Skip to main content

Android Security FAQs

Wondering about OpenVPN Connect security and best practices? Refer to these FAQs.

Is OpenVPN Connect vulnerable to Heartbleed?

No, OpenVPN Connect uses the OpenSSL library, which is immune to Heartbleed.

What can I do to ensure good security on my Android device?

The safest options to protect your VPN profiles against compromise due to a lost or stolen mobile device are:

  1. Avoid saving your password on your device.

  2. Use the Android Keychain as a repository for your private key.

Is it safe to save passwords?

The safest option is to use the Android Keychain as a repository for your private key. When you edit the profile, you can save the password by checking Save Password. When you do this, OpenVPN Connect stores your password in the keychain.

Why is the save password switch sometimes unavailable?

The save password switch on the authentication password field is typically turned on, but you can turn it off by adding the following OpenVPN directive to the profile:

setenv ALLOW_PASSWORD_SAVE 0

Important

The above directive only applies to the user authentication password. The private key password, if it exists, can always be saved.

Does OpenVPN Connect support the tls-crypt option?

Yes, OpenVPN Connect includes support the the tls-crypt option in recent versions.

In this section: