OpenVPN is a flexible VPN client that tunnels network traffic between the local system and a proxy/gateway server, so that nobody between those two endpoints should be able to determine the metadata or the content of your communications. While there are multiple posts on the UWN Thesis blog that deals with setting up OpenVPN on Windows and Linux, I’ve recently managed to get it working again on an Android device.
Of course, you’d need to find a VPN service that appears sufficiently trustworthy, and it’s important to check the session being tunnelled hasn’t been compromised (check the TLS/SSL certificate) once the VPN connection’s established. Remember that service providers are subject to the laws and constraints of whichever countries they’re operating in, and might be required to provide information about their users to The Powers That Be. The best you can do is read the terms of service and privacy statements very carefully.
The application I installed was OpenVPN Connect, which is available in the Play store. After installation, there are a few configuration options to look at.
- Seamless Tunnel: Defintely check this option. The last thing we’d want is the browser to fallback to the default network interface, exposing sensitive data, without us knowing if the VPN service drops the connection.
- Reconnect on reboot: Disabled this, just to be polite and reduce demand on the VPN servers.
- Connection Timeout: Sometimes it takes a while to establish a connection, so this is set to 1 minute.
- Force AES-CBC: Depends. AES-CBC could be better or worse than what’s being provided.
- Minimum TLS: Could set the latest as default, but shouldn’t matter so much.
- DNS Fallback: Even if you dislike Google, this is only a fallback option, and there’s no way to set an alternative.
Once the client configuration is sorted, the connection settings for a VPN service are required. For this demo I’ll fetch and load a connection profile for a service called ‘VPNBook’, which is distributed as a .zip archive of .ovpn files. I have downloaded and extracted these on my mobile device.
In the OpenVPN Connect menu, select ‘Import‘ and ‘Import Profile from SD Card‘. Next find and select the .ovpn file that contains the desired connection settings. Since TCP over 443 seems to work best for my Android device, I’ve loaded the tcp443.ovpn file.
Next you’ll need to enter the username and password, again available on VPNBook’s site. Now the client should establish a tunnel connection.
Once the ‘OpenVPN: Connected‘ message is displayed, I normally navigate the browser to InfoSniper or whatismyipaddress.com, just to ascertain that the browser traffic’s going through one of the VPN servers.