Add the ipcp scripts for pppd and racoon configuration for ipsec-tools.

1. add ip-up/ip-down script
2. add /etc/ppp/peers/common
3. add /etc/racoon/racoon.conf

rootdir/Android.mk

@@ -6,13 +6,15 @@ include $(CLEAR_VARS)
 copy_from := \
 	etc/dbus.conf \
 	etc/init.goldfish.sh \
+	etc/ppp/ip-up \
+	etc/ppp/ip-down \
+	etc/ppp/peers/common \
+	etc/racoon/racoon.conf \
 	etc/hosts
 
 dont_copy := \
 	etc/init.gprs-pppd \
-	etc/ppp/chap-secrets \
-	etc/ppp/ip-down \
-	etc/ppp/ip-up
+	etc/ppp/chap-secrets
 
 copy_to := $(addprefix $(TARGET_OUT)/,$(copy_from))
 copy_from := $(addprefix $(LOCAL_PATH)/,$(copy_from))

rootdir/etc/ppp/ip-down

@@ -1,14 +1 @@
 #!/system/bin/sh
-case $1 in
-    ppp1)
-	echo 0 > /proc/sys/net/ipv4/ip_forward;
-	;;
-esac
-
-# Use interface name if linkname is not available
-NAME=${LINKNAME:-"$1"}
-
-/system/bin/setprop "net.$NAME.dns1" "$DNS1"
-/system/bin/setprop "net.$NAME.dns2" "$DNS2" 
-/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL" 
-/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE" 

rootdir/etc/ppp/ip-up

@@ -1,24 +1,33 @@
 #!/system/bin/sh
-case $1 in
-    ppp1)
-	/android/bin/iptables --flush;
-	/android/bin/iptables --table nat --flush;
-	/android/bin/iptables --delete-chain;
-	/android/bin/iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE;
-	/android/bin/iptables --append FORWARD --in-interface ppp1 -j ACCEPT;
-	echo 0 > /proc/sys/net/ipv4/ip_forward;
-	echo 1 > /proc/sys/net/ipv4/ip_forward;
-	;;
-    ppp0)
-        /system/bin/setprop "net.interfaces.defaultroute" "gprs"
-        ;;
-esac
 
 # Use interface name if linkname is not available
-NAME=${LINKNAME:-"$1"}
 
-/system/bin/setprop "net.$NAME.dns1" "$DNS1"
-/system/bin/setprop "net.$NAME.dns2" "$DNS2" 
-/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL" 
-/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE" 
+/system/bin/setprop "net.dns1" "$DNS1"
+/system/bin/setprop "net.dns2" "$DNS2"
+
+# Retrieve the default gateway from /proc/net/route
+RTAB=`cat /proc/net/route`
+flag=-1; i=0;
+for l in $RTAB; do
+    if (exp flag==1) then DGW=$l; flag=0; fi;
+    if (exp i%11 == 1) then
+        if (exp $l=="00000000") then flag=1; fi;
+    fi;
+    i=`exp i+1`;
+done
+FH=${DGW%????}
+LH=${DGW#????}
+A=`exp 0x${LH#??}`
+B=`exp 0x${LH%??}`
+C=`exp 0x${FH#??}`
+D=`exp 0x${FH%??}`
+GATEWAY="$A.$B.$C.$D"
+VPNSERVER=`getprop "net.vpn.server_ip"`
+
+# Protect the route to vpn server
+/system/bin/route add -net $VPNSERVER netmask 255.255.255.255 gw $GATEWAY
+
+# Route all traffic to vpn connection
+/system/bin/route add -net 0.0.0.0 netmask 128.0.0.0 gw $IPREMOTE
+/system/bin/route add -net 128.0.0.0 netmask 128.0.0.0 gw $IPREMOTE
 

rootdir/etc/ppp/peers/common

@@ -0,0 +1,10 @@
+ipcp-accept-local
+ipcp-accept-remote
+refuse-eap
+noccp
+noauth
+idle 1800
+mtu 1400
+mru 1400
+nodefaultroute
+usepeerdns

rootdir/etc/racoon/racoon.conf

@@ -0,0 +1,35 @@
+#path certificate "";
+path certificate "/";
+
+sainfo anonymous {
+   encryption_algorithm aes, 3des;
+   authentication_algorithm hmac_sha1, hmac_md5;
+   compression_algorithm deflate;
+   lifetime time 3600 sec;
+}
+
+remote anonymous {
+   exchange_mode main;
+   doi ipsec_doi;
+   situation identity_only;
+   ike_frag on;
+   generate_policy on;
+   my_identifier asn1dn;
+   nat_traversal on; # always use NAT-T
+   ca_type x509 "ca.crt";
+   certificate_type x509 "user.crt" "user.key";
+   verify_identifier off;
+   verify_cert on;
+   nonce_size 16;
+   initial_contact on;
+   proposal_check obey;
+
+   proposal {
+      authentication_method rsasig;
+      hash_algorithm sha1;
+      encryption_algorithm 3des;
+      lifetime time 3600 sec;
+      dh_group 2;
+   }
+}
+