VPNAndroid

From Amahi Wiki
Jump to: navigation, search
Msgbox.update.png Update Needed
The contents of this page have become outdated or irrelevant. Please consider updating it.

OpenVPN for Android Client Configuration

This wiki has been updated for use with OpenVPN for Android v0.6.73 without Android Root access. Older versions of the wiki are maintained below.

It is presumed that you have installed the OpenVPN server app on your HDA and configured it properly.

  1. Download the (3) certificate files. They can be found on the OpenVPN Client Certificates download page.
    1. If downloading from link above directly to Android Device, Google translate may ask if you wish to translate the document, DO NOT allow any translation to occur.
    2. If downloading to a computer first, the key is often downloaded as xxx.key.txt. You must remove the .txt extension.
  2. Launch the OpenVPN app, select Add Profile (+), give it a name and it will bring you to the Basic configuration tab
    NoVPNDefined.pngAddProfile.png
  3. In the Basic tab, Select "User/PW + Certificates" from the pull down menu of Types
    TypeAndCerts.png
  4. In turn, select the CA Certificate, Client Certificate and Client Key files that you downloaded to your device
    CertsAdded.png
  5. Username refers to a configured User of the Amahi server you are trying to connect to. Leave password field empty to be prompted to enter a password every time.
  6. Swipe left or right to change tabs in the Configuration page or select them directly from the tab bar.
  7. From the Server List tab, enter your server Dynamic DNS name found on the Control Panel - xxx.yourhda.com
    ServerDNSname.png
  8. From the Authentication/Encryption tab, select Remote Certificate Subject and look closely for the pull down arrow in the open window, select RDN Prefix
    SubjectPulldown.png
  9. In the Remote Certificate Subject box change the data field to read Amahi-Server-OpenVPN
    HostnameSubject.png
  10. Configuration is complete, hit the android device's back button to return to the OpenVPN main screen. This will show your new profile, and if you are NOT connected to your local network (turn off Wi-Fi and use cellular data), you will be able to select your profile and it will connect. A secure connection will be shown as a key symbol next to the cellular signal strength bar.



VPN Client - Android - HTC Android G1/Dream

NOTE: OpenVPN for Android works with the certificates below for ICS 4.0 or greater without rooting your device. There is no additional configuration required to the HDA or your device (Tested on HTC One X and Samsung Tab 2 also on HTC One V). For Sony Xperia ZR (and I suspect most other Android devices) the following was necessary:

  1. Download the certificates. They can be found on the OpenVPN Client Certificates download page.
  2. Launch the OpenVPN app, Add Profile and go to the Basic configuration page
    OpenVPNAndroid-1-AddProfile.png OpenVPNAndroid-2-ChooseBasic.png
  3. Enter your server address - the Dynamic DNS name works for me, I guess the fixed IP address would as well
    OpenVPNAndroid-3-EnterServerAddress.png
  4. Select "User/PW + Certificates" from the list of Types (the certificates alone are not enough)
    OpenVPNAndroid-4-SelectType.png OpenVPNAndroid-5-SelectedType.png
  5. In turn, select the CA Certificate, Client Certificate and Client Key files that you downloaded to your device; note that the app will disable the file type it doesn't think will work so beware if you rename these files
    OpenVPNAndroid-6-SelectCertKey.png
  6. Enter your username - a general user with access to the shares and apps on your HDA
    OpenVPNAndroid-7-EnterUsername.png
  7. Go back to the list of profiles and click on this new profile to start connecting to your HDA: you will be alerted to the fact that OpenVPN for Android can intercept network traffic and asked to trust the application (ensure that your device is not already connected to the same network - test from a different location or turn of wifi and use your mobile data connection)
    OpenVPNAndroid-8-TrustApplication.png
  8. Enter your password - you can decide whether or not the application should save the password
    OpenVPNAndroid-9-EnterPassword.png
  9. Watch for connection messages to go past as Android notifications and you will also see the OpenVPN log
    OpenVPNAndroid-A-Connecting.png
  10. Once you get a successful connection you will see a key in the notification bar; selecting this notification will show the status of the connection ind give you some options for working with it
    OpenVPNAndroid-B-Connected.png
  11. You should now be able to open your favourite app used to access files on your HDA, be that the Amahi app, Plex client, OwnCloud, etc. (note that some of these apps may need to be switched between Local and Remote connection type)


This guide is written for a HTC Android G1/Dream phone rooted with Cyanongenmod 5.

[update March 24, 2011: Tested and works with Cyanogenmod 7.0, thus any CM7 compatible phone]

[update August 8, 2011: Tested and works with Cyanogenmod 7.1, thus any CM 7.1 compatible phone]

[update September 9, 2011: Tested and works with MIUI 1.9.2 on a HTC Droid Incredible 2, should work on any MIUI ROM]

[update 22 March 2013: Tested and works with Android 4.2.2 on Nexus Devices]

In your Linux-based OS computer..

Download the certificates. They can be found on the OpenVPN Client Certificates download page. Save them in your /home/username/openvpn folder (where username is your main users name).

Then, from the terminal run

cd /home/username/openvpn 
openssl pkcs12 -export -in Amahi-Client-OpenVPN.crt -inkey Amahi-Client-OpenVPN.key -certfile ca.crt -name Amahi -out certs.p12 

You will be asked for a export password for the certs.p12 file - enter amahi twice.

To automate this process, paste the code from automate.script in your favorite editor. Save it & run it with

sh <filename>  

You should now have a certs.p12 file in your /home/username/openvpn folder, copy this certs.p12 file to the root of your sdcard on the Android phone.

Now on the Android phone..

    Menu -> Settings -> Location & Security -> Install from SD card

This will show you certs.p12, select this and enter the password amahi, after it has extracted the certificates, you will be asked to name the certificate, enter Amahi.

Now on the Android phone

    Menu -> Settings -> Wireless & networks -> VPN settings -> Add VPN -> Add OpenVPN VPN

VPN name = Amahi

Set VPN server = yourHDAnickname.yourhda.com

User authentication = Yes

Set CA certificate - Amahi

Set user certificate - Amahi

Menu -> Advanced -> LZO compression = Yes

Back

Menu -> Save

You should now see an Amahi entry, click on this to connect. It may ask you for the certificate access password. Then it may ask for your username and password that you use to loginon your HDA. You should see that you are connected, enjoy your VPN connection to your HDA server.

VPN Client - Android 2.2 - DROID X (Verizon Wireless)

Contact me in the forums if you need help setting this up. If you have a later version of Android such as Gingerbread (Android 2.3) then you can't use this tutorial for setting up openvpn. You can however use the openvpn configurations if your phone is already set up with openvpn.

Sag47 00:51, 5 April 2011 (PDT)

This tutorial is not for the feeble minded. I tried writing it as best as I could to keep it a "How to VPN" article and not a "How to root my droid" topic.

The default Droid X from Verizon does not come with openvpn installed. It's a little annoying and you have to be a little tech savvy to get it working. I am outlining instructions here for how I connected my Droid X to my Amahi HDA.

Some prerequisites:

  • Your phone must be rooted.
  • I am running Android 2.2 so these instructions may become outdated. I also recommend you be running Android 2.2 Froyo on your Droid X
  • You should have adb installed (or running a more advanced bash terminal on Android like Better Terminal Emulator Pro app)
  • Install the following apps
    • OpenVPN Installer
    • OpenVPN Settings

Create a directory on your SDCARD called openvpn or if in the terminal /sdcard/openvpn.

Follow the general VPNLinux instructions but place all of the configurations and certificates in the openvpn folder on your sdcard.

Install openvpn using the "OpenVPN Installer" app and select /system/bin each time the app asks for a location to place a binary.

You can run one of the following commands to grab the mount point of your system folder. (Run commands through adb or in a terminal on your Droid)

    df | grep system
    cat /proc/mounts | grep system
    cat /proc/mounts

My device is mounted on /dev/block/mmcblk1p21 so that is the device I am using in this tutorial. Download tun_alt.ko as recommended in this post. Copy it to the root of your sdcard.

Now we install the kernel module. Run the following command sequence (through adb or a terminal on your Droid).

    su
    mount -o rw,remount /dev/block/mmcblk1p21 /system
    mv /sdcard/tun_alt.ko /system/lib/modules/tun.ko
    cd /system/lib/modules
    chown root\: tun.ko
    chmod 644 tun.ko
    
    #now lets test it
    insmod /system/lib/modules/tun.ko

If you don't see any output and the "OpenVPN Installer" app successfully installed openvpn then you should be set up.

Double check your configuration in /sdcard/openvpn. Once you know everything is good then run the "OpenVPN Settings" app. It should automatically detect your configuration.

Enable OpenVPN. Select your config to turn on the tunnel. Then you should see a prompt in your notification status prompting for a password. My Droid X connected to the network after that.

There's one final step. If you remember you manually ran the insmod /system/lib/modules/tun.ko command but when you reboot your phone the module will no longer be loaded.

Go into the settings for the "OpenVPN Settings" app and modify the TUN module settings.

  • Set "Load module using" to insmod.
  • Set "Path to tun module" to /system/lib/modules/tun.ko


Reboot your phone and test the configurations. It should be a one click process within the "OpenVPN Settings" app.