OpenVPN configuration in 2.2 froyo on Archos

Discuss cool Apps for the Gen8 Tablets
Sauron
Archos User
Archos User
Posts: 79
Joined: Mon Nov 29, 2010 11:41 am

OpenVPN configuration in 2.2 froyo on Archos

Post by Sauron »

Hi,

Since there is no any kind of documentation - I hope someone has answer here ;)
OpenVPN (our new acquisition in android 2.2) requires 3 certificates to work. CA certificates, client cert and client key. Configuration window allows only to choose CA and client cert. When I try such a combo, in error log on Archos there is client key open error. So I guess there is a way somehow, to import cert and key in single file (I still believe that developers tested it ;) ) - any idea if this approach is right? what kind of container should I use to import client cert and key in single file? Anyone managed to run OpenVPN on Archos?
Sauron
Archos User
Archos User
Posts: 79
Joined: Mon Nov 29, 2010 11:41 am

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by Sauron »

Heh,

Ok - I'll answer myself ;)

Client CRT (signed certificate) and KEY (private KEY) can be merged in one PKCS12 file (in my case private key was without pass phrase) and imported to Archos. While merging, you HAVE to give some password (Archos does not allow importing empty password pkcs12)
Merging:

Code: Select all

openssl pkcs12 -export -in archos70.crt -inkey archos70.key -out archos70_keycrt.p12
Quick howto:
* generate key and signed cert for openvpn (openvpn doc.)
* merge key and cert (above)
* copy CA cert (ca.crt), and merged key/cert file (archos70_keycrt.p12) to root folder of your SD card
* in settings->Location&Security
** "Set password" (if there is not one already) - 8 letters min.
** "Install from SD card" both certificates (names not important)
* in settings->Wireless & Networks->VPN settings
** Add VPN
** write "VPN name" (not important)
** Set "VPN server IP"
** "Set CA certificate"
** "Set user certificate"
* in advanced settings (menu key) you may need to choose compression, port or UDP/TCP mode (depends on your VPN configuration)
* Connect to Internet
* Connect to VPN - your done :)
Last edited by Sauron on Thu Jan 13, 2011 8:16 pm, edited 1 time in total.
Sylph
Archos User
Archos User
Posts: 88
Joined: Wed Dec 01, 2010 5:33 am

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by Sylph »

Nice. I didn't notice the VPN option is built-in. I might set that up later. Thanks! :)
BareMetal
Archos Novice
Archos Novice
Posts: 2
Joined: Thu Dec 02, 2010 7:15 pm

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by BareMetal »

Nice, I've been trying to hack in openvpn settings and make it work with little luck.

I have just completed the merge and will try the rest tonight when I get home,

Thank you.
AvengerMoJo
Archos Novice
Archos Novice
Posts: 16
Joined: Mon Dec 13, 2010 3:25 pm

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by AvengerMoJo »

After copying ca.crt and p12 files to the root of my SD it still claim No certification exist.
Sauron
Archos User
Archos User
Posts: 79
Joined: Mon Nov 29, 2010 11:41 am

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by Sauron »

Where did you exactly copy those files? (I don't have external SD Card - just internal 8GB memory - so path can vary in this case) As far as I can tell - Android checks validity of certificates AFTER they are chosen, so before that you have some location or extension issue (it just search for file with certain extension in certain location).
Last edited by Sauron on Tue Dec 14, 2010 6:29 pm, edited 1 time in total.
AvengerMoJo
Archos Novice
Archos Novice
Posts: 16
Joined: Mon Dec 13, 2010 3:25 pm

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by AvengerMoJo »

Thank you very much ... the install from SD really mess me up :)
Sauron
Archos User
Archos User
Posts: 79
Joined: Mon Nov 29, 2010 11:41 am

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by Sauron »

Well probably this 8GB inside Archos is just another SD/MMC card ;)
AvengerMoJo
Archos Novice
Archos Novice
Posts: 16
Joined: Mon Dec 13, 2010 3:25 pm

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by AvengerMoJo »

I still not able to connect to my server, maybe it is because of my server require an extra line for tls-auth /path/ta.key 1
And even I set that the apps seem to not able to locate the file.
Anyone out there get the similar setting or using the extra line like I do and know what kind of search path it is expecting?
Sauron
Archos User
Archos User
Posts: 79
Joined: Mon Nov 29, 2010 11:41 am

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by Sauron »

Since UI of OpenVPN on Archos70 does not allow to use extra tls auth key, you can try to do it by 'extra settings/command' in advanced menu (last position). I haven't tried it - but it may work (since I guess it's only limitation of UI - not OpenVPN on Archos itself)

Check openvpn --help on some PC, I guess it's this part:
--tls-auth f [d]: Add an additional layer of authentication on top of the TLS
control channel to protect against DoS attacks.
f (required) is a shared-secret passphrase file.
The optional d parameter controls key directionality,
see --secret option for more info.
AvengerMoJo
Archos Novice
Archos Novice
Posts: 16
Joined: Mon Dec 13, 2010 3:25 pm

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by AvengerMoJo »

Yes it work in command line when i'm rooted since it require insmod tun and ifconfig route add
But I would love to see the GUI working however, I can't get this work out the way I wanted :)
At least not sure what the extra-line mean... or how it work.
E.g.
in the config file I use
tls-auth /path/ta.key 1

I try that in extra line does not work
I try
--tls-auth /path/ta.key 1
does not work either

Just hope something get a chance to read the openvpn ui code and figure out what does extra line really mean and how does it format compare to config file in openvpn.

Thanks
AvengerMoJo
Archos Novice
Archos Novice
Posts: 16
Joined: Mon Dec 13, 2010 3:25 pm

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by AvengerMoJo »

No luck with the GUI and new firmware... worst is no root in the new firmware ... so openvpn once again fail to be used.
Sauron
Archos User
Archos User
Posts: 79
Joined: Mon Nov 29, 2010 11:41 am

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by Sauron »

AvengerMoJo wrote: Just hope something get a chance to read the openvpn ui code and figure out what does extra line really mean and how does it format compare to config file in openvpn.
Is it not easier to simply ask Archos? Write to tech. support - you are the customer :)
Last edited by Sauron on Mon Dec 27, 2010 6:26 pm, edited 1 time in total.
koukobin
Archos Novice
Archos Novice
Posts: 9
Joined: Thu Dec 16, 2010 4:20 pm

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by koukobin »

I have the latest Archos firmware (Archos 70 device) and i can confirm that built-in openvpn works really great, after of course following the guide from Sauron (look at the beginning of the thread).

Thanks Sauron.
Kiki
Archos Novice
Archos Novice
Posts: 4
Joined: Thu Dec 23, 2010 7:45 am

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by Kiki »

Does anybody know where the openvpn configuration file is found?
Kiki
Archos Novice
Archos Novice
Posts: 4
Joined: Thu Dec 23, 2010 7:45 am

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by Kiki »

Well I didnt find where the configuration file is but I used

--tls-auth /mnt/sdcard/ta.key 1

In extra line and my vpn is finally working!
svingen
Archos Novice
Archos Novice
Posts: 6
Joined: Thu Dec 30, 2010 10:49 am

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by svingen »

Hello!
i have not test this on my archos (will get it tomorow i hope,i have only test it connect using windows 7 from work to home so vpn is working) but a quick way to set upp a openvpn server is to download a virtual appliance from here http://openvpn.net/index.php/access-ser ... as-vm.html

then follow this guid:
to get out the cert etc...
http://openvpn.net/index.php/access-ser ... cates.html

to get the p12 file i did need to use a other linux boks then the one openvpn running did not know why.....
the open vpn only have 2 lisenser but gues that shold be enogh if you don`t have many archos players ;)

good luck....i run this on vmware only need 2gb disk har 256ram work good on vmware player etc :)
mickprue
Archos Novice
Archos Novice
Posts: 6
Joined: Fri Jan 14, 2011 3:02 pm

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by mickprue »

I am sorry for being so thick, security is not my bag..... where would I find the .key and .crt files? I am sure I create them somehow, just not sure how.
jhendry
Archos Novice
Archos Novice
Posts: 4
Joined: Fri Jan 14, 2011 12:01 pm

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by jhendry »

WOOO! Finally got the OpenVPN to work on my Archos 101.....


So, Sauron's instructions are *almost* flawless... the issue is that OpenVPN client on Archos101 does not 100% conform to the PKCS standard, in that it will ONLY use the ca.crt file packaged in the .p12 file.

To package your ca.crt inside your .p12 file add the option "-cerfile /path/to/ca.crt" to Sauron's "How to create PKCS12 file" instructions.

Hope this makes sense! (Feel free to message me if it does not!!...).
Sauron
Archos User
Archos User
Posts: 79
Joined: Mon Nov 29, 2010 11:41 am

Re: OpenVPN configuration in 2.2 froyo on Archos

Post by Sauron »

I had to repeat those steps few days ago (good I've made them ;) ) - and certainly Archos WILL load ca cert not in p12. Well but certainly p12 won't harm :)
Post Reply

Return to “Gen8 Apps”