m/rdp-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
20d361a886ae22102822a5cf4750eebcc4e91d42
rdp-proxy/clients/android/README.md
T
m 20d361a886
build / backend (push) Has been cancelled
Details
build / node-agent (push) Has been cancelled
Details
build / worker (push) Has been cancelled
Details
рабочий вариант, но скороть 10 МБит
2026-05-22 21:46:49 +03:00

2.9 KiB
Raw Blame History

RAP Android VPN

This is the Android mobile node build with the vpn-client service enabled.

Implemented now:

  • installation as a first-class fabric node with an embedded QUIC bootstrap seed set. The seed set is not a backend selector: it contains every known public or local entry candidate that may help the node join the fabric from its current network.
  • runtime launch uses a persisted fabric_bootstrap_config, not a backend API URL. The Android node starts by attaching to the fabric through bootstrap peers and then discovers/uses services through fabric rules.
  • login and trusted-device refresh through the QUIC fabric control channel;
  • load organization-scoped VPN client profile through the fabric control channel;
  • request Android VPN permission and create a VpnService TUN interface;
  • run as a normal fabric node with the vpn-client service role. The local VpnService TUN is the IPv4 ingress for that node, and packet channels are routed by the farm to an authorized ipv4-egress pool. The supported dataplane is the QUIC fabric runtime only. The Android node never contacts the farm over HTTP; control, profile refresh, channel request, packet uplink, and downlink all go through the farm protocol.
  • user-facing HOME-first screen: connect/disconnect is primary, while cluster, organization, login, and password are kept in the settings dialog;
  • saved connection settings in app preferences so repeat connects do not require retyping the profile.
  • encrypted refresh-token storage through Android Keystore. If the trusted device session is revoked or expires, the app asks for the password once and then rotates the device keys/profile again.
  • no separate diagnostic foreground service: runtime status is reported by the node/VPN service itself.

This is still a lab runtime. The required target model is Android as a farm node with the vpn-client role. The VPN service must attach to the mesh as that node and route to an authorized IPv4 exit pool; there is no separate VPN entry point. Exit configuration is always pool based, including pools that currently contain only one node. A phone installed in a closed network may join through local seed nodes from that network; it does not need direct Internet access if a nearby fabric node can route onward.

Current code contract:

  • Android control bootstrap field: fabric_bootstrap_config
  • Android runtime dataplane: QUIC Fabricvpn runtime only
  • Android runtime status keys: fabric_transport_*

Build from this repository on Windows:

$env:ANDROID_HOME="C:\Android\Sdk"
$env:ANDROID_SDK_ROOT="C:\Android\Sdk"
pwsh -ExecutionPolicy Bypass -File ..\..\scripts\android\build-android-apk.ps1
adb install -r app/build/outputs/apk/debug/app-debug.apk

Or run directly from the project:

$env:ANDROID_HOME="C:\Android\Sdk"
$env:ANDROID_SDK_ROOT="C:\Android\Sdk"
gradle assembleDebug
Reference in New Issue View Git Blame Copy Permalink