Openswan Patch for Android ICS Bug
Posted on September 07, 2012 @ 16:22 GMT in Security
I recently setup a private VPN using an Amazon EC2 instance. Unfortunately, while my Samsung Galaxy Nexus, which is running Android JellyBean, has no trouble connecting to the VPN, my wife’s Samsung Galaxy S2, which is running Android ICS, refused to connect. The only error on the phone was “Timeout”. Very helpful. Thankfully, the authentication log on the EC2 instance revealed much more:
Using the information in that log, I was able to find this bug report. Apparently, Android ICS contains a bug in its implementation of ipsec-tools. Samsung is rumoured to be releasing an update to JellyBean for the Galaxy S2 very soon, but we’re travelling this weekend and I would like for her phone to be able to tunnel through the VPN while we’re away for security reasons (please see earlier post).
Thankfully, I found this comment on the issue, which provided a patch for Openswan that makes allowances for the ipsec-tools bug in Android ICS. Of course, this meant that I had to build Openswan from source rather than using the previously installed
.deb package. No worries, let’s get started.
First, as I was using a brand new EC2 instance running Ubuntu, I had to setup the build environment:
I then downloaded the Openswan sources, unpacked them, applied the patch, built and installed the patched version of Openswan, and restarted some services:
At this point, the Galaxy S2 was able to connect to the VPN.
Hopefully, the JellyBean update for the S2 will be released soon and fix this issue, at which point I can revert back to using the unpatched version of Openswan.