Ce site est optimisé pour être consulté depuis un navigateur moderne dans lequel JavaScript est activé.

OpenVPN : Convertir profil windows en android

monsieurN

Bonsoir à tous.Je me permets de solliciter votre aide. Même si je tourne sur windows, j'espère trouver tout de même de l'aide car même sur le forum officiel, pas de réponse. J'ai installé sur mon serveur (windows server 2016), openvpn en mode tun. Je m'y connecte avec un pc windows 10 sur lequel j'ai créé un profil client VPN. Et tout cela fonctionne à merveille.

Question : comment convertir ce profil créé sous windows afin de pouvoir l'utiliser sur OpenVPN android connect ?
Je me permet de mettre mon fichier de configuration.

Specify that we are a client and that we

will be pulling certain config file directives

from the server.

client

Use the same setting as you are using on

the server.

On most systems, the VPN will not function

unless you partially or fully disable

the firewall for the TUN/TAP interface.

;dev tap
dev tun

Windows needs the TAP-Win32 adapter name

from the Network Connections panel

if you have more than one. On XP SP2,

you may need to disable the firewall

for the TAP adapter.

;dev-node MyTap

Are we connecting to a TCP or

UDP server? Use the same setting as

on the server.

proto udp

The hostname/IP and port of the server.

You can have multiple remote entries

to load balance between the servers.

remote xxxxx.com 1194
;remote my-server-2 1194

Choose a random host from the remote

list for load-balancing. Otherwise

try hosts in the order specified.

;remote-random

Keep trying indefinitely to resolve the

host name of the OpenVPN server. Very useful

on machines which are not permanently connected

to the internet such as laptops.

resolv-retry infinite

Most clients don't need to bind to

a specific local port number.

nobind

Downgrade privileges after initialization (non-Windows only)

;user nobody
;group nobody

Try to preserve some state across restarts.

persist-key
persist-tun

If you are connecting through an

HTTP proxy to reach the actual OpenVPN

server, put the proxy server/IP and

port number here. See the man page

if your proxy server requires

authentication.

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

Wireless networks often produce a lot

of duplicate packets. Set this flag

to silence duplicate packet warnings.

;mute-replay-warnings

SSL/TLS parms.

See the server config file for more

description. It's best to use

a separate .crt/.key file pair

for each client. A single ca

file can be used for all clients.

ca "C:\Program Files\OpenVPN\config\ca.crt"
cert "C:\Program Files\OpenVPN\config\ClientVPN.crt"
key "C:\Program Files\OpenVPN\config\ClientVPN.key"

Verify server certificate by checking that the

certicate has the correct key usage set.

This is an important precaution to protect against

a potential attack discussed here:

http://openvpn.net/howto.html#mitm

To use this feature, you will need to generate

your server certificates with the keyUsage set to

digitalSignature, keyEncipherment

and the extendedKeyUsage to

serverAuth

EasyRSA can do this for you.

remote-cert-tls server

If a tls-auth key is used on the server

then every client must also have the key.

;tls-auth ta.key 1

Select a cryptographic cipher.

If the cipher option is used on the server

then you must also specify it here.

Note that v2.4 client/server will automatically

negotiate AES-256-GCM in TLS mode.

Enable compression on the VPN link.

Don't enable this unless it is also

enabled in the server config file.

comp-lzo

Set log file verbosity.

verb 3

Silence repeating messages

;mute 20

D'avance merci de votre aide

Banip

Salut,

Déjà je me permets de rappeler que les balises [ code ] [ / code ] ou `` sont là pour formater ton texte histoire que se soit plus lisible.

Ensuite concernant openVPN ce que je fais pour mes profils c'est que je colle la configuration et les certificats dans le même fichier :

client
nobind
dev tun
remote-cert-tls server

remote IP-DU-SERVEUR 1194 udp

<key>
-----BEGIN PRIVATE KEY-----
AzMYLQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCmdGulethSMliX
JhQfwolZQIg6L3CZ05Kmmum4nRHv2nmedQhn572Ii8VrmxIiqF5wjleajLP4ID2G
eOAzKUtX05T391kmIaSM1Qk/oYsQVIKwtBt2xHBzU/kpXrQaA6IlkvpcXZ7JxXys
O7W5DhpylcW8XD/1rp+yCbNa09ENEByskgIn/B7kr4tus9RxpA3LSDcSLcIQcXym
GK5Jr9fBsR6x6G1BNKuYyD3DgNNho+KD9U/RexxhVK5dElQvbk6qEMwPiO+2kwTO
6uoMO174dn+vNRAiDz+/e42eHzV1RW1CEsTsSLzmzpfCU4FrugIvna3RqL+h1g3t
vImq590/AgMBAAECggEAdnwEbARnmwrPWLf4NytIjUmMLq66HiUmDIXUvF7B99Oy
IoL3+s5QcbPcUV5OqHDk2IXaAd8J9CMu6Ft+a6yHPvsS3PcqdCQad0zlim+5B2TA
qntp2T63NMCfaT1KQgI4FzrqD3lsn/99YTQXhKRvWwUVfaDEvmMQtbCGBK8l7X9V
/cEW/ir9Z4g3Yi3aMR+j2JnmO9+mN9DtNM6Q/BxPDE1d4w3QJQDd58bxduEZUOCK
yJT4ZP5dgRiZswKkwkBVlT6sAG9H2EiXwgbRw3GP3EbBhGM/oxhVuF3nLkdnwcCo
gWPzW44PAcwlhxdxIHGDvReCg4th3R1KDDDpFlvUAQKBgQDc0PuOqcEKdqSXyVRR
nZ64KqDi7n9DJhMgPyHKk7gqw//GW2tY8K0nKS1yAI6nSOMsQSCFWXxpew/rujem
06A4ixVAdk1JixkTBsezwKlDl2LDp2jOCzlvMhQMF9wtJHdONox6tbjlK/WxxjIw
bnXcPZFvBOVkS0SMjcAMF7HnAQKBgQDA+gyhLTMrPqc/JKtcEaMqZ8JB8Ykwpzni
XmemwAC5W1qmVlvI1/WpMyilP/76us3416LnD0kyXsFhihS6IQaqTS/6itOJEMr5
qJ/Ij+3MgBFuSSmw8DaO0TCs8/I+JLQ1AaTt0Hu+ZklurRHDWmN1u6Lct+ZImbsu
8SQX8oQEPwKBgHirY60Uqz9ykoO4K/Hl9uShtwYMW1NwrScEGQ1BKHWGYnIdZ05V
R+qMoB8amtpkBHEcrg7xVgG2lH63Zs4t+/KqXtS5UYcNEojJPbzHXjhntDtDcwyW
Ka7QaRAqwdGRifkd6irsv7vNCBk8PBUnaBURODa5MDpcv3snw3lYQYoBAoGBAIRj
BocMGy5vrQ0EewqOjwFobTwQF63pCyzg1vrufZCru2ShmhYPEdkh36B+Zs5bmTI9
vOQG+JA1sTTZJZ8LSSdMDL40vyoo+xaLOBK/qsPAmDSwvIlGQid4G4yLToSTaY1z
s1Hy1PGp+naTBLygJdt+/hutja4AyQlLJRfIqAjBAoGAQHSZB++I9axI0YadV8pf
Nnq3scuJppadZui5sb9f/zQ8SnaxUE6CIsH8Fcmd9UTVxBLONCOj+D29hN713Tnj
LBh07WB54QGcCZ/CVlrZ5brhVU/pv0WZ0gYbiuFM0XsGKxJlgSNOTvf57XsJDrq6
KFjOXJHAbgGsAlKxwezh5cI=
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIRAL1NlGqOOCMLtTb5OkyQS+AwDQYJKoZIhvcNAQELBQAw
FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMTkxMDA1MTc1MTE3WhcNMjIwOTE5
MTc1MTE3WjAQMQ4wDAYDVQQDDAVicmljZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKZ0a6V62FIyWJcmFB/CiVlAiDovcJnTkqaa6bidEe/aeZ51CGfn
vYiLxWubEiKoXnCOV5qMs/ggPYZ44DMpS1fTlPf3WSYhpIzVCT+hixBUgrC0G3bE
cHNT+SletBoDoiWS+lxdnsnFfKw7tbkOGnKVxbxcP/Wun7IJs1rT0Q0QHKySAif8
HuSvi26z1HGkDctINxItwhBxfKYYrkmv18GxHrHobUE0q5jIPcOA02Gj4oP1T9F7
HGFUrl0SVC9uTqoQzA+I77AzMYLq6gw7Xvh2f681ECIPP797jZ4fNXVFbUISxOxI
vObOl8JTgWu6Ai+drdGov6HWDe28iarn3T8CAwEAAaOBojCBnzAJBgNVHRMEAjAA
MB0GA1UdDgQWBBSGi7J2G52DCoRdqQKByYYc/j6XsTBRBgNVHSMESjBIgBStM2Fd
h93YIkuoYubhJ6Xdj2+tpKEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GCFCHv
K0fj2c1YKBrN7E8ypsKu+jBeMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQE
AwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAAOtfda9f0/5OPsEnhbhFkUkQ4XuDZGeX
n0vqT7+qQV2HekK2CQM1fdYhPDUpesHYz/HvgzIUXkk8nuvZkLindOnvZ7ZmFCBq
ev/+KOzJbmpg4lqdUT9oBkC9Q3qPBADWIGj0KIQxbCzHnwroPz7eyRflcfnHxlMi
pCB4Q4xeyqMyqr83kELg1/FWJlZoLvDeCwl2YSkeiS0XsaxCLmJO3VKcXwWoJ1Mr
pWlQh72vHHpbdNX+Dyga6I4TI4zd3+4Oe0qFYb6YaeY6T+q5oPqvrQCbHiYcMMPx
I78fvoo8x89zOD+AvXk5OPGQucSwtRv7NIit+TIt1PeoKGlTKLBapg==
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIUIe8rR+PZzVgoGs3sTzKmwq76MF4wDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMTkxMDA1MTc0NzM4WhcNMjkx
MDAyMTc0NzM4WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJYvGYFKnZ+0hURqSifi1ZRwyq0Rl2D5htKa7ye5
v9SvJsAZMXoN2o1rPc1KrLAqf67XEgAFdEL+8Z9YIBZCypDEzjVEidwPauA4SR++
fTOSXDTDdUv+9XIldxHZxb7JHHm8dENq78cyWlgTdAz3cUlSG3ruoG31dtmbG9GW
Z7NKIqx47g0QsKo66SMRODCDQRcEBgWxkUHAw89Z7KRa9KqVWECYeARfrggowKif
DtGZryN7ZiRs24HdDxO/uRDhWyQW0/jOs2oCGnmGadi54YSXu6uATaiOsjKRvGHa
ArWk8tJVZ3yyyx2GSyavfJyjmnFeDmPSzyZECvDhFtxqwrECAwEAAaOBkDCBjTAd
BgNVHQ4EFgQUrTNhXYfd2CJLqGLm4Sel3Y9vraQwUQYDVR0jBEowSIAUrTNhXYfd
2CJLqGLm4Sel3Y9vraShGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghQh7ytH
49nNWCgazexPMqbCrvowXjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEAifm6FNo5jQIIIk/bMqRIlidOar3i7aTxPmbBMS6/0NFp
1/phFurCndxACGGylpvBK2WwZjPfCt8BTxk2P2ygErK6HQs2egoAIQ/TloWcrrWr
DECJ+MBamhAER1bcGnvSXH8Qc0dAzMYLUseE4A9qgQUGdSo3YdcBhPpIMzCO7vBz
CbZ/ziyVFaWKbsMMf5NTHIHX4jGk9URoJV8zT1/QrcqrnXBiVeijAtZEGXo2WCjF
pnx9EsSiajhRER27T8t7aS0GmD6K1khfBhAzr4XuVCzKDxGJM5wkgZdz+8fZ2+Sc
0i3za/39hkCv2lxp68efXyPgmb2J94YCduIQ7zt+DA==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
e97d7aa113c2e95d20c248d2832785bc
0e3ee41e2b65d6d4bdf14e1ff06643ef
17ede69935fa423fd145b0aab82a5a33
e3529e698c50bf9a736d1af4fd7ded23
ffc3077c1a2d74840a90af4ba8cef092
dad2ca2906649885d83b9b8c4805ccc7
93e4a7e5980e6f87395af0e162970043
ac6e945553dc6d450e5da6845453dd6c
9a05157ebe2b0ee98796eb28287330c4
a70234a019e08fbe44be9df6fa8dd285
724c1f82df15703f9f4e0a03dcd4d088
c5600ad8d4b0c246cb7e6166a24afe62
e8bc0578c2dbd03c2594e94afa35ea0c
77967b9237de1b1d0724d4985dd48ca1
ac50b454adb11135a6423b4dc96cff17
5836332a49bc37cf6f920917aa44cfa5
-----END OpenVPN Static key V1-----
</tls-auth>

redirect-gateway def1

Les clés et certificats sont obstrués mais le principe est là, tu importe ça dans ton openVPN android et tu te connectes.

Christoph253

Bonjour