Project

General

Profile

strongSwan on Android » History » Version 8

Tobias Brunner, 15.08.2012 14:14
App documented, some other updates (several links were dead)

1 1 Tobias Brunner
h1. strongSwan on Android
2 1 Tobias Brunner
3 8 Tobias Brunner
h2. strongSwan VPN Client for Android 4+
4 1 Tobias Brunner
5 8 Tobias Brunner
We recently released a free App for Android 4 and newer which can be downloaded directly from "Google Play":https://play.google.com/store/apps/details?id=org.strongswan.android.
6 1 Tobias Brunner
7 8 Tobias Brunner
There are some limitations at the moment:
8 1 Tobias Brunner
9 8 Tobias Brunner
 * Only IKEv2 is supported
10 8 Tobias Brunner
 * User authentication is limited to EAP authentication based on username/password (EAP-MSCHAPv2, EAP-MD5)
11 8 Tobias Brunner
 * No support for MOBIKE yet
12 8 Tobias Brunner
 * The IPsec implementation is also limited (only AES and SHA1/SHA2 are supported)
13 8 Tobias Brunner
14 8 Tobias Brunner
h2. Native build
15 8 Tobias Brunner
16 8 Tobias Brunner
strongSwan can also be built for inclusion in the "Android":http://www.android.com system image, that is, directly within the Android source tree.  The rest of this document describes how to do so.
17 8 Tobias Brunner
18 8 Tobias Brunner
A while ago we also created a patch that [[AndroidFrontend|integrates strongSwan into the default Android 2.2 VPN frontend]].
19 8 Tobias Brunner
20 1 Tobias Brunner
h2. Android Source Tree
21 1 Tobias Brunner
22 8 Tobias Brunner
You will need the complete Android source tree to build strongSwan. Instructions on how to download and build it can be found on the "Android website":http://source.android.com/source/downloading.html.
23 1 Tobias Brunner
24 1 Tobias Brunner
To checkout a specific branch or tag of the sources, specify it with the @-b@ parameter when using the @repo init@ command.
25 1 Tobias Brunner
26 8 Tobias Brunner
Since building the whole source tree takes quite a while you should probably start with this first (use @-j@ to speed this up on multi-core machines):
27 1 Tobias Brunner
<pre>
28 1 Tobias Brunner
cd /path/to/android/source
29 1 Tobias Brunner
. build/envsetup.sh
30 1 Tobias Brunner
lunch 1
31 8 Tobias Brunner
make -j<jobs>
32 1 Tobias Brunner
</pre>
33 1 Tobias Brunner
34 3 Tobias Brunner
h2. Android Kernel
35 1 Tobias Brunner
36 1 Tobias Brunner
The prebuilt kernel that is used for the emulator lacks some modules required for strongSwan to work correctly. It is therefore required to build a custom kernel.
37 8 Tobias Brunner
To get the current kernel config you can use the "Android Debug Bridge":http://developer.android.com/tools/help/adb.html to download it from the running emulator. After starting the emulator use
38 1 Tobias Brunner
<pre>
39 4 Tobias Brunner
adb pull /proc/config.gz config.gz
40 1 Tobias Brunner
</pre>to copy the config to the current directory. Then enable the missing modules, this is mainly @CONFIG_XFRM_USER@ and @CONFIG_INET_XFRM_MODE_TUNNEL@ but might include other modules.
41 1 Tobias Brunner
Please compare your config to the list of [[KernelModules|required modules]] in this wiki (please note that some modules, especially all the IPv6 related modules, are not really required).
42 1 Tobias Brunner
43 8 Tobias Brunner
Clone the kernel sources and check out an appropriate tag (check the version of the kernel in the emulator). For example (this is for Android 2.2):
44 1 Tobias Brunner
<pre>
45 8 Tobias Brunner
git clone https://android.googlesource.com/kernel/goldfish kernel
46 1 Tobias Brunner
cd kernel
47 1 Tobias Brunner
git checkout -t origin/android-goldfish-2.6.29
48 1 Tobias Brunner
</pre>
49 3 Tobias Brunner
50 1 Tobias Brunner
You can then copy your config to this directory and compile the kernel sources using
51 1 Tobias Brunner
<pre>
52 1 Tobias Brunner
export ARCH=arm
53 1 Tobias Brunner
export CROSS_COMPILE=/path/to/android/source/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi-
54 1 Tobias Brunner
make oldconfig
55 8 Tobias Brunner
make -j<jobs>
56 1 Tobias Brunner
</pre>
57 1 Tobias Brunner
58 3 Tobias Brunner
To start the emulator using your custom kernel use the following command.
59 1 Tobias Brunner
<pre>
60 1 Tobias Brunner
emulator -kernel /path/to/kernel/source/arch/arm/boot/zImage &
61 2 Tobias Brunner
</pre>
62 1 Tobias Brunner
63 2 Tobias Brunner
h2. Vstr Library
64 2 Tobias Brunner
65 3 Tobias Brunner
strongSwan can be fully integrated in the Android build system. But the required "Vstr string library":http://www.and.org/vstr/ can not (yet). Therefore, you will have to build that library first using "droid-gcc":http://github.com/tmurakam/droid-wrapper.
66 2 Tobias Brunner
67 2 Tobias Brunner
h3. droid-gcc
68 2 Tobias Brunner
69 2 Tobias Brunner
Since droid-gcc is written in Ruby you'll obviously need *Ruby* installed on your build system. Then download droid-gcc by either cloning the "Git tree":git://github.com/tmurakam/droid-wrapper.git or by downloading it "directly":http://github.com/tmurakam/droid-wrapper/raw/master/droid-gcc.
70 2 Tobias Brunner
71 2 Tobias Brunner
If you used Git you can install droid-gcc using @make install@, if you downloaded it directly, you have to manually create two symlinks to droid-gcc named _droid-gcc_ and _droid-ld_ in a directory that is included in your PATH environment variable.
72 2 Tobias Brunner
73 1 Tobias Brunner
h3. Build the Library
74 2 Tobias Brunner
75 2 Tobias Brunner
To simplify building the Vstr library, a build script is attached to this page (attachment:vstr.build). The attached patch (attachment:vstr.patch) and Android Makefile (attachment:vstr.mk) are also required.
76 2 Tobias Brunner
77 3 Tobias Brunner
Download the three helper files to an appropriate working directory and then download and extract the tarball for the Vstr library.
78 2 Tobias Brunner
<pre>
79 2 Tobias Brunner
wget http://download.strongswan.org/vstr-1.0.15.tar.bz2
80 2 Tobias Brunner
tar xjf vstr-1.0.15.tar.bz2
81 2 Tobias Brunner
</pre>
82 2 Tobias Brunner
83 6 Tobias Brunner
Adjust the variables in the build script (@DROID_ROOT@ and optionally @DROID_TARGET@ and @INSTALLDIR@). Make sure you specify @DROID_ROOT@ as an absolute path.
84 6 Tobias Brunner
Then build and install the it using
85 2 Tobias Brunner
<pre>
86 2 Tobias Brunner
cd vstr-1.0.15
87 2 Tobias Brunner
patch -p1 < ../vstr.patch
88 1 Tobias Brunner
. ../vstr.build
89 1 Tobias Brunner
</pre>
90 2 Tobias Brunner
91 7 Tobias Brunner
h2. libcURL
92 7 Tobias Brunner
93 7 Tobias Brunner
Optionally, "libcurl":http://curl.haxx.se/libcurl/ can be used to fetch CRLs. It is required if you intend to build [[scepclient]]. You can build it the same way as the Vstr library above, that is, with *droid-gcc*.
94 7 Tobias Brunner
95 7 Tobias Brunner
h3. Build the Library
96 7 Tobias Brunner
97 7 Tobias Brunner
As with the Vstr library a build script (attachment:curl.build) and an Android Makefile (attachment:curl.mk) are attached to this page.
98 7 Tobias Brunner
99 7 Tobias Brunner
Download the helper files to an appropriate working directory, then download and extract the current source tarball of libcurl.
100 7 Tobias Brunner
101 1 Tobias Brunner
Adjust the variables in the build script (see above), and build and install it using
102 1 Tobias Brunner
103 1 Tobias Brunner
<pre>
104 7 Tobias Brunner
cd curl-x.x.x
105 7 Tobias Brunner
. ../curl.build
106 7 Tobias Brunner
</pre>
107 7 Tobias Brunner
108 7 Tobias Brunner
h2. strongSwan
109 7 Tobias Brunner
110 2 Tobias Brunner
Now you are ready to build strongSwan. Download the current tarball (or build it yourself from the strongSwan source tree) and extract it in @DROID_ROOT/external@.
111 2 Tobias Brunner
112 8 Tobias Brunner
If you changed @INSTALLDIR@ in the build scripts above, you will have to change the top Android.mk (or Android.mk.in) accordingly. You can also adjust the plugin list in the that file or enable/disable executables.
113 8 Tobias Brunner
114 8 Tobias Brunner
The executable you want to include in the system image (starter, charon, scepclient) have to be added to @PRODUCT_PACKAGES@ in @build/target/product/core.mk@. The libraries are automatically installed.
115 2 Tobias Brunner
116 2 Tobias Brunner
Now just build the Android source tree.
117 2 Tobias Brunner
118 2 Tobias Brunner
<pre>
119 2 Tobias Brunner
cd /path/to/android/source
120 2 Tobias Brunner
make
121 1 Tobias Brunner
</pre>