid-gcc by either cloning the "Git tree":git://github.com/tmurakam/droid-wrapper.git or by downloading it "directly":http://github.com/tmurakam/droid-wrapper/raw/master/droid-gcc.
72 2 Tobias Brunner
73 2 Tobias Brunner
If you used Git you can install droid-gcc using @make install@, if you downloaded it directly, you have to manually create two symlinks to droid-gcc named _droid-gcc_ and _droid-ld_ in a directory that is included in your PATH environment variable.
74 2 Tobias Brunner
75 1 Tobias Brunner
h3. Build the Library
76 2 Tobias Brunner
77 2 Tobias Brunner
To simplify building the Vstr library, a build script is attached to this page (attachment:vstr.build). The attached patch (attachment:vstr.patch) and Android Makefile (attachment:vstr.mk) are also required.
78 2 Tobias Brunner
79 3 Tobias Brunner
Download the three helper files to an appropriate working directory and then download and extract the tarball for the Vstr library.
80 2 Tobias Brunner
<pre>
81 2 Tobias Brunner
wget http://download.strongswan.org/vstr-1.0.15.tar.bz2
82 2 Tobias Brunner
tar xjf vstr-1.0.15.tar.bz2
83 2 Tobias Brunner
</pre>
84 2 Tobias Brunner
85 6 Tobias Brunner
Adjust the variables in the build script (@DROID_ROOT@ and optionally @DROID_TARGET@ and @INSTALLDIR@). Make sure you specify @DROID_ROOT@ as an absolute path.
86 6 Tobias Brunner
Then build and install the it using
87 2 Tobias Brunner
<pre>
88 2 Tobias Brunner
cd vstr-1.0.15
89 2 Tobias Brunner
patch -p1 < ../vstr.patch
90 1 Tobias Brunner
. ../vstr.build
91 1 Tobias Brunner
</pre>
92 2 Tobias Brunner
93 7 Tobias Brunner
h2. libcURL
94 7 Tobias Brunner
95 7 Tobias Brunner
Optionally, "libcurl":http://curl.haxx.se/libcurl/ can be used to fetch CRLs. It is required if you intend to build [[scepclient]]. You can build it the same way as the Vstr library above, that is, with *droid-gcc*.
96 7 Tobias Brunner
97 7 Tobias Brunner
h3. Build the Library
98 7 Tobias Brunner
99 7 Tobias Brunner
As with the Vstr library a build script (attachment:curl.build) and an Android Makefile (attachment:curl.mk) are attached to this page.
100 7 Tobias Brunner
101 7 Tobias Brunner
Download the helper files to an appropriate working directory, then download and extract the current source tarball of libcurl.
102 7 Tobias Brunner
103 1 Tobias Brunner
Adjust the variables in the build script (see above), and build and install it using
104 1 Tobias Brunner
105 1 Tobias Brunner
<pre>
106 7 Tobias Brunner
cd curl-x.x.x
107 7 Tobias Brunner
. ../curl.build
108 7 Tobias Brunner
</pre>
109 7 Tobias Brunner
110 7 Tobias Brunner
h2. strongSwan
111 7 Tobias Brunner
112 2 Tobias Brunner
Now you are ready to build strongSwan. Download the current tarball (or build it yourself from the strongSwan source tree) and extract it in @DROID_ROOT/external@.
113 2 Tobias Brunner
114 8 Tobias Brunner
If you changed @INSTALLDIR@ in the build scripts above, you will have to change the top Android.mk (or Android.mk.in) accordingly. You can also adjust the plugin list in the that file or enable/disable executables.
115 8 Tobias Brunner
116 8 Tobias Brunner
The executable you want to include in the system image (starter, charon, scepclient) have to be added to @PRODUCT_PACKAGES@ in @build/target/product/core.mk@. The libraries are automatically installed.
117 2 Tobias Brunner
118 2 Tobias Brunner
Now just build the Android source tree.
119 2 Tobias Brunner
120 2 Tobias Brunner
<pre>
121 2 Tobias Brunner
cd /path/to/android/source
122 2 Tobias Brunner
make
123 1 Tobias Brunner
</pre>