mirror of
https://github.com/schwabe/ics-openvpn.git
synced 2024-09-20 03:52:27 +02:00
121 lines
6.3 KiB
Markdown
121 lines
6.3 KiB
Markdown
OpenVPN for Android
|
|
=============
|
|
![build status](https://github.com/schwabe/ics-openvpn/actions/workflows/build.yaml/badge.svg)
|
|
|
|
|
|
Description
|
|
------------
|
|
With the new VPNService of Android API level 14+ (Ice Cream Sandwich) it is possible to create a VPN service that does not need root access. This project is a port of OpenVPN.
|
|
|
|
<a href="https://f-droid.org/repository/browse/?fdid=de.blinkt.openvpn" target="_blank">
|
|
<img src="https://f-droid.org/badge/get-it-on.png" alt="Get it on F-Droid" height="80"/></a>
|
|
<a href="https://play.google.com/store/apps/details?id=de.blinkt.openvpn" target="_blank">
|
|
<img src="https://play.google.com/intl/en_us/badges/images/generic/en-play-badge.png" alt="Get it on Google Play" height="80"/></a>
|
|
|
|
Code Transparency
|
|
-----------------
|
|
Fingerprint of the code transparency key used to be able to verify that
|
|
apks generated by the Play are not modified (https://developer.android.com/guide/app-bundle/code-transparency):
|
|
|
|
19 62 43 6C 96 B4 9D 12 75 83 B1 22 DA 14 F4 5D 2B 78 5D A4 13 1F 04 BE 73 A0 88 32 15 59 18 8D
|
|
|
|
Full signing certificate (also under misc/code-transparency.pem):
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIFjTCCA3WgAwIBAgIIJDXa55a+Ag0wDQYJKoZIhvcNAQEMBQAwdDELMAkGA1UE
|
|
BhMCREUxDDAKBgNVBAgTA05SVzESMBAGA1UEBxMJUGFkZXJib3JuMRowGAYDVQQK
|
|
ExFBdmlhbiBJUCBDYXJyaWVyczEQMA4GA1UECxMHUkZDMTE0OTEVMBMGA1UEAxMM
|
|
QXJuZSBTY2h3YWJlMCAXDTIzMDcyNzA5MzEyNloYDzIwNTMwNzE5MDkzMTI2WjB0
|
|
MQswCQYDVQQGEwJERTEMMAoGA1UECBMDTlJXMRIwEAYDVQQHEwlQYWRlcmJvcm4x
|
|
GjAYBgNVBAoTEUF2aWFuIElQIENhcnJpZXJzMRAwDgYDVQQLEwdSRkMxMTQ5MRUw
|
|
EwYDVQQDEwxBcm5lIFNjaHdhYmUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
|
|
AoICAQC8FZVaV1aEy3SmIWQSn0xVjn9yrhOyQOZ2AasqB9EH1ylSZs4zii/ePiBE
|
|
4g/auhDPnn/K1hWYevCJr/7zvJVaaocpl0hLqXHCQr7tSifREDM8lHeXYlW67Bbx
|
|
sFFREvHfDyAHM5CYDzIEDWrHNp2mBFRLLP1fgl5bZ8r50UCyNdvgIHozDwXITdnR
|
|
FeTSzIugZaLL+tGvtVU3Mc03bHhFp9mVbB3ZRjVnZsQ8Abs++zimT9srDqRFkbC0
|
|
F1N+Syicw3JRI2trLB6Fezc4lCwAmeKQRIY+QOdCZZSaD5+iyINcXg63QJRkGdoL
|
|
GHhp6wCiJD2xwpuiQLVVzF1sIOUJWq0tcjazjXo3axsHbMhRZNCwspq2wUTgLtuZ
|
|
xSWT1enJF+1o2Y4ecR+aaKorppFe00Bhylg1+tj0CWfn6rwee1jkyf+hFDIuqvZi
|
|
Mukbeke7K3ADK8JdJ6xl9FbZeafFxGHiwt+Ftc5oDariC3LR3gN0ochrNiNI20qS
|
|
3ZAKeHaRLy6AUP8ccvD+KQf439JVXquDdlCgFkE7uSv136cY3HVk1QPzzDJFwFoQ
|
|
TNdLajd2YJD1GXZzinT+HOjrLt61P+qAY1cmsxaKdBdBRXFiRyUaZbBUD+4omcvy
|
|
Uoz8nWXUdwqyEjtYeq+XmL4HX3t3JhNy8zfyLpf6Xa4y0Zdq9QIDAQABoyEwHzAd
|
|
BgNVHQ4EFgQUoivC+NgNB1xqM76DTI3QR6DCgFIwDQYJKoZIhvcNAQEMBQADggIB
|
|
ALo1KRzLjgbpK1aZPfJJ63R2CQLX2KpolHO4GZxcXgZCv2h9V45aiLO6nKUDL6Dc
|
|
6A0izgxtNQlwuloBTb0fMIS/A9Pl1p8/M1JvYNC1zDWVBKeUMkEeBwVCo8rn8giG
|
|
GtdDNLJmFv5bqgS6ZF2av2pZnkr2Q2sAiSFVpBzFjP2T5/WNkO3O7ybTb+c5VeQE
|
|
DuOpJawd+/5m4SjYmthARBX57gpDZiGR/Usid2FHrSSXmddbFkD8tbZUM0AvSW4z
|
|
8TX2v3eO3PJPov5uksV4USNCUxPx7KfVQDsvbGJyup9I08fvVrAI1ZJGuk33QGLa
|
|
Uy2U7UuUGmarOpN9xBrTWkGw/6J+XdJbArRV3N+TjzAs0cCCcqp94+W7aXb7Bvna
|
|
ssXnvvd8Ph2DVocv4msk8NNnGh4Ss2wbfOM1j7hlka0szARjOzribm3oagu5dQmE
|
|
b+CV2mE9RokP3co1hMIf4GAFQM+Ul+4nzz2ogQ7JJfkbLJFnM0WUUzpeKLmB3UD6
|
|
3kWlS6ZsDrqXUDNwUJ0Fn4Kcg0YYKGtQGqUngcwYlU8iuH+WU/cf2XuLM/r8K94l
|
|
P7u5iBz+Cot3lyKMv7GY4huboCe91i4njrjUJkYbyXdNS5WvZoznvg/YsAYBsYk8
|
|
X3vLORq2tRoP4oMEEGEussYdnpWeqYroHJ9FdDM7Sv7e
|
|
-----END CERTIFICATE-----
|
|
|
|
|
|
Developing
|
|
---------------
|
|
If you want to develop on ics-openvpn please read the [doc/README.txt](https://github.com/schwabe/ics-openvpn/blob/master/doc/README.txt) *before* opening issues or emailing me.
|
|
|
|
Also please note that before contributing to the project that I would like to retain my ability to relicense the project for different third parties and therefore probably need a contributer's agreement from any contributing party. To get started, [sign the Contributor License Agreement](https://www.clahub.com/agreements/schwabe/ics-openvpn).
|
|
|
|
You can help
|
|
------------
|
|
Even if you are no programmer you can help by translating the OpenVPN client into your native language. [Crowdin provides a free service for non commercial open source projects](https://crowdin.net/project/ics-openvpn/invite) (Fixing/completing existing translations is very welcome as well)
|
|
|
|
FAQ
|
|
-----
|
|
You can find the FAQ here (same as in app): https://ics-openvpn.blinkt.de/FAQ.html
|
|
|
|
Controlling from external apps
|
|
------------------------------
|
|
|
|
There is the AIDL API for real controlling (see developing section). Due to high demand also
|
|
acitvies to start/stop, pause/resume (like a user would with the notification) exists
|
|
|
|
- `de.blinkt.openvpn.api.DisconnectVPN`
|
|
- `de.blinkt.openvpn.api.ConnectVPN`
|
|
- `de.blinkt.openvpn.api.PauseVPN`
|
|
- `de.blinkt.openvpn.api.ResumeVPN`
|
|
|
|
They use `de.blinkt.openvpn.api.profileName` as extra for the name of the VPN profile.
|
|
|
|
You can use `adb` to to test these intents:
|
|
|
|
adb -d shell am start -a android.intent.action.MAIN -n de.blinkt.openvpn/.api.ConnectVPN --es de.blinkt.openvpn.api.profileName myvpnprofile
|
|
|
|
|
|
Note to administrators
|
|
------------------------
|
|
|
|
You make your life and that of your users easier if you embed the certificates into the .ovpn file. You or the users can mail the .ovpn as a attachment to the phone and directly import and use it. Also downloading and importing the file works. The MIME Type should be application/x-openvpn-profile.
|
|
|
|
Inline files are supported since OpenVPN 2.1rc1 and documented in the [OpenVPN 2.3 man page](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage) (under INLINE FILE SUPPORT)
|
|
|
|
(Using inline certifaces can also make your life on non-Android platforms easier since you only have one file.)
|
|
|
|
For example `ca mycafile.pem` becomes
|
|
```
|
|
<ca>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
|
|
[...]
|
|
-----END CERTIFICATE-----
|
|
</ca>
|
|
```
|
|
Footnotes
|
|
-----------
|
|
Please note that OpenVPN used by this project is under GPLv2.
|
|
|
|
If you cannot or do not want to use the Play Store you can [download the apk files directly](http://plai.de/android/).
|
|
|
|
If you want to donate you can donate to [arne-paypal@rfc2549.org via paypal](https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&cmd=_s-xclick), or alternatively if you believe in fancy Internet money you can use Bitcoin: 1EVWVqpVQFhoFE6gKaqSkfvSNdmLAjcQ9z
|
|
|
|
The old official or main repository was a Mercurial (hg) repository at http://code.google.com/p/ics-openvpn/source/
|
|
|
|
The new Git repository is now at GitHub under https://github.com/schwabe/ics-openvpn
|
|
|
|
Please read the doc/README before asking questions or starting development.
|