How to configure VPN programmatically on Android?

Question

I need to implement an Android app that would allow the user to configure a VPN connection without having to access the native menu of the Android device. With this I have two problems:

1. in Android 4.0 + (api level 14 and above) I have found there is a new component called VpnService which provides a hook for creating a virtual network interface, configuring it and intercepting / forwarding pachets from it to a VPN server, but there are no built in vpn protocols like PPTP or IPSec, there is just the possibility of implementing them. My question is is there any ready made solution for PPTP and IPSec to work with VpnService?

2. In earlier versions of Android, from what I have found so far, it seems the only way to use VPN is to access and configure the built in vpn solution of the device by wrapping (using reflection) some hidden apis in android but this is a cumbersome solution since the device needs to be rooted, also the hidden api implementations may differ from device to device, and from OS version to OS version. Is there a better way to programmatically configure the built in VPN of the underlying linux OS?

Answer 1

1) I don't know of any open-source PPTP or IPSec implementations for the Android 4.x ICS VpnService. VpnService is designed for creating custom-protocol VPN applications (which could in theory be pptp or IPSec). The only open-source implementation I have found that leverages this new API is one for OpenVPN:

https://github.com/schwabe/ics-openvpn

This provides one potential VPN solution that you are fully in control of (the server is open-source also), but it is not PPTP or IPSec. If you understand the PPTP protocol, it should be possible to use this as a model to implement such a VPN client.

2) Yes, it is true that in earlier versions, the only way is through private APIs. In fact, even if you want to do it in later versions using the built in VPN support (i.e. built in PPTP or IPSec support), you have to leverage these hidden APIs. It maybe be possible to do it at a lower-level using the underlying linux kernel, but this would require rooting the OS and circumventing the Android application paradigm. This is not necessarily a better alternative to using private APIs.

For some info on howto configure VPN using those APIs:

http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/2.2_r1.1/android/net/vpn/PptpProfile.java (example of a PPTP profile object, needed to pass into the API)

How to programmatically create a new VPN interface with Android 4.0? (Explains how to store this new VPN profile on the system)

I am not sure how consistent and reliable these APIs will be. I would expect them to work on most Android devices as vendors are unlikely to re-implement the basic VPN implementations, although they may have added their own. They also may have altered the APIs necessary to enable such profiles, or have extended their capabilities.