Hi, On Wed, Feb 08, 2012 at 04:16:20AM -0800, James Ring wrote: > Looks like you need to pass a native fd. OpenVPN would not be able to > open the device itself. There looks to be a chicken and egg problem > here though: the fd is returned by the VpnService.Builder.establish() > method > > http://developer.android.com/reference/android/net/VpnService.Builder.html#establish() > > This needs to happen after a bunch of parameters are already known. > Since OpenVPN would normally take care of negotiating these with the > other end, it would seem that the tunnel fd is not available to > OpenVPN in time to do this. Perhaps the user would have to configure > the route, search domain, IP address and other parameters in advance > of starting the VPN connection. That would suck.
You only need the *tunnel* FD to forward packets to the android networking
stack. To connect to the OpenVPN server, you use a normal socket, which
would have to be opened by OpenVPN - but that's a standard network operation
which doesn't need special privileges.
Right now, passing in the tun device file handle from an external source
isn't something directly supported, but the open_tun() method is very
platform specific anyway, so it's not unsolvable.
[..]
> > ... and for the rest, well, we'd need a volunteer that wants to *work* on
> > this, not just ask for it... I don't have an Android device (and no
> > time) so it wouldn't be me.
>
> I'm raising my hand. This path sounds better than what I thought would
> be necessary (writing OpenVPN client implementation in Java). I'm also
> asking around here at Google to see if somebody with more experience
> with Android is interested in helping out. I'm sure there is
> sufficient interest on both sides (Android and OpenVPN) to get
> something working. This would make a niche segment of Android users
> very happy I'm sure.
This would be extremely cool!
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpMkebpkRDML.pgp
Description: PGP signature
