3

I'm exploring VPN Connectivity in Android.

  1. I want to know how to setup a VPN connection in Android using an application.

  2. I came across some sample code named ToyVpn. I ran the application but I didn't know what data I had to give in the form displayed by that application. Considering I have a VPN server with an IP address (say 10.162.1.2), what do I need to do in that application so this app work ?

  3. If I try to use a public VPN server, what do I need to do?

  4. I downloaded OpenVPN source code from GIT/ics-openvpn and I compiled it and ran on my ICS device, but I didn't know how to configure the data that needs to be entered.

Please can somebody provide the exact way to use this app ?

schlebe
  • 3,387
  • 5
  • 37
  • 50
Sudarshan
  • 1,291
  • 3
  • 26
  • 35
  • For ToyVpn you can read this post http://stackoverflow.com/questions/13228834/vpn-client-on-android-few-questions-about-vpn-client-and-use-of-hidden-apis; In this post there is a comment saying "ToyVPN has its own server; it does not use any conventional VPN server. " Which means we should run the server of ToyVpn, but the steps for running it require adding route etc, which I am unable to do without root....and unfortunately I am unable to root my phone...:( But ideally this sample ToyVpn should connect to other servers too.... – blackfyre Nov 07 '12 at 10:23
  • I am also trying to create a VPN client for days....It would be really helpful if some one post some sudo code i.e. basic steps because the client of ToyVpn does not seems to be a complete client, since it does not connect me to VPN server...and there is no option for username while nearly all servers require username... – blackfyre Nov 07 '12 at 10:28
  • @user1204089 I had also checked the link which u had shared. Now i tested the toyvpn app, with the pptp test values, it didnt work.. And i need to to knw whether there is any test values for testing the toyvpn app.And also have u heared abt openvpn app? – Sudarshan Nov 07 '12 at 10:38
  • According to the link which I shared above, we need to run the server of ToyVpn, which creates serevr at port 8000, and the file mentions "Set the addresses and bring up the interface." so give it an ip address, in this way ur server address is the ip address that u gave to that interface, 8000 is port and shared secret is "test", but I have not tested it becz I can not add route etc as mentioned in serevr file without root access... – blackfyre Nov 07 '12 at 10:44
  • I looked at OpenVpn but I think they use hidden API and also require root access...But I want to do it with VPN service. There is another app "tPacketCapture" they esteblish a vpn connection via VPN service (but I think they do not connect to any external server) – blackfyre Nov 07 '12 at 10:47
  • @user1204089 Thanks for ur replies .. As my understanding, u mean to say i need to setup a server and give that server IP as a value to the toyvpn app, is it correct?. And What u meant by external server, Then what type of server it will connect? – Sudarshan Nov 07 '12 at 10:51
  • about ToyVpn: Yes. About tPacketCapture: I think there is local server on the phone. – blackfyre Nov 07 '12 at 10:56
  • Np! I think you should read the server file of project it has mentioned the steps. I didn't find any other doc...Please let me know if ToyVpn work for you! – blackfyre Nov 07 '12 at 11:04
  • where i could find those server files. pardon if my questions are silly as iam new to these concepts – Sudarshan Nov 07 '12 at 11:10
  • Its Ok, U have ToyVpn source code right, in that code there is a folder "server" open it, there is "linux" folder in which there is ToyVpnServr.cpp file – blackfyre Nov 07 '12 at 11:13
  • In that i could find send and receive of the packets only :( . as of my understanding – Sudarshan Nov 07 '12 at 11:18
  • Read th ecomments of that cpp file – blackfyre Nov 07 '12 at 11:19
  • 1
    @user1204089 i have a small doubt in the cpp file comment. I need to knw its enough to run ./a.out after compiling that ToyVpn.cpp file (According to [this](http://stackoverflow.com/questions/11424022/toyvpn-unable-to-connect-to-vpn-server?rq=1) link)... And in the cpp file comment it has mentioned **./ToyVpnServer tun0 8000 test -m 1400 -a 10.0.0.2 32 -d 8.8.8.8 -r 0.0.0.0 0** where **./ToyVpnServer** should be replaced by **./a.out** – Sudarshan Nov 08 '12 at 07:16
  • yeah! ./ToyVpnServer and ./a are same. And just running is not enough, according to those comments adding route etc is also required. – blackfyre Nov 08 '12 at 08:09
  • @user1204089 Sir i had setup the toyvpn server and it worked fine for me.. I got connected Notification and the session details in my phone.I have few other to do.. How to confirm that all data packets from my phone is going through that server? – Sudarshan Nov 12 '12 at 04:53
  • Did you just performed the steps given in that server file? For packets: there is some command like "show ip route", I don't remember the exact syntax... – blackfyre Nov 13 '12 at 05:45
  • actually i did all the steps in that cpp file..i.e., the steps in the comment that comes after the header file declartion..Actually my scenario is i have an app,through that app i need to send packets through our vpn if some other vpn is connected i need to stop sending the packets and also i need to check for the packets send. How this could be acheived.. any idea? – Sudarshan Nov 14 '12 at 05:04
  • Did you compile and run that server file too? (Like http://stackoverflow.com/questions/11424022/toyvpn-unable-to-connect-to-vpn-server?rq=1 )For what you are trying to do, you should try to get the name of the connected VPN 1st, then if name is same as your vpn client then keep sending, if it changes then stop your app from sending packets. But, 1st check if there is some broadcast for "new vpn connected", what i said before there you have to check again and again for the vpn name, but if there is some broadcast then you just have to register a receiver for that broadcast. – blackfyre Nov 14 '12 at 05:55
  • @user1204089 I ran ./a.out (followed by 6 parameter )after compiling the cpp file. U mean that i need to have a Broadcast receiver and the intent filter will the VPN change. If so i couldnt find any intent filter for that..Only BIND_VPN_SERVICE is there..I s there any other API to check this VPN change? – Sudarshan Nov 14 '12 at 10:49
  • If there is no related broadcast then you'll have to check for vpn connection...I think there is no vpn api other than what you already know! The thing that I do not understand about running the server file is that this file is part of the application, if I run the application then why do I have to run the file again...but if I have to run it then what am I running i.e. do I need to copy the file somewhere then compile and run it, or just install the application and then give the command to compile and run, can you please share the commands to compile and run it....:/ – blackfyre Nov 15 '12 at 06:39
  • @user1204089 Actually we just keep that file in the application but we are not using t as i gone through the ToyVpn code.If we remove that server folder in the application and then build it, still the app will work fine. I copied that cpp file into a folder and did the commands in the comments and finnaly i did ./a.out with the parameters given in the comment..Thats all – Sudarshan Nov 15 '12 at 06:47
  • @user1204089 Wat u mean by "you'll have to check for vpn connection". – Sudarshan Nov 15 '12 at 06:49
  • Thanks, I mean check if your vpn is connected or not...You should read the documentation..., Can more than one VPN exist at the same time? if not then function onRevoke() of VPNService can be used (may be!), read the documentation, if there is no api then try to access the internals of system to see if ur desired vpn is connected or not – blackfyre Nov 15 '12 at 07:22
  • @user1204089 no, More than one VPN at a time is not possible, If u r opening a new VPN the latter will come into existence and the former will automatically disconnected..K i could understand the usage of onRevoke(). but i couldn't get the point "access the internals of system to see if ur desired vpn " and also u r meaning "VPNService documentation" – Sudarshan Nov 15 '12 at 08:29
  • yaeh documentation of VPN service, and by internal I mean try to access internal/hidden api of vpn...which I am not sure if it can be accessed on api level higher than 10...But, first you should focus on onRevok method, if it is not helpful then look for some internal/hidden method, if there is one... – blackfyre Nov 15 '12 at 10:15
  • Can you please take a look at this question http://stackoverflow.com/questions/13565475/android-nat-table-fix-me-impliment-getnetbyaddr-bionic-libc-bionic-stubs-c, and guide me if you can, and did you faced this problem too while you were setting the server? – blackfyre Nov 26 '12 at 13:27
  • @user1204089 i didnt face any issue like this.. I installed the server in my Ubuntu 10.04 – Sudarshan Nov 26 '12 at 14:18
  • ok, thanks. I was trying to set the server on phone! – blackfyre Nov 27 '12 at 05:30
  • Can you please tell me following things:"iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE" in this line if my pc's address is "192.168.2.215" and my phone(client)'s address is "192.168.2.132" then after "-s " should I write 192.168.2.215/24? – blackfyre Nov 27 '12 at 08:13
  • and in line "ifconfig tun0 10.0.0.1 dstaddr 10.0.0.2 up" what should I write here instead of 10.0.0.1 and 10.0.0.2? How should I modify "./ToyVpnServer tun0 8000 test -m 1400 -a 10.0.0.2 32 -d 8.8.8.8 -r 0.0.0.0 0". I'll highly appreciate if you could help... – blackfyre Nov 27 '12 at 08:17
  • and before I gave all the commands as it is , and before that command of "./ToyVpnServer" I run the server file with g++ and then gave that command of "./ToyVpnServer" but there is no output no nothing, it seems just stuck...:/ – blackfyre Nov 27 '12 at 08:21
  • U dont want to edit the ip address given.. Just give as it is.. and finnally u need to give ./a.out instead of ./ToyVpnServer – Sudarshan Nov 27 '12 at 09:46
  • I have done this but again terminal looks stuck and toyVpn could not connect to the pc. What i have done is: root@mariam-PC:~# echo 1 > /proc/sys/net/ipv4/ip_forward root@mariam-PC:~# iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE root@mariam-PC:~# cat /proc/sys/net/ipv4/ip_forward1 root@mariam-PC:~# ip tuntap add dev tun0 mode tun root@mariam-PC:~# ifconfig tun0 10.0.0.1 dstaddr 10.0.0.2 up root@mariam-PC:~# ./a.out tun0 8000 test -m 1400 -a 10.0.0.2 32 -d 8.8.8.8 -r 0.0.0.0 0 – blackfyre Nov 27 '12 at 10:10
  • This "./a.out" is in the folder "home"...is this accessible like the way command is give..? Also, in ToyVpn's client I gave IP address of the PC...is this right or should I provide the ip address given in the commands, and if ip address of command then which one? – blackfyre Nov 27 '12 at 10:13
  • Consider u have the .cpp in a folder named "home" and in the terminal u ran gcc ToyvpnServer.cpp (u r in the "home"folder). U could see a.out file is generated.. Nw run the ./a.out tun0 8000 test -m 1400 -a 10.0.0.2 32 -d 8.8.8.8 -r 0.0.0.0 0 ...... Initially in the terminal nothing will be displayed.. Once u connect ur client u could see print messages present in the cpp.. For ur understanding put a print message inside main() in .cpp file – Sudarshan Nov 27 '12 at 10:23
  • again disconnected :(. and in the nat table the inserted rule is not appearing..I tried with both "-A" and "-I". The ip address should be the pc ip adress!? – blackfyre Nov 27 '12 at 10:41
  • sir just try to have ur ip address on the ./a.out command and check.. I ll check and tell u the exact command – Sudarshan Nov 27 '12 at 12:13
  • I just ran the commands in the comments of the cpp file that is preserent in server folder of toyvpn source.. And i ran the application by giving My systems "IP" ,port "8000" and secret key "test" .. Thats all – Sudarshan Nov 27 '12 at 12:18
  • sry ia didnt check the IP address in the cmd u given – Sudarshan Nov 27 '12 at 12:20
  • Thanks God! Now, it is working, I disabled the firewall (ufw) and again gave the commands. Thanks alot for your help! :) – blackfyre Nov 27 '12 at 13:19
  • This question appears to be off-topic because it is about Android support – Luc M Nov 28 '13 at 18:58
  • @shlebe, please do not use code format for plain text, proper names, etc. It should be kept for code only – Vega Apr 04 '22 at 03:46

1 Answers1

5

I want to know how to setup a VPN connection in Android using an application?

The Android SDK comes bundled with a sample; see ToyVpn in the android-16 samples directory. Also consult the documentation for VpnService and VpnService.Builder.

I came across a sample code namely ToyVpn.I ran the application but i dont know what datas i need to give in the form shown by that application, Consider iam having a VPN server with ip-address (say 10.162.1.2), What i need to do in that application to make that app work .

Your VPN will need to create a new socket, protect the socket from being routed back into the VPN using VpnService.protect(Socket), and connect the socket to 10.162.1.2. Having set up a tunnel connection to the VPN server, you should proceed to writing the input stream of the VpnService's interface into the tunnel's output stream, and in turn write the tunnel response back into the interface output stream.

If i try to use any public VPN server, What i need to do?

There is no standard mechanism in place for setting up a connection to a VPN server. ToyVpn simply communicates over a socket using raw TCP packets. You can either implement an existing protocol (see RFC 4026) like OpenVPN has done or write something yourself.

Community
  • 1
  • 1
Paul Lammertsma
  • 37,593
  • 16
  • 136
  • 187