Android and OPENVPN

Used environment equipment:

VirtualBox machine:

CPU: 1x

RAM: 1024MB

HDD: 20GB VDI

NET: Bridget adapter

All other options are set by default

OS: Debian Squeeze i386 basic install

Main Software: openvpn

HTC Desire: Cyanogenmod 7.2.0.1

It’ll be cool to have instant access from your android based phone to your home PC/Server.. isn’t it ? ūüôā

In the current article we will go through some basic steps which will connect our Android phone with your home computer via VPN (Virtual Private Network)

PC part:

Let start with creating openvpn TUN adapter

aptitude install openvpn

And this is the time and place to start building some new keys that will be used in our quest for connectivity

cd /etc/openvpn/

Generating new preshared key:

openvpn --genkey --secret android.key

Now we have to create server-side configuration file:

local 173.194.70.139 #This is the interface's IP address that will be used to point, normaly this is our OUT interface provided with IP by our ISP.
port 6000 # port number
dev tun1 # tun number..if we have more than one 
tun-mtu 1500
proto tcp-server
ifconfig 175.15.0.2 175.15.0.1 # first IP for the server side, second IP is for client side.
secret /etc/openvpn/android.key # key file that we generated a minute ago
user nobody
group nogroup
persist-key
persist-tun
chroot /var/empty
comp-lzo
ping 15
ping 10
ping-restart 120
verb 3
#push "route 10.0.0.0 255.255.255.0" #If we need to access other networks trough our vpn

and /var/empty directory:

mkdir /var/empty

 

 

We are ready to test our p-2-p vpn

/usr/sbin/openvpn --config /etc/openvpn/android.conf --daemon /etc/openvpn/android.log --log /etc/openvpn/android-vpn.log

if we succeed, we’ll see the new TUN1 device in ifconfig

ifconfig:

eth0      Link encap:Ethernet  HWaddr 1c:6f:65:b4:ea:8f  
          inet addr:173.194.70.139  Bcast:173.194.70.39  Mask:255.255.255.0 
          inet6 addr: fe80::1e6f:65ff:feb2:ea8f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:120812272 errors:0 dropped:0 overruns:0 frame:0
          TX packets:209467277 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:57773079102 (8 GiB)  TX bytes:245519168449 (6 GiB)
          Interrupt:25 Base address:0x6000 

tun1     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:175.15.0.2  P-t-P:175.15.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:18800 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31094 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:1317261 (1.2 MiB)  TX bytes:34792166 (33.1 MiB)

O.K for now we will live our PC up and running and try to access it trough VPN via Android smart phone.

Android Part:

I have HTC Desire with Cyanogenmod 7.2.0.1-bravo

Please note:

It is not possible to cover all phones with all existence ROMs.I prefer this ROM for that it contain ready for use tun.ko module witch is need to run successfully VPN in android environment

Lets start.

First we have to transfer android.key that we created early to our phone’s SD card in folder ¬†named openvpn¬†…i let it to you to decide how to do that…i personally¬†¬†prefer the¬†easiest¬†way: plug USB cable in your phone and use transfer file utility ūüôā

Did you notice that…i missed Client-part of config file ?

Here it is:

dev tun
remote 173.194.70.139
ifconfig 175.15.0.1 175.15.0.2 # first IP for the client (android) side, second IP is for server side.PLEASE NOT THAT PLACES OF ADDRESSES IS REPLACES !!
secret /mnt/sdcard/openvpn/android.key # (must be the same key created on the server earlier)
port 6000 # (must match the port of the server configuration)
proto tcp-client
comp-lzo
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
verb 3
#route 10.0.0.0 255.255.255.0 175.15.0.2 #use only if you define route in server side config file !

Let’s say that you manage to transfer files and /SDCARD/openvpn contain two files:

files

 

Now let’s install OpenVPN Settings from Play Store (Android market)

OpenVPN Settings

and run it by enable both checkbox

If we make everything above…we’ll see

connected

Congratulations¬†you did it…almost¬†

Note that VPN is not a service that can be accessed and use on-the-fly.

Its function is to connect two different points on the same network segment …

which¬†at this point it’s… means nothing …unless we have a specific service you want to use such as:
– Access to files
– Management torrent files
– Access our PC’s desktop

capabilities which will look at other articles.

Stay tuned for more c00l stuff

 

Articles used in this guide:

 

What is the difference between a TUN device and a TAP device?

Cyanogenmod FTW 

OpenVPN