Android VpnService配置
[英]Android VpnService Configuration
问题描述
I am trying to use the VpnService from android to setup a simple tun device on the client side and on the receiving side I have a c++ server running. 
我正在尝试使用来自Android的VpnService在客户端设置一个简单的tun设备,在接收端我正在运行c ++服务器。
I am having a lot of problems with the VpnService. 我在VpnService上遇到很多问题。 This is what I need, I need ALL packets outbound from the Android phone to be routed to the tun device, and in the program I route it through a Datagram channel to the server. 这就是我需要的,我需要将Android手机出站的所有数据包都路由到tun设备,然后在程序中将其通过Datagram通道路由到服务器。 When I send a string, it works fine, but when I send other data through this Datagram channel, i don't see any UDP packets in Wireshark :\\ 当我发送一个字符串时,它工作正常,但是当我通过该数据报通道发送其他数据时,我在Wireshark中看不到任何UDP数据包:
Also, I am new to Java and Datagram channels. 另外,我是Java和Datagram频道的新手。 Here Is my code 这是我的代码
//To establish the tunnel
builder.setSession("MyVPNService")
.addAddress("192.168.56.0", 32)
.addDnsServer("8.8.8.4")
.addRoute("0.0.0.0", 1);
mInterface=builder.establish();
What exactly are the above configurations doing? 以上配置到底在做什么? Isn't a tun device supposed to have ONE IP(from my experience from doing it on linux), then what is ""192.168.56.0", 32". 这不是一个拥有一个IP的tun设备(根据我在linux上的经验),那么什么是“ 192.168.56.0”,“ 32”。 Also when i try to add a route "0.0.0.0", 0 the whole android phone hangs and restarts :\\ 另外,当我尝试添加路由“ 0.0.0.0”时,整个Android手机都会挂起0并重新启动:\\
while (true) {
int length;
// Read the outgoing packet from the input stream.
length=in.read(packet_bytes);
//int length = in.read(packet.array());
if (length > 0) {
// Write the outgoing packet to the tunnel.
//packet.limit(length);
//tunnel.send(packe,server);
tunnel.send(packet,server);
packet.put(packet_bytes,0,length);
tunnel.write(packet);
packet.clear();
}
Thread.sleep(200);
// Read the incoming packet from the tunnel.
length = tunnel.read(packet);
if (length > 0) {
out.write(packet.array(), 0, length);
packet.clear();
// If we were sending, switch to receiving.
}
Thread.sleep(200);
}
This is the part where I take it from interface and put it on the other. 这是我从界面上将其放到另一个上的部分。
1 个解决方案
解决方案1
0 2018-10-23 05:51:50
First, let me start by explaining Builder configuration above. 首先,让我开始解释上面的Builder配置。
builder.setSession("MyVPNService") // This one is optional.
.addAddress("192.168.56.0", 32) // This is used to assign interface address. First param is IP address, and second in prefix length. "Prefix" length is also commonly known as subnet mask.
.addDnsServer("8.8.8.4") // This configures the DNS network for VPN network. For ex - All DNS resolutions would go to 8.8.8.4:53. Note that the DNS request packets gets routed through the tun interface.
.addRoute("0.0.0.0", 1); // This controls the IP addresses which gets routed through tun interface.
Note - that tun interface can support multiple address families (IPv4/IPv6). 注意-tun接口可以支持多个地址系列(IPv4 / IPv6)。 As an example, you can assign multiple interface addresses (say a v4, a v6, or two v6 addresses, or whatever combo). 例如,您可以分配多个接口地址(例如,一个v4,一个v6或两个v6地址,或任何组合)。
Similarly, you can add routes that you want your VPN to handle. 同样,您可以添加要VPN处理的路由。 Now, the main question is how do you decide which routes should my VPN handle? 现在,主要问题是如何确定我的VPN应该处理哪些路由?
Well there are bunch of options. 好吧,这里有很多选择。
- Route everything - Adding 0.0.0.0/0 (for IPv4), and ::/0 (for IPv6) would route traffic for all destinations through VPN (Note: 0.0.0.0/0 represents entire IPv4 range ie 0.0.0.0 to 255.255.255.255). 路由所有内容-添加0.0.0.0/0(对于IPv4)和:: / 0(对于IPv6)将通过VPN路由所有目标的流量(注意:0.0.0.0/0表示整个IPv4范围,即0.0.0.0到255.255。 255.255)。
- Route specific routes - You would have typically noticed that talking to IoT devices does not work when VPN is running. 路由特定路由-您通常会注意到在VPN运行时无法与IoT设备通信。 That is typically due to "route everything" config setup which breaks local networking (ex - chromecast). 这通常是由于“路由所有内容”配置设置而导致的本地网络中断(例如,chromecast)。 So, excluding link local traffic requires doing some math that involves subtracting link local subnets from above subnets (0.0.0.0/0, ::/0 (for v6 local subnets)). 因此,排除链接本地流量需要进行一些数学运算,其中包括从上述子网(0.0.0.0/0,:: / 0(对于v6本地子网))中减去链接本地子网。 The math involved is not very straightforward which makes this option a lot more complex. 涉及的数学不是很简单,这使得该选项更加复杂。 As for what constitutes link local subnets, here is a list from wikipedia , and from IETF for IPv4 and IPv6 special addresses. 至于什么构成链接本地子网,下面是Wikipedia和IETF的IPv4和IPv6特殊地址列表。
That said, here are some answers to your questions. 也就是说,这是您问题的一些答案。
I need ALL packets outbound from the Android phone to be routed to the tun device
See "route everything" above. 请参阅上方的“路由所有内容”。
Isn't a tun device supposed to have ONE IP?
An interface on linux can have multiple interface addresses assigned to it from different address families. linux上的接口可以从不同的地址族分配多个接口地址。
Then what is "192.168.56.0", 32".
As explained above, first part is the IP address, and second defines the subnet mask. 如上所述,第一部分是IP地址,第二部分定义了子网掩码。 Also see CIDR notation . 另请参见CIDR表示法 。
Also when I try to add a route "0.0.0.0", 0 the whole android phone hangs and restarts.
0.0.0.0/0 means entire IPv4 address space will get routed through the VPN. 0.0.0.0/0表示整个IPv4地址空间都将通过VPN路由。 Typically, a VPN cannot handle link local traffic as I have mentioned above. 如上所述,通常,VPN无法处理链接本地流量。 So, you will have to exclude certain local subnets (see links above). 因此,您将必须排除某些本地子网(请参阅上面的链接)。 As for phone hanging and restarting, I'm not sure if that has anything to do with the VPN unless VPN is not handling traffic correctly (which would lead networking related apps to break). 至于手机的挂起和重启,除非VPN无法正确处理流量(这将导致与网络相关的应用中断),否则我不确定这与VPN是否有关系。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.