by

OpenVPN Server & Android Client Configuration in Ubuntu 12.04

This is tutorial about configuring the vpn server and setting up the mobile device to connect to the server. For instruction to install the OpenVPN server, please follow this guide:

Or you can find any other resources that similar to your server environment.

Server Config

Clean All The Existing Keys

This will clean up existing keys in the ~keys~ dir.

cd /etc/openvpn/easy-rsa/
. ./vars
./clean-all
./build-ca
Note the dot before the ./vars

Creating the Server Certificate

Create the server certificate:

./build-key-server server

Rename the 'server' into anything that you want.

Create the Client Certificate

Now that we have a server certificate, we are going to create a certificate for our android mobile phone (or laptop)

./build-key lenovoTAB

Again, you can rename lenovoTAB to any certificate name that you prefer. This will generate the key and certificate which will be located under the keys/ directory. * ca.crt * lenovoTAB.crt * lenovoTAB.csr * lenovoTAB.key Copy that files to somewhere save, it will be used later on your mobile device to connect to the vpn server.

Then, generate the Diffie-Helman parameters:

./build-dh

Create the Server-Client Configuration

So now we have everything in place to start creating an OpenVPN configuration. We must create a configuration for the server and the client. Those configurations are based on the examples that can be find in /usr/share/doc/openvpn/examples/.

Mine was located at /etc/openvpn/lenovoTAB.conf:

dev tun2
tls-server
dh easy-rsa/keys/dh1024.pem
ca easy-rsa/keys/ca.crt
cert easy-rsa/keys/server.crt
key easy-rsa/keys/server.key
server 10.0.0.0 255.255.255.0
log /var/log/openvpn-lenovoTAB.log
comp-lzo
script-security 2
route-up "/sbin/ifconfig tun2 up"
port 1194
proto tcp-server
keepalive 30 120
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"

In above example, i use port 1194 for the vpn connection.

Restart the service

/etc/init.d/openvpn restart

Client Device Configuration

In this section i will cover how to setup vpn connection to the server in mobile device.

Requirement:

  • OpenVPN Connect must be installed in your mobile device.
  • ES File Explorer to copy, move, edit files on your device. You can choose any that you prefer.
  • Copy ca.crt, lenovoTAB.crt, lenovoTAB.key from server to your mobile device. Mine was copied to my ~/Download/ folder.
  • Create a file called lenovoTAB.ovpn and configure it like this:
tls-client
remote <your vpn server ip address>
ca ca.crt
cert lenovoTAB.crt
key lenovoTAB.key
comp-lzo
port 1194
proto tcp

My result, i have the following files on my device: * ~/Download/ca.crt * ~/Download/lenovoTAB.crt * ~/Download/lenovoTAB.key * ~/Download/lenovoTAB.ovpn

Setting Up OpenVPN Connect

OpenVPN Connect app, then click import, and select Import Profile from SD Card. Select the lenovoTAB.ovpn file where you place it on your mobile device (mine was: ~/Download/lenovoTAB.ovpn). Click Connect button. Voila! now you have a private connection from your mobile device.

OpenVPN Connect

ubuntuvpnopenvpnlinux