This Magisk module contains OpenVPN for arm64 CPUs

ASUS_I006D:/ $ openvpn --version
OpenVPN 2.7.0 aarch64-unknown-linux-android [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.5.5 27 Jan 2026, LZO 2.10
DCO version: N/A
Originally developed by James Yonan
Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_dco=auto enable_dco_arg=auto enable_debug=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_dns_updown_by_default=yes enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_ntlm=yes enable_pam_dlopen=no enable_pedantic=no enable_pkcs11=no enable_plugin_auth_pam=no enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_wolfssl_options_h=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto with_sysroot=no
ASUS_I006D:/ $ 

ASUS_I006D:/ $  myldd openvpn

# Executing ldd "/system/bin/openvpn" 
	linux-vdso.so.1 => [vdso] (0x713f557000)
	libdl.so => /apex/com.android.runtime/lib64/bionic/libdl.so (0x713ba83000)
	libc.so => /apex/com.android.runtime/lib64/bionic/libc.so (0x713bad3000)
ASUS_I006D:/ $ 


The Magisk module also contains the binary dig for resolving IPs via DNS server. Also included is a simple /etc/resolv.conf using public available DNS server:

ASUS_I006D:/ $ cat /etc/resolv.conf 
nameserver 8.8.8.8
nameserver 1.1.1.1

ASUS_I006D:/ $ 


The openvpn executable must be executed by the root user.


For testing the VPN connection; I added the OpenVPN config for one of the public VPN server from 

https://www.vpngate.net

in the directory

/system/etc/openvpn/vpngate

This VPN server can be used without creating an account.

Note that these VPN Server are for testing and developing only! Do not expect them to work all the time!
If creating a VPN connection using the sample OpenVPN config file does not work, try one of the other VPN servers from
https://www.vpngate.net


Use the command

openvpn --config /system/etc/openvpn/vpngate/vpngate.ovpn  

to create a VPN connection using that server.


To check that the VPN connection is working use these commands

ASUS_I006D:/ $ dig www.heise.de @8.8.8.8 +short
193.99.144.85
ASUS_I006D:/ $ 

ASUS_I006D:/ $ ip route get 193.99.144.85
193.99.144.85 dev tun0 src 10.211.1.77 uid 2000 
    cache 
ASUS_I006D:/ $


If the routing is via tun0 interface the VPN connection is working.


If the Android OS uses a iptables based firewall, you can use the script /system/bin/open_port_in_firwall.sh to open
the port used for the VPN in the firewall.

The Module also contains telnet and ncat binaries for arm64 CPUs to test network connections.


The Magisk Module defines an action script for Magisk v28.x or newer to start or stop the VPN using OpenVPN. The script to configure the VPN 
also updates the module description in the Magisk GUI.

Please note that starting the VPN via the Action button only works for VPNs that do not require user input for a password or passphrase!


Use the script /system/bin/start_stop_openvpn to start or stop the OpenVPN manually and update the Module description
in the Magisk GUI.


The current documentation for this Magisk Module is here:

http://bnsmb.de/Magisk_Modules.html#Documentation_for_the_Magisk_Module_with_OpenVPN



Note that the OpenVPN config for this VPN server use the command

ip rule add pref 10 from all lookup main

to route ALL network traffic via the VPN server.



History

06.07.2025 v1.0.0 /bs
  initial release

26.07.2025 v1.1.0 /bs
  added the script open_port_in_firewall.sh
  the sample VPN config file is now in Unix format (previous version was in DOS format; openvpn can use both formats)
  added the executables ncat and telnet 

02.10.2025 v1.2.0 /bs
  created new openvpn binary using OpenSSL 3.5.4

02.02.2026 v1.3.0 /bs
  created new openvpn binary using OpenSSL 3.5.5

12.02.2026 v1.4.0 /bs
  recompiled the openvpn binary using the source code from the official OpenVPN 2.7.0 release 
  added an action script to start or stop the VPN
  added the script start_stop_openvpn


