Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire.

Please join in and help us improving it!

Differences in Revisions: iOS Keychain Method

add code block
#Separate file for iOS keychain
 
**Work-in-progress...**
**Work in Progress... Work in Progress... Work in Progress... Work in Progress... Work in Progress...**
 
[OpenVPN - How do I use a client certificate and private key from the iOS Keychain?](https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-ios-keychain/)
 
1st file includes:
 
* ovpn info?
* CA directive
 
2nd file includes:
 
* Cert directive
* Key directive
* tls-auth?
 
**Work in Progress... Work in Progress... Work in Progress... Work in Progress... Work in Progress...**
 
Includes the five sections in the [Manual Method](/configuration/services/openvpn/ios/ios_manual) all in an easy to run script.
 
## Installation on IPFire
There is **no web interface** for this script. To run the script open the client console or terminal and access the IPFire box via [SSH](/configuration/system/ssh).
 
Once connected via SSH, create a directory for creating .ovpn files with this script. Example:
 
```
mkdir /root/ios
cd /root/ios
```
 
Locate the the `<ovpn_file>.ovpn` file obtained from the [**Download Client Package (zip)**](/configuration/services/openvpn/ios#download-client-package) and copy the file to the `/root/ios` directory on the IPFire box.
 
Copy the code below to a file named `create_ovpn12.sh` into the same directory:
 
```bash
#!/bin/bash
set -e
 
# OpenVPN keychain script
# started from openvpncmd_v28.sh (version = v28)
#
# Launch via:
# create_ovpn12 ovpn_file password(PKCS12 File Password)
#
# $1 param = YourNewOpenVPNfile.ovpn
# $2 param = PKCS12 File Password
#
# create_ovpn12 version 5a
#
 
if (( $# < 2 )); then
echo "Usage: create_ovpn12 <ovpn_file> <PKCS12 File Password>"
exit 1
fi
 
if grep -q "BEGIN CERTIFICATE" "$1"; then
echo "Error: wrong .ovpn file"
echo "Usage: create_ovpn12 <ovpn_file> <PKCS12 File Password>"
exit 1
fi
 
 
cp "$1" tmp.ovpn
PKCS12_PW="$2" # PKCS12 File Password
 
# Convert windows file to linux file (drop Carriage Returns)
sed -i 's/\r$//g' tmp.ovpn
 
# get key & value from input ovpn file <ovpn_file>
while IFS=" " read -r key value remainder
do
#echo "key=$key" ; echo "value=$value" ; echo "remainder=$remainder" ; echo
case "$key" in
verify-x509-name )
RedIPaddr="$value"
;;
*pkcs12 )
pkcs12File="$value"
;;
esac
done < tmp.ovpn
 
# Comment out the "tls-auth ta.key" line and the "pkcs12 *.p12" line
sed -i -E -e 's/^tls-auth /#tls-auth /' -e 's/^pkcs12 /#pkcs12 /' tmp.ovpn
 
p12File=/var/ipfire/ovpn/certs/"$pkcs12File"
 
ovpnBasename=${pkcs12File%%.*} # remove extension
ovpnFile="$ovpnBasename.ovpn" # add new extension
ovpn12File="Install_first.$ovpnBasename.ovpn12"
 
printf "\nUsing $1 to create $ovpnFile and ${ovpnBasename}.ovpn12\n\n"
 
cp tmp.ovpn "$ovpnFile"
echo "key-direction bidirectional" >> $ovpnFile
 
# get Root Certificate (cacert) <ca>
echo "<ca>" >> $ovpnFile
cat /var/ipfire/ovpn/ca/cacert.pem | sed '/^-----BEGIN CERTIFICATE-----/,$!d' >> $ovpnFile
echo "</ca>" >> $ovpnFile
printf "created Root Certificate\n"
 
 
# get TLS-Authentification-Key <tls-auth>
echo "<tls-auth>" >> $ovpnFile
cat /var/ipfire/ovpn/certs/ta.key | sed '/^-----BEGIN OpenVPN Static key V1-----/,$!d' >> $ovpnFile
echo "</tls-auth>" >> $ovpnFile
printf "created TLS Authentification Key\n"
printf "created $ovpnFile\n\n"
 
 
# Output only client certificates to pem key file format (base64 / ASCII)
openssl pkcs12 -in $p12File -passin pass:$PKCS12_PW -clcerts -nokeys -out tmp.pem
printf "created Client Certificate\n"
 
# Output without certificates to pem key file format (base64 / ASCII)
openssl pkcs12 -nocerts -in $p12File -passin pass:$PKCS12_PW -passout pass:$PKCS12_PW -out key.pem
 
# Output ovpn12 file (binary / gibberish)
openssl pkcs12 -export -in tmp.pem -passin pass:$PKCS12_PW -passout pass:$PKCS12_PW -inkey key.pem -certfile /var/ipfire/ovpn/ca/cacert.pem -name $ovpnBasename -out $ovpn12File
printf "created ${ovpnBasename}.ovpn12\n\n"
 
 
# cleanup
rm tmp.ovpn
rm tmp.pem
rm key.pem
printf "clean-up files\n\n"
 
#echo "ovpn file = "
#cat $ovpnFile; echo
exit
```
 
Once copied and saved, enter:
 
```
chmod +x create_ovpn12.sh
```
 
and to run the command enter:
 
```
./create_ovpn12.sh <ovpn_file>.ovpn <PKCS12 File Password>
```
 
Copy the newly created `ovpn12` and `.ovpn` files from the IPFire to the client computer. And now install the those files on the iDevice via [iTunes](/configuration/services/openvpn/ios/ios_itunes) or via the [Files](/configuration/services/openvpn/ios/ios_ovpn_alt) app
 
 
## Links
* [OpenVPN - How do I use a client certificate and private key from the iOS Keychain?](https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-ios-keychain/)
* [OpenVPN - FAQ regarding OpenVPN Connect iOS](https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios/)
 
| | |
|---|---:|
| [Back to Configure iPhone main page](/configuration/services/openvpn/ios) | Next to [](/configuration/services/openvpn/ios/ios_itunes) |
| | |
| **[Back to OpenVPN main page](/configuration/services/openvpn)** | Next to [](/configuration/services/openvpn/ios/ios_ovpn_alt) |