Follow

How to configure Android OpenVPN client with certificate authentication

Applies to Platform: Android 4.1 and up

Background

This lesson illustrates how to configure Android OpenVPN client to use certificate authentication.

Prerequisites

  • Device with Android OS 4.1 and up
  • Internet connectivity and Google account to access Google Play store and download OpenVPN application.

    Warning

    On Android is possible to create TUN tunnels only, as TAP tunnels are not supported by the operating system itself. For more information, please read OpenVPN Android client FAQs. The OpenVPN server instance has to be configured to use TUN device.

Client Installation

Download OpenVPN application from Google Play Store, at link https://play.google.com/store/apps/details?id=net.openvpn.openvpn and install it by tapping on Install button, as shown below.

Creation of .ovpn configuration file

Before starting with the steps to configure Android OpenVPN client, we need to create a .ovpn file where to put all our configuration parameters, as OpenVPN client for Android allows only to import .ovpn files in order to create a VPN profile.

In order to create an .ovpn file, just open an empty file, and paste the followings:

client
dev tun                             
proto udp                 #only if you use udp protocol
remote <REDIP> 1194       #1194 only if your vpn server's port is the default port     
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3 comp-lzo ns-cert-type server

Replace <REDIP> above with the public RED IP of the Endian Appliance and save the file with .ovpn extension.

Also remember to download the PCKS12 client certificate (you can manage all the CA and certificates of your Endian UTM Appliance directly from the GUI, under Menubar > VPN > Certificates.) from Endian UTM Appliance, which will be used later to create OpenVPN profile into Android client.

Android OpenVPN client configuration

To successfully configure OpenVPN profile, follow these steps:

1. Import .p12 certificate and .ovpn profile into your Android device. One method could be by sending the certificate to an e-mail which can be accessed from Android device itself.

2. Tap on the .p12 certificate into the attachments, type the .p12 certificate password, as configured on Endian UTM Appliance during client certificate creation, and tap on OK.

Screenshot_20180904-165702.jpg

3. Give a name to the certificate, select VPN and apps if not already selected and tap on OK. This will be the name with which Android will save the certificate on its key-ring.

Screenshot_20180904-165716.jpg

4. Open OpenVPN app and tap on OVPN Profile (Connect with .ovpn file).

Screenshot_20180822-151247.jpg

5. Tap on Allow.

Screenshot_20180823-120421.jpg

6. If step 1,2,3 were already done, skip to step 9. Tap on PKCS#12 tab and look for the .p12 file previously imported on your Android device, then select it and tap on Import.

7. Type the .p12 certificate password, as configured on Endian UTM Appliance during client certificate creation, and tap on OK.

8. Give a name to the certificate, select VPN and apps if not already selected and tap on OK. This will be the name with which Android will save the certificate on its key-ring.

Screenshot_20180823-120533.jpg

9. Tap on OVPN tab and look for the .ovpn file previously imported on your Android device, then select it and tap on Import.

Screenshot_20180823-120543.jpg

10. Give VPN profile a title, then tap on Add.

Screenshot_20180823-144030.jpg

 

11. At this point, the OpenVPN profile is successfully imported, but we need to connect at least once to complete the configuration by tapping on the gray slider.

12. Tap on Select Certificate.

Screenshot_20180823-120655.jpg

13. Select previously imported certificate and tap on Select.

Screenshot_20180823-120706.jpg

14. If the slides becomes green and the state changes to Connected, the OpenVPN connection has successfully established and OpenVPN client configuration is complete.

Screenshot_20180823-120731.jpg

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments