I want to route all my network traffic through my home's ISP connection when I'm out in Internet cafes so I can't be eavesdropped/firesheeped.
I have an HTC G2 with CyanogenMod 7, which has OpenVPN client support built-in:
At home, I have a router with TomatoVPN on it, which includes an OpenVPN server:
Now, how do I get the phone client to connect to the router server? I can Google and find a set of seemingly relevant instructions, but they aren't very helpful:
You need to pack your cert and keys and put it in SD card
Where do I get those?
Copy client.p12 to sdcard root directory
Where do I get that?
add your certificates, and set the interface type and the protocol accordingly.
How, specifically? Which settings should be what? Using settings that don't protect me is worse than no protection at all due to the false sense of security.
I'm looking for step-by-step instructions for a "roadwarrior" setup that routes all traffic through the VPN.
Where do I get keys? Do I need to use additional username/password authentication? What DNS search domains? What settings should I use in CM7's OpenVPN Advanced menu? "Redirect gateway" needs to be set to route all traffic, for instance, right? Which settings for Basic and Advanced in TomatoVPN? "Direct clients to redirect Internet traffic"? "Respond to DNS"?
Update:
I've given it yet another try on my own, and was again unsuccessful. I don't think there's any way to generate keys on either the router or the phone, so I tried to generate them in Ubuntu. I tried to follow these directions to generate keys, but they aren't correct. (The folder is /usr/share/doc/openvpn/examples/easy-rsa/2.0 instead of /usr/share/doc/openvpn-2.0/easy-rsa, for instance, and there's a vars, but no init-config script.) I found these directions, which are more helpful, and generated a number of files:
- 01.pem
- 02.pem
- ca.crt
- ca.key
- dh1024.pem
- htc_g2.crt
- htc_g2.csr
- htc_g2.key
- server.crt
- server.csr
- server.key
- ta.key
The files I copied to the router are
- ca.crt
- server.crt
- server.key
- dh1024.pem
first stripping everything before -----BEGIN, according to these instructions. The router server starts now and says
Name Value Max bcast/mcast queue length 0
under Status. So I guess the server is working?
Then I copied these files to the phone:
- ca.crt
- htc_g2.crt
- htc_g2.key
- server.crt
- ta.key
Different directions disagree on which files to copy. Then I went to Settings → Location & security → Install from SD card, and was able to install the CA certificate, added a password, etc. Trying to add the htc_g2 or server certificates did not work, saying "no certificate to install". I edited the files and removed everything before -----BEGIN, and then they installed. In "Add OpenVPN VPN", I selected the "ca" certificate for "Set CA certificate", and the htc_g2 certificate for "Set user certificate". When I try to connect, it says "Unable to connect to network". Same if I try the server certificate for the user certificate.
No comments:
Post a Comment