Since I have a bunch of useful things on servers at home, I was
interested in using OpenVPN on the phone to get at them.
This is not the usual use case, which seems to be a tunnelling of
all one's phone traffic to a commercial endpoint. I already have the
endpoint, but mostly I'm interested in using the VPN as a firewall/NAT
bypass technique for getting at a specific set of servers, as well as
hiding traffic from snoopers.
There's a
package on F-Droid,
which seems like a good start. But it wants to do everything with
X.509 certificates, and my existing OpenVPN infrastructure uses
pre-shared keys (I'm the only authorised user anyway). And the
configuration interface is fairly clumsy. Even the built-in help says
you should get the VPN host (me) to supply a .ovpn file. What the heck
is one of those?
Turns out, after some searching, it's simply an entirely normal
OpenVPN tunnel configuration file. And since OpenVPN 2.3 you can even
embed key files in there.
So I abandoned the configuration editor, wrote a perfectly normal file
of the same sort that I'd drop onto a laptop, copied it across, and
presto, it all works. XMPP and SIP are running quite happily on 4G
across the encrypted link to servers at home. (And if I ever manage to
get CalDAV working the calendar should be too.)
Comments on this post are now closed. If you have particular grounds for adding a late comment, comment on a more recent post quoting the URL of this one.