Android VPNService allows you to create tun device and we can access the packets routed to the tun to our program.
I am using C/NDK to access those packets.
Assuming that I write proprietary protocol to get packets from remote vpn client and release to the tun, can I expect those packets to get routed in Android and possibly natted on the interface and access Internet?
For example, I create a route in Android (via vpn service) for 10.0.0.0/24 to tun. I release packets with source IP 10.0.0.5 to tun will they traverse through the kernel and reach destination through Internet. (Or do those packets simply hit the interface back as tun is the default gateway!) If they reach Internet after properly natted, can I expect replies (dst ip 10.0.0.5) to hit the tun interface ?
Or should I just check?
Any ideas / suggestions welcome.
Thanks in advance.
Looks like it is a NO.
Here is what I have done.
Built a VPN on android with C using NDK and little bit of java using VPNService.
VPN Client is working fine.
When I received packets from a remote CLient and inject those packets into tunnel (with proper routing), those packets are not reaching the target.
The target was my linux box and waited for those packets to arrive using tcpdump.
So Injecting the packets captured elsewhere into android tunnel does not work. (Of course, it is trivial on Linux with root access)
Here are the precautions I have taken before injecting those packets into tunnel.
and finally, the packets are not coming back to tunnel as well.
I can confirm that they are dropped by the kernel.