Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0bd9a9f5 authored by Chung-yih Wang's avatar Chung-yih Wang
Browse files

Add the ipcp scripts for pppd and racoon configuration for ipsec-tools.

1. add ip-up/ip-down script
2. add /etc/ppp/peers/common
3. add /etc/racoon/racoon.conf
parent 2cf6cff7
Loading
Loading
Loading
Loading
+5 −3
Original line number Original line Diff line number Diff line
@@ -6,13 +6,15 @@ include $(CLEAR_VARS)
copy_from := \
copy_from := \
	etc/dbus.conf \
	etc/dbus.conf \
	etc/init.goldfish.sh \
	etc/init.goldfish.sh \
	etc/ppp/ip-up \
	etc/ppp/ip-down \
	etc/ppp/peers/common \
	etc/racoon/racoon.conf \
	etc/hosts
	etc/hosts


dont_copy := \
dont_copy := \
	etc/init.gprs-pppd \
	etc/init.gprs-pppd \
	etc/ppp/chap-secrets \
	etc/ppp/chap-secrets
	etc/ppp/ip-down \
	etc/ppp/ip-up


copy_to := $(addprefix $(TARGET_OUT)/,$(copy_from))
copy_to := $(addprefix $(TARGET_OUT)/,$(copy_from))
copy_from := $(addprefix $(LOCAL_PATH)/,$(copy_from))
copy_from := $(addprefix $(LOCAL_PATH)/,$(copy_from))
+0 −13
Original line number Original line Diff line number Diff line
#!/system/bin/sh
#!/system/bin/sh
case $1 in
    ppp1)
	echo 0 > /proc/sys/net/ipv4/ip_forward;
	;;
esac

# Use interface name if linkname is not available
NAME=${LINKNAME:-"$1"}

/system/bin/setprop "net.$NAME.dns1" "$DNS1"
/system/bin/setprop "net.$NAME.dns2" "$DNS2" 
/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL" 
/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE" 
+28 −19
Original line number Original line Diff line number Diff line
#!/system/bin/sh
#!/system/bin/sh
case $1 in
    ppp1)
	/android/bin/iptables --flush;
	/android/bin/iptables --table nat --flush;
	/android/bin/iptables --delete-chain;
	/android/bin/iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE;
	/android/bin/iptables --append FORWARD --in-interface ppp1 -j ACCEPT;
	echo 0 > /proc/sys/net/ipv4/ip_forward;
	echo 1 > /proc/sys/net/ipv4/ip_forward;
	;;
    ppp0)
        /system/bin/setprop "net.interfaces.defaultroute" "gprs"
        ;;
esac


# Use interface name if linkname is not available
# Use interface name if linkname is not available
NAME=${LINKNAME:-"$1"}


/system/bin/setprop "net.$NAME.dns1" "$DNS1"
/system/bin/setprop "net.dns1" "$DNS1"
/system/bin/setprop "net.$NAME.dns2" "$DNS2" 
/system/bin/setprop "net.dns2" "$DNS2"
/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL" 

/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE" 
# Retrieve the default gateway from /proc/net/route
RTAB=`cat /proc/net/route`
flag=-1; i=0;
for l in $RTAB; do
    if (exp flag==1) then DGW=$l; flag=0; fi;
    if (exp i%11 == 1) then
        if (exp $l=="00000000") then flag=1; fi;
    fi;
    i=`exp i+1`;
done
FH=${DGW%????}
LH=${DGW#????}
A=`exp 0x${LH#??}`
B=`exp 0x${LH%??}`
C=`exp 0x${FH#??}`
D=`exp 0x${FH%??}`
GATEWAY="$A.$B.$C.$D"
VPNSERVER=`getprop "net.vpn.server_ip"`

# Protect the route to vpn server
/system/bin/route add -net $VPNSERVER netmask 255.255.255.255 gw $GATEWAY

# Route all traffic to vpn connection
/system/bin/route add -net 0.0.0.0 netmask 128.0.0.0 gw $IPREMOTE
/system/bin/route add -net 128.0.0.0 netmask 128.0.0.0 gw $IPREMOTE
+10 −0
Original line number Original line Diff line number Diff line
ipcp-accept-local
ipcp-accept-remote
refuse-eap
noccp
noauth
idle 1800
mtu 1400
mru 1400
nodefaultroute
usepeerdns
+35 −0
Original line number Original line Diff line number Diff line
#path certificate "";
path certificate "/";

sainfo anonymous {
   encryption_algorithm aes, 3des;
   authentication_algorithm hmac_sha1, hmac_md5;
   compression_algorithm deflate;
   lifetime time 3600 sec;
}

remote anonymous {
   exchange_mode main;
   doi ipsec_doi;
   situation identity_only;
   ike_frag on;
   generate_policy on;
   my_identifier asn1dn;
   nat_traversal on; # always use NAT-T
   ca_type x509 "ca.crt";
   certificate_type x509 "user.crt" "user.key";
   verify_identifier off;
   verify_cert on;
   nonce_size 16;
   initial_contact on;
   proposal_check obey;

   proposal {
      authentication_method rsasig;
      hash_algorithm sha1;
      encryption_algorithm 3des;
      lifetime time 3600 sec;
      dh_group 2;
   }
}