OpenVPN on Sprint LG Optimus S
Now that ThundeROM includes the Xionia kernel with the Linux TUN/TAP driver compiled as a module, it was downright easy to get OpenVPN working on my LG Optimus S. I didn’t even have to compile anything! Here’s a quick run-down of what I did.
Now that you’ve got tun.ko
I’m not going to get into the basics, like installing the Android SDK on your computer, connecting via the adb shell, rooting your phone and flashing it with custom software. Here’s a great guide for that (pay attention when you do things like remounting the filesystem rw, because you’re going to have to do that before you can write to /system).
I started with my phone running ThundeROM 1.6 (already updated to 1.6.2 and probably updated again by the time you read this), the first version to include a recompiled kernel with tun.ko. (You could also choose to install just the Xionia kernel atop your stock software, compile your own kernel, or reflash with X or Y … but from here on out I’ll keep it simple and just diary what I did.)
Update 2/2011: Having now repeated these steps for ThundeROM 1.6.2 and now VCRom (which supports the Optimus updated to the VC baseband), you shouldn’t have any trouble following these directions with a slightly different configuration. One tip: When symlinking to route and ifconfig in the second step, be sure to symlink to wherever they actually are on your phone (VCRom puts them in bin instead of xbin).
What I did
- First, I installed two apps via the App Market that make it easy to install a precompiled
openvpnbinary on your phone and then manage your OpenVPN connections: OpenVPN Installer and OpenVPN Settings. I used the installer app to install theopenvpnbinary into/system/xbin. - Unfortunately, this binary has hardcoded paths to
routeandifconfig(it expects them to be in/system/xbin/bb), and on my phone (ThundeROM 1.6) these commands are in/system/xbin. So, I worked around this with a couple of symlinks. Connect to your phone usingadb shell, remount/systemread-write, create the directory/system/xbin/bb, and create symlinks in it to yourrouteandifconfig. (If you skip this step, you’ll figure this out later the way I did: I ranopenvpnvia the shell and saw it connect happily to my VPN, but then fail to add any routes to the system.) - Next, you’ll need to copy your OpenVPN config file and keys onto your phone. I won’t go into configuring an OpenVPN connection here, but all I had to do was take a working client config file (the same standard config I’m also using on Linux, Windows and Mac machines), keys and CA and drop them into
/sdcard/openvpn. So, if you’ve called your connection “client1,” you’d be copyingclient1.conf,client1.crt,client1.keyandca.crtinto a folder calledopenvpnon your SD card. - If you like, you can skip this step. But, what I did next was connect via
adb shelland test out my connection. First, I didinsmod /system/lib/modules/tun.koand thenlsmodto make sure the TUN module loaded. Then I connected to my VPN:cd /sdcard/openvpn /system/xbin/openvpn --config client1.confAssuming it works, you should see lots of happy output. If you want, leave the connection open, connect via another shell, run
ifconfigto verify that the TUN device has an IP address, and ping your VPN. Hit F4 to close the connection when you’re satisfied. - Last, you’ll want to set up OpenVPN Settings to manage your VPN connection so you won’t have to start/stop it from the shell. In my case, OpenVPN Settings auto-detected the VPN config I’d put in
/sdcard/openvpn, but you can change this location through the Advanced settings if you need to. My settings are:- Load tun kernel module
- checked
- TUN module settings
- Load module using
- insmod
- Path to tun module
- /system/lib/modules/tun.ko
- Path to configurations
- /sdcard/openvpn
- Path to openvpn binary
- /system/xbin/openvpn
- Fix HTC Routes
- unchecked
- Show Ads
- checked
From here, you should be good to go! Just tap your connection in OpenVPN Settings whenever you want to connect to your VPN.