873f389b37
android: Properly hide the IMC state fragment initially
2013-07-08 18:49:29 +02:00
0ef98957a7
android: Add activity that displays a list of remediation instructions
...
On large displays a two-pane layout is used that displays the list next
to the actual instructions.
2013-07-08 18:49:29 +02:00
611d35e8e8
android: Add fragment for a list of remediation instructions
...
This fragment can later be used in one- or two-pane layouts.
2013-07-08 18:49:29 +02:00
b6e05f6518
android: Add adapter for remediation instructions
2013-07-08 18:49:29 +02:00
ea022bb194
android: Add fragment that displays a single remediation instruction
2013-07-08 18:49:29 +02:00
c469cd2a66
android: RemediationInstruction implements Parcelable interface
2013-07-08 18:49:29 +02:00
2b91085701
android: Background for state panels provides separator
2013-07-08 18:49:29 +02:00
e5bf6dcddc
android: Add fragment that displays the IMC state
...
The fragment hides itself if the state is unknown or the assessment
succeeded.
2013-07-08 18:49:29 +02:00
a05acd7629
android: Handle and store IETF remediation instructions
2013-07-08 18:49:28 +02:00
0484989dbd
android: Add a parser for XML remediation instructions
2013-07-08 18:49:28 +02:00
a8dc42b295
android: Show different error message depending on IMC state
2013-07-08 18:49:28 +02:00
5e7a4193e5
android: Clear error only when the user explicitly dismisses the dialog
...
The previous code worked fine on rotation changes as the fragment is
destroyed and recreated causing onCreate to be called, which restores the
saved error state. But if the user switches to a different application
and then back this is not the case. The dialog still gets dismissed (as
we have to do so to avoid nasty exceptions on rotation changes) but since
that implicitly cleared the error state the UI was never fully restored.
2013-07-08 18:49:28 +02:00
dc52cfab73
android: Add state of IMC to VpnStateService and update it via JNI
2013-07-08 18:49:28 +02:00
d087f080f0
android: Handle TCG file measurement related attributes using PTS
2013-07-08 18:49:28 +02:00
fd3aa004e4
android: Android IMC state provides a Platform Trust Service (PTS) instance
2013-07-08 18:49:28 +02:00
0e53beda32
android: Provide a public interface for Android IMC state
2013-07-08 18:49:28 +02:00
403165102c
android: Define IMC functions static and with lower-case names
2013-07-08 18:49:28 +02:00
583fe0ccb6
android: Add measurement collector for ITA Device ID
2013-07-08 18:49:28 +02:00
44330a171f
android: Add measurement collector for ITA Settings
2013-07-08 18:49:27 +02:00
c179a3f6f2
android: Handle ITA PA-TNC attributes
2013-07-08 18:49:27 +02:00
036fa7a166
android: Overload for getMeasurement() that takes a String array as argument
2013-07-08 18:49:27 +02:00
ba59486fc8
android: Add measurement collector for Port Filter
...
This collector reports all listening TCP and UDP sockets/ports.
2013-07-08 18:49:27 +02:00
6500727d6a
android: Enum type for transport protocols added
2013-07-08 18:49:27 +02:00
7cb8f570ed
android: Add measurement collector for Installed Packages
2013-07-08 18:49:27 +02:00
2d61172314
android: Add measurement collector for Product Information
2013-07-08 18:49:27 +02:00
75d710ec63
android: Also support writing of 24-bit values
2013-07-08 18:49:27 +02:00
5c9706f30b
android: Add measurement collector for String Version
2013-07-08 18:49:27 +02:00
4eec7912a1
android: Interfaces for measurement collectors and attributes added
2013-07-08 18:49:27 +02:00
2d378d8a74
android: Add a Java utility class similar to bio_writer_t
2013-07-08 18:49:27 +02:00
28c268d707
android: Add enum types for PENs and attribute types
2013-07-08 18:49:26 +02:00
c53210f9b0
android: Add a generic handler for PA-TNC attribute requests
...
The idea is that the Android IMC will return attributes in their binary
encoding. This keeps the JNI interface to the IMC pretty simple.
2013-07-08 18:49:26 +02:00
aa4ff3b211
android: Added a Java part to the Android IMC
2013-07-08 18:49:26 +02:00
753035f6d7
android: Don't attempt loading IMCs from /etc/tnc_config
2013-07-08 18:49:26 +02:00
a6507df2ec
android: Build libpts and init/deinit libpts in BYOD IMC
2013-07-08 18:49:26 +02:00
96658d7264
android: Added a sample IMC that sends some dummy OS data
2013-07-08 18:49:26 +02:00
933155fae6
android: Build option added to load BYOD related plugins and libraries in the Android app
2013-07-08 18:49:26 +02:00
0015727ebd
android: Disable listening on IPv6
...
As we have to use UDP encapsulation and the Linux kernel currently does
not support that this avoids issues with dual-stack gateways.
2013-07-05 09:48:27 +02:00
607f8e9906
plugin-loader: Add method to print loaded plugins on a given log level
2013-06-21 15:17:53 +02:00
92f102c21b
android: Forward initiator flag to libipsec when adding IPsec SA
2013-06-13 13:55:58 +02:00
a8c9454423
kernel-interface: add an exchange initiator parameter to add_sa()
...
This new flag gives the kernel-interface a hint how it should priorize the
use of newly installed SAs during rekeying.
Consider the following rekey procedure in IKEv2:
Initiator --- Responder
I1 -------CREATE-------> R1
I2 <------CREATE--------
-------DELETE-------> R2
I3 <------DELETE--------
SAs are always handled as pairs, the following happens at the SA level:
* Initiator starts the exchange at I1
* Responder installs new SA pair at R1
* Initiator installs new SA pair at I2
* Responder removes old SA pair at R2
* Initiator removes old SA pair at I3
This makes sure SAs get installed/removed overlapping during rekeying. However,
to avoid any packet loss, it is crucial that the new outbound SA gets
activated at the correct position:
* as exchange initiator, in I2
* as exchange responder, in R2
This should guarantee that we don't use the new outbound SA before the peer
could install its corresponding inbound SA.
The new parameter allows the kernel backend to install the new SA with
appropriate priorities, i.e. it should:
* as exchange inititator, have the new outbound SA installed with higher
priority than the old SA
* as exchange responder, have the new outbound SA installed with lower
priority than the old SA
While we could split up the SA installation at the responder, this approach
has another advantage: it allows the kernel backend to switch SAs based on
other criteria, for example when receiving traffic on the new inbound SA.
2013-06-11 15:58:48 +02:00
5c12700f9a
kernel-interface: query SAD for last use time if SPD query didn't yield one
2013-05-06 17:01:13 +02:00
0be946dce3
Use the GEN silent rule when generating files with sed
2013-05-06 15:04:56 +02:00
55321dcfb6
New Android release after adding AES-GCM, IPv6-in-IPv4 and using kernel-netlink
...
libipsec now supports AES-GCM, IPv6 tunnels over IPv4 are supported,
native x86 libraries are built (requires a new Vstr build script).
Also, the existing kernel-netlink plugin now provides the kernel-net
implementation, which should be more stable in case multiple interfaces
are up and have IP addresses installed on them.
2013-05-03 16:02:39 +02:00
740aedfec1
android: Use stronger ESP proposal including AES-GCM
2013-05-03 16:02:39 +02:00
61fb3267b2
android: Remove unused methods on NetworkManager/network_manager_t
2013-05-03 15:11:20 +02:00
70dfac4459
android: Ignore interface 'lo'
...
Android adds a default route via 'lo' if no connectivity is available
causing charon to send packets via lo and triggering DPD.
2013-05-03 15:11:20 +02:00
18dab76bfa
android: Repurpose android-net to simply handle connectivity events
...
Using the events by NetworkManager/ConnectivityManager to trigger roam events
instead of the events generated by the kernel-netlink plugin the noise level
is much lower.
2013-05-03 15:11:20 +02:00
3b7f25906e
android: Replace android-net plugin with kernel-netlink
...
Virtual IPs are not handled by the kernel-netlink plugin and tun devices are
ignored.
2013-05-03 15:11:19 +02:00
67332b4e22
android: Set strongswan.conf options before initializing other libraries
2013-05-03 15:11:19 +02:00
24b5e71522
android: No need to disable CMS explicitly
...
The version check introduced with 0d237763
2013-03-20 17:02:37 +01:00
29d93e2470
android: Build native libraries also for x86
...
Requires an updated build script for Vstr.
2013-03-20 15:24:27 +01:00
e5d819b617
android: Remove/filter header files from LOCAL_SRC_FILES
...
This avoids huge warnings when building the native code.
2013-03-20 15:24:26 +01:00
8249f288f2
android: Request and install an IPv6 DNS server
2013-03-20 15:24:26 +01:00
ee66565d43
android: Also request a virtual IPv6 address and propose IPv6 TS
...
This allows IPv6 over IPv4 but falls back nicely if we don't get a
virtual IPv6 (or IPv4) address.
2013-03-20 15:24:26 +01:00
7eeeb1c702
kernel_ipsec_t.query_sa() additionally returns the number of processed packets
2013-03-14 14:20:54 +01:00
d6da0a367a
New Android release after adding translations and Cert/EAP authentication
...
Also fixed a race condition during reauthentication and a freeze that
might happen while disconnecting.
2013-03-07 14:14:34 +01:00
76de964617
android: Add support for combined certificate and EAP authentication
...
This uses RFC 4739 multiple authentication rounds to first
authenticate the client with a certificate followed by an
EAP authentication round with username and password.
2013-03-07 14:14:34 +01:00
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
e88b529a30
android: Mitigate race condition on reauthentication
...
If the TUN device gets recreated while another thread in handle_plain()
has not yet called select(2) but already stored the file descriptor of the
old TUN device in its FD set, select() will fail with EBADF.
Fixes #301 .
2013-03-01 17:06:01 +01:00
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
30abe1fd19
android: Properly escape apostrophes in Ukrainian translation
2013-01-14 17:23:52 +01:00
b9cda4f3e1
android: Implement kernel_net_t.get_interface via JNI
...
This is now required to properly accept/install a virtual IP address.
Fixes #275 .
2013-01-14 17:22:56 +01:00
53ce5c4c91
android: Moved chunk_from_byte_array and byte_array_from_chunk helper functions
2013-01-14 17:19:58 +01:00
ecff0e5685
android: Set OPENSSL_NO_CMS in Android.mk as it is not set in opensslconf.h on Android
2013-01-14 17:16:18 +01:00
21235e1ec2
Merge branch 'ikev1-fragmentation'
...
This adds support for the proprietary IKEv1 fragmentation extension.
Conflicts:
NEWS
2013-01-12 11:58:26 +01:00
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
3365bddccf
Fixed some typos in Ukrainian translation
2013-01-09 05:30:55 +01:00
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
a0117b9122
Added Russian and Ukrainian strings for Android client
2012-12-24 12:06:12 +01:00
b185cdd16d
Install virtual IPs via interface name, and use an interface lookup where required
2012-11-29 10:22:51 +01:00
50bd755871
Add an optional kernel-interface parameter to install IPs with a custom prefix
2012-11-29 10:22:51 +01:00
2cb9a014df
New Android release after adding shortcuts and confirmation dialog
...
Also fixed some Android 4.2 specific issues.
2012-11-21 19:07:52 +01:00
df3e34fe86
android: Don't allow any backup for now
2012-11-21 19:05:18 +01:00
37d42a76d3
android: Properly handle exceptions when loading keys/certificates
2012-11-21 18:57:41 +01:00
73d0fb0a66
android: Use the same tag string for all dialogs in MainActivity
2012-11-21 18:57:41 +01:00
8c0b32d892
android: Hide previous dialogs when handling a new connection attempt
2012-11-21 18:57:41 +01:00
50b048983c
android: Show confirmation dialog when starting a profile while already connected
2012-11-21 18:57:41 +01:00
ac3c6ff479
android: Add the ability to create shortcuts to specific VPN profiles
2012-11-21 18:57:41 +01:00
127d83bb21
android: Start a specific VPN profile based on special Intents
2012-11-21 18:57:40 +01:00
7241102ace
android: Attribute added to display the list of VPN profiles in read-only mode
2012-11-21 18:57:40 +01:00
2e50a8e751
android: Show an error if VPN fails due to lock down mode in Android 4.2
2012-11-19 11:43:32 +01:00
be2e7ecc2f
android: Add error message as argument to "VPN not supported" dialog
2012-11-19 11:43:32 +01:00
0c3b8028e7
android: Content providers are not exported by default in Android 4.2
2012-11-19 11:43:32 +01:00
48e45153f5
android: Set target SDK to 17 (Android 4.2)
2012-11-19 11:43:31 +01:00
277ff80a2e
android: Private key bug has been fixed with Android 4.2
2012-11-19 11:43:31 +01:00
acb300f920
android: Use proper intent-filter for our VpnService
2012-11-02 15:55:08 +01:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
23ca39010e
android: Enable ECC in the app as our custom built libcrypto supports it
2012-10-23 18:13:58 +02:00
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
c30573467b
New Android release after adding MOBIKE support
2012-10-18 14:03:38 +02:00
eecd41e349
Use a helper function to add milliseconds to timeval structs
2012-10-18 12:25:59 +02:00
2b6088c718
android: Ignore if peer is unreachable when reestablishing an SA
2012-10-18 12:25:59 +02:00
901f6ac403
android: Use a shorter timeout for retransmits
2012-10-18 10:57:55 +02:00
8658e87b35
android: Use keyingtries=%forever and dpd|closeaction=restart
...
We also ignore the CHILD_SA_DOWN event.
This should allow us to keep the connection up as long as the user does
not manually disconnect.
2012-10-18 10:57:55 +02:00
272ce5b580
android: Handle unreachable peers via alert
2012-10-16 14:16:17 +02:00
b00806cf85
android: Use 0.0.0.0/0 as local traffic selector
...
This is helpful if the responder also wants to tunnel e.g. multicast
packages.
2012-10-16 14:16:17 +02:00
45885ca613
android: Bypass/protect previously bypassed sockets if connectivity changes
2012-10-16 14:16:17 +02:00
9167ca8b2b
android: Support for IPsec SA update added
2012-10-16 14:16:17 +02:00
5b88d80f22
android: Trigger roam events in case connectivity changes
2012-10-16 14:16:17 +02:00
ef3d1a1ba9
android: Register NetworkManager as BroadcastReceiver and relay events via JNI
2012-10-16 14:16:17 +02:00
38bbca587f
android: Determine source address dynamically
2012-10-16 14:16:17 +02:00
8f092a2221
android: Added NetworkManager class which allows to retrieve a local IP address
2012-10-16 14:16:17 +02:00
b0e0932538
android: Increase compile warnings
2012-10-16 14:16:16 +02:00
c3bce1aa3d
android: Fixed "Configure" button in Android VPN dialog
2012-10-16 14:16:16 +02:00
e3d98f2c4c
android: Don't use the default ESP proposal as it includes unsupported algorithms
2012-10-16 14:16:16 +02:00
012d7382b0
New Android release after fixing private key issues on Jelly Bean
2012-09-24 17:16:29 +02:00
94106ddc85
android: Leak the private key reference on Jelly Bean to avoid a bug in the framework
...
A bug in the framework on Android Jelly Bean causes a SIGSEGV when the private
key object returned from KeyChain.getPrivateKey is garbage collected.
Leaking the global reference to that object prevents the garbage
collection and thereby the crash.
2012-09-24 17:16:29 +02:00
dfefa2f6dc
android: Added a global variable to check the current SDK version
2012-09-24 17:12:18 +02:00
64595464b2
android: Load the private key and certificates separately in android_creds_t
2012-09-24 17:12:18 +02:00
406d680e45
android: Added a method to get the user's private key via JNI
2012-09-24 17:12:18 +02:00
c35d468fb1
android: Added a JNI backed private key implementation
...
This is required because private keys are provided by an OpenSSL engine
in Jelly Bean, which makes them inaccessible directly via getEncoding.
2012-09-24 17:12:18 +02:00
4157a40b45
New Android release after fixing IDr problems
2012-09-18 15:29:29 +02:00
e596d0ef1e
android: Use AUTH_RULE_IDENTITY_LOOSE
2012-09-18 11:21:49 +02:00
cf1ec85207
New Android release after fixing Unicode conversion bug
2012-09-17 10:55:10 +02:00
b7c54cf226
android: Fix conversion of actual Unicode strings (i.e. bytes!=chars)
2012-09-17 10:30:39 +02:00
ccba4f1533
android: New release after adding certificate authentication and reauth fix
2012-09-06 14:54:37 +02:00
d7d2a5ec38
android: Properly handle reauthentication initiated by the client
2012-09-06 11:27:07 +02:00
0326ceda64
android: Create a new VpnService.Builder after VPN has been established
2012-09-06 11:25:24 +02:00
d1604d0551
Merge branch 'android-client-cert'
...
Introduces IKEv2 client certificate authentication for the Android App.
2012-09-04 13:58:49 +02:00
c89cc22692
android: Native parts handle ikev2-cert VPN type
2012-08-31 18:24:46 +02:00
094a059bcf
android: android_creds_t can provide a user's private key and certificate
2012-08-31 18:24:46 +02:00
3aba33868b
android: Added JNI method to retrieve user certificate and private key
...
To simplify things the private key, the user certificate and the CA
certificates are all put into the same list.
2012-08-31 18:24:46 +02:00
38e866c3dd
android: Don't show the password dialog if not required
2012-08-31 18:24:46 +02:00
69f731a9d8
android: Enable pkcs8 plugin
2012-08-31 18:24:46 +02:00
5eb7ad3a38
android: Pass the type of VPN to the native parts
2012-08-31 18:24:46 +02:00
655362464e
android: Make sure NULL jstrings are converted properly
2012-08-31 18:24:45 +02:00
6de38fe88a
android: Display the selected certificate alias in the profile list
2012-08-31 18:24:45 +02:00
f46da851ab
android: Allow configuration of a user certificate
2012-08-31 18:24:43 +02:00
3f9e90f618
android: Remove NOT NULL constraint from username column
2012-08-31 18:24:23 +02:00
d0f6481eb0
android: Separate view added to select certificates
2012-08-31 18:24:23 +02:00
7fedacb2e7
android: Don't try to load the profile with ID 0
2012-08-31 18:24:22 +02:00
825c192d4f
android: Spinner added to select the VPN type
2012-08-31 18:24:19 +02:00
1323dc1138
Merge branch 'multi-vip'
...
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
2012-08-31 12:55:56 +02:00
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
48f51d9454
android: Field added to store the type of a VPN profile
2012-08-27 15:36:36 +02:00
1f6f501978
android: Enum added for VPN types
2012-08-27 15:33:58 +02:00
8a9956762c
android: Simplified handling of error dialog that is displayed if VpnService API is not supported
2012-08-27 10:48:13 +02:00
aa55040192
android: LoginDialog refactored so it also works when the device is rotated
2012-08-27 10:48:13 +02:00
e09f4120d4
android: Added a field to store selected user certificate
2012-08-27 10:48:13 +02:00
8528f841de
Ewa did the new Polish translation
2012-08-24 16:59:47 +02:00
ef73bb52b1
Without the ties to PAM we can build eap-gtc on Android
2012-08-17 14:24:48 +02:00
f0b8d8c2c4
New Android release after adding error dialog
...
Skipped one version due to a rebasing mishap.
2012-08-15 11:23:06 +02:00
8df118f733
Show an error message if VPN is not supported
...
Some devices have Android 4 installed but the system images still seem to
lack the components that are required for VPN support. One such
component is the dialog used to grant permission to create .
2012-08-15 11:19:43 +02:00
c8d0c3b03d
Enable search for certificate lists (via SearchView in ActionBar)
2012-08-14 12:01:41 +02:00
4db2d6336e
Added new UI to select a specific CA certificate
...
With this change there is no need to wait for all certificates being loaded
anymore (this happens only when the user opens the selection activity).
2012-08-14 12:01:41 +02:00
cb431e12da
Don't try to save profile ID if there is none
2012-08-14 12:01:41 +02:00
7546735fec
List fragment for trusted certificates can notify listeners about clicks
2012-08-14 12:01:41 +02:00
b0b0eac6eb
Added an activity that shows lists of CA certificates in two tabs
2012-08-14 12:01:41 +02:00
caf85c872f
Added a ListFragment that lists trusted certificates (loaded via a custom Loader)
2012-08-14 12:01:41 +02:00
db8bea8311
Changed TrustedCertificateAdapter for use with ListViews and TrustedCertificateEntry
2012-08-14 12:01:41 +02:00
af46e950b1
Remove certificate spinner from edit view
2012-08-14 12:01:41 +02:00
f075536ebe
Function to get only system-wide CA certificates added to TrustedCertificateManager
2012-08-14 12:01:40 +02:00
2dc8998419
Added class to store trusted certificate entries for lists
2012-08-14 12:01:40 +02:00
1fcaa71291
Added a button to the error dialog that allows to view the log file
2012-08-13 11:28:08 +02:00
fbacc6506c
Use major.minor.revision version numbers for Android application
2012-08-13 11:28:08 +02:00
064f4f75c0
Only allow access to log file via explicitly created URIs
...
Since ContentProviders are public and permissions don't seem to work any
other application could access the log file. With this token system
only URIs we explicitly created can be accessed.
2012-08-13 11:27:55 +02:00
6c54c10838
Menu option added that allows users to send the log file
2012-08-13 11:22:21 +02:00
c3afe9d35b
Add ContentProvider to access log file from other applications
2012-08-13 11:22:21 +02:00
ae10e8c458
Watch for changes to the log file so we can reopen it
...
If the log fragment is shown while the daemon starts (which is not the
case at the moment, but maybe later on tablets) the file reader would not
notice that the file got truncated. The same applies if the file is deleted
directly on the file system e.g. with adb shell.
2012-08-13 11:22:21 +02:00
bad119c55a
Add an Activity that shows the log fragment
2012-08-13 11:22:20 +02:00
f9a162a235
Add a fragment that can display charon's log file
...
It continuously reads from the log file in a separate thread while displayed.
2012-08-13 11:22:20 +02:00
658ed96fce
Added special ScrollView with auto-scrolling feature
...
The ability to auto-scroll is disabled as soon as the user manually
scrolls around and re-enable when the user scrolls to the bottom.
2012-08-13 11:22:20 +02:00
fe05f1f05c
Charon logs to a file in the App's data directory
2012-08-13 11:22:20 +02:00
4308ce1cf7
Moved Java to C string conversion function to android_jni header file
2012-08-13 11:22:20 +02:00
6db742e7e5
Log charon version and uname() output, split libcharon and charon initialization
2012-08-13 11:22:20 +02:00
a7c8b166a1
Only call disconnect() from CharonVpnService if we are not already disconnecting
2012-08-13 11:22:20 +02:00
496e096e7b
Load single certificates directly from the KeyStore if we cannot get the read lock
...
This helps when running in the emulator as loading the certificates
takes quite a while there. This way a configured CA certificates is loaded
directly without having to wait for all certificates being cached.
2012-08-13 11:22:19 +02:00
c0fe43f002
Use colors from the Android color palette for the VPN status texts
2012-08-13 11:22:14 +02:00
374f62535f
Localized title for contextual action bar
2012-08-13 11:18:52 +02:00
05427857e2
German translation added
2012-08-13 11:18:52 +02:00
9c0be3ac69
Show MainActiviy if the user clicks 'Configure' in Android's VPN dialog
2012-08-13 11:18:52 +02:00
bebe2d397e
Keep reporting the error until the user dismisses it
...
Even when the Activity is closed and later reopened.
2012-08-13 11:18:52 +02:00
264dd8d372
Show an error dialog when errors occur while establishing the VPN
2012-08-13 11:18:51 +02:00
8062f973e1
Show a button to disconnect the VPN once it is established
2012-08-13 11:18:51 +02:00
a43bdf9a37
Show current VPN state and profile name
...
Show modal dialogs while connecting and disconnecting the VPN.
2012-08-13 11:18:51 +02:00
e7908526fd
Add a fragment to MainActivity which will display the current VPN state
...
The fragment is bound to the VpnStateService and registered as listener.
2012-08-13 11:18:51 +02:00
9d0f8a3a95
Use a separate (volatile) variable for certificate alias
...
If a connection is started while certificates are still loading and the
initiation is then canceled a deadlock could result if the daemon is
trying to enumerate the certificates just then.
2012-08-13 11:18:23 +02:00
a39a301a12
Don't set the source address on Android
2012-08-13 11:11:37 +02:00
644db4d7c5
Close IKE_SA on Android immediately if setting up CHILD_SA fails
2012-08-13 11:11:20 +02:00
76e55491eb
Reduce number of retransmits on Android
2012-08-13 11:09:34 +02:00
2483f6a4e0
Job added which handles plain text packets read from TUN device
2012-08-13 11:09:34 +02:00
d9531100fa
Added a handler that writes inbound plain text packets to the TUN device
2012-08-13 11:09:34 +02:00
3b3cf0c87a
Add simple callbacks to receive/send ESP packets via libipsec/receiver.
2012-08-13 11:09:34 +02:00
30ba2ff777
Add routes based on the installed IPsec policies to the TUN device builder
2012-08-13 11:09:34 +02:00
62e6630b24
Add virtual IP to the TUN device builder
...
After the CHILD_SA is established we can easily get this address from
the IKE_SA.
2012-08-13 11:09:34 +02:00
a2993d7243
Create a TUN device via VpnService.Builder once the CHILD_SA is established
2012-08-13 11:09:34 +02:00
3a05756b42
An Android specific attribute handler installs DNS servers via Builder
2012-08-13 11:09:33 +02:00
ae4f1ea180
Native counterpart of VpnService.Builder added, exposed by charonservice
2012-08-13 11:09:33 +02:00
5215d512bf
Adapter class added around VpnService.Builder which allows to access it via JNI
2012-08-13 11:00:29 +02:00
c6c39c783b
Initiate an SA via native JNI method
2012-08-13 11:00:28 +02:00
dffee9e2b0
Helper function added that retrieves a local IP address
2012-08-13 11:00:28 +02:00
66211196a7
android_service_t handles initiation of an SA and tracks its progress
...
Status updates are delivered via charonservice (JNI).
2012-08-13 11:00:28 +02:00
3aa5c609c3
Android specific credential set also provides user credentials
2012-08-13 11:00:28 +02:00
8430e54d83
Added an Android specific credential set that provides CA certificates via JNI
2012-08-13 11:00:28 +02:00
2bec193a1b
CharonVpnService provides a function to get trusted certificates via JNI
2012-08-13 11:00:28 +02:00
8c2af60ceb
Function added that allows to update VPN state via JNI
2012-08-13 11:00:28 +02:00
1b8877727c
Add a function to disconnect any current VPN connection
2012-08-13 11:00:27 +02:00
d4f7675199
Implement kernel_ipsec_t.bypass_socket() via JNI and VpnService.protect()
2012-08-13 11:00:27 +02:00
03de55ad98
CharonVpnService binds to VpnStateService and does basic state updates
2012-08-13 11:00:27 +02:00
a4f9028e08
CharonVpnService reacts on Intents and properly inits/deinits charon
...
Charon is initialized with every new connection attempt and
deinitialized when the service is terminated or it receives an empty
Intent (or before starting a new connection).
A separate thread is used to handle the connection attempts, this thread
acts as main thread for charon.
2012-08-13 11:00:27 +02:00
d1220566ef
Service added that keeps track of VPN state and notifies listeners about changes
...
It is ensured that listeners are notified only from the main thread.
2012-08-13 11:00:27 +02:00
175088517f
Add an Android specific kernel_ipsec_t implementation
...
This is pretty much a proxy class that delegates everything (that is
currently supported) to libipsec.
2012-08-13 11:00:27 +02:00
24447cf49f
Add an Android specific kernel_net_t implementation
...
This currently provides only no-ops and is just added because a
kernel-net implementation is required and kernel-netlink can't be used
at the moment.
2012-08-13 11:00:27 +02:00
6e04147743
Clone the current VPN profile before updating the password
...
Storing the password on the original object would be problematic in case
the user mistypes the password (no prompt would be shown the second time).
An alternative would be to just return the ID of the selected profile
and then fetch it from the database.
2012-08-13 11:00:26 +02:00
8d4eea5325
Allow VpnProfile objects to be cloned
2012-08-13 11:00:26 +02:00
b1340aa129
Prompt the user for a password if none is configured in the VPN profile
2012-08-13 11:00:26 +02:00
fcb5448017
Allow selection of a CA certificate for a VPN profile
...
This solution is just temporary as it really is not that user-friendly
to select CA certificates with a Spinner widget.
2012-08-13 11:00:26 +02:00
8db37772f5
Simplified asynchronous loading of CA certificates in MainActivity
2012-08-13 11:00:26 +02:00
b21979f12f
Added simple adapter for trusted certificates (to be used with a Spinner widget)
2012-08-13 11:00:26 +02:00
529c8c88a3
Keep a global reference to the CharonVpnService object in charonservice
2012-08-13 11:00:26 +02:00
a304874319
Add signal handler for fatal signals to libandroidbridge
2012-08-13 11:00:26 +02:00
d200749424
Set default log level in libandroidbridge
2012-08-13 11:00:25 +02:00
6316b50280
Renamed main Activity (shorter name in Launcher)
2012-08-13 11:00:25 +02:00
0b362ed837
MainActivity starts CharonVpnService if a VpnProfile is clicked in the list
...
This is done by implementing the OnVpnProfileSelectedListener interface
provided by VpnProfileListFragment.
2012-08-13 11:00:25 +02:00
c8b942a1e2
Menu option added to reload cached CA certificates
...
This might be required if the user installs a new CA certificate.
2012-08-13 11:00:25 +02:00
9756cf22f2
Show progress bar in ActionBar while loading cached CA certificates
2012-08-13 11:00:25 +02:00
19567a5e3a
Helper function added to handle Java exceptions in native code
2012-08-13 11:00:25 +02:00
95e9a12c28
Don't attach to actual Java threads (or already attached ones)
...
We check this by trying to retrieve a JNIEnv object from the JVM,
if one is returned the current thread is not native (created from Java)
or the thread is already attached.
2012-08-13 11:00:25 +02:00
5afb1e3c45
Initially load CA certificates when the main Activity is created
2012-08-13 11:00:24 +02:00
a305419b40
Trusted CA certificates are loaded and cached by a static singleton
2012-08-13 11:00:24 +02:00
40dfe8f1d8
Remove restriction to portrait orientation
2012-08-13 11:00:24 +02:00
3a32ba7111
Use Holo as theme
2012-08-13 11:00:24 +02:00
da9bb5044f
Make click events on the profile list available to the Activity
...
If the Activity this fragment is placed in implements the provided interface
it is notified about clicks on any of the profiles.
2012-08-13 11:00:09 +02:00
c6b736b9f5
Use a contextual action bar to edit and delete selected VPN profiles
2012-08-11 15:10:35 +02:00
a3e2f127dc
Provide a menu with options to save VPN profiles
...
The ID of the updated/inserted profile is sent back to the activity that
started the detail view.
2012-08-11 15:10:35 +02:00
c2e427c287
The list fragment uses a menu to provide an option to add new VPN profiles
2012-08-11 15:10:34 +02:00
56a922b2ed
Added an activity to edit basic VPN profile details
...
Already load existing data based on extra data delivered with the
Intent, no saving and CA certificate handling yet.
2012-08-11 15:10:34 +02:00
0458ac7cbc
Show list fragment in main activity
2012-08-11 15:10:34 +02:00
7329618cc2
Fragment added to list the VPN profiles
2012-08-11 15:10:34 +02:00
03a5a63c03
Added a custom adapter and layout to display VPN profiles in a ListView
2012-08-11 15:10:34 +02:00
d799cbf676
Added class to simplify access to database of VPN profiles
2012-08-11 15:10:33 +02:00
3d9127da61
Added class to move around VPN profiles in the Android App
2012-08-11 15:10:33 +02:00
b17b495f2e
Replaced launcher icon with a more appropriate one
2012-08-11 15:10:33 +02:00
441dde9ee9
Moved main Activity to ui sub-package
...
Also force portrait orientation.
2012-08-08 15:41:04 +02:00
8bf3027643
Moved CharonVpnService to logic sub-package
2012-08-08 15:41:04 +02:00
6f11e94134
Global charonservice_t object added to libandroidbridge
...
This is later used to call Java methods on CharonVpnService via JNI.
2012-08-08 15:41:04 +02:00
f83f65be08
Added functions to attach/detach native threads to the JVM
...
Even though native threads are automatically detached from the JVM with
help of a thread-local destructor it is recommended to detach as soon as
possible as local JNI references are not freed until a thread detaches.
2012-08-08 15:41:04 +02:00
cb887af4cf
Moved JNI helper macros to a separate file
...
Also initialize a reference to the CharonVpnService class during
JNI_OnLoad, which allows us later to call methods from C to Java.
2012-08-08 15:41:03 +02:00
d62d5d7c2e
Use strongSwan logo as icon
...
Due to the transparency and black font this is probably not optimal yet.
2012-08-08 15:41:03 +02:00
95dacbbc70
Allocate UDP ports randomly in Android NDK build.
2012-08-08 15:30:28 +02:00
a405760395
Java code style fixed (analogous to C code).
2012-08-08 15:12:24 +02:00
06ed785e5a
Load libipsec in Android app.
2012-08-08 15:12:24 +02:00
48f2c4b69b
Some NDK build info updated.
2012-08-08 15:09:31 +02:00
9ddc7cbfff
Changed minimal SDK/API level to 14.
2012-08-08 15:09:31 +02:00
4a20814300
Added android.net.VpnService wrapper around charon (loaded via JNI).
2012-08-08 15:09:31 +02:00
da848ab894
Added Android shell app created with Android SDK.
2012-08-08 15:09:30 +02:00
2f203aee0e
Android.mk for NDK build added.
2012-08-08 15:09:30 +02:00
e7600ca696
Remove debugging leftovers
2012-07-18 15:35:40 +02:00
37d9334366
Changed default path to charon for NM frontend.
2012-05-03 13:57:04 +02:00
6fde6cfaf8
NetworkManager-strongSwan Debian release 1.3.0
2011-09-07 16:09:18 +02:00
791c93f3ea
Migrated NM frontend plugin to NetworkManager 0.9
...
Use GtkBuilder, drop gconf dependency.
2011-09-05 17:14:28 +02:00
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
4aeb2f5ed9
maemo: New releases.
2011-02-07 17:21:22 +01:00
848b8e3545
maemo: Register with the GtkIconTheme "changed" signal not until the GUI is initialized.
2011-02-07 11:39:41 +01:00
a07c7ba2f6
maemo: Move debian/ directory for applet to packages/.
2011-02-04 18:02:49 +01:00
420fcfe5fa
maemo: Added Maemo specific fields (including icons) to packages.
2011-02-04 18:02:49 +01:00
54e8114127
maemo: Don't include debian files in distribution.
2011-02-04 18:02:49 +01:00
5be3ceba7e
maemo: Package dependencies and descriptions changed.
2011-02-04 18:02:48 +01:00
a6b7437b1f
maemo: Touch icon dir to trigger update event.
2011-02-04 18:02:48 +01:00
a90891e6e3
maemo: Reload icons on icon theme change.
...
This is also needed during the installation because the applet might be
loaded before the icons are installed (or the icon cache is refreshed).
2011-02-04 18:02:48 +01:00
25d7f059e2
maemo: Adding some missing files (required by automake).
2011-02-04 18:02:48 +01:00
d3622166dd
Added some generated files to .gitignore.
2010-10-15 10:25:08 +02:00
cf1bf2656e
Moved sources of the NetworkManager plugin to src/frontends.
2010-10-14 17:47:02 +02:00
070b63d704
Maemo: Added a widget to "unselect" a certificate.
2010-10-14 17:36:20 +02:00
31e7a45647
Maemo: OK is default response in password dialog.
2010-10-14 17:36:20 +02:00
be26f9a280
Maemo: Handle status changes from charon.
...
Use synchronous invocation for "Connect" again.
2010-10-14 17:36:19 +02:00
6f59971371
Maemo: Properly unregister the RPC callbacks.
2010-10-14 17:36:19 +02:00
28c51809a7
Maemo: Basic functionality added to notify the applet about status updates.
2010-10-14 17:36:19 +02:00
8a47cd909b
Maemo: Do not store the password in the config file, ask the user for it on demand.
2010-10-14 17:36:19 +02:00
04164cba44
Maemo: Debianized the status applet.
2010-10-14 17:36:18 +02:00
12b61b17ae
Maemo: Added basic connect/disconnect functionality to frontend.
2010-10-14 17:36:18 +02:00
9889c9d84c
Maemo: Do not unref the dialog.
2010-10-14 17:36:18 +02:00
ab02058d78
Maemo: Improved icon loading in status applet.
2010-10-14 17:36:18 +02:00
df4f82a9ad
Maemo: Register the status applet with libosso.
2010-10-14 17:36:18 +02:00
8411dc6e70
Maemo: Changed the input mode of several text boxes.
2010-10-14 17:36:17 +02:00
ce736b759b
Maemo: Ensure that the settings directory exists.
2010-10-14 17:36:17 +02:00
005e45330d
Fixed a subtle SIGSEGV.
2010-10-14 17:36:17 +02:00
8df3749c6a
Dialog to initiate or terminate connections added.
2010-10-14 17:36:17 +02:00
59df6ff93c
Enable dynamic registration of StrongswanConnection(s) type.
...
Because status menu plugins get loaded and unloaded dynamically by the
Hildon Desktop, we have to register our Types dynamically.
2010-10-14 17:36:17 +02:00
41b2fbb29f
Initial version of the Hildon Desktop status menu plugin.
2010-10-14 17:36:17 +02:00
d8f4efbf7b
Adding, editing and deleting connections is now possible in the settings plugin.
2010-10-14 17:36:17 +02:00
2bf0caec66
Adding a dialog to the settings plugin that lists all connections.
2010-10-14 17:36:17 +02:00
980c1b6e07
Helper methods added to StrongSwanConnections to easily show connections in a list widget.
2010-10-14 17:36:17 +02:00
01f7455640
Management class for connection settings added, connections are stored in a simple GKeyFile.
2010-10-14 17:36:17 +02:00
9a09e32b98
Simple GObject based class for connection settings added.
2010-10-14 17:36:16 +02:00
d50670d50e
Adding a stub plugin for the Hildon control panel.
2010-10-14 17:36:16 +02:00
0261b12419
Adding autotools framework for the maemo frontend.
2010-10-14 17:36:16 +02:00
Tobias Brunner