Added in API level 14

Builder


open class Builder
kotlin.Any
   ↳ android.net.VpnService.Builder

Helper class to create a VPN interface. This class should be always used within the scope of the outer VpnService.

Summary

Public constructors

Public methods
open VpnService.Builder
addAddress(address: InetAddress, prefixLength: Int)

Add a network address to the VPN interface.

open VpnService.Builder
addAddress(address: String, prefixLength: Int)

Convenience method to add a network address to the VPN interface using a numeric address string.

open VpnService.Builder

Adds an application that's allowed to access the VPN connection.

open VpnService.Builder

Adds an application that's denied access to the VPN connection.

open VpnService.Builder

Add a DNS server to the VPN connection.

open VpnService.Builder
addDnsServer(address: String)

Convenience method to add a DNS server to the VPN connection using a numeric address string.

open VpnService.Builder
addRoute(address: InetAddress, prefixLength: Int)

Add a network route to the VPN interface.

open VpnService.Builder
addRoute(prefix: IpPrefix)

Add a network route to the VPN interface.

open VpnService.Builder
addRoute(address: String, prefixLength: Int)

Convenience method to add a network route to the VPN interface using a numeric address string.

open VpnService.Builder

Add a search domain to the DNS resolver.

open VpnService.Builder

Allows all apps to bypass this VPN connection.

open VpnService.Builder
allowFamily(family: Int)

Allows traffic from the specified address family.

open ParcelFileDescriptor?

Create a VPN interface using the parameters supplied to this builder.

open VpnService.Builder

Exclude a network route from the VPN interface.

open VpnService.Builder
setBlocking(blocking: Boolean)

Sets the VPN interface's file descriptor to be in blocking/non-blocking mode.

open VpnService.Builder

Set the PendingIntent to an activity for users to configure the VPN connection.

open VpnService.Builder
setHttpProxy(proxyInfo: ProxyInfo)

Sets an HTTP proxy for the VPN network.

open VpnService.Builder
setMetered(isMetered: Boolean)

Marks the VPN network as metered.

open VpnService.Builder
setMtu(mtu: Int)

Set the maximum transmission unit (MTU) of the VPN interface.

open VpnService.Builder
setSession(session: String)

Set the name of this session.

open VpnService.Builder

Sets the underlying networks used by the VPN for its upstream connections.

Public constructors

Builder

Added in API level 14
Builder()

Public methods

addAddress

Added in API level 14
open fun addAddress(
    address: InetAddress,
    prefixLength: Int
): VpnService.Builder

Add a network address to the VPN interface. Both IPv4 and IPv6 addresses are supported. At least one address must be set before calling establish. Adding an address implicitly allows traffic from that address family (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily

Parameters
address InetAddress: This value cannot be null.
Return
VpnService.Builder This value cannot be null.
Exceptions
java.lang.IllegalArgumentException if the address is invalid.

addAddress

Added in API level 14
open fun addAddress(
    address: String,
    prefixLength: Int
): VpnService.Builder

Convenience method to add a network address to the VPN interface using a numeric address string. See InetAddress for the definitions of numeric address formats. Adding an address implicitly allows traffic from that address family (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily

Parameters
address String: This value cannot be null.
Return
VpnService.Builder This value cannot be null.
Exceptions
java.lang.IllegalArgumentException if the address is invalid.

addAllowedApplication

Added in API level 21
open fun addAllowedApplication(packageName: String): VpnService.Builder

Adds an application that's allowed to access the VPN connection. If this method is called at least once, only applications added through this method (and no others) are allowed access. Else (if this method is never called), all applications are allowed by default. If some applications are added, other, un-added applications will use networking as if the VPN wasn't running. A Builder may have only a set of allowed applications OR a set of disallowed ones, but not both. Calling this method after addDisallowedApplication has already been called, or vice versa, will throw an UnsupportedOperationException. packageName must be the canonical name of a currently installed application. PackageManager.NameNotFoundException is thrown if there's no such application.

Parameters
packageName String: The full name (e.g.: "com.google.apps.contacts") of an application. This value cannot be null.
Return
VpnService.Builder this Builder object to facilitate chaining method calls. This value cannot be null.
Exceptions
android.content.pm.PackageManager.NameNotFoundException If the application isn't installed.

addDisallowedApplication

Added in API level 21
open fun addDisallowedApplication(packageName: String): VpnService.Builder

Adds an application that's denied access to the VPN connection. By default, all applications are allowed access, except for those denied through this method. Denied applications will use networking as if the VPN wasn't running. A Builder may have only a set of allowed applications OR a set of disallowed ones, but not both. Calling this method after addAllowedApplication has already been called, or vice versa, will throw an UnsupportedOperationException. packageName must be the canonical name of a currently installed application. PackageManager.NameNotFoundException is thrown if there's no such application.

Parameters
packageName String: The full name (e.g.: "com.google.apps.contacts") of an application. This value cannot be null.
Return
VpnService.Builder this Builder object to facilitate chaining method calls. This value cannot be null.
Exceptions
android.content.pm.PackageManager.NameNotFoundException If the application isn't installed.

addDnsServer

Added in API level 14
open fun addDnsServer(address: InetAddress): VpnService.Builder

Add a DNS server to the VPN connection. Both IPv4 and IPv6 addresses are supported. If none is set, the DNS servers of the default network will be used. Adding a server implicitly allows traffic from that address family (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily

Parameters
address InetAddress: This value cannot be null.
Return
VpnService.Builder This value cannot be null.
Exceptions
java.lang.IllegalArgumentException if the address is invalid.

addDnsServer

Added in API level 14
open fun addDnsServer(address: String): VpnService.Builder

Convenience method to add a DNS server to the VPN connection using a numeric address string. See InetAddress for the definitions of numeric address formats. Adding a server implicitly allows traffic from that address family (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily

Parameters
address String: This value cannot be null.
Return
VpnService.Builder This value cannot be null.
Exceptions
java.lang.IllegalArgumentException if the address is invalid.

addRoute

Added in API level 14
open fun addRoute(
    address: InetAddress,
    prefixLength: Int
): VpnService.Builder

Add a network route to the VPN interface. Both IPv4 and IPv6 routes are supported. Adding a route implicitly allows traffic from that address family (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily Calling this method overrides previous calls to excludeRoute for the same destination. If multiple routes match the packet destination, route with the longest prefix takes precedence.

Parameters
address InetAddress: This value cannot be null.
Return
VpnService.Builder This value cannot be null.
Exceptions
java.lang.IllegalArgumentException if the route is invalid.

addRoute

Added in API level 33
open fun addRoute(prefix: IpPrefix): VpnService.Builder

Add a network route to the VPN interface. Both IPv4 and IPv6 routes are supported. Adding a route implicitly allows traffic from that address family (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily Calling this method overrides previous calls to excludeRoute for the same destination. If multiple routes match the packet destination, route with the longest prefix takes precedence.

Parameters
prefix IpPrefix: This value cannot be null.
Return
VpnService.Builder This value cannot be null.
Exceptions
java.lang.IllegalArgumentException if the route is invalid.

addRoute

Added in API level 14
open fun addRoute(
    address: String,
    prefixLength: Int
): VpnService.Builder

Convenience method to add a network route to the VPN interface using a numeric address string. See InetAddress for the definitions of numeric address formats. Adding a route implicitly allows traffic from that address family (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily Calling this method overrides previous calls to excludeRoute for the same destination. If multiple routes match the packet destination, route with the longest prefix takes precedence.

Parameters
address String: This value cannot be null.
Return
VpnService.Builder This value cannot be null.
Exceptions
java.lang.IllegalArgumentException if the route is invalid.

addSearchDomain

Added in API level 14
open fun addSearchDomain(domain: String): VpnService.Builder

Add a search domain to the DNS resolver.

Parameters
domain String: This value cannot be null.
Return
VpnService.Builder This value cannot be null.

allowBypass

Added in API level 21
open fun allowBypass(): VpnService.Builder

Allows all apps to bypass this VPN connection. By default, all traffic from apps is forwarded through the VPN interface and it is not possible for apps to side-step the VPN. If this method is called, apps may use methods such as ConnectivityManager#bindProcessToNetwork to instead send/receive directly over the underlying network or any other network they have permissions for.

Return
VpnService.Builder this Builder object to facilitate chaining of method calls. This value cannot be null.

allowFamily

Added in API level 21
open fun allowFamily(family: Int): VpnService.Builder

Allows traffic from the specified address family. By default, if no address, route or DNS server of a specific family (IPv4 or IPv6) is added to this VPN, then all outgoing traffic of that family is blocked. If any address, route or DNS server is added, that family is allowed. This method allows an address family to be unblocked even without adding an address, route or DNS server of that family. Traffic of that family will then typically fall-through to the underlying network if it's supported. family must be either AF_INET (for IPv4) or AF_INET6 (for IPv6). IllegalArgumentException is thrown if it's neither.

Parameters
family Int: The address family (AF_INET or AF_INET6) to allow.
Return
VpnService.Builder this Builder object to facilitate chaining of method calls. This value cannot be null.

establish

Added in API level 14
open fun establish(): ParcelFileDescriptor?

Create a VPN interface using the parameters supplied to this builder. The interface works on IP packets, and a file descriptor is returned for the application to access them. Each read retrieves an outgoing packet which was routed to the interface. Each write injects an incoming packet just like it was received from the interface. The file descriptor is put into non-blocking mode by default to avoid blocking Java threads. To use the file descriptor completely in native space, see ParcelFileDescriptor#detachFd(). The application MUST close the file descriptor when the VPN connection is terminated. The VPN interface will be removed and the network will be restored by the system automatically.

To avoid conflicts, there can be only one active VPN interface at the same time. Usually network parameters are never changed during the lifetime of a VPN connection. It is also common for an application to create a new file descriptor after closing the previous one. However, it is rare but not impossible to have two interfaces while performing a seamless handover. In this case, the old interface will be deactivated when the new one is created successfully. Both file descriptors are valid but now outgoing packets will be routed to the new interface. Therefore, after draining the old file descriptor, the application MUST close it and start using the new file descriptor. If the new interface cannot be created, the existing interface and its file descriptor remain untouched.

An exception will be thrown if the interface cannot be created for any reason. However, this method returns null if the application is not prepared or is revoked. This helps solve possible race conditions between other VPN applications.

Return
ParcelFileDescriptor? ParcelFileDescriptor of the VPN interface, or null if the application is not prepared.
Exceptions
java.lang.IllegalArgumentException if a parameter is not accepted by the operating system.
java.lang.IllegalStateException if a parameter cannot be applied by the operating system.
java.lang.SecurityException if the service is not properly declared in AndroidManifest.xml.

excludeRoute

Added in API level 33
open fun excludeRoute(prefix: IpPrefix): VpnService.Builder

Exclude a network route from the VPN interface. Both IPv4 and IPv6 routes are supported. Calling this method overrides previous calls to #addRoute for the same destination. If multiple routes match the packet destination, route with the longest prefix takes precedence.

Parameters
prefix IpPrefix: This value cannot be null.
Return
VpnService.Builder This value cannot be null.
Exceptions
java.lang.IllegalArgumentException if the route is invalid.

setBlocking

Added in API level 21
open fun setBlocking(blocking: Boolean): VpnService.Builder

Sets the VPN interface's file descriptor to be in blocking/non-blocking mode. By default, the file descriptor returned by establish is non-blocking.

Parameters
blocking Boolean: True to put the descriptor into blocking mode; false for non-blocking.
Return
VpnService.Builder this Builder object to facilitate chaining method calls. This value cannot be null.

setConfigureIntent

Added in API level 14
open fun setConfigureIntent(intent: PendingIntent): VpnService.Builder

Set the PendingIntent to an activity for users to configure the VPN connection. If it is not set, the button to configure will not be shown in system-managed dialogs.

Parameters
intent PendingIntent: This value cannot be null.
Return
VpnService.Builder This value cannot be null.

setHttpProxy

Added in API level 29
open fun setHttpProxy(proxyInfo: ProxyInfo): VpnService.Builder

Sets an HTTP proxy for the VPN network.

This proxy is only a recommendation and it is possible that some apps will ignore it.

PAC proxies are not supported over VPNs.

Apps that do use the proxy cannot distinguish between routes handled and not handled by the VPN and will try to access HTTP resources over the proxy regardless of the destination. In practice this means using a proxy with a split tunnel generally won't work as expected, because HTTP accesses on routes not handled by the VPN will not reach as the proxy won't be available outside of the VPN network.

Parameters
proxyInfo ProxyInfo: This value cannot be null.
Return
VpnService.Builder This value cannot be null.

setMetered

Added in API level 29
open fun setMetered(isMetered: Boolean): VpnService.Builder

Marks the VPN network as metered. A VPN network is classified as metered when the user is sensitive to heavy data usage due to monetary costs and/or data limitations. In such cases, you should set this to true so that apps on the system can avoid doing large data transfers. Otherwise, set this to false. Doing so would cause VPN network to inherit its meteredness from its underlying networks.

VPN apps targeting android.os.Build.VERSION_CODES#Q or above will be considered metered by default.

Parameters
isMetered Boolean: true if VPN network should be treated as metered regardless of underlying network meteredness
Return
VpnService.Builder this Builder object to facilitate chaining method calls This value cannot be null.

setMtu

Added in API level 14
open fun setMtu(mtu: Int): VpnService.Builder

Set the maximum transmission unit (MTU) of the VPN interface. If it is not set, the default value in the operating system will be used.

Return
VpnService.Builder This value cannot be null.
Exceptions
java.lang.IllegalArgumentException if the value is not positive.

setSession

Added in API level 14
open fun setSession(session: String): VpnService.Builder

Set the name of this session. It will be displayed in system-managed dialogs and notifications. This is recommended not required.

Parameters
session String: This value cannot be null.
Return
VpnService.Builder This value cannot be null.

setUnderlyingNetworks

Added in API level 22
open fun setUnderlyingNetworks(networks: Array<Network!>?): VpnService.Builder

Sets the underlying networks used by the VPN for its upstream connections.

Parameters
networks Array<Network!>?: An array of networks the VPN uses to tunnel traffic to/from its servers. This value may be null.
Return
VpnService.Builder this Builder object to facilitate chaining method calls. This value cannot be null.