Set a VPN connection programmatically on android 4.0

Question

I'm working on programmatically setting a VPN connection on android devices. I was successfully able to do so for devices using OS 2.3.5 and before (I used reflection to get to the hidden classes). But with android 4.0 they got rid of the old classes and use the VPNService class instead.

I figured the best place to start would be to use the ToyVPN example android provided, but I'm facing a lot of challenges with it. In the example code they only needed to send the server address:

InetSocketAddress server = new InetSocketAddress(mServerAddress, Integer.parseInt(mServerPort)); 

And then created the VPN tunnel by opening the channel:

tunnel = DatagramChannel.open(); 

But in my case I need to send the server address, username and password. So far I haven't figured out how to do so. My best guess was to do something like this:

Authenticator.setDefault(new Authenticator(){         protected PasswordAuthentication getPasswordAuthentication() {             return new PasswordAuthentication("user","pass".toCharArray());         }});      try {         // Create a DatagramChannel as the VPN tunnel.          tunnel = DatagramChannel.open(); 

But this did not work. so what I'm asking is:

1. Is there a way, other than what's used in ToyVpn, to create a VPN connection programmatically?
2. If not, how do I send the credentials when I want to establish a connection to the server?

Edit

I forgot to mention that I need to specify the VPN type (PPTP, L2TP, L2TP/IPSec PSK or L2TP/IPSec CRT).

Answer 1

Basically the VPN API introduced in Android 4.0+ only allows you to implement your own VPN implementation. It does no more than opening the Linux TUN device and pass the file descriptor to you, plus setting up the routes/DNS servers/etc you provided. The whole VPN protocol implementation is solely up to you.

So the short answer is: no. you can't use the VPN API to set up any of the

PPTP, L2TP, L2TP/IPSec PSK or L2TP/IPSec CRT

VPN connections, unless you roll out your own implementation of the mentioned VPN types.

That being said, you may still try to broadcast an Intent to bring your user to the system VPN settings activity and ask them to manually configure/start the VPN.

Oh and one more thing to add. At the time of this writing, Android's latest DevicePolicyManager (API level 21) already provides WiFi settings provisioning support. I would personally guess that Google might continue to add more Android for Work features, which may include VPN provisioning support you need. I/O 2015 is only a few days away so let's wait and see...

Answer 2

There is a way to set a VPN connection programmatically. You might want to take a look at OpenVPN for Android (ics-openvpn) project's source. If there is no need for your app to make the connection directly, you can also use intents to trigger a connection from ics-openvpn. OpenVPN offers a wide range of settings, but you still have to see if it is compatible with your server.

The VpnService class introduced in Android 4.0 (ICS) can only do some settings such as the creating the network interface (only tun mode), some routes and DNS servers. It is still needed for your app to be able to connect without root permission. You might want to check here for more info on how to use VpnService.

As far as I have explored ics-openvpn's code, the app integrates a OpenVPN binary runnable in the app's APK. The app executes this binary, sending and receiving commands through a local socket. The binary takes care of almost everything, you just have to parse the input to know what methods of VpnService.Builder you will be calling, and what information will you be sending back through the socket (this includes confirmations, config files, credentials, bytecounts, etc)