Create a Client File for Android Client
You can create a client file with .ovpn extension with a text editor (e.g. notepad++), or download a client.ovpn sample file.
Note: The line beginning with “;” is considered to disable the corresponding
option.
- Open the client.ovpn file with a text editor.
- Edit the following options according to the VPN server settings on your PBX.Note: The client and server must use the same settings.
- Specify the hostname/IP and port of VPN server.
In this example, we have forwarded the VPN server 10.8.0.1 1194 to 110.80.36.162 7086.
remote 110.80.36.162 7086
- Set the protocol to UDP or TCP.
In this example, UDP is enabled, and TCP is disabled.
proto udp ;proto tcp
- Set the device mode to TUN.
dev tun
- Set the cryptographic cipher.
Table 1. Cryptographic cipher on server Cryptographic cipher on client BlowFish cipher BF-CBC AES-128 cipher AES-128-CBC AES-256 cipher AES-256-CBC Triple-DES cipher DES-EDE3-CBC In this example, AES-256 is set on server, then enable AES-256-CBC.
;cipher BF-CBC ;cipher AES-128-CBC cipher AES-256-CBC ;cipher DES-EDE3-CBC
- If Compression is enabled on server, you need to
enable compression on the VPN
client.
comp-lzo
- If Username/Password Authentication is used on server, you need
to specify the passfile
file.
auth-user-pass passfile
- If SSL/TLS and a ta.key is
used on the server, you need to specify the TLS Authentication & TA
Key.
tls-auth ta.key 1
- Specify the CA certificate file used on
server.
ca ca.crt
- Specify the hostname/IP and port of VPN server.
- Specify the Android client certificate and key file.
In this example, Android.crt and Android.key is specified.
cert Android.crt key Android.key
- Edit other options according to your
need.
persist-key persist-tun verb 3 resolv-retry infinite remote-cert-tls server nobind ;dev-node MyTap ;remote-random ;http-proxy-retry ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings ;mute 20
- Save the client file.
You can rename client.ovpn to identify, such as: Android.ovpn.