PKCS12 File Generation + Android Tutorial

[icartemo 8]

I would like to request PKCS12 file generation in the OpenVPN Configuration Generator part of the site. Although it's fairly easy to do yourself, and I have done it myself. I think it would be helpful for new members or anyone without the knowledge on how to make one.

I have an android device running JellyBean(4.2.2) and I would rather store my VPN credentials in the keystore then to leave them in the open sd-card storage where any app is free to access it. I put together a little guide to help anyone wishing to go this route without the know-how. This guide is meant for android users but it can be applied to pretty much any system.

Requirements for this method:

Android 4.0+ *(although the keystore is available in earlier versions of android, the security is fairly weak in those versions)

Openssl on Windows (In my case Windows 7)

AirVPN Premium Account

Starting out you will want to navigate to the access without client page.

From here select the locations you would like to use, then under the Advanced settings select “Separate keys/certs from .ovpn file”. This will give you the .ovpn files and your unique ca.crt, user.crt, and user.key files. Save these files to your computer.

Open command prompt with administrator permissions and navigate to the location you saved your ca.crt, user.crt, and user.key files. Now run the following command:

openssl pkcs12 -export -in user.crt -inkey user.key -certfile ca.crt -name airvpn -out airvpn.p12

The command prompt will ask you to create a password for the file. *Note: When typing your password in, command prompt knows what you typed but won’t show it.

Once your airvpn.p12 file has been made, connect your android device to your computer and transfer the airvpn.p12 file to the root of your sd-card. When the transfer is complete disconnect your android device.

On your android device, go to the settings of the device and go into “Security”. In security you will see a section called Credential Storage, in this section you want to select Install from “SD card”. This will automatically install your airvpn.p12 file containing your VPN credentials. If the airvpn.p12 file remains on the sd-card of your device, I advise deleting it because it is no longer needed.

Now that the credentials are taken care of, you need to slightly modify the .ovpn files that you downloaded earlier to use the credentials.

Open up your .ovpn files with notepad and scroll to the bottom of the file. You will see 3 lines that look like this:

ca "ca.crt"

cert "user.crt"

key "user.key"

You are going to want to change these 3 lines and add 1 additional line to this part of the file. You should change it to look like this:

#ca "ca.crt"

#cert "user.crt"

#key "user.key"

pkcs12 airvpn.p12

Once you have done this, save your changes to the .ovpn file. Do this to all your .ovpn files. When you are done, transfer these files to your android device.

Now using your favourite openvpn app (Openvpn Connect, OpenVPN Settings, featvpn) import the .ovpn file like usual and you will be prompted to give .ovpn file access to your airvpn.p12 credential which you should for this to work.

Now you should be fully connected to AirVpn using your credentials stored the in android keystore. Congrats.

[anonsurfacct 0]

Would definitely be cool to have it in the file generator. Thanks for the info.

[wilsonmd 0]

Hi!!

I want to know HOW i find the .ovpn config file to use airvpn?? Because see NOTHIG in "config generator" !!!!!

[ldia 1]

I am having an android device running ICS 4.0. I have been trying to connection with VPN Connect on my phone using both airvpn and vpnfacile configurations. They thing about vpnfacile is that it requires me to install certificate file which i don't know how to get that  and for airvpn it does load the config file but fails to connect.  my config is like this
 

client
remote bs1.vpnfacile.net 443
dev tun
proto tcp
nobind
persist-key
persist-tun
tls-auth ta.key 1
ca ca.crt
cipher AES-256-CBC
keysize 256
link-mtu 1560
comp-lzo
auth-user-pass pass.txt
http-proxy 127.0.0.1 8080

http-proxy-option AGENT 'Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15'

http-proxy-option EXT1 'Host:host_here/'
http-proxy-option EXT2 'X-Online-Host:host_here/'

 

Please help me to deal with the certifacate thing