diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-07-03 10:37:21 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-07-03 10:37:21 +0200 |
| commit | aea901bbbe097b1ad0612e2e0b90c422ff96e5fe (patch) | |
| tree | 42a4d5ef3908632842d32bf8f6f166ce5d076f5b | |
| parent | 6f0888c8724638c9553f408cdae9e57adb9e4b7e (diff) | |
| parent | 8ae7f8b7a2ef67bc9b56b52398d93907cf95c67d (diff) | |
| download | strongswan-aea901bbbe097b1ad0612e2e0b90c422ff96e5fe.tar.bz2 strongswan-aea901bbbe097b1ad0612e2e0b90c422ff96e5fe.tar.xz | |
Merge branch 'android-certreq'
This adds an option that allows disabling certificate requests during
IKE_AUTH.
14 files changed, 79 insertions, 6 deletions
diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java index ba50125c0..f4e2899d1 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java @@ -30,10 +30,11 @@ public class VpnProfile implements Cloneable /* While storing this as EnumSet would be nicer this simplifies storing it in a database */ public static final int SPLIT_TUNNELING_BLOCK_IPV4 = 1; public static final int SPLIT_TUNNELING_BLOCK_IPV6 = 2; + public static final int FLAGS_SUPPRESS_CERT_REQS = 1; private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate; private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps; - private Integer mMTU, mPort, mSplitTunneling, mNATKeepAlive; + private Integer mMTU, mPort, mSplitTunneling, mNATKeepAlive, mFlags; private SelectedAppsHandling mSelectedAppsHandling = SelectedAppsHandling.SELECTED_APPS_DISABLE; private VpnType mVpnType; private UUID mUUID; @@ -281,6 +282,16 @@ public class VpnProfile implements Cloneable this.mSplitTunneling = splitTunneling; } + public Integer getFlags() + { + return mFlags; + } + + public void setFlags(Integer flags) + { + this.mFlags = flags; + } + @Override public String toString() { diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfileDataSource.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfileDataSource.java index 7154336c7..c67a03d77 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfileDataSource.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfileDataSource.java @@ -52,6 +52,7 @@ public class VpnProfileDataSource public static final String KEY_SELECTED_APPS = "selected_apps"; public static final String KEY_SELECTED_APPS_LIST = "selected_apps_list"; public static final String KEY_NAT_KEEPALIVE = "nat_keepalive"; + public static final String KEY_FLAGS = "flags"; private DatabaseHelper mDbHelper; private SQLiteDatabase mDatabase; @@ -60,7 +61,7 @@ public class VpnProfileDataSource private static final String DATABASE_NAME = "strongswan.db"; private static final String TABLE_VPNPROFILE = "vpnprofile"; - private static final int DATABASE_VERSION = 13; + private static final int DATABASE_VERSION = 14; public static final String DATABASE_CREATE = "CREATE TABLE " + TABLE_VPNPROFILE + " (" + @@ -82,7 +83,8 @@ public class VpnProfileDataSource KEY_INCLUDED_SUBNETS + " TEXT," + KEY_SELECTED_APPS + " INTEGER," + KEY_SELECTED_APPS_LIST + " TEXT," + - KEY_NAT_KEEPALIVE + " INTEGER" + + KEY_NAT_KEEPALIVE + " INTEGER," + + KEY_FLAGS + " INTEGER" + ");"; private static final String[] ALL_COLUMNS = new String[] { KEY_ID, @@ -104,6 +106,7 @@ public class VpnProfileDataSource KEY_SELECTED_APPS, KEY_SELECTED_APPS_LIST, KEY_NAT_KEEPALIVE, + KEY_FLAGS, }; private static class DatabaseHelper extends SQLiteOpenHelper @@ -188,6 +191,11 @@ public class VpnProfileDataSource db.execSQL("ALTER TABLE " + TABLE_VPNPROFILE + " ADD " + KEY_NAT_KEEPALIVE + " INTEGER;"); } + if (oldVersion < 14) + { + db.execSQL("ALTER TABLE " + TABLE_VPNPROFILE + " ADD " + KEY_FLAGS + + " INTEGER;"); + } } private void updateColumns(SQLiteDatabase db) @@ -368,6 +376,7 @@ public class VpnProfileDataSource profile.setSelectedAppsHandling(getInt(cursor, cursor.getColumnIndex(KEY_SELECTED_APPS))); profile.setSelectedApps(cursor.getString(cursor.getColumnIndex(KEY_SELECTED_APPS_LIST))); profile.setNATKeepAlive(getInt(cursor, cursor.getColumnIndex(KEY_NAT_KEEPALIVE))); + profile.setFlags(getInt(cursor, cursor.getColumnIndex(KEY_FLAGS))); return profile; } @@ -392,6 +401,7 @@ public class VpnProfileDataSource values.put(KEY_SELECTED_APPS, profile.getSelectedAppsHandling().getValue()); values.put(KEY_SELECTED_APPS_LIST, profile.getSelectedApps()); values.put(KEY_NAT_KEEPALIVE, profile.getNATKeepAlive()); + values.put(KEY_FLAGS, profile.getFlags()); return values; } diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java index d8b4b4e44..235681772 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java @@ -258,6 +258,7 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe writer.setValue("connection.password", mCurrentProfile.getPassword()); writer.setValue("connection.local_id", mCurrentProfile.getLocalId()); writer.setValue("connection.remote_id", mCurrentProfile.getRemoteId()); + writer.setValue("connection.certreq", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_SUPPRESS_CERT_REQS) == 0); initiate(writer.serialize()); } else diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java index 1b1494be8..8bf5fd2b2 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java @@ -53,6 +53,7 @@ import android.widget.EditText; import android.widget.MultiAutoCompleteTextView; import android.widget.RelativeLayout; import android.widget.Spinner; +import android.widget.Switch; import android.widget.TextView; import org.strongswan.android.R; @@ -113,6 +114,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity private TextInputLayoutHelper mMTUWrap; private EditText mPort; private TextInputLayoutHelper mPortWrap; + private Switch mCertReq; private EditText mNATKeepalive; private TextInputLayoutHelper mNATKeepaliveWrap; private EditText mIncludedSubnets; @@ -167,6 +169,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity mPortWrap = (TextInputLayoutHelper) findViewById(R.id.port_wrap); mNATKeepalive = (EditText)findViewById(R.id.nat_keepalive); mNATKeepaliveWrap = (TextInputLayoutHelper) findViewById(R.id.nat_keepalive_wrap); + mCertReq = (Switch)findViewById(R.id.cert_req); mIncludedSubnets = (EditText)findViewById(R.id.included_subnets); mIncludedSubnetsWrap = (TextInputLayoutHelper)findViewById(R.id.included_subnets_wrap); mExcludedSubnets = (EditText)findViewById(R.id.excluded_subnets); @@ -530,9 +533,10 @@ public class VpnProfileDetailActivity extends AppCompatActivity boolean show = mShowAdvanced.isChecked(); if (!show && mProfile != null) { - Integer st = mProfile.getSplitTunneling(); + Integer st = mProfile.getSplitTunneling(), flags = mProfile.getFlags(); show = mProfile.getRemoteId() != null || mProfile.getMTU() != null || - mProfile.getPort() != null || mProfile.getNATKeepAlive() != null || (st != null && st != 0) || + mProfile.getPort() != null || mProfile.getNATKeepAlive() != null || + (flags != null && flags != 0) || (st != null && st != 0) || mProfile.getIncludedSubnets() != null || mProfile.getExcludedSubnets() != null || mProfile.getSelectedAppsHandling() != SelectedAppsHandling.SELECTED_APPS_DISABLE; } @@ -661,6 +665,9 @@ public class VpnProfileDetailActivity extends AppCompatActivity mProfile.setMTU(getInteger(mMTU)); mProfile.setPort(getInteger(mPort)); mProfile.setNATKeepAlive(getInteger(mNATKeepalive)); + int flags = 0; + flags |= !mCertReq.isChecked() ? VpnProfile.FLAGS_SUPPRESS_CERT_REQS : 0; + mProfile.setFlags(flags); String included = mIncludedSubnets.getText().toString().trim(); mProfile.setIncludedSubnets(included.isEmpty() ? null : included); String excluded = mExcludedSubnets.getText().toString().trim(); @@ -681,6 +688,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity private void loadProfileData(Bundle savedInstanceState) { String useralias = null, local_id = null, alias = null; + Integer flags = null; getSupportActionBar().setTitle(R.string.add_profile); if (mId != null && mId != 0) @@ -703,6 +711,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity mBlockIPv6.setChecked(mProfile.getSplitTunneling() != null && (mProfile.getSplitTunneling() & VpnProfile.SPLIT_TUNNELING_BLOCK_IPV6) != 0); mSelectedAppsHandling = mProfile.getSelectedAppsHandling(); mSelectedApps = mProfile.getSelectedAppsSet(); + flags = mProfile.getFlags(); useralias = mProfile.getUserCertificateAlias(); local_id = mProfile.getLocalId(); alias = mProfile.getCertificateAlias(); @@ -717,6 +726,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity } mSelectVpnType.setSelection(mVpnType.ordinal()); + mCertReq.setChecked(flags == null || (flags & VpnProfile.FLAGS_SUPPRESS_CERT_REQS) == 0); /* check if the user selected a user certificate previously */ useralias = savedInstanceState == null ? useralias : savedInstanceState.getString(VpnProfileDataSource.KEY_USER_CERTIFICATE); diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java index 0625b3918..5cfcf4895 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java @@ -463,6 +463,7 @@ public class VpnProfileImportActivity extends AppCompatActivity return null; } ParsedVpnProfile profile = new ParsedVpnProfile(); + Integer flags = 0; profile.setUUID(uuid); profile.setName(obj.getString("name")); @@ -475,6 +476,11 @@ public class VpnProfileImportActivity extends AppCompatActivity profile.setRemoteId(remote.optString("id", null)); profile.Certificate = decodeBase64(remote.optString("cert", null)); + if (remote.optBoolean("certreq", false)) + { + flags |= VpnProfile.FLAGS_SUPPRESS_CERT_REQS; + } + JSONObject local = obj.optJSONObject("local"); if (local != null) { @@ -517,6 +523,7 @@ public class VpnProfileImportActivity extends AppCompatActivity profile.setSelectedApps(excludedApps); profile.setSelectedAppsHandling(SelectedAppsHandling.SELECTED_APPS_EXCLUDE); } + profile.setFlags(flags); return profile; } diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c index 33585df32..b43507caf 100644 --- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c @@ -737,11 +737,14 @@ static job_requeue_t initiate(private_android_service_t *this) }; char *type, *server, *remote_id; int port; + bool certreq; server = this->settings->get_str(this->settings, "connection.server", NULL); port = this->settings->get_int(this->settings, "connection.port", IKEV2_UDP_PORT); - ike_cfg = ike_cfg_create(IKEV2, TRUE, TRUE, "0.0.0.0", + certreq = this->settings->get_bool(this->settings, "connection.certreq", + TRUE); + ike_cfg = ike_cfg_create(IKEV2, certreq, TRUE, "0.0.0.0", charon->socket->get_port(charon->socket, FALSE), server, port, FRAGMENTATION_YES, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); diff --git a/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml b/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml index 472efbc83..199a7dfee 100644 --- a/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml +++ b/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml @@ -260,6 +260,23 @@ </org.strongswan.android.ui.widget.TextInputLayoutHelper> + <Switch + android:id="@+id/cert_req" + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:layout_marginLeft="4dp" + android:layout_marginStart="4dp" + android:text="@string/profile_cert_req_label" /> + + <TextView + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:layout_marginBottom="10dp" + android:layout_marginLeft="4dp" + android:layout_marginStart="4dp" + android:textSize="12sp" + android:text="@string/profile_cert_req_hint" /> + <TextView android:layout_width="match_parent" android:layout_height="wrap_content" diff --git a/src/frontends/android/app/src/main/res/values-de/strings.xml b/src/frontends/android/app/src/main/res/values-de/strings.xml index c7c4160f2..34fe84609 100644 --- a/src/frontends/android/app/src/main/res/values-de/strings.xml +++ b/src/frontends/android/app/src/main/res/values-de/strings.xml @@ -81,6 +81,8 @@ <string name="profile_port_hint">UDP-Port zu dem verbunden wird, falls dieser vom Standard-Port abweicht</string> <string name="profile_nat_keepalive_label">NAT-T Keepalive Intervall</string> <string name="profile_nat_keepalive_hint">Kleine Pakete werden gesendet, um Mappings auf NAT-Routern am Leben zu erhalten, wenn sonst nichts gesendet wird. Um Energie zu sparen, ist das Standardintervall auf 45 Sekunden gesetzt. Hinter NAT-Routern die Mappings früh entfernen, ist dies möglicherweise zu hoch. 20 Sekunden oder weniger können in diesem Fall helfen.</string> + <string name="profile_cert_req_label">Zertifikatsanforderungen senden</string> + <string name="profile_cert_req_hint">Zertifikatsanforderungen werden für alle oder ausgewählte CA-Zertifikate gesendet. Um die Grösse der IKE_AUTH Nachricht zu reduzieren, kann dies deaktiviert werden. Allerdings funktioniert dies nur, falls der Server sein Zertifikat auch sendet, wenn er zuvor keine Zertifikatsanforderungen erhalten hat.</string> <string name="profile_split_tunneling_label">Split-Tunneling</string> <string name="profile_split_tunneling_intro">Standardmässig leitet der Client allen Netzwerkverkehr durch den VPN Tunnel, ausser der Server schränkt die Subnetze beim Verbindungsaufbau ein, in welchem Fall nur der Verkehr via VPN geleitet wird, den der Server erlaubt (der Rest wird standardmässig behandelt, als ob kein VPN vorhanden wäre).</string> <string name="profile_split_tunnelingv4_title">Blockiere IPv4 Verkehr der nicht für das VPN bestimmt ist</string> diff --git a/src/frontends/android/app/src/main/res/values-pl/strings.xml b/src/frontends/android/app/src/main/res/values-pl/strings.xml index d55190994..a87381aa1 100644 --- a/src/frontends/android/app/src/main/res/values-pl/strings.xml +++ b/src/frontends/android/app/src/main/res/values-pl/strings.xml @@ -81,6 +81,8 @@ <string name="profile_port_hint">UDP port to connect to, if different from the default</string> <string name="profile_nat_keepalive_label">NAT-T keepalive interval</string> <string name="profile_nat_keepalive_hint">Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case.</string> + <string name="profile_cert_req_label">Send certificate requests</string> + <string name="profile_cert_req_hint">Certificate requests are sent for all available or selected CA certificates. To reduce the size of the IKE_AUTH message this can be disabled. However, this only works if the server sends its certificate even if it didn\'t receive any certificate requests.</string> <string name="profile_split_tunneling_label">Split tunneling</string> <string name="profile_split_tunneling_intro">By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN).</string> <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string> diff --git a/src/frontends/android/app/src/main/res/values-ru/strings.xml b/src/frontends/android/app/src/main/res/values-ru/strings.xml index 666e5be08..0ce54e56e 100644 --- a/src/frontends/android/app/src/main/res/values-ru/strings.xml +++ b/src/frontends/android/app/src/main/res/values-ru/strings.xml @@ -78,6 +78,8 @@ <string name="profile_port_hint">UDP port to connect to, if different from the default</string> <string name="profile_nat_keepalive_label">NAT-T keepalive interval</string> <string name="profile_nat_keepalive_hint">Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case.</string> + <string name="profile_cert_req_label">Send certificate requests</string> + <string name="profile_cert_req_hint">Certificate requests are sent for all available or selected CA certificates. To reduce the size of the IKE_AUTH message this can be disabled. However, this only works if the server sends its certificate even if it didn\'t receive any certificate requests.</string> <string name="profile_split_tunneling_label">Split tunneling</string> <string name="profile_split_tunneling_intro">By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN).</string> <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string> diff --git a/src/frontends/android/app/src/main/res/values-ua/strings.xml b/src/frontends/android/app/src/main/res/values-ua/strings.xml index 2ba7ef864..5b769b787 100644 --- a/src/frontends/android/app/src/main/res/values-ua/strings.xml +++ b/src/frontends/android/app/src/main/res/values-ua/strings.xml @@ -79,6 +79,8 @@ <string name="profile_port_hint">UDP port to connect to, if different from the default</string> <string name="profile_nat_keepalive_label">NAT-T keepalive interval</string> <string name="profile_nat_keepalive_hint">Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case.</string> + <string name="profile_cert_req_label">Send certificate requests</string> + <string name="profile_cert_req_hint">Certificate requests are sent for all available or selected CA certificates. To reduce the size of the IKE_AUTH message this can be disabled. However, this only works if the server sends its certificate even if it didn\'t receive any certificate requests.</string> <string name="profile_split_tunneling_label">Split tunneling</string> <string name="profile_split_tunneling_intro">By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN).</string> <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string> diff --git a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml index b8fccadad..4202c5f84 100644 --- a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml +++ b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml @@ -78,6 +78,8 @@ <string name="profile_port_hint">如不同于默认值,则所需连接的UDP端口</string> <string name="profile_nat_keepalive_label">NAT-T keepalive interval</string> <string name="profile_nat_keepalive_hint">Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case.</string> + <string name="profile_cert_req_label">Send certificate requests</string> + <string name="profile_cert_req_hint">Certificate requests are sent for all available or selected CA certificates. To reduce the size of the IKE_AUTH message this can be disabled. However, this only works if the server sends its certificate even if it didn\'t receive any certificate requests.</string> <string name="profile_split_tunneling_label">拆分隧道</string> <string name="profile_split_tunneling_intro">By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN).</string> <string name="profile_split_tunnelingv4_title">屏蔽不通过VPN的IPV4流量</string> diff --git a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml index 2108a8b30..6c0e104b5 100644 --- a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml +++ b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml @@ -78,6 +78,8 @@ <string name="profile_port_hint">如果和預設值不同,則需要連接的UDP Port</string> <string name="profile_nat_keepalive_label">NAT-T keepalive interval</string> <string name="profile_nat_keepalive_hint">Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case.</string> + <string name="profile_cert_req_label">Send certificate requests</string> + <string name="profile_cert_req_hint">Certificate requests are sent for all available or selected CA certificates. To reduce the size of the IKE_AUTH message this can be disabled. However, this only works if the server sends its certificate even if it didn\'t receive any certificate requests.</string> <string name="profile_split_tunneling_label">拆分隧道</string> <string name="profile_split_tunneling_intro">By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN).</string> <string name="profile_split_tunnelingv4_title">屏蔽不通过VPN的IPV4流量</string> diff --git a/src/frontends/android/app/src/main/res/values/strings.xml b/src/frontends/android/app/src/main/res/values/strings.xml index 0f22cc8cf..f99f7dea5 100644 --- a/src/frontends/android/app/src/main/res/values/strings.xml +++ b/src/frontends/android/app/src/main/res/values/strings.xml @@ -81,6 +81,8 @@ <string name="profile_port_hint">UDP port to connect to, if different from the default</string> <string name="profile_nat_keepalive_label">NAT-T keepalive interval</string> <string name="profile_nat_keepalive_hint">Small packets are sent to keep mappings on NAT routers alive if there is no other traffic. In order to save energy the default interval is 45 seconds. Behind NAT routers that remove mappings early this might be too high, try 20 seconds or less in that case.</string> + <string name="profile_cert_req_label">Send certificate requests</string> + <string name="profile_cert_req_hint">Certificate requests are sent for all available or selected CA certificates. To reduce the size of the IKE_AUTH message this can be disabled. However, this only works if the server sends its certificate even if it didn\'t receive any certificate requests.</string> <string name="profile_split_tunneling_label">Split tunneling</string> <string name="profile_split_tunneling_intro">By default, the client will route all network traffic through the VPN, unless the server narrows the subnets when the connection is established, in which case only traffic the server allows will be routed via VPN (by default, all other traffic is routed as if there was no VPN).</string> <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string> |