Project

General

Profile

strongSwan on Android » History » Version 6

« Previous - Version 6/18 (diff) - Next » - Current version
Tobias Brunner, 12.09.2011 15:46
DROID_ROOT must be an absolute path


strongSwan on Android

The IKEv2 daemon charon has recently been ported to Google Android.

This document describes how to build strongSwan for Android 2.2 (using the emulator).

There is a patch that integrates strongSwan into the default Android VPN frontend.

Android Source Tree

You will need the complete Android source to build strongSwan. Instructions on how to download and build it can be found on the Android website.

To checkout a specific branch or tag of the sources, specify it with the -b parameter when using the repo init command.

Since building the whole source tree takes quite a while you should probably start with this first:

cd /path/to/android/source
. build/envsetup.sh
lunch 1
make

Android Kernel

The prebuilt kernel that is used for the emulator lacks some modules required for strongSwan to work correctly. It is therefore required to build a custom kernel.
To get the current kernel config you can use the Android Debug Bridge to download it from the running emulator. After starting the emulator use

adb pull /proc/config.gz config.gz
to copy the config to the current directory. Then enable the missing modules, this is mainly CONFIG_XFRM_USER and CONFIG_INET_XFRM_MODE_TUNNEL but might include other modules.
Please compare your config to the list of required modules in this wiki (please note that some modules, especially all the IPv6 related modules, are not really required).

Clone the kernel sources and checkout an appropriate tag (check the version of the kernel in the emulator). For example:

git clone git://android.git.kernel.org/kernel/common kernel
cd kernel
git checkout -t origin/android-goldfish-2.6.29

You can then copy your config to this directory and compile the kernel sources using

export ARCH=arm
export CROSS_COMPILE=/path/to/android/source/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi-
make oldconfig
make

To start the emulator using your custom kernel use the following command.

emulator -kernel /path/to/kernel/source/arch/arm/boot/zImage &

Vstr Library

strongSwan can be fully integrated in the Android build system. But the required Vstr string library can not (yet). Therefore, you will have to build that library first using droid-gcc.

droid-gcc

Since droid-gcc is written in Ruby you'll obviously need Ruby installed on your build system. Then download droid-gcc by either cloning the Git tree or by downloading it directly.

If you used Git you can install droid-gcc using make install, if you downloaded it directly, you have to manually create two symlinks to droid-gcc named droid-gcc and droid-ld in a directory that is included in your PATH environment variable.

Build the Library

To simplify building the Vstr library, a build script is attached to this page (vstr.build). The attached patch (vstr.patch) and Android Makefile (vstr.mk) are also required.

Download the three helper files to an appropriate working directory and then download and extract the tarball for the Vstr library.

wget http://download.strongswan.org/vstr-1.0.15.tar.bz2
tar xjf vstr-1.0.15.tar.bz2

Adjust the variables in the build script (DROID_ROOT and optionally DROID_TARGET and INSTALLDIR). Make sure you specify DROID_ROOT as an absolute path.
Then build and install the it using

cd vstr-1.0.15
patch -p1 < ../vstr.patch
. ../vstr.build

strongSwan

Now you are ready to build strongSwan. Download the current tarball (or build it yourself from the strongSwan source tree) and extract it in DROID_ROOT/external.

If you changed INSTALLDIR in the build script above, you will have to change the top Android.mk (or Android.mk.in) accordingly. You can also adjust the plugin list in the that file.

Now just build the Android source tree.

cd /path/to/android/source
make