strongSwan

{{title(strongSwan on Android)}}

h1. strongSwan on Android

h2. strongSwan VPN Client for Android 4+

We maintain the "strongSwan VPN Client for Android 4 and newer":https://play.google.com/store/apps/details?id=org.strongswan.android, an App that can be downloaded directly from "Google Play":https://play.google.com/store/apps/details?id=org.strongswan.android.

More details can be found on a [[AndroidVPNClient|separate page]].

h2. Native build

strongSwan can also be built for inclusion in the "Android":http://www.android.com system image, that is, directly within the Android source tree.  The rest of this document describes how to do so.

h2. Android Source Tree

You will need the complete Android source tree to build strongSwan. Instructions on how to download and build it can be found on the "Android website":http://source.android.com/source/downloading.html.

To checkout a specific branch or tag of the sources, specify it with the @-b@ parameter when using the @repo init@ command.

Since "building the whole source tree":http://source.android.com/source/building-running.html takes quite a while you should probably start with this first (use @-j@ to speed this up on multi-core machines):

<pre>

cd /path/to/android/source

. build/envsetup.sh

lunch <target>

make -j<jobs>

</pre>

h2. Android Kernel

The prebuilt kernel that is used for the emulator lacks some modules required for strongSwan to work correctly. It is therefore required to build a custom kernel.

To get the current kernel config you can use the "Android Debug Bridge":http://developer.android.com/tools/help/adb.html to download it from the running emulator. After starting the emulator use

<pre>

adb pull /proc/config.gz config.gz

</pre>to copy the config to the current directory. Then enable the missing modules, this is mainly @CONFIG_XFRM_USER@ and @CONFIG_INET_XFRM_MODE_TUNNEL@ but might include other modules.

Please compare your config to the list of [[KernelModules|required modules]] in this wiki (please note that some modules, especially all the IPv6 related modules, are not really required).

Clone the kernel sources and check out an appropriate tag (check the version of the kernel in the emulator). For example (this is for Android 2.2):

<pre>

git clone https://android.googlesource.com/kernel/goldfish kernel

cd kernel

git checkout -t origin/android-goldfish-2.6.29

</pre>

You can then copy your config to this directory and compile the kernel sources using

<pre>

export ARCH=arm

export CROSS_COMPILE=/path/to/android/source/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi-

make oldconfig

make -j<jobs>

</pre>

To start the emulator using your custom kernel use the following command.

<pre>

emulator -kernel /path/to/kernel/source/arch/arm/boot/zImage &

</pre>

h2. Vstr Library

*The Vstr string library is not needed anymore since commit:20c99eda.*

strongSwan can be fully integrated in the Android build system. But the required "Vstr string library":http://www.and.org/vstr/ can not (yet). Therefore, you will have to build that library first using "droid-gcc":http://github.com/tmurakam/droid-wrapper.

h3. droid-gcc

Since droid-gcc is written in Ruby you'll obviously need *Ruby* installed on your build system. Then download droid-gcc by either cloning the "Git tree":git://github.com/tmurakam/droid-wrapper.git or by downloading it "directly":http://github.com/tmurakam/droid-wrapper/raw/master/droid-gcc.

If you used Git you can install droid-gcc using @make install@, if you downloaded it directly, you have to manually create two symlinks to droid-gcc named _droid-gcc_ and _droid-ld_ in a directory that is included in your PATH environment variable.

h3. Build the Library

To simplify building the Vstr library, a build script is attached to this page (attachment:vstr.build). The attached patch (attachment:vstr.patch) and Android Makefile (attachment:vstr.mk) are also required.

Download the three helper files to an appropriate working directory and then download and extract the tarball for the Vstr library.

<pre>

wget http://download.strongswan.org/vstr-1.0.15.tar.bz2

tar xjf vstr-1.0.15.tar.bz2

</pre>

Adjust the variables in the build script (@DROID_ROOT@ and optionally @DROID_TARGET@ and @INSTALLDIR@). Make sure you specify @DROID_ROOT@ as an absolute path.

Then build and install the it using

<pre>

cd vstr-1.0.15

patch -p1 < ../vstr.patch

. ../vstr.build

</pre>

h2. libcURL

Optionally, "libcurl":http://curl.haxx.se/libcurl/ can be used to fetch CRLs. It is required if you intend to build [[scepclient]]. You can build it the same way as the Vstr library above, that is, with *droid-gcc*.

h3. Build the Library

As with the Vstr library a build script (attachment:curl.build) and an Android Makefile (attachment:curl.mk) are attached to this page.

Download the helper files to an appropriate working directory, then download and extract the current source tarball of libcurl.

Adjust the variables in the build script (see above), and build and install it using

<pre>

cd curl-x.x.x

. ../curl.build

</pre>

h2. strongSwan

Now you are ready to build strongSwan. Download the current tarball and extract it in @DROID_ROOT/external@. A symlink to the strongSwan source tree also works with newer Android releases.

If you build directly from the strongSwan Git repository instead of a tarball, the sources have to be prepared properly, otherwise the build will fail. In the root of the strongSwan sources run the following to create the required files (this has some external dependencies, see source:HACKING for details):

  ./autogen.sh && ./configure && make dist && rm strongswan-*.tar.gz

If you changed @INSTALLDIR@ in the build scripts above, you will have to change the top Android.mk (or Android.mk.in) accordingly. You can also adjust the plugin list in the that file or enable/disable executables.

The executable you want to include in the system image (starter, charon, scepclient) have to be added to @PRODUCT_PACKAGES@ in @build/target/product/core.mk@. The libraries are automatically installed.

Now just build the Android source tree.

<pre>

cd /path/to/android/source

make

</pre>