File: description.txt

package info (click to toggle)
libreswan 5.2-2.2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 81,632 kB
  • sloc: ansic: 129,988; sh: 32,018; xml: 20,646; python: 10,303; makefile: 3,022; javascript: 1,506; sed: 574; yacc: 511; perl: 264; awk: 52
file content (85 lines) | stat: -rw-r--r-- 2,077 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
Configure EAST so that it will interop with an android simulator using x509

Setup:

- Prepare the host:

  DO NOT SET KVM_PREFIXES:
  EAST needs to be directly accessible from the host.

    ./kvm install
    ./kvm check testing/pluto/android-be-happy
    tail -f testing/pluto/android-be-happy/OUTPUT/east.pluto.log
  and:
    ./kvm sh east
    east# tail -f /tmp/pluto.log

- Start the simulator

- Using studio, copy the certificates east.p12 and west.p12 (password
  foobar) to android

  Make finding the certs easy:

    cp testing/x509/real/mainca/east.all.p12 /tmp
    cp testing/x509/real/mainca/west.all.p12 /tmp

  From studio, open the simulator's storage using:

      View
      > Tool Windows
      > Device File Explorer

   From there, navigate to:

      storage
      v XXX-XXX
      v Download

   right-click on "Download" and select "upload" to upload the certs

- Using android, add the certificate

  Go to:

    Settings
    > Security
    > Encryption & credentials
    > Install a certificate
    > VPN & app user certificate

  and navigate to SDCARDS v Downloads and open it (password foobar)

- Using android, configure the connection:

  Go to:

    Network & internet
    > VPN
    > +

  And enter:

    type: IKEv2/IPsec RSA
    server: 192.1.2.23
    identifier: west
    IPsec user certificate: west (see above, password foobar)
    IPsec CA certificate: (don't verify server)
    IPsec server certificate: (received from server)

Known bugs:

   Android's IKE crashes with aes-gcm+rsa
   https://issuetracker.google.com/issues/203676760

   Android proposes DIGSIG sha1+sha2 hashes; pluto accepts only sha2;
   Android signs with probably-not-supported PKCS#1 1.5 SHA2 RSA.
   https://issuetracker.google.com/issues/213617220

   Android shouldn't be sending a delete IKE SA request when it gets
   back an AUTHENTICATION_FAILED IKE_AUTH response
   https://issuetracker.google.com/issues/213599617

   Android crashes when set RSASSA_PSS ASN.1 prefix:
   Unrecognized ASN.1 objects for Signature algorithm and Hash
   (worth filing bug?)