From: Arne Schwabe Date: Tue, 7 Oct 2014 20:10:50 +0000 (+0200) Subject: Add documentation for PERSIST_TUN_ACTION (Android specific) X-Git-Tag: v2.4_alpha1~374 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5ca1d70fa030d4344e4b64a28811a6aab091e0d2;p=thirdparty%2Fopenvpn.git Add documentation for PERSIST_TUN_ACTION (Android specific) Acked-by: Gert Doering Message-Id: <1412712650-5173-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/9090 Signed-off-by: Gert Doering --- diff --git a/doc/android.txt b/doc/android.txt index 871e39977..137edfc56 100644 --- a/doc/android.txt +++ b/doc/android.txt @@ -2,7 +2,7 @@ This file documents the support in OpenVPN for Android 4.0 and up. This support is primarily used in the "OpenVPN for Android" app (http://code.google.com/p/ics-openvpn/). For building see the developer -README: http://code.google.com/p/ics-openvpn/source/browse/README.txt. +README: http://code.google.com/p/ics-openvpn/source/browse/doc/README.txt. Android provides the VPNService API (http://developer.android.com/reference/android/net/VpnService.html) @@ -55,6 +55,21 @@ To set the DNS server and search domain. The GUI will then respond with a "needok 'command' ok' or "needok 'command' cancel', e.g. "needok 'IFCONFIG' ok". +PERSIST_TUN_ACTION + +In Android 4.4-4.4.2 a bug exists that does not allow to open a new tun fd +while a tun fd is still open. When OpenVPN wants to open an fd it will do +this query. The UI should compare the last configuration of +the tun device with the current tun configuration and reply with either (or +always respond with OPEN_AFTER_BEFORE/OPEN_BEFORE_CLOSE) + +- NOACTION: Keep using the old fd +- OPEN_AFTER_CLOSE: First close the old fd and then open a new to workaround the bug +- OPEN_BEFORE_CLOSE: the normal behaviour when the VPN configuration changed + +For example the UI could respond with +needok 'PERSIST_TUN_ACTION' OPEN_AFTER_CLOSE + To protect a socket the OpenVPN will send a PROTECTFD to the UI. When sending the PROTECTFD command command to the UI it will send the fd of the socket as ancillary message over the UNIX socket.