For those of you who are running an OpenVPN server perhaps on an Untangle box or some other variety of OpenVPN solution, you may have the need to connect to the VPN from your Android mobile device. One of the really nice things about the new Cyanogenmod 7.1 release is the built-in OpenVPN connection that is already installed and ready to be used. We will show you what needs to be done to utilize this built-in VPN client on your CM Android to connect to your OpenVPN backend server. Since we are utilizing Untangle as our VPN solution, this is the product we will demonstrate from the backend.
After you have setup your OpenVPN server side settings, you will need to export the server and client certificates along with the key that comes with the config. So there are three pieces
In Untangle, these can be obtained by exported your config file in the OpenVPN interface. In your OpenVPN rack interface in Untangle, simply click on the “Distribute Client option”
Now one of the downsides of the configuration .zip package that you receive from the server is that the certificates are not in the correct format for importing on your android device. They need to be in a .p12 format. Fortunately from openssl we can convert our individual certificates into the .p12 package we need to successfully import the certificate.
We simply copied our files over to a trusty Ubuntu box where we had access to openssl and converted the file using the following commands. However, you can also install openssl for Windows if you do not have access to a linux box.
|openssl pkcs12 -export -in “youruser-ca.crt” -inkey “youruser.key” -certfile “yourca.crt” -name “Some Name” -out yourfilename.p12|
After you have your .p12 certificate bundle created. Simply copy this to the SDCARD of your Android device. You can do this by installing the drivers for your Android device so that Windows simply recognizes it as a mass storage device that will allow you to copy and browse files.
Once the file has been copied to the card, then we are ready to install our certificate to be used by our OpenVPN client. Hit the menu button > settings > Location and Security > Install from SD card
We are prompted to confirm the certificate that exists on the SDCARD as well as the password that was used to export the certificate.
Confirm the certificate name and the contents:
Set the password for credential storage:
Now we navigate to Wireless & Network settings > VPN settings
Notice that we have the option with Cyanogen to Add OpenVPN VPN
You will need to enter the VPN name, VPN server and you will also be asked to set CA certificate and set User Certificate in which you will point it to the certificate imported in the steps above.
After the certificate is set, and the other general information has been entered, you should be ready to connect to your OpenVPN server. Be sure that the port settings and protocol settings also match up on your client side configuration as they are configured on the server side.
The process to get OpenVPN setup is actually not that difficult. The main challenge is simply getting the certificate in the correct format for Android to import it to the certificate store on the device.