My Octopress Blog

A blogging framework for hackers.

Android-VPN-Howto

1. VPN related source code in Froyo.

1.1 java layer: a. UI source code: packages/apps/Settings/src/com/android/settings/vpn b. vpn server source code: frameworks/base/vpn/java/android/net/vpn framework/base/packages/vpnservices/src/com/android/server/vpn

1.2 native layer: external/mtpd: used to control pptp and l2tp modules. external/ipsec-tools: used to configure ipsec. of cause, it will use pppd, which is in /external/ppp/.

1.3 driver layer: Apart from the feature in standard linux kernel, Google adds the below two files for pptp and l2tp. driver/net/pppopns.c: for ppp over pptp. driver/net/pppolac.c: for ppp over l2tp.

2. Java layer.

VPN Java layer is responsible for VPN configuration, it can be divided into two sub-layers, the upper layer is VPN settings, the lower layer is VPN service which is in framework. VPN Java layer has two interfaces to impact native layer, a. it uses Daemon class to start / stop two daemons, these two daemons are: mtpd and racoon. mtpd is for pptp and l2tp. racoon is for ipsec. b. it uses local socket to communicate with native layer. VPN Java layer uses this local socket to do two things. The first is to send launch parameters to mtpd or racoon deamon. The second is to receive the status of mtpd. in addition, java layer will read the status of VPN from system property – “vpn.status” which is writen by ip-up-vpn. the VPN profiles is saved in /misc/vpn/profiles/ folder.

3. Native layer.

as we said in Java layer, mtpd and racoon daemon are launched by Java layer, what is more, Java layer also send launch parameter to these daemon by local socket. for mtpd daemon, the local socket server file is /dev/socket/mtpd. for racoon deamon, the local socket server file is /dev/socket/racoon. in fact, we can launch these daemon by command line which can emulate Java layer’s operation. the below is a example: mtpd pptp 192.168.1.32 1723 ‘’ linkname vpn name 111 password 222 refuse-eap nodefaultroute usepeerdns idle 1800 mtu 1300 mru 1300 +mppe & mtpd l2tp 192.168.1.32 1701 ‘’ linkname vpn name 111 password 222 refuse-eap nodefaultroute usepeerdns idle 1800 mtu 1300 mru 1300 &

the usage of Mtpd and Racoon are as below.

mtpd

Usage: mtpd <protocol-args> ‘’ <pppd-args>, where protocol-args are one of:

   l2tp <server> <port> [secret]
   pptp <server> <port>

racoon

Usage: racoon server port pre-shared-key

   racoon server port my-private-key my-cert ca-cert

How does mtpd control driver layer to enable/disable VPN link, let us focus on it and continue it in the second part.

In Froyo, there are four types of VPN. PPTP VPN. L2TP VPN. L2TP/IPsec PSK VPN. L2TP/IPsec CRT VPN.

the below describes the principle of PPTP VPN, we divide main process into two planes: control plane and data plane, control plane describes how to set up PPTP VPN and prepares for data plane. data plane describes data transmission.

1. control plane

while mtpd is launched, it will do the below things: 1. setup local socket and obtain boot parameters from Java. 2. initialize and connect pptp_connect() or l2tp_connect() 3. create a stream socket to setup a link and connect to pptp server. 4. use poll() to receive message from pptp server, handle it with pptp_process(). 5. launch ppd daemon once pptp link is established. 6. create a AF_PPPOX socket The above describes mtpd daemon, now let us focus on kernel layer. 7. while kernel is launched, pppopns_init() function is called, in this function, it will call proto_register() and register_pppox_proto() to register pppopns protocol. 8. as we said in ‘f’ item, mtpd calls pppopns_connect() function, in this function, it use socket_create() to generate a GRE link to pptp server which is used to encapsulate ppp package, and then set &pppopns_channel_ops for po->chan.ops, and also set pppopns_recv() for sk_raw->sk_data_ready. so now pppopns_xmit() which is responsible for transmiting package and pppopns_recv() which is responsible for receiving package is installed successfully. till now GRE tunnel is ready for PPP package.

2. Date plane

  1. while pppd daemon is launched, it will execute normal ppp process, such as LCP, NCP, and also IP package at last. while PPP package is ready, kernel will call pppopns_xmit() function which has already been registered into kernel.
  2. in pppopns_xmit() function, this PPP package will be as a GRE payload, and be sent to pptp server by using GRE tunnel, so now the package’s format is as below: | L1 | L2 | IP | GRE | PPP | Please note: this PPP message contains PPP, IP and upper layer data.
  3. while package is received from pptp server, the package will be parsed as a normal GRE package, for GRE raw data, it will be transfered to pppopns_recv() funciton.
  4. in pppopns_recv(), the raw PPP package will be transfered to ppp_input() function.

This document comes from the link in [1].

Reference: [1] http://blog.csdn.net/linweig/article/details/6127270