Help Transferring a Profile to Android
If you're having trouble importing a profile on Android, try these steps:
1. Ensure all files are in the same directory
When you import a .ovpn file, ensure all files referenced by it, such as ca, cert, and key files, are in the same directory on the device as the .ovpn file.
2. Check formatting and size
Profiles must be UTF-8 (or ASCII) and under 256 KB in size.
3. Use the unified format for OpenVPN profiles (option 1)
Consider using the unified format for OpenVPN profiles, which allows all certs and keys to be embedded into the .ovpn file. This simplifies OpenVPN configuration management by integrating all configuration elements into a single file.
Tip
Example of using the unified format:
You have a traditional OpenVPN profile specifying certs and keys as follows:
ca
ca.crt
cert
client.crt
key
client.key
tls-auth
ta.key
You convert this usage to unified by pasting the contents of the certificate and key files directly into the OpenVPN profile as follows, using an XML-like syntax:
<ca> -----BEGIN CERTIFICATE----- MIIBszCCARygAwIBAgIE... . . . /NygscQs1bxBSZ0X3KRk... Lq9iNBNgWg== -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- . . . </cert> <key> -----BEGIN RSA PRIVATE KEY----- . . . </key> key-direction 1 <tls-auth> -----BEGIN OpenVPN Static key V1----- . . . </tls-auth>
Warning
When converting tls-auth to unified format, check for a second parameter after the filename (usually a 0 or 1). This key-direction parameter must be specified as a standalone directive when tls-auth is converted to a unified format. For example, if the parameter is 1, add this line to the profile: key-direction 1. If there is no second parameter to tls-auth, you must add this line to the profile: key-direction bidirectional.
3. Use the Android Keychain (option 2)
Another approach to eliminate certificates and keys from the OpenVPN profile is to use the Android Keychain. For information about this, refer to Frequently Asked Questions.