On Wed, 22 Aug 2012 11:52:08 +0100 MJ Ray mjr@phonecoop.coop allegedly wrote:
On that note, I should write up my tribulations with openvpn on Android some time. Any ALUGger got it working nicely?
Follow up to my reply of 22/8/12. I have sucessfully managed to get openvpn on android working.
I used Arne Schwabe's OpenVPN for Android at https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en
That app does not need a rooted device.
To get it set up, I imported a known good client configuration, plus certificates and key from a configuration I use on my netbook. The app provides quite a good import facility and builds its own configuration from the details you provide. It even stores the certs and key inline in its configuration so that you don't have to leave them lying around on sdcard where every manjack and his app can get at them. (However, I still don't like the idea of storing my cert and key on such an untrusted device so I have now deleted both the import and the built configuration. I just wanted to test to see if I could get it working).
The only difficulty I had was an initial failure caused by options in my client configuration which were not understood by the app. Once I had deleted these, and restarted I successfully built a tunnel to my server. The options I had to delete were:
resolv-retry infinite user nobody group nogroup mute-replay-warnings ns-cert-type server mute 20
Fortunately, the app gives you the option of editing the config file it generates from the imported client file. It even helpfully points out the options it doesn't understand.
All in all a good app (which even goes to the trouble to explain that it has the ability to intercept all your traffic). I just don't trust my android phone (a Samsung Galaxy SII) enough to leave such sensitive details on it.
Mick
--------------------------------------------------------------------- blog: baldric.net fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
Note that I have recently upgraded my GPG key see: http://baldric.net/2012/07/20/gpg-key-upgrade/ ---------------------------------------------------------------------