Tobias, Sorry for the slow response. I just tried the code in the android-kernel branch, and it is working great.
Thanks, Mike >-----Original Message----- >From: Tobias Brunner [mailto:[email protected]] >Sent: Tuesday, April 16, 2013 9:19 AM >To: Peck, Michael A >Cc: [email protected] >Subject: Re: [strongSwan-dev] Problem with Android VPN Client on Motorola >DROID RAZR running Android 4.1.2 > >Hi Mike, > >Thanks for the details. > >>>> i.e. if I checkout master and run “git revert >>>> 21dd4c4beab5b3e61dba28eedbc7aad375bdf0a3”, then build, the app >works >>> fine. >>>> >>>> Any thoughts on the problem? >>> >>> Could you check which of the two changes in the patch causes the issue? >> >> The first change is the one that causes the issue with the Android app. >> In src/libcharon/sa/ike_sa.c: >> This code segment works: >> /* update our address in any case */ >> if (!me->equals(me, this->my_host)) >> { >> ... >> This code segment doesn't work: >> /* update our address in any case */ >> if (force && !me->equals(me, this->my_host)) >> ... > >I see. The problem is in fact that multiple interfaces on your device >are up and have IP addresses installed on them. > >> 10.184.214.218 is the external interface (cellular data). Notice the >> "sending packet: from 192.168.157.1[38661]" - that is not the >> external interface. I think it's one of the USB interfaces. >> 10.184.214.218 is the external interface on the Android phone. Could >> that be part of the problem? 54.242.XXX.YY is the internet-facing IP >> of the gateway, but the gateway sees its own address as >> 10.214.xxx.yy. > >The default network interface on Linux does a route lookup to determine >the proper source address. On Android the kernel interface, so far, >simply determined the first usable IP address and returned that (i.e. >the first address on the first interface that's up and not 'lo' or a TUN >device). This worked pretty well in my tests. And before the above >commit it also worked in situations where the wrong IP was chosen at >first. Because when charon later saw the correct IP when it received >the response from the gateway it was able to update the address. With >the above commit this auto-fix is not happening anymore. > >I now refactored the app so that it uses the kernel-netlink plugin with >its more complex route lookup/source address selection algorithm. Could >you please try if the code in the android-kernel branch [1] fixes the >issue on your device? > >Thanks, >Tobias > >[1] >http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/androi >d-kernel _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
