This is tutorial about configuring the vpn server and setting up the mobile device to connect to the server. For instruction to install the OpenVPN server, please follow this guide:
Or you can find any other resources that similar to your server environment.
Clean All The Existing Keys
This will clean up existing keys in the ~keys~ dir.
cd /etc/openvpn/easy-rsa/ . ./vars ./clean-all ./build-ca
Note the dot before the ./vars
Creating the Server Certificate
Create the server certificate:
Rename the 'server' into anything that you want.
Create the Client Certificate
Now that we have a server certificate, we are going to create a certificate for our android mobile phone (or laptop)
Again, you can rename lenovoTAB to any certificate name that you prefer. This will generate the key and certificate which will be located under the keys/ directory. * ca.crt * lenovoTAB.crt * lenovoTAB.csr * lenovoTAB.key Copy that files to somewhere save, it will be used later on your mobile device to connect to the vpn server.
Then, generate the Diffie-Helman parameters:
Create the Server-Client Configuration
So now we have everything in place to start creating an OpenVPN configuration. We must create a configuration for the server and the client. Those configurations are based on the examples that can be find in /usr/share/doc/openvpn/examples/.
Mine was located at /etc/openvpn/lenovoTAB.conf:
dev tun2 tls-server dh easy-rsa/keys/dh1024.pem ca easy-rsa/keys/ca.crt cert easy-rsa/keys/server.crt key easy-rsa/keys/server.key server 10.0.0.0 255.255.255.0 log /var/log/openvpn-lenovoTAB.log comp-lzo script-security 2 route-up "/sbin/ifconfig tun2 up" port 1194 proto tcp-server keepalive 30 120 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 220.127.116.11"
In above example, i use port 1194 for the vpn connection.
Restart the service
Client Device Configuration
In this section i will cover how to setup vpn connection to the server in mobile device.
- OpenVPN Connect must be installed in your mobile device.
- ES File Explorer to copy, move, edit files on your device. You can choose any that you prefer.
- Copy ca.crt, lenovoTAB.crt, lenovoTAB.key from server to your mobile device. Mine was copied to my ~/Download/ folder.
- Create a file called lenovoTAB.ovpn and configure it like this:
tls-client remote <your vpn server ip address> ca ca.crt cert lenovoTAB.crt key lenovoTAB.key comp-lzo port 1194 proto tcp
My result, i have the following files on my device: * ~/Download/ca.crt * ~/Download/lenovoTAB.crt * ~/Download/lenovoTAB.key * ~/Download/lenovoTAB.ovpn
Setting Up OpenVPN Connect
OpenVPN Connect app, then click import, and select Import Profile from SD Card. Select the lenovoTAB.ovpn file where you place it on your mobile device (mine was: ~/Download/lenovoTAB.ovpn). Click Connect button. Voila! now you have a private connection from your mobile device.