Skip to main content

Help Transferring a Profile to Android

If you're having trouble importing a profile on Android, try these steps:

1. Ensure all files are in the same directory

When you import a .ovpn file, ensure all files referenced by it, such as ca, cert, and key files, are in the same directory on the device as the .ovpn file.

2. Check formatting and size

Profiles must be UTF-8 (or ASCII) and under 256 KB in size.

3. Use the unified format for OpenVPN profiles (option 1)

Consider using the unified format for OpenVPN profiles, which allows all certs and keys to be embedded into the .ovpn file. This simplifies OpenVPN configuration management by integrating all configuration elements into a single file.

Tip

Example of using the unified format:

  1. You have a traditional OpenVPN profile specifying certs and keys as follows:

    ca

    ca.crt

    cert

    client.crt

    key

    client.key

    tls-auth

    ta.key

  2. You convert this usage to unified by pasting the contents of the certificate and key files directly into the OpenVPN profile as follows, using an XML-like syntax:

    <ca> -----BEGIN CERTIFICATE----- MIIBszCCARygAwIBAgIE... . . . /NygscQs1bxBSZ0X3KRk... Lq9iNBNgWg== -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- . . . </cert> <key> -----BEGIN RSA PRIVATE KEY----- . . . </key> key-direction 1 <tls-auth> -----BEGIN OpenVPN Static key V1----- . . . </tls-auth>

Warning

When converting tls-auth to unified format, check for a second parameter after the filename (usually a 0 or 1). This key-direction parameter must be specified as a standalone directive when tls-auth is converted to a unified format. For example, if the parameter is 1, add this line to the profile: key-direction 1. If there is no second parameter to tls-auth, you must add this line to the profile: key-direction bidirectional.

3. Use the Android Keychain (option 2)

Another approach to eliminate certificates and keys from the OpenVPN profile is to use the Android Keychain. For information about this, refer to FAQs.