Scripted Method to create a unified .ovpn file

Includes the five sections in the Manual Method all in an easy to run script.

Installation on IPFire

There is no web interface for this script. To run the script open the client console or terminal and access the IPFire box via SSH.

Once connected via SSH, create a directory for creating .ovpn files with this script. Example:

mkdir /root/ios
cd /root/ios

Locate the the <ovpn_file>.ovpn file obtained from the Download Client Package (zip) and copy the file to the /root/ios directory on the IPFire box.

Copy the code below to a file named into the same directory:

set -e
#set -x
# OpenVPN script for IPCop/iOS,
# Launch via:
#   openvpncmd ovpn_file password(PKCS12 File Password)
#   $1 param = YourNewOpenVPNfile.ovpn
#   $2 param = PKCS12 Password

if (( $# < 2 )); then
    # TODO: print usage
    echo "Usage: openvpncmd ovpn_file password(PKCS12 File Password)"
    exit 1

cp "$1" tmp.ovpn
PKCS12_PW="$2"              #   PKCS12 File Password

#   Convert windows file to linux file (drop Carriage Returns)
sed -i 's/\r$//g' tmp.ovpn

#   get key & value from input ovpn file
while IFS=" " read -r key value remainder
    #echo "key=$key" ; echo "value=$value" ; echo "remainder=$remainder" ; echo
    case "$key" in
        verify-x509-name ) 

        *pkcs12 )
done < tmp.ovpn

#   Comment out the "tls-auth ta.key" line and the "pkcs12 *.p12" line
sed -i -E -e 's/^tls-auth /#tls-auth /' -e 's/^pkcs12 /#pkcs12 /' tmp.ovpn


fn=$(basename "$FILE")


cp tmp.ovpn $ovpnFile
rm tmp.ovpn
echo "key-direction bidirectional" >> $ovpnFile

echo "<ca>" >> $ovpnFile
cat /var/ipfire/ovpn/ca/cacert.pem | sed '/^-----BEGIN CERTIFICATE-----/,$!d' >> $ovpnFile
echo "</ca>" >> $ovpnFile

echo "<cert>" >> $ovpnFile
openssl pkcs12 -in $p12File -clcerts -nokeys -password pass:$PKCS12_PW | sed '/^-----BEGIN CERTIFICATE-----/,$!d' >> $ovpnFile
echo "</cert>" >> $ovpnFile

echo "<key>" >> $ovpnFile
openssl pkcs12 -nocerts -in $p12File -passin pass:$PKCS12_PW -passout pass:$PKCS12_PW | sed '/^-----BEGIN ENCRYPTED PRIVATE KEY-----/,$!d' >> $ovpnFile
echo "</key>" >> $ovpnFile

echo "<tls-auth>" >> $ovpnFile
cat /var/ipfire/ovpn/certs/ta.key | sed '/^-----BEGIN OpenVPN Static key V1-----/,$!d' >> $ovpnFile
echo "</tls-auth>" >> $ovpnFile

#echo "ovpn file = "
#cat $ovpnFile; echo

Once copied and saved, enter:

chmod +x /root/ios/

and to run the command enter:

./ <ovpn_file>.ovpn <PKCS12 File Password>

Copy the newly created .ovpn unified file from the IPFire to the client computer. And now install the new .ovpn unified file onto the iDevice follow the steps here.

Edit Page ‐ Yes, you can edit!

Older Revisions • January 23 at 11:49 pm • Jon