Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

Separate file for iOS keychain

Work in Progress... Work in Progress... Work in Progress... Work in Progress... Work in Progress...

1st file includes:

  • ovpn info?
  • CA directive

2nd file includes:

  • Cert directive
  • Key directive
  • tls-auth?

Work in Progress... Work in Progress... Work in Progress... Work in Progress... Work in Progress...

Includes the five sections in the Manual Method all in an easy to run script.

Installation on IPFire

There is no web interface for this script. To run the script open the client console or terminal and access the IPFire box via SSH.

Once connected via SSH, create a directory for creating .ovpn files with this script. Example:

mkdir /root/ios
cd /root/ios

Locate the the <ovpn_file>.ovpn file obtained from the Download Client Package (zip) and copy the file to the /root/ios directory on the IPFire box.

Copy the code below to a file named create_ovpn12.sh into the same directory:

#!/bin/bash
set -e

# OpenVPN keychain script
#   started from openvpncmd_v28.sh (version = v28)
#
# Launch via:
#   create_ovpn12 ovpn_file password(PKCS12 File Password)
#
#   $1 param = YourNewOpenVPNfile.ovpn
#   $2 param = PKCS12 File Password
#
#   create_ovpn12 version 5a
#

if (( $# < 2 )); then
    echo "Usage: create_ovpn12 <ovpn_file> <PKCS12 File Password>"
    exit 1
fi

if grep -q "BEGIN CERTIFICATE" "$1"; then
    echo "Error: wrong .ovpn file"
    echo "Usage: create_ovpn12 <ovpn_file> <PKCS12 File Password>"
    exit 1
fi


cp "$1" tmp.ovpn
PKCS12_PW="$2"              #   PKCS12 File Password

#   Convert windows file to linux file (drop Carriage Returns)
sed -i 's/\r$//g' tmp.ovpn

#   get key & value from input ovpn file <ovpn_file>
while IFS=" " read -r key value remainder
do
    #echo "key=$key" ; echo "value=$value" ; echo "remainder=$remainder" ; echo
    case "$key" in
        verify-x509-name ) 
            RedIPaddr="$value" 
            ;;

        *pkcs12 )
            pkcs12File="$value" 
            ;;
    esac
done < tmp.ovpn

#   Comment out the "tls-auth ta.key" line and the "pkcs12 *.p12" line
sed -i -E -e 's/^tls-auth /#tls-auth /' -e 's/^pkcs12 /#pkcs12 /' tmp.ovpn

p12File=/var/ipfire/ovpn/certs/"$pkcs12File"

ovpnBasename=${pkcs12File%%.*}          # remove extension
ovpnFile="$ovpnBasename.ovpn"           # add new extension
ovpn12File="Install_first.$ovpnBasename.ovpn12"

printf "\nUsing $1 to create $ovpnFile and ${ovpnBasename}.ovpn12\n\n"

cp tmp.ovpn "$ovpnFile"
echo "key-direction bidirectional" >> $ovpnFile

# get Root Certificate (cacert) <ca>
echo "<ca>" >> $ovpnFile
cat /var/ipfire/ovpn/ca/cacert.pem | sed '/^-----BEGIN CERTIFICATE-----/,$!d' >> $ovpnFile
echo "</ca>" >> $ovpnFile
printf "created Root Certificate\n"


# get TLS-Authentification-Key <tls-auth>
echo "<tls-auth>" >> $ovpnFile
cat /var/ipfire/ovpn/certs/ta.key | sed '/^-----BEGIN OpenVPN Static key V1-----/,$!d' >> $ovpnFile
echo "</tls-auth>" >> $ovpnFile
printf "created TLS Authentification Key\n"
printf "created $ovpnFile\n\n"


# Output only client certificates to pem key file format (base64 / ASCII)
openssl pkcs12 -in $p12File -passin pass:$PKCS12_PW -clcerts -nokeys -out tmp.pem
printf "created Client Certificate\n"

# Output without certificates to pem key file format (base64 / ASCII)
openssl pkcs12 -nocerts -in $p12File -passin pass:$PKCS12_PW -passout pass:$PKCS12_PW -out key.pem

# Output ovpn12 file (binary / gibberish)
openssl pkcs12 -export -in tmp.pem -passin pass:$PKCS12_PW -passout pass:$PKCS12_PW -inkey key.pem -certfile /var/ipfire/ovpn/ca/cacert.pem -name $ovpnBasename -out $ovpn12File
printf "created ${ovpnBasename}.ovpn12\n\n"


# cleanup
rm tmp.ovpn
rm tmp.pem
rm key.pem
printf "clean-up files\n\n"

#echo "ovpn file = "
#cat $ovpnFile; echo
exit

Once copied and saved, enter:

chmod +x create_ovpn12.sh

and to run the command enter:

./create_ovpn12.sh <ovpn_file>.ovpn <PKCS12 File Password>

Copy the newly created ovpn12 and .ovpn files from the IPFire to the client computer. And now install the those files on the iDevice via iTunes or via the Files app

Back to Configure iPhone main page Next to Install `.ovpn` on iDevice via iTunes
Back to OpenVPN main page Next to Install `.ovpn` on iDevice via the Files app
Edit Page ‐ Yes, you can edit!

Older Revisions • September 30 at 2:38 pm • Jon