iOS and IPCop/IPFire OpenVPN

OpenVPN-Profile

OpenVPN-Profile

OpenVPN Connect is a good OpenVPN client for iOS devices with version 5.0 or higher.

Using this app VPN tunnels can be managed and used comfortably. Unfortunately the respective OpenVPN configuration files can’t be edited directly on the iPhone, iPod or iPad like in the Android application. The first setup might be more complex because you’ll have to modify the configuration files on a computer and copy them to the device using iTunes afterwards.

Beyond that there are some additional restrictions:

  • Certificates need to be integrated in the configuration file
  • TAP devices are currently not working
  • Error messages while managing certificates can’t be scrolled and wont fit on the screen in vertical mode

The appropriate iOS OpenVPN configuration varies based on your server configuration – like mentioned above, TAP configurations aren’t working currently.

I’m using OpenVPN with an IPCop router. This router uses TUN and certificates for users and CA by default. In this setup it is necessary to extract the user and CA certificates (requires an installed OpenSSL distribution) to include the certificates into the OpenVPN configuration afterwards:

# openssl pkcs12 -in name.p12 -nocerts -nodes -out keys.pem
Enter Import Password:
MAC verified OK
# openssl pkcs12 -in name.p12 -cacerts -nodes -out ca.pem
Enter Import Password:
MAC verified OK
# openssl pkcs12 -in name.p12 -out name.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:

The client ZIP provided by IPCop / IPFire contains a configuration file that needs to be modified. The mentioned crypto archive (pkcs12) needs to be removed or commented out – the previously extracted certificates are added in XML syntax:

#OpenVPN Server conf
tls-client
client
dev tun
proto udp
tun-mtu 1400
remote HOSTNAME PORT
#pkcs12 name.p12
cipher BF-CBC
verb 3
ns-cert-type server

#ca.pem
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
#name.pem
<cert>
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
</cert>
#keys.pem
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>

Afterwards the OpenVPN configuration is saved and copied to the iOS device using iTunes. After installing OpenVPN Connect there should be a appropriate tab in iTunes (don’t forget to scroll down!).

OpenVPN-Log

OpenVPN-Log

Using drag & drop the file can be transfered easily. On your iOS device the new profile is recognized and imported after confirmation.

Connection establishments are logged automatically – if there’s a problem with connecting you’re able to get behind the reason. Active VPN connections are advertised like IPSec and PPTP tunnels using the well-known VPN icon in the statusbar. 🙂

Sharing is caring

Leave a Reply