I use my personal server as a VPN endpoint for my laptop when I'm using untrusted networks and I wanted to do the same on my Android 5 (Lollipop) phone.
It turns out that it's quite easy to do (doesn't require rooting your phone) and that it works very well.
Install OpenVPN
Once you have installed and configured OpenVPN on the server, you need to install the OpenVPN app for Android (available both on F-Droid and Google Play).
From the easy-rsa directory you created while generating the server keys,
create a new keypair for your phone:
./build-key nexus6 # "nexus6" as Name, no password
and then copy the following files onto your phone:
ca.crtnexus6.crtnexus6.keyta.key
Create a new VPN config
If you configured your server as per my instructions, these are the settings you'll need to use on your phone:
Basic:
- LZO Compression:
NO - Type:
Certificates - CA Certificate:
ca.crt - Client Certificate:
nexus6.crt - Client Certificate Key:
nexus6.key
Server list:
- Server address:
hafnarfjordur.fmarier.org - Port:
1194 - Protocol:
UDP - Custom Options:
NO
Authentication/Encryption:
- TLS Security Profile:
preferred - Expect TLS server certificate:
YES - Certificate hostname check:
YES - Remote certificate subject:
server - Use TLS Authentication:
YES - TLS Auth File:
ta.key - TLS Direction:
1 - Encryption cipher:
AES-256-GCM - Packet authentication:
SHA512
Advanced:
- Persistent tun:
YES
That's it. Everything else should work with the defaults.
I should also mention that IPv6 dual-stack works well over OpenVPN for Android on 5.0 and above (it's broken on 4.4).
(Side-note: IPv6 dual-stack also works well with the strongSwan IKEv2 app.)
I've used your OpenVPN posts as a starting point for my own openvpn experiments.
Is there a reason why you chose the Android App OpenVPN for Android over OpenVPN Connect?
I couldn't find much on the differences in the documentation/FAQ of those projects. I've ended up using 'OpenVPN Connect' since it is claimed that it is the 'official' OpenVPN app - and because it is installed/rated by more users.
Do you know some advantages of one over the other?
Regarding the settings on the Android device - I generally dislike the idea of having to navigate complex configuration dialogs in an android app. Fortunately 'OpenVPN Connect' supports importing the settings, keys and certificate from a single
.ovpnprofile file ('OpenVPN for Android' supports this, too, it seems). With that you can even include the certificates and keys inline.Your example settings translated to
.ovpnsyntax should look like:I've tested it with 'OpenVPN Connect' on Android 5 and it works as expected.
I'm using it on Lollipop and I was able to set it up with a graphical app, not a command-line one.
Hello, Maybe you can help me. I installed the OpenVPN on my tab (Samsung tab4 with Android lollipop) and the connection is OK. I see that there is a connection, I can even ping the tab from my VPNserver (router). The thing is now, not all traffic is flowing through the tunnel. I started a couple of applications and the registered data use is not increasing that much. Also some applications won't work because they only work in my own LAN. So my conclusion the tunnel is not used for several applications.
Questions: 1. How can I check if an application is using the tunnel or nog. 2. How can I config that all applications are using the tunnel. 3. Maybe something else I have to do ??
Thanks in advance.
Greetz,
JD