Hi all, I am playing with idea of developing VPN client for android phone. A few words how it works - I will omit security protocol aspects as they are not relevant for this discussion but concentrate on services, provided by OS: - a vpn client creates a secure tunnel to the VPN server; - brings up tun/tap interface and assigns it an ip address/netmask; - adds route (either by modifying default route or adding a new one) to route all/some of the traffic through tun/tap interface; - attaches to tun/tap and sends/receives data to be sent through the tunnel.
There are several aspects which need to be resolved to satisfy existing security/distribution model while achieving needed functionality: - the tun/tap interface is not enabled in kernel but can be easily enabled; - user application cannot do any root- permission requiring operations, meaning there is no way today to add/delete route from the user application or modify DNS entries; What I want to propose is to develop a service/daemon, which will be a part of Android standard SDK/package, which runs on a phone and can be communicated with via unix domain socket (or some other IPC mechanism) and provides following APIs: 1. IFUP/IFDOWN for tun/tap interface; 2. Assign IP/netmask to tun/tap interface; 3. Add/delete routes; 4. Modify DNS settings; 5. Change tun/tap interface owner (so user application can read from tun/tap). I am a bit unclear how this package, once it is developed becomes part of an SDK/distribution. Any ideas/feedback is greatly appreciated. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "android-framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-framework?hl=en -~----------~----~----~----~------~----~------~--~---
