8

According to the official documentation:

Add a network address to the VPN interface. Both IPv4 and IPv6 addresses are supported. At least one address must be set before calling establish(). Adding an address implicitly allows traffic from that address family (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily

However, it is still not clear to me, and digging through dns66's source and Netguard's source did not help much either.

I am not sure it is supposed to be the server address, but I cannot think of anything else which is meaningful. What address do I set if I want to implement a localVPN, before establish()?

This is dns66's source, but I don't see why it adds these addresses (how does it know that 192.168.50.1 will work, if everything "fails")?:

    // Determine a prefix we can use. These are all reserved prefixes for example
    // use, so it's possible they might be blocked.
    for (String prefix : new String[]{"192.0.2", "198.51.100", "203.0.113"}) {
        try {
            builder.addAddress(prefix + ".1", 24);
        } catch (IllegalArgumentException e) {
            continue;
        }

        format = prefix + ".%d";
        break;
    }

    // For fancy reasons, this is the 2001:db8::/120 subnet of the /32 subnet reserved for
    // documentation purposes. We should do this differently. Anyone have a free /120 subnet
    // for us to use?
    byte[] ipv6Template = new byte[]{32, 1, 13, (byte) (184 & 0xFF), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

    if (hasIpV6Servers(config, dnsServers)) {
        try {
            InetAddress addr = Inet6Address.getByAddress(ipv6Template);
            Log.d(TAG, "configure: Adding IPv6 address" + addr);
            builder.addAddress(addr, 120);
        } catch (Exception e) {
            e.printStackTrace();

            ipv6Template = null;
        }
    } else {
        ipv6Template = null;
    }

    if (format == null) {
        Log.w(TAG, "configure: Could not find a prefix to use, directly using DNS servers");
        builder.addAddress("192.168.50.1", 24);
    }
itarill
  • 323
  • 1
  • 14

1 Answers1

0

You basically add the IP of the Bridge (the router providing the whole internet), And for me it was enough to do something like:

import android.net.VpnService.Builder;

// ...

boolean is_ip_version_6_supported = true;

Builder builder = new Builder();
builder.setSession("My App's session");

// Specify address of the bridge (or router providing the whole internet),
// to use for IP version 4 and 6 connection capturing (like a firewall).
builder.addAddress("10.1.10.1", 32);
if (is_ip_version_6_supported) {
  builder.addAddress("fd00:1:fd00:1:fd00:1:fd00:1", 128);
}

// ...

Note: I am beginner too, so, feel free to edit and improve my post ;-)
anyway, your application will be responsible for forwarding locally captured packets to VPN-server and injecting remote's response packets back on the local.

Top-Master
  • 7,611
  • 5
  • 39
  • 71