OpenVPN can also be used on mobile devices, such as Android or iPhone smartphones. In this recipe, we will show how to set up a basic configuration file for the OpenVPN for the Android app. The same configuration can be used on iPhones and iPads.
Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.11. The client device was running Android 4.2 and OpenVPN for Android version 0.6.57. Keep the configuration file, basic-udp-server.conf
, from the Server-side routing recipe in Chapter 2, Client-server IP-only Networks at hand. For the client, keep the configuration file, basic-udp-client.ovpn
, from the Using an ifconfig-pool block recipe in Chapter 2, Client-server IP-only Networks at hand.
[root@server]# openvpn --config basic-udp-server.conf
basic-udp-client.ovpn
file to an inline configuration file. This is done by replacing all references to external files with the inline blobs. We then add these inline blobs by copying the contents from the external files. The resulting configuration file will look similar to this:client proto udp remote openvpnserver.example.com port 1194 dev tun nobind remote-cert-tls server key-direction 1 push-peer-info <ca> -----BEGIN CERTIFICATE----- MIIGDzCCA/egAwIBAgIJAJOj7Wg... ... -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- MIIFKzCCAxOgAwIBAgIBAjANBgi... ... -----END CERTIFICATE----- </cert> <key> -----BEGIN RSA PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEF... ... -----END RSA PRIVATE KEY----- </key> <tls-auth> -----BEGIN OpenVPN Static key V1----- 5f5b2bfff373961654089871b40a39eb ... -----END OpenVPN Static key V1----- </tls-auth>
example9-10.ovpn
.example9-10.ovpn
profile. If all goes well, you should see an output similar to this:
The OpenVPN for Android app is based on the same source code as the open source OpenVPN software. Hence, almost all options that can be specified in a normal configuration file can also be specified in an OpenVPN app profile. However, it is recommended to include all certificate and keying information inside the profile, as it makes it much easier to transfer the configuration to the device.
If you want to transfer the app profile by uploading it to a web server first, then make sure that the file type and extensions remain intact. The mobile device will treat the configuration file as a plain text file if it does not recognize it as an OpenVPN profile and you will not be able to import it into the OpenVPN for Android app. In such cases, it may be desirable to transfer the .ovpn
file inside a ZIP (.zip
) file.
18.219.208.51