[Openswan Users] Trying to get openswan working with android

Paul Wouters pwouters at redhat.com
Fri Feb 24 15:28:26 EST 2012


On Fri, 24 Feb 2012, Patrick Lists wrote:

> I just tried it on a Nexus S with Android 2.3.6 and it connected :-)

Okay, so there are no problems with openswan, once we release 2.6.38. If
someone is in a hurry, look for the "OSX" git commits from last week.

> I pinged the 193.x.x.1 address that I saw in the output from iproute list on 
> the phone which got replies. I did not try anything else. In the output of 
> iproute list on the phone I noticed some networks that seem a bit odd (never 
> have seen /1 before):
>
> 0.0.0.0/1 via 193.x.x.1  dev ppp0
> 128.0.0.0/1 via 193.x.x.1 dev ppp0

As Simon said, those are the default "routing hack". They each cover
half of the possible address space. Both of them cover everything, just
like the space 0.0.0.0/0, however, since these two routes are more
specific, they are preferred over the "real" default route. Since this
route is preferred, the default IP address the kernel picks is the one
closest to the dev ppp0, which happens to be your L2TP IP address, so
everything gets tunneled.

I believe FreeS/WAN invented that hack, and it is still how the KLIPS
stacks "takes" packets to encrypt (as opposed to NETKEY which has
special unnamed hooks in the network stack, resulting in weird
interactions with rp_filter and tcpdump)

Paul


More information about the Users mailing list