OpenVPN client for Android ICS 4.0.3+ (no root/jailbreak required) tested OK.

mrzaz

Here comes a small tip for you guys running and Android phone with ICS (4.0) of 4.0.3 or later.

FINALLY an OpenVPN client that really works without the need for jailbreak (rooting).
Supports TUN only, not TAP.

OpenVPN for ICS (no root/jailbreak required) for Android ICS 4.0.3+
http://forum.xda-developers.com/showthread.php?t=1591585
https://github.com/kghost/ics-openvpn/downloads

Features:

• Compatible to all ICS device (NO ROOT REQUIRED, works on stock firmware)
• Easy to use
• Multiple VPN profile
• Username/password authentication
• Secure (Don't store your private key in App, but managed by Android system)
• Open source

Limitation:

• Only TUN mode, no TAP mode. (system API limitation)
• One simultaneous connection only. (system API limitation)

I have personally set it up working - including TLS Authentication.  used the 0.94 version.
To make it easier, I used the package "OpenVPN Client Export Utility" and the "OpenVPN wizard".
If someone need help, I could guide how I did to get it working. (which was quite easy)

I have only tested this on pfSense 2.1 beta software and don't know if it still works on 2.0.1.

Best regards
Dan Lundqvist
Stockholm, Sweden

jimp

Free, no root, in the market, works great:
https://play.google.com/store/apps/details?id=de.blinkt.openvpn

Cybdex

@jimp:

Free, no root, in the market, works great:
https://play.google.com/store/apps/details?id=de.blinkt.openvpn

Cant say i get this to work tho..

Jul 28 19:47:17	openvpn[61332]: TLS Error: incoming packet authentication failed from [AF_INET]x.x.x.x:1194
Jul 28 19:47:17	openvpn[61332]: Authenticate/Decrypt packet error: packet HMAC authentication failed

The config that is generated from my pfsense box is:

dev tun
persist-tun
persist-key
proto udp
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194
tls-remote Server
auth-user-pass
pkcs12 router-udp-1194.p12
tls-auth router-udp-1194-tls.key 1
comp-lzo

The config that is looking the most alike to this that i have eventually ended up with is : (when i go to the app and show the generated config)

suppress-timestamps
client
verb 1
connect-retry-max 5
resolv-retry 5
dev tun
remote x.x.x.x 1194 udp
auth-user-pass
pkcs 12 /mnt/sdcard/external_sd/Download/router-udp-1193.p12
comp-lzo
tls-auth /mnt/sdcard/external_sd/Download/router-udp-1194-tls.key
route-ipv6 ::/0
route 0.0.0.0 0.0.0.0
remote-cert-tls server
cipher AES-128-CBC

The last "cipher" line, i dont know other than the config setting for the app you could manually type that line in. I have also tested it on default "blank". I have even tried to add a "advanced" option : tls-client, but to no avail.

I know the openvpn server works, cos i can connect with pc, and my much older android phone that uses the "FEAT VPN" app (which is not available for ICS it seems).

Needless to say, the "x.x.x.x" adresses is changed by me now, and not really shown like this.. And the .key and .p12 file is copied from the same pfsense generated script file i just easily imported into "FEAT VPN" on my other phone.

Any quick hints would be awesome :)

C

jimp

Update your client export package. Use the "inline" config export and then import that into the Android client. It works every time, only manual adjustment needed is you have to tell it your xauth username after importing.

http://doc.pfsense.org/index.php/Android_VPN_Connectivity#OpenVPN_on_Android_4.0_.28Non-Root.29

Cybdex

@jimp:

Update your client export package. Use the "inline" config export and then import that into the Android client. It works every time, only manual adjustment needed is you have to tell it your xauth username after importing.

http://doc.pfsense.org/index.php/Android_VPN_Connectivity#OpenVPN_on_Android_4.0_.28Non-Root.29

Do you know what? You just made my day!! :) Thanks a LOT!! Works like a charm :)

C

rikar

Pulling my hair other trying to get either of these two apps working.
Havent yet tested pfSense server from another client other then Android, but im pretty confident its setup correcly via 3 guides.

The issue i get is the same on these two apps; it wont accept / see the certifcate.

When i use "OpenVPN for Android", the quicker to import one, i;

• point at the FILENAME.ovpn file
• ask for password, hit OK for none (have tried with one, no difference
• hit OK to keep the default name of "pfsense-udp-1194"
• the "choose certificate" window comes up, i hit OK and it says "No Certificate file found in USB storage"

This is the same exact message that "ics-openvpn" gives me when i try to load the user cert.

If i try to find manually and point at the pf created *.p12 file i get this,

I found mention of only being able to install from the downloads dir, LINK which does let me install it from the settings (before this, just clicking on the "install certs" gave me the same "..cannot find.." error as above) but when i go to import the config files into the openVPN app.. it still fails with .. same message.

Any clues? any ones finding this issue?

jimp

Looks like you're not exporting/importing the right file. An exported inline config would have no .p12, it's all in a single .ovpn file and it's all readable in plain text. Make sure to export using the 'inline' option.

rikar

Hi Jimp,

You are of course 100% correct, dang!
I thought all the blue text in the "export" tab was one link, all crammed up in the box due me having zoomed into the page.

Now to troubleshoot the connection time outs :)

Thanks so much for the speedy reply. I need to pay more attention and slow down.

apmuthu

OpenVPN client - ics-openvpn-0.5.39.apk - does not work in Android v4.0.4 connecting to pfSense v2.0.3 + Client Export Package + OpenVPN Patch Package
Works from WinXP.

The Android OpenVPN client gets disconnected at once with the following error message for both the non-default port of 33121 and the default one of 1194.

Unfortunately, OpenVPN for Android has stopped.

The FEAT VPN App for Android works though - ics-2013-01-23.apk.