On Sat, Jul 09, 2011 at 08:04:10PM +0100, David Woodhouse wrote: > On Thu, 2011-07-07 at 17:51 -0400, Jason wrote: > > > > for those following this, I just made my first connection from within CM > > on the command line, in my phone. I didn't even have a script, I had to > > hand-jam the routes in to ping the other side. I've modified a generic vpnc-connect.sh script and it works for my limited experience. It may even be suitable for upstreaming, as I created separate *_resolvconf_android() functions and such. > > There's still a lot of work to do. But it does build inside of CM, and > > I have a skeleton GUI in Settings -> Wifi/Networks -> VPN -> Add a VPN. > > It's an exact copy of the openvpn options, but hopefully I'll have that > > fixed in the next couple of days. I've started modification of the options, so I'm busy cussing out the architects of Java/C++. > You can start by just asking the user to enter the 'webvpn' cookie, but > of course that's not a very user-friendly solution. They'd have to run > 'openconnect --cookieonly' in a terminal to get it :) The way James Bottomley wrote the openvpn client was to collect all the options, then call the armel openvpn binary with the options appended on the commandline. I'm attempting to take the same approach here as it's the simplest path to success. Code reuse and all that... My only snag is that openvpn has a management socket which Android polls for status info and passes user/pw authentication info through. I can't find a clean way to pass the password to openconnect as there's no IO piping from Java. And I don't want to include it on the cmdline, not that that's an option anyway. Would you be opposed to me adding a management socket to openconnect? > I've finished making the 'libopenconnect' shared library which can be > used by authentication tools; I'm not sure how easy it is for you to use > native libraries from the UI though? That wouldn't be that difficult, but I much prefer a daemon separate from the Android VM. Much more deterministic. > Strictly speaking, you don't *need* it. Any HTTP client ought to cope, > and you just need to fill in the XML forms that the server gives you > until you're rewarded with the 'webvpn' cookie on success. > > Let me know if you need any help understanding what's going on. Thanks, my main problem currently is all this fancy Java/C++ crap. ;-) Jason.