Sometimes I additionally need access to my local network from outside using my mobile phone. In the past I used a Netgear Router with OpenVPN behind my Router.
A few weeks ago I installed the App OpenVPN Server from Univention app-store. After I was successful with my Windows client, I also want to use my OpenVPN Client on my mobile device downloaded from Google Playstore.
Before using the ovpn file I had to do some changes by adding all certificates into the ovpn-file:
1. As first step I copied the file win-ucs.ovpn to android.ovpn
# windows client config for server ucs
client
dev tun
proto udp
remote my-ucs-domain.de 1194
verify-x509-name ucs name-prefix
resolv-retry infinite
nobind
persist-key
persist-tun
ca CAcert.pem
cert cert.pem
key private.key
cipher AES-256-CBC
comp-lzo
verb 3
auth-user-pass
2. After the last line I added the certificates by copying the contents of the certificate files in the order
- CAcert.pem
- Cert.pem
- Private.key
and added “< ca>, < /ca>, < cert>, < /cert>, < key> and < /key>” (without space within the brackets) before and after each certificate as shown below.
Then removed the links to those files from ovpn file by commenting out.
# ca CAcert.pem
# cert cert.pem
# key private.key
3. Finally the android.ovpn looks like this:
# Android client config for server ucs
client
dev tun
proto udp
remote my-ucs-domain.de 1194
verify-x509-name ucs name-prefix
resolv-retry infinite
nobind
persist-key
persist-tun
#ca CAcert.pem
#cert cert.pem
#key private.key
cipher AES-256-CBC
comp-lzo
verb 3
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
MIIFsTCCBJmgAwIBAgIJAKW7fh1VR6IpMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD
...
9eOGtVOFAAJ2J8hMFDiGBrtestu/
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=DE, L=DE, O=my-ucs-domain, OU=Univention Corporate Server, CN=Univention Corporate Server Root CA (ID=JRxxoNmt)/emailAddress=ssl@my-ucs-domain.de
Validity
Not Before: Dec 14 15:01:17 2020 GMT
Not After : Dec 13 15:01:17 2025 GMT
Subject: C=DE, ST=DE, L=DE, O=my-ucs-domain, OU=Univention Corporate Server, CN=myname.openvpn/emailAddress=ssl@my-ucs-domain.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:48:f6:07:a4:ab:19:73:29:6c:8f:31:7e:d7:
...
2e:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
X509v3 Authority Key Identifier:
keyid:XX:XX:XX::XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
DirName:/C=DE/ST=DE/L=DE/O=myDomain/OU=Univention Corporate Server/CN=Univention Corporate Server Root CA (ID=JRxxoNmt)/emailAddress=ssl@my-ucs-domain.de
serial:XX:XX:XX:XX:XX:XX:XX:X
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DNS:moni.openvpn, DNS:moni
Signature Algorithm: sha256WithRSAEncryption
30:89:87:b7:69:3d:31:d0:41:69:0d:19:b0:8b:02:48:72:04:
...
9c:40:0a:fa
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBujELMAkGA1UEBhMCREUx
...
2cZhRlDuAKXHgJxACvo=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAuUj2B6SrGXMpbI8xfteEVpUfjzmxR3XgDD5hvzlfeftGe9td
....
xgfLD37cYtVCto8Ppr8E8kcCXPWVALouQHb89SD5mZvyNELelJ9G
-----END RSA PRIVATE KEY-----
</key>
4. As next step I copied the android.ovpn file to my mobile phone and imported it into OpenVPN client app.While import type in your logname but do not store the password for security reason.
5. Connect and type in the password - you become connected within a few seconds.
Have success!
(this posting may be used for knowledge base, if helpful)