This Magisk module contains OpenVPN for arm64 CPUs

ASUS_I006D:/ $ openvpn --version
OpenVPN 2.7_alpha2 aarch64-unknown-linux-android [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.5.5 27 Jan 2026, LZO 2.10
DCO version: N/A
Originally developed by James Yonan
Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_dco=auto enable_dco_arg=auto enable_debug=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_dns_updown_by_default=yes enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_ntlm=yes enable_pam_dlopen=no enable_pedantic=no enable_pkcs11=no enable_plugin_auth_pam=no enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_wolfssl_options_h=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto with_sysroot=no
ASUS_I006D:/ $ 


ASUS_I006D:/ $ myldd openvpn

# Executing ldd "/system/bin/openvpn" 
	linux-vdso.so.1 => [vdso] (0x7005bfd000)
	libdl.so => /apex/com.android.runtime/lib64/bionic/libdl.so (0x7002660000)
	libc.so => /apex/com.android.runtime/lib64/bionic/libc.so (0x70022ef000)
ASUS_I006D:/ $ 


The Magisk module also contains the binary dig for resolving IPs via DNS server. Also included is a simple /etc/resolv.conf using public available DNS server:

ASUS_I006D:/ $ cat /etc/resolv.conf 
nameserver 8.8.8.8
nameserver 1.1.1.1

ASUS_I006D:/ $ 


The openvpn executable must be executed by the root user.


For testing the VPN connection; I added the OpenVPN config for the public VPN server 

https://www.vpngate.net

in the directory

/system/etc/openvpn/vpngate

This VPN server can be used without creating an account.


Use the command

openvpn --config /system/etc/openvpn/vpngate/vpngate.ovpn  

to create a VPN connection using that server.


To check that the VPN connection is working use these commands

ASUS_I006D:/ $ dig www.heise.de @8.8.8.8 +short
193.99.144.85
ASUS_I006D:/ $ 

ASUS_I006D:/ $ ip route get 193.99.144.85
193.99.144.85 dev tun0 src 10.211.1.77 uid 2000 
    cache 
ASUS_I006D:/ $


If the routing is via tun0 interface the VPN connection is working.


If the Android OS uses a iptables based firewall, you can use the script /system/bin/open_port_in_firwall.sh to open
the port used for the VPN in the firewall.

The Module also contains telnet and ncat binaries for arm64 CPUs to test network connections.


The current documentation for this Magisk Module is here:

http://bnsmb.de/Magisk_Modules.html#Documentation_for_the_Magisk_Module_with_OpenVPN



Note that the OpenVPN config for this VPN server use the command

ip rule add pref 10 from all lookup main

to route ALL network traffic via the VPN server.



History

06.07.2025 v1.0.0 /bs
  initial release

26.07.2025 v1.1.0 /bs
  added the script open_port_in_firewall.sh
  the sample VPN config file is now in Unix format (previous version was in DOS format; openvpn can use both formats)
  added the executables ncat and telnet 

02.10.2025 v1.2.0 /bs
  created new openvpn binary using OpenSSL 3.5.4

02.02.2026 v1.3.0 /bs
  created new openvpn binary using OpenSSL 3.5.5

