I use my Linode VPS as a VPN endpoint for my laptop when I'm using untrusted networks and I wanted to do the same on my Android 5 (Lollipop) phone.
It turns out that it's quite easy to do (doesn't require rooting your phone) and that it works very well.
easy-rsa directory you created while generating the server keys,
create a new keypair for your phone:
./build-key nexus6 # "nexus6" as Name, no password
and then copy the following files onto your phone:
Create a new VPN config
If you configured your server as per my instructions, these are the settings you'll need to use on your phone:
- LZO Compression:
- CA Certificate:
- Client Certificate:
- Client Certificate Key:
- Server address:
- Custom Options:
- Expect TLS server certificate:
- Certificate hostname check:
- Remote certificate subject:
- Use TLS Authentication:
- TLS Auth File:
- TLS Direction:
- Encryption cipher:
- Packet authentication:
- Persistent tun:
That's it. Everything else should work with the defaults.