Howto/20130118 Setup Routed Tun OpenVPN server on Ubuntu 12.04
Motivation
To be able to workaround Petro-Canada Mobility/7-11 Speakout's proxied 3g data connection so that I can make free calls to a landline using a voip app such as Fongo. My previous solution was to use another app Droidvpn but this had two issues: 1) it is only free for 100 megs/day and 2) it requires a rooted android phone. Setting up and using my own server therefore removes the 100 meg/day limit and does not require a rooted android phone. I initially did the following steps on my own home server as a test, but because it requires using port 443 which my webserver was already using, I ended up renting a VPS located in Buffalo, NY for 12$ USD/year.
Source material
- OpenVPN howto: http://openvpn.net/index.php/open-source/documentation/howto.html
- Redflagdeals post: http://forums.redflagdeals.com/speakout-data-android-calling-all-users-tips-tricks-1053209/175/#post15982561
- My previous OpenVPN setup guide for bridged VPNs: Howto/Setup Bridged OpenVPN server on Ubuntu 10.04
My setup
- An android phone (tested with version 4.0) with a proxied 3g data connection via Petro-Canada Mobility
- A server running Ubuntu 12.04 64-bit with port 443 available
The Steps
- Step 1) Install openvpn and iptables-persistent on the server
sudo apt-get install openvpn iptables-persistent
- Step 2) Obtain conf files
Copy sample conf files located in /usr/share/doc/openvpn/examples/sample-config-files/ to /etc/openvpn
- Step 3) Generate certificates and keys for the server and multiple clients
Follow guide @ http://openvpn.net/index.php/open-source/documentation/howto.html#pki Tip: You may need to rename the openssl-1.0.0.cnf file to openssl.cnf.
- Step 4) Edit the server.conf file.
Notes: Only tun is supported on android 4.0, port 443 and tcp rather than udp must be used for proxied openvpn connections.
port 443 proto tcp ;proto udp dev tun ;dev tap ca ca.crt # this was generated in previous step cert server.crt # this was generated in previous step key server.key # this was generated in previous step dh dh1024.pem # this was generated in previous step server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" push "dhcp-option DNS 8.8.8.8" duplicate-cn # it's not recommended for clients to share cert/keys, # but I'm gonna do it anyways user nobody group nogroup
- Step 5)