Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

Scripted Method to create a unified .ovpn file

Back to OpenVPN main page

Back to Configure iPhone main page

Work in Progress... Work in Progress... Work in Progress... Work in Progress... Work in Progress...

Includes the five sections in the Manual Method all in an easy to run script.

Installation on IPFire

There is no web interface for this script. To run the script open the client console or terminal and access the IPFire box via SSH.

Once connected via SSH, create a directory for creating .ovpn files with this script. Example:

mkdir /root/ios
cd /root/ios

Locate the the <ovpn_file>.ovpn file obtained from the Download Client Package (zip) and copy the file to the /root/ios directory on the IPFire box.

Copy the code below to a file named openvpncmd.sh into the same directory:

set -e
#set -x
# OpenVPN script for IPCop/iOS, www.magnuswedberg.com
# Launch via:
#   openvpncmd ovpn_file password(PKCS12 File Password)
#   $1 param = YourNewOpenVPNfile.ovpn
#   $2 param = PKCS12 Password

if (( $# < 2 )); then
    # TODO: print usage
    echo "Usage: openvpncmd ovpn_file password(PKCS12 File Password)"
    exit 1

cp "$1" tmp.ovpn
PKCS12_PW="$2"              #   PKCS12 File Password

#   Convert windows file to linux file (drop Carriage Returns)
sed -i 's/\r$//g' tmp.ovpn

#   get key & value from input ovpn file
while IFS=" " read -r key value remainder
    #echo "key=$key" ; echo "value=$value" ; echo "remainder=$remainder" ; echo
    case "$key" in
        verify-x509-name ) 

        *pkcs12 )
done < tmp.ovpn

#   Comment out the "tls-auth ta.key" line and the "pkcs12 *.p12" line
sed -i -E -e 's/^tls-auth /#tls-auth /' -e 's/^pkcs12 /#pkcs12 /' tmp.ovpn


fn=$(basename "$FILE")


cp tmp.ovpn $ovpnFile
rm tmp.ovpn
echo "key-direction bidirectional" >> $ovpnFile

echo "<ca>" >> $ovpnFile
cat /var/ipfire/ovpn/ca/cacert.pem | sed '/^-----BEGIN CERTIFICATE-----/,$!d' >> $ovpnFile
echo "</ca>" >> $ovpnFile

echo "<cert>" >> $ovpnFile
openssl pkcs12 -in $p12File -clcerts -nokeys -password pass:$PKCS12_PW | sed '/^-----BEGIN CERTIFICATE-----/,$!d' >> $ovpnFile
echo "</cert>" >> $ovpnFile

echo "<key>" >> $ovpnFile
openssl pkcs12 -nocerts -in $p12File -passin pass:$PKCS12_PW -passout pass:$PKCS12_PW | sed '/^-----BEGIN ENCRYPTED PRIVATE KEY-----/,$!d' >> $ovpnFile
echo "</key>" >> $ovpnFile

echo "<tls-auth>" >> $ovpnFile
cat /var/ipfire/ovpn/certs/ta.key | sed '/^-----BEGIN OpenVPN Static key V1-----/,$!d' >> $ovpnFile
echo "</tls-auth>" >> $ovpnFile

#echo "ovpn file = "
#cat $ovpnFile; echo

Once copied and saved, enter:

chmod +x openvpncmd.sh

and to run the command enter:

openvpncmd.sh <ovpn_file>.ovpn <PKCS12 File Password>

Now install the new .ovpn unified file onto the iDevice follow the steps here.

Back to Configure iPhone main page

Back to OpenVPN mainpage

Edit Page ‐ Yes, you can edit!

Older Revisions • September 20 at 10:58 pm • Jon