365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
b185cdd16d
Install virtual IPs via interface name, and use an interface lookup where required
2012-11-29 10:22:51 +01:00
50bd755871
Add an optional kernel-interface parameter to install IPs with a custom prefix
2012-11-29 10:22:51 +01:00
37d42a76d3
android: Properly handle exceptions when loading keys/certificates
2012-11-21 18:57:41 +01:00
277ff80a2e
android: Private key bug has been fixed with Android 4.2
2012-11-19 11:43:31 +01:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
23ca39010e
android: Enable ECC in the app as our custom built libcrypto supports it
2012-10-23 18:13:58 +02:00
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
eecd41e349
Use a helper function to add milliseconds to timeval structs
2012-10-18 12:25:59 +02:00
2b6088c718
android: Ignore if peer is unreachable when reestablishing an SA
2012-10-18 12:25:59 +02:00
901f6ac403
android: Use a shorter timeout for retransmits
2012-10-18 10:57:55 +02:00
8658e87b35
android: Use keyingtries=%forever and dpd|closeaction=restart
...
We also ignore the CHILD_SA_DOWN event.
This should allow us to keep the connection up as long as the user does
not manually disconnect.
2012-10-18 10:57:55 +02:00
272ce5b580
android: Handle unreachable peers via alert
2012-10-16 14:16:17 +02:00
b00806cf85
android: Use 0.0.0.0/0 as local traffic selector
...
This is helpful if the responder also wants to tunnel e.g. multicast
packages.
2012-10-16 14:16:17 +02:00
45885ca613
android: Bypass/protect previously bypassed sockets if connectivity changes
2012-10-16 14:16:17 +02:00
9167ca8b2b
android: Support for IPsec SA update added
2012-10-16 14:16:17 +02:00
5b88d80f22
android: Trigger roam events in case connectivity changes
2012-10-16 14:16:17 +02:00
ef3d1a1ba9
android: Register NetworkManager as BroadcastReceiver and relay events via JNI
2012-10-16 14:16:17 +02:00
38bbca587f
android: Determine source address dynamically
2012-10-16 14:16:17 +02:00
8f092a2221
android: Added NetworkManager class which allows to retrieve a local IP address
2012-10-16 14:16:17 +02:00
b0e0932538
android: Increase compile warnings
2012-10-16 14:16:16 +02:00
e3d98f2c4c
android: Don't use the default ESP proposal as it includes unsupported algorithms
2012-10-16 14:16:16 +02:00
94106ddc85
android: Leak the private key reference on Jelly Bean to avoid a bug in the framework
...
A bug in the framework on Android Jelly Bean causes a SIGSEGV when the private
key object returned from KeyChain.getPrivateKey is garbage collected.
Leaking the global reference to that object prevents the garbage
collection and thereby the crash.
2012-09-24 17:16:29 +02:00
dfefa2f6dc
android: Added a global variable to check the current SDK version
2012-09-24 17:12:18 +02:00
64595464b2
android: Load the private key and certificates separately in android_creds_t
2012-09-24 17:12:18 +02:00
406d680e45
android: Added a method to get the user's private key via JNI
2012-09-24 17:12:18 +02:00
c35d468fb1
android: Added a JNI backed private key implementation
...
This is required because private keys are provided by an OpenSSL engine
in Jelly Bean, which makes them inaccessible directly via getEncoding.
2012-09-24 17:12:18 +02:00
e596d0ef1e
android: Use AUTH_RULE_IDENTITY_LOOSE
2012-09-18 11:21:49 +02:00
b7c54cf226
android: Fix conversion of actual Unicode strings (i.e. bytes!=chars)
2012-09-17 10:30:39 +02:00
d7d2a5ec38
android: Properly handle reauthentication initiated by the client
2012-09-06 11:27:07 +02:00
d1604d0551
Merge branch 'android-client-cert'
...
Introduces IKEv2 client certificate authentication for the Android App.
2012-09-04 13:58:49 +02:00
c89cc22692
android: Native parts handle ikev2-cert VPN type
2012-08-31 18:24:46 +02:00
094a059bcf
android: android_creds_t can provide a user's private key and certificate
2012-08-31 18:24:46 +02:00
3aba33868b
android: Added JNI method to retrieve user certificate and private key
...
To simplify things the private key, the user certificate and the CA
certificates are all put into the same list.
2012-08-31 18:24:46 +02:00
69f731a9d8
android: Enable pkcs8 plugin
2012-08-31 18:24:46 +02:00
5eb7ad3a38
android: Pass the type of VPN to the native parts
2012-08-31 18:24:46 +02:00
655362464e
android: Make sure NULL jstrings are converted properly
2012-08-31 18:24:45 +02:00
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
ef73bb52b1
Without the ties to PAM we can build eap-gtc on Android
2012-08-17 14:24:48 +02:00
fe05f1f05c
Charon logs to a file in the App's data directory
2012-08-13 11:22:20 +02:00
4308ce1cf7
Moved Java to C string conversion function to android_jni header file
2012-08-13 11:22:20 +02:00
6db742e7e5
Log charon version and uname() output, split libcharon and charon initialization
2012-08-13 11:22:20 +02:00
a39a301a12
Don't set the source address on Android
2012-08-13 11:11:37 +02:00
644db4d7c5
Close IKE_SA on Android immediately if setting up CHILD_SA fails
2012-08-13 11:11:20 +02:00
76e55491eb
Reduce number of retransmits on Android
2012-08-13 11:09:34 +02:00
2483f6a4e0
Job added which handles plain text packets read from TUN device
2012-08-13 11:09:34 +02:00
d9531100fa
Added a handler that writes inbound plain text packets to the TUN device
2012-08-13 11:09:34 +02:00
3b3cf0c87a
Add simple callbacks to receive/send ESP packets via libipsec/receiver.
2012-08-13 11:09:34 +02:00
30ba2ff777
Add routes based on the installed IPsec policies to the TUN device builder
2012-08-13 11:09:34 +02:00
62e6630b24
Add virtual IP to the TUN device builder
...
After the CHILD_SA is established we can easily get this address from
the IKE_SA.
2012-08-13 11:09:34 +02:00
a2993d7243
Create a TUN device via VpnService.Builder once the CHILD_SA is established
2012-08-13 11:09:34 +02:00
3a05756b42
An Android specific attribute handler installs DNS servers via Builder
2012-08-13 11:09:33 +02:00
ae4f1ea180
Native counterpart of VpnService.Builder added, exposed by charonservice
2012-08-13 11:09:33 +02:00
c6c39c783b
Initiate an SA via native JNI method
2012-08-13 11:00:28 +02:00
66211196a7
android_service_t handles initiation of an SA and tracks its progress
...
Status updates are delivered via charonservice (JNI).
2012-08-13 11:00:28 +02:00
3aa5c609c3
Android specific credential set also provides user credentials
2012-08-13 11:00:28 +02:00
8430e54d83
Added an Android specific credential set that provides CA certificates via JNI
2012-08-13 11:00:28 +02:00
2bec193a1b
CharonVpnService provides a function to get trusted certificates via JNI
2012-08-13 11:00:28 +02:00
8c2af60ceb
Function added that allows to update VPN state via JNI
2012-08-13 11:00:28 +02:00
d4f7675199
Implement kernel_ipsec_t.bypass_socket() via JNI and VpnService.protect()
2012-08-13 11:00:27 +02:00
175088517f
Add an Android specific kernel_ipsec_t implementation
...
This is pretty much a proxy class that delegates everything (that is
currently supported) to libipsec.
2012-08-13 11:00:27 +02:00
24447cf49f
Add an Android specific kernel_net_t implementation
...
This currently provides only no-ops and is just added because a
kernel-net implementation is required and kernel-netlink can't be used
at the moment.
2012-08-13 11:00:27 +02:00
529c8c88a3
Keep a global reference to the CharonVpnService object in charonservice
2012-08-13 11:00:26 +02:00
a304874319
Add signal handler for fatal signals to libandroidbridge
2012-08-13 11:00:26 +02:00
d200749424
Set default log level in libandroidbridge
2012-08-13 11:00:25 +02:00
19567a5e3a
Helper function added to handle Java exceptions in native code
2012-08-13 11:00:25 +02:00
95e9a12c28
Don't attach to actual Java threads (or already attached ones)
...
We check this by trying to retrieve a JNIEnv object from the JVM,
if one is returned the current thread is not native (created from Java)
or the thread is already attached.
2012-08-13 11:00:25 +02:00
8bf3027643
Moved CharonVpnService to logic sub-package
2012-08-08 15:41:04 +02:00
6f11e94134
Global charonservice_t object added to libandroidbridge
...
This is later used to call Java methods on CharonVpnService via JNI.
2012-08-08 15:41:04 +02:00
f83f65be08
Added functions to attach/detach native threads to the JVM
...
Even though native threads are automatically detached from the JVM with
help of a thread-local destructor it is recommended to detach as soon as
possible as local JNI references are not freed until a thread detaches.
2012-08-08 15:41:04 +02:00
cb887af4cf
Moved JNI helper macros to a separate file
...
Also initialize a reference to the CharonVpnService class during
JNI_OnLoad, which allows us later to call methods from C to Java.
2012-08-08 15:41:03 +02:00
95dacbbc70
Allocate UDP ports randomly in Android NDK build.
2012-08-08 15:30:28 +02:00
06ed785e5a
Load libipsec in Android app.
2012-08-08 15:12:24 +02:00
4a20814300
Added android.net.VpnService wrapper around charon (loaded via JNI).
2012-08-08 15:09:31 +02:00
2f203aee0e
Android.mk for NDK build added.
2012-08-08 15:09:30 +02:00
Tobias Brunner