[GUIDE] OpenVPN for Dummies

GuestX00836 · Dec 22, 2010

Thanks to all the developers who put the bits & pieces together; without them it wouldn't be possible. You don't need to be an Android or Linux guru to get it working - SDK, ADB, etc. are not required.

What is OpenVPN?

OpenVPN is a free and open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators (NATs) and firewalls.

What's Covered in this Guide:

A step by step tutorial for configuring OpenVPN on the Evo 4G. Use at your own risk!

Not Covered:

Yea but how do I?

Requirements:

Rooted Evo

USB Data Cable

Amon RA Recovery - RA-evo-v1.8.0 (or above)
http://files.androidspin.com/downloads.php?dir=amon_ra/RECOVERY/&file=recovery-RA-evo-v1.8.0.img

Terminal Emulator (download from market)

Super Manager (download from market)

Busybox (download from market)

OpenVPN Installer (download from market)

OpenVPN Settings (download from market)

Tun.ko built for your specific kernel (recommend netarchy-toastmod, Stable: 4.1.9.1 or higher)
http://xdaforums.com/showthread.php?t=719763&highlight=amon

Modified openvpn executable & matching iproute-wrapper script.
http://xdaforums.com/attachment.php?attachmentid=385959&d=1282516002

An OpenVPN Account & config files.

GTech Net Tools (download from market).

Let's begin.

Root your Evo if not already done.

Install GTech Net Tools & run; select My IP & Get IP Address; External Address & Local Information are issued from your cell provider data network; record these values for later comparison.

Install Amon RA.

Install Busybox to /system/xbin.

Install OpenVPN Installer (binaries) to /system/xbin; select path to ifconfig: /system/xbin.

Install OpenVPN Settings (settings later in this guide).

Install custom kernel with built in tun.ko support; flash via Amon RA recovery & reboot.

Install Terminal Emulator.

Install Super Manager.

Open your openvpn config file & add the following to the last line, then save: 'iproute /system/xbin/iproute-wrapper.sh'.

***Make sure your config.ovpn file has NO_SPACES in name***

Connect Evo to PC via USB cable; select 'Disk Drive' & 'Done'.

Create folders on SDCard 'Downloads' (if not already there), and 'openvpn'.

Copy your config.ovpn files to SDCard/openvpn folder

Copy 'openvpn' & 'iproute-wrapper.sh' to Downloads folder on SDCard.

Disconnect USB cable.

Start Super Manager; select Settings; Enable ROOT function; press back button on phone; browse to SDCard/Downloads - copy & paste 'openvpn' & 'iproute-wrapper.sh' to /system/xbin.

Start Terminal Emulator.

@ $, type su & enter key; should now see #

Type 'chmod 755 /system/xbin/openvpn' & enter; then type 'exit' & enter.

Start Super Manager; select Settings; disable ROOT function.

Press Home button on phone.

Start OpenVPN Settings; press 'menu' button on phone; select 'advanced'; check 'load tun kernel module'.

Click 'TUN modules settings'; Check Load module using 'insmod'.

Enter Path to tun module: '/system/lib/modules/tun.ko'.

Select 'path to openvpn binary'; enter '/system/xbin/openvpn'.

Check 'Fix HTC Routes'.

Press Back button on phone.

Check OpenVPN; check your_server.ovpn; 'Username/Password required' should appear on Status bar at top of phone.

Slide Status bar down, click on 'Username/Password required', enter info & click 'OK'.

Under yourserver.ovpn view status - Wait for 'connecting...auth...get config'...should be 'connected to 111.111.111.111 as 222.222.222.222'.

Start GTech Net Tools; select My IP & Get IP Address; External Address & Local Information should now be issued from your OpenVPN provider; compare to original data you recorded earlier.

Press Home button on phone...do you see the 'Key' icon on Status bar?

If Yes.............You have done it!

Additional Resources:

OpenVPN

http://openvpn.net/

Wikipedia - OpenVPN

http://en.wikipedia.org/wiki/Openvpn

Enjoy!

GuestX00836 · Dec 22, 2010

Check 1st post for revisions & updates.

sw99 · Dec 23, 2010

Thanks for the write up. However, can you dumb it down one more level. I started looking at OpenVPN when I realized that the Android VPN was broken. I have configured Windows VPN for my home Windows PC, but I assume that it won't directly work with OpenVPN.

What do I need to do to configure my PC?

I assume once I understand that, I'll also understand what you mean by "An OpenVPN account & Config Files.

I appreciate your help.

GuestX00836 · Dec 24, 2010

The guide is limited to OpenVPN on the Evo 4G Android platform.

1Brite1 · Dec 26, 2010

I have a question also. I am stuck at the Open your openvpn config file & add the following to the last line, then save: 'iproute /system/xbin/iproute-wrapper.sh" step. Is this on the EVO or on the OpenVPN account?

Also, I signed up for the OpenVPN account and am using a Macbook-with Windows 7 installed via Parallels, an iMac and another laptop running Linux Ubuntu. Which program do I download for my setup on the OpenVPN site so that they all work? I don't see one for OSX? I have tried the EVOVPN app and it works great just for the phone....but computers won't hook up even though I have them set up using the same LAN settings.

I am hoping for something that will let me use a secure server using the EVO connecting all of my computers.

Thanks for your help and for the guide and for any advice you could share. Have a great day!

GuestX00836 · Dec 28, 2010

Good questions - focus on keeping things simple.

1Brite1 said:
I am stuck at the Open your openvpn config file & add the following to the last line, then save: 'iproute /system/xbin/iproute-wrapper.sh" step. Is this on the EVO or on the OpenVPN account?

Your OpenVPN provider posts config files to download required for their service to work. Normally no editing is necessary, but for Android it is at least for now (*more on why later).
Their config files package may include many different types of files, look for the one with .ovpn extension (there may be several - server_1.ovpn, server_2.ovpn, etc.); open the file(s) with your text editor; normally the last line of this file is 'auth-user-pass'; create a new last line 'iproute /system/xbin/iproute-wrapper.sh' (without quotation marks) and save. Copy this edited file & any other config files your provider requires to the Evo /sdcard/openvpn folder you created earlier.

1Brite1 said:
I signed up for the OpenVPN account and am using a Macbook-with Windows 7 installed via Parallels, an iMac and another laptop running Linux Ubuntu. Which program do I download for my setup on the OpenVPN site so that they all work? I don't see one for OSX? I have tried the EVOVPN app and it works great just for the phone....but computers won't hook up even though I have them set up using the same LAN settings.

The good news is whatever OpenVPN service provider you choose, it should work with whatever device you have. However, each operating system has different requirements, so there are clients specific to each of these OS's. For example, Windows client = openvpn client, Linux = gopenvpn, etc. For the Evo, & Android in general, the client is 'OpenVPN Settings', setup of which is included in the guide. 'EVOVPN' is not 'OpenVPN', we're not sure what it is, they don't offer any support or documentation; advise to stay away until more info is available.

1Brite1 said:
I am hoping for something that will let me use a secure server using the EVO connecting all of my computers.

As above, only one service provider is needed, the clients vary by operating system. If you're referring to remotely accessing your other computers via the Evo with OpenVPN running, well yes that works but is not covered here; setup for that would be the same whether or not you use OpenVPN.

*The edit to .ovpn config file is required at this time to let the Android client know which routing table is being used; it may become unnecessary with future updates.

1Brite1 · Dec 28, 2010

Thank you sc10000.....I appreciate your time...nothing more frustrating than asking a question and never getting an answer or one that is so informative. I will try the set-up again...but I see also that you have to pay for the OpenVPN service. I have an OpenDNS account and wonder if that is the same type of service and it is free but not sure if it will work with EVO. I will look into that option also as I know I used to use that for my Linux system. But, as you said, that may be just operating system specific. Again, thank you for elaborating!!! Now, I get it.

realrasengan · Dec 28, 2010

Thanks for the tutorial sc10000. I just wanted to put a little bit of input into the mix.

OpenDNS is quite different from OpenVPN. OpenVPN is strictly for users who need to encrypt their connection and/or connect to another 'network' such as their work or school network. A lot of other people use OpenVPN for other reason (i.e., watch Hulu from another country outside of the US, etc.).

I use Private Internet Access ( privateinternetaccess.com ) as an OpenVPN provider and it works with your tutorial. Other great providers are listed here:

Private Internet Access ( privateinternetaccess.com )
WiTopia ( witopia.net )
Strong VPN ( strongvpn.com )

There are a few others, but I would stick to the big three for safety.

GuestX00836 · Dec 28, 2010

Some other great providers not listed above:

Anonyproz - anonyproz.com

blackvpn - blackvpn.com

There are many out there, find one that suits you.

Gibby1310 · Jan 3, 2011

I keep getting
FATAL:Linux ip link set failed: could not execute external program

I checked the permissions on the files and they are executabled, I checked the iproute-wrapper.sh script and it was looking for ip in /system/bin my EVO did not have it there but it was in /system/xbin so I changed that too.

GuestX00836 · Jan 3, 2011

I don't recommend changing anything in the scripts or files. Go back to guide & make sure you have completed all the steps exactly. Possibly you have installed something in a different location, etc.

If still not working, then try a different kernel - you did replace the kernel right?

This one is working as of now, with ROM 3.70.651.1

netarchy-toastmod-4.3-bfs-nohavs-noUV-sbc-universal (No Undervolting)

Gibby1310 · Jan 3, 2011

I am on CM 6.1.1 and using 12/25/10 - SBC for BC's Kernel SBC-bcnice-stable-v7.zip (2.62 MB) Kernel

gpz1100 · Jan 3, 2011

sc10000, what purpose would vpn serve on the cell phone for general usage? I can understand if connecting to a company vpn for access to their network.

What would the application be? Why would I want/need vpn (openvpn) on my android device?

GuestX00836 · Jan 4, 2011

gpz1100 said:
Why would I want/need vpn (openvpn) on my android device

Why would you volunteer your unprotected data to anyone who seeks it?

gpz1100 · Jan 4, 2011

Right, but why would I be connecting to my network using the handset? I'd have the vpn client running on my laptop or netbook.

GuestX00836 · Jan 4, 2011

gpz1100 said:
why would I be connecting to my network using the handset? I'd have the vpn client running on my laptop or netbook.

vpn is not openvpn. Why would you connect any device to the internet without security?

Big brother is watching. Really.

enormous · Jan 6, 2011

I was hacking away at this last night, but haven't been successful in getting my vpn connection up and running.

I have copied my openvpn config from my linux box and have gone over the instructions multiple times to verify, but keep getting the following error in the log:

D/OpenVPNDaemonEnabler( 963): Received OpenVPN daemon state changed from Unknown to Disabled
D/OpenVPNDaemonEnabler( 963): Received OpenVPN network state changed from Connected to Exiting
D/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-mgmt( 963): attach(): using management port at 27860
E/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-mgmt( 963): attaching to OpenVPN daemon: /127.0.0.1:27860 - Connection refused
W/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]( 963): start(): choosing random port for management interface: 32537
D/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon( 963): invoking external process: /system/bin/su
D/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon( 963): invoking command line: /system/xbin/openvpn --cd '/sdcard/download/openvpn' --config 'connect.ovpn' --writepid '/data/data/de.schaeuffelhut.android.openvpn/files/com.d/_sdcard_download_openvpn_connect.ovpn-pid' --script-security 1 --management 127.0.0.1 32537 --management-query-passwords
D/OpenVPNDaemonEnabler( 963): Received OpenVPN daemon state changed from Unknown to Startup
D/OpenVPNDaemonEnabler( 963): Received OpenVPN daemon state changed from Unknown to Disabled
D/su ( 4167): 10165 de.schaeuffelhut.android.openvpn executing 0 /system/bin/sh using shell /system/bin/sh : sh
D/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon-stdout( 963): Options error: Unrecognized option or missing parameter(s) in connect.ovpn:22: iproute (2.1.1)
D/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon-stdout( 963): Use --help for more information.
I/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon-stderr( 963): terminated
I/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon-stdout( 963): terminated

If I comment out the "iproute /system/xbin/iproute-wrapper.sh" from my config file, then the vpn will say it is connected, but I won't be able to access anything.

Any help is appreciated!

GuestX00836 · Jan 7, 2011

enormous said:
If I comment out the "iproute /system/xbin/iproute-wrapper.sh" from my config file, then the vpn will say it is connected, but I won't be able to access anything.

Most likely a kernel issue, try replacing with one that has known tun.ko support. Do not comment out 'iproute /system/xbin/iproute-wrapper.sh' or it won't work.

chaseclear · Jan 27, 2011

So I follow these steps EXACTLY yesterday (Evio 1.7.7 rom; Netarchys latest stable kernel) and I was able to connect! The tun.ko I used was one I found i believe for the Desire.. but it seemed to work, and I was able to ping my DB server at the data center.

After a restart last night, today I try and re-connect and continue to get "cannot allocate tun tap dev dynamically"

I checked permissions on tun.ko and openvpn but still having issues. WEIRD that it worked and restart causes it to fail now

Any ideas are appreciated as this will be very convenient for work! Thanks!

chaseclear · Jan 27, 2011

UPDATE: I just flashed Ziggy471's kernel (Jan 21 2011) and rebooted..
I disabled the "Load tun.ko module" from the advanced settings in OpenVPN Settings app, and connected fine again! so it apparently is using the built-in tun.ko driver in the kernel.

Just followed the directions to setup openvpn binary, openvpn settings paths, EXCLUDING the "load tun.ko module" check box and I am GOOOOOOD!

Thanks!

[GUIDE] OpenVPN for Dummies

GuestX00836

Guest

GuestX00836

Guest

Senior Member

GuestX00836

Guest

Senior Member

GuestX00836

Guest

Senior Member

New member

GuestX00836

Guest

Senior Member

GuestX00836

Guest

Senior Member

Senior Member

GuestX00836

Guest

Senior Member

GuestX00836

Guest

Senior Member

GuestX00836

Guest

Senior Member

Senior Member

Similar threads

Top Liked Posts