Hey Gert, On Wed, Feb 8, 2012 at 10:24 AM, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Wed, Feb 08, 2012 at 04:47:35AM -0800, James Ring wrote: >> Perhaps I wrote this too hastily. I wasn't thinking of how OpenVPN >> actually works. OpenVPN would: >> >> * open the connection (tcp or udp) to the remote end >> * negotiate session parameters >> * provide the Android Java wrapper with the session parameters via the >> service pipe >> * receive the file descriptor to use as the tun/tap device from the >> Android Java wrapper via the service pipe > > Exactly. The first three things are sort of "nearly done", the > "receive file descriptor to use for tun/tap" would need to be > implemented (tun.c, open_tun(), #ifdef ANDROID_MAGIC_VPN :-) )
I was thinking about this a little more. Presumably openvpn will be forked and exec'd before the file descriptor is available. Presumably openvpn could connect to a UNIX domain socket inside open_tun() if ANDROID_MAGIC_VPN is specified. Does other code within openvpn care whether the fd is a UNIX socket or a tun/tap device? I'm guessing there may be some ioctls it wants to perform on the device. Other than that, openvpn would be reading and writing IP packets with an encrypted payload and the Java wrapper would be responsible for forwarding the bytes between the UNIX domain socket and the actual tun device. Regards, James
