lyncd

OpenVPN on Sprint LG Optimus S

Now that ThundeROM includes the Xionia kernel with the Linux TUN/TAP driver compiled as a module, it was downright easy to get OpenVPN working on my LG Optimus S. I didn’t even have to compile anything! Here’s a quick run-down of what I did.

Now that you’ve got tun.ko

I’m not going to get into the basics, like installing the Android SDK on your computer, connecting via the adb shell, rooting your phone and flashing it with custom software. Here’s a great guide for that (pay attention when you do things like remounting the filesystem rw, because you’re going to have to do that before you can write to /system).

I started with my phone running ThundeROM 1.6 (already updated to 1.6.2 and probably updated again by the time you read this), the first version to include a recompiled kernel with tun.ko. (You could also choose to install just the Xionia kernel atop your stock software, compile your own kernel, or reflash with X or Y … but from here on out I’ll keep it simple and just diary what I did.)

Update 2/2011: Having now repeated these steps for ThundeROM 1.6.2 and now VCRom (which supports the Optimus updated to the VC baseband), you shouldn’t have any trouble following these directions with a slightly different configuration. One tip: When symlinking to route and ifconfig in the second step, be sure to symlink to wherever they actually are on your phone (VCRom puts them in bin instead of xbin).

What I did

  1. First, I installed two apps via the App Market that make it easy to install a precompiled openvpn binary on your phone and then manage your OpenVPN connections: OpenVPN Installer and OpenVPN Settings. I used the installer app to install the openvpn binary into /system/xbin.
  2. Unfortunately, this binary has hardcoded paths to route and ifconfig (it expects them to be in /system/xbin/bb), and on my phone (ThundeROM 1.6) these commands are in /system/xbin. So, I worked around this with a couple of symlinks. Connect to your phone using adb shell, remount /system read-write, create the directory /system/xbin/bb, and create symlinks in it to your route and ifconfig. (If you skip this step, you’ll figure this out later the way I did: I ran openvpn via the shell and saw it connect happily to my VPN, but then fail to add any routes to the system.)
  3. Next, you’ll need to copy your OpenVPN config file and keys onto your phone. I won’t go into configuring an OpenVPN connection here, but all I had to do was take a working client config file (the same standard config I’m also using on Linux, Windows and Mac machines), keys and CA and drop them into /sdcard/openvpn. So, if you’ve called your connection “client1,” you’d be copying client1.conf, client1.crt, client1.key and ca.crt into a folder called openvpn on your SD card.
  4. If you like, you can skip this step. But, what I did next was connect via adb shell and test out my connection. First, I did insmod /system/lib/modules/tun.ko and then lsmod to make sure the TUN module loaded. Then I connected to my VPN:
    cd /sdcard/openvpn
    /system/xbin/openvpn --config client1.conf

    Assuming it works, you should see lots of happy output. If you want, leave the connection open, connect via another shell, run ifconfig to verify that the TUN device has an IP address, and ping your VPN. Hit F4 to close the connection when you’re satisfied.

  5. Last, you’ll want to set up OpenVPN Settings to manage your VPN connection so you won’t have to start/stop it from the shell. In my case, OpenVPN Settings auto-detected the VPN config I’d put in /sdcard/openvpn, but you can change this location through the Advanced settings if you need to. My settings are:
    Load tun kernel module
    checked
    TUN module settings
    Load module using
    insmod
    Path to tun module
    /system/lib/modules/tun.ko
    Path to configurations
    /sdcard/openvpn
    Path to openvpn binary
    /system/xbin/openvpn
    Fix HTC Routes
    unchecked
    Show Ads
    checked

From here, you should be good to go! Just tap your connection in OpenVPN Settings whenever you want to connect to your VPN.

Filed under: Systems.  Tagged: , , .

No comments »

No comments yet.

Add a comment

You can also log in (or register) for easier commenting on lyncd.

Lyncd is an evolving group blog-in-progress. Weʼll be designing the site, adding users and content, and developing a hifalutin site focus as we go. For now, just think of our site mantra as “minimalism.” :)