I would like to use openVPN on my mobile phone. What must I do to make it work?

Pease

Junior Member
NOTE: This thread contains outdated information. Please refer to our Android documentations in the howto section of the member area.

I would like to use openVPN on my mobile phone. What must I do to make it work?
The OS is Android OS, v4.0 (Ice Cream Sandwich).

I read in one thread that "you can set up PPTP in the system settings” if I "enter a name for this VPN connection, the domain name of the VPN server, your username and password and then connect”. See “Perfect Privacy for Androidhttps://board.perfect-privacy.com/fo...cy-for-android

But I want to use Open VPN.

1. Which apps must I install on the phone? Are there any apps I can download here on Perfect Privacy?
2. What settings must I have to make it work?

Can someone explain exactly what and how I must do to fix this?

3. What Requirements must the phone have example for the processor and RAM memory?
4. What firewall and virus protection can you recommend for the phone?
5. Can I use OpenVPN from PerfectPrivacy at the same way on the phone as on the computer?
6. Can I do as I read in this thread “VPN Configuartion JB 4.3”? see https://board.perfect-privacy.com/fo...uartion-jb-4-3 Perhaps I can download the config files from PP members Area myself and use exactly the same config files I use on my computer?
7. Is it IPv4 or IPv6 mobile phones use when surfing the Internet? If it’s using IPv6 then it’s not so secure with OpenVPn. Or am I totally wrong?
8. Can I Use OpenVPN with the same user and password on the computer and the mobile at the same time ?
9. I read this “openvpn on android uses really a lot of power. The openvpn server sends every x seconds a keepalive paket, so there is constantly network traffic which needs power.” How much power does it take to use OpenVPN on android? And how much traffic per x seconds is it?
10. This question does not have with this thread to do but perhaps someone can answer it anyway. On the old PP: s server list one could for example read which server was down for mail and other info. But I cannot find it on the new member’s area. Can members read that kind of info somewhere else on member’s area? If yes. Where?


Thanks for all help.
 

PP Daniel

Staff member
Hi,

since I currently don't have an Android device I can't answer all of your questions now. Eventually somebody else can jump in here? I will have an Android device soon, and hopefully soon thereafter we will have guides for Android as well.

On the OpenVPN website they recommend Private Tunnel: https://play.google.com/store/apps/details?id=net.openvpn.privatetunnel
so maybe you want to give it a try.

Regarding the settings: Usually you will have to enter pretty much the same data as for a PPTP connection. But you will have to transfer the OpenVPN configuration files to the android device as well. As of now we don't offer them as a separate download for Android, so you would have to take the ones for Mac OS (not the Tunnelblick version). You also might have to remove the "remote random" line.

I'll try to get my hands on some Android device and have guides up asap.
 

Pease

Junior Member
Ok, Thank you!

11. Do I need Private Tunnel VPN ? see https://play.google.com/store/apps/d....privatetunnel

12. Do I need the OpenVPN configuration files + Security Certificate + Registration Entries

13. Do I need to install OpenVPN Connect as well ?see https://play.google.com/store/apps/d...penvpn.openvpn

14. Must I know exactly where to import the files (OpenVPN configuration files + Security Certificate + Registration Entries
) to the mobile? Or will the mobile import it automatically to the right place in the mobile?

15. When you write about OpenVPN configuration files the MAC version, you mean ppConfig_mac.zip 185.22 KB 11/02/13 21:15 (UTC), am I right? See https://www.perfect-privacy.com/memb...bs-ovpnconfmac

16. Whats the difference between ppConfig_mac.zip 185.22 KB 11/02/13 21:15 (UTC)
, ppConfig_mac_single.zip 192.88 KB 11/02/13 21:15 (UTC), ppConfig_mac_tcp.zip (only if necessary) 184.88 KB 11/02/13 21:15 (UTC) and ppConfig_mac_tcp_single.zip (only if necessary) 192.09 KB 11/02/13 21:15 (UTC) ?
Which should i choose?

It would be nice if someone could tell me more exactly how to install and something about firewall and which virus app I should choose?

Thanks again.
 

PP Daniel

Staff member
Hi,

11 & 13: One app will do trick, and there might be more out there to choose from.
12: Basically you could take the whole contents of the zip file. But you are right, it should be three files per server(group), and additionally once the ca.crt.
14: I'm not sure, as this might depend on the app and/or android version.
15: Yes, that's the file. As far as I know you will have to remove the "remote random" line in the configuration files as it's not supported currently.
16: The usual configuration files use UDP as tunnel protocol, which is usually what you want to have. But if you run into any issues using UDP, we offer the TCP version, which will give you an OpenVPN tunnel running with TCP instead of UDP.
The "single" files are not yet explained on the download page, they are new. The difference is, they offer the ability to choose the server to connect to, rather than the servergroup (location). So you have entries for e.g. moscow1.perfect-privacy.com and moscow2.perfect-privacy.com instead of just moscow.perfect-privacy.com.
 

Pease

Junior Member
Thanks.

17. Which one is most secure UDP or TCP? Do both use IPv4?

18. You wrote: “and additionally once the ca.crt.” What do you mean? Im not quite shore what you mean with that?

19. When I compare the Windows and MAC config files, Wndows have one line for each command and MAC config commands are in one long line. Am I right?


Thanks for all help!
 

JackCarver

Junior Member
UDP/TCP has nothing to do with security or not. They are network protocols and NOT encryption standards. The ca.crt has something to do with trust. You should read something about X509 certificates if you want to understand this. There are specific OpenVPN commands which work only for win for example but you can write Mac .ovpn files per line too.
 

PP Daniel

Staff member
Hi,

I made a note to add an entry about UDP/TCP to the FAQ and explain the difference. In a nutshell: TCP comes with transport control, so it will notice packets that have gone missing during transport and can request them again, while UDP does not have this capability. Basically TCP gets used when you want to make sure every packet gets there, while UDP is the protocol of choice for realtime use cases, such as gaming or streaming video/sound. The connections your clients make can be either UDP or TCP regardless which type of protocol is used for the OpenVPN tunnel. Using a UDP tunnel gives you the best of both worlds, as TCP connections can be tunneled through it. The other way around works also, but using a TCP OpenVPN tunnel practically enforces transport control to every packet rather than letting the clients decide. E.g. an email is not complete until every last bit is transferred, while a couple of missing bits won't matter in an online game where this information like player position and status is submitted continuously anyway. Both is used with IPv4.

The ca.crt is in the zip file, it's part of the certificate path of the servers certificate.

The difference is mostly the options in the file. But also the win and mac versions have a different type of linebreak, which apparently your editor failed to notice.
 

Pease

Junior Member
Thanks for the answers. But the problem is that when I start Private Tunnel VPN it asks for mail address and password. I can only choose between six servers. I can choose to sign up to?? But I am already a costumer to Perfect Privacy?? There is nothing that asks me to import the config files??

I tested OpenVPN Connect instead. But I got this info:
Welcome toOpenVPN Connect. OpenVPN requires a .ovpn profile to a server. Please go to Menu / Import to import a profile or Menu / Help for more information”.

I fixed it like this:
A. I transferred the required files, OpenVPN configuration files, from my computer to the mobile device through windows Explorer.
B. I started OpenVPN Connect from my mobiles desktop and
C. I imported the OpenVPN configuration files from the Mobiles SD card.

But I get this error all the time: “CORE_THREAD_ERROR info=’option_error:sorry, ‘fragment’ directive is not supported, nor is connecting to a server that uses ‘fragment’ directive’ ”.

20. What does this mean? What can I do to fix this?

I would like to have an answer on my question 10 also : “10. This question does not have with this thread to do but perhaps someone can answer it anyway. On the old PP: s server list one could for example read which server was down for mail and other info. But I cannot find it on the new member’s area. Can members read that kind of info somewhere else on the new member’s area? If yes. Where?

21. Can someone help me also to give me tips on firewalls I can use on my mobile device? And perhaps explain a little more about android rooting? Which mobile firewalls need rooting and which ones don’t need rooting. What would be the difference and which one is safest?

22. On the computer I can use batch files for example to delete the route if VPN stops for a reason. Can it be done on mobiles to? If yes. How?


Thanks for all help.
 

PP Daniel

Staff member
Hi,

I got an Android phone delivered today, but of course I have not yet done any testing or written some documentation. Might take another couple of days...

20: You have to remove the line which starts with "remote random" from the config file(s).

10: This info is not yet visible anywhere, I have to include it on the servers page, sorry. Rule of thumb is: Mail should work on every server, and P2P won't work on US based servers and on the one in France.

21: As I have no experiences with the matter as of now, sadly no.

22: I'm not sure, this depends on the implementation, but I'd say most likely this is not possible.
 

Pease

Junior Member
Hi! Thanks for your answers.

You wrote. “You have to remove the line which starts with "remote random" from the config file(s).”.
I already have. For example the bankok ovpn file looks like this:
“client
ns-cert-type server
redirect-gateway def1
dev tun
remote bangkok.perfect-privacy.com 1151
remote bangkok.perfect-privacy.com 150
remote bangkok.perfect-privacy.com 1150
remote bangkok.perfect-privacy.com 1149
remote bangkok.perfect-privacy.com 151
remote bangkok.perfect-privacy.com 149
# Fallbacks just in case..
remote bangkok.perfect-privacy.org 150
remote bangkok.perfect-privacy.net 1150
remote bangkok.perfect-privacy.org 1151
remote bangkok.perfect-privacy.org 151
remote bangkok.perfect-privacy.asia 1149
remote bangkok.perfect-privacy.info 149

proto udp
tun-mtu 1500
fragment 1300
mssfix
float
reneg-sec 86400
resolv-retry 60
nobind
persist-key
persist-tun
persist-remote-ip
route-method exe
route-delay 2
ca ca.crt
cert Bangkok_cl.crt
key Bangkok_cl.key
tls-auth Bangkok_ta.key 1
tls-timeout 5
hand-window 120
cipher AES-256-CBC
comp-lzo
verb 4
auth-user-pass
inactive 604800
ping 5
ping-restart 120
replay-window 512 60
mute-replay-warnings

So what can the problem bee?

23. One more question: can I put in the line “auth-nocache” in the code?

Thanks for answers as usual!
 

PP Daniel

Staff member
Hi,

I think you need to remove the "fragment 1300" line. Probably it even works with remote-random on Android, I have not yet tested this myself.

23: I don't know yet. You can give it a try once you have got a working configuration though.
 

Pease

Junior Member
Thanks. But what does fragment 1300 mean? Is it something important? Or is it something not to care to much about?
 

Pease

Junior Member
Hi again!

24. But isn’t that important that the fragmentation works well?

Now it works with OpenVPN on my mobile. I have deleted “fragment 1300” and put in “auth-nocache” in the ovpn code. I have “remote-random” in the code also.

25.1 But when I want to surf with browser called “CHROME” I get this message:
“Error code: DNS_PROBE_POSSIBLE”.

25.2 When I use the browser called “INTERNET” I can only see this message:
“Web page not available”.

Why does it act so strange? One other thing is that OpenVPN seems to disconnect and reconnect all the time?? When I disconnect OpenVPN then I can surf the Internet again without problem??

Can someone help me out? Thanks for all help. Bye for now.
 

PP Daniel

Staff member
Hi,

this does not seem to be working, at all right now. Until I have got the time to make some configurations myself and do the testing I can't say what is wrong or not. When I'm done we will offer Android configuration files for download as well, and also setup instructions. Sorry, but I can't answer your questions, perhaps somebody else can.
 

Pease

Junior Member
Hi! How is it going? I really would like use PP on my mobile. Have you asked all moderators on PP? Thanks for helpeng me and everybody else hwo would like to use their mobiles a little more safe when surfing the Internet.

Thanks in advance for trying to fix this little problem.
 

PP Frank

Staff member
Nobody can help you with this Questions. We need a few more informations as "Mobile Phone". Which Mobile Phone and which Operating System runs on this mobile Phone. OpenVPN run on the most Android Phones and also on the most iOS Devices. And all modern Operating System can use IPSec or PPTP in the Systemsettings.
 

Pease

Junior Member
Hi! In the beginning of this thread I wrote that the OS is Android OS, v4.0 (Ice Cream Sandwich). The model of my phone is Samsung Galaxy Trend s7560 also called Samsung Galaxy Ace II X S7560M. Does it matter what mobile phone model it is? I thought that it was the OS that mattered? Will my new info help something? [h=1][/h]
 

maze

Junior Member
I confirm I have the same behavior as the OP.
It connects, but then it won't let me ping anything successfully outside of my (physical) LAN.

OS: Android 4.3.1
Model: HTC One
 

maze

Junior Member
My best guess is that it's a routing problem.

Below my routing table when I'm connected to the VPN (Amsterdam server). I edited away some addresses of my LAN for privacy reasons.

root@m7ul:/mnt/shell/emulated/0 # ip route show
0.0.0.0/1 dev tun0 scope link
default via 192.168.xxx.xxx dev wlan0
10.15.31.28/30 dev tun0 proto kernel scope link src 10.15.31.30
128.0.0.0/1 dev tun0 scope link
192.168.xxx.0/24 dev wlan0 proto kernel scope link src 192.168.xxx.xxx
192.168.xxx.xxx dev wlan0 scope link

Not that I'm very knowledgeable about this, but I assume this thing cannot work if there is not a route to the VPN server's host through wlan0. This would appear to be missing from the above.
 
Top