diff options
Diffstat (limited to 'rootdir')
-rw-r--r-- | rootdir/Android.mk | 8 | ||||
-rwxr-xr-x | rootdir/etc/ppp/ip-down | 13 | ||||
-rwxr-xr-x | rootdir/etc/ppp/ip-up | 47 | ||||
-rwxr-xr-x | rootdir/etc/ppp/peers/common | 10 | ||||
-rw-r--r-- | rootdir/etc/racoon/racoon.conf | 35 |
5 files changed, 78 insertions, 35 deletions
diff --git a/rootdir/Android.mk b/rootdir/Android.mk index b2fe8cf..44e343c 100644 --- a/rootdir/Android.mk +++ b/rootdir/Android.mk @@ -6,13 +6,15 @@ include $(CLEAR_VARS) copy_from := \ etc/dbus.conf \ etc/init.goldfish.sh \ + etc/ppp/ip-up \ + etc/ppp/ip-down \ + etc/ppp/peers/common \ + etc/racoon/racoon.conf \ etc/hosts dont_copy := \ etc/init.gprs-pppd \ - etc/ppp/chap-secrets \ - etc/ppp/ip-down \ - etc/ppp/ip-up + etc/ppp/chap-secrets copy_to := $(addprefix $(TARGET_OUT)/,$(copy_from)) copy_from := $(addprefix $(LOCAL_PATH)/,$(copy_from)) diff --git a/rootdir/etc/ppp/ip-down b/rootdir/etc/ppp/ip-down index 672fa1e..58d21e5 100755 --- a/rootdir/etc/ppp/ip-down +++ b/rootdir/etc/ppp/ip-down @@ -1,14 +1 @@ #!/system/bin/sh -case $1 in - ppp1) - echo 0 > /proc/sys/net/ipv4/ip_forward; - ;; -esac - -# Use interface name if linkname is not available -NAME=${LINKNAME:-"$1"} - -/system/bin/setprop "net.$NAME.dns1" "$DNS1" -/system/bin/setprop "net.$NAME.dns2" "$DNS2" -/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL" -/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE" diff --git a/rootdir/etc/ppp/ip-up b/rootdir/etc/ppp/ip-up index cb2d577..8c8f12c 100755 --- a/rootdir/etc/ppp/ip-up +++ b/rootdir/etc/ppp/ip-up @@ -1,24 +1,33 @@ #!/system/bin/sh -case $1 in - ppp1) - /android/bin/iptables --flush; - /android/bin/iptables --table nat --flush; - /android/bin/iptables --delete-chain; - /android/bin/iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE; - /android/bin/iptables --append FORWARD --in-interface ppp1 -j ACCEPT; - echo 0 > /proc/sys/net/ipv4/ip_forward; - echo 1 > /proc/sys/net/ipv4/ip_forward; - ;; - ppp0) - /system/bin/setprop "net.interfaces.defaultroute" "gprs" - ;; -esac # Use interface name if linkname is not available -NAME=${LINKNAME:-"$1"} -/system/bin/setprop "net.$NAME.dns1" "$DNS1" -/system/bin/setprop "net.$NAME.dns2" "$DNS2" -/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL" -/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE" +/system/bin/setprop "net.dns1" "$DNS1" +/system/bin/setprop "net.dns2" "$DNS2" + +# Retrieve the default gateway from /proc/net/route +RTAB=`cat /proc/net/route` +flag=-1; i=0; +for l in $RTAB; do + if (exp flag==1) then DGW=$l; flag=0; fi; + if (exp i%11 == 1) then + if (exp $l=="00000000") then flag=1; fi; + fi; + i=`exp i+1`; +done +FH=${DGW%????} +LH=${DGW#????} +A=`exp 0x${LH#??}` +B=`exp 0x${LH%??}` +C=`exp 0x${FH#??}` +D=`exp 0x${FH%??}` +GATEWAY="$A.$B.$C.$D" +VPNSERVER=`getprop "net.vpn.server_ip"` + +# Protect the route to vpn server +/system/bin/route add -net $VPNSERVER netmask 255.255.255.255 gw $GATEWAY + +# Route all traffic to vpn connection +/system/bin/route add -net 0.0.0.0 netmask 128.0.0.0 gw $IPREMOTE +/system/bin/route add -net 128.0.0.0 netmask 128.0.0.0 gw $IPREMOTE diff --git a/rootdir/etc/ppp/peers/common b/rootdir/etc/ppp/peers/common new file mode 100755 index 0000000..4183841 --- /dev/null +++ b/rootdir/etc/ppp/peers/common @@ -0,0 +1,10 @@ +ipcp-accept-local +ipcp-accept-remote +refuse-eap +noccp +noauth +idle 1800 +mtu 1400 +mru 1400 +nodefaultroute +usepeerdns diff --git a/rootdir/etc/racoon/racoon.conf b/rootdir/etc/racoon/racoon.conf new file mode 100644 index 0000000..eb50a2d --- /dev/null +++ b/rootdir/etc/racoon/racoon.conf @@ -0,0 +1,35 @@ +#path certificate ""; +path certificate "/"; + +sainfo anonymous { + encryption_algorithm aes, 3des; + authentication_algorithm hmac_sha1, hmac_md5; + compression_algorithm deflate; + lifetime time 3600 sec; +} + +remote anonymous { + exchange_mode main; + doi ipsec_doi; + situation identity_only; + ike_frag on; + generate_policy on; + my_identifier asn1dn; + nat_traversal on; # always use NAT-T + ca_type x509 "ca.crt"; + certificate_type x509 "user.crt" "user.key"; + verify_identifier off; + verify_cert on; + nonce_size 16; + initial_contact on; + proposal_check obey; + + proposal { + authentication_method rsasig; + hash_algorithm sha1; + encryption_algorithm 3des; + lifetime time 3600 sec; + dh_group 2; + } +} + |