Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire.

Please join in and help us improving it!

Configure iPad and iPhone for OpenVPN v2

The iPhone and iPad iOS require a .ovpn unified file to load into the OpenVPN app. The article below descriptor how to create that file.

Preparations

  • Install the iOS app OpenVPN Connect
  • Configure and create an OpenVPN client for your iPhone or iPad device.
    • Make sure you document the PKCS12 File Password:. It will be needed in the next few steps.

There are a few different ways to create a unified file for use on an iOS device (iPhone or iPad device). It can be done manually by cutting and pasting information from various files. Or it can be done with one if the bash scripts in this article.

Download Client Package

To get started go to the menu Service > OpenVPN, scroll to the Connection Status and Control section and click on the Download Client Package (zip) icon.

Download Client Package (zip)
Download Client Package (zip)

Manual Method

May become a separate web page.

There are 5 sections to a unified ovpn file:

  1. The OpenVPN client conf section
    • The file is obtained from the Download Client Package (zip) above.
    • Download and copy the .ovpn file to a new file. Let's call it myPhone.ovpn.
    • scroll to the end of the myPhone.ovpn file add the two lines below:
key-direction bidirectional
<ca>
  1. The Root Certificate (ca directive)
    • Open the OpenVPN webpage (Service > OpenVPN), scroll down to the Certificate Authorities and -Keys
    • Download the Root Certificate by clicking on the floppy disk. Locate the cacert.pem file in the Downloads folder.
    • Copy the contents of cacert.pem to end of the myPhone.ovpn
    • scroll to the end of the myPhone.ovpn file add the two lines below:
</ca>
<cert>
  1. The Host Certificate (cert directive)
    • Open the OpenVPN webpage (Service > OpenVPN), scroll down to Certificate Authorities and -Keys
    • locate the Host Certificate and click on the Show host certificate icon (the blue circle i)
    • scroll to the bottom of the OpenVPN - Host Certificate webpage
    • copy all of the lines from -----BEGIN CERTIFICATE----- to the end
    • paste those lines at the end of the myPhone.ovpn file
    • scroll to the end of the myPhone.ovpn file add the two lines below:
</cert>
<key>
  1. The Encrypted Private Key (key)
    • The myPhone.p12 file is obtained from the Download Client Package (zip) above.
    • In the terminal, go to the directory where the myPhone.p12 file is located and enter:
PKCS12_PW=<PKCS12 File Password>  # mentioned above in Preparations.
openssl pkcs12 -nocerts -in iPhone.p12 -passin pass:$PKCS12_PW -passout pass:$PKCS12_PW
  1. (continued)
    • copy all of the lines from -----BEGIN CERTIFICATE----- to the end
    • paste those lines at the end of the myPhone.ovpn file
    • scroll to the end of the myPhone.ovpn file add the two lines below:
</key>
<tls-auth>
  1. The TA key (tls-auth)
    • The ta.key file is obtained from the Download Client Package (zip) above.
    • Copy the contents of ta.key to end of the myPhone.ovpn
    • scroll to the end of the myPhone.ovpn file add the two lines below:
</tls-auth>

To install the .ovpn unified file, follow the steps here.

Done creating the unified ovpn file! The myPhone.ovpn file should look similar to the file below.

Example iphone.ovpn
Example iphone.ovpn

Scripted Method

To use the scripted method click here.

Client side code

Work-in-progress...
Script Installation on client computer

May become a separate web page.

Separate file for iOS keychain

Work-in-progress...

May become a separate web page.

OpenVPN - How do I use a client certificate and private key from the iOS Keychain?

1st file includes:

  • ovpn info?
  • CA directive

2nd file includes:

  • Cert directive
  • Key directive
  • tls-auth?

Back to OpenVPN main page

Edit Page ‐ Yes, you can edit!

Older Revisions • Wednesday at 3:03 am • Jon