Add the ipcp scripts for pppd and racoon configuration for ipsec-tools.
1. add ip-up/ip-down script
2. add /etc/ppp/peers/common
3. add /etc/racoon/racoon.conf
diff --git a/rootdir/Android.mk b/rootdir/Android.mk
index b2fe8cf..44e343c 100644
--- a/rootdir/Android.mk
+++ b/rootdir/Android.mk
@@ -6,13 +6,15 @@
copy_from := \
etc/dbus.conf \
etc/init.goldfish.sh \
+ etc/ppp/ip-up \
+ etc/ppp/ip-down \
+ etc/ppp/peers/common \
+ etc/racoon/racoon.conf \
etc/hosts
dont_copy := \
etc/init.gprs-pppd \
- etc/ppp/chap-secrets \
- etc/ppp/ip-down \
- etc/ppp/ip-up
+ etc/ppp/chap-secrets
copy_to := $(addprefix $(TARGET_OUT)/,$(copy_from))
copy_from := $(addprefix $(LOCAL_PATH)/,$(copy_from))
diff --git a/rootdir/etc/ppp/ip-down b/rootdir/etc/ppp/ip-down
index 672fa1e..58d21e5 100755
--- a/rootdir/etc/ppp/ip-down
+++ b/rootdir/etc/ppp/ip-down
@@ -1,14 +1 @@
#!/system/bin/sh
-case $1 in
- ppp1)
- echo 0 > /proc/sys/net/ipv4/ip_forward;
- ;;
-esac
-
-# Use interface name if linkname is not available
-NAME=${LINKNAME:-"$1"}
-
-/system/bin/setprop "net.$NAME.dns1" "$DNS1"
-/system/bin/setprop "net.$NAME.dns2" "$DNS2"
-/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL"
-/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE"
diff --git a/rootdir/etc/ppp/ip-up b/rootdir/etc/ppp/ip-up
index cb2d577..8c8f12c 100755
--- a/rootdir/etc/ppp/ip-up
+++ b/rootdir/etc/ppp/ip-up
@@ -1,24 +1,33 @@
#!/system/bin/sh
-case $1 in
- ppp1)
- /android/bin/iptables --flush;
- /android/bin/iptables --table nat --flush;
- /android/bin/iptables --delete-chain;
- /android/bin/iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE;
- /android/bin/iptables --append FORWARD --in-interface ppp1 -j ACCEPT;
- echo 0 > /proc/sys/net/ipv4/ip_forward;
- echo 1 > /proc/sys/net/ipv4/ip_forward;
- ;;
- ppp0)
- /system/bin/setprop "net.interfaces.defaultroute" "gprs"
- ;;
-esac
# Use interface name if linkname is not available
-NAME=${LINKNAME:-"$1"}
-/system/bin/setprop "net.$NAME.dns1" "$DNS1"
-/system/bin/setprop "net.$NAME.dns2" "$DNS2"
-/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL"
-/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE"
+/system/bin/setprop "net.dns1" "$DNS1"
+/system/bin/setprop "net.dns2" "$DNS2"
+
+# Retrieve the default gateway from /proc/net/route
+RTAB=`cat /proc/net/route`
+flag=-1; i=0;
+for l in $RTAB; do
+ if (exp flag==1) then DGW=$l; flag=0; fi;
+ if (exp i%11 == 1) then
+ if (exp $l=="00000000") then flag=1; fi;
+ fi;
+ i=`exp i+1`;
+done
+FH=${DGW%????}
+LH=${DGW#????}
+A=`exp 0x${LH#??}`
+B=`exp 0x${LH%??}`
+C=`exp 0x${FH#??}`
+D=`exp 0x${FH%??}`
+GATEWAY="$A.$B.$C.$D"
+VPNSERVER=`getprop "net.vpn.server_ip"`
+
+# Protect the route to vpn server
+/system/bin/route add -net $VPNSERVER netmask 255.255.255.255 gw $GATEWAY
+
+# Route all traffic to vpn connection
+/system/bin/route add -net 0.0.0.0 netmask 128.0.0.0 gw $IPREMOTE
+/system/bin/route add -net 128.0.0.0 netmask 128.0.0.0 gw $IPREMOTE
diff --git a/rootdir/etc/ppp/peers/common b/rootdir/etc/ppp/peers/common
new file mode 100755
index 0000000..4183841
--- /dev/null
+++ b/rootdir/etc/ppp/peers/common
@@ -0,0 +1,10 @@
+ipcp-accept-local
+ipcp-accept-remote
+refuse-eap
+noccp
+noauth
+idle 1800
+mtu 1400
+mru 1400
+nodefaultroute
+usepeerdns
diff --git a/rootdir/etc/racoon/racoon.conf b/rootdir/etc/racoon/racoon.conf
new file mode 100644
index 0000000..eb50a2d
--- /dev/null
+++ b/rootdir/etc/racoon/racoon.conf
@@ -0,0 +1,35 @@
+#path certificate "";
+path certificate "/";
+
+sainfo anonymous {
+ encryption_algorithm aes, 3des;
+ authentication_algorithm hmac_sha1, hmac_md5;
+ compression_algorithm deflate;
+ lifetime time 3600 sec;
+}
+
+remote anonymous {
+ exchange_mode main;
+ doi ipsec_doi;
+ situation identity_only;
+ ike_frag on;
+ generate_policy on;
+ my_identifier asn1dn;
+ nat_traversal on; # always use NAT-T
+ ca_type x509 "ca.crt";
+ certificate_type x509 "user.crt" "user.key";
+ verify_identifier off;
+ verify_cert on;
+ nonce_size 16;
+ initial_contact on;
+ proposal_check obey;
+
+ proposal {
+ authentication_method rsasig;
+ hash_algorithm sha1;
+ encryption_algorithm 3des;
+ lifetime time 3600 sec;
+ dh_group 2;
+ }
+}
+