I was exploring the IKEv2
StrongSwan client implementation for Android. What I fail to understand is that Android
and Java
do not support raw sockets, whilst the IKEv2 / IPSec
works below Transport
layer, which seems counter-intuitive. How exactly does the communication happen after the CHILD_SA
aka IPSec SA
is established?
References:
socket
in the architecture diagram, but I was unable to find any further reference to it.libipsec
, but again how does libipsec
communicate without raw sockets?Any help to fill the gap in my understanding is much appreciated!
The client only supports UDP-encapsulated ESP. These packets are sent/received over the same UDP sockets that are already used for IKEv2. This limitation is mentioned on the app's wiki page.