Opened 6 years ago

Closed 6 years ago

#985 closed Bug / Defect (fixed)

iOS: .mobileconfig with .p12 Payload does not work

Reported by: Zephyer Owned by: Antonio Quartulli
Priority: major Milestone:
Component: OpenVPN Connect Version: OpenVPN Connect for iOS v1.2.6
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: Certificate
Cc:

Description

openVPN 1.2.6 has the same problems as reported in openVPN 1.2.5 in the following thread;
https://forums.openvpn.net/viewtopic.php?f=36&t=25587

The VPN cert. isn't imported properly, you'll see multiple people responding with different situations vary from MDM implementations to personal (private) situations.

Change History (12)

comment:1 Changed 6 years ago by Antonio Quartulli

Owner: set to Antonio Quartulli
Status: newassigned
Summary: openVPN bugged out with importing certificateiOS: openVPN bugged out with importing certificate

Sorry, in that forum thread there are a lot of issues reported, therefore it's not easy for me to understand what you are referring to.

Are you talking about installing Profivioning Profiles (.mobileconfig files) with a Certificate Payload via MDM?

Or are you importing profile (.ovpn) and PKCS#12 (.ovpn12) separately?

Version 0, edited 6 years ago by Antonio Quartulli (next)

comment:2 Changed 6 years ago by Zephyer

Hi,

We install a provisiong profile and a client certificate.
The certificate is being pushed into the keychain of the device, the openVPN used to get the certificatie from the keychain.

comment:3 Changed 6 years ago by Antonio Quartulli

If you are importing the certificate in PKCS#12 format, then you should try reading the FAQ about the new .ovpn12 extension.

comment:4 Changed 6 years ago by Antonio Quartulli

If you are importing certificates as CertificatePayload? within .mobileconfig files, that is currently not-supported as we required some special permission from Apple to have it working again. However, it is already in the pipe.

comment:5 Changed 6 years ago by Zephyer

We've had contact with our MDM POC and Apple, both are saying that the way that openVPN app (1.2.5 and up) is working with certificatpayload isn't how it's supposed to work.

Both are saying openVPN has to solve the problem, not stating that openVPN is trying to get permission from Apple.

So pointing out the it's not supported doesn't work for me, supported with the information that Apple gave to me.

Last edited 6 years ago by Zephyer (previous) (diff)

comment:6 in reply to:  5 Changed 6 years ago by Antonio Quartulli

Sorry, but I think there was a misunderstanding.

Replying to Zephyer:

We've had contact with our MDM POC and Apple, both are saying that the way that openVPN app (1.2.5 and up) is working with certificatpayload isn't how it's supposed to work.

Both are saying openVPN has to solve the problem, not stating that openVPN is trying to get permission from Apple.

So pointing out the it's not supported doesn't work for me, supported with the information that Apple gave to me.

I never said it's Apple's fault. When I said "it is currently not supported" I meant not supported by the OpenVPN Connect app as of now.

In order to work the app requires a special permission granted by Apple after a formal request.
We did request it and we managed to conclude the process last week.

I also mentioned it in my previous comment: the fix is already in the pipe.

comment:7 Changed 6 years ago by Zephyer

The fix you mentioned that is 'in the pipe', in which openVPN app version is this implemented?
As of today 1.2.7 is available in the AppStore? which doesn't fix the problem.

comment:8 Changed 6 years ago by Antonio Quartulli

It will be released with v1.2.8.

comment:9 Changed 6 years ago by Antonio Quartulli

Status: assignedaccepted

comment:10 Changed 6 years ago by Antonio Quartulli

Priority: blockermajor
Summary: iOS: openVPN bugged out with importing certificateiOS: .mobileconfig with .p12 Payload does not work

comment:11 Changed 6 years ago by H3ik0

When is the estimated release date for v1.2.8?

comment:12 Changed 6 years ago by Antonio Quartulli

Resolution: fixed
Status: acceptedclosed

1.2.8 has been approved and is being released to the AppStore? as we speak. I am finally closing this ticket. Please feel free to re-open it if the issue is not yet solved.

Note: please pay attention to the new app ID when writing your own mobileconfig file.

Note: See TracTickets for help on using tickets.