I am developing Enterprise applications that need to connect to
servers behind the firewall. Can my app start VPN connection
programmatically?
On 2.0+ platforms, VPN is supported by the platform. Assuming user
has already setup VPN parameters, can my app start the VPN
connection? Suppose user has not setup any VPN parameters, can my app
supply those parameters? and start VPN connection?
We're facing this problem at our shop. For now our best shot is trying to use Android internal API to connect to the VPN the same way that the system preferences app does.
First, you need to set up an environment that allows you to access internal API: http://devmaze.wordpress.com/2011/01/18/using-com-android-internal-part-1-introduction/
Then we can implement something like this http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android-apps/4.4.4_r1/com/android/settings/vpn2/VpnSettings.java#258
I don't know if we will have any permission issues with this, but IMHO this is the best option we have right now
EDIT: this need root privileges in order to avoid java.lang.SecurityException: Unauthorized Caller errors.
Suppose user has not setup any VPN parameters, can my app supply those parameters? and start VPN connection?
yes, I think it's possible with VpnService class as in this example
Assuming user has already setup VPN parameters, can my app start the VPN connection?
I'm looking for it also. I'm not sure, but I think maybe it can be done with android.net.vpn. See this
AnyConnect by Cisco has private API: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/acmobiledevices.html#71308
Yes you can start a VPN connection.what version of android are you using? this link should be useful . give details for better understanding.
Related
I'm working on an app and I've figured out I need to setup a VPN service and everything for it to work for what I need it to. However, I don't have VPN server and I don't need one. I just need app to think it's connected to the VPN.
Purpose of this is to block or allow network for other apps. Apps that are allowed through VPN won't get any network, as VPN is not actually working.
I've managed to setup ToyVPN from android developers as an example, but not sure what I need to do next in order to make it think it's connected to VPN, while having just a dummy connection or nothing at all.
Thanks for responses in advance!
I'm hoping to write an app in Android Studio which will require me to connect to a VPN.
I've read through the documentation on this, but I'm having trouble understanding some things about it, which the source code provided at the bottom of the article hasn't completely clarified to me.
Will this VpnService mean that I don't need to develop a separate VPN app for my main app to use for a VPN connection?
When the app opens for the very first time, I'll need to present a page for the user to enter the VPN details (IP address etc.) However, after these settings have been saved, how do I then open the VPN connection on app startup?
Answering your points.
You don't need to develop a separate app for VPN. You can use the vpn service class for creating vpn connections.
Just take the input from the user and pass them when configuring the vpn connection. Save the values in shared preferences and load from it for the next time use.
I want to build a VPN APP on Android basing VPN service. one special requirement of this VPN APP is it has a white list, only traffic come from APPs in this list will go to VPN server. All rest traffic go to what they used to go.
For example, I have a VPN server in USA, and I am in China. I want Facebook goes through VPN. but Youku goes to Youku's server directly.
My first problem here is how can determine some traffic come from which APP?
I know it's possible, because there an APP called no root firewall can block traffic per APP, which is also basing Android VPN service.
https://play.google.com/store/apps/details?id=app.greyshirts.firewall
I'm new to Android, can anybody tell me how to do this?
Thanks in advance!
Have a look at the addAllowedApplication() method, it accepts the packageName who's traffic should be allowed to go through VpnService.
I have implemented an Android application which connects to its application server via a VPN tunnel. Thats fine.
However I want that the application turn on the Android VPN service itself ,rather than I am turning on the VPN on Android manually.
Is it possible to turn on this from java source code, like
// TO DO
if (something) {
VPN ON
}
Currently it's not possible to do that. Event with the latest classes in Android 4.0, User action is required to create a VPN connection. It's considered a security issue to be able progrmmatically to establish vpn connection (e.g. without the user to notice).
It is not possible to turn off the VPN from Java source code, unless the device is rooted, then there some hacks around. (so I have been told being an Android developer for a major software company) It is almost possible to do but it will take writing something in Native Code. There are some companies that are currently attempting to do this in an SDK. Authentec is one, but even in there SDK it is not possible to shut off the VPN connection yet. I came here looking to see if anyone has done this before but I know it is not possible through Java code, it will have to be in Native Code ( C for simpletons like myself)
Just a quick question as Google isn't throwing up much.
Is it possible to create a VPN connection using native code in
Android?
And if so does the VPN offer support for keep alives?
I believe it would be more of a permissions issue than of an exposed or not exposed issue. Most VPN connections would need you to modify and access the network filtering calls of your kernel. Since your app should really be operating in it's own sandbox this is something I would doubt is exposed by default (to apps at least) since you would essentially be modifying the way the entire OS routes network traffic. For the same reason that in order to modify iptables in the OS, it needs to be rooted so that your app can actually alter such things. At that point I would assume the connection would be made similar to any other vpn connection in any other linux os (via an ipsec daemon or some proxy dameon that you create), but the calling entity would need the actual access level necessary to complete the call to the kernel.
Rooting of the device is needed for creating a VPN connection. We need access to /data/misc/keystore and /data/misc/vpn/profiles in our programm.