- Download and install SSLDroid from the Google Play Store. (Direct link)
- Download and install OpenVPN from the Google Play Store. (Direct link)
- Download the Perfect Privacy TCP configuration for Android (Direct link, login required)
- Download the Perfect Privacy certificates and keys (Direct link, login required)
Start SSLDroid, tap on the options icon on the top right and choose “Add tunnel”.
Choose a Perfect Privacy server of your choice, in this documentation we use Basel. As tunnel name you can enter any name you like.
The local port can be any high port (1025-65535), in this documentation we are using 1196. For remote port you can use either 22 (SSH), 53 (DNS) or 443 (HTTPS). As remote host use the second IP address of the VPN server. You can find the IPs on the server page in the member area. For Basel the second IP is 22.214.171.124.
The PKCS12 file for Basel is in the ZIP file with the Perfect Privacy keys and certificates, import basel.p12.
Now tap on “Apply”. The tunnel will be automatically established as indicated by the green SSLdroid icon on the top left.
Now start OpenVPN for Android and tap on the import icon on the top right (downward arrow).
Import the appropriate *.ovpn file, in this case basel.ovpn from the Perfect Privacy configuration files.
Give the profile a name and tap on the checkmark on the top right.
Switch to the “Server List” tab and disable or delete all but one server. Modify the remaining entry with the following settings:
Server Address: 127.0.0.1 and Server Port 1196 (the same that was used in the SSLDroid configuration)
Protocol: TCP, Connect Timeout: 120, Custom Options OFF.
In the “IP and DNS” tab use the following settings:
Pull Settings ON, No local binding ON, Override DNS By Server: OFF.
Configure the “Authentication/Encryption” tab as follows:
Expect TLS server certificate: OFF
Certificate Hostname Check: OFF
Use TLS Authentication: ON
TLS Auth File: This was already imported with the .ovpn configuration, it should read [[Inline file data]]
TLS Direction: 1
Encryption cipher: AES-128-CBC
Packet Authentication: SHA512
In the “Advanced” tab use the following options:
Persistent tun: ON
Push Peer Info: OFF
Random Host Prefix: OFF
Allow floating server: OFF
Override MSS value of TCP payload: OFF
Enable Custom Options: OFF
Connection Retries: Unlimited
Seconds between connections: 2
Maximum Time between connection attempts: 300s
Under “Allowed Apps” make sure that the option “VPN is used for all apps but exclude selected” is active.
Scroll down the list until you find the “SSLDroid” and activate the exception for it.
This will exempt SSLDroid from using the OpenVPN connection. (Since instead the OpenVPN App will be using the tunnel that was previously configured for SSLDroid.)
Then exit the configuration (just tap the left arrow in the Android navigation bar at the bottom).
Now tap the new connection once to establish the VPN tunnel. You will be asked to enter your Perfect Privacy username and password. If you tap on “Save Password” you will not need to enter it gain on the next connection. VPN should now be running through SSLdroid. Visit CheckIP to verify that everything is working correctly.