Tobias Brunner
eb01649079
android: Reload CA certificates without AsyncTask
...
We already use loaders in the GUI that can handle this asynchronously.
2014-07-22 10:41:50 +02:00
Tobias Brunner
918200378d
android: Change how CA certificate reloads are initiated
2014-07-22 10:41:50 +02:00
Tobias Brunner
08de6a08f0
android: Add option to reload CA certificates to TrustedCertificatesActivity
2014-07-22 10:41:50 +02:00
Tobias Brunner
2312985b2a
android: Replace option to reload CA certificates with CA certificate view
...
The reload option will be added there.
2014-07-22 10:41:50 +02:00
Tobias Brunner
1353f08fbc
android: Only close TrustedCertificatesActivity on click when selecting a certificate
2014-07-22 10:41:50 +02:00
Tobias Brunner
9c841b1f34
android: Set action when using TrustedCertificatesActivity to select a certificate
2014-07-22 10:41:50 +02:00
Tobias Brunner
f21a69dbec
android: Allow selection of local certificates
2014-07-22 10:41:49 +02:00
Tobias Brunner
3b2b536b70
android: Change how CA certificates from different sources are accessed
2014-07-22 10:41:49 +02:00
Tobias Brunner
8cdce00eb1
android: Cache certificates from multiple KeyStores
...
Including the new local one.
2014-07-22 10:41:49 +02:00
Tobias Brunner
8d3a058abc
android: Register local certificate store provider when the app is initialized
2014-07-22 10:41:49 +02:00
Tobias Brunner
5eb4297046
android: Add Provider for the local certificate store
2014-07-22 10:41:49 +02:00
Tobias Brunner
544267889e
android: Add KeyStoreSpi implementation that uses LocalCertificateStore
2014-07-22 10:41:49 +02:00
Tobias Brunner
275888d255
android: Add local certificate store
...
The class manages certificates stored in files within the app's
private data directory.
2014-07-22 10:41:49 +02:00
Tobias Brunner
463a6cd005
android: Move TrustedCertificateEntry to a new package
2014-07-22 10:41:49 +02:00
Tobias Brunner
6684195505
android: Subclass Application to provide static access to the application context
2014-07-22 10:41:49 +02:00
Tobias Brunner
7229bdd5c7
android: Target latest SDK version
2014-07-22 10:41:49 +02:00
Tobias Brunner
140ce41a39
android: Add utility method to convert a byte array to a hex string
2014-07-22 10:41:48 +02:00
Tobias Brunner
9d994ba5ea
android: Remove unused hash argument from getTrustedCertificates()
2014-07-22 10:41:48 +02:00
Tobias Brunner
b9fd95f476
android: Use correct tag to define category for CREATE_SHORTCUT intent-filter
2014-07-22 10:41:48 +02:00
Tobias Brunner
3e4ce88633
android: Define HAVE_DLADDR as plugin loader checks for it
2014-06-24 15:53:25 +02:00
Martin Willi
30c009c2fe
kernel-interface: Add a replay_window parameter to add_sa()
2014-06-17 16:41:30 +02:00
Martin Willi
8d74ec9e80
ike: Add an additional but separate AEAD proposal to CHILD config
...
This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.
2014-05-16 16:51:19 +02:00
Martin Willi
879e3d12ca
ike: Add an additional but separate AEAD proposal to IKE config, if supported
2014-05-16 16:51:19 +02:00
Tobias Brunner
446c036794
android: New release based on 5.1.3
...
Also links OpenSSL statically and doesn't limit the number of packets
during EAP-TTLS.
2014-04-25 14:39:22 +02:00
Tobias Brunner
8064764070
android: Use static version of libcrypto
...
System.loadLibrary() searches in system directories first (at least in
recent releases), that is, our own build wouldn't actually get used.
2014-04-25 14:26:31 +02:00
Martin Willi
65117a0764
nm: Bump NetworkManager plugin version to 1.3.1
2014-04-24 15:53:38 +02:00
Tobias Brunner
65ee857a88
android: Don't limit number to packets during EAP-TTLS
2014-02-18 11:32:37 +01:00
Tobias Brunner
1c306c0ee9
libcharon: Remove unused charon->name
2014-02-12 14:34:33 +01:00
Tobias Brunner
10c4f4e1fd
libhydra: Remove unused hydra->daemon
2014-02-12 14:34:32 +01:00
Tobias Brunner
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
Tobias Brunner
0b506edb19
nm: Require the PSK to be at least 20 characters long
2013-11-27 18:36:58 +01:00
Tobias Brunner
692a421aa0
nm: German translation updated
2013-11-27 18:36:58 +01:00
Tobias Brunner
594878e552
nm: Add PSK option to auth-dialog
2013-11-27 18:36:58 +01:00
Tobias Brunner
63528ebd3f
nm: Add pre-shared key option in GUI
2013-11-27 18:36:58 +01:00
Tobias Brunner
cfaec93111
nm: Make intltool recognize glade files properly
2013-11-27 18:36:58 +01:00
Tobias Brunner
85adb98daf
android: New release based on 5.1.1
...
This fixes issues with IVs and padding in ESP handling and removes the
Vstr dependency.
2013-11-13 17:41:24 +01:00
Tobias Brunner
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
Martin Willi
10900ed7e7
charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder config
...
This allows the server to use a different IKE identity as long as the
configured hostname is contained in the certificate.
2013-11-01 12:05:48 +01:00
Martin Willi
1ba47fa565
charon-xpc: Load missing eap-md5 plugin after enabling it
2013-10-28 15:18:11 +01:00
Martin Willi
9f2a4d3315
charon-xpc: Disable warnings about deprecated functions
...
This avoids all the deprecated warnings when using OpenSSL functins.
2013-10-28 14:51:59 +01:00
Martin Willi
f5ea7d781f
charon-xpc: Avoid -all_load linker flag
...
This seems to be not required anymore with the LLVM 5 toolchain.
2013-10-28 14:51:51 +01:00
Martin Willi
a1c2ed8820
charon-xpc: Properly xpc_retain() connections we xpc_release()
2013-10-28 14:51:40 +01:00
Martin Willi
888d8d73ab
charon-xpc: Properly cast SA identifier to uintptr representation
2013-10-28 14:51:28 +01:00
Martin Willi
3e40dbb128
charon-xpc: Don’t build against libvstr anymore
...
We now have our own printf backend and use it instead of Vstr.
2013-10-28 14:51:03 +01:00
Martin Willi
6a3cfbdc0d
charon-xpc: Build with EAP-MD5 support
2013-10-28 14:49:19 +01:00
Martin Willi
d7083b6541
kernel: Use a time_t to report use time in query_policy()
2013-10-11 10:23:17 +02:00
Martin Willi
c99458e94e
kernel: Use a time_t to report use time in query_sa()
2013-10-11 10:23:17 +02:00
Tobias Brunner
e4d63cfae7
android: New release after fixing remediation instructions regression
2013-09-26 13:53:39 +02:00
Tobias Brunner
00f7b29422
android: Change progress dialog handling
...
With the previous code the dialog sometimes was hidden for a short while
before it got reopened.
2013-09-26 13:53:25 +02:00
Tobias Brunner
cfed5679b8
android: Clear remediation instructions when starting a new connection
2013-09-26 13:00:45 +02:00
Tobias Brunner
c17cbfdb72
android: New release after improving recovery after connectivity changes
2013-09-23 14:33:29 +02:00
Tobias Brunner
3817231333
android: Change state handling to display errors occurring while the app is hidden
...
A new connection ID allows listeners to track which errors they have
already shown to the user or were already dismissed by the user.
This was necessary because the state fragment is now unregistered from
state changes when it is not shown.
2013-09-23 12:01:43 +02:00
Tobias Brunner
b4a5b185fc
android: Don't update state fragments when they are not displayed
...
Besides that updates don't make much sense when the fragments are not
displayed this fixes the following exception:
java.lang.IllegalStateException: Can not perform this action after
onSaveInstanceState
2013-09-23 12:01:42 +02:00
Tobias Brunner
c3ee829eee
android: Properly handle failures while initializing charon
2013-09-23 11:49:52 +02:00
Tobias Brunner
c742905f50
android: Fix compilation after PTS header files were moved
2013-09-04 16:18:29 +02:00
Martin Willi
3070697f9f
ike: support multiple addresses, ranges and subnets in IKE address config
...
Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.
2013-09-04 10:38:37 +02:00
Martin Willi
9aeaa7396e
peer-cfg: add a pull/push mode option to use with mode config
2013-09-04 10:33:37 +02:00
Martin Willi
a0cd955f42
charon-xpc: add a note how to build the source tarball
2013-08-29 12:28:54 +02:00
Martin Willi
74ee1120d7
charon-xpc: include and prefer AES-GCM algorithms in ESP proposal
2013-08-29 11:37:07 +02:00
Martin Willi
8fa7c5c191
charon-xpc: load missing ctr/ccm/gcm plugins
2013-07-31 16:28:11 +02:00
Martin Willi
aafb6fa6c2
charon-xpc: use kernel-libipsec instead of kernel-pfkey
2013-07-31 11:41:37 +02:00
Martin Willi
546235d34c
charon-xpc: fix TS getting after changing CHILD_SA API
2013-07-31 11:41:31 +02:00
Tobias Brunner
146fa8b2d3
charon-xpc: Use correct namespace when setting default settings
2013-07-22 17:44:37 +02:00
Tobias Brunner
0ceb288815
Fix various API doc issues and typos
...
Partially based on an old patch by Adrian-Ken Rueegsegger.
2013-07-18 18:30:36 +02:00
Martin Willi
b9c47eae06
xpc: allow easy copy & pase of ./configure instructions
2013-07-18 12:17:56 +02:00
Martin Willi
7f1adbe94e
xpc: use -idirafter to build against openssl headers from /usr/include
2013-07-18 12:17:56 +02:00
Martin Willi
06e8712cb3
xpc: forward some risen alerts over XPC to App
2013-07-18 12:17:56 +02:00
Martin Willi
e7ee45ef38
xpc: enable close_ike_on_child_failure
2013-07-18 12:17:56 +02:00
Martin Willi
e37c5d46d3
xpc: send a "connecting" event when establishing a connection starts
2013-07-18 12:17:56 +02:00
Martin Willi
3ffa310c44
xpc: use osx-attr plugin to install configuration attributes
2013-07-18 12:17:56 +02:00
Martin Willi
c7ac7f92e9
xpc: update README with new events, markdown style fixes
2013-07-18 12:17:55 +02:00
Martin Willi
4edcc86149
xpc: send child_updown events over XPC channel
2013-07-18 12:17:55 +02:00
Martin Willi
d60c8d2c74
xpc: support termination of IKE_SAs using XPC RPC on connection channel
2013-07-18 12:17:55 +02:00
Martin Willi
790ad9e677
xpc: move XPC RPC reply creation to command dispatching
2013-07-18 12:17:55 +02:00
Martin Willi
a0c125eacb
xpc: terminate daemon when last XPC connection to App gone
2013-07-18 12:17:55 +02:00
Martin Willi
6aae6268d7
xpc: fix some refcounting issues related to XPC connections
2013-07-18 12:17:55 +02:00
Martin Willi
22bffc647d
xpc: no need to clear channel table, they are bound to IKE_SA lifetime
2013-07-18 12:17:55 +02:00
Martin Willi
1a3f71d97a
xpc: add support for logging over XPC channels
2013-07-18 12:17:55 +02:00
Martin Willi
fbc89786b5
xpc: don't warn about pointer signedness mismatch (-Wno-pointer-sign)
2013-07-18 12:17:55 +02:00
Martin Willi
dcf8a3c78b
xpc: add a description of the basic XPC protocol to README
2013-07-18 12:17:55 +02:00
Martin Willi
d5966e71e9
xpc: use the same XPC message "type" mechanism on Mach service as on channels
2013-07-18 12:17:55 +02:00
Martin Willi
39d15dde67
xpc: ask App for passwords using connection specific channel
2013-07-18 12:17:55 +02:00
Martin Willi
8279ce99c4
xpc: use IKE_SA specific XPC return channels for further communication
2013-07-18 12:17:55 +02:00
Martin Willi
bc74e18223
xpc: don't send certificate requests, there are too many when using keychain
2013-07-18 12:17:55 +02:00
Martin Willi
5016370390
xpc: build with support for the keychain plugin
2013-07-18 12:17:55 +02:00
Martin Willi
e73a653451
xpc: add support for initiate simple IKEv2 EAP connections
2013-07-18 12:17:54 +02:00
Martin Willi
3dcc9d7aa7
xpc: move dispatching to dedicated class, using dedicated thread
2013-07-18 12:17:54 +02:00
Martin Willi
4204d1d71a
xpc: use non-inlining variant of vstr, compiler does not like it
2013-07-18 12:17:54 +02:00
Martin Willi
6f8c626b81
xpc: add Xcode project for a charon controlled through XPC
2013-07-18 12:17:54 +02:00
Tobias Brunner
b23bd71466
android: New release after adding support for EAP-TNC
...
Also disabled listening on IPv6 because the Linux kernel currently does
not support UDP encapsulation for IPv6.
2013-07-08 18:51:07 +02:00
Tobias Brunner
7ccf02ee93
android: Properly handle dotted-quad notation of IPv6 addresses
...
For nestat output like ::ffff:127.0.0.1:9876 we shall not treat 127 as
port but 9876 instead.
2013-07-08 18:49:30 +02:00
Tobias Brunner
97f1dfb3ec
android: Allow IMC state to be dismissed with a swipe gesture
2013-07-08 18:49:30 +02:00
Tobias Brunner
a9f94d7efb
android: Use explicit locale when converting settings names
...
Apparently, these functions use the user's default locale which might not
yield the expected result (e.g. lowercase I is not i in the Turkish
locale but ı instead).
2013-07-08 18:49:30 +02:00
Tobias Brunner
e1a98e7956
android: Add information about transmitted data if EAP-TNC is selected
2013-07-08 18:49:30 +02:00
Tobias Brunner
9390499584
android: Reuse certificate selector as generic two line button
2013-07-08 18:49:30 +02:00
Tobias Brunner
671614d229
android: Add device ID in BeginHandshake
2013-07-08 18:49:30 +02:00
Tobias Brunner
8a5bffb0fe
android: Add new VpnType to enable BYOD features
2013-07-08 18:49:30 +02:00
Tobias Brunner
2ecda3421a
android: Use a different set of plugins if BYOD features are enabled
2013-07-08 18:49:29 +02:00
Tobias Brunner
6e872fea7a
android: IMC state fragment is a button that shows remediation instructions or log
2013-07-08 18:49:29 +02:00
Tobias Brunner
254d8679c6
android: Show remediation instructions instead of log on failure
2013-07-08 18:49:29 +02:00
Tobias Brunner
873f389b37
android: Properly hide the IMC state fragment initially
2013-07-08 18:49:29 +02:00
Tobias Brunner
0ef98957a7
android: Add activity that displays a list of remediation instructions
...
On large displays a two-pane layout is used that displays the list next
to the actual instructions.
2013-07-08 18:49:29 +02:00
Tobias Brunner
611d35e8e8
android: Add fragment for a list of remediation instructions
...
This fragment can later be used in one- or two-pane layouts.
2013-07-08 18:49:29 +02:00
Tobias Brunner
b6e05f6518
android: Add adapter for remediation instructions
2013-07-08 18:49:29 +02:00
Tobias Brunner
ea022bb194
android: Add fragment that displays a single remediation instruction
2013-07-08 18:49:29 +02:00
Tobias Brunner
c469cd2a66
android: RemediationInstruction implements Parcelable interface
2013-07-08 18:49:29 +02:00
Tobias Brunner
2b91085701
android: Background for state panels provides separator
2013-07-08 18:49:29 +02:00
Tobias Brunner
e5bf6dcddc
android: Add fragment that displays the IMC state
...
The fragment hides itself if the state is unknown or the assessment
succeeded.
2013-07-08 18:49:29 +02:00
Tobias Brunner
a05acd7629
android: Handle and store IETF remediation instructions
2013-07-08 18:49:28 +02:00
Tobias Brunner
0484989dbd
android: Add a parser for XML remediation instructions
2013-07-08 18:49:28 +02:00
Tobias Brunner
a8dc42b295
android: Show different error message depending on IMC state
2013-07-08 18:49:28 +02:00
Tobias Brunner
5e7a4193e5
android: Clear error only when the user explicitly dismisses the dialog
...
The previous code worked fine on rotation changes as the fragment is
destroyed and recreated causing onCreate to be called, which restores the
saved error state. But if the user switches to a different application
and then back this is not the case. The dialog still gets dismissed (as
we have to do so to avoid nasty exceptions on rotation changes) but since
that implicitly cleared the error state the UI was never fully restored.
2013-07-08 18:49:28 +02:00
Tobias Brunner
dc52cfab73
android: Add state of IMC to VpnStateService and update it via JNI
2013-07-08 18:49:28 +02:00
Tobias Brunner
d087f080f0
android: Handle TCG file measurement related attributes using PTS
2013-07-08 18:49:28 +02:00
Tobias Brunner
fd3aa004e4
android: Android IMC state provides a Platform Trust Service (PTS) instance
2013-07-08 18:49:28 +02:00
Tobias Brunner
0e53beda32
android: Provide a public interface for Android IMC state
2013-07-08 18:49:28 +02:00
Tobias Brunner
403165102c
android: Define IMC functions static and with lower-case names
2013-07-08 18:49:28 +02:00
Tobias Brunner
583fe0ccb6
android: Add measurement collector for ITA Device ID
2013-07-08 18:49:28 +02:00
Tobias Brunner
44330a171f
android: Add measurement collector for ITA Settings
2013-07-08 18:49:27 +02:00
Tobias Brunner
c179a3f6f2
android: Handle ITA PA-TNC attributes
2013-07-08 18:49:27 +02:00
Tobias Brunner
036fa7a166
android: Overload for getMeasurement() that takes a String array as argument
2013-07-08 18:49:27 +02:00
Tobias Brunner
ba59486fc8
android: Add measurement collector for Port Filter
...
This collector reports all listening TCP and UDP sockets/ports.
2013-07-08 18:49:27 +02:00
Tobias Brunner
6500727d6a
android: Enum type for transport protocols added
2013-07-08 18:49:27 +02:00
Tobias Brunner
7cb8f570ed
android: Add measurement collector for Installed Packages
2013-07-08 18:49:27 +02:00
Tobias Brunner
2d61172314
android: Add measurement collector for Product Information
2013-07-08 18:49:27 +02:00
Tobias Brunner
75d710ec63
android: Also support writing of 24-bit values
2013-07-08 18:49:27 +02:00
Tobias Brunner
5c9706f30b
android: Add measurement collector for String Version
2013-07-08 18:49:27 +02:00
Tobias Brunner
4eec7912a1
android: Interfaces for measurement collectors and attributes added
2013-07-08 18:49:27 +02:00
Tobias Brunner
2d378d8a74
android: Add a Java utility class similar to bio_writer_t
2013-07-08 18:49:27 +02:00
Tobias Brunner
28c268d707
android: Add enum types for PENs and attribute types
2013-07-08 18:49:26 +02:00
Tobias Brunner
c53210f9b0
android: Add a generic handler for PA-TNC attribute requests
...
The idea is that the Android IMC will return attributes in their binary
encoding. This keeps the JNI interface to the IMC pretty simple.
2013-07-08 18:49:26 +02:00
Tobias Brunner
aa4ff3b211
android: Added a Java part to the Android IMC
2013-07-08 18:49:26 +02:00
Tobias Brunner
753035f6d7
android: Don't attempt loading IMCs from /etc/tnc_config
2013-07-08 18:49:26 +02:00
Tobias Brunner
a6507df2ec
android: Build libpts and init/deinit libpts in BYOD IMC
2013-07-08 18:49:26 +02:00
Tobias Brunner
96658d7264
android: Added a sample IMC that sends some dummy OS data
2013-07-08 18:49:26 +02:00
Tobias Brunner
933155fae6
android: Build option added to load BYOD related plugins and libraries in the Android app
2013-07-08 18:49:26 +02:00
Tobias Brunner
0015727ebd
android: Disable listening on IPv6
...
As we have to use UDP encapsulation and the Linux kernel currently does
not support that this avoids issues with dual-stack gateways.
2013-07-05 09:48:27 +02:00
Tobias Brunner
607f8e9906
plugin-loader: Add method to print loaded plugins on a given log level
2013-06-21 15:17:53 +02:00
Tobias Brunner
92f102c21b
android: Forward initiator flag to libipsec when adding IPsec SA
2013-06-13 13:55:58 +02:00
Martin Willi
a8c9454423
kernel-interface: add an exchange initiator parameter to add_sa()
...
This new flag gives the kernel-interface a hint how it should priorize the
use of newly installed SAs during rekeying.
Consider the following rekey procedure in IKEv2:
Initiator --- Responder
I1 -------CREATE-------> R1
I2 <------CREATE--------
-------DELETE-------> R2
I3 <------DELETE--------
SAs are always handled as pairs, the following happens at the SA level:
* Initiator starts the exchange at I1
* Responder installs new SA pair at R1
* Initiator installs new SA pair at I2
* Responder removes old SA pair at R2
* Initiator removes old SA pair at I3
This makes sure SAs get installed/removed overlapping during rekeying. However,
to avoid any packet loss, it is crucial that the new outbound SA gets
activated at the correct position:
* as exchange initiator, in I2
* as exchange responder, in R2
This should guarantee that we don't use the new outbound SA before the peer
could install its corresponding inbound SA.
The new parameter allows the kernel backend to install the new SA with
appropriate priorities, i.e. it should:
* as exchange inititator, have the new outbound SA installed with higher
priority than the old SA
* as exchange responder, have the new outbound SA installed with lower
priority than the old SA
While we could split up the SA installation at the responder, this approach
has another advantage: it allows the kernel backend to switch SAs based on
other criteria, for example when receiving traffic on the new inbound SA.
2013-06-11 15:58:48 +02:00
Martin Willi
5c12700f9a
kernel-interface: query SAD for last use time if SPD query didn't yield one
2013-05-06 17:01:13 +02:00
Martin Willi
0be946dce3
Use the GEN silent rule when generating files with sed
2013-05-06 15:04:56 +02:00
Tobias Brunner
55321dcfb6
New Android release after adding AES-GCM, IPv6-in-IPv4 and using kernel-netlink
...
libipsec now supports AES-GCM, IPv6 tunnels over IPv4 are supported,
native x86 libraries are built (requires a new Vstr build script).
Also, the existing kernel-netlink plugin now provides the kernel-net
implementation, which should be more stable in case multiple interfaces
are up and have IP addresses installed on them.
2013-05-03 16:02:39 +02:00
Tobias Brunner
740aedfec1
android: Use stronger ESP proposal including AES-GCM
2013-05-03 16:02:39 +02:00
Tobias Brunner
61fb3267b2
android: Remove unused methods on NetworkManager/network_manager_t
2013-05-03 15:11:20 +02:00
Tobias Brunner
70dfac4459
android: Ignore interface 'lo'
...
Android adds a default route via 'lo' if no connectivity is available
causing charon to send packets via lo and triggering DPD.
2013-05-03 15:11:20 +02:00
Tobias Brunner
18dab76bfa
android: Repurpose android-net to simply handle connectivity events
...
Using the events by NetworkManager/ConnectivityManager to trigger roam events
instead of the events generated by the kernel-netlink plugin the noise level
is much lower.
2013-05-03 15:11:20 +02:00
Tobias Brunner
3b7f25906e
android: Replace android-net plugin with kernel-netlink
...
Virtual IPs are not handled by the kernel-netlink plugin and tun devices are
ignored.
2013-05-03 15:11:19 +02:00
Tobias Brunner
67332b4e22
android: Set strongswan.conf options before initializing other libraries
2013-05-03 15:11:19 +02:00
Tobias Brunner
24b5e71522
android: No need to disable CMS explicitly
...
The version check introduced with 0d237763
should take care of it.
2013-03-20 17:02:37 +01:00
Tobias Brunner
29d93e2470
android: Build native libraries also for x86
...
Requires an updated build script for Vstr.
2013-03-20 15:24:27 +01:00
Tobias Brunner
e5d819b617
android: Remove/filter header files from LOCAL_SRC_FILES
...
This avoids huge warnings when building the native code.
2013-03-20 15:24:26 +01:00
Tobias Brunner
8249f288f2
android: Request and install an IPv6 DNS server
2013-03-20 15:24:26 +01:00
Tobias Brunner
ee66565d43
android: Also request a virtual IPv6 address and propose IPv6 TS
...
This allows IPv6 over IPv4 but falls back nicely if we don't get a
virtual IPv6 (or IPv4) address.
2013-03-20 15:24:26 +01:00
Martin Willi
7eeeb1c702
kernel_ipsec_t.query_sa() additionally returns the number of processed packets
2013-03-14 14:20:54 +01:00
Tobias Brunner
d6da0a367a
New Android release after adding translations and Cert/EAP authentication
...
Also fixed a race condition during reauthentication and a freeze that
might happen while disconnecting.
2013-03-07 14:14:34 +01:00
Tobias Brunner
76de964617
android: Add support for combined certificate and EAP authentication
...
This uses RFC 4739 multiple authentication rounds to first
authenticate the client with a certificate followed by an
EAP authentication round with username and password.
2013-03-07 14:14:34 +01:00
Tobias Brunner
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
Tobias Brunner
e88b529a30
android: Mitigate race condition on reauthentication
...
If the TUN device gets recreated while another thread in handle_plain()
has not yet called select(2) but already stored the file descriptor of the
old TUN device in its FD set, select() will fail with EBADF.
Fixes #301 .
2013-03-01 17:06:01 +01:00
Martin Willi
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
Tobias Brunner
30abe1fd19
android: Properly escape apostrophes in Ukrainian translation
2013-01-14 17:23:52 +01:00
Tobias Brunner
b9cda4f3e1
android: Implement kernel_net_t.get_interface via JNI
...
This is now required to properly accept/install a virtual IP address.
Fixes #275 .
2013-01-14 17:22:56 +01:00
Tobias Brunner
53ce5c4c91
android: Moved chunk_from_byte_array and byte_array_from_chunk helper functions
2013-01-14 17:19:58 +01:00
Tobias Brunner
ecff0e5685
android: Set OPENSSL_NO_CMS in Android.mk as it is not set in opensslconf.h on Android
2013-01-14 17:16:18 +01:00
Tobias Brunner
21235e1ec2
Merge branch 'ikev1-fragmentation'
...
This adds support for the proprietary IKEv1 fragmentation extension.
Conflicts:
NEWS
2013-01-12 11:58:26 +01:00
Tobias Brunner
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
Pavel Kopchyk
3365bddccf
Fixed some typos in Ukrainian translation
2013-01-09 05:30:55 +01:00
Tobias Brunner
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
Dmitry Korzhevin
a0117b9122
Added Russian and Ukrainian strings for Android client
2012-12-24 12:06:12 +01:00
Martin Willi
b185cdd16d
Install virtual IPs via interface name, and use an interface lookup where required
2012-11-29 10:22:51 +01:00
Martin Willi
50bd755871
Add an optional kernel-interface parameter to install IPs with a custom prefix
2012-11-29 10:22:51 +01:00
Tobias Brunner
2cb9a014df
New Android release after adding shortcuts and confirmation dialog
...
Also fixed some Android 4.2 specific issues.
2012-11-21 19:07:52 +01:00
Tobias Brunner
df3e34fe86
android: Don't allow any backup for now
2012-11-21 19:05:18 +01:00
Tobias Brunner
37d42a76d3
android: Properly handle exceptions when loading keys/certificates
2012-11-21 18:57:41 +01:00
Tobias Brunner
73d0fb0a66
android: Use the same tag string for all dialogs in MainActivity
2012-11-21 18:57:41 +01:00
Tobias Brunner
8c0b32d892
android: Hide previous dialogs when handling a new connection attempt
2012-11-21 18:57:41 +01:00
Tobias Brunner
50b048983c
android: Show confirmation dialog when starting a profile while already connected
2012-11-21 18:57:41 +01:00
Tobias Brunner
ac3c6ff479
android: Add the ability to create shortcuts to specific VPN profiles
2012-11-21 18:57:41 +01:00
Tobias Brunner
127d83bb21
android: Start a specific VPN profile based on special Intents
2012-11-21 18:57:40 +01:00
Tobias Brunner
7241102ace
android: Attribute added to display the list of VPN profiles in read-only mode
2012-11-21 18:57:40 +01:00
Tobias Brunner
2e50a8e751
android: Show an error if VPN fails due to lock down mode in Android 4.2
2012-11-19 11:43:32 +01:00
Tobias Brunner
be2e7ecc2f
android: Add error message as argument to "VPN not supported" dialog
2012-11-19 11:43:32 +01:00
Tobias Brunner
0c3b8028e7
android: Content providers are not exported by default in Android 4.2
2012-11-19 11:43:32 +01:00
Tobias Brunner
48e45153f5
android: Set target SDK to 17 (Android 4.2)
2012-11-19 11:43:31 +01:00
Tobias Brunner
277ff80a2e
android: Private key bug has been fixed with Android 4.2
2012-11-19 11:43:31 +01:00
Tobias Brunner
acb300f920
android: Use proper intent-filter for our VpnService
2012-11-02 15:55:08 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Martin Willi
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
Martin Willi
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
Tobias Brunner
23ca39010e
android: Enable ECC in the app as our custom built libcrypto supports it
2012-10-23 18:13:58 +02:00
Tobias Brunner
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
Tobias Brunner
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
Tobias Brunner
c30573467b
New Android release after adding MOBIKE support
2012-10-18 14:03:38 +02:00
Tobias Brunner
eecd41e349
Use a helper function to add milliseconds to timeval structs
2012-10-18 12:25:59 +02:00
Tobias Brunner
2b6088c718
android: Ignore if peer is unreachable when reestablishing an SA
2012-10-18 12:25:59 +02:00
Tobias Brunner
901f6ac403
android: Use a shorter timeout for retransmits
2012-10-18 10:57:55 +02:00
Tobias Brunner
8658e87b35
android: Use keyingtries=%forever and dpd|closeaction=restart
...
We also ignore the CHILD_SA_DOWN event.
This should allow us to keep the connection up as long as the user does
not manually disconnect.
2012-10-18 10:57:55 +02:00
Tobias Brunner
272ce5b580
android: Handle unreachable peers via alert
2012-10-16 14:16:17 +02:00
Tobias Brunner
b00806cf85
android: Use 0.0.0.0/0 as local traffic selector
...
This is helpful if the responder also wants to tunnel e.g. multicast
packages.
2012-10-16 14:16:17 +02:00
Tobias Brunner
45885ca613
android: Bypass/protect previously bypassed sockets if connectivity changes
2012-10-16 14:16:17 +02:00
Tobias Brunner
9167ca8b2b
android: Support for IPsec SA update added
2012-10-16 14:16:17 +02:00
Tobias Brunner
5b88d80f22
android: Trigger roam events in case connectivity changes
2012-10-16 14:16:17 +02:00
Tobias Brunner
ef3d1a1ba9
android: Register NetworkManager as BroadcastReceiver and relay events via JNI
2012-10-16 14:16:17 +02:00
Tobias Brunner
38bbca587f
android: Determine source address dynamically
2012-10-16 14:16:17 +02:00
Tobias Brunner
8f092a2221
android: Added NetworkManager class which allows to retrieve a local IP address
2012-10-16 14:16:17 +02:00
Tobias Brunner
b0e0932538
android: Increase compile warnings
2012-10-16 14:16:16 +02:00
Tobias Brunner
c3bce1aa3d
android: Fixed "Configure" button in Android VPN dialog
2012-10-16 14:16:16 +02:00
Tobias Brunner
e3d98f2c4c
android: Don't use the default ESP proposal as it includes unsupported algorithms
2012-10-16 14:16:16 +02:00
Tobias Brunner
012d7382b0
New Android release after fixing private key issues on Jelly Bean
2012-09-24 17:16:29 +02:00
Tobias Brunner
94106ddc85
android: Leak the private key reference on Jelly Bean to avoid a bug in the framework
...
A bug in the framework on Android Jelly Bean causes a SIGSEGV when the private
key object returned from KeyChain.getPrivateKey is garbage collected.
Leaking the global reference to that object prevents the garbage
collection and thereby the crash.
2012-09-24 17:16:29 +02:00
Tobias Brunner
dfefa2f6dc
android: Added a global variable to check the current SDK version
2012-09-24 17:12:18 +02:00
Tobias Brunner
64595464b2
android: Load the private key and certificates separately in android_creds_t
2012-09-24 17:12:18 +02:00
Tobias Brunner
406d680e45
android: Added a method to get the user's private key via JNI
2012-09-24 17:12:18 +02:00
Tobias Brunner
c35d468fb1
android: Added a JNI backed private key implementation
...
This is required because private keys are provided by an OpenSSL engine
in Jelly Bean, which makes them inaccessible directly via getEncoding.
2012-09-24 17:12:18 +02:00
Tobias Brunner
4157a40b45
New Android release after fixing IDr problems
2012-09-18 15:29:29 +02:00
Tobias Brunner
e596d0ef1e
android: Use AUTH_RULE_IDENTITY_LOOSE
2012-09-18 11:21:49 +02:00
Tobias Brunner
cf1ec85207
New Android release after fixing Unicode conversion bug
2012-09-17 10:55:10 +02:00
Tobias Brunner
b7c54cf226
android: Fix conversion of actual Unicode strings (i.e. bytes!=chars)
2012-09-17 10:30:39 +02:00
Tobias Brunner
ccba4f1533
android: New release after adding certificate authentication and reauth fix
2012-09-06 14:54:37 +02:00
Tobias Brunner
d7d2a5ec38
android: Properly handle reauthentication initiated by the client
2012-09-06 11:27:07 +02:00
Tobias Brunner
0326ceda64
android: Create a new VpnService.Builder after VPN has been established
2012-09-06 11:25:24 +02:00
Tobias Brunner
d1604d0551
Merge branch 'android-client-cert'
...
Introduces IKEv2 client certificate authentication for the Android App.
2012-09-04 13:58:49 +02:00
Tobias Brunner
c89cc22692
android: Native parts handle ikev2-cert VPN type
2012-08-31 18:24:46 +02:00
Tobias Brunner
094a059bcf
android: android_creds_t can provide a user's private key and certificate
2012-08-31 18:24:46 +02:00
Tobias Brunner
3aba33868b
android: Added JNI method to retrieve user certificate and private key
...
To simplify things the private key, the user certificate and the CA
certificates are all put into the same list.
2012-08-31 18:24:46 +02:00
Tobias Brunner
38e866c3dd
android: Don't show the password dialog if not required
2012-08-31 18:24:46 +02:00
Tobias Brunner
69f731a9d8
android: Enable pkcs8 plugin
2012-08-31 18:24:46 +02:00
Tobias Brunner
5eb7ad3a38
android: Pass the type of VPN to the native parts
2012-08-31 18:24:46 +02:00
Tobias Brunner
655362464e
android: Make sure NULL jstrings are converted properly
2012-08-31 18:24:45 +02:00
Tobias Brunner
6de38fe88a
android: Display the selected certificate alias in the profile list
2012-08-31 18:24:45 +02:00
Tobias Brunner
f46da851ab
android: Allow configuration of a user certificate
2012-08-31 18:24:43 +02:00
Tobias Brunner
3f9e90f618
android: Remove NOT NULL constraint from username column
2012-08-31 18:24:23 +02:00
Tobias Brunner
d0f6481eb0
android: Separate view added to select certificates
2012-08-31 18:24:23 +02:00
Tobias Brunner
7fedacb2e7
android: Don't try to load the profile with ID 0
2012-08-31 18:24:22 +02:00
Tobias Brunner
825c192d4f
android: Spinner added to select the VPN type
2012-08-31 18:24:19 +02:00
Martin Willi
1323dc1138
Merge branch 'multi-vip'
...
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
2012-08-31 12:55:56 +02:00
Martin Willi
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00
Martin Willi
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
Martin Willi
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
Tobias Brunner
48f51d9454
android: Field added to store the type of a VPN profile
2012-08-27 15:36:36 +02:00
Tobias Brunner
1f6f501978
android: Enum added for VPN types
2012-08-27 15:33:58 +02:00
Tobias Brunner
8a9956762c
android: Simplified handling of error dialog that is displayed if VpnService API is not supported
2012-08-27 10:48:13 +02:00
Tobias Brunner
aa55040192
android: LoginDialog refactored so it also works when the device is rotated
2012-08-27 10:48:13 +02:00
Tobias Brunner
e09f4120d4
android: Added a field to store selected user certificate
2012-08-27 10:48:13 +02:00
Andreas Steffen
8528f841de
Ewa did the new Polish translation
2012-08-24 16:59:47 +02:00
Tobias Brunner
ef73bb52b1
Without the ties to PAM we can build eap-gtc on Android
2012-08-17 14:24:48 +02:00
Tobias Brunner
f0b8d8c2c4
New Android release after adding error dialog
...
Skipped one version due to a rebasing mishap.
2012-08-15 11:23:06 +02:00
Tobias Brunner
8df118f733
Show an error message if VPN is not supported
...
Some devices have Android 4 installed but the system images still seem to
lack the components that are required for VPN support. One such
component is the dialog used to grant permission to create .
2012-08-15 11:19:43 +02:00