diff --git a/Android.mk b/Android.mk
deleted file mode 100644
index a50829ba..00000000
--- a/Android.mk
+++ /dev/null
@@ -1,76 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-
-
-# These lists come from the same variables in Makefile.am:
-openconnect_SOURCES = xml.c main.c dtls.c cstp.c mainloop.c tun.c
-library_srcs = ssl.c http.c auth.c library.c compat.c
-lib_srcs_openssl = openssl.c
-noinst_HEADERS = openconnect-internal.h openconnect.h gnutls.h
-
-
-common_SRC_FILES := $(openconnect_SOURCES) $(library_srcs) $(lib_srcs_openssl) \
-	$(noinst_HEADERS) version.c
-
-common_CFLAGS += -DANDROID -DANDROID_KEYSTORE -DIF_TUN_HDR="<linux/if_tun.h>" \
-	-DDEFAULT_VPNCSCRIPT=NULL -DHAVE_ASPRINTF -DOPENCONNECT_OPENSSL
-
-common_C_INCLUDES += \
-	$(JNI_H_INCLUDE) \
-	$(LOCAL_PATH)/WebKit/android/icu \
-	external/ \
-	external/icu4c/common \
-	external/icu4c/i18n \
-	external/libxml2/include \
-	bionic/libc/include/ \
-	external/openssl \
-	external/openssl/include \
-	external/openssl/crypto \
-	external/zlib \
-	frameworks/base/cmds/keystore \
-	system/core/include
-
-common_SHARED_LIBRARIES := libcutils \
-	libz \
-	libicuuc \
-	libicui18n libgabi++ libc
-
-ifneq ($(TARGET_SIMULATOR),true)
-	common_SHARED_LIBRARIES += libdl
-endif
-
-# static linked binary
-# =====================================================
-
-#include $(CLEAR_VARS)
-#LOCAL_SRC_FILES := $(common_SRC_FILES)
-#LOCAL_CFLAGS := $(common_CFLAGS)
-#LOCAL_C_INCLUDES := $(common_C_INCLUDES)
-#
-#LOCAL_SHARED_LIBRARIES += $(common_SHARED_LIBRARIES)
-#LOCAL_STATIC_LIBRARIES:= libopenssl-static liblzo-static
-#
-##LOCAL_LDLIBS += -ldl
-##LOCAL_PRELINK_MODULE:= false
-#
-#LOCAL_MODULE:= openconnect-static
-#LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
-#include $(BUILD_EXECUTABLE)
-
-# dynamic linked binary
-# =====================================================
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := $(common_SRC_FILES)
-LOCAL_CFLAGS := $(common_CFLAGS)
-LOCAL_C_INCLUDES := $(common_C_INCLUDES)
-
-LOCAL_SHARED_LIBRARIES := $(common_SHARED_LIBRARIES) libssl libcrypto libz
-LOCAL_STATIC_LIBRARIES := libxml2 liblog
-
-#LOCAL_LDLIBS += -ldl
-#LOCAL_PRELINK_MODULE := false
-
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE := openconnect
-LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
-include $(BUILD_EXECUTABLE)
diff --git a/android/0001-Check-DTLS_BAD_VER-for-version-number.patch b/android/0001-Check-DTLS_BAD_VER-for-version-number.patch
new file mode 100644
index 00000000..11e6bb5f
--- /dev/null
+++ b/android/0001-Check-DTLS_BAD_VER-for-version-number.patch
@@ -0,0 +1,31 @@
+From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <dwmw2@infradead.org>
+Date: Tue, 12 Feb 2013 14:55:32 +0000
+Subject: [PATCH] Check DTLS_BAD_VER for version number.
+
+The version check for DTLS1_VERSION was redundant as
+DTLS1_VERSION > TLS1_1_VERSION, however we do need to
+check for DTLS1_BAD_VER for compatibility.
+
+PR:2984
+(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
+---
+ ssl/s3_cbc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
+index 02edf3f..443a31e 100644
+--- a/ssl/s3_cbc.c
++++ b/ssl/s3_cbc.c
+@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
+ 	unsigned padding_length, good, to_check, i;
+ 	const unsigned overhead = 1 /* padding length byte */ + mac_size;
+ 	/* Check if version requires explicit IV */
+-	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
++	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
+ 		{
+ 		/* These lengths are all public so we can test them in
+ 		 * non-constant time.
+-- 
+1.8.1.2
+
diff --git a/android/Makefile b/android/Makefile
new file mode 100644
index 00000000..9513800c
--- /dev/null
+++ b/android/Makefile
@@ -0,0 +1,125 @@
+#
+# This Makefile attempts to build OpenConnect and its dependencies for Android
+#
+# It doesn't do a stunning job of tracking changes in the dependencies and
+# automatically rebuilding them, but it's good enough for getting them built
+# and installed into its own local sysroot.
+#
+# As long as you have the Android NDK toolchain on your path, you should then
+# be able to edit fairly much anything in place and rebuild it locally.
+#
+# It should also be fairly simple to extend this to cross-compile for any target
+
+NDK     := /opt/android-sdk-linux_x86/android-ndk-r8d/
+ARCH    := arm
+APIVER  := 14
+TRIPLET := arm-linux-androideabi
+GCCVER  := 4.6
+
+NDK_SYSROOT := $(NDK)/platforms/android-$(APIVER)/arch-$(ARCH)
+OC_SYSROOT  := $(shell pwd)/sysroot
+
+OPENSSL_VER := 1.0.1e
+
+PATH := $(NDK)/toolchains/$(TRIPLET)-$(GCCVER)/prebuilt/linux-x86/bin:$(PATH)
+PKG_CONFIG_LIBDIR=$(OC_SYSROOT)/lib/pkgconfig
+export PATH PKG_CONFIG_LIBDIR
+
+
+MAKEINSTALL=$(MAKE) INSTALL=$(shell pwd)/install_symlink.sh
+
+CONFIGURE_ARGS := --host=$(TRIPLET) --prefix=$(OC_SYSROOT) \
+		  --disable-shared --enable-static \
+		  CFLAGS="--sysroot=$(NDK_SYSROOT)"
+
+all: openconnect
+
+#####################################################################
+#
+# Build libxml2 with minimal configuration for OpenConnect
+#
+LIBXML2_VER := 2.9.0
+LIBXML2_DIR := libxml2-$(LIBXML2_VER)
+
+libxml2-$(LIBXML2_VER).tar.gz:
+	curl ftp://xmlsoft.org/libxml2/libxml2-$(LIBXML2_VER).tar.gz -o $@.tmp && mv $@.tmp $@
+
+$(LIBXML2_DIR)/configure: libxml2-$(LIBXML2_VER).tar.gz
+	tar xfz $<
+
+$(LIBXML2_DIR)/Makefile: $(LIBXML2_DIR)/configure
+	cd libxml2-$(LIBXML2_VER) && ./configure $(CONFIGURE_ARGS) \
+	    --without-c14n -without-catalog --without-debug --without-docbook \
+	    --without-fexceptions --without-ftp --without-history \
+	    --without-html --without-http --without-iconv --without-iconv \
+	    --without-iso8859x --without-legacy --without-pattern \
+	    --without-push --without-regexps --without-run-debug \
+	    --without-sax1 --without-schemas --without-schematron \
+	    --without-threads --without-valid --without-xinclude \
+	    --without-xpath --without-xptr --without-zlib --without-lzma \
+	    --without-coverage --without-python
+
+$(LIBXML2_DIR)/libxml2.la: $(LIBXML2_DIR)/Makefile
+	$(MAKE) -C libxml2-$(LIBXML2_VER) libxml2.la
+
+$(LIBXML2_DIR)/libxml-2.0.pc: $(LIBXML2_DIR)/Makefile
+	$(MAKE) -C libxml2-$(LIBXML2_VER) libxml-2.0.pc
+
+$(OC_SYSROOT)/lib/libxml2.la: $(LIBXML2_DIR)/libxml2.la
+	$(MAKEINSTALL) -C libxml2-$(LIBXML2_VER) install-libLTLIBRARIES
+
+$(OC_SYSROOT)/lib/pkgconfig/libxml-2.0.pc: $(LIBXML2_DIR)/libxml-2.0.pc
+	$(MAKEINSTALL) -C libxml2-$(LIBXML2_VER) install-data
+
+LIBXML_DEPS := $(OC_SYSROOT)/lib/libxml2.la $(OC_SYSROOT)/lib/pkgconfig/libxml-2.0.pc
+
+libxml: $(LIBXML_DEPS)
+
+
+#####################################################################
+#
+# Build OpenSSL for Android
+#
+OPENSSL_VER := 1.0.1e
+OPENSSL_DIR := openssl-$(OPENSSL_VER)
+
+openssl-$(OPENSSL_VER).tar.gz:
+	curl http://www.openssl.org/source/openssl-$(OPENSSL_VER).tar.gz -o $@.tmp && mv $@.tmp $@
+
+$(OPENSSL_DIR)/Configure: openssl-$(OPENSSL_VER).tar.gz
+	tar xfz $<
+	cd openssl-$(OPENSSL_VER) && patch -p1 < ../0001-Check-DTLS_BAD_VER-for-version-number.patch
+	touch $(OPENSSL_DIR)/Configure # Make sure it's newer than Makefile and tarball
+
+$(OPENSSL_DIR)/Makefile: $(OPENSSL_DIR)/Configure
+	cd $(OPENSSL_DIR) && perl Configure --prefix=$(OC_SYSROOT) \
+		--cross-compile-prefix=$(TRIPLET)- no-shared \
+		android-armv7:"gcc --sysroot=$(NDK_SYSROOT)"
+
+$(OPENSSL_DIR)/libssl.a: $(OPENSSL_DIR)/Makefile
+	$(MAKE) -C $(OPENSSL_DIR)
+
+$(OC_SYSROOT)/lib/libssl.a: $(OPENSSL_DIR)/libssl.a
+	# Do this manually instead of using 'make install' since we want symlinks
+	mkdir -p $(OC_SYSROOT)/include/openssl
+	ln -sf $(shell pwd)/$(OPENSSL_DIR)/include/openssl/*.h $(OC_SYSROOT)/include/openssl
+	mkdir -p $(OC_SYSROOT)/lib/pkgconfig
+	ln -sf $(shell pwd)/$(OPENSSL_DIR)/*.pc $(OC_SYSROOT)/lib/pkgconfig
+	ln -sf $(shell pwd)/$(OPENSSL_DIR)/*.a $(OC_SYSROOT)/lib
+
+OPENSSL_DEPS := $(OC_SYSROOT)/lib/libssl.a
+
+openssl: $(OPENSSL_DEPS)
+
+#####################################################################
+#
+# Build OpenConnect for Android
+#
+
+ocbuild/Makefile: $(OPENSSL_DEPS) $(LIBXML_DEPS)
+	mkdir -p ocbuild
+	cd ocbuild && ../../configure $(CONFIGURE_ARGS) \
+	CFLAGS="--sysroot=$(NDK_SYSROOT) -DNO_BROKEN_DTLS_CHECK -DANDROID"
+
+openconnect: ocbuild/Makefile
+	make -C ocbuild
diff --git a/android/install_symlink.sh b/android/install_symlink.sh
new file mode 100755
index 00000000..30124d7c
--- /dev/null
+++ b/android/install_symlink.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+unset SRCS
+unset DST
+
+while [ $# -gt 1 ]; do
+    case "$1" in
+	-d)
+	    MAKEDIR=1
+	    shift
+	    ;;
+	-c|-C|-s)
+	    shift
+	    ;;
+	-m|-g|-o)
+	    shift 2;
+	    ;;
+	*)
+	    SRCS="$SRCS $(readlink -f "$1")"
+	    shift
+	    ;;
+    esac
+done
+if [ ! -z $MAKEDIR ]; then
+    mkdir -p $1
+fi
+ln -sf $SRCS "$1"
+