VPN technology is getting popular all over the world due to its characteristic of provide privacy and counter restrictions on access of applications and websites. The requirement of VPN varies on circumstances around user such as Government policies.
IKEV2 protocol is most secure and fast protocol among other protocols. In this blog we tell you how to develop Android VPN app with IKEV2 protocol. But Android does not provide build-in support for IKEV2 protocol so we will use StrongSwan (the OpenSource IPsec-based VPN Solution) libraries for this purpose.
Getting Started
Scope of this blog is to configure the StrongSwan and integrates in AndroidApp. There are three major parts of this app.
-
StrongSwan libraries (libstrongswan, libcharon etc.)
-
Application in Java (Android)
-
Library to glue these two parts
The Java part and the libraries communicate by means of the Java Native Interface (JNI).
To achieve this there are three major steps need to implement.
-
Configure StrongSwan
-
Integrate StrongSwan in Android App
-
Java code to use connect VPN using StrongSwan
1. Configure StrongSwan:
I am working on windows platform. For configuring StrongSwan there are some shell commands, as windows cmd does not support shell commands for this I have used CENTOS virtual machine. Download VMWare or Vitual box to host your virtual machine on windows and then open .vmx file
In CENTOS you need the following tools:
-
a recent GNU C compiler (>= 3.x)
-
automake
-
Autoconf
-
Libtool
-
pkg-config
-
gettext
-
perl
-
Python
-
lex/flex
-
yacc/bison
-
gperf
Now follow the steps to configure StrongSwan
a. Clone StrongSwan
Clone StrongSwan using command:
Git clone https://git.strongswan.org/strongswan.git
After a successful check out, give the autotools a try
b. Go to StrongSwan directory
First go to the Strongswan directory that you have cloned by the following command.
cd strongswan/
c. Create source files
Then run these commands one by one after each command done successfully:
• ./autogen.sh • ./configure • Make • Make install
This creates several pre-build source files. Next go to JNI directory by running the following command:
cd src/frontends/android/app/src/main/jni
And run this command
Git clone https://git.strongswan.org/android-ndk-boringssl.git -b ndk-staticopenssl
Now copy the code from CENTOS to window and run the app in android studio the code for the App can be found in the source: strongswan/src/frontends/android directory of our repository. To build it the Android SDK and NDK are required.
2. Integrate StrongSwan in Android App:
Now we integrate StrongSwan libraries in Android app. Here we use sample android app given by StrongSwan as front-end app. For this purpose we need .so files for native classes to communicate with Java classes. Download the Strong project from Github and copy JniLibs folder from this Github project and past it in your project that have copied from CENTOS in the following path:
strongswan/src/frontends/android /app/src/main
Now build the project, if there is NDK path problem try to replace this
task buildNative(type: Exec) {
workingDir 'src/main/jni'
commandLine "${android.ndkDirectory}/ndk-build", '-j', Runtime.runtime.availableProcessors()
}with this
task buildNative(type: Exec) {
workingDir 'src/main/jni'
commandLine "${android.ndkDirectory}\\ndk-build.cmd", '-j', Runtime.runtime.availableProcessors()
}and sync now.
3. Java code to use connect VPN using StrongSwan:
To connect with VPN using StrongSwan in this app you need to replace some piece of code as below:
In file path
strongswan\src\frontends\android\app\src\main\java\org\strongswan\android\logic/CharonVpnService.java
You will see the cod
SettingsWriter writer = new SettingsWriter();
writer.setValue("global.language", Locale.getDefault().getLanguage());
writer.setValue("global.mtu", mCurrentProfile.getMTU());
writer.setValue("global.nat_keepalive", mCurrentProfile.getNATKeepAlive());
writer.setValue("global.rsa_pss", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_RSA_PSS) != 0);
writer.setValue("global.crl", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_CRL) == 0);
writer.setValue("global.ocsp", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_OCSP) == 0);
writer.setValue("connection.type", mCurrentProfile.getVpnType().getIdentifier());
writer.setValue("connection.server", mCurrentProfile.getGateway());
writer.setValue("connection.port", mCurrentProfile.getPort());
writer.setValue("connection.username", mCurrentProfile.getUsername());
writer.setValue("connection.password", mCurrentProfile.getPassword());
writer.setValue("connection.local_id", mCurrentProfile.getLocalId());
writer.setValue("connection.remote_id", mCurrentProfile.getRemoteId());
writer.setValue("connection.certreq", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_SUPPRESS_CERT_REQS) == 0);
writer.setValue("connection.strict_revocation", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_STRICT_REVOCATION) != 0);
writer.setValue("connection.ike_proposal", mCurrentProfile.getIkeProposal());
Replace it with
initiate(mCurrentProfile.getVpnType().getIdentifier(), mCurrentProfile.getGateway(), mCurrentProfile.getUsername(), mCurrentProfile.getPassword());
Now it should work
Add StrongSwan as a Module in Android App:
If u want to use strongswan in your app, add android folder from this path strongswan\src\frontends\android in your app as a module and use this project in your app.
Got to File->New->import module
Select android folder from the strongswan project directory
It will give error that the app module is already exist so change the module name from “app” to “strongswan” you can write what u want. And click finish.
Right click on app and click open module settings
Select Dependencies tab from side menu, click on “+”and select module dependency
Select strongswan and click ok.
Now you can see strongswan module is added
Conclusion:
The basic purpose of this blog is to summarize the strongswan(the OpenSource IPsec-based VPN Solution) configuration and intergration in android project to build up the VPN app using IKEV2 protocol.
