Record project continuation changes
This commit is contained in:
@@ -0,0 +1,41 @@
|
||||
# RAP Android VPN
|
||||
|
||||
This is the Android client for the experimental RAP VPN service.
|
||||
|
||||
Implemented now:
|
||||
|
||||
- login through `/auth/login`;
|
||||
- trusted-device reconnect through `/auth/refresh` without retyping the password
|
||||
while the device session is valid;
|
||||
- load organization-scoped VPN client profile from `/clusters/{clusterID}/vpn/client-profile`;
|
||||
- request Android VPN permission and create a `VpnService` TUN interface;
|
||||
- relay TUN packets through the Control Plane HTTP packet relay to the active
|
||||
`home-1` gateway lease.
|
||||
- user-facing HOME-first screen: connect/disconnect is primary, while backend,
|
||||
cluster, organization, login, and password are kept in the settings dialog;
|
||||
- saved connection settings in app preferences so repeat connects do not require
|
||||
retyping the profile.
|
||||
- encrypted refresh-token storage through Android Keystore. If the trusted
|
||||
device session is revoked or expires, the app asks for the password once and
|
||||
then rotates the device keys/profile again.
|
||||
|
||||
This is still a lab runtime, not a production WireGuard/IPsec implementation.
|
||||
The active Linux gateway node must be able to create `/dev/net/tun`, run `ip`,
|
||||
`sysctl`, and `iptables`, and enable NAT for `10.77.0.0/24`.
|
||||
|
||||
Build from this repository on Windows:
|
||||
|
||||
```powershell
|
||||
$env:ANDROID_HOME="C:\Android\Sdk"
|
||||
$env:ANDROID_SDK_ROOT="C:\Android\Sdk"
|
||||
pwsh -ExecutionPolicy Bypass -File ..\..\scripts\android\build-android-apk.ps1
|
||||
adb install -r app/build/outputs/apk/debug/app-debug.apk
|
||||
```
|
||||
|
||||
Or run directly from the project:
|
||||
|
||||
```powershell
|
||||
$env:ANDROID_HOME="C:\Android\Sdk"
|
||||
$env:ANDROID_SDK_ROOT="C:\Android\Sdk"
|
||||
gradle assembleDebug
|
||||
```
|
||||
Reference in New Issue
Block a user