4

I'm developing an Android application and want it to connect to an OpenVPN Server. Since Android 4.0 there is a VPNService class. This class however needs to intercept all the network packets(and require special permissions) because it is apperently running on the Internet Protocol. However as far as I understand, OpenVPN is running on-top of TCP or UDP(my server is configured to use UDP). I only need to tunnel the traffic from my own application through the VPN tunnel.

  • Shouldn't it theoretically be possible to avoid this(because I don't need to intercept all the traffic, but only the UDP-OpenVPN packets targeting my application)?
  • Do you know of a library for Android that fulfills my needs?
  • If not, would it be possible to implement the OpenVPN protocol in Android on-top of UDP without the need of the VPNService class?

I found the follwing project: ics-openvpn. However it also uses the VPNService class and intercepts all the packages.

krial
  • 842
  • 1
  • 7
  • 15

2 Answers2

4

Sure, you can theoretically do UDP/OpenVPN in userspace/inside your app. But you would need to implement the whole TCP/IP inside your app since you need to emulate the whole VPN stack.

For a one app VPN like solution you are probably much better of using a SOCKS/HTTP proxy etc. library.

plaisthos
  • 6,255
  • 6
  • 35
  • 63
  • Thanks! But why would I need to implement TCP/IP too. Wouldn't it be sufficent to open an UDP socket(Using Android SDK) and pass only the corresponding OpenVPN packets(using own implementation) in it. – krial Jul 29 '15 at 13:51
  • and how do you generate the payload for the OpenVPN packets, which is TCP/IP? – plaisthos Jul 29 '15 at 17:03
  • I have to do it manually either way because the VPNService class doesn't support the OpenVPN protocol too. – krial Jul 30 '15 at 06:29
  • 1
    wirh the vpnservice the OS gives you the payload (TCP/IP) via the tun Interface. – plaisthos Jul 30 '15 at 07:23
  • oh dang, now I understand. Too bad I can't capture the packets from my own application without needing the user-permission. I think i will go with a custom protocol for my application and server built on top of TCP+TLS then. Thank you very much! – krial Jul 30 '15 at 13:24
2

You need to use VpnService for creating an application of OpenVPN which takes ovpn file as input for configuration on client side like OpenVPN Connect. So any person can change configuration according to their need. Also, you have to configure the server for OpenVPN. Take server of AWS EC2 or any other. While in configuring VPN on server side follow this link.

Vineet Jain
  • 1,515
  • 4
  • 21
  • 31