I am listing a few requirements that are not discussed before but may still be important and non obvious. These at least people not involved with the Android platform a better picture of required changes. > To allow OpenVPN to be properly refactored afterwards, the important > part is probably to get the external interfaces correct (which never > works in practice, but it would be nice to get close...). > > The main undecided points regarding the interface side of things appear to be: > * How to pass the fds back and forth: Special-case the management > interface for unix domain sockets or use a dedicated unix domain > socket for special operations. Could this potentially be the same > interface that was discussed for some of the windows privilege > separation approaches? > * How to call OpenVPN from Java. Via thin JNI wrapper or as a regular > executable. > * The precise names of the newly introduced management commands.
* How to pass routing and other information over the managment interface. This is important since OpenVpn for Linux needs ROUTE_AFTER_TUN and IFCONFIG_AFTER_TUN and the Android API needs both before TUN. * If the TARGET_ANDROID (or call it TARGET_UNPRIVILEGED_USES_FDPASSING or something generic) is an extra target or if TARGET_LINUX and TARGET_ANDROID should one target. This will complicate a lot of things without refactoring (see the before/after point) * Openvpn for Android is the first platform which does allow non CIDR routes (I think). In my port I print a warning in the GUI if I encounter something stupid like 10.0.0.0 netmask 255.0.255.0. The same goes the netmask of the ifconfig command. Arne P.S.: Sorry for double email, I sent from the wrong email in the first try.
