Setup OpenVPN Connect Client in Android
In this article, we will show you how to connect your Android phone to your OpenVPN Server. We have already set up an OpenVPN server in this article.
IMPORTANT: The date on the router must be within the range of the installed certificates valid period. To prevent certificate verification issues, enable NTP synchronization on both the server and the client.
The process is similar to the Windows client. We only need to embed our certificates, keys and credentials in our .ovpn file.
First, download the OpenVPN Connect Client, officially maintained by OpenVPN, from Google Play.
After you download the client, you need to prepare an .ovpn file, that contains:
- the CA certificate (.crt)
- the Client certificate (.crt)
- the Client certificate key (.key)
- the server configuration
- the credentials for the secret
Log in to your Mikrotik CHR and then go to System>Certificates. We'll export the Client certificate first by right-clicking it and select Export.
Enter a passphrase of your choice and click on "Export". You will get a key file with your Client certificate. 
RouterOS Command:
[admin@MikroTik] > /certificate export-certificate CLIENT1 export-passphrase=12345678
Then export the CA certificate without a passphrase.
RouterOS Command:
[admin@MikroTik] > /certificate export-certificate LMTCA export-passphrase=""
Click on Files. You will see the exported certificates and keys in the root directory. Download them by dragging them to a folder.
This time, we will embed the certificates and secret in the .ovpn file. In a text editor paste this example configuration, change the values according to your OpenVPN Server configuration and paste the certificate contents, key contents and credentials. Then save it.
Example .OVPN configuration file:
client
dev tun
proto tcp-client
remote IP address of your Mikrotik CHR
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
mute 10
cipher AES-256-CBC
data-ciphers AES-256-CBC
auth SHA1
auth-nocache
;redirect-gateway def1 #remove semicolon for full redirect
<ca>
-----BEGIN CERTIFICATE-----
Contents of the CA certificate
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
Contents of the SERVER certificate
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
Contents of the private key
-----END ENCRYPTED PRIVATE KEY-----
</key>
<auth-user-pass>
Username
Password
</auth-user-pass>
Open the OpenVPN Connect app. You will be presented with options to import your .ovpn profile. Tap on File and then on Browse. Some versions will let you browse the file directly from the app.
Then tap on OK to import the profile from the file.
After that, name the profile as you like and if you want, check the Save Private Key Password and enter the password. Tap on Add.
To test your connection, tap on the switch next to your profile, if it asks about adding a VPN connection to your phone, accept it.
And that’s it. You can now connect to the internet via your MikroTik Device using OpenVPN.
Please take a look at our powerful Mikrotik Cloud Hosted routers and choose your hosting solution.
You can decide to make your own VPN or rent a good and cheap dedicated server.
We have a tremendous and reliable Webhosting service.
If this is hard for you, you can take a look at our fast and secure OpenVPN Hosting plans. Easier and quicker to set up, more secure and it's ready in 5 minutes.
