| 1 | I had to setup openvpn on 4 non-jailbroken IOS devices yesterday. These devices were not setup to sync to computers, so I had to add the openvpn files via email. |
| 2 | This is a bad (insecure) way to add openvpn to the devices, but in this case it was the only way, and security was not very important on this setup. |
| 3 | If I was able to sync these devices with a computer, I could have used my original config file and cert files by adding the files from within iTunes. |
| 4 | In order to make this work, You need to use in-line certificate files. |
| 5 | My original config file looked like this: |
| 6 | Before: |
| 7 | |
| 8 | |
| 9 | {{{ |
| 10 | client |
| 11 | dev tun |
| 12 | proto udp |
| 13 | remote vpn.server.hostname 1194 |
| 14 | resolv-retry infinite |
| 15 | nobind |
| 16 | persist-key |
| 17 | persist-tun |
| 18 | ns-cert-type server |
| 19 | verb 3 |
| 20 | ca ca.crt |
| 21 | cert jeff.crt |
| 22 | key jeff.key |
| 23 | tls-auth ta.key 1 |
| 24 | |
| 25 | }}} |
| 26 | |
| 27 | |
| 28 | After changing my config files to work with in-line certificates, they looked like this: |
| 29 | After |
| 30 | |
| 31 | |
| 32 | {{{ |
| 33 | client |
| 34 | dev tun |
| 35 | proto udp |
| 36 | remote vpn.server.hostname 1194 |
| 37 | resolv-retry infinite |
| 38 | nobind |
| 39 | persist-key |
| 40 | persist-tun |
| 41 | ns-cert-type server |
| 42 | verb 3 |
| 43 | key-direction 1 |
| 44 | <ca> |
| 45 | -----BEGIN CERTIFICATE----- |
| 46 | ... |
| 47 | -----END CERTIFICATE----- |
| 48 | </ca> |
| 49 | <cert> |
| 50 | -----BEGIN CERTIFICATE----- |
| 51 | ... |
| 52 | -----END CERTIFICATE----- |
| 53 | </cert> |
| 54 | <key> |
| 55 | -----BEGIN RSA PRIVATE KEY----- |
| 56 | ... |
| 57 | -----END RSA PRIVATE KEY----- |
| 58 | </key> |
| 59 | <tls-auth> |
| 60 | -----BEGIN OpenVPN Static key V1----- |
| 61 | ... |
| 62 | -----END OpenVPN Static key V1----- |
| 63 | </tls-auth> |
| 64 | |
| 65 | }}} |
| 66 | |
| 67 | |
| 68 | Notice that --tls-auth takes a direction (1/0) when using it from a file, but when using tls-auth inline you must also use --key-direction (1/0). |
| 69 | Then on the !Iphone/Ipad/Ipod touch go to the app store, search for openvpn connect, and install it. |
| 70 | Then email the final config (with file extension .ovpn) as an attachment from an email account on your computer (or a webmail) to the email address setup on IOS in the Mail app. |
| 71 | In the mail app open the email and open the .ovpn file, then choose to open it with OpenVPN. If you did it right, OpenVPN opens and you can click a + icon next to your config to import it. |
| 72 | Now you can simply slide Off to On and your VPN connects. |
| 73 | If your VPN server is at your house, and you are connecting to the Internet IP (as opposed to using the LAN IP in --remote) you can not connect to it from your house. |