Difference between revisions of "VPNAndroid"

From Amahi Wiki
Jump to: navigation, search
m (Correct page title)
 
(31 intermediate revisions by 10 users not shown)
Line 1: Line 1:
= VPN Client - Android ==
+
{{NeedsUpdate}}
 +
<!--Tested with Nexus 6 on 5.1.1 working however instructions need bringing upto date-->
 +
 
 +
=OpenVPN for Android Client Configuration=
 +
This wiki has been updated for use with OpenVPN for Android v0.6.73 without Android Root access. Older versions of the wiki are maintained below.
 +
 
 +
It is presumed that you have installed the [http://www.amahi.org/apps/openvpn OpenVPN] server app on your HDA and [https://wiki.amahi.org/index.php/OpenVPN configured] it properly.
 +
 
 +
# Download the (3) certificate files.  They can be found on the [[OpenVPN Client Certificates]] download page.
 +
##If downloading from link above directly to Android Device, Google translate may ask if you wish to translate the document, DO NOT allow any translation to occur.
 +
##If downloading to a computer first, the key is often downloaded as xxx.key.txt. You must remove the .txt extension.
 +
# Launch the OpenVPN app, select Add Profile (+), give it a name and it will bring you to the Basic configuration tab <br />[[File:NoVPNDefined.png | 180px]][[File:AddProfile.png | 180px]]
 +
# In the Basic tab, Select "User/PW + Certificates" from the pull down menu of Types <br />[[File:TypeAndCerts.png | 180px]]
 +
# In turn, select the CA Certificate, Client Certificate and Client Key files that you downloaded to your device <br />[[File:CertsAdded.png | 180px]]
 +
# Username refers to a configured User of the Amahi server you are trying to connect to. Leave password field empty to be prompted to enter a password every time.
 +
#Swipe left or right to change tabs in the Configuration page or select them directly from the tab bar.
 +
#From the Server List tab, enter your server Dynamic DNS name found on the [http://www.amahi.org Control Panel] - xxx.yourhda.com <br />[[File:serverDNSname.png | 180px]]
 +
#From the Authentication/Encryption tab, select Remote Certificate Subject and look closely for the pull down arrow in the open window, select RDN Prefix <br />[[File:SubjectPulldown.png | 180px]]
 +
#In the Remote Certificate Subject box change the data field to read Amahi-Server-OpenVPN <br />[[File:HostnameSubject.png | 180px]]
 +
#Configuration is complete, hit the android device's back button to return to the OpenVPN main screen. This will show your new profile, and if you are NOT connected to your local network (turn off Wi-Fi and use cellular data), you will be able to select your profile and it will connect. A secure connection will be shown as a key symbol next to the cellular signal strength bar.
 +
 
 +
 
 +
<br />
 +
 
 +
= VPN Client - Android - HTC Android G1/Dream =
 +
 
 +
'''NOTE:'''  [https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en OpenVPN for Android] works with the certificates below for ICS 4.0 or greater without rooting your device.  There is no additional configuration required to the HDA or your device (Tested on HTC One X and Samsung Tab 2 also on HTC One V). For Sony Xperia ZR (and I suspect most other Android devices) the following was necessary:
 +
 
 +
# Download the certificates.  They can be found on the [[OpenVPN Client Certificates]] download page.
 +
# Launch the OpenVPN app, Add Profile and go to the Basic configuration page<br />[[File:OpenVPNAndroid-1-AddProfile.png|180px]] [[File:OpenVPNAndroid-2-ChooseBasic.png|180px]]
 +
# Enter your server address - the Dynamic DNS name works for me, I guess the fixed IP address would as well<br />[[File:OpenVPNAndroid-3-EnterServerAddress.png|180px]]
 +
# Select "User/PW + Certificates" from the list of Types (the certificates alone are not enough)<br />[[File:OpenVPNAndroid-4-SelectType.png|180px]] [[File:OpenVPNAndroid-5-SelectedType.png|180px]]
 +
# In turn, select the CA Certificate, Client Certificate and Client Key files that you downloaded to your device; note that the app will disable the file type it doesn't think will work so beware if you rename these files<br />[[File:OpenVPNAndroid-6-SelectCertKey.png|180px]]
 +
# Enter your username - a general user with access to the shares and apps on your HDA<br />[[File:OpenVPNAndroid-7-EnterUsername.png|180px]]
 +
# Go back to the list of profiles and click on this new profile to start connecting to your HDA: you will be alerted to the fact that OpenVPN for Android can intercept network traffic and asked to trust the application (ensure that your device is not already connected to the same network - test from a different location or turn of wifi and use your mobile data connection)<br />[[File:OpenVPNAndroid-8-TrustApplication.png|180px]]
 +
# Enter your password - you can decide whether or not the application should save the password<br />[[File:OpenVPNAndroid-9-EnterPassword.png|180px]]
 +
# Watch for connection messages to go past as Android notifications and you will also see the OpenVPN log<br />[[File:OpenVPNAndroid-A-Connecting.png|180px]]
 +
# Once you get a successful connection you will see a key in the notification bar; selecting this notification will show the status of the connection ind give you some options for working with it<br />[[File:OpenVPNAndroid-B-Connected.png|180px]]
 +
# You should now be able to open your favourite app used to access files on your HDA, be that the Amahi app, Plex client, OwnCloud, etc. (note that some of these apps may need to be switched between Local and Remote connection type)
 +
 
  
 
This guide is written for a HTC Android G1/Dream phone rooted with Cyanongenmod 5.
 
This guide is written for a HTC Android G1/Dream phone rooted with Cyanongenmod 5.
  
* Download the files here and save them in your /home/username/openvpn folder (where ''username'' is your main users name)(to download, right click > save as):
+
[update March 24, 2011: Tested and works with Cyanogenmod 7.0, thus any CM7 compatible phone]
** [http://dl.amahi.org/vpn/AmahiHDAClient.crt AmahiHDAClient.crt]
+
 
** [http://dl.amahi.org/vpn/AmahiHDAClient.key AmahiHDAClient.key]
+
[update August 8, 2011: Tested and works with Cyanogenmod 7.1, thus any CM 7.1 compatible phone]
** [http://dl.amahi.org/vpn/ca-cert.crt ca-cert.crt]
+
 
 +
[update September 9, 2011: Tested and works with MIUI 1.9.2 on a HTC Droid Incredible 2, should work on any MIUI ROM]
 +
 
 +
[update 22 March 2013: Tested and works with Android 4.2.2 on Nexus Devices]
 +
 
 +
In your Linux-based OS computer..
 +
 
 +
Download the certificates.  They can be found on the [[OpenVPN Client Certificates]] download page. Save them in your /home/username/openvpn folder (where ''username'' is your main users name).
  
 
Then, from the terminal run
 
Then, from the terminal run
  
<pre><nowiki>
+
cd /home/username/openvpn  
    cd /home/username/openvpn  
+
openssl pkcs12 -export -in Amahi-Client-OpenVPN.crt -inkey Amahi-Client-OpenVPN.key -certfile ca.crt -name Amahi -out certs.p12  
    openssl pkcs12 -export -in AmahiHDAClient.crt -inkey AmahiHDAClient.key -certfile ca-cert.crt -name Amahi -out certs.p12
 
</nowiki></pre>
 
  
 
You will be asked for a export password for the certs.p12 file - enter amahi twice.
 
You will be asked for a export password for the certs.p12 file - enter amahi twice.
 +
 +
To automate this process, paste the code from [http://wiki.amahi.org/images/f/f9/Automate.script automate.script] in your favorite editor.  Save it & run it with
 +
sh <filename> 
  
 
You should now have a certs.p12 file in your /home/username/openvpn folder, copy this certs.p12 file to the root of your sdcard on the Android phone.
 
You should now have a certs.p12 file in your /home/username/openvpn folder, copy this certs.p12 file to the root of your sdcard on the Android phone.
  
Now on the Android phone  
+
Now on the Android phone..
  
 
<pre><nowiki>
 
<pre><nowiki>
Line 49: Line 96:
 
Menu -> Save
 
Menu -> Save
  
You should now see an Amahi entry, click on this to connect, you should see that you are connected, enjoy your VPN connection to your HDA server.
+
You should now see an Amahi entry, click on this to connect. It may ask you for the certificate access password. Then it may ask for your username and password that you use to loginon your HDA. You should see that you are connected, enjoy your VPN connection to your HDA server.
 +
 
 +
= VPN Client - Android 2.2 - DROID X (Verizon Wireless) =
 +
Contact me in the forums if you need help setting this up.  If you have a later version of Android such as Gingerbread (Android 2.3) then you can't use this tutorial for setting up openvpn.  You can however use the openvpn configurations if your phone is already set up with openvpn.
 +
 
 +
[[User:Sag47|Sag47]] 00:51, 5 April 2011 (PDT)
 +
 
 +
This tutorial is not for the feeble minded.  I tried writing it as best as I could to keep it a "How to VPN" article and not a "How to root my droid" topic.
 +
 
 +
The default Droid X from Verizon does not come with openvpn installed.  It's a little annoying and you have to be a little tech savvy to get it working.  I am outlining instructions here for how I connected my Droid X to my Amahi HDA.
 +
 
 +
Some prerequisites:
 +
* Your phone must be rooted.
 +
* I am running Android 2.2 so these instructions may become outdated.  I also recommend you be running Android 2.2 Froyo on your Droid X
 +
* You should have adb installed (or running a more advanced bash terminal on Android like Better Terminal Emulator Pro app)
 +
* Install the following apps
 +
** OpenVPN Installer
 +
** OpenVPN Settings
 +
 
 +
Create a directory on your SDCARD called openvpn or if in the terminal /sdcard/openvpn.
 +
 
 +
Follow the general [[VPNLinux]] instructions but place all of the configurations and certificates in the openvpn folder on your sdcard.
 +
 
 +
Install openvpn using the "OpenVPN Installer" app and select /system/bin each time the app asks for a location to place a binary.
 +
 
 +
You can run one of the following commands to grab the mount point of your system folder.  (Run commands through adb or in a terminal on your Droid)
 +
<pre><nowiki>
 +
    df | grep system
 +
    cat /proc/mounts | grep system
 +
    cat /proc/mounts
 +
</nowiki></pre>
 +
 
 +
My device is mounted on /dev/block/mmcblk1p21 so that is the device I am using in this tutorial.  Download tun_alt.ko as recommended in [http://forum.xda-developers.com/showpost.php?p=11109394&postcount=25 this post].  Copy it to the root of your sdcard.
 +
 
 +
Now we install the kernel module.  Run the following command sequence (through adb or a terminal on your Droid).
 +
<pre><nowiki>
 +
    su
 +
    mount -o rw,remount /dev/block/mmcblk1p21 /system
 +
    mv /sdcard/tun_alt.ko /system/lib/modules/tun.ko
 +
    cd /system/lib/modules
 +
    chown root\: tun.ko
 +
    chmod 644 tun.ko
 +
   
 +
    #now lets test it
 +
    insmod /system/lib/modules/tun.ko
 +
</nowiki></pre>
 +
If you don't see any output and the "OpenVPN Installer" app successfully installed openvpn then you should be set up. 
 +
 
 +
Double check your configuration in /sdcard/openvpn.  Once you know everything is good then run the "OpenVPN Settings" app.  It should automatically detect your configuration.
 +
 
 +
Enable OpenVPN.  Select your config to turn on the tunnel.  Then you should see a prompt in your notification status prompting for a password.  My Droid X connected to the network after that.
 +
 
 +
There's one final step.  If you remember you manually ran the insmod /system/lib/modules/tun.ko command but when you reboot your phone the module will no longer be loaded.
 +
 
 +
Go into the settings for the "OpenVPN Settings" app and modify the TUN module settings.
 +
* Set "Load module using" to insmod. 
 +
* Set "Path to tun module" to /system/lib/modules/tun.ko
 +
 
 +
 
 +
Reboot your phone and test the configurations.  It should be a one click process within the "OpenVPN Settings" app.
  
 
[[Category: VPN]]
 
[[Category: VPN]]

Latest revision as of 14:15, 16 October 2017

Msgbox.update.png Update Needed
The contents of this page have become outdated or irrelevant. Please consider updating it.

OpenVPN for Android Client Configuration

This wiki has been updated for use with OpenVPN for Android v0.6.73 without Android Root access. Older versions of the wiki are maintained below.

It is presumed that you have installed the OpenVPN server app on your HDA and configured it properly.

  1. Download the (3) certificate files. They can be found on the OpenVPN Client Certificates download page.
    1. If downloading from link above directly to Android Device, Google translate may ask if you wish to translate the document, DO NOT allow any translation to occur.
    2. If downloading to a computer first, the key is often downloaded as xxx.key.txt. You must remove the .txt extension.
  2. Launch the OpenVPN app, select Add Profile (+), give it a name and it will bring you to the Basic configuration tab
    NoVPNDefined.pngAddProfile.png
  3. In the Basic tab, Select "User/PW + Certificates" from the pull down menu of Types
    TypeAndCerts.png
  4. In turn, select the CA Certificate, Client Certificate and Client Key files that you downloaded to your device
    CertsAdded.png
  5. Username refers to a configured User of the Amahi server you are trying to connect to. Leave password field empty to be prompted to enter a password every time.
  6. Swipe left or right to change tabs in the Configuration page or select them directly from the tab bar.
  7. From the Server List tab, enter your server Dynamic DNS name found on the Control Panel - xxx.yourhda.com
    ServerDNSname.png
  8. From the Authentication/Encryption tab, select Remote Certificate Subject and look closely for the pull down arrow in the open window, select RDN Prefix
    SubjectPulldown.png
  9. In the Remote Certificate Subject box change the data field to read Amahi-Server-OpenVPN
    HostnameSubject.png
  10. Configuration is complete, hit the android device's back button to return to the OpenVPN main screen. This will show your new profile, and if you are NOT connected to your local network (turn off Wi-Fi and use cellular data), you will be able to select your profile and it will connect. A secure connection will be shown as a key symbol next to the cellular signal strength bar.



VPN Client - Android - HTC Android G1/Dream

NOTE: OpenVPN for Android works with the certificates below for ICS 4.0 or greater without rooting your device. There is no additional configuration required to the HDA or your device (Tested on HTC One X and Samsung Tab 2 also on HTC One V). For Sony Xperia ZR (and I suspect most other Android devices) the following was necessary:

  1. Download the certificates. They can be found on the OpenVPN Client Certificates download page.
  2. Launch the OpenVPN app, Add Profile and go to the Basic configuration page
    OpenVPNAndroid-1-AddProfile.png OpenVPNAndroid-2-ChooseBasic.png
  3. Enter your server address - the Dynamic DNS name works for me, I guess the fixed IP address would as well
    OpenVPNAndroid-3-EnterServerAddress.png
  4. Select "User/PW + Certificates" from the list of Types (the certificates alone are not enough)
    OpenVPNAndroid-4-SelectType.png OpenVPNAndroid-5-SelectedType.png
  5. In turn, select the CA Certificate, Client Certificate and Client Key files that you downloaded to your device; note that the app will disable the file type it doesn't think will work so beware if you rename these files
    OpenVPNAndroid-6-SelectCertKey.png
  6. Enter your username - a general user with access to the shares and apps on your HDA
    OpenVPNAndroid-7-EnterUsername.png
  7. Go back to the list of profiles and click on this new profile to start connecting to your HDA: you will be alerted to the fact that OpenVPN for Android can intercept network traffic and asked to trust the application (ensure that your device is not already connected to the same network - test from a different location or turn of wifi and use your mobile data connection)
    OpenVPNAndroid-8-TrustApplication.png
  8. Enter your password - you can decide whether or not the application should save the password
    OpenVPNAndroid-9-EnterPassword.png
  9. Watch for connection messages to go past as Android notifications and you will also see the OpenVPN log
    OpenVPNAndroid-A-Connecting.png
  10. Once you get a successful connection you will see a key in the notification bar; selecting this notification will show the status of the connection ind give you some options for working with it
    OpenVPNAndroid-B-Connected.png
  11. You should now be able to open your favourite app used to access files on your HDA, be that the Amahi app, Plex client, OwnCloud, etc. (note that some of these apps may need to be switched between Local and Remote connection type)


This guide is written for a HTC Android G1/Dream phone rooted with Cyanongenmod 5.

[update March 24, 2011: Tested and works with Cyanogenmod 7.0, thus any CM7 compatible phone]

[update August 8, 2011: Tested and works with Cyanogenmod 7.1, thus any CM 7.1 compatible phone]

[update September 9, 2011: Tested and works with MIUI 1.9.2 on a HTC Droid Incredible 2, should work on any MIUI ROM]

[update 22 March 2013: Tested and works with Android 4.2.2 on Nexus Devices]

In your Linux-based OS computer..

Download the certificates. They can be found on the OpenVPN Client Certificates download page. Save them in your /home/username/openvpn folder (where username is your main users name).

Then, from the terminal run

cd /home/username/openvpn 
openssl pkcs12 -export -in Amahi-Client-OpenVPN.crt -inkey Amahi-Client-OpenVPN.key -certfile ca.crt -name Amahi -out certs.p12 

You will be asked for a export password for the certs.p12 file - enter amahi twice.

To automate this process, paste the code from automate.script in your favorite editor. Save it & run it with

sh <filename>  

You should now have a certs.p12 file in your /home/username/openvpn folder, copy this certs.p12 file to the root of your sdcard on the Android phone.

Now on the Android phone..

    Menu -> Settings -> Location & Security -> Install from SD card

This will show you certs.p12, select this and enter the password amahi, after it has extracted the certificates, you will be asked to name the certificate, enter Amahi.

Now on the Android phone

    Menu -> Settings -> Wireless & networks -> VPN settings -> Add VPN -> Add OpenVPN VPN

VPN name = Amahi

Set VPN server = yourHDAnickname.yourhda.com

User authentication = Yes

Set CA certificate - Amahi

Set user certificate - Amahi

Menu -> Advanced -> LZO compression = Yes

Back

Menu -> Save

You should now see an Amahi entry, click on this to connect. It may ask you for the certificate access password. Then it may ask for your username and password that you use to loginon your HDA. You should see that you are connected, enjoy your VPN connection to your HDA server.

VPN Client - Android 2.2 - DROID X (Verizon Wireless)

Contact me in the forums if you need help setting this up. If you have a later version of Android such as Gingerbread (Android 2.3) then you can't use this tutorial for setting up openvpn. You can however use the openvpn configurations if your phone is already set up with openvpn.

Sag47 00:51, 5 April 2011 (PDT)

This tutorial is not for the feeble minded. I tried writing it as best as I could to keep it a "How to VPN" article and not a "How to root my droid" topic.

The default Droid X from Verizon does not come with openvpn installed. It's a little annoying and you have to be a little tech savvy to get it working. I am outlining instructions here for how I connected my Droid X to my Amahi HDA.

Some prerequisites:

  • Your phone must be rooted.
  • I am running Android 2.2 so these instructions may become outdated. I also recommend you be running Android 2.2 Froyo on your Droid X
  • You should have adb installed (or running a more advanced bash terminal on Android like Better Terminal Emulator Pro app)
  • Install the following apps
    • OpenVPN Installer
    • OpenVPN Settings

Create a directory on your SDCARD called openvpn or if in the terminal /sdcard/openvpn.

Follow the general VPNLinux instructions but place all of the configurations and certificates in the openvpn folder on your sdcard.

Install openvpn using the "OpenVPN Installer" app and select /system/bin each time the app asks for a location to place a binary.

You can run one of the following commands to grab the mount point of your system folder. (Run commands through adb or in a terminal on your Droid)

    df | grep system
    cat /proc/mounts | grep system
    cat /proc/mounts

My device is mounted on /dev/block/mmcblk1p21 so that is the device I am using in this tutorial. Download tun_alt.ko as recommended in this post. Copy it to the root of your sdcard.

Now we install the kernel module. Run the following command sequence (through adb or a terminal on your Droid).

    su
    mount -o rw,remount /dev/block/mmcblk1p21 /system
    mv /sdcard/tun_alt.ko /system/lib/modules/tun.ko
    cd /system/lib/modules
    chown root\: tun.ko
    chmod 644 tun.ko
    
    #now lets test it
    insmod /system/lib/modules/tun.ko

If you don't see any output and the "OpenVPN Installer" app successfully installed openvpn then you should be set up.

Double check your configuration in /sdcard/openvpn. Once you know everything is good then run the "OpenVPN Settings" app. It should automatically detect your configuration.

Enable OpenVPN. Select your config to turn on the tunnel. Then you should see a prompt in your notification status prompting for a password. My Droid X connected to the network after that.

There's one final step. If you remember you manually ran the insmod /system/lib/modules/tun.ko command but when you reboot your phone the module will no longer be loaded.

Go into the settings for the "OpenVPN Settings" app and modify the TUN module settings.

  • Set "Load module using" to insmod.
  • Set "Path to tun module" to /system/lib/modules/tun.ko


Reboot your phone and test the configurations. It should be a one click process within the "OpenVPN Settings" app.