How are existing VPN applications creating new profiles in Android 2.0 – 2.3?-ThrowExceptions

Exception or error:

After much searching on StackOverflow, it seems rooting a device in the only way to create a VPN profile pre-4.0

My question is how do the following apps do it without root?

Update 1

Seems private API is the way to go pre-4.0. Unfortunately, not many resources out there to get started. Does anyone know if private api still requires a rooted device?

Update 2

It seems you can do this using modified Android.jar or by using reflection. L2TP/IPSEC still requires rooted device. PPTP does not seem to.

How to use internal APIs on Android

Update 3

Please note, this is taken from various sources. It seems root is required because VpnService starts racoon, which then runs as a system user, and retrieves the PSK from the KeyStore. So KeyStore entries created by other apps aren’t visible to racoon. (In linux environment, racoon is a security process assisting in IPSEC related key negotiations – IKE).

This makes sense, however, there are still applications which achieve L2TP/IPSEC without root.

Update 4

XinkVPN, source code to get started. Still does not allow users to create L2TP profile without user having to generate a key_store and recompile. Not very market friendly but a fabulous start.

How to solve:

you could just redirect the user to the VPN settings screen via an undocumented intent.

        Intent intent = new Intent("");

This seems to work on 1.6-4.1 phones.

Leave a Reply

Your email address will not be published. Required fields are marked *