Don't set the source address on Android
authorTobias Brunner <tobias@strongswan.org>
Wed, 8 Aug 2012 13:50:36 +0000 (15:50 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 13 Aug 2012 09:11:37 +0000 (11:11 +0200)
src/frontends/android/jni/libandroidbridge/charonservice.c

index ce1e849..3a5d0cb 100644 (file)
@@ -312,6 +312,15 @@ static void charonservice_init(JNIEnv *env, jobject service, jobject builder)
                                        "charon.retransmit_base", ANDROID_RETRANSMIT_BASE);
        lib->settings->set_bool(lib->settings,
                                        "charon.close_ike_on_child_failure", TRUE);
+       /* setting the source address breaks the VpnService.protect() function which
+        * uses SO_BINDTODEVICE internally.  the addresses provided to the kernel as
+        * auxiliary data have precedence over this option causing a routing loop if
+        * the gateway is contained in the VPN routes.  alternatively, providing an
+        * explicit device (in addition or instead of the source address) in the
+        * auxiliary data would also work, but we currently don't have that
+        * information */
+       lib->settings->set_bool(lib->settings,
+                                       "charon.plugins.socket-default.set_source", FALSE);
 }
 
 /**