diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-08-08 15:50:36 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-08-13 11:11:37 +0200 |
| commit | a39a301a126e3361684ebe02c6c1223a3e38ccdb (patch) | |
| tree | f03ce63b8f2da3ae45b7c797256e7c41e47f6ed1 | |
| parent | 644db4d7c5f3d36303a453ff553a49bec97deef4 (diff) | |
| download | strongswan-a39a301a126e3361684ebe02c6c1223a3e38ccdb.tar.bz2 strongswan-a39a301a126e3361684ebe02c6c1223a3e38ccdb.tar.xz | |
Don't set the source address on Android
| -rw-r--r-- | src/frontends/android/jni/libandroidbridge/charonservice.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/frontends/android/jni/libandroidbridge/charonservice.c b/src/frontends/android/jni/libandroidbridge/charonservice.c index ce1e8497b..3a5d0cb1e 100644 --- a/src/frontends/android/jni/libandroidbridge/charonservice.c +++ b/src/frontends/android/jni/libandroidbridge/charonservice.c @@ -312,6 +312,15 @@ static void charonservice_init(JNIEnv *env, jobject service, jobject builder) "charon.retransmit_base", ANDROID_RETRANSMIT_BASE); lib->settings->set_bool(lib->settings, "charon.close_ike_on_child_failure", TRUE); + /* setting the source address breaks the VpnService.protect() function which + * uses SO_BINDTODEVICE internally. the addresses provided to the kernel as + * auxiliary data have precedence over this option causing a routing loop if + * the gateway is contained in the VPN routes. alternatively, providing an + * explicit device (in addition or instead of the source address) in the + * auxiliary data would also work, but we currently don't have that + * information */ + lib->settings->set_bool(lib->settings, + "charon.plugins.socket-default.set_source", FALSE); } /** |