2

I have a VPN service, using ParcelFileDescriptor, and a builder to set the network parameters. Something like this code:

private Builder builder = new Builder().setSession("myService")
                                       .addAddress(...)
                                       .addDnsServer(...)
                                       .establish()

Now, I want to update the network parameters (DNS server for example), while I'm connected.

The relevant part from the documentation is this:

To avoid conflicts, there can be only one active VPN interface at the same time. Usually network parameters are never changed during the lifetime of a VPN connection. It is also common for an application to create a new file descriptor after closing the previous one. However, it is rare but not impossible to have two interfaces while performing a seamless handover. In this case, the old interface will be deactivated when the new one is created successfully. Both file descriptors are valid but now outgoing packets will be routed to the new interface. Therefore, after draining the old file descriptor, the application MUST close it and start using the new file descriptor. If the new interface cannot be created, the existing interface and its file descriptor remain untouched.

and as it said - "Usually network parameters are never changed during the lifetime of a VPN connection", but I do want to change them. Is it possible?

Witterquick
  • 6,048
  • 3
  • 26
  • 50
  • why do you want to change networks parameters after its connected @Roee84 – Akhil Surapuram Aug 02 '19 at 08:49
  • Why cant you just try disconnecting and connecting again rather than changing the parameters of the same object. Probably you might have to do this. – vizsatiz Aug 02 '19 at 09:09
  • That what I'm doing, but for some reason this code breaks on Chromebooks (ChromeOS), so I'm trying to find a workaround. – Witterquick Aug 15 '19 at 05:55

2 Answers2

0

I think that it's possible. Have you read the following paragraph carefully?

However, it is rare but not impossible to have two interfaces while performing a seamless handover. In this case, the old interface will be deactivated when the new one is created successfully. Both file descriptors are valid but now outgoing packets will be routed to the new interface.

You can create a new FD based on the existing FD, and then close the old FD, and the new FD will continue to process the previous packet. However, if some connections are removed from the virtual card route or are changed from a non-virtual card route to a virtual card route, it may be forced to disconnect

I strongly recommend that you write a vpn demo to test this situation. If you test it, no matter what the result is, I hope you can inform me, thank you!

wustwg
  • 1
0

For those who are reading this old question - back then it was broken on Chromebooks, I submitted a bug report for Google, they confirmed the bug, and after some time they fixed it.

Witterquick
  • 6,048
  • 3
  • 26
  • 50