OpenVPN for Android
Server Address:
Server Port:
Shared Secret:
Connect
OpenVPN is connecting…
OpenVPN is connected!
OpenVPN is disconnected!
openvpn.uni-paderborn.de
1194
File dialog
Location
folder can\'t be read!
New
Select
File name:
Cancel
Save
No Data
#ffff0000
Error
User Certificate
LZO Compression
No Certificate
Client Certificate
Client Certificate Key
PKCS12 File
CA Certificate
Select
Nothing selected
Openvpn Logo
Copyright © 2002–2010 OpenVPN Technologies, Inc. <sales@openvpn.net>\n
"OpenVPN" is a trademark of OpenVPN Technologies, Inc.\n
Copyright 2012\nArne Schwabe <arne@rfc2549.org>
Source code and issue tracker available under http://code.google.com/p/ics-openvpn/
The program uses the following components. See the source for full details on the licenses
File Dialog for the Android\nAlexander Ponomarev"
Copyright © 1996 – 2011 Markus Franz Xaver Johannes Oberhumer
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit\n
Copyright © 1998-2008 The OpenSSL Project. All rights reserved.\n\n
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)\n
Copyright © 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
OpenVPN
File Dialog
LZO
OpenSSL
About
About Openvpn for Android
List of all configured VPNs
All your precious VPNs
Type
PKCS12 Password
FileTypeIcon
Select…
Select…
Nothing Selected
TLS Auth
Show advanced settings
Use TLS Authentication
TLS Direction
VPN List
Add OpenVPN Config
Saved VPN Configs
Enter IPv6 Address/Netmask in CIDR Format (e.g. 2000:dd::23/64)
Enter IPv4 Address/Netmask in CIDR Format (e.g. 1.2.3.4/24)
IPv4 Address
IPv6 Address
Enter custom OpenVPN. Use with great care. Also note that many of the tun related Openvpn settings cannot be supported by design of the VPNSettings. If you think an important option is missing contact the author
Username
Password
For the static configuration the TLS Auth Keys will be used as static keys.
Configure the VPN
Add Profile
Enter a name identifying the new Profile
Duplicate Profile Name
Profile Name
No User certificate selected.
No error found
Error in Configuration
An error has been found in your VPN configuration:
Cannot parse the IPv4 address
Cannot parse the custom routes
Leave empty to query on demand
OpenVPN Shortcut
Connect to VPN
Profile specified in shortcut not found
Random Host Prefix
adds 6 random chars in front of hostname
Enable Custom Options
Specify custom options. Use with care!
Route rejected by Android
Disconnect
clear log
Cancel Confirmation
Disconnect the connected VPN/cancel the connection attempt?
Remove VPN
Checks whether the server uses a TLS Server Certificate
Except TLS Server
Checks the Remote Server Certificate CN against a String
Certificate Hostname Check
Enter the String against which the remote Server is checked. Openvpn will use prefix matching. "Server" matches "Server-1" and "Server-2"\\nLeave empty to check the CN against the server hostname.
Remote Hostname(CN)
Enables the TLS Key Authentication
TLS Auth File
Requests IP addresses, routes and timing options from the server.
No information is requested from the server. Settings need to be specified below.
Pull Settings
DNS
Override DNS Settings by Server
Use your own DNS Servers
searchDomain
DNS Server to be used.
DNS Server to be used.
DNS Server
Secondary DNS Server used if the normal DNS Server cannot be reached.
Backup DNS Server
Ignore pushed routes
Ignore routed pushed by the server.
Redirects all Traffic over the VPN
Use default Route
Enter custom routes. Only enter destination in CIDR format. "10.0.0.0/8 2002::/16" would direct the networks 10.0.0.0/8 and 2002::/16 over the VPN.
Custom Routes
Log verbosity level
Allows authenticated packets from any IP
Allow floating server
Custom Options
Edit VPN Settings
Remove the VPN Profile %s?
" On some custom ICS images the permission on /dev/tun might be wrong, or the tun module might be missing completly"
Opening tun interface failed badly.
"Error: "
Clear
info
Show connection details
Last interface configuration from Openvpn:
Local IP: %1$s/%2$d MTU: %3$d
DNS Server: %s
DNS Domain: %s
Routes: %s
Got interface information %1$s and %2$s, assuming second address is peer address of remote. Using /32 netmask for local IP.
Cannot make sense of %1$s and %2$s as IP route with CIDR netmask, using /32 as netmask.
Corrected route %1$s/%2$s to %3$s/%2$s
Cannot accces the Android Keychain Certificates. If you restored a backup of the app/app settings reselect the certificate to recreate the permission to access the certificate.
%1$s %2$s
Could not write log contents to file
Send Logfile
Send
ICS Openvpn log file
Copied log entry to clip board
Tap Mode
Tap Mode is not possible with the non root VPN api. Therefore this application cannot provide tap support
Again? Are you kidding? No tap mode is really not supported and sending more mail aksing if it will be supported will not help.
A third time? Actually one could write a a tap emulator based on tun that would add layer2 information on send and strip layer2 information on receive. But this tap emulator would have to implement also ARP and possible a DHCP client. I am not aware of anybody doing any work in this direction. Contact me if you want to start coding on this.
FAQ
frequently asked questions and some adivce
Copying log entries
To copy a single log entry press and and hold on the log entry. To copy/send the whole log use the Send Log option. Use the hardware menu button if not visible in the gui.
Shortcut to start
You can place a shortcut to start OpenVPN on your desktop. Depending on your homescreen program you have to add a shortcut or a widget.
Your image does not support the VPNService API,sorry :(
Encryption
Enter Encryption method
Enter the cipher key for openvpn. Leave empty to use default cipher
Authentication/Encryption
File Explorer
Inline File
Import
Error importing File
Could not import File from Filesystem
[[Inline file data]]
Refusing to open tun device without IP information
Import Profile from ovpn file
Import
Could not read Profile to import
Error reading Config file
add Profile
Trying to read file: %1$s
Could not find file %1$s mentioned in the imported Config file
Importing config file from source %1$s
Your config file specified a pkcs12 file. Please import the file by selecting select in the Basic Settings configuration of the converted VPN
Your configuration had a few configuration options that could be parsed. These options were added as custom configuration options. The custom configuration is displayed below:
Done reading config file.
Do not bind to local address and port
No local binding
Please not that the config importer is an experimental feature.
Import configuration file
Security considerations
"As openvpn is security sensitive a few notes about security are sensible. All data on the sdcard is inherently unsecure. Every app can read it (for example this program requires no special sd card rights). The data of this application can only be read by the application itself. By using the import option for cacert/cert/key in the file dialog the data is stored in the vpn profile. The vpn profiles are only accessable by this application. (Do not forget to delte the copies on the sdcard afterwards). Even though accessible only by this application the data is stil unecrypted. By rooting the telephone or other exploits it may be possible to retrieve the data. Saved passwords are stored in plain text as well. For pkcs12 files it is highly recommended that you import them into the android keystore."