How VPN works in Android and List of APIs available? (lollipop)

Question

###Reference:

Android 4.0 has an API to build VPN services.

1. VPNService (Android Docs)
2. VPNService.Builder (Android Docs)
3. Arne Schawbe's Implementation of OpenVPN for Android (github)

One such app with a VPN service is NetMotion Mobility® (Google Play)

Beginning with the "Lollipop" version, Android come with a new VPN type which provides information about VPN connection state, whether requests go over the VPN, etc.

###Test Results

(Connected to VPN)

1. Android < =5.0(Android Lollipop)
2. Connection is successful with WIFI(Wlan) and Cellular(rmnet) interface IP’s.
3. Connection is successful with VPN(tun) interface IP address but does not get VPN connected/disconnected events.
4. Android > 5.0(Android Lollipop 5.1 and 6.0)
5. Connection is not Successful with WIFI(Wlan) and Cellular(rmnet) interface IP’s.
6. Connection is successful with VPN(tun) interface IP’s address and also get VPN connected/disconnected events.

tun interface IP:

1. ConnectivityManager#TYPE_VPN
2. NetworkCapabilites#TRANSPORT_VPN
3. NetworkCapabilities#NET_CAPABILITY_NOT_VPN

Indicates that this network is not a VPN. This capability is set by default and should be explicitly cleared for VPN networks. Constant Value: 15 (0x0000000f)

###Questions:

1. When the VPN service is active on the device how do requests work from 3rd party apps like WhatsApp, Skype or the browser?
2. When the VPN is connected what exactly happens to the device IP stack?
3. How does VPN tunneling work in Android?
4. What is the design for an app which binds to active IP and sends requests?
5. Are the VPN APIs in lollipop (5.0) not stable?
6. If bindProcessToNetwork is done over Celluar network and WiFi is connected in device, which network will the VPN use?

Answer 1

Will try to answer few questions:

1. VPN doesn't affect other app flows - it just "virtually" place your device in another network. For example some company private network. This mean that all requests being send over VPN connection will go to that network and all rules/filters that applied inside that network applies to traffic generated by phone - which can cause issues to third party apps.

2. Real IP address when traffic go through VPN connection is replaced with VPN's IP addresses assigned by VPN server. Web servers that you connect with won't see your real IP address; they'll see the IP of VPN network gateway that you connect through.

5. With Android 5.0 Lollipop, VPN clients can finally offer granular control over which apps communicate over a secured network, and which apps connect to the Internet directly. Maybe this cause problems.

For VPN API's usage you could check this project : OpenVPN for Android