This is not a full tutorial but rather examples of working configuration files. Still, some commands will be mentioned but it is up to you to read properly OpenVPN documentation.
Server part was done on Debian. Probably the client configuration can be used for Android too. However, I have tested only iPhone here.
1. Install Openvpn. Details you can find here.
2. Create a directory in /etc/openvpn (in my example mobile-easy-rsa) and copy files as follows:
core:~# mkdir /etc/openvpn/mobile-easy-rsa/ core:~# cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0* /etc/openvpn/mobile-easy-rsa/ core:~# cd /etc/openvpn/mobile-easy-rsa/2.0/
3. Edit vars files according to your specifications. Pay special attention to the following:
export KEY_COUNTRY="US" export KEY_PROVINCE="California" export KEY_CITY="San Fransisco" export KEY_ORG="My Company" export KEY_EMAIL="email@example.com" export KEY_CN=server export KEY_NAME=server export KEY_OU=home
4. Create the server and Diffie-Helman certificates:
core:2.0# source ./vars core:2.0# ./clean-all core:2.0# ./build-ca core:2.0# ./build-dh core:2.0# ./build-key-server server
5. Create the client certificate (one for each client - in our example it will be only one):
core:2.0# ./build-key iPhone
At this point, all your needed keys should be in /etc/openvpn/mobile-easy-rsa/2.0/keys/.
6. Server configuration working example. You will have to modify port, server and certificates path accordind to your needs:
core:openvpn# cat mobile.conf dev tun2 tls-server dh [color=red]mobile-easy-rsa/2.0/keys/[/color]dh1024.pem ca [color=red]mobile-easy-rsa/2.0/keys/[/color]ca.crt cert [color=red]mobile-easy-rsa/2.0/keys/[/color]server.crt key [color=red]mobile-easy-rsa/2.0/keys/[/color]server.key server [color=red]10.10.10.0 255.255.255.248[/color] comp-lzo script-security 2 route-up "/sbin/ifconfig tun2 up" port [color=red]1196[/color] proto tcp-server keepalive 30 120 client-config-dir mobile-custom client-to-client [color=blue]push "redirect-gateway def1" domain-name-servers 10.10.10.1[/color]
The parameters in blue are needed if you want to drive all traffic on your client via VPN.
7. Restart the openvn server:
core:~# /etc/init.d/openvpn restart Stopping virtual private network daemon: mobile. Starting virtual private network daemon: mobile.
8. iPhone client configuration working example. Again, you will have to modify some parameters based on your specifications:
flmbp:~ $ cat config.ovpn tls-client remote [color=red]server_hostname_or_ip 1196[/color] ca [color=red]ca.crt[/color] cert [color=red]iPhone.crt[/color] key [color=red]iPhone.key[/color] comp-lzo proto tcp
9. Install OpenVPN from App Store and copy the following configuration files via itunes (There are other ways to do this, iTunes is the easiest):
- configuration file from point 8:
10. Start OpenVPN aplication and follow the instructions. It is quite easy.