Opened 18 months ago

#1158 new Bug / Defect

Can't select certificate on OpenVPN Connect when pushed from MDM

Reported by: manuelfr Owned by: yuriy
Priority: major Milestone:
Component: OpenVPN Connect Version: OpenVPN Connect for iOS v1.2.9
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Premises:

  • We are using OpenVPN Connect 3.0.4 (not listed into Version selector)
  • We are sending a .mobileconfig from our MDM solution following steps in article https://openvpn.net/faq/can-i-import-an-openvpn-profile-via-an-ios-mobileconfig-file/
  • Our .mobileconfig only include CA. Not CERT, KEY or PKCS12 embedded.
  • We are importing p12 in ovpn12 format into OpenVPN Connect on iOS 12.
  • We can import ovpn12 without problem and we can see it under Certs inside OpenVPN Connect.

Problem description:

  • Profile pushed through MDM does not recognize any ovpn12 and there is no option to select imported ones.
  • If we import profile with .ovpn file through Mail or Safari, we can choose ovpn12 cert we have imported and modify it at any time. (that is just what we are looking for).

Bug:

  • It might be possible to specify an improted ovpn12 certificate inside OpenVPN Connect when profile is MDM pushed in the same way we do when imported from .ovpn.

.mobileconfig content

<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>DisconnectOnIdle</key>
			<integer>1</integer>
			<key>DisconnectOnIdleTimer</key>
			<integer>900</integer>
			<key>IPv4</key>
			<dict>
				<key>OverridePrimary</key>
				<integer>0</integer>
			</dict>
			<key>PayloadDescription</key>
			<string>Configures VPN settings</string>
			<key>PayloadDisplayName</key>
			<string>VPN</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.vpn.managed.2BCB5720-ED6A-49EF-8F88-585947DE6770</string>
			<key>PayloadType</key>
			<string>com.apple.vpn.managed</string>
			<key>PayloadUUID</key>
			<string>2BCB5720-ED6A-49EF-8F88-585947DE6770</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Proxies</key>
			<dict>
				<key>HTTPEnable</key>
				<integer>0</integer>
				<key>HTTPSEnable</key>
				<integer>0</integer>
			</dict>
			<key>UserDefinedName</key>
			<string>OpenVPN</string>
			<key>VPN</key>
			<dict>
				<key>AuthName</key>
				<string>DEFAULT</string>
				<key>AuthenticationMethod</key>
				<string>Password</string>
				<key>OnDemandEnabled</key>
				<integer>1</integer>
				<key>RemoteAddress</key>
				<string>DEFAULT</string>
			</dict>
			<key>VPNSubType</key>
			<string>net.openvpn.connect.app</string>
			<key>VPNType</key>
			<string>VPN</string>
			<key>VendorConfig</key>
			<dict>
				<key>ca</key>
				<string>-----BEGIN CERTIFICATE-----OMMITED-----END CERTIFICATE-----</string>
				<key>client</key>
				<string>NOARGS</string>
				<key>comp-lzo</key>
				<string>NOARGS</string>
				<key>dev</key>
				<string>tun</string>
				<key>remote-cert-tls</key>
				<string>server</string>
				<key>remote</key>
				<string>OMMITED udp</string>
				<key>vpn-on-demand</key>
				<string>0</string>
				<key>cipher</key>
				<string>AES-256-CBC</string>
			</dict>
		</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>VPNConfig</string>
	<key>PayloadIdentifier</key>
	<string>PGD.3972F454-FC58-449C-B7C3-1D5774009355</string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>C204C9BA-8D22-4F27-A946-0C9E98CD416A</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

Change History (0)

Note: See TracTickets for help on using tickets.