From: Tobias Brunner Date: Wed, 28 Jun 2017 16:44:45 +0000 (+0200) Subject: android: Make NAT-T keepalive interval configurable in the GUI X-Git-Tag: 5.6.0dr1~23^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2aa0ca0e457331870b6d371f7405ecb1d8f6932;p=thirdparty%2Fstrongswan.git android: Make NAT-T keepalive interval configurable in the GUI --- diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java index 0bae6142d9..1b1494be8f 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java @@ -113,6 +113,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity private TextInputLayoutHelper mMTUWrap; private EditText mPort; private TextInputLayoutHelper mPortWrap; + private EditText mNATKeepalive; + private TextInputLayoutHelper mNATKeepaliveWrap; private EditText mIncludedSubnets; private TextInputLayoutHelper mIncludedSubnetsWrap; private EditText mExcludedSubnets; @@ -163,6 +165,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity mMTUWrap = (TextInputLayoutHelper) findViewById(R.id.mtu_wrap); mPort = (EditText)findViewById(R.id.port); mPortWrap = (TextInputLayoutHelper) findViewById(R.id.port_wrap); + mNATKeepalive = (EditText)findViewById(R.id.nat_keepalive); + mNATKeepaliveWrap = (TextInputLayoutHelper) findViewById(R.id.nat_keepalive_wrap); mIncludedSubnets = (EditText)findViewById(R.id.included_subnets); mIncludedSubnetsWrap = (TextInputLayoutHelper)findViewById(R.id.included_subnets_wrap); mExcludedSubnets = (EditText)findViewById(R.id.excluded_subnets); @@ -528,7 +532,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity { Integer st = mProfile.getSplitTunneling(); show = mProfile.getRemoteId() != null || mProfile.getMTU() != null || - mProfile.getPort() != null || (st != null && st != 0) || + mProfile.getPort() != null || mProfile.getNATKeepAlive() != null || (st != null && st != 0) || mProfile.getIncludedSubnets() != null || mProfile.getExcludedSubnets() != null || mProfile.getSelectedAppsHandling() != SelectedAppsHandling.SELECTED_APPS_DISABLE; } @@ -618,6 +622,12 @@ public class VpnProfileDetailActivity extends AppCompatActivity mPortWrap.setError(String.format(getString(R.string.alert_text_out_of_range), 1, 65535)); valid = false; } + if (!validateInteger(mNATKeepalive, Constants.NAT_KEEPALIVE_MIN, Constants.NAT_KEEPALIVE_MAX)) + { + mNATKeepaliveWrap.setError(String.format(getString(R.string.alert_text_out_of_range), + Constants.NAT_KEEPALIVE_MIN, Constants.NAT_KEEPALIVE_MAX)); + valid = false; + } return valid; } @@ -650,6 +660,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity mProfile.setRemoteId(remote_id.isEmpty() ? null : remote_id); mProfile.setMTU(getInteger(mMTU)); mProfile.setPort(getInteger(mPort)); + mProfile.setNATKeepAlive(getInteger(mNATKeepalive)); String included = mIncludedSubnets.getText().toString().trim(); mProfile.setIncludedSubnets(included.isEmpty() ? null : included); String excluded = mExcludedSubnets.getText().toString().trim(); @@ -685,6 +696,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity mRemoteId.setText(mProfile.getRemoteId()); mMTU.setText(mProfile.getMTU() != null ? mProfile.getMTU().toString() : null); mPort.setText(mProfile.getPort() != null ? mProfile.getPort().toString() : null); + mNATKeepalive.setText(mProfile.getNATKeepAlive() != null ? mProfile.getNATKeepAlive().toString() : null); mIncludedSubnets.setText(mProfile.getIncludedSubnets()); mExcludedSubnets.setText(mProfile.getExcludedSubnets()); mBlockIPv4.setChecked(mProfile.getSplitTunneling() != null && (mProfile.getSplitTunneling() & VpnProfile.SPLIT_TUNNELING_BLOCK_IPV4) != 0); diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/utils/Constants.java b/src/frontends/android/app/src/main/java/org/strongswan/android/utils/Constants.java index 413ecae97f..487ea017bd 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/utils/Constants.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/utils/Constants.java @@ -37,4 +37,10 @@ public final class Constants */ public static final int MTU_MAX = 1500; public static final int MTU_MIN = 1280; + + /** + * Limits for NAT-T keepalive + */ + public static final int NAT_KEEPALIVE_MAX = 120; + public static final int NAT_KEEPALIVE_MIN = 10; } diff --git a/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml b/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml index 8b153b89a3..472efbc83a 100644 --- a/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml +++ b/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml @@ -244,6 +244,22 @@ + + + + + + Falls der Standardwert in einem bestimmten Netzwerk nicht geeignet ist Server Port UDP-Port zu dem verbunden wird, falls dieser vom Standard-Port abweicht + NAT-T Keepalive Intervall + Kleine Pakete werden gesendet, um Mappings auf NAT-Routern am Leben zu erhalten, wenn sonst nichts gesendet wird. Um Energie zu sparen, ist das Standardintervall auf 45 Sekunden gesetzt. Hinter NAT-Routern die Mappings früh entfernen, ist dies möglicherweise zu hoch. 20 Sekunden oder weniger können in diesem Fall helfen. Split-Tunneling Standardmässig leitet der Client allen Netzwerkverkehr durch den VPN Tunnel, ausser der Server schränkt die Subnetze beim Verbindungsaufbau ein, in welchem Fall nur der Verkehr via VPN geleitet wird, den der Server erlaubt (der Rest wird standardmässig behandelt, als ob kein VPN vorhanden wäre). Blockiere IPv4 Verkehr der nicht für das VPN bestimmt ist diff --git a/src/frontends/android/app/src/main/res/values-pl/strings.xml b/src/frontends/android/app/src/main/res/values-pl/strings.xml index d8965a1e45..d551909945 100644 --- a/src/frontends/android/app/src/main/res/values-pl/strings.xml +++ b/src/frontends/android/app/src/main/res/values-pl/strings.xml @@ -79,6 +79,8 @@ In case the default value is unsuitable for a particular network Server port UDP port to connect to, if different from the default + NAT-T keepalive interval + Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case. Split tunneling By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN). Block IPv4 traffic not destined for the VPN diff --git a/src/frontends/android/app/src/main/res/values-ru/strings.xml b/src/frontends/android/app/src/main/res/values-ru/strings.xml index 7296554d87..666e5be083 100644 --- a/src/frontends/android/app/src/main/res/values-ru/strings.xml +++ b/src/frontends/android/app/src/main/res/values-ru/strings.xml @@ -76,6 +76,8 @@ In case the default value is unsuitable for a particular network Server port UDP port to connect to, if different from the default + NAT-T keepalive interval + Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case. Split tunneling By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN). Block IPv4 traffic not destined for the VPN diff --git a/src/frontends/android/app/src/main/res/values-ua/strings.xml b/src/frontends/android/app/src/main/res/values-ua/strings.xml index 6f30fcf16e..2ba7ef8641 100644 --- a/src/frontends/android/app/src/main/res/values-ua/strings.xml +++ b/src/frontends/android/app/src/main/res/values-ua/strings.xml @@ -77,6 +77,8 @@ In case the default value is unsuitable for a particular network Server port UDP port to connect to, if different from the default + NAT-T keepalive interval + Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case. Split tunneling By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN). Block IPv4 traffic not destined for the VPN diff --git a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml index 415212eab1..b8fccadadf 100644 --- a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml +++ b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml @@ -76,6 +76,8 @@ 假如在某一网络下默认值不合适 服务器端口 如不同于默认值,则所需连接的UDP端口 + NAT-T keepalive interval + Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case. 拆分隧道 By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN). 屏蔽不通过VPN的IPV4流量 diff --git a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml index e1cdf32e54..2108a8b304 100644 --- a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml +++ b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml @@ -76,6 +76,8 @@ 如果在某個網路下預設值不適合 伺服器Port 如果和預設值不同,則需要連接的UDP Port + NAT-T keepalive interval + Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case. 拆分隧道 By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN). 屏蔽不通过VPN的IPV4流量 diff --git a/src/frontends/android/app/src/main/res/values/strings.xml b/src/frontends/android/app/src/main/res/values/strings.xml index fa38753c2d..0f22cc8cf9 100644 --- a/src/frontends/android/app/src/main/res/values/strings.xml +++ b/src/frontends/android/app/src/main/res/values/strings.xml @@ -79,6 +79,8 @@ In case the default value is unsuitable for a particular network Server port UDP port to connect to, if different from the default + NAT-T keepalive interval + Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case. Split tunneling By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN). Block IPv4 traffic not destined for the VPN