On Thu, 2011-12-29 at 01:22 +0000, Vilmos Nebehaj wrote: > > I have actually implemented Anyconnect support in android 2.3 as a > system feature using the built-in VPN framework & openconnect. See the > repositories android_external_openconnect, android_frameworks_base, > android_system_core, android_packages_apps_Settings and > android_external_openssl at https://github.com/ldx. This openconnect > repository contains further commits for further integration. The gingerbread > branches from the repos can be used with cyanogenmod7 to build a full > ROM with openconnect and the GUI bits in the Settings app. Works > great for me with both certificate based and 2-factor password based > authentication against a Cisco ASA 55xx. I'll write a few lines about > how to build it step by step. I've just been taking another look at this. I like the way you handle the callbacks from openconnect via the control socket. With OpenConenct 4.00 it's not the OpenSSL UI any more; we have the ->process_auth_form() callback in the vpninfo. Did you ever get round to revising it for the new VpnService in Android 4.0? It looks like it should be relatively simple ? you just need to make openconnect dup() and pass the file descriptors over the control socket for the Java code to call protect() on them, and also it'll need to get its file descriptor for the tun device from the establish() call on the Java side. That's easy enough in the C code, and it looks simple if you have access to the LocalSocket object on the Java side. So as long as you don't use DaemonProxy, which keeps its mControlSocket private and doesn't let you send/receive file descriptors over it, you should be fine. It's not that hard to use LocalSocket for the control socket direclty and then you can use its getAncillaryFileDescriptors() and setFileDescriptorsForSend() methods, right? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6171 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120618/92d6a066/attachment.bin>
