Support Portal

OpenVPN access from iOS devices

If you wish to connect to the client VPN from an Apple iOS device, this article will explain how to create the required VPN profile and use it.

Please note that you can only use one VPN profile at a time; the same profile can't be used from two client devices at the same time. It may be advisable to create separate mobile device OpenVPN profiles for users that require it.

When you distribute the Users OpenVPN access to a computer there are four files involved:

ovpn
cert
key
ca

When installing an OpenVPN connection to an iOS device you can only import one file. This means you need to embed the information held in the cert, key and ca files into the ovpn file.

This is done by editing the OVPN file and copying the full contents of the cert, key and ca files between specific tags:

<cert>......</cert>
<key>....... </key>
<ca>..........</ca>

You will also need to hashout or delete the original cert, key and ca lines.

Example original ovpn file:

client
resolv-retry 20
keepalive 10 60
nobind
mute-replay-warnings
ns-cert-type server
comp-lzo
max-routes 500
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
proto udp
port 1194
cipher AES-128-CBC
cert keys/Zynstra-Bath-Test.crt
key keys/Zynstra-Bath-Test.key
ca keys/Zynstra-Bath-Test-ca.crt
remote 193.45.87.xx 1194 # public address
remote 193.45.87.xx 1194 # static WAN 1


Example embedded ovpn file:

client
resolv-retry 20
keepalive 10 60
nobind
mute-replay-warnings
ns-cert-type server
comp-lzo
max-routes 500
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
proto udp
port 1194
cipher AES-128-CBC
#cert keys/Zynstra-Bath-Test.crt
#key keys/Zynstra-Bath-Test.key
#ca keys/Zynstra-Bath-Test-ca.crt
remote 193.45.87.xx 1194 # public address
remote 193.45.87.xx 1194 # static WAN 1

<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 265525 (0x70d5)
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=certificateAuthority, C=CO, ST=ST, L=L, O=O, OU=OU/dnQualifier=certificateAuthority
Validity
Not Before: Jan 27 12:40:29 2016 GMT
Not After : Jan 24 12:40:29 2026 GMT
Subject: C=CO, ST=ST, O=O, OU=OU, CN=DanEmbleton/dnQualifier=client-DanEmbleton
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b0:31:fd:55:11:88:d1:24:d3:7d:6b:13:d4:ea:
ba:a0:bf:6e:0d:b1:51:fd:c3:e4:63:30:96:41:01:
cb:5c:f5:f1:b8:43:a8:eb:a6:6f:c9:13:6b:99:20:
62:49:66:85:fa:c9:cf:dd:c9:97:69:8c:22:6b:38:
92:87:5e:be:e4:09:38:08:e4:9f:28:ad:8b:a0:07:
d9:0d:2b:cf:e7:86:d9:6c:08:1a:7b:de:47:78:3a:
15:e6:ce:45:2a:30:bb:90:56:2c:54:0b:78:a5:f4:
6e:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
49:CC:4E:A6:95:3F:79:1C:40:DC:32:E6
X509v3 Authority Key Identifier:
keyid:9E:13:EB:97:15:35:88:19:AD
DirName:/CN=certificateAuthority/C=CO/ST=ST/L=certificateAuthority
serial:9E:3E:76:CB

Signature Algorithm: md5WithRSAEncryption
4f:43:21:3d:a9:8b:ab:ca:b8:29:9c:9b:90:63:47:6e:84:d8:
7c:ad:c1:9e:f2:a6:ca:a6:b4:74:44:55:49:5f:c0:f4:0d:0f:
56:97:bd:e4:b7:d4:eb:42:de:c2:ec:d0:b6:b0:48:46:0d:c4:
c7:14:92:d0:fb:0e:bc:a8:fb:9f:ac:70:9b:f5:82:36:4e:31:
e9:d5:3b:65:95:5e:0c:fa:db:74:e5:31:1e:c7:fa:a1:6e:bf:
8b:31:16:e9:8f:c0:22:c5:49:30:be:f9:82:9f:48:45:10:45:
be:1c:8e:23
-----BEGIN CERTIFICATE-----
ZXJ0aWZpY2F0ZUF1dGhvcml0eTELMAkGA1UEBhMCQ08xCzAJBgNVBAgTAlNUMQow
CAYDVQQHEwFMMQowCAYDVQQKEwFPMQswCQYDVQQLEwJPVTEdMBsGA1UELhMUY2Vy
dGlmaWNhdGVBdXRob3JpdHkwHhcNMTYwMTI3MTI0MDI5WhcNMjYwMTI0MTI0MDI5
WjBmMQswCQYDVQQGEwJDTzELMAkGA1UECBMCU1QxCjAIBgNVBAoTAU8xCzAJBgNV
BAsTAk9VMRQwEgYDVQQDEwtEYW5FbWJsZXRvbjEbMBkGA1UELhMSY2xpZW50LURh
bkVtYmxldG9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDH9VRGI
AUwxCjAIBgNVBAoTAU8xCzAJBgNVBAsTAk9VMR0wGwYDVQQuExRjZXJ0aWZpY2F0
ZUF1dGhvcml0eYIJAJ4+dstWx0FQMA0GCSqGSIb3DQEBBAUAA4IBAQBPQyE9qYur
cDRfPkPG/o3Ydy7yOZIrsFfiY4DwNtN0Ak0WZiAv3MAwea7EeF6l1M0WijMnaqMr
JysfTU++nw0T0ohWl73kt9TrQt7C7NC2sEhGDcSdePjNW70gBubBChtJERTcWujH
n0hFEEW+HI4j
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
jb61Qh/TSjprhwkhZHotJiJIW04NokkcER229vIuJjJopJNO1hI/j6bKYODD02CY
pD3UrEAAIcAJ5f3331rbXI7iu3RnLukFqlZnHB/yQMpOho1oOqP3WQRvyK0WVUqy
eH0QJ4HmGk6F7lZfhgqnZ57O6pw7ctYOK8/nhtJsCBp73kd4OiXmzrsqMLuQVixU
QypvS4eAT7rs70sCGKfUvKvNxdDpm61xq/Q0LpmaBiZEzq3LWHcgVOOLpgK4C8O3
vWvDpkgGtzgmqX9E2NmQPKLUYnsgx7zOehjafQYBaFhDQmRW3ZPRR+rMNg+fLK3q
IQqjsmeDEMNIK50zeG53y3fHzqmDM9hZNb/0IzuaWJ7A36Ktc8wr4QHgn+DyZQEU
BVWBZ4sfsAuadZGyOIaFMv0uI5dBlNjwv6CEgRPST9dkHGM/1rT6GOOp/QsB1ZQG
JPVfELO3ZTvd/Q2k/bOVnC/V0Q6fNvSptBKr1mwmbnlXYgn83fLvLnG/AoGBALFh
2BD+YdzMiMl4rh91GkhpTgj4QPugzSVGHkyUtorpKo5mfk2vW4RAGgNnghlJb+xQ
1XVUqy0LoVVsDVwY8oJv1+/JHjAXjbbBPqZHKERzAoGACWqCbCTVNPUG5iWbIF7Z
UFHBYiWdMCNViHI19LvwCGc=
-----END PRIVATE KEY-----
</key>

<ca>
-----BEGIN CERTIFICATE-----
BAMTFGNlcnRpZmljYXRlQXV0aG9yaXR5MQswCQYDVQQGEwJDTzELMAkGA1UECBMC
U1QxCjAIBgNVBAcTAUwxCjAIBgNVBAoTAU8xCzAJBgNVBAsTAk9VMR0wGwYDVQQu
ExRjZXJ0aWZpY2F0ZUF1dGhvcml0eTAeFw0xNjAxMjcxMjE2MThaFw0yNjAxMjQx
EwJDTzELMAkGA1UECBMCU1QxCjAIBgNVBAcTAUwxCjAIBgNVBAoTAU8xCzAJBgNV
4DAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBSeE+uXNTWIGa20gnUb0vYBkqv9TTCB
sAYDVR0jBIGoMIGlgBSeE+uXNTWIGa20gnUb0vYBkqv9TaGBgaR/MH0xHTAbBgNV
BAMTFGNlcnRpZmljYXRlQXV0aG9yaXR5MQswCQYDVQQGEwJDTzELMAkGA1UECBMC
U1QxCjAIBgNVBAcTAUwxCjAIBgNVBAoTAU8xCzAJBgNVBAsTAk9VMR0wGwYDVQQu
ExRjZXJ0aWZpY2F0ZUF1dGhvcml0eYIJAJ4+dstWx0FQMA0GCSqGSIb3DQEBBQUA
A4IBAQAgAsoOOj1ZY6rzx/34QtOyFpUFZ4kE1YOrtHjX5WBS6NCDdci/dZI3c2do
zCmfW8XZ53/e+Nkph8lkgdQjvLdP
-----END CERTIFICATE-----
</ca>

You should now be able to use this new embedded ovpn file on a computer to test it is working correctly.

Once you have a working ovpn file you will need an OpenVPN client installed on your iOS device.

We have tested the following Official OpenVPN client:

https://itunes.apple.com/gb/app/openvpn-connect/id590379981?mt=8

Email the embedded ovpn file to the device and open the attachement. Next select 'Copy to OpenVPN' under the OpenVPN logo. This will open the OpenVPN client with the imported config on the iOS device and allow you to connect.

Once connected via OpenVPN your iOS device has access to the network. At this point you can use various File Explorer or RDS apps to access resources.

Was this article helpful? 0 out of 0 found this helpful
Have more questions? Submit a request
Powered by Zendesk