android: Add flag to enable IPv6 transport addresses

src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java

@@ -36,6 +36,7 @@ public class VpnProfile implements Cloneable
 	public static final int FLAGS_DISABLE_OCSP = 1 << 2;
 	public static final int FLAGS_STRICT_REVOCATION = 1 << 3;
 	public static final int FLAGS_RSA_PSS = 1 << 4;
+	public static final int FLAGS_IPv6_TRANSPORT = 1 << 5;
 
 	private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
 	private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;

src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java

@@ -288,7 +288,8 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
 						SimpleFetcher.enable();
 						addNotification();
 						mBuilderAdapter.setProfile(mCurrentProfile);
-						if (initializeCharon(mBuilderAdapter, mLogFile, mAppDir, mCurrentProfile.getVpnType().has(VpnTypeFeature.BYOD)))
+						if (initializeCharon(mBuilderAdapter, mLogFile, mAppDir, mCurrentProfile.getVpnType().has(VpnTypeFeature.BYOD),
+											(mCurrentProfile.getFlags() & VpnProfile.FLAGS_IPv6_TRANSPORT) != 0))
 						{
 							Log.i(TAG, "charon started");
 
@@ -775,9 +776,10 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
 	 * @param logfile absolute path to the logfile
 	 * @param appdir absolute path to the data directory of the app
 	 * @param byod enable BYOD features
+	 * @param ipv6 enable IPv6 transport
 	 * @return TRUE if initialization was successful
 	 */
-	public native boolean initializeCharon(BuilderAdapter builder, String logfile, String appdir, boolean byod);
+	public native boolean initializeCharon(BuilderAdapter builder, String logfile, String appdir, boolean byod, boolean ipv6);
 
 	/**
 	 * Deinitialize charon, provided by libandroidbridge.so

src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c

@@ -744,7 +744,7 @@ static job_requeue_t initiate(private_android_service_t *this)
 	auth_cfg_t *auth;
 	ike_cfg_create_t ike = {
 		.version = IKEV2,
-		.local = "0.0.0.0",
+		.local = "",
 		.local_port = charon->socket->get_port(charon->socket, FALSE),
 		.force_encap = TRUE,
 		.fragmentation = FRAGMENTATION_YES,

src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c

@@ -479,7 +479,7 @@ static bool charonservice_register(plugin_t *plugin, plugin_feature_t *feature,
 /**
  * Set strongswan.conf options
  */
-static void set_options(char *logfile)
+static void set_options(char *logfile, jboolean ipv6)
 {
 	lib->settings->set_int(lib->settings,
 					"charon.plugins.android_log.loglevel", ANDROID_DEBUG_LEVEL);
@@ -516,10 +516,10 @@ static void set_options(char *logfile)
 	 * information */
 	lib->settings->set_bool(lib->settings,
 					"charon.plugins.socket-default.set_source", FALSE);
-	/* the Linux kernel does currently not support UDP encaspulation for IPv6
-	 * so lets disable IPv6 for now to avoid issues with dual-stack gateways */
+	/* the Linux kernel only supports UDP encap for IPv6 since 5.8, so let's use
+	 * IPv6 only if requested, to avoid issues with older dual-stack servers */
 	lib->settings->set_bool(lib->settings,
-					"charon.plugins.socket-default.use_ipv6", FALSE);
+					"charon.plugins.socket-default.use_ipv6", ipv6);
 
 #ifdef USE_BYOD
 	lib->settings->set_str(lib->settings,
@@ -634,7 +634,7 @@ static void __attribute__ ((constructor))register_logger()
  * Initialize charon and the libraries via JNI
  */
 JNI_METHOD(CharonVpnService, initializeCharon, jboolean,
-	jobject builder, jstring jlogfile, jstring jappdir, jboolean byod)
+	jobject builder, jstring jlogfile, jstring jappdir, jboolean byod, jboolean ipv6)
 {
 	struct sigaction action;
 	struct utsname utsname;
@@ -656,7 +656,7 @@ JNI_METHOD(CharonVpnService, initializeCharon, jboolean,
 	/* set options before initializing other libraries that might read them */
 	logfile = androidjni_convert_jstring(env, jlogfile);
 
-	set_options(logfile);
+	set_options(logfile, ipv6);
 	free(logfile);
 
 	if (!libipsec_init())