iOS and IPCop/IPFire OpenVPN

calendar May 2, 2013 · 2 min read · ios ipcop ipfire openvpn  ·
Share on: linkedin copy

OpenVPN-Profile

OpenVPN Connect is a good OpenVPN client for iOS devices with version 5.0 or higher.

Using this app VPN tunnels can be managed and used comfortably. Unfortunately the respective OpenVPN configuration files can't be edited directly on the iPhone, iPod or iPad like in the Android application. The first setup might be more complex because you'll have to modify the configuration files on a computer and copy them to the device using iTunes afterwards.

Beyond that there are some additional restrictions:

  • Certificates need to be integrated in the configuration file
  • TAP devices are currently not working
  • Error messages while managing certificates can't be scrolled and wont fit on the screen in vertical mode

The appropriate iOS OpenVPN configuration varies based on your server configuration - like mentioned above, TAP configurations aren't working currently.

I'm using OpenVPN with an IPCop router. This router uses TUN and certificates for users and CA by default. In this setup it is necessary to extract the user and CA certificates (requires an installed OpenSSL distribution) to include the certificates into the OpenVPN configuration afterwards:

 1# openssl pkcs12 -in name.p12 -nocerts -nodes -out keys.pem
 2Enter Import Password:
 3MAC verified OK
 4
 5# openssl pkcs12 -in name.p12 -cacerts -nodes -out ca.pem
 6Enter Import Password:
 7MAC verified OK
 8
 9# openssl pkcs12 -in name.p12 -out name.pem
10Enter Import Password:
11MAC verified OK
12Enter PEM pass phrase:

The client ZIP provided by IPCop / IPFire contains a configuration file that needs to be modified. The mentioned crypto archive (pkcs12) needs to be removed or commented out - the previously extracted certificates are added in XML syntax:

 1#OpenVPN Server conf
 2tls-client
 3client
 4dev tun
 5proto udp
 6tun-mtu 1400
 7remote HOSTNAME PORT
 8#pkcs12 name.p12
 9cipher BF-CBC
10verb 3
11ns-cert-type server
12
13#ca.pem
14<ca>
15-----BEGIN CERTIFICATE-----
16...
17-----END CERTIFICATE-----
18</ca>
19#name.pem
20<cert>
21-----BEGIN CERTIFICATE-----
22....
23-----END CERTIFICATE-----
24</cert>
25#keys.pem
26<key>
27-----BEGIN PRIVATE KEY-----
28...
29-----END PRIVATE KEY-----
30</key>

Afterwards the OpenVPN configuration is saved and copied to the iOS device using iTunes. After installing OpenVPN Connect there should be a appropriate tab in iTunes (don't forget to scroll down!).

OpenVPN-Log

Using drag & drop the file can be transfered easily. On your iOS device the new profile is recognized and imported after confirmation.

Connection establishments are logged automatically - if there's a problem with connecting you're able to get behind the reason. Active VPN connections are advertised like IPSec and PPTP tunnels using the well-known VPN icon in the statusbar. 🙂

Translations: