- Download and install SSLDroid from the Google Play Store. (Direct link)
- Download and install OpenVPN from the Google Play Store. (Direct link)
- Download the Perfect Privacy TCP configuration for Android (Direct link, member login required)
- Download the Perfect Privacy certificates and keys (Direct link, member login required).
Start SSLDroid, tap on the options icon on the top right and choose “Add tunnel”.
Choose a Perfect Privacy server of your choice, in this documentation we use Basel. As tunnel name you can enter any name you like.
The local port can be any high port (1025-65535), in this documentation we are using 1196. For remote port you can use either 22 (SSH), 53 (DNS) or 443 (HTTPS). As remote host use the second IP address of the VPN server. You can find the IPs on the server page in the member area. For Basel the second IP is 18.104.22.168.
The PKCS12 file for Basel is in the zipfile with the Perfect Privacy keys and certificates, import basel.p12.
Now tap on “Apply”. The stunnel will be automatically established as indicated by the green SSLdroid icon on the top left.
Now start OpenVPN for Android and tap on the import icon on the top right (downward arrow).
Import the appropriate *.ovpn file, in this case basel.ovpn from the Perfect Privacy configuration files.
Give the profile a name and tap on the checkmark on the top right.
Switch to the “Server List” tab and disable or delete all but one server. Modify the remaining entry with the following settings:
Server Address: 127.0.0.1 and Server Port 1196 (the same that was used in the SSLDroid configuration)
Protocol: TCP, Connect Timeout: 120, Custom Options OFF.
In the “IP and DNS” tab use the following settings:
Pull Settings ON, No local binding ON, Override DNS By Server: OFF.
Configure the “Authentication/Encryption” tab as follows:
Expect TLS server certificate: OFF
Certificate Hostname Check: OFF
Use TLS Authentication: ON
TLS Auth File: This was already imported with the .ovpn configuration, it should read [[Inline file data]]
TLS Direction: 1
Encryption cipher: AES-128-CBC
Packet Authentication: SHA512
In the “Advanced” tab use the following options:
Persistent tun: ON
Connection Retries: Five
Seconds between connections: 5
Random Host Prefix: OFF
Allow floating server: OFF
Override MSS value of TCP payload: OFF
Then tap on Custom Options which will open an editor window with the current configuration.
You will need to add the following line to to the configuration:
route SECOND_SERVER_IP 255.255.255.255 net_gateway
This is the same IP you used in the SSLdroid configuration, for Basel this is 22.214.171.124.
You can insert that line anywhere, just make sure it is an extra line.
Then exit the configuration (just tap the left arrow in the Android navigation bar at the bottom).
Now tap the new connection once to establish the VPN tunnel. You will be asked to enter your Perfect Privacy username and password. If you tap on “Save Password” you will not need to enter it gain on the next connection. VPN should now be running through SSLdroid. Visit CheckIP to verify that everything is working correctly.