ATTENTION: This tutorial is out of date, incomplete and deprecated.
A new and improved version of this tutorial can be found here: https://airvpn.org/topic/24349-how-to-airvpn-via-sslstunnel-on-android-678/
This thread is only kept online for historical reference.
Goal and obstacles
We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. On Android, a few obstacles have to be worked around:
a. there is no AirVPN Eddie client for Android.
Solution: We will use OpenVPN and stunnel directly.
b. there is no stunnel app in any Android appstore.
Solution: we will download the stunnel Android binary (provided by the stunnel project itself) and run it from the commandline.
c. Android does not allow us to execute any programs from the sdcard.
Solution: we will move stunnel to a special location (owned by the Terminal app), which will allow the Terminal app to execute stunnel.
d. stunnel wants to write to /tmp/, but there's no /tmp/ on Android.
Solution: we will modify the .ssl config file to change the pidfile location to a writable directory.
- Android 4.0 or newer (device does not have to be rooted)
- stunnel compiled for Android (FOSS), via project website
- OpenVPN for Android (FOSS), via F-Droid or Play Store
- Jack Palevich's Terminal Emulator for Android (FOSS), via F-Droid or Play Store
- a separate computer to download/edit the necessary config files and binaries (entirely optional, but easier than doing everything on the Android device itself)
1. Generate config files with AirVPN's config generator
- choose Linux
- pick one single server of your choice. I will use Nunki for this tutorial!
- for Connection Mode, choose SSL Tunnel, port 443 (visible after enabling Advanced Mode)
- enable Resolved hosts in .ovpn file
- leave all the other settings at their default values
- download and unzip the generated zip file
- this should result in an AirVPN folder, containing three files
2. Open the ssl config file (AirVPN_GB-Manchester_Nunki_SSL-443.ssl) in a text editor.
Find the line:
pid = /tmp/stunnel4.pid
Change it to:
pid = /data/data/jackpal.androidterm/app_HOME/stunnel4.pid
Save and close the file.
3. In a text editor, create a new file with the following contents:
#!/system/bin/shcd /data/data/jackpal.androidterm/app_HOME./stunnel AirVPN_GB-Manchester_Nunki_SSL-443.ssl
Save it to a file named nunki (no file extension).
Put the file into the AirVPN folder, next to our other config files.
4. Download and unzip stunnel for Android from the stunnel website (stunnel-X.XX-android.zip)
Put the stunnel file (only the file, not the folder) into the AirVPN folder.
5. Make sure your AirVPN folder now contains the following files:
6. Copy the whole AirVPN folder to your Android's SD card.
The path should be:
The simple cd command should take you to the app's home directory (/data/data/jackpal.androidterm/app_HOME).
This is where we need to put our config files and the stunnel binary. Let's move them over by running:
mv /sdcard/AirVPN/* .
It's important to type every character correctly (commandline is case sensitive); the "*" is a wildcard expanding to all files in the AirVPN folder, and the "." is a placeholder for the current directory /data/data/jackpal.androidterm/app_HOME. Typing commands on Android is a big pain, so I try to keep them as short as possible!
Finally, we need to modify permissions for the binary and the script, allowing us to execute them:
chmod 555 stunnel nunki
We should be ready to go!
I. Open Terminal Emulator and run the following two commands:
A log message should appear: Configuration successful
Great! Keep the Terminal app running, but use the Home button to get out.
II. Open OpenVPN for Android and connect to the profile AirVPN_GB_Manchester_Nunki_SSL-443
Unless something went wrong, you should get Initialization Sequence Completed - great!
I recommend performing the usual leak tests and perhaps diving into OpenVPN's profile settings before relying on your configuration to work as you expect it to.
III. To disconnect:
- Disconnect VPN in OpenVPN
- open Terminal Emulator, press VOLUME_DOWN + C to kill stunnel
- press the X button to close the terminal session
IV. If stunnel isn't shutdown properly, you may see an error if you try to run stunnel again:
[!] Error binding service [openvpn] to 127.0.0.1:1413[!] bind: Address already in use (98)[ ] Closing service [openvpn][ ] Service [openvpn] closed
This means stunnel is still running in the background. You can kill it by running:
I successfully followed my own tutorial using:
CyanogenMod 12.1 nightly (≈ Android 5.1)stunnel 5.23OpenVPN for Android 0.6.35 (F-Droid)Terminal Emulator 1.0.70 (F-Droid)
Testers welcome, especially if you're using different Android and software versions.