OpenVPN Server and OpenVPN Client on Android

/ Felipe Alfaro Solana

The OpenVPN server configuration:

# cat /etc/openvpn/server.conf
port 1194
proto udp
dev tun

ca /etc/openvpn/open-rsa/keys/ca.crt
cert /etc/openvpn/open-rsa/keys/server.crt
key /etc/openvpn/open-rsa/keys/server.key
dh /etc/openvpn/open-rsa/keys/dh1024.pem

server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 60
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3

client-config-dir ccd

The client-specific configuration, which specifies which subnets are accessible on the client:

# cat /etc/openvpn/ccd/android
iroute 10.42.242.0 255.255.255.0

Enable IP forwarding

# grep ip_forward /etc/sysctl.conf
net.ipv4.ip_forward=1
# sysctl -p

Enable NAT

# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
# service iptables save

Export the client certificate and private key using PKCS12 in order to then import them into the OpenVPN Client for Android:

# openssl pkcs12 -export -in /etc/openvpn/open-rsa/keys/android.crt -inkey /etc/openvpn/open-rsa/keys/android.key -certfile /etc/openvpn/open-rsa/keys/ca.crt -name android -out /tmp/android.p12

The resulting android.p12 file can be sent to the Android device, and from there have it imported into the OpenVPN Client for Android.

2 thoughts on “OpenVPN Server and OpenVPN Client on Android

  2. Thanks for sharing such a fastidious idea, piece of writing is fastidious, thats why i have
    read it fully

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s