I need to implement an Android app that would allow the user to configure a VPN connection without having to access the native menu of the Android device. With this I have two problems:
in Android 4.0 + (api level 14 and above) I have found there is a new component called VpnService which provides a hook for creating a virtual network interface, configuring it and intercepting / forwarding pachets from it to a VPN server, but there are no built in vpn protocols like PPTP or IPSec, there is just the possibility of implementing them. My question is is there any ready made solution for PPTP and IPSec to work with VpnService?
In earlier versions of Android, from what I have found so far, it seems the only way to use VPN is to access and configure the built in vpn solution of the device by wrapping (using reflection) some hidden apis in android but this is a cumbersome solution since the device needs to be rooted, also the hidden api implementations may differ from device to device, and from OS version to OS version. Is there a better way to programmatically configure the built in VPN of the underlying linux OS?
1) I don't know of any open-source PPTP or IPSec implementations for the Android 4.x ICS VpnService. VpnService is designed for creating custom-protocol VPN applications (which could in theory be pptp or IPSec). The only open-source implementation I have found that leverages this new API is one for OpenVPN:
https://github.com/schwabe/ics-openvpn
This provides one potential VPN solution that you are fully in control of (the server is open-source also), but it is not PPTP or IPSec. If you understand the PPTP protocol, it should be possible to use this as a model to implement such a VPN client.
2) Yes, it is true that in earlier versions, the only way is through private APIs. In fact, even if you want to do it in later versions using the built in VPN support (i.e. built in PPTP or IPSec support), you have to leverage these hidden APIs. It maybe be possible to do it at a lower-level using the underlying linux kernel, but this would require rooting the OS and circumventing the Android application paradigm. This is not necessarily a better alternative to using private APIs.
For some info on howto configure VPN using those APIs:
http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/2.2_r1.1/android/net/vpn/PptpProfile.java
(example of a PPTP profile object, needed to pass into the API)
How to programmatically create a new VPN interface with Android 4.0? (Explains how to store this new VPN profile on the system)
I am not sure how consistent and reliable these APIs will be. I would expect them to work on most Android devices as vendors are unlikely to re-implement the basic VPN implementations, although they may have added their own. They also may have altered the APIs necessary to enable such profiles, or have extended their capabilities.
Related
I need to create a L2TP/IPSec client application android. I read the android VPN documentation. It states some legacy API for that. But I could not find such one. Also provided example app for VPN client does not work since it was built for a very old version. Android has built-in support on this VPN protocol. This answer says no official API. However, I have seen applications which support IPsec directly. how to call it in VpnService class as stated in the official documentation. Also if I need to add custom VPN protocol how to run and get those interfaces from java code?
Variants of this question exist, but I can't seem to understand something.
If you read at the end of the features in ICS / 4.0, there is mention of
Enterprises can also take advantage of a standard VPN client built into the platform that provides access to L2TP and IPSec protocols.
My assumption here is that since it's not under the "Developer" section, that we didn't get a developer API access other than the VpnService API. I've looked at ToyVPN and this is just useless, since I need a REAL IPSec IKEv1 XAuth connection to connect to enterprise firewalls.
I've found several solutions which require root and VPNCilla which apparently doesn't though I haven't been able to successfully have it establish the connection.
Does this mean that there really is no way to PROGRAMMATICALLY create a profile for or connect to an IPSec IKEv1 XAuth gateway/firewall unless we implement the protocol in Java or using the NDK (like StrongSwan did with IKEv2) ?
It's extremely unlikely that there is a way to create a VPN profile without root or system app privileges. You can take a look at how this is implemented in AOSP settings here.
I am working with Android 4.0.3 SIP Api and was able to make sip call between 2 users on same network. But it is not working if one of the user is behind NAT/Firewall.
Does Android SIP api support the NAT? if no, is there any workaround for it.
If I find my public IP using some other STUN client, Can I provide this to Android SIP api in SipManager or SipProfile class orin any other class? It seems there is no direct way to do it but any workaroound for it?
If NAT is not supported currently, Is there any expectation to have this support in coming Android releases?
Don't use the sip library provided by Android. Use a third party one or write your own. The one comes with Android is very limited and not supported on every device.
I want to Programmatically create vpn profile; somehow i figure out how to access android.net.vpnmanager and android.net.vpn.vpnprofile (they are not part of offical API and are part of hide APIs) but they have no function create new vpn profile. any suggestions?
Using Hidden APIs is not a good idea as there is no guarantee that with an update they will still work as intended, moreover there is no guarantee that they will work in a consistent manner across different devices manufactured by different vendors.
Android 4.0 ICS has a VPN client API but again it allows you to create your own VPN client.
The only reason I can think of as to why you cannot access VPN settings just as you will access wifi settings is the inherent nature of VPN connections. Here is a link to the VPN features in ICS4.0. The first part of the document discuss these risks. You can still write your own client for your app.
http://developer.android.com/reference/android/net/VpnService.html
Another approach can be to use a third party VPN client and check if you can pass any actions to it via an intent. My recommendation if you are targeting ICS only will be to go with the client API as that you know how your code is working.
I thinkt that VPN Android isn't yet on a stable release, there are a couple of other clients besides the built-in there. But there's so many changes between the last versions of Android regarding the VPN and proxy settings. At the beginning there aren't any VPN support at all, then you can only get that rooting your device and now there's a kind of stable native VPN client inside Android but like you noted, lack of documentation in many aspects and other bugs too.
My recommendation would be to wait to create your code after we have a slightly more stable VPN Android and documentation. If you can't or don't want to wait, go forward with that undocumented API, it could change in the future but I don't see any better option right now.
If You are using a phone from Motorola look into using this as it has code to create working vpn connections using L2tp and Pptp
http://developer.motorola.com/docs/Motorola_Enterprise_Device_Management_SDK_Getting_Started/
The Settings on Android provides an option to add VPN manually.
Can this be done programmatically through some kind of an API?
I'm not looking for a way to connect to a VPN. I'm only concerned about configuring a VPN profile.
Please see this answer, it is not possible with the Android SDK.
This is not possible with Android SDK. However, some manufactures like
Motorola have their own flavor of android and in their SDK they have
made it possible.
See also this question -- Create VPN profile on Android. Briefly, we came to the conclusion that it's not only not possible with the Android SDK, but it's not possible even with a hacked SDK unless you have a rooted device (because the VPN profiles are stored via the system KeyStore, so you would need to be running as a system process to add / modify them).
However, there does appear to be a third-party VPN app that at least claims to do this without a rooted device, but it doesn't appear to be open-source and I can't vouch for it (see the comments here: http://code.google.com/p/android/issues/detail?id=8915).