Login/Register
How to use the VPN API on Android? [closed]
Asked Answered
javaandroidandroid-4.0-ice-cream-sandwichvpnopenvpn
T

1

3

I'm exploring VPN Connectivity in Android.

  1. I want to know how to setup a VPN connection in Android using an application.

  2. I came across some sample code named ToyVpn. I ran the application but I didn't know what data I had to give in the form displayed by that application. Considering I have a VPN server with an IP address (say 10.162.1.2), what do I need to do in that application so this app work ?

  3. If I try to use a public VPN server, what do I need to do?

  4. I downloaded OpenVPN source code from GIT/ics-openvpn and I compiled it and ran on my ICS device, but I didn't know how to configure the data that needs to be entered.

Please can somebody provide the exact way to use this app ?

Tight answered 5/11, 2012 at 13:50 Comment(42)
For ToyVpn you can read this post #13229334; In this post there is a comment saying "ToyVPN has its own server; it does not use any conventional VPN server. " Which means we should run the server of ToyVpn, but the steps for running it require adding route etc, which I am unable to do without root....and unfortunately I am unable to root my phone...:( But ideally this sample ToyVpn should connect to other servers too....Allonge
I am also trying to create a VPN client for days....It would be really helpful if some one post some sudo code i.e. basic steps because the client of ToyVpn does not seems to be a complete client, since it does not connect me to VPN server...and there is no option for username while nearly all servers require username...Allonge
@user1204089 I had also checked the link which u had shared. Now i tested the toyvpn app, with the pptp test values, it didnt work.. And i need to to knw whether there is any test values for testing the toyvpn app.And also have u heared abt openvpn app?Tight
According to the link which I shared above, we need to run the server of ToyVpn, which creates serevr at port 8000, and the file mentions "Set the addresses and bring up the interface." so give it an ip address, in this way ur server address is the ip address that u gave to that interface, 8000 is port and shared secret is "test", but I have not tested it becz I can not add route etc as mentioned in serevr file without root access...Allonge
I looked at OpenVpn but I think they use hidden API and also require root access...But I want to do it with VPN service. There is another app "tPacketCapture" they esteblish a vpn connection via VPN service (but I think they do not connect to any external server)Allonge
@user1204089 Thanks for ur replies .. As my understanding, u mean to say i need to setup a server and give that server IP as a value to the toyvpn app, is it correct?. And What u meant by external server, Then what type of server it will connect?Tight
about ToyVpn: Yes. About tPacketCapture: I think there is local server on the phone.Allonge
Np! I think you should read the server file of project it has mentioned the steps. I didn't find any other doc...Please let me know if ToyVpn work for you!Allonge
where i could find those server files. pardon if my questions are silly as iam new to these conceptsTight
Its Ok, U have ToyVpn source code right, in that code there is a folder "server" open it, there is "linux" folder in which there is ToyVpnServr.cpp fileAllonge
In that i could find send and receive of the packets only :( . as of my understandingTight
Read th ecomments of that cpp fileAllonge
@user1204089 i have a small doubt in the cpp file comment. I need to knw its enough to run ./a.out after compiling that ToyVpn.cpp file (According to this link)... And in the cpp file comment it has mentioned ./ToyVpnServer tun0 8000 test -m 1400 -a 10.0.0.2 32 -d 8.8.8.8 -r 0.0.0.0 0 where ./ToyVpnServer should be replaced by ./a.outTight
yeah! ./ToyVpnServer and ./a are same. And just running is not enough, according to those comments adding route etc is also required.Allonge
@user1204089 Sir i had setup the toyvpn server and it worked fine for me.. I got connected Notification and the session details in my phone.I have few other to do.. How to confirm that all data packets from my phone is going through that server?Tight
Did you just performed the steps given in that server file? For packets: there is some command like "show ip route", I don't remember the exact syntax...Allonge
actually i did all the steps in that cpp file..i.e., the steps in the comment that comes after the header file declartion..Actually my scenario is i have an app,through that app i need to send packets through our vpn if some other vpn is connected i need to stop sending the packets and also i need to check for the packets send. How this could be acheived.. any idea?Tight
Did you compile and run that server file too? (Like #11424522 )For what you are trying to do, you should try to get the name of the connected VPN 1st, then if name is same as your vpn client then keep sending, if it changes then stop your app from sending packets. But, 1st check if there is some broadcast for "new vpn connected", what i said before there you have to check again and again for the vpn name, but if there is some broadcast then you just have to register a receiver for that broadcast.Allonge
@user1204089 I ran ./a.out (followed by 6 parameter )after compiling the cpp file. U mean that i need to have a Broadcast receiver and the intent filter will the VPN change. If so i couldnt find any intent filter for that..Only BIND_VPN_SERVICE is there..I s there any other API to check this VPN change?Tight
If there is no related broadcast then you'll have to check for vpn connection...I think there is no vpn api other than what you already know! The thing that I do not understand about running the server file is that this file is part of the application, if I run the application then why do I have to run the file again...but if I have to run it then what am I running i.e. do I need to copy the file somewhere then compile and run it, or just install the application and then give the command to compile and run, can you please share the commands to compile and run it....:/Allonge
@user1204089 Actually we just keep that file in the application but we are not using t as i gone through the ToyVpn code.If we remove that server folder in the application and then build it, still the app will work fine. I copied that cpp file into a folder and did the commands in the comments and finnaly i did ./a.out with the parameters given in the comment..Thats allTight
@user1204089 Wat u mean by "you'll have to check for vpn connection".Tight
Thanks, I mean check if your vpn is connected or not...You should read the documentation..., Can more than one VPN exist at the same time? if not then function onRevoke() of VPNService can be used (may be!), read the documentation, if there is no api then try to access the internals of system to see if ur desired vpn is connected or notAllonge
@user1204089 no, More than one VPN at a time is not possible, If u r opening a new VPN the latter will come into existence and the former will automatically disconnected..K i could understand the usage of onRevoke(). but i couldn't get the point "access the internals of system to see if ur desired vpn " and also u r meaning "VPNService documentation"Tight
yaeh documentation of VPN service, and by internal I mean try to access internal/hidden api of vpn...which I am not sure if it can be accessed on api level higher than 10...But, first you should focus on onRevok method, if it is not helpful then look for some internal/hidden method, if there is one...Allonge
Can you please take a look at this question #13565975, and guide me if you can, and did you faced this problem too while you were setting the server?Allonge
@user1204089 i didnt face any issue like this.. I installed the server in my Ubuntu 10.04Tight
ok, thanks. I was trying to set the server on phone!Allonge
Can you please tell me following things:"iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE" in this line if my pc's address is "192.168.2.215" and my phone(client)'s address is "192.168.2.132" then after "-s " should I write 192.168.2.215/24?Allonge
and in line "ifconfig tun0 10.0.0.1 dstaddr 10.0.0.2 up" what should I write here instead of 10.0.0.1 and 10.0.0.2? How should I modify "./ToyVpnServer tun0 8000 test -m 1400 -a 10.0.0.2 32 -d 8.8.8.8 -r 0.0.0.0 0". I'll highly appreciate if you could help...Allonge
and before I gave all the commands as it is , and before that command of "./ToyVpnServer" I run the server file with g++ and then gave that command of "./ToyVpnServer" but there is no output no nothing, it seems just stuck...:/Allonge
U dont want to edit the ip address given.. Just give as it is.. and finnally u need to give ./a.out instead of ./ToyVpnServerTight
I have done this but again terminal looks stuck and toyVpn could not connect to the pc. What i have done is: root@mariam-PC:~# echo 1 > /proc/sys/net/ipv4/ip_forward root@mariam-PC:~# iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE root@mariam-PC:~# cat /proc/sys/net/ipv4/ip_forward1 root@mariam-PC:~# ip tuntap add dev tun0 mode tun root@mariam-PC:~# ifconfig tun0 10.0.0.1 dstaddr 10.0.0.2 up root@mariam-PC:~# ./a.out tun0 8000 test -m 1400 -a 10.0.0.2 32 -d 8.8.8.8 -r 0.0.0.0 0Allonge
This "./a.out" is in the folder "home"...is this accessible like the way command is give..? Also, in ToyVpn's client I gave IP address of the PC...is this right or should I provide the ip address given in the commands, and if ip address of command then which one?Allonge
Consider u have the .cpp in a folder named "home" and in the terminal u ran gcc ToyvpnServer.cpp (u r in the "home"folder). U could see a.out file is generated.. Nw run the ./a.out tun0 8000 test -m 1400 -a 10.0.0.2 32 -d 8.8.8.8 -r 0.0.0.0 0 ...... Initially in the terminal nothing will be displayed.. Once u connect ur client u could see print messages present in the cpp.. For ur understanding put a print message inside main() in .cpp fileTight
again disconnected :(. and in the nat table the inserted rule is not appearing..I tried with both "-A" and "-I". The ip address should be the pc ip adress!?Allonge
sir just try to have ur ip address on the ./a.out command and check.. I ll check and tell u the exact commandTight
I just ran the commands in the comments of the cpp file that is preserent in server folder of toyvpn source.. And i ran the application by giving My systems "IP" ,port "8000" and secret key "test" .. Thats allTight
sry ia didnt check the IP address in the cmd u givenTight
Thanks God! Now, it is working, I disabled the firewall (ufw) and again gave the commands. Thanks alot for your help! :)Allonge
This question appears to be off-topic because it is about Android supportPrefecture
@shlebe, please do not use code format for plain text, proper names, etc. It should be kept for code onlyUnderwood
P
5

I want to know how to setup a VPN connection in Android using an application?

The Android SDK comes bundled with a sample; see ToyVpn in the android-16 samples directory. Also consult the documentation for VpnService and VpnService.Builder.

I came across a sample code namely ToyVpn.I ran the application but i dont know what datas i need to give in the form shown by that application, Consider iam having a VPN server with ip-address (say 10.162.1.2), What i need to do in that application to make that app work .

Your VPN will need to create a new socket, protect the socket from being routed back into the VPN using VpnService.protect(Socket), and connect the socket to 10.162.1.2. Having set up a tunnel connection to the VPN server, you should proceed to writing the input stream of the VpnService's interface into the tunnel's output stream, and in turn write the tunnel response back into the interface output stream.

If i try to use any public VPN server, What i need to do?

There is no standard mechanism in place for setting up a connection to a VPN server. ToyVpn simply communicates over a socket using raw TCP packets. You can either implement an existing protocol (see RFC 4026) like OpenVPN has done or write something yourself.

Phyliciaphylis answered 28/11, 2013 at 17:6 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.