diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
index b22186580..c35d348ba 100644
--- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
@@ -464,13 +464,18 @@ METHOD(listener_t, ike_reestablish, bool,
}
static void add_auth_cfg_eap(private_android_service_t *this,
- peer_cfg_t *peer_cfg)
+ peer_cfg_t *peer_cfg, bool byod)
{
identification_t *user;
auth_cfg_t *auth;
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
+ if (byod)
+ { /* use EAP-TTLS if BYOD is enabled */
+ auth->add(auth, AUTH_RULE_EAP_TYPE, EAP_TTLS);
+ }
+
user = identification_create_from_string(this->username);
auth->add(auth, AUTH_RULE_IDENTITY, user);
@@ -549,9 +554,10 @@ static job_requeue_t initiate(private_android_service_t *this)
}
}
if (streq("ikev2-eap", this->type) ||
- streq("ikev2-cert-eap", this->type))
+ streq("ikev2-cert-eap", this->type) ||
+ streq("ikev2-byod-eap", this->type))
{
- add_auth_cfg_eap(this, peer_cfg);
+ add_auth_cfg_eap(this, peer_cfg, strpfx(this->type, "ikev2-byod"));
}
/* remote auth config */
diff --git a/src/frontends/android/res/values-de/arrays.xml b/src/frontends/android/res/values-de/arrays.xml
index d0117b202..30578c0a8 100644
--- a/src/frontends/android/res/values-de/arrays.xml
+++ b/src/frontends/android/res/values-de/arrays.xml
@@ -19,5 +19,6 @@
- IKEv2 EAP (Benutzername/Passwort)
- IKEv2 Zertifikat
- IKEv2 Zertifikat + EAP (Benutzername/Passwort)
+ - IKEv2 EAP-TNC (Benutzername/Passwort)
\ No newline at end of file
diff --git a/src/frontends/android/res/values-pl/arrays.xml b/src/frontends/android/res/values-pl/arrays.xml
index 1b74b2e57..1a04cbf2e 100644
--- a/src/frontends/android/res/values-pl/arrays.xml
+++ b/src/frontends/android/res/values-pl/arrays.xml
@@ -19,5 +19,6 @@
- IKEv2 EAP (użytkownik/hasło)
- IKEv2 certyfikat
- IKEv2 certyfikat + EAP (użytkownik/hasło)
+ - IKEv2 EAP-TNC (użytkownik/hasło)
\ No newline at end of file
diff --git a/src/frontends/android/res/values-ru/arrays.xml b/src/frontends/android/res/values-ru/arrays.xml
index 55144f294..713f8e404 100644
--- a/src/frontends/android/res/values-ru/arrays.xml
+++ b/src/frontends/android/res/values-ru/arrays.xml
@@ -18,5 +18,6 @@
- IKEv2 EAP (Логин/Пароль)
- IKEv2 Сертификат
- IKEv2 Сертификат + EAP (Логин/Пароль)
+ - IKEv2 EAP-TNC (Логин/Пароль)
diff --git a/src/frontends/android/res/values-ua/arrays.xml b/src/frontends/android/res/values-ua/arrays.xml
index 490fea5e1..4bd92fe0a 100644
--- a/src/frontends/android/res/values-ua/arrays.xml
+++ b/src/frontends/android/res/values-ua/arrays.xml
@@ -18,5 +18,6 @@
- IKEv2 EAP (Логін/Пароль)
- IKEv2 Сертифікати
- IKEv2 Сертифікати + EAP (Логін/Пароль)
+ - IKEv2 EAP-TNC (Логін/Пароль)
diff --git a/src/frontends/android/res/values/arrays.xml b/src/frontends/android/res/values/arrays.xml
index 1ac4cc21d..29f999d9a 100644
--- a/src/frontends/android/res/values/arrays.xml
+++ b/src/frontends/android/res/values/arrays.xml
@@ -19,5 +19,6 @@
- IKEv2 EAP (Username/Password)
- IKEv2 Certificate
- IKEv2 Certificate + EAP (Username/Password)
+ - IKEv2 EAP-TNC (Username/Password)
\ No newline at end of file
diff --git a/src/frontends/android/src/org/strongswan/android/data/VpnType.java b/src/frontends/android/src/org/strongswan/android/data/VpnType.java
index 47cc1cb02..f62c96d76 100644
--- a/src/frontends/android/src/org/strongswan/android/data/VpnType.java
+++ b/src/frontends/android/src/org/strongswan/android/data/VpnType.java
@@ -20,11 +20,13 @@ public enum VpnType
/* the order here must match the items in R.array.vpn_types */
IKEV2_EAP("ikev2-eap", true, false),
IKEV2_CERT("ikev2-cert", false, true),
- IKEV2_CERT_EAP("ikev2-cert-eap", true, true);
+ IKEV2_CERT_EAP("ikev2-cert-eap", true, true),
+ IKEV2_BYOD_EAP("ikev2-byod-eap", true, false, true);
private String mIdentifier;
private boolean mCertificate;
private boolean mUsernamePassword;
+ private boolean mBYOD;
/**
* Enum which provides additional information about the supported VPN types.
@@ -34,10 +36,24 @@ public enum VpnType
* @param certificate true if a client certificate is required
*/
VpnType(String id, boolean userpass, boolean certificate)
+ {
+ this(id, userpass, certificate, false);
+ }
+
+ /**
+ * Enum which provides additional information about the supported VPN types.
+ *
+ * @param id identifier used to store and transmit this specific type
+ * @param userpass true if username and password are required
+ * @param certificate true if a client certificate is required
+ * @param byod true to enable BYOD features
+ */
+ VpnType(String id, boolean userpass, boolean certificate, boolean byod)
{
mIdentifier = id;
mUsernamePassword = userpass;
mCertificate = certificate;
+ mBYOD = byod;
}
/**
@@ -69,6 +85,16 @@ public enum VpnType
return mCertificate;
}
+ /**
+ * Whether BYOD features should be enabled.
+ *
+ * @return true if BYOD features are to be enabled
+ */
+ public boolean getEnableBYOD()
+ {
+ return mBYOD;
+ }
+
/**
* Get the enum entry with the given identifier.
*
diff --git a/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java
index 9274717b9..a7b8a8cef 100644
--- a/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java
+++ b/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java
@@ -214,7 +214,7 @@ public class CharonVpnService extends VpnService implements Runnable
mIsDisconnecting = false;
BuilderAdapter builder = new BuilderAdapter(mCurrentProfile.getName());
- initializeCharon(builder, mLogFile, true);
+ initializeCharon(builder, mLogFile, mCurrentProfile.getVpnType().getEnableBYOD());
Log.i(TAG, "charon started");
initiate(mCurrentProfile.getVpnType().getIdentifier(),