Tobias Brunner
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
Tobias Brunner
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
Martin Willi
b185cdd16d
Install virtual IPs via interface name, and use an interface lookup where required
2012-11-29 10:22:51 +01:00
Martin Willi
50bd755871
Add an optional kernel-interface parameter to install IPs with a custom prefix
2012-11-29 10:22:51 +01:00
Tobias Brunner
37d42a76d3
android: Properly handle exceptions when loading keys/certificates
2012-11-21 18:57:41 +01:00
Tobias Brunner
277ff80a2e
android: Private key bug has been fixed with Android 4.2
2012-11-19 11:43:31 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Martin Willi
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
Martin Willi
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
Tobias Brunner
23ca39010e
android: Enable ECC in the app as our custom built libcrypto supports it
2012-10-23 18:13:58 +02:00
Tobias Brunner
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
Tobias Brunner
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
Tobias Brunner
eecd41e349
Use a helper function to add milliseconds to timeval structs
2012-10-18 12:25:59 +02:00
Tobias Brunner
2b6088c718
android: Ignore if peer is unreachable when reestablishing an SA
2012-10-18 12:25:59 +02:00
Tobias Brunner
901f6ac403
android: Use a shorter timeout for retransmits
2012-10-18 10:57:55 +02:00
Tobias Brunner
8658e87b35
android: Use keyingtries=%forever and dpd|closeaction=restart
...
We also ignore the CHILD_SA_DOWN event.
This should allow us to keep the connection up as long as the user does
not manually disconnect.
2012-10-18 10:57:55 +02:00
Tobias Brunner
272ce5b580
android: Handle unreachable peers via alert
2012-10-16 14:16:17 +02:00
Tobias Brunner
b00806cf85
android: Use 0.0.0.0/0 as local traffic selector
...
This is helpful if the responder also wants to tunnel e.g. multicast
packages.
2012-10-16 14:16:17 +02:00
Tobias Brunner
45885ca613
android: Bypass/protect previously bypassed sockets if connectivity changes
2012-10-16 14:16:17 +02:00
Tobias Brunner
9167ca8b2b
android: Support for IPsec SA update added
2012-10-16 14:16:17 +02:00
Tobias Brunner
5b88d80f22
android: Trigger roam events in case connectivity changes
2012-10-16 14:16:17 +02:00
Tobias Brunner
ef3d1a1ba9
android: Register NetworkManager as BroadcastReceiver and relay events via JNI
2012-10-16 14:16:17 +02:00
Tobias Brunner
38bbca587f
android: Determine source address dynamically
2012-10-16 14:16:17 +02:00
Tobias Brunner
8f092a2221
android: Added NetworkManager class which allows to retrieve a local IP address
2012-10-16 14:16:17 +02:00
Tobias Brunner
b0e0932538
android: Increase compile warnings
2012-10-16 14:16:16 +02:00
Tobias Brunner
e3d98f2c4c
android: Don't use the default ESP proposal as it includes unsupported algorithms
2012-10-16 14:16:16 +02:00
Tobias Brunner
94106ddc85
android: Leak the private key reference on Jelly Bean to avoid a bug in the framework
...
A bug in the framework on Android Jelly Bean causes a SIGSEGV when the private
key object returned from KeyChain.getPrivateKey is garbage collected.
Leaking the global reference to that object prevents the garbage
collection and thereby the crash.
2012-09-24 17:16:29 +02:00
Tobias Brunner
dfefa2f6dc
android: Added a global variable to check the current SDK version
2012-09-24 17:12:18 +02:00
Tobias Brunner
64595464b2
android: Load the private key and certificates separately in android_creds_t
2012-09-24 17:12:18 +02:00
Tobias Brunner
406d680e45
android: Added a method to get the user's private key via JNI
2012-09-24 17:12:18 +02:00
Tobias Brunner
c35d468fb1
android: Added a JNI backed private key implementation
...
This is required because private keys are provided by an OpenSSL engine
in Jelly Bean, which makes them inaccessible directly via getEncoding.
2012-09-24 17:12:18 +02:00
Tobias Brunner
e596d0ef1e
android: Use AUTH_RULE_IDENTITY_LOOSE
2012-09-18 11:21:49 +02:00
Tobias Brunner
b7c54cf226
android: Fix conversion of actual Unicode strings (i.e. bytes!=chars)
2012-09-17 10:30:39 +02:00
Tobias Brunner
d7d2a5ec38
android: Properly handle reauthentication initiated by the client
2012-09-06 11:27:07 +02:00
Tobias Brunner
d1604d0551
Merge branch 'android-client-cert'
...
Introduces IKEv2 client certificate authentication for the Android App.
2012-09-04 13:58:49 +02:00
Tobias Brunner
c89cc22692
android: Native parts handle ikev2-cert VPN type
2012-08-31 18:24:46 +02:00
Tobias Brunner
094a059bcf
android: android_creds_t can provide a user's private key and certificate
2012-08-31 18:24:46 +02:00
Tobias Brunner
3aba33868b
android: Added JNI method to retrieve user certificate and private key
...
To simplify things the private key, the user certificate and the CA
certificates are all put into the same list.
2012-08-31 18:24:46 +02:00
Tobias Brunner
69f731a9d8
android: Enable pkcs8 plugin
2012-08-31 18:24:46 +02:00
Tobias Brunner
5eb7ad3a38
android: Pass the type of VPN to the native parts
2012-08-31 18:24:46 +02:00
Tobias Brunner
655362464e
android: Make sure NULL jstrings are converted properly
2012-08-31 18:24:45 +02:00
Martin Willi
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00
Martin Willi
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
Martin Willi
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
Tobias Brunner
ef73bb52b1
Without the ties to PAM we can build eap-gtc on Android
2012-08-17 14:24:48 +02:00
Tobias Brunner
fe05f1f05c
Charon logs to a file in the App's data directory
2012-08-13 11:22:20 +02:00
Tobias Brunner
4308ce1cf7
Moved Java to C string conversion function to android_jni header file
2012-08-13 11:22:20 +02:00
Tobias Brunner
6db742e7e5
Log charon version and uname() output, split libcharon and charon initialization
2012-08-13 11:22:20 +02:00
Tobias Brunner
a39a301a12
Don't set the source address on Android
2012-08-13 11:11:37 +02:00
Tobias Brunner
644db4d7c5
Close IKE_SA on Android immediately if setting up CHILD_SA fails
2012-08-13 11:11:20 +02:00
Tobias Brunner
76e55491eb
Reduce number of retransmits on Android
2012-08-13 11:09:34 +02:00
Tobias Brunner
2483f6a4e0
Job added which handles plain text packets read from TUN device
2012-08-13 11:09:34 +02:00
Tobias Brunner
d9531100fa
Added a handler that writes inbound plain text packets to the TUN device
2012-08-13 11:09:34 +02:00
Tobias Brunner
3b3cf0c87a
Add simple callbacks to receive/send ESP packets via libipsec/receiver.
2012-08-13 11:09:34 +02:00
Tobias Brunner
30ba2ff777
Add routes based on the installed IPsec policies to the TUN device builder
2012-08-13 11:09:34 +02:00
Tobias Brunner
62e6630b24
Add virtual IP to the TUN device builder
...
After the CHILD_SA is established we can easily get this address from
the IKE_SA.
2012-08-13 11:09:34 +02:00
Tobias Brunner
a2993d7243
Create a TUN device via VpnService.Builder once the CHILD_SA is established
2012-08-13 11:09:34 +02:00
Tobias Brunner
3a05756b42
An Android specific attribute handler installs DNS servers via Builder
2012-08-13 11:09:33 +02:00
Tobias Brunner
ae4f1ea180
Native counterpart of VpnService.Builder added, exposed by charonservice
2012-08-13 11:09:33 +02:00
Tobias Brunner
c6c39c783b
Initiate an SA via native JNI method
2012-08-13 11:00:28 +02:00
Tobias Brunner
66211196a7
android_service_t handles initiation of an SA and tracks its progress
...
Status updates are delivered via charonservice (JNI).
2012-08-13 11:00:28 +02:00
Tobias Brunner
3aa5c609c3
Android specific credential set also provides user credentials
2012-08-13 11:00:28 +02:00
Tobias Brunner
8430e54d83
Added an Android specific credential set that provides CA certificates via JNI
2012-08-13 11:00:28 +02:00
Tobias Brunner
2bec193a1b
CharonVpnService provides a function to get trusted certificates via JNI
2012-08-13 11:00:28 +02:00
Tobias Brunner
8c2af60ceb
Function added that allows to update VPN state via JNI
2012-08-13 11:00:28 +02:00
Tobias Brunner
d4f7675199
Implement kernel_ipsec_t.bypass_socket() via JNI and VpnService.protect()
2012-08-13 11:00:27 +02:00
Tobias Brunner
175088517f
Add an Android specific kernel_ipsec_t implementation
...
This is pretty much a proxy class that delegates everything (that is
currently supported) to libipsec.
2012-08-13 11:00:27 +02:00
Tobias Brunner
24447cf49f
Add an Android specific kernel_net_t implementation
...
This currently provides only no-ops and is just added because a
kernel-net implementation is required and kernel-netlink can't be used
at the moment.
2012-08-13 11:00:27 +02:00
Tobias Brunner
529c8c88a3
Keep a global reference to the CharonVpnService object in charonservice
2012-08-13 11:00:26 +02:00
Tobias Brunner
a304874319
Add signal handler for fatal signals to libandroidbridge
2012-08-13 11:00:26 +02:00
Tobias Brunner
d200749424
Set default log level in libandroidbridge
2012-08-13 11:00:25 +02:00
Tobias Brunner
19567a5e3a
Helper function added to handle Java exceptions in native code
2012-08-13 11:00:25 +02:00
Tobias Brunner
95e9a12c28
Don't attach to actual Java threads (or already attached ones)
...
We check this by trying to retrieve a JNIEnv object from the JVM,
if one is returned the current thread is not native (created from Java)
or the thread is already attached.
2012-08-13 11:00:25 +02:00
Tobias Brunner
8bf3027643
Moved CharonVpnService to logic sub-package
2012-08-08 15:41:04 +02:00
Tobias Brunner
6f11e94134
Global charonservice_t object added to libandroidbridge
...
This is later used to call Java methods on CharonVpnService via JNI.
2012-08-08 15:41:04 +02:00
Tobias Brunner
f83f65be08
Added functions to attach/detach native threads to the JVM
...
Even though native threads are automatically detached from the JVM with
help of a thread-local destructor it is recommended to detach as soon as
possible as local JNI references are not freed until a thread detaches.
2012-08-08 15:41:04 +02:00
Tobias Brunner
cb887af4cf
Moved JNI helper macros to a separate file
...
Also initialize a reference to the CharonVpnService class during
JNI_OnLoad, which allows us later to call methods from C to Java.
2012-08-08 15:41:03 +02:00
Tobias Brunner
95dacbbc70
Allocate UDP ports randomly in Android NDK build.
2012-08-08 15:30:28 +02:00
Tobias Brunner
06ed785e5a
Load libipsec in Android app.
2012-08-08 15:12:24 +02:00
Tobias Brunner
4a20814300
Added android.net.VpnService wrapper around charon (loaded via JNI).
2012-08-08 15:09:31 +02:00
Tobias Brunner
2f203aee0e
Android.mk for NDK build added.
2012-08-08 15:09:30 +02:00