Tobias Brunner
873f389b37
android: Properly hide the IMC state fragment initially
2013-07-08 18:49:29 +02:00
Tobias Brunner
0ef98957a7
android: Add activity that displays a list of remediation instructions
...
On large displays a two-pane layout is used that displays the list next
to the actual instructions.
2013-07-08 18:49:29 +02:00
Tobias Brunner
611d35e8e8
android: Add fragment for a list of remediation instructions
...
This fragment can later be used in one- or two-pane layouts.
2013-07-08 18:49:29 +02:00
Tobias Brunner
b6e05f6518
android: Add adapter for remediation instructions
2013-07-08 18:49:29 +02:00
Tobias Brunner
ea022bb194
android: Add fragment that displays a single remediation instruction
2013-07-08 18:49:29 +02:00
Tobias Brunner
c469cd2a66
android: RemediationInstruction implements Parcelable interface
2013-07-08 18:49:29 +02:00
Tobias Brunner
2b91085701
android: Background for state panels provides separator
2013-07-08 18:49:29 +02:00
Tobias Brunner
e5bf6dcddc
android: Add fragment that displays the IMC state
...
The fragment hides itself if the state is unknown or the assessment
succeeded.
2013-07-08 18:49:29 +02:00
Tobias Brunner
a05acd7629
android: Handle and store IETF remediation instructions
2013-07-08 18:49:28 +02:00
Tobias Brunner
0484989dbd
android: Add a parser for XML remediation instructions
2013-07-08 18:49:28 +02:00
Tobias Brunner
a8dc42b295
android: Show different error message depending on IMC state
2013-07-08 18:49:28 +02:00
Tobias Brunner
5e7a4193e5
android: Clear error only when the user explicitly dismisses the dialog
...
The previous code worked fine on rotation changes as the fragment is
destroyed and recreated causing onCreate to be called, which restores the
saved error state. But if the user switches to a different application
and then back this is not the case. The dialog still gets dismissed (as
we have to do so to avoid nasty exceptions on rotation changes) but since
that implicitly cleared the error state the UI was never fully restored.
2013-07-08 18:49:28 +02:00
Tobias Brunner
dc52cfab73
android: Add state of IMC to VpnStateService and update it via JNI
2013-07-08 18:49:28 +02:00
Tobias Brunner
d087f080f0
android: Handle TCG file measurement related attributes using PTS
2013-07-08 18:49:28 +02:00
Tobias Brunner
fd3aa004e4
android: Android IMC state provides a Platform Trust Service (PTS) instance
2013-07-08 18:49:28 +02:00
Tobias Brunner
0e53beda32
android: Provide a public interface for Android IMC state
2013-07-08 18:49:28 +02:00
Tobias Brunner
403165102c
android: Define IMC functions static and with lower-case names
2013-07-08 18:49:28 +02:00
Tobias Brunner
583fe0ccb6
android: Add measurement collector for ITA Device ID
2013-07-08 18:49:28 +02:00
Tobias Brunner
44330a171f
android: Add measurement collector for ITA Settings
2013-07-08 18:49:27 +02:00
Tobias Brunner
c179a3f6f2
android: Handle ITA PA-TNC attributes
2013-07-08 18:49:27 +02:00
Tobias Brunner
036fa7a166
android: Overload for getMeasurement() that takes a String array as argument
2013-07-08 18:49:27 +02:00
Tobias Brunner
ba59486fc8
android: Add measurement collector for Port Filter
...
This collector reports all listening TCP and UDP sockets/ports.
2013-07-08 18:49:27 +02:00
Tobias Brunner
6500727d6a
android: Enum type for transport protocols added
2013-07-08 18:49:27 +02:00
Tobias Brunner
7cb8f570ed
android: Add measurement collector for Installed Packages
2013-07-08 18:49:27 +02:00
Tobias Brunner
2d61172314
android: Add measurement collector for Product Information
2013-07-08 18:49:27 +02:00
Tobias Brunner
75d710ec63
android: Also support writing of 24-bit values
2013-07-08 18:49:27 +02:00
Tobias Brunner
5c9706f30b
android: Add measurement collector for String Version
2013-07-08 18:49:27 +02:00
Tobias Brunner
4eec7912a1
android: Interfaces for measurement collectors and attributes added
2013-07-08 18:49:27 +02:00
Tobias Brunner
2d378d8a74
android: Add a Java utility class similar to bio_writer_t
2013-07-08 18:49:27 +02:00
Tobias Brunner
28c268d707
android: Add enum types for PENs and attribute types
2013-07-08 18:49:26 +02:00
Tobias Brunner
c53210f9b0
android: Add a generic handler for PA-TNC attribute requests
...
The idea is that the Android IMC will return attributes in their binary
encoding. This keeps the JNI interface to the IMC pretty simple.
2013-07-08 18:49:26 +02:00
Tobias Brunner
aa4ff3b211
android: Added a Java part to the Android IMC
2013-07-08 18:49:26 +02:00
Tobias Brunner
753035f6d7
android: Don't attempt loading IMCs from /etc/tnc_config
2013-07-08 18:49:26 +02:00
Tobias Brunner
a6507df2ec
android: Build libpts and init/deinit libpts in BYOD IMC
2013-07-08 18:49:26 +02:00
Tobias Brunner
96658d7264
android: Added a sample IMC that sends some dummy OS data
2013-07-08 18:49:26 +02:00
Tobias Brunner
933155fae6
android: Build option added to load BYOD related plugins and libraries in the Android app
2013-07-08 18:49:26 +02:00
Tobias Brunner
0015727ebd
android: Disable listening on IPv6
...
As we have to use UDP encapsulation and the Linux kernel currently does
not support that this avoids issues with dual-stack gateways.
2013-07-05 09:48:27 +02:00
Tobias Brunner
607f8e9906
plugin-loader: Add method to print loaded plugins on a given log level
2013-06-21 15:17:53 +02:00
Tobias Brunner
92f102c21b
android: Forward initiator flag to libipsec when adding IPsec SA
2013-06-13 13:55:58 +02:00
Martin Willi
a8c9454423
kernel-interface: add an exchange initiator parameter to add_sa()
...
This new flag gives the kernel-interface a hint how it should priorize the
use of newly installed SAs during rekeying.
Consider the following rekey procedure in IKEv2:
Initiator --- Responder
I1 -------CREATE-------> R1
I2 <------CREATE--------
-------DELETE-------> R2
I3 <------DELETE--------
SAs are always handled as pairs, the following happens at the SA level:
* Initiator starts the exchange at I1
* Responder installs new SA pair at R1
* Initiator installs new SA pair at I2
* Responder removes old SA pair at R2
* Initiator removes old SA pair at I3
This makes sure SAs get installed/removed overlapping during rekeying. However,
to avoid any packet loss, it is crucial that the new outbound SA gets
activated at the correct position:
* as exchange initiator, in I2
* as exchange responder, in R2
This should guarantee that we don't use the new outbound SA before the peer
could install its corresponding inbound SA.
The new parameter allows the kernel backend to install the new SA with
appropriate priorities, i.e. it should:
* as exchange inititator, have the new outbound SA installed with higher
priority than the old SA
* as exchange responder, have the new outbound SA installed with lower
priority than the old SA
While we could split up the SA installation at the responder, this approach
has another advantage: it allows the kernel backend to switch SAs based on
other criteria, for example when receiving traffic on the new inbound SA.
2013-06-11 15:58:48 +02:00
Martin Willi
5c12700f9a
kernel-interface: query SAD for last use time if SPD query didn't yield one
2013-05-06 17:01:13 +02:00
Martin Willi
0be946dce3
Use the GEN silent rule when generating files with sed
2013-05-06 15:04:56 +02:00
Tobias Brunner
55321dcfb6
New Android release after adding AES-GCM, IPv6-in-IPv4 and using kernel-netlink
...
libipsec now supports AES-GCM, IPv6 tunnels over IPv4 are supported,
native x86 libraries are built (requires a new Vstr build script).
Also, the existing kernel-netlink plugin now provides the kernel-net
implementation, which should be more stable in case multiple interfaces
are up and have IP addresses installed on them.
2013-05-03 16:02:39 +02:00
Tobias Brunner
740aedfec1
android: Use stronger ESP proposal including AES-GCM
2013-05-03 16:02:39 +02:00
Tobias Brunner
61fb3267b2
android: Remove unused methods on NetworkManager/network_manager_t
2013-05-03 15:11:20 +02:00
Tobias Brunner
70dfac4459
android: Ignore interface 'lo'
...
Android adds a default route via 'lo' if no connectivity is available
causing charon to send packets via lo and triggering DPD.
2013-05-03 15:11:20 +02:00
Tobias Brunner
18dab76bfa
android: Repurpose android-net to simply handle connectivity events
...
Using the events by NetworkManager/ConnectivityManager to trigger roam events
instead of the events generated by the kernel-netlink plugin the noise level
is much lower.
2013-05-03 15:11:20 +02:00
Tobias Brunner
3b7f25906e
android: Replace android-net plugin with kernel-netlink
...
Virtual IPs are not handled by the kernel-netlink plugin and tun devices are
ignored.
2013-05-03 15:11:19 +02:00
Tobias Brunner
67332b4e22
android: Set strongswan.conf options before initializing other libraries
2013-05-03 15:11:19 +02:00
Tobias Brunner
24b5e71522
android: No need to disable CMS explicitly
...
The version check introduced with 0d237763
should take care of it.
2013-03-20 17:02:37 +01:00
Tobias Brunner
29d93e2470
android: Build native libraries also for x86
...
Requires an updated build script for Vstr.
2013-03-20 15:24:27 +01:00
Tobias Brunner
e5d819b617
android: Remove/filter header files from LOCAL_SRC_FILES
...
This avoids huge warnings when building the native code.
2013-03-20 15:24:26 +01:00
Tobias Brunner
8249f288f2
android: Request and install an IPv6 DNS server
2013-03-20 15:24:26 +01:00
Tobias Brunner
ee66565d43
android: Also request a virtual IPv6 address and propose IPv6 TS
...
This allows IPv6 over IPv4 but falls back nicely if we don't get a
virtual IPv6 (or IPv4) address.
2013-03-20 15:24:26 +01:00
Martin Willi
7eeeb1c702
kernel_ipsec_t.query_sa() additionally returns the number of processed packets
2013-03-14 14:20:54 +01:00
Tobias Brunner
d6da0a367a
New Android release after adding translations and Cert/EAP authentication
...
Also fixed a race condition during reauthentication and a freeze that
might happen while disconnecting.
2013-03-07 14:14:34 +01:00
Tobias Brunner
76de964617
android: Add support for combined certificate and EAP authentication
...
This uses RFC 4739 multiple authentication rounds to first
authenticate the client with a certificate followed by an
EAP authentication round with username and password.
2013-03-07 14:14:34 +01:00
Tobias Brunner
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
Tobias Brunner
e88b529a30
android: Mitigate race condition on reauthentication
...
If the TUN device gets recreated while another thread in handle_plain()
has not yet called select(2) but already stored the file descriptor of the
old TUN device in its FD set, select() will fail with EBADF.
Fixes #301 .
2013-03-01 17:06:01 +01:00
Martin Willi
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
Tobias Brunner
30abe1fd19
android: Properly escape apostrophes in Ukrainian translation
2013-01-14 17:23:52 +01:00
Tobias Brunner
b9cda4f3e1
android: Implement kernel_net_t.get_interface via JNI
...
This is now required to properly accept/install a virtual IP address.
Fixes #275 .
2013-01-14 17:22:56 +01:00
Tobias Brunner
53ce5c4c91
android: Moved chunk_from_byte_array and byte_array_from_chunk helper functions
2013-01-14 17:19:58 +01:00
Tobias Brunner
ecff0e5685
android: Set OPENSSL_NO_CMS in Android.mk as it is not set in opensslconf.h on Android
2013-01-14 17:16:18 +01:00
Tobias Brunner
21235e1ec2
Merge branch 'ikev1-fragmentation'
...
This adds support for the proprietary IKEv1 fragmentation extension.
Conflicts:
NEWS
2013-01-12 11:58:26 +01:00
Tobias Brunner
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
Pavel Kopchyk
3365bddccf
Fixed some typos in Ukrainian translation
2013-01-09 05:30:55 +01:00
Tobias Brunner
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
Dmitry Korzhevin
a0117b9122
Added Russian and Ukrainian strings for Android client
2012-12-24 12:06:12 +01:00
Martin Willi
b185cdd16d
Install virtual IPs via interface name, and use an interface lookup where required
2012-11-29 10:22:51 +01:00
Martin Willi
50bd755871
Add an optional kernel-interface parameter to install IPs with a custom prefix
2012-11-29 10:22:51 +01:00
Tobias Brunner
2cb9a014df
New Android release after adding shortcuts and confirmation dialog
...
Also fixed some Android 4.2 specific issues.
2012-11-21 19:07:52 +01:00
Tobias Brunner
df3e34fe86
android: Don't allow any backup for now
2012-11-21 19:05:18 +01:00
Tobias Brunner
37d42a76d3
android: Properly handle exceptions when loading keys/certificates
2012-11-21 18:57:41 +01:00
Tobias Brunner
73d0fb0a66
android: Use the same tag string for all dialogs in MainActivity
2012-11-21 18:57:41 +01:00
Tobias Brunner
8c0b32d892
android: Hide previous dialogs when handling a new connection attempt
2012-11-21 18:57:41 +01:00
Tobias Brunner
50b048983c
android: Show confirmation dialog when starting a profile while already connected
2012-11-21 18:57:41 +01:00
Tobias Brunner
ac3c6ff479
android: Add the ability to create shortcuts to specific VPN profiles
2012-11-21 18:57:41 +01:00
Tobias Brunner
127d83bb21
android: Start a specific VPN profile based on special Intents
2012-11-21 18:57:40 +01:00
Tobias Brunner
7241102ace
android: Attribute added to display the list of VPN profiles in read-only mode
2012-11-21 18:57:40 +01:00
Tobias Brunner
2e50a8e751
android: Show an error if VPN fails due to lock down mode in Android 4.2
2012-11-19 11:43:32 +01:00
Tobias Brunner
be2e7ecc2f
android: Add error message as argument to "VPN not supported" dialog
2012-11-19 11:43:32 +01:00
Tobias Brunner
0c3b8028e7
android: Content providers are not exported by default in Android 4.2
2012-11-19 11:43:32 +01:00
Tobias Brunner
48e45153f5
android: Set target SDK to 17 (Android 4.2)
2012-11-19 11:43:31 +01:00
Tobias Brunner
277ff80a2e
android: Private key bug has been fixed with Android 4.2
2012-11-19 11:43:31 +01:00
Tobias Brunner
acb300f920
android: Use proper intent-filter for our VpnService
2012-11-02 15:55:08 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Martin Willi
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
Martin Willi
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
Tobias Brunner
23ca39010e
android: Enable ECC in the app as our custom built libcrypto supports it
2012-10-23 18:13:58 +02:00
Tobias Brunner
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
Tobias Brunner
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
Tobias Brunner
c30573467b
New Android release after adding MOBIKE support
2012-10-18 14:03:38 +02:00
Tobias Brunner
eecd41e349
Use a helper function to add milliseconds to timeval structs
2012-10-18 12:25:59 +02:00
Tobias Brunner
2b6088c718
android: Ignore if peer is unreachable when reestablishing an SA
2012-10-18 12:25:59 +02:00
Tobias Brunner
901f6ac403
android: Use a shorter timeout for retransmits
2012-10-18 10:57:55 +02:00
Tobias Brunner
8658e87b35
android: Use keyingtries=%forever and dpd|closeaction=restart
...
We also ignore the CHILD_SA_DOWN event.
This should allow us to keep the connection up as long as the user does
not manually disconnect.
2012-10-18 10:57:55 +02:00
Tobias Brunner
272ce5b580
android: Handle unreachable peers via alert
2012-10-16 14:16:17 +02:00
Tobias Brunner
b00806cf85
android: Use 0.0.0.0/0 as local traffic selector
...
This is helpful if the responder also wants to tunnel e.g. multicast
packages.
2012-10-16 14:16:17 +02:00
Tobias Brunner
45885ca613
android: Bypass/protect previously bypassed sockets if connectivity changes
2012-10-16 14:16:17 +02:00
Tobias Brunner
9167ca8b2b
android: Support for IPsec SA update added
2012-10-16 14:16:17 +02:00
Tobias Brunner
5b88d80f22
android: Trigger roam events in case connectivity changes
2012-10-16 14:16:17 +02:00
Tobias Brunner
ef3d1a1ba9
android: Register NetworkManager as BroadcastReceiver and relay events via JNI
2012-10-16 14:16:17 +02:00
Tobias Brunner
38bbca587f
android: Determine source address dynamically
2012-10-16 14:16:17 +02:00
Tobias Brunner
8f092a2221
android: Added NetworkManager class which allows to retrieve a local IP address
2012-10-16 14:16:17 +02:00
Tobias Brunner
b0e0932538
android: Increase compile warnings
2012-10-16 14:16:16 +02:00
Tobias Brunner
c3bce1aa3d
android: Fixed "Configure" button in Android VPN dialog
2012-10-16 14:16:16 +02:00
Tobias Brunner
e3d98f2c4c
android: Don't use the default ESP proposal as it includes unsupported algorithms
2012-10-16 14:16:16 +02:00
Tobias Brunner
012d7382b0
New Android release after fixing private key issues on Jelly Bean
2012-09-24 17:16:29 +02:00
Tobias Brunner
94106ddc85
android: Leak the private key reference on Jelly Bean to avoid a bug in the framework
...
A bug in the framework on Android Jelly Bean causes a SIGSEGV when the private
key object returned from KeyChain.getPrivateKey is garbage collected.
Leaking the global reference to that object prevents the garbage
collection and thereby the crash.
2012-09-24 17:16:29 +02:00
Tobias Brunner
dfefa2f6dc
android: Added a global variable to check the current SDK version
2012-09-24 17:12:18 +02:00
Tobias Brunner
64595464b2
android: Load the private key and certificates separately in android_creds_t
2012-09-24 17:12:18 +02:00
Tobias Brunner
406d680e45
android: Added a method to get the user's private key via JNI
2012-09-24 17:12:18 +02:00
Tobias Brunner
c35d468fb1
android: Added a JNI backed private key implementation
...
This is required because private keys are provided by an OpenSSL engine
in Jelly Bean, which makes them inaccessible directly via getEncoding.
2012-09-24 17:12:18 +02:00
Tobias Brunner
4157a40b45
New Android release after fixing IDr problems
2012-09-18 15:29:29 +02:00
Tobias Brunner
e596d0ef1e
android: Use AUTH_RULE_IDENTITY_LOOSE
2012-09-18 11:21:49 +02:00
Tobias Brunner
cf1ec85207
New Android release after fixing Unicode conversion bug
2012-09-17 10:55:10 +02:00
Tobias Brunner
b7c54cf226
android: Fix conversion of actual Unicode strings (i.e. bytes!=chars)
2012-09-17 10:30:39 +02:00
Tobias Brunner
ccba4f1533
android: New release after adding certificate authentication and reauth fix
2012-09-06 14:54:37 +02:00
Tobias Brunner
d7d2a5ec38
android: Properly handle reauthentication initiated by the client
2012-09-06 11:27:07 +02:00
Tobias Brunner
0326ceda64
android: Create a new VpnService.Builder after VPN has been established
2012-09-06 11:25:24 +02:00
Tobias Brunner
d1604d0551
Merge branch 'android-client-cert'
...
Introduces IKEv2 client certificate authentication for the Android App.
2012-09-04 13:58:49 +02:00
Tobias Brunner
c89cc22692
android: Native parts handle ikev2-cert VPN type
2012-08-31 18:24:46 +02:00
Tobias Brunner
094a059bcf
android: android_creds_t can provide a user's private key and certificate
2012-08-31 18:24:46 +02:00
Tobias Brunner
3aba33868b
android: Added JNI method to retrieve user certificate and private key
...
To simplify things the private key, the user certificate and the CA
certificates are all put into the same list.
2012-08-31 18:24:46 +02:00
Tobias Brunner
38e866c3dd
android: Don't show the password dialog if not required
2012-08-31 18:24:46 +02:00
Tobias Brunner
69f731a9d8
android: Enable pkcs8 plugin
2012-08-31 18:24:46 +02:00
Tobias Brunner
5eb7ad3a38
android: Pass the type of VPN to the native parts
2012-08-31 18:24:46 +02:00
Tobias Brunner
655362464e
android: Make sure NULL jstrings are converted properly
2012-08-31 18:24:45 +02:00
Tobias Brunner
6de38fe88a
android: Display the selected certificate alias in the profile list
2012-08-31 18:24:45 +02:00
Tobias Brunner
f46da851ab
android: Allow configuration of a user certificate
2012-08-31 18:24:43 +02:00
Tobias Brunner
3f9e90f618
android: Remove NOT NULL constraint from username column
2012-08-31 18:24:23 +02:00
Tobias Brunner
d0f6481eb0
android: Separate view added to select certificates
2012-08-31 18:24:23 +02:00
Tobias Brunner
7fedacb2e7
android: Don't try to load the profile with ID 0
2012-08-31 18:24:22 +02:00
Tobias Brunner
825c192d4f
android: Spinner added to select the VPN type
2012-08-31 18:24:19 +02:00
Martin Willi
1323dc1138
Merge branch 'multi-vip'
...
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
2012-08-31 12:55:56 +02:00
Martin Willi
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00
Martin Willi
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
Martin Willi
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
Tobias Brunner
48f51d9454
android: Field added to store the type of a VPN profile
2012-08-27 15:36:36 +02:00
Tobias Brunner
1f6f501978
android: Enum added for VPN types
2012-08-27 15:33:58 +02:00
Tobias Brunner
8a9956762c
android: Simplified handling of error dialog that is displayed if VpnService API is not supported
2012-08-27 10:48:13 +02:00
Tobias Brunner
aa55040192
android: LoginDialog refactored so it also works when the device is rotated
2012-08-27 10:48:13 +02:00
Tobias Brunner
e09f4120d4
android: Added a field to store selected user certificate
2012-08-27 10:48:13 +02:00
Andreas Steffen
8528f841de
Ewa did the new Polish translation
2012-08-24 16:59:47 +02:00
Tobias Brunner
ef73bb52b1
Without the ties to PAM we can build eap-gtc on Android
2012-08-17 14:24:48 +02:00
Tobias Brunner
f0b8d8c2c4
New Android release after adding error dialog
...
Skipped one version due to a rebasing mishap.
2012-08-15 11:23:06 +02:00
Tobias Brunner
8df118f733
Show an error message if VPN is not supported
...
Some devices have Android 4 installed but the system images still seem to
lack the components that are required for VPN support. One such
component is the dialog used to grant permission to create .
2012-08-15 11:19:43 +02:00
Tobias Brunner
c8d0c3b03d
Enable search for certificate lists (via SearchView in ActionBar)
2012-08-14 12:01:41 +02:00
Tobias Brunner
4db2d6336e
Added new UI to select a specific CA certificate
...
With this change there is no need to wait for all certificates being loaded
anymore (this happens only when the user opens the selection activity).
2012-08-14 12:01:41 +02:00
Tobias Brunner
cb431e12da
Don't try to save profile ID if there is none
2012-08-14 12:01:41 +02:00
Tobias Brunner
7546735fec
List fragment for trusted certificates can notify listeners about clicks
2012-08-14 12:01:41 +02:00
Tobias Brunner
b0b0eac6eb
Added an activity that shows lists of CA certificates in two tabs
2012-08-14 12:01:41 +02:00
Tobias Brunner
caf85c872f
Added a ListFragment that lists trusted certificates (loaded via a custom Loader)
2012-08-14 12:01:41 +02:00
Tobias Brunner
db8bea8311
Changed TrustedCertificateAdapter for use with ListViews and TrustedCertificateEntry
2012-08-14 12:01:41 +02:00
Tobias Brunner
af46e950b1
Remove certificate spinner from edit view
2012-08-14 12:01:41 +02:00
Tobias Brunner
f075536ebe
Function to get only system-wide CA certificates added to TrustedCertificateManager
2012-08-14 12:01:40 +02:00
Tobias Brunner
2dc8998419
Added class to store trusted certificate entries for lists
2012-08-14 12:01:40 +02:00
Tobias Brunner
1fcaa71291
Added a button to the error dialog that allows to view the log file
2012-08-13 11:28:08 +02:00
Tobias Brunner
fbacc6506c
Use major.minor.revision version numbers for Android application
2012-08-13 11:28:08 +02:00
Tobias Brunner
064f4f75c0
Only allow access to log file via explicitly created URIs
...
Since ContentProviders are public and permissions don't seem to work any
other application could access the log file. With this token system
only URIs we explicitly created can be accessed.
2012-08-13 11:27:55 +02:00
Tobias Brunner
6c54c10838
Menu option added that allows users to send the log file
2012-08-13 11:22:21 +02:00
Tobias Brunner
c3afe9d35b
Add ContentProvider to access log file from other applications
2012-08-13 11:22:21 +02:00
Tobias Brunner
ae10e8c458
Watch for changes to the log file so we can reopen it
...
If the log fragment is shown while the daemon starts (which is not the
case at the moment, but maybe later on tablets) the file reader would not
notice that the file got truncated. The same applies if the file is deleted
directly on the file system e.g. with adb shell.
2012-08-13 11:22:21 +02:00
Tobias Brunner
bad119c55a
Add an Activity that shows the log fragment
2012-08-13 11:22:20 +02:00
Tobias Brunner
f9a162a235
Add a fragment that can display charon's log file
...
It continuously reads from the log file in a separate thread while displayed.
2012-08-13 11:22:20 +02:00
Tobias Brunner
658ed96fce
Added special ScrollView with auto-scrolling feature
...
The ability to auto-scroll is disabled as soon as the user manually
scrolls around and re-enable when the user scrolls to the bottom.
2012-08-13 11:22:20 +02:00
Tobias Brunner
fe05f1f05c
Charon logs to a file in the App's data directory
2012-08-13 11:22:20 +02:00
Tobias Brunner
4308ce1cf7
Moved Java to C string conversion function to android_jni header file
2012-08-13 11:22:20 +02:00
Tobias Brunner
6db742e7e5
Log charon version and uname() output, split libcharon and charon initialization
2012-08-13 11:22:20 +02:00
Tobias Brunner
a7c8b166a1
Only call disconnect() from CharonVpnService if we are not already disconnecting
2012-08-13 11:22:20 +02:00
Tobias Brunner
496e096e7b
Load single certificates directly from the KeyStore if we cannot get the read lock
...
This helps when running in the emulator as loading the certificates
takes quite a while there. This way a configured CA certificates is loaded
directly without having to wait for all certificates being cached.
2012-08-13 11:22:19 +02:00
Tobias Brunner
c0fe43f002
Use colors from the Android color palette for the VPN status texts
2012-08-13 11:22:14 +02:00
Tobias Brunner
374f62535f
Localized title for contextual action bar
2012-08-13 11:18:52 +02:00
Tobias Brunner
05427857e2
German translation added
2012-08-13 11:18:52 +02:00
Tobias Brunner
9c0be3ac69
Show MainActiviy if the user clicks 'Configure' in Android's VPN dialog
2012-08-13 11:18:52 +02:00
Tobias Brunner
bebe2d397e
Keep reporting the error until the user dismisses it
...
Even when the Activity is closed and later reopened.
2012-08-13 11:18:52 +02:00
Tobias Brunner
264dd8d372
Show an error dialog when errors occur while establishing the VPN
2012-08-13 11:18:51 +02:00
Tobias Brunner
8062f973e1
Show a button to disconnect the VPN once it is established
2012-08-13 11:18:51 +02:00
Tobias Brunner
a43bdf9a37
Show current VPN state and profile name
...
Show modal dialogs while connecting and disconnecting the VPN.
2012-08-13 11:18:51 +02:00
Tobias Brunner
e7908526fd
Add a fragment to MainActivity which will display the current VPN state
...
The fragment is bound to the VpnStateService and registered as listener.
2012-08-13 11:18:51 +02:00
Tobias Brunner
9d0f8a3a95
Use a separate (volatile) variable for certificate alias
...
If a connection is started while certificates are still loading and the
initiation is then canceled a deadlock could result if the daemon is
trying to enumerate the certificates just then.
2012-08-13 11:18:23 +02:00
Tobias Brunner
a39a301a12
Don't set the source address on Android
2012-08-13 11:11:37 +02:00
Tobias Brunner
644db4d7c5
Close IKE_SA on Android immediately if setting up CHILD_SA fails
2012-08-13 11:11:20 +02:00
Tobias Brunner
76e55491eb
Reduce number of retransmits on Android
2012-08-13 11:09:34 +02:00
Tobias Brunner
2483f6a4e0
Job added which handles plain text packets read from TUN device
2012-08-13 11:09:34 +02:00
Tobias Brunner
d9531100fa
Added a handler that writes inbound plain text packets to the TUN device
2012-08-13 11:09:34 +02:00
Tobias Brunner
3b3cf0c87a
Add simple callbacks to receive/send ESP packets via libipsec/receiver.
2012-08-13 11:09:34 +02:00
Tobias Brunner
30ba2ff777
Add routes based on the installed IPsec policies to the TUN device builder
2012-08-13 11:09:34 +02:00
Tobias Brunner
62e6630b24
Add virtual IP to the TUN device builder
...
After the CHILD_SA is established we can easily get this address from
the IKE_SA.
2012-08-13 11:09:34 +02:00
Tobias Brunner
a2993d7243
Create a TUN device via VpnService.Builder once the CHILD_SA is established
2012-08-13 11:09:34 +02:00
Tobias Brunner
3a05756b42
An Android specific attribute handler installs DNS servers via Builder
2012-08-13 11:09:33 +02:00
Tobias Brunner
ae4f1ea180
Native counterpart of VpnService.Builder added, exposed by charonservice
2012-08-13 11:09:33 +02:00
Tobias Brunner
5215d512bf
Adapter class added around VpnService.Builder which allows to access it via JNI
2012-08-13 11:00:29 +02:00
Tobias Brunner
c6c39c783b
Initiate an SA via native JNI method
2012-08-13 11:00:28 +02:00
Tobias Brunner
dffee9e2b0
Helper function added that retrieves a local IP address
2012-08-13 11:00:28 +02:00
Tobias Brunner
66211196a7
android_service_t handles initiation of an SA and tracks its progress
...
Status updates are delivered via charonservice (JNI).
2012-08-13 11:00:28 +02:00
Tobias Brunner
3aa5c609c3
Android specific credential set also provides user credentials
2012-08-13 11:00:28 +02:00
Tobias Brunner
8430e54d83
Added an Android specific credential set that provides CA certificates via JNI
2012-08-13 11:00:28 +02:00
Tobias Brunner
2bec193a1b
CharonVpnService provides a function to get trusted certificates via JNI
2012-08-13 11:00:28 +02:00
Tobias Brunner
8c2af60ceb
Function added that allows to update VPN state via JNI
2012-08-13 11:00:28 +02:00
Tobias Brunner
1b8877727c
Add a function to disconnect any current VPN connection
2012-08-13 11:00:27 +02:00
Tobias Brunner
d4f7675199
Implement kernel_ipsec_t.bypass_socket() via JNI and VpnService.protect()
2012-08-13 11:00:27 +02:00
Tobias Brunner
03de55ad98
CharonVpnService binds to VpnStateService and does basic state updates
2012-08-13 11:00:27 +02:00
Tobias Brunner
a4f9028e08
CharonVpnService reacts on Intents and properly inits/deinits charon
...
Charon is initialized with every new connection attempt and
deinitialized when the service is terminated or it receives an empty
Intent (or before starting a new connection).
A separate thread is used to handle the connection attempts, this thread
acts as main thread for charon.
2012-08-13 11:00:27 +02:00
Tobias Brunner
d1220566ef
Service added that keeps track of VPN state and notifies listeners about changes
...
It is ensured that listeners are notified only from the main thread.
2012-08-13 11:00:27 +02:00
Tobias Brunner
175088517f
Add an Android specific kernel_ipsec_t implementation
...
This is pretty much a proxy class that delegates everything (that is
currently supported) to libipsec.
2012-08-13 11:00:27 +02:00
Tobias Brunner
24447cf49f
Add an Android specific kernel_net_t implementation
...
This currently provides only no-ops and is just added because a
kernel-net implementation is required and kernel-netlink can't be used
at the moment.
2012-08-13 11:00:27 +02:00
Tobias Brunner
6e04147743
Clone the current VPN profile before updating the password
...
Storing the password on the original object would be problematic in case
the user mistypes the password (no prompt would be shown the second time).
An alternative would be to just return the ID of the selected profile
and then fetch it from the database.
2012-08-13 11:00:26 +02:00
Tobias Brunner
8d4eea5325
Allow VpnProfile objects to be cloned
2012-08-13 11:00:26 +02:00
Tobias Brunner
b1340aa129
Prompt the user for a password if none is configured in the VPN profile
2012-08-13 11:00:26 +02:00
Tobias Brunner
fcb5448017
Allow selection of a CA certificate for a VPN profile
...
This solution is just temporary as it really is not that user-friendly
to select CA certificates with a Spinner widget.
2012-08-13 11:00:26 +02:00
Tobias Brunner
8db37772f5
Simplified asynchronous loading of CA certificates in MainActivity
2012-08-13 11:00:26 +02:00
Tobias Brunner
b21979f12f
Added simple adapter for trusted certificates (to be used with a Spinner widget)
2012-08-13 11:00:26 +02:00
Tobias Brunner
529c8c88a3
Keep a global reference to the CharonVpnService object in charonservice
2012-08-13 11:00:26 +02:00
Tobias Brunner
a304874319
Add signal handler for fatal signals to libandroidbridge
2012-08-13 11:00:26 +02:00
Tobias Brunner
d200749424
Set default log level in libandroidbridge
2012-08-13 11:00:25 +02:00
Tobias Brunner
6316b50280
Renamed main Activity (shorter name in Launcher)
2012-08-13 11:00:25 +02:00
Tobias Brunner
0b362ed837
MainActivity starts CharonVpnService if a VpnProfile is clicked in the list
...
This is done by implementing the OnVpnProfileSelectedListener interface
provided by VpnProfileListFragment.
2012-08-13 11:00:25 +02:00
Tobias Brunner
c8b942a1e2
Menu option added to reload cached CA certificates
...
This might be required if the user installs a new CA certificate.
2012-08-13 11:00:25 +02:00
Tobias Brunner
9756cf22f2
Show progress bar in ActionBar while loading cached CA certificates
2012-08-13 11:00:25 +02:00
Tobias Brunner
19567a5e3a
Helper function added to handle Java exceptions in native code
2012-08-13 11:00:25 +02:00
Tobias Brunner
95e9a12c28
Don't attach to actual Java threads (or already attached ones)
...
We check this by trying to retrieve a JNIEnv object from the JVM,
if one is returned the current thread is not native (created from Java)
or the thread is already attached.
2012-08-13 11:00:25 +02:00
Tobias Brunner
5afb1e3c45
Initially load CA certificates when the main Activity is created
2012-08-13 11:00:24 +02:00
Tobias Brunner
a305419b40
Trusted CA certificates are loaded and cached by a static singleton
2012-08-13 11:00:24 +02:00
Tobias Brunner
40dfe8f1d8
Remove restriction to portrait orientation
2012-08-13 11:00:24 +02:00
Tobias Brunner
3a32ba7111
Use Holo as theme
2012-08-13 11:00:24 +02:00
Tobias Brunner
da9bb5044f
Make click events on the profile list available to the Activity
...
If the Activity this fragment is placed in implements the provided interface
it is notified about clicks on any of the profiles.
2012-08-13 11:00:09 +02:00
Tobias Brunner
c6b736b9f5
Use a contextual action bar to edit and delete selected VPN profiles
2012-08-11 15:10:35 +02:00
Tobias Brunner
a3e2f127dc
Provide a menu with options to save VPN profiles
...
The ID of the updated/inserted profile is sent back to the activity that
started the detail view.
2012-08-11 15:10:35 +02:00
Tobias Brunner
c2e427c287
The list fragment uses a menu to provide an option to add new VPN profiles
2012-08-11 15:10:34 +02:00
Tobias Brunner
56a922b2ed
Added an activity to edit basic VPN profile details
...
Already load existing data based on extra data delivered with the
Intent, no saving and CA certificate handling yet.
2012-08-11 15:10:34 +02:00
Tobias Brunner
0458ac7cbc
Show list fragment in main activity
2012-08-11 15:10:34 +02:00
Tobias Brunner
7329618cc2
Fragment added to list the VPN profiles
2012-08-11 15:10:34 +02:00
Tobias Brunner
03a5a63c03
Added a custom adapter and layout to display VPN profiles in a ListView
2012-08-11 15:10:34 +02:00
Tobias Brunner
d799cbf676
Added class to simplify access to database of VPN profiles
2012-08-11 15:10:33 +02:00
Tobias Brunner
3d9127da61
Added class to move around VPN profiles in the Android App
2012-08-11 15:10:33 +02:00
Tobias Brunner
b17b495f2e
Replaced launcher icon with a more appropriate one
2012-08-11 15:10:33 +02:00
Tobias Brunner
441dde9ee9
Moved main Activity to ui sub-package
...
Also force portrait orientation.
2012-08-08 15:41:04 +02:00
Tobias Brunner
8bf3027643
Moved CharonVpnService to logic sub-package
2012-08-08 15:41:04 +02:00
Tobias Brunner
6f11e94134
Global charonservice_t object added to libandroidbridge
...
This is later used to call Java methods on CharonVpnService via JNI.
2012-08-08 15:41:04 +02:00
Tobias Brunner
f83f65be08
Added functions to attach/detach native threads to the JVM
...
Even though native threads are automatically detached from the JVM with
help of a thread-local destructor it is recommended to detach as soon as
possible as local JNI references are not freed until a thread detaches.
2012-08-08 15:41:04 +02:00
Tobias Brunner
cb887af4cf
Moved JNI helper macros to a separate file
...
Also initialize a reference to the CharonVpnService class during
JNI_OnLoad, which allows us later to call methods from C to Java.
2012-08-08 15:41:03 +02:00
Tobias Brunner
d62d5d7c2e
Use strongSwan logo as icon
...
Due to the transparency and black font this is probably not optimal yet.
2012-08-08 15:41:03 +02:00
Tobias Brunner
95dacbbc70
Allocate UDP ports randomly in Android NDK build.
2012-08-08 15:30:28 +02:00
Tobias Brunner
a405760395
Java code style fixed (analogous to C code).
2012-08-08 15:12:24 +02:00
Tobias Brunner
06ed785e5a
Load libipsec in Android app.
2012-08-08 15:12:24 +02:00
Tobias Brunner
48f2c4b69b
Some NDK build info updated.
2012-08-08 15:09:31 +02:00
Tobias Brunner
9ddc7cbfff
Changed minimal SDK/API level to 14.
2012-08-08 15:09:31 +02:00
Tobias Brunner
4a20814300
Added android.net.VpnService wrapper around charon (loaded via JNI).
2012-08-08 15:09:31 +02:00
Tobias Brunner
da848ab894
Added Android shell app created with Android SDK.
2012-08-08 15:09:30 +02:00
Tobias Brunner
2f203aee0e
Android.mk for NDK build added.
2012-08-08 15:09:30 +02:00
Martin Willi
e7600ca696
Remove debugging leftovers
2012-07-18 15:35:40 +02:00
Tobias Brunner
37d9334366
Changed default path to charon for NM frontend.
2012-05-03 13:57:04 +02:00
Martin Willi
6fde6cfaf8
NetworkManager-strongSwan Debian release 1.3.0
2011-09-07 16:09:18 +02:00
Martin Willi
791c93f3ea
Migrated NM frontend plugin to NetworkManager 0.9
...
Use GtkBuilder, drop gconf dependency.
2011-09-05 17:14:28 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Tobias Brunner
4aeb2f5ed9
maemo: New releases.
2011-02-07 17:21:22 +01:00
Tobias Brunner
848b8e3545
maemo: Register with the GtkIconTheme "changed" signal not until the GUI is initialized.
2011-02-07 11:39:41 +01:00
Tobias Brunner
a07c7ba2f6
maemo: Move debian/ directory for applet to packages/.
2011-02-04 18:02:49 +01:00
Tobias Brunner
420fcfe5fa
maemo: Added Maemo specific fields (including icons) to packages.
2011-02-04 18:02:49 +01:00
Tobias Brunner
54e8114127
maemo: Don't include debian files in distribution.
2011-02-04 18:02:49 +01:00
Tobias Brunner
5be3ceba7e
maemo: Package dependencies and descriptions changed.
2011-02-04 18:02:48 +01:00
Tobias Brunner
a6b7437b1f
maemo: Touch icon dir to trigger update event.
2011-02-04 18:02:48 +01:00
Tobias Brunner
a90891e6e3
maemo: Reload icons on icon theme change.
...
This is also needed during the installation because the applet might be
loaded before the icons are installed (or the icon cache is refreshed).
2011-02-04 18:02:48 +01:00
Tobias Brunner
25d7f059e2
maemo: Adding some missing files (required by automake).
2011-02-04 18:02:48 +01:00
Tobias Brunner
d3622166dd
Added some generated files to .gitignore.
2010-10-15 10:25:08 +02:00
Tobias Brunner
cf1bf2656e
Moved sources of the NetworkManager plugin to src/frontends.
2010-10-14 17:47:02 +02:00
Tobias Brunner
070b63d704
Maemo: Added a widget to "unselect" a certificate.
2010-10-14 17:36:20 +02:00
Tobias Brunner
31e7a45647
Maemo: OK is default response in password dialog.
2010-10-14 17:36:20 +02:00
Tobias Brunner
be26f9a280
Maemo: Handle status changes from charon.
...
Use synchronous invocation for "Connect" again.
2010-10-14 17:36:19 +02:00
Tobias Brunner
6f59971371
Maemo: Properly unregister the RPC callbacks.
2010-10-14 17:36:19 +02:00
Tobias Brunner
28c51809a7
Maemo: Basic functionality added to notify the applet about status updates.
2010-10-14 17:36:19 +02:00
Tobias Brunner
8a47cd909b
Maemo: Do not store the password in the config file, ask the user for it on demand.
2010-10-14 17:36:19 +02:00
Tobias Brunner
04164cba44
Maemo: Debianized the status applet.
2010-10-14 17:36:18 +02:00
Tobias Brunner
12b61b17ae
Maemo: Added basic connect/disconnect functionality to frontend.
2010-10-14 17:36:18 +02:00
Tobias Brunner
9889c9d84c
Maemo: Do not unref the dialog.
2010-10-14 17:36:18 +02:00
Tobias Brunner
ab02058d78
Maemo: Improved icon loading in status applet.
2010-10-14 17:36:18 +02:00
Tobias Brunner
df4f82a9ad
Maemo: Register the status applet with libosso.
2010-10-14 17:36:18 +02:00
Tobias Brunner
8411dc6e70
Maemo: Changed the input mode of several text boxes.
2010-10-14 17:36:17 +02:00
Tobias Brunner
ce736b759b
Maemo: Ensure that the settings directory exists.
2010-10-14 17:36:17 +02:00
Tobias Brunner
005e45330d
Fixed a subtle SIGSEGV.
2010-10-14 17:36:17 +02:00
Tobias Brunner
8df3749c6a
Dialog to initiate or terminate connections added.
2010-10-14 17:36:17 +02:00
Tobias Brunner
59df6ff93c
Enable dynamic registration of StrongswanConnection(s) type.
...
Because status menu plugins get loaded and unloaded dynamically by the
Hildon Desktop, we have to register our Types dynamically.
2010-10-14 17:36:17 +02:00
Tobias Brunner
41b2fbb29f
Initial version of the Hildon Desktop status menu plugin.
2010-10-14 17:36:17 +02:00
Tobias Brunner
d8f4efbf7b
Adding, editing and deleting connections is now possible in the settings plugin.
2010-10-14 17:36:17 +02:00
Tobias Brunner
2bf0caec66
Adding a dialog to the settings plugin that lists all connections.
2010-10-14 17:36:17 +02:00
Tobias Brunner
980c1b6e07
Helper methods added to StrongSwanConnections to easily show connections in a list widget.
2010-10-14 17:36:17 +02:00
Tobias Brunner
01f7455640
Management class for connection settings added, connections are stored in a simple GKeyFile.
2010-10-14 17:36:17 +02:00
Tobias Brunner
9a09e32b98
Simple GObject based class for connection settings added.
2010-10-14 17:36:16 +02:00
Tobias Brunner
d50670d50e
Adding a stub plugin for the Hildon control panel.
2010-10-14 17:36:16 +02:00
Tobias Brunner
0261b12419
Adding autotools framework for the maemo frontend.
2010-10-14 17:36:16 +02:00