Douglas Crawford

Douglas Crawford

July 26, 2018

By far the easiest way to use a VPN on your Android device is by installing a trusted VPN from the Google Play store. Many, if not most, VPN providers offer custom Android apps.

  • You can sign-up for a VPN account first via the provider’s webpage. We have a list of the best available here. Once this has been done you will usually receive a Welcome email with a download link to the Google Play Store.
  • Or you can download a VPN app directly from the Google Play Store and sign-up via an in-app purchase when the usual free trial expires. If taking this route, please be very careful to only download apps from reputable VPN providers. There are a lot of fake or actively malicious apps available through the Play Store.

To download and install a VPN app from the Google Play Store:

  1. Follow the link provided by your VPN service, or search the Google Play Store for a reputable VPN app.
  2. On the app’s download page it is always a good idea to read users’ comments in order to check that the app is legitimate. If you are satisfied, then select “Install.”

VPN on Android

  1. Read through the Permissions the app requires on your device and ensure that you are happy with them. In-app purchases are needed to buy a subscription from within the app, and every VPN app will need access to your WiFi settings. No other permissions should be required. Touch “Accept” when you are ready to proceed.

The app will then download and install to your Android device. Once this is completed, launch the app and sign-in if required. Once in the app, simply select a VPN server you wish to connect to, and hit “Connect.”

How to setup OpenVPN for Android

OpenVPN is now the industry standard VPN protocol. It is the one that BestVPN.com recommends you use under almost all circumstances.

The main third-party OpenVPN apps for Android are OpenVPN Connect and the more fully featured and open source OpenVPN for Android (F-Droid version available). Below are instructions for configuring OpenVPN for Android, which now features full Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6) and Web Real-Time Communication (WebRTC) leak protection.

  1. Download the OpenVPN configuration files from your VPN provider’s website. Unzip them (if required) and transfer to a folder on your Android device. Alternatively, download them directly to your Android device and unzip them with an app such as ZArchiver.
  2. Download, install and run OpenVPN for Android (if you haven’t already). Touch the + icon to the top right of the screen to Add Profile. Give the profile a suitable name, then hit “Import.”

  1. Navigate to the folder where you saved the unzipped OpenVPN config file(s), and choose a server (.ovpn file). Once imported, touch the tick ✔ icon to continue.

  1. Once done, you’ll see the server name under the Profiles tab. To start the VPN, just touch it. You can import .ovpn files for as many servers as you like, and they will show up here.

Many providers include all necessary keys and account information in customized .ovpn files, so no further configuration is needed. Others may require that you enter your account information and other details. Please see your provider’s documentation for specific instructions.

Additional OpenVPN for Android settings (Optional but Recommended)

Enable IPv6 Routing

You can prevent IPv6 DNS leaks by telling OpenVPN for Android to properly route all IPv6 traffic over the VPN. To ensure this is enabled:

  1. Edit the specific VPN connection in the “Profiles” tab.

  1. Ensure that IPv6 -> Use default Route is checked. While you are here, also check that IPv4 leak protection is enabled (it should be by default).

Download the Android .apk file

There are many reasons to de-Google your Android device. If you go down this route, then most VPNs  will be happy provide you with an Android application package (.apk) file of their software that you can sideload to Android.

Note that sideloading files from outside the Play Store presents a security risk. So be sure to obtain the .apk from a reputable source – such a directly from your VPN provider. It can’t hurt to run a malware scan on it either. I recommend the Malwarebytes app for this.

  1. Download an Android file manager app. I recommend Solid Explorer.
  2. Download the .apk file to your device. You can download it directly from the web using your web browser, send it to your Android device as an email attachment, transfer it from a desktop computer via USB lead or USB stick, access it from your Dropbox account, or whatever….

IPVanish allows you to download the .apk direct from its website

  1. Find the downloaded file using a file explorer (or just select it in the drop-down Android notifications shade) and select “Install”. Once the app is installed simply open it.

Manually configure PPTP or L2TP/IPsec VPN settings

Android comes with a VPN client baked-in which supports the PPTP and L2TP/IPsec VPN protocols.  For reasons discussed in detail in VPN Encryption: The Complete Guide, I always recommend using an OpenVPN app instead (via either a custom app or OpenVPN for Android).

Some users, however, like the fact that a PPTP or L2TP/IPsec VPN connection can be setup without the need to download a third party VPN app. Note that setup details may differ a little from the instructions below depending on what device and version of Android you are using.

  1. Go to your Android VPN Settings page. On my phone this is can be found at Settings -> Connections -> More connection settings -> VPN. Select “Add VPN.”

  1. Enter the PPTP or L2TP/IPsec settings given to you by your VPN provider. These settings are usually available on the setup pages of its website, or you can ask support. Touch “Save” when you are done.

Note that use of pre-shared keys is strongly frowned upon from a security perspective, although this is mitigated somewhat if accounts are secured using a unique username and password.

  1. On the VPN Settings page select the newly created VPN connection.

  1. Sign into your VPN account and hit “Connect”.

How to test your VPN

No matter what kind of VPN you use, Android will display a small key icon in the notification bar whenever the VPN is connected. This lets you know at-a-glance that you are protected.

For additional confirmation, you can run an IP leak test…

Check for VPN for IP leaks

Android is much less susceptible to DNS and WebRTC leaks than desktop platforms. Once connected to the VPN (using whatever method), however, you should nevertheless check for IP leaks. Just in case.

Note that Private-Use – [RFCxxxx] IPs are local IPs only. They cannot be used to identify an individual or device, and so do not constitute an IP leak.

Enable a kill switch

Method 1 (Android Nougat 7+)

Newer versions of Android now include a built-in kill switch that works with any VPN app. This includes Android’s built-in PPTP/L2TP app, OpenVPN for Android, and custom VPN apps. If your device runs Android Nougat 7+, use this method.

1. Ensure the VPN is turned off, then go to your device’s VPN settings. On my Samsung Galaxy S8+ these can be found at Settings -> Connections -> More connection settings -> VPN, but this may vary by device.

2.Click on the gear icon next to the VPN app or connection you want to set a kill switch for.

3.Turn on both “Always -on VPN” and Block connections without VPN.

3. Confirm that you want a kill switch for your VPN

And ta-da! Pretty groovy, eh?

Method 2

If you run an older version of Android, never fear! You can configure OpenVPN for Android to act as a kill switch. This may not be quite as secure as the above method as it will not protect you if the OpenVPN for Android app crashes, but it is still pretty effective.

  1. Edit the specific VPN connection in the “Profiles” tab (see above).
  2. Go to the “Advanced” tab and check “Persistent Tun” and set “Connection retries” to Unlimited.

You now have an OpenVPN kill switch for Android.

Conclusion

Using a dedicated VPN app from the Google Play Store is the easiest way to install a VPN on your phone. Other methods, however, are hardly difficult.

Image credit: By novak.elcic/Shutterstock.

Douglas Crawford
August 7th, 2018

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

10 responses to “How to install a VPN on your Android phone or tablet

  1. > Android now include a built-in kill switch that works with any VPN app. This includes Android’s built-in PPTP/L2TP app, OpenVPN for Android …

    Unfortunately this no longer works for the OpenVPN app for Android. When you try you are prevented and this message is displayed: Not supported by this app. I’m running 8.1.0.

    OpenVPN confirms that there is no way to get a Kill Switch working.

    1. It works fine on my OnePlus 5 with Android 8.1.0. Can you please share a screenshot of that weird error you are talking about?

  2. I set up a pihole at home and connect via vpn to it. It works fine if I connect manually, but when I enable always on vpn it doesn’t work anymore.
    Any ideas?
    Help appreciated

    1. Hi pompi,

      Hmm. Curious. I must admit that I have no idea why this might happen, bit may one of our readers can help?

    1. Hi Manish,

      I’m glad you like the article, but can you please explain why enabling persistent TUN in OpenVPN for Android is in any way not reliable and robust? That said, your technique is pretty neat. Thanks for sharing. It also looks like it will work with any VPN app. If you can confirm this is correct then I’ll test it out on my own phone for a while, and if everything works well will add it to this article (although it only works for fairly new Android devices, and therefore does not entirely replace the persistent TUN method).

    2. Yes, it will work with any App based VPN.

      Regarding OpenVPN’s –persist-tun based method, it might not work just in case the App crashes or if you change a lot of networks and if the server itself stalls your re-connection requests. There is a five second time frame between retry attempts. In no-way we can conclude that it won’t leak anything because there is no actual firewall that blocks Internet access in place.

      1. Hi Manish,

        Thanks for the info. I’ll test your method over the weekend and then probably add it to this article on Monday. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *