What is Virtual Private Network?
A VPN server is a type of the server that enables hosting and delivery of VPN services.
It is a combination of the VPN hardware & software technologies that provides VPN clients with connectivity to a secure and/or private network, or rather, the VPN.
VPN Service is a base class for applications to extend and build their own VPN solutions. In general, it creates a virtual network interface, configures addresses & routing rules, & returns a file descriptor to the application. Each read from the descriptor retrieves the outgoing packet which was routed to the interface. Each write to the descriptor injects the incoming packet just like it was received from the interface. The interface is running on the Internet Protocol (IP), so packets are always started with IP headers. The application then completes the VPN connection by processing & exchanging packets with the remote server over a tunnel.
Letting applications intercept packets raises huge security concerns. A VPN application can easily break the network. Besides, both of them may conflict with each other. The system takes many actions to address these issues. Here are some key points:
- User action is required the 1st time an application creates a VPN connection.
- There can be only one VPN connection running at that time. The existing interface is deactivated when an any new is created.
- A system-managed the notification is shown during the lifetime of a VPN connection.
- A system-managed the dialog gives the information of the current VPN connection. It also provides a button to disconnect.
- The network is restored automatically when that file descriptor is closed. It also covers the cases when the VPN application is crashed or killed by the system.
There are two primary methods in this class:
Prepare (Context) & VPNService.Builder.establish(). The former deals with user action & stop the VPN connection created by another application. The latter creates the VPN interface using the parameters supplied to the VPNService.Builder. An application must call Prepare (Context) to grant the right to use other methods in this class, & the right can be revoked at any time. Here are some general steps to create a VPN connection:
- When the user presses the button to connect, call Prepare (Context) & launch the returned intent, if non-null.
- When the application becomes prepared, to start the service.
- Create a tunnel to the remote server & negotiate the network parameters for the VPN connection.
- Supply those parameters to a VPNService.Builder & create a VPN interface by calling VPNService.Builder.establish().
- Process & exchange packets between the tunnel & the returned file descriptor.
- When onRevoke() is invoked, close the file descriptor & shut down the tunnel gracefully.
Services extending this class need to be declared with an appropriate permission & intent filter. Their access must be secured by the Manifest. premission
BIND_VPN_SERVICE permission, and their intent filter must match SERVICE_INTERFACE action.
Here is the example of declaring a VPN service in Android Manifest.xml:
The Android system starts the VPN in background by calling statrService(). In Android 8.0 (API level 26) & higher, the system places VPN apps on the temporary whitelist for a short period so the app can start in the background. The VPN app must promote itself to foreground after it’s launched & the system will shut down the app.
Some Famous VPN apps are these:
What is VPN? You can Learn in 90 Seconds only.