Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Implementing openvpn client on your IoS/Android
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Implementing openvpn client on your IoS/Android

knopix80knopix80 Member
edited August 2013 in Tutorials







Hi All,



I would like to share my experiment about how to build the openvpn server and openvpn client on IoS and Android.

Assuming the openvpn already installed and tun/tap enabled on your vps.



1.    COPYING THE EASY RSA INTO /etc/openvpn

root@vpsny:/etc/openvpn# cp -r /usr/share/doc/openvpn/examples/easy-rsa .

root@vpsny:/etc/openvpn# cd easy-rsa/2.0/

root@vpsny:/etc/openvpn/easy-rsa/2.0# . ./vars

NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys

root@vpsny:/etc/openvpn/easy-rsa/2.0# ./clean-all



2.    BUILDING THE CERTIFICATE

root@vpsny:/etc/openvpn/easy-rsa/2.0# ./build-ca

root@vpsny:/etc/openvpn/easy-rsa/2.0# ./build-key-server SERVER

root@vpsny:/etc/openvpn/easy-rsa/2.0# ./build-key CLIENT

root@vpsny:/etc/openvpn/easy-rsa/2.0# ./build-dh



3.    COPYING THE CERTIFICATE TO /etc/openvpn

root@vpsny:/etc/openvpn/easy-rsa/2.0# cp -r keys /etc/openvpn/



4.    MAKING THE CONF for port 9500 udp (the port number is your choice)

root@vpsny:/etc/openvpn# cat 9500-udp.conf

port 9500

proto udp

dev tun

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/SERVER.crt

key /etc/openvpn/keys/SERVER.key

dh /etc/openvpn/keys/dh1024.pem

client-cert-not-required

username-as-common-name

server 10.10.10.0 255.255.255.0

push "redirect-gateway def1"

push "dhcp-option DNS 8.8.8.8"

push "dhcp-option DNS 8.8.4.4"

ifconfig-pool-persist ipp.txt

keepalive 3 10

comp-lzo adaptive

user nobody

group users

persist-key

persist-tun

plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/login

status openvpn-status1.log

log /var/log/openvpn1.log

log-append /var/log/openvpn1.log

script-security 3

cipher AES-256-CBC

duplicate-cn

verb 3



The server 10.10.10.0, it will be giving to client as their ip address

push redirect-gateway is your server will be acting as internet gateway of your client



5.    MAKING the configuration for client, named as OVN-NY-LET.conf (as example) set as UDP and port number 9500 (as we setup)



tls-client

dev tun0

remote ###your-vps-server-address### 9500

resolv-retry infinite

nobind

persist-key

persist-tun

keepalive 3 10

<ca>

-----BEGIN CERTIFICATE-----

-- copy and paste your ca certificate to here

-----END CERTIFICATE-----

</ca>

<cert>

-----BEGIN CERTIFICATE-----

-- copy and paste your client certificate to here

-----END CERTIFICATE-----

</cert>

<key>

-----BEGIN RSA PRIVATE KEY-----

-- copy and paste your client key to here

-----END RSA PRIVATE KEY-----

</key>

comp-lzo yes

verb 3

auth-user-pass

cipher AES-256-CBC



The CERT was gotten from CLIENT.crt and The KEY was gotten from CLIENT.key (on your VPS /etc/openvpn/key/)



6.    Copying your OVN-NY-LET.conf to IoS or Android.

7.     Create user on your vps for the openvpn connection

8.     echo 1 > /proc/sys/net/ipv4/ip_forward

9.     enable the masquerade for client -> iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j MASQUERADE



Please give me some corrections if there are some mistakes on this guidance.



Sign In or Register to comment.