Creating OpenVPN .ovpn Files for Android (Any?) Clients

Posted on July 22, 2016 by Don

In another post I cover setting up and OpenVPN server on a Tomato powered router and making client connections to that server.

In setting up a new phone, I see the OpenVPN for Android app will now import yourVPNclient.ovpn files (much easier than transferring and importing the separate key and cert components as covered in my prior post). It took a bit of Googling to find out how to create the .ovpn files, but now that I’ve found the file format, setting one up turns out to be a piece of cake. Here’s the template:


client
proto udp
remote your.openvpnserver.url.net
port 1194
dev tun
nobind

key-direction 1

<ca>
-----BEGIN CERTIFICATE-----
# insert base64 blob from ca.crt
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
# insert base64 blob from client1.crt
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
# insert base64 blob from client1.key
-----END PRIVATE KEY-----
</key>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
# insert ta.key
-----END OpenVPN Static key V1-----
</tls-auth>

I edited the “remote” directive to point to my VPN (router’s) dynamic DNS address and then copied the specified parts of the files from the /etc/openvpn directory as created in my prior post to this template. Then saved the consolidated file as myserver+clientname.ovpn.txt on my linux box.

Why with *.txt extension? Because otherwise the bluetooth file transfer from my desktop linux box to my phone would fail (unsupported file type). Text file transfer is supported, .ovpn is apparently not.

I then simply renamed the file on my Android phone to drop the .txt suffix and imported the resulting file in the OpenVPN for Android app (it turns out you can leave it, but the app will include that text in the connection name by default, so I now simply cut it there). I still needed to go through and set some options properly in the app to match my server config (LZO, persistent TUN, etc.), but the heavy lifting was already done.

Connected successfully on my first try! I see no reason why the same file set up would not work in NetworkManager on Linux or some other client, but I haven’t tried myself. Good luck!

Credit for the .ovpn template content goes to this ServerFault discussion thread .

This entry was posted in Computer, Linux, Web Architecture and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *