public static final int FLAGS_DISABLE_OCSP = 1 << 2;
public static final int FLAGS_STRICT_REVOCATION = 1 << 3;
public static final int FLAGS_RSA_PSS = 1 << 4;
+ public static final int FLAGS_IPv6_TRANSPORT = 1 << 5;
private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;
SimpleFetcher.enable();
addNotification();
mBuilderAdapter.setProfile(mCurrentProfile);
- if (initializeCharon(mBuilderAdapter, mLogFile, mAppDir, mCurrentProfile.getVpnType().has(VpnTypeFeature.BYOD)))
+ if (initializeCharon(mBuilderAdapter, mLogFile, mAppDir, mCurrentProfile.getVpnType().has(VpnTypeFeature.BYOD),
+ (mCurrentProfile.getFlags() & VpnProfile.FLAGS_IPv6_TRANSPORT) != 0))
{
Log.i(TAG, "charon started");
* @param logfile absolute path to the logfile
* @param appdir absolute path to the data directory of the app
* @param byod enable BYOD features
+ * @param ipv6 enable IPv6 transport
* @return TRUE if initialization was successful
*/
- public native boolean initializeCharon(BuilderAdapter builder, String logfile, String appdir, boolean byod);
+ public native boolean initializeCharon(BuilderAdapter builder, String logfile, String appdir, boolean byod, boolean ipv6);
/**
* Deinitialize charon, provided by libandroidbridge.so
/**
* Set strongswan.conf options
*/
-static void set_options(char *logfile)
+static void set_options(char *logfile, jboolean ipv6)
{
lib->settings->set_int(lib->settings,
"charon.plugins.android_log.loglevel", ANDROID_DEBUG_LEVEL);
* information */
lib->settings->set_bool(lib->settings,
"charon.plugins.socket-default.set_source", FALSE);
- /* the Linux kernel does currently not support UDP encaspulation for IPv6
- * so lets disable IPv6 for now to avoid issues with dual-stack gateways */
+ /* the Linux kernel only supports UDP encap for IPv6 since 5.8, so let's use
+ * IPv6 only if requested, to avoid issues with older dual-stack servers */
lib->settings->set_bool(lib->settings,
- "charon.plugins.socket-default.use_ipv6", FALSE);
+ "charon.plugins.socket-default.use_ipv6", ipv6);
#ifdef USE_BYOD
lib->settings->set_str(lib->settings,
* Initialize charon and the libraries via JNI
*/
JNI_METHOD(CharonVpnService, initializeCharon, jboolean,
- jobject builder, jstring jlogfile, jstring jappdir, jboolean byod)
+ jobject builder, jstring jlogfile, jstring jappdir, jboolean byod, jboolean ipv6)
{
struct sigaction action;
struct utsname utsname;
/* set options before initializing other libraries that might read them */
logfile = androidjni_convert_jstring(env, jlogfile);
- set_options(logfile);
+ set_options(logfile, ipv6);
free(logfile);
if (!libipsec_init())
projects / thirdparty / strongswan.git / commitdiff
