I have toyed with this yesterday and thought I would share the experiment. I wanted to try out the OpenVPN software built-in Cyanogen for my Samsung Galaxy S2, for this I used a Debian on the other side (which uses a public IP). The first step is obviously installing OpenVPN on the server, then configuring it. Once this is installed, you can do the following steps, this will take care of symlinking the easy-rsa directory, create the server CA and create its certificates.
ln -s /usr/share/doc/openvpn/examples/easy-rsa/1.0 easy-rsa cd easy-rsa source ./vars ./clean-all ./build-ca ./build-dh ./build-key-server yourserver
Once this is done and you have checked there was no error in all the commands you typed, you can create your first client, still within the same directory do: ./build-key-pkcs12 cm7. In this example, cm7 is your client name.
This is the working config for my OpenVPN server, edit /etc/openvpn/server.conf. I chose TCP as a more reliable way to have my client keep the vpn connection over crappy GPRS.
proto tcp port 8443 dev tun ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/yourserver.crt key /etc/openvpn/easy-rsa/keys/yourserver.key dh /etc/openvpn/easy-rsa/keys/dh1024.pem ifconfig-pool-persist ipp.txt server 192.168.6.0 255.255.255.0 keepalive 10 120 persist-key persist-tun status /var/log/openvpn-status.log verb 3 mssfix 1200 tun-mtu 1200
Now comes the interesting bit, Cyanogen has a page on OpenVPN but they don’t really explain how to install the p12 cert you generated. You will need to copy that to the root of your sdcard, then go to Settings/Location and Security/Storage Credentials/Install from SD Card. Once you have selected the file, it will ask for the same password as used during the client cert generation, then you can select a storage password to keep it safe.
You can now set up your OpenVPN, go to Settings/Wireless & Networks/VPN Settings/Add VPN, then define the IP, name and certs, select the same cert for CA and user. Then go to advanced and make sure you change the IP Port and switch to TCP. Now the interesting part, it failed to connect until i rebooted the device. Has to be the shittiest fix ever but here goes…
Make sure you have started your OpenVPN server and check the logs for errors.