Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ignorenetworkstate restriction, to allow tunnel over USB #1746

Merged
merged 4 commits into from
Aug 9, 2024

Conversation

EliyahuSternDAI
Copy link
Contributor

@EliyahuSternDAI EliyahuSternDAI commented Jul 30, 2024

OpenVPN for Android can be used for reverse tethering (similar to Gnirehtet).

In general, what it requires is:

  • ovpn profile with remote localhost <port> instruction, so that the client connects to a local tcp port
  • Run adb reverse tcp:<port> tcp:<host_port> on the host, where <port> is the same as above, and <host_port> is OpenVPN Server port on the USB host, or another port forward.

One problem with such setup, is that although it does not rely on any physical (e.g. Wi-Fi) network, turning off all such networks will cause tunnel shutdown.

This PR aims to allow changing that default behavior, by setting ignorenetworkstate to false. This will instruct OpenVPN for Android to keep the tunnel connected also when there is no network.

@schwabe
Copy link
Owner

schwabe commented Jul 31, 2024

This not connected or exposed anywhere in the UI. How would anyone use this feature?

@EliyahuSternDAI
Copy link
Contributor Author

In my case, I plan to use it by setting the restriction via DevicePolicyManager#setApplicationRestrictions from a Device Owner application.

I actually already have an implementation of such app, that I set as Device Owner via ADB.

@schwabe
Copy link
Owner

schwabe commented Jul 31, 2024

Yeah, but it would be good if that could be set like the other device restrictions that set the global configuration setting and using the central device restriction parser and added to the xml file that describes the device restrictions of ics-openvpn. Currently, it seems more like a hack since it ignores the already existing device restriction infrastructure.

@EliyahuSternDAI
Copy link
Contributor Author

Makes sense.
I added a restriction entry to the XML. Anything else is required?

BTW, how do you use/test the restriction definition? Via an app or MDM UI?

@EliyahuSternDAI
Copy link
Contributor Author

By the way, I tried to sign the Contributor License Agreement, but it seems that the URL isn't valid anymore...

@schwabe
Copy link
Owner

schwabe commented Aug 1, 2024

@EliyahuSternDAI I ussually use the google DPC test program. But I still don't think this is should be done this way. All other restrictions are parsed and applied in AppRestrictions.java and I don't think there is compelling reason why this option should be so different. The screenoffpausevpn option is very similar to your newly added option.

I think your new option should also be added the the GeneralSetting.kt/general_settings.xml and then handled like any other global option.

@EliyahuSternDAI
Copy link
Contributor Author

@schwabe the reason for reading the value lazily only once, is because I have noticed during debugging that networkStateChange is called multiple times per network state change, which may have performance impact as reading Preferences and Restrictions involve disk access and context switches.
However, since Preferences.getDefaultSharedPreferences(context); is called in any case for fetching screenoffpausevpn, I agree this does not make a big difference. Will change my code accordingly.

@schwabe
Copy link
Owner

schwabe commented Aug 5, 2024

The last version looks much better. Is it okay for you when I squash the commits or do you want to squash the commits yourself?

@EliyahuSternDAI
Copy link
Contributor Author

Actually, I have some more uncommitted changes (add the option to general_settings.xml as you suggested, disable it in UI when the corresponding restriction is set, trigger networkChanged when the option is changed) but had some things I wanted to debug. Unfortunately due to personal situation, my availability is very low right now so I will probably not be able to proceed for a few weeks.

If you think the code is Ok as is, it's great if you can squash it and I'll come back to completing the other UI related changes as soon as I can.

@schwabe schwabe merged commit ace1b6f into schwabe:master Aug 9, 2024
czdawid pushed a commit to proget-hq/ics-openvpn that referenced this pull request Sep 10, 2024
…#1746)

* Add ignorenetworkstate restriction, to allow tunnel over USB

* Add to app_restrictions.xml

* Parse restriction value into SharedPreferences


Co-authored-by: Eliyahu Stern <estern@digital.ai>
czdawid pushed a commit to proget-hq/ics-openvpn that referenced this pull request Sep 10, 2024
…#1746)

* Add ignorenetworkstate restriction, to allow tunnel over USB

* Add to app_restrictions.xml

* Parse restriction value into SharedPreferences


Co-authored-by: Eliyahu Stern <estern@digital.ai>
czdawid pushed a commit to proget-hq/ics-openvpn that referenced this pull request Sep 11, 2024
…#1746)

* Add ignorenetworkstate restriction, to allow tunnel over USB

* Add to app_restrictions.xml

* Parse restriction value into SharedPreferences


Co-authored-by: Eliyahu Stern <estern@digital.ai>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants