Project

General

Profile

strongSwan on Android » History » Version 18

Tobias Brunner, 17.11.2015 17:37
Some infos regarding standalone toolchains added

1 13 Tobias Brunner
{{title(strongSwan on Android)}}
2 13 Tobias Brunner
3 1 Tobias Brunner
h1. strongSwan on Android
4 1 Tobias Brunner
5 18 Tobias Brunner
{{>toc}}
6 18 Tobias Brunner
7 8 Tobias Brunner
h2. strongSwan VPN Client for Android 4+
8 1 Tobias Brunner
9 17 Tobias Brunner
We maintain the "strongSwan VPN Client for Android 4 and newer":https://play.google.com/store/apps/details?id=org.strongswan.android, an App that can be downloaded directly from "Google Play":https://play.google.com/store/apps/details?id=org.strongswan.android.
10 1 Tobias Brunner
11 10 Tobias Brunner
More details can be found on a [[AndroidVPNClient|separate page]].
12 1 Tobias Brunner
13 18 Tobias Brunner
h2. Native Build
14 1 Tobias Brunner
15 18 Tobias Brunner
Using a standalone toolchain from the "Android NDK":https://developer.android.com/intl/ko/tools/sdk/ndk/index.html strongSwan can be built to run as console application/daemon on rooted Android systems.
16 1 Tobias Brunner
17 18 Tobias Brunner
h3. Standalone Toolchain
18 1 Tobias Brunner
19 18 Tobias Brunner
Detailed instructions on how to create a standalone toolchain can be found in the Android NDK docs.
20 18 Tobias Brunner
21 18 Tobias Brunner
Something like the following will do:
22 18 Tobias Brunner
23 18 Tobias Brunner
<pre>
24 18 Tobias Brunner
$NDK/build/tools/make-standalone-toolchain.sh --arch=<arm|x86|mips> --platform=android-<API level> --install-dir=<path/to/toolchain>
25 18 Tobias Brunner
</pre>
26 18 Tobias Brunner
27 18 Tobias Brunner
For the instructions in the next section lets assume the toolchain was created like this:
28 18 Tobias Brunner
29 18 Tobias Brunner
<pre>
30 18 Tobias Brunner
$NDK/build/tools/make-standalone-toolchain.sh --arch=arm --platform=android-21 --install-dir=/tmp/strongswan-toolchain
31 18 Tobias Brunner
</pre>
32 18 Tobias Brunner
33 18 Tobias Brunner
h3. Build strongSwan
34 18 Tobias Brunner
35 18 Tobias Brunner
Using the standalone toolchain created before strongSwan can be built from a source tree (or the repository) pretty much as usual. Therefore, refer to [[InstallationDocumentation#Building-strongSwan]] for general instruction on how to build strongSwan from sources.
36 18 Tobias Brunner
37 18 Tobias Brunner
To cross-compile strongSwan for Android use the following when running @./configure@ (@--host@ has to be adapted according to the selected architecture/toolchain):
38 18 Tobias Brunner
39 18 Tobias Brunner
<pre>
40 18 Tobias Brunner
export PATH=/tmp/strongswan-toolchain/bin:$PATH
41 18 Tobias Brunner
./configure --host=arm-linux-androideabi <other options as needed>
42 18 Tobias Brunner
</pre>
43 18 Tobias Brunner
44 18 Tobias Brunner
**Note:** Depending on the API level, the older Linux headers included in the toolchain might make it necessary to add some additional headers in source:src/include or to revert the headers there to versions closer to the ones included in the toolchain.
45 18 Tobias Brunner
46 18 Tobias Brunner
h2. System Image
47 18 Tobias Brunner
48 18 Tobias Brunner
strongSwan can also be built for inclusion in an "Android":http://www.android.com system image, that is, directly within the Android source tree.  The rest of this document describes how to do so.
49 18 Tobias Brunner
50 18 Tobias Brunner
**Please note that these instructions are quite old and might not work anymore.**
51 18 Tobias Brunner
52 18 Tobias Brunner
h3. Android Source Tree
53 18 Tobias Brunner
54 1 Tobias Brunner
You will need the complete Android source tree to build strongSwan. Instructions on how to download and build it can be found on the "Android website":http://source.android.com/source/downloading.html.
55 1 Tobias Brunner
56 15 Tobias Brunner
To checkout a specific branch or tag of the sources, specify it with the @-b@ parameter when using the @repo init@ command.
57 1 Tobias Brunner
58 1 Tobias Brunner
Since "building the whole source tree":http://source.android.com/source/building-running.html takes quite a while you should probably start with this first (use @-j@ to speed this up on multi-core machines):
59 15 Tobias Brunner
<pre>
60 8 Tobias Brunner
cd /path/to/android/source
61 1 Tobias Brunner
. build/envsetup.sh
62 1 Tobias Brunner
lunch <target>
63 1 Tobias Brunner
make -j<jobs>
64 1 Tobias Brunner
</pre>
65 1 Tobias Brunner
66 18 Tobias Brunner
h3. Android Kernel
67 1 Tobias Brunner
68 4 Tobias Brunner
The prebuilt kernel that is used for the emulator lacks some modules required for strongSwan to work correctly. It is therefore required to build a custom kernel.
69 1 Tobias Brunner
To get the current kernel config you can use the "Android Debug Bridge":http://developer.android.com/tools/help/adb.html to download it from the running emulator. After starting the emulator use
70 1 Tobias Brunner
<pre>
71 1 Tobias Brunner
adb pull /proc/config.gz config.gz
72 8 Tobias Brunner
</pre>to copy the config to the current directory. Then enable the missing modules, this is mainly @CONFIG_XFRM_USER@ and @CONFIG_INET_XFRM_MODE_TUNNEL@ but might include other modules.
73 1 Tobias Brunner
Please compare your config to the list of [[KernelModules|required modules]] in this wiki (please note that some modules, especially all the IPv6 related modules, are not really required).
74 8 Tobias Brunner
75 1 Tobias Brunner
Clone the kernel sources and check out an appropriate tag (check the version of the kernel in the emulator). For example (this is for Android 2.2):
76 1 Tobias Brunner
<pre>
77 1 Tobias Brunner
git clone https://android.googlesource.com/kernel/goldfish kernel
78 3 Tobias Brunner
cd kernel
79 1 Tobias Brunner
git checkout -t origin/android-goldfish-2.6.29
80 1 Tobias Brunner
</pre>
81 1 Tobias Brunner
82 1 Tobias Brunner
You can then copy your config to this directory and compile the kernel sources using
83 8 Tobias Brunner
<pre>
84 1 Tobias Brunner
export ARCH=arm
85 3 Tobias Brunner
export CROSS_COMPILE=/path/to/android/source/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi-
86 1 Tobias Brunner
make oldconfig
87 1 Tobias Brunner
make -j<jobs>
88 2 Tobias Brunner
</pre>
89 1 Tobias Brunner
90 1 Tobias Brunner
To start the emulator using your custom kernel use the following command.
91 2 Tobias Brunner
<pre>
92 2 Tobias Brunner
emulator -kernel /path/to/kernel/source/arch/arm/boot/zImage &
93 14 Tobias Brunner
</pre>
94 14 Tobias Brunner
95 18 Tobias Brunner
h3. Vstr Library
96 2 Tobias Brunner
97 2 Tobias Brunner
*The Vstr string library is not needed anymore since commit:20c99eda.*
98 2 Tobias Brunner
99 2 Tobias Brunner
strongSwan can be fully integrated in the Android build system. But the required "Vstr string library":http://www.and.org/vstr/ can not (yet). Therefore, you will have to build that library first using "droid-gcc":http://github.com/tmurakam/droid-wrapper.
100 1 Tobias Brunner
101 18 Tobias Brunner
h4. droid-gcc
102 2 Tobias Brunner
103 2 Tobias Brunner
Since droid-gcc is written in Ruby you'll obviously need *Ruby* installed on your build system. Then download droid-gcc by either cloning the "Git tree":git://github.com/tmurakam/droid-wrapper.git or by downloading it "directly":http://github.com/tmurakam/droid-wrapper/raw/master/droid-gcc.
104 1 Tobias Brunner
105 2 Tobias Brunner
If you used Git you can install droid-gcc using @make install@, if you downloaded it directly, you have to manually create two symlinks to droid-gcc named _droid-gcc_ and _droid-ld_ in a directory that is included in your PATH environment variable.
106 2 Tobias Brunner
107 18 Tobias Brunner
h4. Build the Library
108 3 Tobias Brunner
109 2 Tobias Brunner
To simplify building the Vstr library, a build script is attached to this page (attachment:vstr.build). The attached patch (attachment:vstr.patch) and Android Makefile (attachment:vstr.mk) are also required.
110 2 Tobias Brunner
111 2 Tobias Brunner
Download the three helper files to an appropriate working directory and then download and extract the tarball for the Vstr library.
112 2 Tobias Brunner
<pre>
113 2 Tobias Brunner
wget http://download.strongswan.org/vstr-1.0.15.tar.bz2
114 6 Tobias Brunner
tar xjf vstr-1.0.15.tar.bz2
115 6 Tobias Brunner
</pre>
116 2 Tobias Brunner
117 1 Tobias Brunner
Adjust the variables in the build script (@DROID_ROOT@ and optionally @DROID_TARGET@ and @INSTALLDIR@). Make sure you specify @DROID_ROOT@ as an absolute path.
118 2 Tobias Brunner
Then build and install the it using
119 2 Tobias Brunner
<pre>
120 1 Tobias Brunner
cd vstr-1.0.15
121 1 Tobias Brunner
patch -p1 < ../vstr.patch
122 1 Tobias Brunner
. ../vstr.build
123 2 Tobias Brunner
</pre>
124 7 Tobias Brunner
125 18 Tobias Brunner
h3. libcURL
126 7 Tobias Brunner
127 7 Tobias Brunner
Optionally, "libcurl":http://curl.haxx.se/libcurl/ can be used to fetch CRLs. It is required if you intend to build [[scepclient]]. You can build it the same way as the Vstr library above, that is, with *droid-gcc*.
128 7 Tobias Brunner
129 18 Tobias Brunner
h4. Build the Library
130 7 Tobias Brunner
131 7 Tobias Brunner
As with the Vstr library a build script (attachment:curl.build) and an Android Makefile (attachment:curl.mk) are attached to this page.
132 1 Tobias Brunner
133 7 Tobias Brunner
Download the helper files to an appropriate working directory, then download and extract the current source tarball of libcurl.
134 7 Tobias Brunner
135 1 Tobias Brunner
Adjust the variables in the build script (see above), and build and install it using
136 1 Tobias Brunner
137 1 Tobias Brunner
<pre>
138 7 Tobias Brunner
cd curl-x.x.x
139 7 Tobias Brunner
. ../curl.build
140 7 Tobias Brunner
</pre>
141 7 Tobias Brunner
142 18 Tobias Brunner
h3. strongSwan
143 7 Tobias Brunner
144 16 Tobias Brunner
Now you are ready to build strongSwan. Download the current tarball and extract it in @DROID_ROOT/external@. A symlink to the strongSwan source tree also works with newer Android releases.
145 16 Tobias Brunner
146 16 Tobias Brunner
If you build directly from the strongSwan Git repository instead of a tarball, the sources have to be prepared properly, otherwise the build will fail. In the root of the strongSwan sources run the following to create the required files (this has some external dependencies, see source:HACKING for details):
147 16 Tobias Brunner
148 16 Tobias Brunner
  ./autogen.sh && ./configure && make dist && rm strongswan-*.tar.gz
149 2 Tobias Brunner
150 8 Tobias Brunner
If you changed @INSTALLDIR@ in the build scripts above, you will have to change the top Android.mk (or Android.mk.in) accordingly. You can also adjust the plugin list in the that file or enable/disable executables.
151 8 Tobias Brunner
152 8 Tobias Brunner
The executable you want to include in the system image (starter, charon, scepclient) have to be added to @PRODUCT_PACKAGES@ in @build/target/product/core.mk@. The libraries are automatically installed.
153 2 Tobias Brunner
154 2 Tobias Brunner
Now just build the Android source tree.
155 2 Tobias Brunner
156 2 Tobias Brunner
<pre>
157 2 Tobias Brunner
cd /path/to/android/source
158 2 Tobias Brunner
make
159 1 Tobias Brunner
</pre>