Follow

How to configure Android OpenVPN client with password authentication

Applies to Platform: Android 4.1 and up

Background

This lesson illustrates how to configure Android OpenVPN client to use password authentication.

Prerequisites

  • Device with Android OS 4.1 and up
  • Internet connectivity and Google account to access Google Play store and download OpenVPN application.

    Warning

    On Android is possible to create TUN tunnels only, as TAP tunnels are not supported by the operating system itself. For more information, please read OpenVPN Android client FAQs. The OpenVPN server instance has to be configured to use TUN device.

Client Installation

Download OpenVPN application from Google Play Store, at link https://play.google.com/store/apps/details?id=net.openvpn.openvpn and install it by clicking on Install button, as shown below.

Creation of .ovpn configuration file

Before starting with the steps to configure Android OpenVPN client, we need to create a .ovpn file where to put all our configuration parameters, as OpenVPN client for Android allows only to import .ovpn files in order to create a VPN profile.

In order to create an .ovpn file, just open an empty file, and paste the followings:

client
dev tun                             
proto udp                 #only if you use udp protocol
remote REDIP 1194       #1194 only if your vpn server's port is the default port     
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass           
verb 3 comp-lzo ns-cert-type server
setenv CLIENT_CERT 0
<ca>
#paste content of Endian CA certificate here
</ca>

where you will have to replace REDIP above with the public RED IP of the Endian Appliance, and between <ca> and </ca> you need to put the content of the CA certificate of the Endian UTM Appliance. In order to retrieve it, click on Menubar > VPN > Certicates > Certificate Authority, then click on View details button.

Scroll down the page until you see the following:

The content to be pasted into .ovpn file is the one similar to the following:

-----BEGIN CERTIFICATE-----
MIIEEjCCAvqgAwIBAgIQabYWy0MLMLVk74ZBpiTSNzANBgkqhkiG9w0BAQsFADAs
MQswCQYDVQQGEwJJVDEM[...]iqc6eG+zGY39UjD40lQahFm
Gng0GqYDIVemRo2XqSBQCYJbCZSjQj+YOQ+8HAHJRVvoSXwsm6Q=
-----END CERTIFICATE-----

For more information, please refer to OpenVPN Android client FAQs.

Note

On Android, setenv CLIENT_CERT 0 parameter is needed to avoid Android asking confirmation each time the user starts OpenVPN connection, only if a user certificate is not selected from Android keychain. For more information, please read OpenVPN Android client FAQs.

Replace <REDIP> above with the public RED IP of the Endian Appliance and save the file with .ovpn extension.

Android OpenVPN client configuration

To successfully configure OpenVPN profile, import .ovpn file into your Android device, open OpenVPN app and follow these steps:

1. Import .ovpn profile into your Android device. One method could be by sending the certificate to an e-mail which can be accessed from Android device itself. Once received, download the .ovpn file and note the folder where it has been downloaded.

1. Launch OpenVPN app and tap on OVPN Profile (Connect with .ovpn file).

Screenshot_20180822-151247.jpg

2. Tap on Allow.

Screenshot_20180823-120421.jpg 

3. Tap on OVPN tab and look for the .ovpn file previously downloaded on your Android device, then select it and tap on Import.

Screenshot_20180823-120543.jpg

 

4. Give VPN profile a title and type both client username and password, as configured on Endian UTM Appliance during client user creation, then tap on Add.

Screenshot_20180823-120617.jpg

5. At this point, the OpenVPN profile is successfully imported, so we can connect to the VPN by tapping on the gray slider.

6. If the slides becomes green and the state changes to Connected, the OpenVPN connection has successfully established and OpenVPN client configuration is complete.

Screenshot_20180823-120731.jpg

Have more questions? Submit a request

Comments