m/rdp-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
469fa0e86032d3de152227c3999532cc33860429
rdp-proxy/clients/android
T
History
m 469fa0e860 3
2026-05-18 21:33:39 +03:00
..
.gradle
3
2026-05-18 21:33:39 +03:00
app
3
2026-05-18 21:33:39 +03:00
build.gradle
Record project continuation changes
2026-05-12 21:02:29 +03:00
local.properties
Record project continuation changes
2026-05-12 21:02:29 +03:00
README.md
3
2026-05-18 21:33:39 +03:00
settings.gradle
Record project continuation changes
2026-05-12 21:02:29 +03:00

README.md

RAP Android VPN

This is the Android mobile node build with the vpn-client service enabled.

Implemented now:

  • installation as a first-class fabric node with an embedded QUIC bootstrap seed set. The seed set is not a backend selector: it contains every known public or local entry candidate that may help the node join the fabric from its current network.
  • runtime launch uses a persisted fabric_bootstrap_config, not a backend API URL. The Android node starts by attaching to the fabric through bootstrap peers and then discovers/uses services through fabric rules.
  • login and trusted-device refresh through the QUIC fabric control channel;
  • load organization-scoped VPN client profile through the fabric control channel;
  • request Android VPN permission and create a VpnService TUN interface;
  • run as a normal fabric node with the vpn-client service role. The local VpnService TUN is the IPv4 ingress for that node, and packet channels are routed by the farm to an authorized ipv4-egress pool. The supported dataplane is the QUIC fabric runtime only. HTTP batch forwarding, WebSocket packet relay, direct backend packet relay, and old VPN protocols are removed from the runtime path.
  • user-facing HOME-first screen: connect/disconnect is primary, while backend, cluster, organization, login, and password are kept in the settings dialog;
  • saved connection settings in app preferences so repeat connects do not require retyping the profile.
  • encrypted refresh-token storage through Android Keystore. If the trusted device session is revoked or expires, the app asks for the password once and then rotates the device keys/profile again.
  • no separate diagnostic foreground service: runtime status is reported by the node/VPN service itself, so the Android build does not keep a parallel legacy control process alive.

This is still a lab runtime. The required target model is Android as a farm node with the vpn-client role. The VPN service must attach to the mesh as that node and route to an authorized IPv4 exit pool; there is no separate VPN entry point. Exit configuration is always pool based, including pools that currently contain only one node. A phone installed in a closed network may join through local seed nodes from that network; it does not need direct Internet access if a nearby fabric node can route onward.

Current code contract:

  • Android control bootstrap field: fabric_bootstrap_config
  • Android runtime dataplane: QUIC Fabricvpn runtime only
  • Android runtime status keys: fabric_transport_*

Build from this repository on Windows:

$env:ANDROID_HOME="C:\Android\Sdk"
$env:ANDROID_SDK_ROOT="C:\Android\Sdk"
pwsh -ExecutionPolicy Bypass -File ..\..\scripts\android\build-android-apk.ps1
adb install -r app/build/outputs/apk/debug/app-debug.apk

Or run directly from the project:

$env:ANDROID_HOME="C:\Android\Sdk"
$env:ANDROID_SDK_ROOT="C:\Android\Sdk"
gradle assembleDebug
Reference in New Issue View Git Blame Copy Permalink