Applies to Platform: Android 4.1 and up
This lesson illustrates how to configure Android OpenVPN client to use certificate authentication.
- Device with Android OS 4.1 and up
- Internet connectivity and Google account to access Google Play store and download OpenVPN application.
WarningOn Android is possible to create TUN tunnels only, as TAP tunnels are not supported by the operating system itself. For more information, please read OpenVPN Android client FAQs. The OpenVPN server instance has to be configured to use TUN device.
Download OpenVPN application from Google Play Store, at link https://play.google.com/store/apps/details?id=net.openvpn.openvpn and install it by tapping on Install button, as shown below.
Creation of .ovpn configuration file
Before starting with the steps to configure Android OpenVPN client, we need to create a .ovpn file where to put all our configuration parameters, as OpenVPN client for Android allows only to import .ovpn files in order to create a VPN profile.
In order to create an .ovpn file, just open an empty file, and paste the followings:
client dev tun proto udp #only if you use udp protocol remote REDIP 1194 #1194 only if your vpn server's port is the default port resolv-retry infinite nobind persist-key persist-tun
verb 3 comp-lzo ns-cert-type server
Replace REDIP above with the public RED IP of the Endian Appliance and save the file with .ovpn extension.
Also remember to download the PCKS12 client certificate (you can manage all the CA and certificates of your Endian UTM Appliance directly from the GUI, under Menubar > VPN > Certificates.) from Endian UTM Appliance, which will be used later to create OpenVPN profile into Android client.
Android OpenVPN client configuration
To successfully configure OpenVPN profile, follow these steps:
1. Import .p12 certificate and .ovpn profile into your Android device. One method could be by sending the certificate to an e-mail which can be accessed from Android device itself.
2. Tap on the .p12 certificate into the attachments, type the .p12 certificate password, as configured on Endian UTM Appliance during client certificate creation, and tap on OK.
3. Give a name to the certificate, select VPN and apps if not already selected and tap on OK. This will be the name with which Android will save the certificate on its key-ring.
4. Open OpenVPN app and tap on OVPN Profile (Connect with .ovpn file).
5. Tap on Allow.
6. If step 1,2,3 were already done, skip to step 9. Tap on PKCS#12 tab and look for the .p12 file previously imported on your Android device, then select it and tap on Import.
7. Type the .p12 certificate password, as configured on Endian UTM Appliance during client certificate creation, and tap on OK.
8. Give a name to the certificate, select VPN and apps if not already selected and tap on OK. This will be the name with which Android will save the certificate on its key-ring.
9. Tap on OVPN tab and look for the .ovpn file previously imported on your Android device, then select it and tap on Import.
10. Give VPN profile a title, then tap on Add.
11. At this point, the OpenVPN profile is successfully imported, but we need to connect at least once to complete the configuration by tapping on the gray slider.
12. Tap on Select Certificate.
13. Select previously imported certificate and tap on Select.
14. If the slides becomes green and the state changes to Connected, the OpenVPN connection has successfully established and OpenVPN client configuration is complete.