Building the strongSwan VPN Client for Android
The App consists of a Java part, the native strongSwan libraries (
libcharon, etc.) and the
libandroidbridge library to glue these two parts
together. The Java part and the libraries communicate by means of the Java Native
Interface (JNI). Since the App has no access to the IPsec stack provided by the
Linux kernel, a userland IPsec implementation is provided by the
The code for the App can be found in the
src/frontends/android directory of the strongSwan
To build the app the Android SDK and NDK are required. The steps needed to set up a build environment for Android Apps can be found in the documentation provided by Google, so these won’t be replicated here.
The strongSwan Sources
Since commit 1bd213db79 of the strongSwan repository and version 1.6.0 of the app, the default is to use the strongSwan sources of the current Git tree.
They have to be prepared properly first, otherwise the build will fail. In the root
of the strongSwan sources run the following to create the required files. Building
from the Git repository like this has some external dependencies, see
HACKING for details.
./autogen.sh && ./configure && make dist
This creates several pre-built source files, the tarball that is also created can be deleted afterwards.
It is also possible to use the sources from a different directory (e.g. an extracted
tarball, which already contains the required files) by setting
The openssl Directory
libstrongswan library depends on an Android module called
libcrypto_static that provides OpenSSL’s
libcrypto and header files.
To simplify this, we ship a script since commit 7e5c4bbb32
that statically builds
libcrypto for all ABIs supported by the NDK and puts
them, the headers and an appropriate
Android.mk file in the
directory (if this directory already exists, e.g. if it contains the BoringSSL
sources we used previously, make sure to delete it first).
The script expects the path to the Android NDK in the
environment variable. For standalone NDKs that will be something like
/path/to/android-ndk-<ver>, and for side-by-side NDKs something like
/path/to/android-sdk/ndk/<ver>. The path to the OpenSSL source tree is
expected in the
OPENSSL_SRC environment variable (works with OpenSSL 1.1.1
and OpenSSL 3). For instance, it may be invoked like this:
ANDROID_NDK_ROOT=~/android-ndk-<ver> \ OPENSSL_SRC=~/openssl-<ver> \ src/frontends/android/openssl/build.sh
By default, the script uses Docker to compile the library. However, if the
necessary build dependencies (
perl) are installed on the
host, this can be disabled by defining the
NO_DOCKER environment variable.
The dependency on
jq may furthermore be avoided by manually defining a
space-separated list of target ABIs via
ABIS environment variable.
Building the App
src/frontends/android directory can directly be opened
as an existing project in Android Studio. The initial build will fail if the NDK
directory is not known. In that case set it via
File → Project Structure… or
ndk.dir=/path/to/ndk). Afterwards the build
should complete successfully.
./gradlew build is also possible.