+ * Set strongswan.conf options
+ */
+static void set_options(char *logfile)
+{
+ lib->settings->set_int(lib->settings,
+ "charon.plugins.android_log.loglevel", ANDROID_DEBUG_LEVEL);
+ /* setup file logger */
+ lib->settings->set_str(lib->settings,
+ "charon.filelog.%s.time_format", "%b %e %T", logfile);
+ lib->settings->set_bool(lib->settings,
+ "charon.filelog.%s.append", FALSE, logfile);
+ lib->settings->set_bool(lib->settings,
+ "charon.filelog.%s.flush_line", TRUE, logfile);
+ lib->settings->set_int(lib->settings,
+ "charon.filelog.%s.default", ANDROID_DEBUG_LEVEL, logfile);
+
+ lib->settings->set_int(lib->settings,
+ "charon.retransmit_tries", ANDROID_RETRASNMIT_TRIES);
+ lib->settings->set_double(lib->settings,
+ "charon.retransmit_timeout", ANDROID_RETRANSMIT_TIMEOUT);
+ lib->settings->set_double(lib->settings,
+ "charon.retransmit_base", ANDROID_RETRANSMIT_BASE);
+ lib->settings->set_bool(lib->settings,
+ "charon.close_ike_on_child_failure", TRUE);
+ /* setting the source address breaks the VpnService.protect() function which
+ * uses SO_BINDTODEVICE internally. the addresses provided to the kernel as
+ * auxiliary data have precedence over this option causing a routing loop if
+ * the gateway is contained in the VPN routes. alternatively, providing an
+ * explicit device (in addition or instead of the source address) in the
+ * auxiliary data would also work, but we currently don't have that
+ * information */
+ lib->settings->set_bool(lib->settings,
+ "charon.plugins.socket-default.set_source", FALSE);
+}
+
+/**