1. The Web Interface
  2. Services
  3. OpenVPN on IPFire
  4. Configure iOS Device for OpenVPN
  5. Scripted Method to create a unified `.ovpn` file

Scripted Method to create a unified .ovpn file

Includes the five sections in the Manual Method all in an easy to run script.

Installation on IPFire

There is no web interface for this script. To run the script open the client console or terminal and access the IPFire box via SSH.

Once connected via SSH, create a directory for creating .ovpn files with this script. Example:

mkdir /root/ios
cd /root/ios

Locate the the <ovpn_file>.ovpn file obtained from the Download Client Package (zip) and copy the file to the /root/ios directory on the IPFire box.

Copy the code below to a file named openvpncmd.sh into the same directory:

#!/bin/bash
set -e
#set -x
# OpenVPN script for IPCop/iOS, www.magnuswedberg.com
#
# Launch via:
#   openvpncmd ovpn_file password(PKCS12 File Password)
#
#   $1 param = YourNewOpenVPNfile.ovpn
#   $2 param = PKCS12 Password
#

if (( $# < 2 )); then
    # TODO: print usage
    echo "Usage: openvpncmd ovpn_file password(PKCS12 File Password)"
    exit 1
fi

cp "$1" tmp.ovpn
PKCS12_PW="$2"              #   PKCS12 File Password

#   Convert windows file to linux file (drop Carriage Returns)
sed -i 's/\r$//g' tmp.ovpn

#   get key & value from input ovpn file
while IFS=" " read -r key value remainder
do
    #echo "key=$key" ; echo "value=$value" ; echo "remainder=$remainder" ; echo
    case "$key" in
        verify-x509-name ) 
            RedIPaddr="$value" 
            ;;

        *pkcs12 )
            pkcs12File="$value" 
            ;;
    esac
done < tmp.ovpn

#   Comment out the "tls-auth ta.key" line and the "pkcs12 *.p12" line
sed -i -E -e 's/^tls-auth /#tls-auth /' -e 's/^pkcs12 /#pkcs12 /' tmp.ovpn

p12File=/var/ipfire/ovpn/certs/"$pkcs12File"
FILE="$p12File"

fn=$(basename "$FILE")

#bn="${fn%%.*}"
ovpnFile="${fn%%.*}".ovpn

cp tmp.ovpn $ovpnFile
rm tmp.ovpn
echo "key-direction bidirectional" >> $ovpnFile


echo "<ca>" >> $ovpnFile
cat /var/ipfire/ovpn/ca/cacert.pem | sed '/^-----BEGIN CERTIFICATE-----/,$!d' >> $ovpnFile
echo "</ca>" >> $ovpnFile

echo "<cert>" >> $ovpnFile
openssl pkcs12 -in $p12File -clcerts -nokeys -password pass:$PKCS12_PW | sed '/^-----BEGIN CERTIFICATE-----/,$!d' >> $ovpnFile
echo "</cert>" >> $ovpnFile

echo "<key>" >> $ovpnFile
openssl pkcs12 -nocerts -in $p12File -passin pass:$PKCS12_PW -passout pass:$PKCS12_PW | sed '/^-----BEGIN ENCRYPTED PRIVATE KEY-----/,$!d' >> $ovpnFile
echo "</key>" >> $ovpnFile

echo "<tls-auth>" >> $ovpnFile
cat /var/ipfire/ovpn/certs/ta.key | sed '/^-----BEGIN OpenVPN Static key V1-----/,$!d' >> $ovpnFile
echo "</tls-auth>" >> $ovpnFile

#echo "ovpn file = "
#cat $ovpnFile; echo
exit

Once copied and saved, enter:

chmod +x /root/ios/openvpncmd.sh

and to run the command enter:

./openvpncmd.sh <ovpn_file>.ovpn <PKCS12 File Password>

Copy the newly created .ovpn unified file from the IPFire to the client computer. And now install the new .ovpn unified file onto the iDevice follow the steps here.

Edit Page ‐ Yes, you can edit!

Older Revisions • January 23 at 11:49 pm • Jon