Project

General

Profile

strongSwan on Android » History » Version 12

Tobias Brunner, 05.04.2013 14:20

1 1 Tobias Brunner
h1. strongSwan on Android
2 1 Tobias Brunner
3 8 Tobias Brunner
h2. strongSwan VPN Client for Android 4+
4 1 Tobias Brunner
5 9 Tobias Brunner
We recently released "strongSwan VPN Client for Android 4 and newer":https://play.google.com/store/apps/details?id=org.strongswan.android an App that can be downloaded directly from "Google Play":https://play.google.com/store/apps/details?id=org.strongswan.android.
6 1 Tobias Brunner
7 10 Tobias Brunner
More details can be found on a [[AndroidVPNClient|separate page]].
8 10 Tobias Brunner
9 8 Tobias Brunner
h2. Native build
10 8 Tobias Brunner
11 8 Tobias Brunner
strongSwan can also be built for inclusion in the "Android":http://www.android.com system image, that is, directly within the Android source tree.  The rest of this document describes how to do so.
12 8 Tobias Brunner
13 1 Tobias Brunner
h2. Android Source Tree
14 1 Tobias Brunner
15 8 Tobias Brunner
You will need the complete Android source tree to build strongSwan. Instructions on how to download and build it can be found on the "Android website":http://source.android.com/source/downloading.html.
16 1 Tobias Brunner
17 1 Tobias Brunner
To checkout a specific branch or tag of the sources, specify it with the @-b@ parameter when using the @repo init@ command.
18 1 Tobias Brunner
19 8 Tobias Brunner
Since building the whole source tree takes quite a while you should probably start with this first (use @-j@ to speed this up on multi-core machines):
20 1 Tobias Brunner
<pre>
21 1 Tobias Brunner
cd /path/to/android/source
22 1 Tobias Brunner
. build/envsetup.sh
23 1 Tobias Brunner
lunch 1
24 8 Tobias Brunner
make -j<jobs>
25 1 Tobias Brunner
</pre>
26 1 Tobias Brunner
27 3 Tobias Brunner
h2. Android Kernel
28 1 Tobias Brunner
29 1 Tobias Brunner
The prebuilt kernel that is used for the emulator lacks some modules required for strongSwan to work correctly. It is therefore required to build a custom kernel.
30 8 Tobias Brunner
To get the current kernel config you can use the "Android Debug Bridge":http://developer.android.com/tools/help/adb.html to download it from the running emulator. After starting the emulator use
31 1 Tobias Brunner
<pre>
32 4 Tobias Brunner
adb pull /proc/config.gz config.gz
33 1 Tobias Brunner
</pre>to copy the config to the current directory. Then enable the missing modules, this is mainly @CONFIG_XFRM_USER@ and @CONFIG_INET_XFRM_MODE_TUNNEL@ but might include other modules.
34 1 Tobias Brunner
Please compare your config to the list of [[KernelModules|required modules]] in this wiki (please note that some modules, especially all the IPv6 related modules, are not really required).
35 1 Tobias Brunner
36 8 Tobias Brunner
Clone the kernel sources and check out an appropriate tag (check the version of the kernel in the emulator). For example (this is for Android 2.2):
37 1 Tobias Brunner
<pre>
38 8 Tobias Brunner
git clone https://android.googlesource.com/kernel/goldfish kernel
39 1 Tobias Brunner
cd kernel
40 1 Tobias Brunner
git checkout -t origin/android-goldfish-2.6.29
41 1 Tobias Brunner
</pre>
42 3 Tobias Brunner
43 1 Tobias Brunner
You can then copy your config to this directory and compile the kernel sources using
44 1 Tobias Brunner
<pre>
45 1 Tobias Brunner
export ARCH=arm
46 1 Tobias Brunner
export CROSS_COMPILE=/path/to/android/source/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi-
47 1 Tobias Brunner
make oldconfig
48 8 Tobias Brunner
make -j<jobs>
49 1 Tobias Brunner
</pre>
50 1 Tobias Brunner
51 3 Tobias Brunner
To start the emulator using your custom kernel use the following command.
52 1 Tobias Brunner
<pre>
53 1 Tobias Brunner
emulator -kernel /path/to/kernel/source/arch/arm/boot/zImage &
54 2 Tobias Brunner
</pre>
55 1 Tobias Brunner
56 2 Tobias Brunner
h2. Vstr Library
57 2 Tobias Brunner
58 3 Tobias Brunner
strongSwan can be fully integrated in the Android build system. But the required "Vstr string library":http://www.and.org/vstr/ can not (yet). Therefore, you will have to build that library first using "droid-gcc":http://github.com/tmurakam/droid-wrapper.
59 2 Tobias Brunner
60 2 Tobias Brunner
h3. droid-gcc
61 2 Tobias Brunner
62 2 Tobias Brunner
Since droid-gcc is written in Ruby you'll obviously need *Ruby* installed on your build system. Then download droid-gcc by either cloning the "Git tree":git://github.com/tmurakam/droid-wrapper.git or by downloading it "directly":http://github.com/tmurakam/droid-wrapper/raw/master/droid-gcc.
63 2 Tobias Brunner
64 2 Tobias Brunner
If you used Git you can install droid-gcc using @make install@, if you downloaded it directly, you have to manually create two symlinks to droid-gcc named _droid-gcc_ and _droid-ld_ in a directory that is included in your PATH environment variable.
65 2 Tobias Brunner
66 1 Tobias Brunner
h3. Build the Library
67 2 Tobias Brunner
68 2 Tobias Brunner
To simplify building the Vstr library, a build script is attached to this page (attachment:vstr.build). The attached patch (attachment:vstr.patch) and Android Makefile (attachment:vstr.mk) are also required.
69 2 Tobias Brunner
70 3 Tobias Brunner
Download the three helper files to an appropriate working directory and then download and extract the tarball for the Vstr library.
71 2 Tobias Brunner
<pre>
72 2 Tobias Brunner
wget http://download.strongswan.org/vstr-1.0.15.tar.bz2
73 2 Tobias Brunner
tar xjf vstr-1.0.15.tar.bz2
74 2 Tobias Brunner
</pre>
75 2 Tobias Brunner
76 6 Tobias Brunner
Adjust the variables in the build script (@DROID_ROOT@ and optionally @DROID_TARGET@ and @INSTALLDIR@). Make sure you specify @DROID_ROOT@ as an absolute path.
77 6 Tobias Brunner
Then build and install the it using
78 2 Tobias Brunner
<pre>
79 2 Tobias Brunner
cd vstr-1.0.15
80 2 Tobias Brunner
patch -p1 < ../vstr.patch
81 1 Tobias Brunner
. ../vstr.build
82 1 Tobias Brunner
</pre>
83 2 Tobias Brunner
84 7 Tobias Brunner
h2. libcURL
85 7 Tobias Brunner
86 7 Tobias Brunner
Optionally, "libcurl":http://curl.haxx.se/libcurl/ can be used to fetch CRLs. It is required if you intend to build [[scepclient]]. You can build it the same way as the Vstr library above, that is, with *droid-gcc*.
87 7 Tobias Brunner
88 7 Tobias Brunner
h3. Build the Library
89 7 Tobias Brunner
90 7 Tobias Brunner
As with the Vstr library a build script (attachment:curl.build) and an Android Makefile (attachment:curl.mk) are attached to this page.
91 7 Tobias Brunner
92 7 Tobias Brunner
Download the helper files to an appropriate working directory, then download and extract the current source tarball of libcurl.
93 7 Tobias Brunner
94 1 Tobias Brunner
Adjust the variables in the build script (see above), and build and install it using
95 1 Tobias Brunner
96 1 Tobias Brunner
<pre>
97 7 Tobias Brunner
cd curl-x.x.x
98 7 Tobias Brunner
. ../curl.build
99 7 Tobias Brunner
</pre>
100 7 Tobias Brunner
101 7 Tobias Brunner
h2. strongSwan
102 7 Tobias Brunner
103 2 Tobias Brunner
Now you are ready to build strongSwan. Download the current tarball (or build it yourself from the strongSwan source tree) and extract it in @DROID_ROOT/external@.
104 2 Tobias Brunner
105 8 Tobias Brunner
If you changed @INSTALLDIR@ in the build scripts above, you will have to change the top Android.mk (or Android.mk.in) accordingly. You can also adjust the plugin list in the that file or enable/disable executables.
106 8 Tobias Brunner
107 8 Tobias Brunner
The executable you want to include in the system image (starter, charon, scepclient) have to be added to @PRODUCT_PACKAGES@ in @build/target/product/core.mk@. The libraries are automatically installed.
108 2 Tobias Brunner
109 2 Tobias Brunner
Now just build the Android source tree.
110 2 Tobias Brunner
111 2 Tobias Brunner
<pre>
112 2 Tobias Brunner
cd /path/to/android/source
113 2 Tobias Brunner
make
114 1 Tobias Brunner
</pre>