Archive

Archive for April, 2015

Openvpn for android (lollipop) using a static key

April 9, 2015 Leave a comment

The simplest openvpn setup uses a static key. I am using Linode to host my Debian linux server.
I have openvpn running on my linode server with this configuration. Just apt-get install openvpn and
created this tun1.conf in the /etc/openvpn folder.
##tun1.conf##
dev tun1
port 1192
proto udp
ifconfig 10.10.10.15 10.10.10.16
# ifconfig 192.168.0.75 192.168.0.76
secret /etc/openvpn/static.key
comp-lzo
keepalive 10 60
daemon

Note the secret line. This is a static key (which you can name anything) generated by this command:
openvpn –genkey –secret static.key

Install openvpn on your android phone (I have it on the 2nd generation Motorola X running Lollipop). Be sure and install the stock openvpn application found in the Google Play Store (https://play.google.com/store/apps/details?id=net.openvpn.openvpn)

After installing, open the app and create a new profile by clicking the + sign.
1) Give your profile a name ie myvpn
2) Check LZO compression
3) With the dropdown menu select static keys.

Proceed to the server tab
1) Add your server (myserver.com)
2) UDP protocol and port 1192 (or whatever port you want. 1192 is the default).

Proceed to the IP and DNS tab
1) add your IPv4 Address 10.10.10.16 10.10.10.15
2) add seacrhDomain google.com (the google dns servers should already be listed 8.8.8.8 and 8.8.4.4)

Proceed to the routing tab and add your custom route if you only want to be able to use the vpn
to contact your server. If you want to use the vpn for all your phone traffic, then see last paragraph.

Custom Routes
10.10.10.0/24 (not necessary..see port forwarding on server)

Proceed to the AUTHENTICATION/ENCRYPTION tab and add
TLS Auth File (You should download the static.key file you created on the server to your android
phone. You can copy it to google drive or dropbox and then store it on your phone under internal storage.

That’s it. Start openvpn on your linode (service start openvpn). Open the adroid app and click the profile
to start the phone client. It should connect in a few seconds to your server and show an icon on the
top tray.

TO forward all your data through your linode, add this firewall script (modify to your system parms)
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i tun1 -j ACCEPT

Advertisements
Categories: sysadmin