Re: [Openvpn-devel] OpenVPN and Android 4.0 VPN API

Wed, 08 Feb 2012 18:22:53 +0000 

Hi,

On Wed, Feb 08, 2012 at 04:16:20AM -0800, James Ring wrote:
> Looks like you need to pass a native fd. OpenVPN would not be able to
> open the device itself. There looks to be a chicken and egg problem
> here though: the fd is returned by the VpnService.Builder.establish()
> method
> 
> http://developer.android.com/reference/android/net/VpnService.Builder.html#establish()
> 
> This needs to happen after a bunch of parameters are already known.
> Since OpenVPN would normally take care of negotiating these with the
> other end, it would seem that the tunnel fd is not available to
> OpenVPN in time to do this. Perhaps the user would have to configure
> the route, search domain, IP address and other parameters in advance
> of starting the VPN connection. That would suck.

You only need the *tunnel* FD to forward packets to the android networking
stack.  To connect to the OpenVPN server, you use a normal socket, which
would have to be opened by OpenVPN - but that's a standard network operation
which doesn't need special privileges.

Right now, passing in the tun device file handle from an external source
isn't something directly supported, but the open_tun() method is very
platform specific anyway, so it's not unsolvable.

[..]
> > ... and for the rest, well, we'd need a volunteer that wants to *work* on
> > this, not just ask for it...  I don't have an Android device (and no
> > time) so it wouldn't be me.
> 
> I'm raising my hand. This path sounds better than what I thought would
> be necessary (writing OpenVPN client implementation in Java). I'm also
> asking around here at Google to see if somebody with more experience
> with Android is interested in helping out. I'm sure there is
> sufficient interest on both sides (Android and OpenVPN) to get
> something working. This would make a niche segment of Android users
> very happy I'm sure.

This would be extremely cool!

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: pgpMkebpkRDML.pgp
Description: PGP signature

Reply via email to