Hi Tobias,
Thank you so much. I got it working.
I needed only this last step: git clone git://
git.strongswan.org/android-ndk-boringssl.git -b ndk-static openssl
to execute from src/frontends/android/app/src/main/jni/
Superb!
Kind Regards,
Houman
On Thu, 29 Oct 2020 at 07:39, Tobias
Hi Houman,
Please follow the instructions on [1].
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClientBuild
Hi Tobias,
I really hope you can help me with this. I'm trying to build the Android
Client
https://github.com/strongswan/strongswan/tree/master/src/frontends/android
I have successfully compiled StrongSwan on my Mac as requested
in README.ndk (first paragraph).
I have also ndk successfully
it with Activity Launcher, but failed. But because Android usually does the job, there are almost no good apps that support IPSec/Xauth.My questions are: has anyone here ever connected their Android strongSwan to their FritzBox? Is it possible to configure strongSwan on Android to do the task
Hello Tobias,
Yes. As per your advice, i set the default eap-method in the Freeradius
server to GTC...and it works as required.
Now the Android Strongswan-IKEv2 client [with "IKEv2 EAP
(username/password)" menu item selected] is using EAP-GTC method to
authenticate with
adius-server for AAA
You don't have to configure the client or the strongSwan server but the
RADIUS server, since it's the one initiating the EAP method.
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect#Android-BYOD-Security-based-on-the-TNC-framework
Hello
I have been using the Android-Strongswan-IKEv2-Client (on a Android-v5.1
run Motorola-E series 3G phone)...
- with FreeRadius-serverr-v3.x for AAA authentication of the vpn clients.
- The Strongswan-v5.5.1 is running on a Ubuntu-14x-LTS host
- i also have some hosts in the lan-side
Hi Don,
> I'm not sure what else to try, can anyone suggest?
If you are using Google's Project Fi, please have a look at [1].
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Known-LimitationsIssues
___
Users
I have 2 android 7 devices (nexus 9 nexus 6).
The nexus 9 is working perfectly.
The nexus 6, no matter what i do, doesn't work.
What happens is, i create my profile. Then when i select it nothing
happens. No popup. The log is empty, nothing.
I have tried uninstall/reinstall.
I'm not sure what
Hello-
After much searching on the internet I am looking for a definitive answer from
the source.
I have successfully configured iOS devices to VPN into my StrongSwan test
environment in Amazon. I have also gotten the StrongSwan client to work on
Android 4.4.2 (which tells me my certificate
Hello-
After much searching on the internet I am looking for a definitive answer from
the source.
I have successfully configured iOS devices to VPN into my StrongSwan test
environment in Amazon. I have also gotten the StrongSwan client to work on
Android 4.4.2 (which tells me my certificate
Hello everyone,
I am trying to run strongswan on Nexus S running 4.0-3. Is their any way to
run strongswan in non-su mode? I read that during ./configure,
--with-user=user_name
--with-group=group_name options gives such flexibility on Linux. But how
to achieve the same on Linux? Any idea?
Hi Nitin,
I am trying to run strongswan on Nexus S running 4.0-3. Is their any way
to run strongswan in non-su mode? I read that during
./configure, --with-user=user_name --with-group=group_name options
gives such flexibility on Linux. But how to achieve the same on Linux?
Any idea?
This is
Hi Tobias,
Thanks a lot for your quick reply.
My ultimate concern is how to start the ipsec from the Android shell as a
non root user (i.e. user=shell, group=shell). How can I achieve this by
modifying the Android.mk? As in Makefile I can give ipsec_user = shell
and ipsec_group = shell, can I give
Hi Nitin,
My ultimate concern is how to start the ipsec from the Android shell as
a non root user.
That's not possible the daemon needs root permission initially to open
the netlink/xfrm sockets. Only afterwards can it switch the user ID to
a non root user. This is true for Linux too,
Hi Tobias,
Thanks a lot for the explanation.
But the page
http://wiki.strongswan.org/projects/strongswan/wiki/ReducedPrivileges says
strongSwan allows to run it's daemons under a non-root user. I am aware of
the facts that starter checks for the uid as root. So are you saying that
even by giving
as non-root
user, but the files then have to be owned by the root user, and to
create them in such a manner will still require root permission.
So, if your goal is to install strongSwan with a regular Android app,
for non-rooted devices, you're currently out of luck.
Regards,
Tobias
is to install strongSwan with a regular Android app,
for non-rooted devices, you're currently out of luck.
Regards,
Tobias
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
@lists.strongswan.org
Emne: Re: [strongSwan] Strongswan on android gingerbread
Federico.Mancini@... writes:
YES! It was the algorithms! I finally got a tunnel!
I have no idea which specific algorithm it was that was missing, I just
enabled a bunch of them, but most
likely AES, which I guess
: Mancini, Federico
Kopi: users@...
Emne: Re: [strongSwan] Strongswan on android gingerbread
Hi Federico,
What else could it be? (just as a note I have note enabled anything
extra with the cryptographic API modules. )
It could very well be a problem with the algorithms. Which algorithms
Hi Federico,
What else could it be? (just as a note I have note enabled anything
extra with the cryptographic API modules. )
It could very well be a problem with the algorithms. Which algorithms
are negotiated between the two hosts? Did you configure anything
special on the responder?
@lists.strongswan.org
Emne: Re: [strongSwan] Strongswan on android gingerbread
Hi Federico,
What else could it be? (just as a note I have note enabled anything
extra with the cryptographic API modules. )
It could very well be a problem with the algorithms. Which algorithms
are negotiated between
: Re: [strongSwan] Strongswan on android gingerbread
Hi again,
Thanks a lot for the previous answers and sorry to having to bother you again
with a question probably not even related to StrongSwan.
I suddenly found out that the emulator I use, that is probably created after
the build of the modified
charon.
We are planning to use IPsec on a IPv6 network. Does the StrongSwan
IKEv2 port for android fully support IPv6, or only IPv4?
It should (although I did not test it) if the corresponding modules are
activated in the kernel (see [1]).
Unfortunately, I have to amend this statement. It looks
on a IPv6 network. Does the StrongSwan
IKEv2 port for android fully support IPv6, or only IPv4?
It should (although I did not test it) if the corresponding modules are
activated in the kernel (see [1]).
Unfortunately, I have to amend this statement. It looks like strongSwan
currently does not support
? Is it supposed to be there by default or is it enabled by some
of the patches, or as a module of the kernel?
Charon is built by the Android.mk files included in the strongSwan
source tree. Follow the instructions at [1], the last section explains
how to get strongSwan built within the Android source tree
@lists.strongswan.org
Emne: Re: [strongSwan] Strongswan on android gingerbread
What does not seem to be there instead is the charon service itself.
When I went in the adb shell and tried to start it, I got an error,
and noticed that in /system/bin/ of the running emulator, there is no
charon command
/projects/strongswan/wiki/Android it says that I
should Download the current tarball (or build it yourself from the strongSwan
source tree).
Now I don't understand why I should build a tarball just to extract it again,
so I just downloaded the source tree with git in the external folder of
android
Now I don't understand why I should build a tarball just to extract
it again
Yes, that's strange, isn't it ;-) The reason for this is that building
the tarball also creates several generated files, which cannot be done
that easily directly inside the Android build system. These files are
-bounces+federico.mancini=ffi...@lists.strongswan.org
[mailto:users-bounces+federico.mancini=ffi...@lists.strongswan.org] På vegne av
federico.manc...@ffi.no
Sendt: 21. oktober 2011 16:33
Til: users@lists.strongswan.org
Emne: Re: [strongSwan] Strongswan on android gingerbread
Thanks, that explains
But what about just copying the android.mk file from the source tree
inside the folder I get from extracting the
strongswan-4.2.9-stable-4853.tar.bz2 file instead? Would that work?
No, not really. There were quite a lot changes needed to make
strongSwan run on Android. Now, strongSwan 4.2.9
. oktober 2011 16:54
Til: Mancini, Federico
Kopi: users@lists.strongswan.org
Emne: Re: [strongSwan] Strongswan on android gingerbread
But what about just copying the android.mk file from the source tree
inside the folder I get from extracting the
strongswan-4.2.9-stable-4853.tar.bz2 file instead? Would
Brunner [mailto:tob...@strongswan.org]
Sendt: 10. oktober 2011 09:59
Til: Mancini, Federico
Kopi: users@lists.strongswan.org
Emne: Re: [strongSwan] Strongswan on android gingerbread
Hi Federico,
We are planning to use IPsec on a IPv6 network. Does the StrongSwan
IKEv2 port for android fully
[mailto:richard.pick...@csrtechnologies.com]
Sendt: 7. oktober 2011 21:32
Til: Mancini, Federico
Emne: Re: [strongSwan] Strongswan on android gingerbread
Federico,
I've had problems generating certs that android will take, sometimes it
takes them, sometimes from the same ca and settings it won't
Hi again,
Now that I fixed the first part about installation, before I continue I would
like to ask you a couple of questions that might save me a lot of time.
We are planning to use IPsec on a IPv6 network. Does the StrongSwan IKEv2 port
for android fully support IPv6, or only IPv4?
Also
-Opprinnelig melding-
Fra: Tobias Brunner [mailto:tob...@strongswan.org]
Sendt: 6. oktober 2011 15:19
Til: Mancini, Federico
Kopi: users@lists.strongswan.org
Emne: Re: [strongSwan] Strongswan on android gingerbread
Hi Federico,
The problem comes when I try to patch the VPN frontend as written here
Hi all,
I am new to both strongswan, android and IPsec, but for the last three
weeks I have been trying to learn enough
to integrate strongswan into android.
Now, since the kernel.org site to get android sources is down, it took
me two weeks only to get a source that successfully compiled
Hi Federico,
The problem comes when I try to patch the VPN frontend as written here:
http://wiki.strongswan.org/projects/strongswan/wiki/AndroidFrontend.
Did the patches apply cleanly? Look for .rej files.
The android source doesn’t compile anymore. I suspect it is because I am
using
Hi Antoine,
PS:The custom kernel is not yet built because I have planned to it after
compiling the entire android sources including strongswan. It should
normally won't be disturbing?
No, you can build that later without problem.
external/strongswan-4.5.1/src/libstrongswan/settings.c:23:18
Hi,
As part of my internship I am trying to build strongswan on Android 2.2.
I have followed these steps using the special HOWTO for android provided on the
strongswan website:
-I have downloaded the android 2.2.1 sources using repo
-I have built the sources (without strongswan) using
Hi,
As part of my internship I am trying to build strongswan on Android 2.2.
I have followed these steps using the special HOWTO for android provided on the
strongswan website:
-I have downloaded the android 2.2.1 sources using repo
-I have built the sources (without strongswan) using
41 matches
Mail list logo