VPN technology is getting popular all over the world due to its characteristic of provide privacy and counter restrictions on access of applications and websites. The requirement of VPN varies on circumstances around user such as Government policies.

IKEV2 protocol is most secure and fast protocol among other protocols. In this blog we tell you how to develop Android VPN app with IKEV2 protocol. But Android does not provide build-in support for IKEV2 protocol so we will use StrongSwan (the OpenSource IPsec-based VPN Solution) libraries for this purpose.

Getting Started

Scope of this blog is to configure the StrongSwan and integrates in AndroidApp. There are three major parts of this app.

  • StrongSwan libraries  (libstrongswan, libcharon etc.)
  • Application in Java (Android)
  • Library to glue these two parts

The Java part and the libraries communicate by means of the Java Native Interface (JNI).

To achieve this there are three major steps need to implement.

  1. Configure StrongSwan
  2. Integrate StrongSwan in Android App
  3. Java code to use connect VPN using StrongSwan

1. Configure StrongSwan:

I am working on windows platform. For configuring StrongSwan there are some shell commands, as windows cmd does not support shell commands for this I have used CENTOS virtual machine. Download VMWare or Vitual box to host your virtual machine on windows and then open .vmx file

In CENTOS you need the following tools:

  • a recent GNU C compiler (>= 3.x)
  • automake
  • Autoconf
  • Libtool
  • pkg-config
  • gettext
  • perl
  • Python
  • lex/flex
  • yacc/bison
  • gperf

Now follow the steps to configure StrongSwan

a. Clone StrongSwan

Clone StrongSwan using command:

Git clone https://git.strongswan.org/strongswan.git

After a successful check out, give the autotools a try

b. Go to StrongSwan directory

First go to the Strongswan directory that you have cloned by the following command.

cd strongswan/

c. Create source files

Then run these commands one by one after each command done successfully:

•	./autogen.sh
•	./configure
•	Make
•	Make install

This creates several pre-build source files. Next go to JNI directory by running the following command:

cd src/frontends/android/app/src/main/jni

And run this command

Git clone https://git.strongswan.org/android-ndk-boringssl.git -b ndk-staticopenssl

Now copy the code from CENTOS to window and run the app in android studio the code for the App can be found in the source: strongswan/src/frontends/android directory of our repository. To build it the Android SDK and NDK are required.

2. Integrate StrongSwan in Android App:

Now we integrate StrongSwan libraries in Android app. Here we use sample android app given by StrongSwan as front-end app. For this purpose we need .so files for native classes to communicate with Java classes. Download the Strong project from Github and copy JniLibs folder from this Github project and past it in your project that have copied from CENTOS in the following path:

strongswan/src/frontends/android /app/src/main

Now build the project, if there is NDK path problem try to replace this

task buildNative(type: Exec) {
    workingDir 'src/main/jni'
commandLine "${android.ndkDirectory}/ndk-build", '-j', Runtime.runtime.availableProcessors()
}

with this

task buildNative(type: Exec) {
    workingDir 'src/main/jni'
commandLine "${android.ndkDirectory}\ndk-build.cmd", '-j', Runtime.runtime.availableProcessors()
}

and sync now.

3. Java code to use connect VPN using StrongSwan:

To connect with VPN using StrongSwan in this app you need to replace some piece of code as below:

In file path

strongswan\src\frontends\android\app\src\main\java\org\strongswan\android\logic/CharonVpnService.java

You will see the code

SettingsWriter writer = new SettingsWriter();
writer.setValue("global.language", Locale.getDefault().getLanguage());
writer.setValue("global.mtu", mCurrentProfile.getMTU());
writer.setValue("global.nat_keepalive", mCurrentProfile.getNATKeepAlive());
writer.setValue("global.rsa_pss", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_RSA_PSS) != 0);
writer.setValue("global.crl", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_CRL) == 0);
writer.setValue("global.ocsp", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_OCSP) == 0);
writer.setValue("connection.type", mCurrentProfile.getVpnType().getIdentifier());
writer.setValue("connection.server", mCurrentProfile.getGateway());
writer.setValue("connection.port", mCurrentProfile.getPort());
writer.setValue("connection.username", mCurrentProfile.getUsername());
writer.setValue("connection.password", mCurrentProfile.getPassword());
writer.setValue("connection.local_id", mCurrentProfile.getLocalId());
writer.setValue("connection.remote_id", mCurrentProfile.getRemoteId());
writer.setValue("connection.certreq", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_SUPPRESS_CERT_REQS) == 0);
writer.setValue("connection.strict_revocation", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_STRICT_REVOCATION) != 0);
writer.setValue("connection.ike_proposal", mCurrentProfile.getIkeProposal());

Replace it with

initiate(mCurrentProfile.getVpnType().getIdentifier(),
mCurrentProfile.getGateway(), mCurrentProfile.getUsername(),
mCurrentProfile.getPassword());

Now it should work

Add StrongSwan as a Module in Android App:

If u want to use strongswan in your app, add android folder from this path strongswan\src\frontends\android in your app as a module and use this project in your app.

Got to File->New->import module

Select android folder from the strongswan project directory

It will give error that the app module is already exist so change the module name from “app” to “strongswan” you can write what u want. And click finish.

Right click on app and click open module settings

Select Dependencies tab from side menu, click on “+”and select module dependency

Select strongswan and click ok.

Now you can see strongswan module is added

Conclusion:

The basic purpose of this blog is to summarize the strongswan(the OpenSource IPsec-based VPN Solution) configuration and intergration in android project to build up the VPN app using IKEV2 protocol.

Do you want us to build an App for you ?