| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
We still default to the username or subject DN if none is configured.
But we don't check if the local ID is contained in the configured
certificate.
|
| |
|
|
|
|
|
|
| |
If one is explicitly set we don't use loose identity matching and send it as
IDr to the server.
Closes #strongswan/strongswan#29.
Fixes #1268.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
onSaveInstanceState is apparently called after pausing the fragment and after
that committing any FragmentTransactions causes an IllegalStateException.
We could use commitAllowingStateLoss() but that's not really necessary
as we don't need to update when we are not active anyway. We also don't
update the view directly after registration as this happens
asynchronously, i.e. we might be paused when it finishes.
|
| |
|
|
|
|
| |
In case this doesn't work out we could probably make it configurable.
References #1326.
|
| | |
|
| |
|
|
|
| |
Instead we use a ProgressBar directly in the fragment and use the
existing button to cancel the process.
|
| |
|
|
|
|
| |
Because the support library creates its own layout manually and uses
different IDs than the list_content layout we can't use the method we
used previously (and which is actually recommended in the docs).
|
| |
|
|
|
|
|
|
|
| |
warnings
For instance, onAttach() with an Activitiy as first argument was deprecated
with API level 23. However, the overload with a Context as first argument
does obviously not get called on older API levels. Luckily, the classes
provided by the support library handle that for us.
|
| | |
|
| |
|
|
|
| |
This avoids issues with recursion, which could have happened if the
strongswan directory was a symlink.
|
| | |
|
| |
|
|
|
| |
This adds a workaround for an issue on older platforms where the list is
not properly styled with colorAccent. Similarly applies to borderless buttons.
|
| |
|
|
|
| |
When using the application context theme customizations wouldn't get
applied for some reason.
|
| |
|
|
|
|
| |
The term "gateway" is unfamiliar for most new users (or they confuse it
with the default gateway of their network) but they usually know that
they want to connect to a "server".
|
| |
|
|
|
|
|
| |
This mainly changes the color of the appbar (colorPrimary), the color
of the status bar (colorPrimaryDark) is black like the default.
The accent color (colorAccent) used for controls like buttons and check
boxes is a slightly toned down version of the default.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Instead we use TabLayout and ViewPager from the support libraries.
|
| |
|
|
| |
No need to manually reset the fragments anymore.
|
| |
|
|
|
| |
Observers are notified when the manager is reset (and initially when the
certificates are first loaded).
|
| |
|
|
|
|
|
| |
There is no AppCompatProgressDialog class as the use of ProgressDialog
is discouraged (instead progress bars should be placed in the layout directly).
To display the current ProgressDialog instances correctly on systems < 21 we
modify the window background color.
|
| |
|
|
|
| |
Also includes some whitespace/formatting changes due to the switch to
Android Studio.
|
| | |
|
| |
|
|
|
|
|
| |
We'll have to change some stuff that Google deprecated (e.g. the tabs in
the ActionBar) and that requires changing the theme at least in activities.
Since that would look a bit inconsistent we'll change it globally and
use parts of the support library.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
While building against this level in general would break our app on
older systems, the NDK will automatically use this level for 64-bit
ABI builds (which are not supported in older levels). So to build
against 64-bit ABIs we have to support this API level.
|
| | |
|
| |
|
|
| |
This moves hydra->kernel_interface to charon->kernel.
|
| |
|
|
|
|
| |
We already do this for the other kernel interfaces.
Fixes e1e88d5adde0 ("libipsec: Don't attempt deletion of any non-IPsec policies")
|
| |
|
|
|
| |
Triggered by -Wextra for many INIT usages where we only partially
initialize a struct.
|
| | |
|
| |
|
|
|
|
|
|
| |
In Java all integer types are signed, when a negative integer is casted
to a larger type (e.g. int to long) then due to sign extension the upper
bytes are not 0. So writing that value to a byte array does not produce
the expected result. By overloading the putX() methods we make sure to
upcast the values correctly.
|
| |
|
|
|
| |
This uses a manual way to trigger the NDK build (the default with
on-the-fly Android.mk files does not work for us).
|
| |
|
|
|
|
|
| |
add_policy()
The additional data can be helpful to identify the exact policy to
delete.
|
| | |
|
| |
|
|
|
|
| |
The headers/libraries changed a lot with level 21 so that our app won't
run on devices with Android < 5 when built against it. We currently
don't need any new native APIs so that should be fine.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Android blocks traffic for address families for which no IPs, DNS servers
or routes are installed via VpnService.Builder. Since Android 5+ (API
level 21) it is possible to explicitly allow such traffic to bypass the VPN.
So for proper split tunneling we note whether we saw a VIP and/or DNS
server of a specific family, and if not, allow traffic of that family
to bypass the VPN using the new API (on older systems there is no change
and such traffic will still be blocked). Otherwise, we do what we did so
far, that is, simply install the received routes (traffic selectors), all
other traffic will not be directed to the TUN device and use the underlying
network instead.
If traffic for a family should be blocked we install a default route via
TUN device even if we received more specific traffic selectors from the
server. libipsec will use the actual traffic selectors as IPsec policies
and drop any packets it received that don't match them. We only do this
if we saw any VIPs or DNS servers of a family. Otherwise the traffic for
that family is blocked anyway.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
address found
In dual-stack environments the IPv6 connectivity (via autoconfiguration)
might be established before the IPv4 connectivity (via DHCP). It seems
Android triggers the CONNECTIVITY_ACTION broadcast already when the first
family is fully configured. At that time we might not be able to find an
IPv4 source address. And since Android does not trigger the broadcast
again if IPv4 connectivity is established, the connection is broken
afterwards.
So we store the connectivity state and if we are reportedly connected but
still find no source address we trigger a roam event to recheck for an IPv4
address. This will cause regular rechecks if a device enters an IPv6-only
network, but I guess that's rare (otherwise we could limit the number of
rechecks done between connectivity changes).
|
