Douglas Crawford

Douglas Crawford

March 5, 2018

In the article 5 Best Android VPN Apps I discuss why you need a VPN for your Android device. I also discuss specific issues relating to using a VPN on Android, in addition to recommending some great VPNs for Android.

This article is therefore simply a guide on how to actually install a VPN on your Android phone or tablet.

Install an Android VPN app from Google Play Store

This is by far the easiest way to use a VPN on your Android device. Many, if not most, VPN providers offer custom Android apps.

  • You can sign-up for a VPN account first via the provider’s webpage. Once this has been done you will usually receive a Welcome email with a download link to the Google Play Store.
  • Or you can download a VPN app directly from the Google Play Store and sign-up via an in-app purchase when the usual free trial expires. If taking this route, please be very careful to only download apps from reputable VPN providers. There are a lot of fake or actively malicious apps available through the Play Store.

To download and install a VPN app from the Google Play Store:

  1. Follow the link provided by your VPN service, or search the Google Play Store for a reputable VPN app.
  2. On the app’s download page it is always a good idea to read users’ comments in order to check that the app is legitimate. If you are satisfied, then select “Install.”

VPN on Android

  1. Read through the Permissions the app requires on your device and ensure that you are happy with them. In-app purchases are needed to buy a subscription from within the app, and every VPN app will need access to your WiFi settings. No other permissions should be required. Touch “Accept” when you are ready to proceed.

The app will then download and install to your Android device. Once this is completed, launch the app and sign-in if required. Once in the app, simply select a VPN server you wish to connect to, and hit “Connect.”

Setup OpenVPN for Android

OpenVPN is now the industry standard VPN protocol. It is the one that BestVPN.com recommends you use under almost all circumstances.

The main third-party OpenVPN apps for Android are OpenVPN Connect and the more fully featured and open source OpenVPN for Android (F-Droid version available). Below are instructions for configuring OpenVPN for Android, which now features full Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6) and Web Real-Time Communication (WebRTC) leak protection.

  1. Download the OpenVPN configuration files from your VPN provider’s website. Unzip them (if required) and transfer to a folder on your Android device. Alternatively, download them directly to your Android device and unzip them with an app such as ZArchiver.
  2. Download, install and run OpenVPN for Android (if you haven’t already). Touch the + icon to the top right of the screen to Add Profile. Give the profile a suitable name, then hit “Import.”

  1. Navigate to the folder where you saved the unzipped OpenVPN config file(s), and choose a server (.ovpn file). Once imported, touch the tick ✔ icon to continue.

  1. Once done, you’ll see the server name under the Profiles tab. To start the VPN, just touch it. You can import .ovpn files for as many servers as you like, and they will show up here.

Many providers include all necessary keys and account information in customized .ovpn files, so no further configuration is needed. Others may require that you enter your account information and other details. Please see your provider’s documentation for specific instructions.

Additional OpenVPN for Android settings (Optional but Recommended)

Enable IPv6 Routing

You can prevent IPv6 DNS leaks by telling OpenVPN for Android to properly route all IPv6 traffic over the VPN. To ensure this is enabled:

  1. Edit the specific VPN connection in the “Profiles” tab.

  1. Ensure that IPv6 -> Use default Route is checked. While you are here, also check that IPv4 leak protection is enabled (it should be by default).

Download Android VPN .apk file

As I discuss in 5 Best Android VPNs, there are many reasons to de-Google your Android device. If you go this route, then most VPN will be happy provide you with an Android application package (.apk) file of their software that you can sideload to Android.

Note that sideloading files from outside the Play Store presents a security risk. So be sure to obtain the .apk from a reputable source – such a directly from your VPN provider. It can’t hurt to run a malware scan on it either. I recommend the Malwarebytes app for this.

  1. Download an Android file manager app. I recommend Solid Explorer.
  2. Download the .apk file to your device. You can download it directly from the web using your web browser, send it to your Android device as an email attachment, transfer it from a desktop computer via USB lead or USB stick, access it from your Dropbox account, or whatever….

IPVanish allows you to download the .apk direct from its website

  1. Find the downloaded file using a file explorer (or just select it in the drop-down Android notifications shade) and select “Install”. Once the app is installed simply open it.

Manually configure PPTP or L2TP/IPsec VPN settings

Android comes with a VPN client baked-in which supports the PPTP and L2TP/IPsec VPN protocols.  For reasons discussed in detail in VPN Encryption: The Complete Guide, I always recommend using an OpenVPN app instead (via either a custom app or OpenVPN for Android).

Some users, however, like the fact that a PPTP or L2TP/IPsec VPN connection can be setup without the need to download a third party VPN app. Note that setup details may differ a little from the instructions below depending on what device and version of Android you are using.

  1. Go to your Android VPN Settings page. On my phone this is can be found at Settings -> Connections -> More connection settings -> VPN. Select “Add VPN.”

  1. Enter the PPTP or L2TP/IPsec settings given to you by your VPN provider. These settings are usually available on the setup pages of its website, or you can ask support. Touch “Save” when you are done.

Note that use of pre-shared keys is strongly frowned upon from a security perspective, although this is mitigated somewhat if accounts are secured using a unique username and password.

  1. On the VPN Settings page select the newly created VPN connection.

  1. Sign into your VPN account and hit “Connect”.

How to test a VPN for Android

No matter what kind of VPN you use, Android will display a small key icon in the notification bar whenever the VPN is connected. This lets you know at-a-glance that you are protected.

For additional confirmation, you can run an IP leak test…

Check for VPN for Android IP leaks

Android is much less susceptible to DNS and WebRTC leaks than desktop platforms. Once connected to the VPN (using whatever method), however, you should nevertheless check for IP leaks. Just in case.

Note that Private-Use – [RFCxxxx] IPs are local IPs only. They cannot be used to identify an individual or device, and so do not constitute an IP leak.

Enable a kill switch on Android

Method 1 (Android Nougat 7+)

Newer versions of Android now include a built-in kill switch that works with any VPN app. This includes Android’s built-in PPTP/L2TP app, OpenVPN for Android, and custom VPN apps. If your device runs Android Nougat 7+, use this method.

1. Ensure the VPN is turned off, then go to your device’s VPN settings. On my Samsung Galaxy S8+ these can be found at Settings -> Connections -> More connection settings -> VPN, but this may vary by device.

2.Click on the gear icon next to the VPN app or connection you want to set a kill switch for.

3.Turn on both “Always -on VPN” and Block connections without VPN.

3. Confirm that you want a kill switch for your VPN

And ta-da! Pretty groovy, eh?

Method 2

If you run an older version of Android, never fear! You can configure OpenVPN for Android to act as a kill switch. This may not be quite as secure as the above method as it will not protect you if the OpenVPN for Android app crashes, but it is still pretty effective.

  1. Edit the specific VPN connection in the “Profiles” tab (see above).
  2. Go to the “Advanced” tab and check “Persistent Tun” and set “Connection retries” to Unlimited.

You now have an OpenVPN kill switch for Android.

Install a VPN for Android: Conclusion

Using a dedicated VPN app from the Google Play Store is the easiest way to install a VPN on Android. Other methods, however, are hardly difficult.

Image credit: By novak.elcic/Shutterstock.

Douglas Crawford
May 23rd, 2018

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

8 responses to “How to Install a VPN on Android – How to Setup a VPN on Android

  1. > Android now include a built-in kill switch that works with any VPN app. This includes Android’s built-in PPTP/L2TP app, OpenVPN for Android …

    Unfortunately this no longer works for the OpenVPN app for Android. When you try you are prevented and this message is displayed: Not supported by this app. I’m running 8.1.0.

    OpenVPN confirms that there is no way to get a Kill Switch working.

  2. I set up a pihole at home and connect via vpn to it. It works fine if I connect manually, but when I enable always on vpn it doesn’t work anymore.
    Any ideas?
    Help appreciated

    1. Hi pompi,

      Hmm. Curious. I must admit that I have no idea why this might happen, bit may one of our readers can help?

    1. Hi Manish,

      I’m glad you like the article, but can you please explain why enabling persistent TUN in OpenVPN for Android is in any way not reliable and robust? That said, your technique is pretty neat. Thanks for sharing. It also looks like it will work with any VPN app. If you can confirm this is correct then I’ll test it out on my own phone for a while, and if everything works well will add it to this article (although it only works for fairly new Android devices, and therefore does not entirely replace the persistent TUN method).

    2. Yes, it will work with any App based VPN.

      Regarding OpenVPN’s –persist-tun based method, it might not work just in case the App crashes or if you change a lot of networks and if the server itself stalls your re-connection requests. There is a five second time frame between retry attempts. In no-way we can conclude that it won’t leak anything because there is no actual firewall that blocks Internet access in place.

      1. Hi Manish,

        Thanks for the info. I’ll test your method over the weekend and then probably add it to this article on Monday. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *