Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN client for Android ICS 4.0.3+ (no root/jailbreak required) tested OK.

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 5 Posters 26.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrzaz
      last edited by

      Here comes a small tip for you guys running and Android phone with ICS (4.0) of 4.0.3 or later.

      FINALLY an OpenVPN client that really works without the need for jailbreak (rooting).
      Supports TUN only, not TAP.

      OpenVPN for ICS (no root/jailbreak required) for Android ICS 4.0.3+
      http://forum.xda-developers.com/showthread.php?t=1591585
      https://github.com/kghost/ics-openvpn/downloads

      Features:

      • Compatible to all ICS device (NO ROOT REQUIRED, works on stock firmware)
      • Easy to use
      • Multiple VPN profile
      • Username/password authentication
      • Secure (Don't store your private key in App, but managed by Android system)
      • Open source

      Limitation:

      • Only TUN mode, no TAP mode. (system API limitation)
      • One simultaneous connection only. (system API limitation)

      I have personally set it up working - including TLS Authentication.ย  used the 0.94 version.
      To make it easier, I used the package "OpenVPN Client Export Utility" and the "OpenVPN wizard".
      If someone need help, I could guide how I did to get it working. (which was quite easy)

      I have only tested this on pfSense 2.1 beta software and don't know if it still works on 2.0.1.

      Best regards
      Dan Lundqvist
      Stockholm, Sweden

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Free, no root, in the market, works great:
        https://play.google.com/store/apps/details?id=de.blinkt.openvpn

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          Cybdex
          last edited by

          @jimp:

          Free, no root, in the market, works great:
          https://play.google.com/store/apps/details?id=de.blinkt.openvpn

          Cant say i get this to work tho..

          Jul 28 19:47:17	openvpn[61332]: TLS Error: incoming packet authentication failed from [AF_INET]x.x.x.x:1194
          Jul 28 19:47:17	openvpn[61332]: Authenticate/Decrypt packet error: packet HMAC authentication failed
          

          The config that is generated from my pfsense box is:

          dev tun
          persist-tun
          persist-key
          proto udp
          cipher AES-128-CBC
          tls-client
          client
          resolv-retry infinite
          remote x.x.x.x 1194
          tls-remote Server
          auth-user-pass
          pkcs12 router-udp-1194.p12
          tls-auth router-udp-1194-tls.key 1
          comp-lzo
          
          

          The config that is looking the most alike to this that i have eventually ended up with is : (when i go to the app and show the generated config)

          suppress-timestamps
          client
          verb 1
          connect-retry-max 5
          resolv-retry 5
          dev tun
          remote x.x.x.x 1194 udp
          auth-user-pass
          pkcs 12 /mnt/sdcard/external_sd/Download/router-udp-1193.p12
          comp-lzo
          tls-auth /mnt/sdcard/external_sd/Download/router-udp-1194-tls.key
          route-ipv6 ::/0
          route 0.0.0.0 0.0.0.0
          remote-cert-tls server
          cipher AES-128-CBC
          

          The last "cipher" line, i dont know other than the config setting for the app you could manually type that line in. I have also tested it on default "blank". I have even tried to add a "advanced" option : tls-client, but to no avail.

          I know the openvpn server works, cos i can connect with pc, and my much older android phone that uses the "FEAT VPN" app (which is not available for ICS it seems).

          Needless to say, the "x.x.x.x" adresses is changed by me now, and not really shown like this.. And the .key and .p12 file is copied from the same pfsense generated script file i just easily imported into "FEAT VPN" on my other phone.

          Any quick hints would be awesome :)

          C

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Update your client export package. Use the "inline" config export and then import that into the Android client. It works every time, only manual adjustment needed is you have to tell it your xauth username after importing.

            http://doc.pfsense.org/index.php/Android_VPN_Connectivity#OpenVPN_on_Android_4.0_.28Non-Root.29

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • C
              Cybdex
              last edited by

              @jimp:

              Update your client export package. Use the "inline" config export and then import that into the Android client. It works every time, only manual adjustment needed is you have to tell it your xauth username after importing.

              http://doc.pfsense.org/index.php/Android_VPN_Connectivity#OpenVPN_on_Android_4.0_.28Non-Root.29

              Do you know what? You just made my day!! :) Thanks a LOT!! Works like a charm :)

              C

              1 Reply Last reply Reply Quote 0
              • R
                rikar
                last edited by

                Pulling my hair other trying to get either of these two apps working.
                Havent yet tested pfSense server from another client other then Android, but im pretty confident its setup correcly via 3 guides.

                The issue i get is the same on these two apps; it wont accept / see the certifcate.

                When i use "OpenVPN for Android", the quicker to import one, i;

                • point at the FILENAME.ovpn file
                • ask for password, hit OK for none (have tried with one, no difference
                • hit OK to keep the default name of "pfsense-udp-1194"
                • the "choose certificate" window comes up, i hit OK and it says "No Certificate file found in USB storage"

                This is the same exact message that "ics-openvpn" gives me when i try to load the user cert.

                If i try to find manually and point at the pf created *.p12 file i get this,

                I found mention of only being able to install from the downloads dir, LINK which does let me install it from the settings (before this, just clicking on the "install certs" gave me the same "..cannot find.." error as above) but when i go to import the config files into the openVPN app.. it still fails with .. same message.

                Any clues? any ones finding this issue?

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Looks like you're not exporting/importing the right file. An exported inline config would have no .p12, it's all in a single .ovpn file and it's all readable in plain text. Make sure to export using the 'inline' option.

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • R
                    rikar
                    last edited by

                    Hi Jimp,

                    You are of course 100% correct, dang!
                    I thought all the blue text in the "export" tab was one link, all crammed up in the box due me having zoomed into the page.

                    Now to troubleshoot the connection time outs :)

                    Thanks so much for the speedy reply. I need to pay more attention and slow down.

                    1 Reply Last reply Reply Quote 0
                    • A
                      apmuthu
                      last edited by

                      OpenVPN client - ics-openvpn-0.5.39.apk - does not work in Android v4.0.4 connecting to pfSense v2.0.3 + Client Export Package + OpenVPN Patch Package
                      Works from WinXP.

                      The Android OpenVPN client gets disconnected at once with the following error message for both the non-default port of 33121 and the default one of 1194.

                      Unfortunately, OpenVPN for Android has stopped.

                      The FEAT VPN App for Android works though - ics-2013-01-23.apk.

                      openvpn_pfs_203_android404.png
                      openvpn_pfs_203_android404.png_thumb
                      Android_FEAT_VPN_withpfsense203.png
                      Android_FEAT_VPN_withpfsense203.png_thumb

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.