generating client.ovpn file on android

Question

I am developing a open source application wrapper over OpenVPN library for Android. For that I need to generate openvpn conf file.

I have followed OpenVPN how but did not understand how to generate .conf file on Android.

Is there any way to generate .conf/ .ovpn file locally on Android device ?

I could generate .cert and RSA private key and OpenVPN static key but I am still not clear about generating CA certificate for a particular client.

is there anything ( server side certificate /private key)I need to get from server.

I am still learning certificate based authentication for OpenVPN so my question can be a little naive so please bear with it :)

Answer 1

I have installed hundreds of OpenVPN servers and I never needed a DH file on the Client.

Server needs:

• dh
• ca.crt
• ca.key
• servername.crt
• servername.key
• optional (recommended) ta.key
• a config file

Client:

• the same ca.crt
• clientname.crt
• clientname.key
• ta.key (if used in the server)
• client.conf

Regards!

Answer 2

You have to write configuration files on your own. OpenVPN server administrator should provide client configuration file. Configuration file for client looks almost the same on Linux/Windows/Android/etc.. For client you have to generate "client certificate", not "CA certificate". Maybe you should read more about PKI (http://bit.ly/YP5dvZ). If you are using certificates for authentication, then client should have configuration file, DH file, CA certificate, private and public client keys to work.

Answer 3

client

dev tun
proto tcp
remote 1.2.3.4 1194

resolv-retry infinite
nobind

persist-key
persist-tun

verb 1

keepalive 10 900
inactive 3600
comp-lzo

<ca>
-----BEGIN CERTIFICATE-----
....................................
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
...........................
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
.....................
-----END RSA PRIVATE KEY-----
</key>