3

I am trying to use the VpnService from android to setup a simple tun device on the client side and on the receiving side I have a c++ server running.

I am having a lot of problems with the VpnService. This is what I need, I need ALL packets outbound from the Android phone to be routed to the tun device, and in the program I route it through a Datagram channel to the server. When I send a string, it works fine, but when I send other data through this Datagram channel, i don't see any UDP packets in Wireshark :\

Also, I am new to Java and Datagram channels. Here Is my code

//To establish the tunnel
builder.setSession("MyVPNService")
            .addAddress("192.168.56.0", 32)
            .addDnsServer("8.8.8.4")
            .addRoute("0.0.0.0", 1);

mInterface=builder.establish();

What exactly are the above configurations doing? Isn't a tun device supposed to have ONE IP(from my experience from doing it on linux), then what is ""192.168.56.0", 32". Also when i try to add a route "0.0.0.0", 0 the whole android phone hangs and restarts :\

while (true) {
                int length;
                // Read the outgoing packet from the input stream.

                length=in.read(packet_bytes);
                //int length = in.read(packet.array());
                if (length > 0) {
                    // Write the outgoing packet to the tunnel.
                    //packet.limit(length);
                    //tunnel.send(packe,server);
                    tunnel.send(packet,server);
                    packet.put(packet_bytes,0,length);

                    tunnel.write(packet);

                    packet.clear();
                }
                Thread.sleep(200);
                // Read the incoming packet from the tunnel.

                length = tunnel.read(packet);
                if (length > 0) {

                    out.write(packet.array(), 0, length);

                    packet.clear();

                    // If we were sending, switch to receiving.
                }
                Thread.sleep(200);
            }

This is the part where I take it from interface and put it on the other.

Improve this question
2

1 Answer 1

Reset to default
5

First, let me start by explaining Builder configuration above.

builder.setSession("MyVPNService") // This one is optional. 

.addAddress("192.168.56.0", 32) // This is used to assign interface address. First param is IP address, and second in prefix length. "Prefix" length is also commonly known as subnet mask.

.addDnsServer("8.8.8.4") // This configures the DNS network for VPN network. For ex - All DNS resolutions would go to 8.8.8.4:53. Note that the DNS request packets gets routed through the tun interface.

.addRoute("0.0.0.0", 1); // This controls the IP addresses which gets routed through tun interface.

Note - that tun interface can support multiple address families (IPv4/IPv6). As an example, you can assign multiple interface addresses (say a v4, a v6, or two v6 addresses, or whatever combo).

Similarly, you can add routes that you want your VPN to handle. Now, the main question is how do you decide which routes should my VPN handle?

Well there are bunch of options.

  1. Route everything - Adding 0.0.0.0/0 (for IPv4), and ::/0 (for IPv6) would route traffic for all destinations through VPN (Note: 0.0.0.0/0 represents entire IPv4 range i.e. 0.0.0.0 to 255.255.255.255).
  2. Route specific routes - You would have typically noticed that talking to IoT devices does not work when VPN is running. That is typically due to "route everything" config setup which breaks local networking (ex - chromecast). So, excluding link local traffic requires doing some math that involves subtracting link local subnets from above subnets (0.0.0.0/0, ::/0 (for v6 local subnets)). The math involved is not very straightforward which makes this option a lot more complex. As for what constitutes link local subnets, here is a list from wikipedia, and from IETF for IPv4 and IPv6 special addresses.

That said, here are some answers to your questions.

I need ALL packets outbound from the Android phone to be routed to the tun device

See "route everything" above.

Isn't a tun device supposed to have ONE IP?

An interface on linux can have multiple interface addresses assigned to it from different address families.

Then what is "192.168.56.0", 32".

As explained above, first part is the IP address, and second defines the subnet mask. Also see CIDR notation.

Also when I try to add a route "0.0.0.0", 0 the whole android phone hangs and restarts.

0.0.0.0/0 means entire IPv4 address space will get routed through the VPN. Typically, a VPN cannot handle link local traffic as I have mentioned above. So, you will have to exclude certain local subnets (see links above). As for phone hanging and restarting, I'm not sure if that has anything to do with the VPN unless VPN is not handling traffic correctly (which would lead networking related apps to break).

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.