OpenVPN is a service that uses ‘virtual private network’ (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.
OpenVPN for Android (OFA) is a full-featured SSL VPN solution that implements OSI layer 2 or 3 secure network extensions using the industry-standard IPsec protocol. It creates a secure ethernet tunnel between two peers and is interoperable with both other OSFPv2 implementations and any OSFPv3 implementation. OFA can use static RSA security keys, as well as TLS/X509 certificates, to establish mutual trust and key exchange between these two peers. As such it easily allows establishing S2S VPN links over dynamically changing public networks without requiring any pre-shared secrets or additional third-party PKI infrastructure. This expands the usage of containerized OpenVPN-based VPN solutions from just Remote Access Virtual Private Network (RAS VPN) deployments to include Private Data Network (PDN) VPNs.
The following steps were performed on an android device with OpenVPN for Android v2.4-RC1 installed from the F-Droid market. Later versions might be slightly different so check the official website if you are using something different than OFA version 2.4-RC1 or higher.
This article will provide an introduction to OpenVPN – the protocols it uses and how they function as well as their benefits. Then we will look at how to install VPN on Android, find out what information you need before continuing with the tutorial, and finally learn how to create your own OpenVPN connection from scratch.
Here is a quick tutorial:
Configure your router to have a static IP on the specific interface you want to forward these ports to. This is done so that when your external IP changes this rule doesn’t get deleted.
Forward port 1194 UDP & TCP from your external WAN IP to the static IP you configured in step 1 for OpenVPN server access. You can use any open port above 1024, but we will be using 1194 as an example.
Open the following ports on your firewall: 1194 UDP, 1194 TCP, and 53/UDP (or whatever TCP/UDP port you set DNS). These are used by OFA (and OpenVPN itself of course) and must be opened in order for it works correctly.
Enable IP Forward
Main Menu > Wireless & Networks > VPN Settings
(1) Tap the ‘ + ‘ icon at the top right to add a new VPN profile. The application will display a list of all known VPN providers, sorted by country.
(2) Select your desired VPN provider (e.g., ExpressVPN) and then tap the ‘ OK ‘ button to proceed. (3) If you are prompted for additional settings (e.g., server address), make any appropriate changes and tap the ‘ OK ‘ button to proceed. (4) Now, return to Main Menu > Wireless & Networks > VPN Settings, select your newly added OpenVPN profile, and tap on it to connect! (5) You can that you are successfully connected by checking your IP address, which should have changed from the default. To disconnect from the VPN, simply tap on it in Main Menu > Wireless & Networks > VPN Settings.
Main Menu > Wireless & Networks > VPN Settings, then tap on your ‘VPN’ option and select the OpenVPN connection you wish to use. In this menu, you can also configure advanced OpenVPN settings such as TCP/UDP protocols, cipher type, etc.
That’s it! This is all you need to set up OpenVPN on Android.
