I use my personal server as a VPN endpoint for my laptop when I'm using untrusted networks and I wanted to do the same on my Android 5 (Lollipop) phone.
It turns out that it's quite easy to do (doesn't require rooting your phone) and that it works very well.
Install OpenVPN
Once you have installed and configured OpenVPN on the server, you need to install the OpenVPN app for Android (available both on F-Droid and Google Play).
From the easy-rsa directory you created while generating the server keys,
create a new keypair for your phone:
./build-key nexus6 # "nexus6" as Name, no password
and then copy the following files onto your phone:
ca.crtnexus6.crtnexus6.keyta.key
Create a new VPN config
If you configured your server as per my instructions, these are the settings you'll need to use on your phone:
Basic:
- LZO Compression:
NO - Type:
Certificates - CA Certificate:
ca.crt - Client Certificate:
nexus6.crt - Client Certificate Key:
nexus6.key
Server list:
- Server address:
hafnarfjordur.fmarier.org - Port:
1194 - Protocol:
UDP - Custom Options:
NO
Authentication/Encryption:
- TLS Security Profile:
preferred - Expect TLS server certificate:
YES - Certificate hostname check:
YES - Remote certificate subject:
server - Use TLS Authentication:
YES - TLS Auth File:
ta.key - TLS Direction:
1 - Encryption cipher:
AES-256-GCM - Packet authentication:
SHA512
Advanced:
- Persistent tun:
YES
That's it. Everything else should work with the defaults.