Android

How to Configure OpenVPN Android mobile

How to Configure OpenVPN Android mobile

Highlights

  • You will need to enter the VPN name, VPN server and you will also be asked to set CA certificate and set User Certificate in which you will point it to the certificate imported in the steps above.
  • For those of you who are running an OpenVPN server perhaps on an Untangle box or some other variety of OpenVPN solution, you may have the need to connect to the VPN from your Android mobile device.
  •   The main challenge is simply getting the certificate in the correct format for Android to import it to the certificate store on the device.

For those of you who are running an OpenVPN server perhaps on an Untangle box or some other variety of OpenVPN solution, you may have the need to connect to the VPN from your Android mobile device.  One of the really nice things about the new Cyanogenmod 7.1 release is the built-in OpenVPN connection that is already installed and ready to be used.  We will show you what needs to be done to utilize this built-in VPN client on your CM Android to connect to your OpenVPN backend server.  Since we are utilizing Untangle as our VPN solution, this is the product we will demonstrate from the backend.

After you have setup your OpenVPN server side settings, you will need to export the server and client certificates along with the key that comes with the config.  So there are three pieces

  • domain-ca.crt
  • domain-user.crt
  • domain-user.key

In Untangle, these can be obtained by exported your config file in the OpenVPN interface.  In your OpenVPN rack interface in Untangle, simply click on the “Distribute Client option”

openvpn2
You will then want to choose “Click here to download a configuration file for all OSs.”

openvpn1

 

Now one of the downsides of the configuration .zip package that you receive from the server is that the certificates are not in the correct format for importing on your android device.  They need to be in a .p12 format.  Fortunately from openssl we can convert our individual certificates into the .p12 package we need to successfully import the certificate.

We simply copied our files over to a trusty Ubuntu box where we had access to openssl and converted the file using the following commands.  However, you can also install openssl for Windows if you do not have access to a linux box.

openssl pkcs12 -export -in “youruser-ca.crt” -inkey “youruser.key” -certfile “yourca.crt” -name “Some Name” -out yourfilename.p12

After you have your .p12 certificate bundle created.  Simply copy this to the SDCARD of your Android device. You can do this by installing the drivers for your Android device so that Windows simply recognizes it as a mass storage device that will allow you to copy and browse files.

Once the file has been copied to the card, then we are ready to install our certificate to be used by our OpenVPN client.  Hit the menu button > settings > Location and Security > Install from SD card

screenshot-1320331111628

We are prompted to confirm the certificate that exists on the SDCARD as well as the password that was used to export the certificate.

screenshot-1320331147625

Confirm the certificate name and the contents:

screenshot-1320331194394

Set the password for credential storage:

screenshot-1320331225733

Now we navigate to Wireless & Network settings > VPN settings

screenshot-1320331254363

Notice that we have the option with Cyanogen to Add OpenVPN VPN

screenshot-1320331268864

You will need to enter the VPN name, VPN server and you will also be asked to set CA certificate and set User Certificate in which you will point it to the certificate imported in the steps above.

screenshot-1320331341609

screenshot-1320331351957

After the certificate is set, and the other general information has been entered, you should be ready to connect to your OpenVPN server.  Be sure that the port settings and protocol settings also match up on your client side configuration as they are configured on the server side.

Final Thoughts

The process to get OpenVPN setup is actually not that difficult.  The main challenge is simply getting the certificate in the correct format for Android to import it to the certificate store on the device.

 

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.