0

i am following documentation and trying to connect IKEv2 but below code always return log "No vpn interface"

https://developer.android.com/reference/android/net/Ikev2VpnProfile.Builder#setAuthUsernamePassword(java.lang.String,%20java.lang.String,%20java.security.cert.X509Certificate)

package com.mehrab.examplevpn;

import android.app.PendingIntent;
import android.content.Intent;
import android.net.VpnService;
import android.net.ipsec.ike.SaProposal;
import android.net.Ikev2VpnProfile;
import android.os.ParcelFileDescriptor;
import android.util.Log;
import android.widget.Toast;

import java.net.InetSocketAddress;
import java.nio.channels.DatagramChannel;

public class MyVpnService extends VpnService {
    private static final String VPN_SERVER_IP = "example.info";
    private static final String VPN_USERNAME = "[email protected]";
    private static final String VPN_PASSWORD = "secret";
    private static final String VPN_ROUTE = "0.0.0.0"; // Default route

    private ParcelFileDescriptor vpnInterface;

    @Override
    public int onStartCommand(Intent intent, int flags, int startId) {
        Toast.makeText(getApplicationContext(), "NonConn!", Toast.LENGTH_SHORT).show();
        Thread thread = new Thread(new Runnable() {
            @Override
            public void run() {
                try {
                    vpnInterface = establishVPN();
                    if (vpnInterface != null) {
                        // Connect to VPN server
                        InetSocketAddress serverAddress = new InetSocketAddress(VPN_SERVER_IP, 5000);
                        DatagramChannel tunnel = DatagramChannel.open();
                        tunnel.connect(serverAddress);
                        Log.d("mytag", "Connected");

                        // Close resources when done
                        tunnel.close();
                    } else {
                        Log.d("mytag", "No vpn interface");
                    }
                } catch (Exception e) {
                    Log.d("mytag", "Try Catch Error");
                    e.printStackTrace();
                }
            }
        });
        thread.start();
        return START_STICKY;
    }

    private ParcelFileDescriptor establishVPN() throws Exception {
        String identity = "yourIdentity";
        if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.R) {
            Ikev2VpnProfile profile = new Ikev2VpnProfile.Builder(VPN_SERVER_IP, identity)
                    .setAuthUsernamePassword(VPN_USERNAME, VPN_PASSWORD, null) // Replace null with the root CA if available
                    .setBypassable(false)
                    .setMaxMtu(1400)
                    .setMetered(false)
                    .build();
        }

        VpnService.Builder vpnBuilder = new VpnService.Builder();
        vpnBuilder.setSession("MyIKEv2VPN")
                .addAddress("192.168.0.2", 32) // Virtual IP address
                .addRoute(VPN_ROUTE, 0) // Default route
                .setConfigureIntent(PendingIntent.getActivity(this, 0, new Intent(this, MainActivity.class), PendingIntent.FLAG_IMMUTABLE));

        // Configure the VPN interface using the IKEv2 profile
        vpnInterface = vpnBuilder.establish();

        return vpnInterface;
    }

    @Override
    public void onDestroy() {
        super.onDestroy();
        try {
            if (vpnInterface != null) {
                vpnInterface.close();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

i was trying to connect vpn through IKEv2. but it fails to connect and returns my log "No vpn interface"

Improve this question

1 Answer 1

Reset to default
0

If you are using API level 31 and above, you can try my kotlin code to connect to vpn server like strongswan with eap_mschapv2.

// Define an SA Proposal with encryption, integrity, and DH group
val saProposal = IkeSaProposal.Builder()
    .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, 256)
    .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128)
    .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_SHA2_256)
    .addDhGroup(SaProposal.DH_GROUP_2048_BIT_MODP)
    .build()

val childSaProposal = ChildSaProposal.Builder()
    .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, 256)
    .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128)
    .addDhGroup(SaProposal.DH_GROUP_2048_BIT_MODP)
    .build()

val remoteIdentification = IkeFqdnIdentification(vpn_server)
val localIdentification = IkeFqdnIdentification(username)

// Create EAP configuration (customize according to your requirements)
val eapConfig = EapSessionConfig.Builder()
    .setEapMsChapV2Config(username, password)
    .build()

val ikeSessionParams = IkeSessionParams.Builder()
    .setServerHostname(vpn_server)
    .addIkeSaProposal(saProposal)  // Security association proposal
    .setLocalIdentification(localIdentification)
    .setRemoteIdentification(remoteIdentification)
    .setAuthEap(null, eapConfig) // Use EAP for authentication with CA certificate
    .setDpdDelaySeconds(30)
    .setNattKeepAliveDelaySeconds(20)
    .build()

val childSessionParams = TunnelModeChildSessionParams.Builder()
    .addChildSaProposal(childSaProposal)
    .addInternalAddressRequest(OsConstants.AF_INET)
    .build()

val tunnelConnectionParams = IkeTunnelConnectionParams(ikeSessionParams, childSessionParams)

if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
    val ikev2VpnProfile = Ikev2VpnProfile.Builder(tunnelConnectionParams).build()
    vpnManager.provisionVpnProfile(ikev2VpnProfile)
    vpnManager.startProvisionedVpnProfileSession()
} else {
    val ikev2VpnProfile = Ikev2VpnProfile.Builder(vpn_server, username)
        .setAuthUsernamePassword(username, password, null)
        .build()

    vpnManager.provisionVpnProfile(ikev2VpnProfile)
    vpnManager.startProvisionedVpnProfile()
}

You can find the complete code in my repo https://github.com/moukail/ike_eap_mschapv2_vpn_demo

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.