OpenVPN on android

[rearden]

I am running the latest (3 Oct) build of Asus Merlin. Thank you! It is fun to play with such a powerful router and software. I am currently working on setting up the VPNs to both enable connectivity to my LAN and to secure traffic from public wifi areas. I have Win, Android and iOS devices I want to connect.

There always seems to be a strong roadblock for each of the VPN solutions.

OpenVPN. I am working on getting this running. It appears that non rooted android devices requires TUN, but windows TAP. Thankfully there are two openVPN servers that can be individually configured. TUN uses a different IP subset. How do I route packets between the OpenVPN TUN IP range and my LAN ip range so I can access my LAN over openVPN on android?

PPTP Just Works! unfortunately, it has security issues and does not work with the Always On VPN on android or iOS.

IPsec/L2TP: It appears to be the strong VPN of choice for mobile devices. Always On VPN on android and iOS require it. It seems like most router 3rd party firmwares have a philosophical aversion to it, but it appears to be the VPN of choice for mobile devices for the future whether we like it or not, at least by looking at the OS support by both Apple and Android. Any plans for a GUI to support this VPN solution?

rearden

 

[wiz]

I know tun works on android, if you have a rooted device. My tablet runs flawlessly with it.

Only thing you can do I think is start 2 openvpn servers, one with a tap interface, and one with a tun interface, or if you own the android device root it and be done with it.

 

[rearden]

My primary one is not rooted. I have rooted some of them, at times, but it always causes problems when with software upgrades. I don't want to go through the headache of rooting (and maintaining root on) the kids tablets, yet the ability to vpn their traffic while travelling would be nice. Hence trying to find at least one (more options would be better) multi platform VPN and to try to route traffic to the LAN using the least modified and most maintainable solution.

rearden

 

[saintdev]

My primary one is not rooted. I have rooted some of them, at times, but it always causes problems when with software upgrades. I don't want to go through the headache of rooting (and maintaining root on) the kids tablets, yet the ability to vpn their traffic while travelling would be nice. Hence trying to find at least one (more options would be better) multi platform VPN and to try to route traffic to the LAN using the least modified and most maintainable solution.

rearden

If your device runs Android 4 or greater, you can use the official OpenVPN Connect or unofficial OpenVPN for Android Apps without rooting. The latter seems to support more features than the official App still and I currently use it for that reason.

How do I route packets between the OpenVPN TUN IP range and my LAN ip range so I can access my LAN over openVPN on android?

Nothing special needs to be done, just check the Push Lan to Clients box.

 

[rlcronin]

Hm, tun works fine for me on Windows. Here's my config for the Windows client (with the server IP on the remote stmt obfuscated):

client
dev tun
proto udp
remote nnn.nnn.nnn.nnn 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert bcronin.crt
key bcronin.key
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 4
float

 

[RMerlin]

You should always use TUN unless you have a very specific reason for needing a level 2 bridge through TAP.