VPN On Demand - 1.2.6
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Jan 18, 2018 1:25 pm
Re: VPN On Demand - 1.2.6
The profile installs but the connection just doesn't happen
Everything just stays at connecting ....
Any help on this would be much appreciated, under a lot of pressure to find a solution. Nothing working at present with all the changes I've made.
Everything just stays at connecting ....
Any help on this would be much appreciated, under a lot of pressure to find a solution. Nothing working at present with all the changes I've made.
-
- OpenVpn Newbie
- Posts: 18
- Joined: Thu Apr 04, 2013 8:24 am
Re: VPN On Demand - 1.2.6
This doesn’t look right from the logs:
Are you sure the previous profile has been removed from the device?
Code: Select all
Failed to find VPN plugin bundle container with ID net.openvpn.OpenVPN-Connect.vpnplugin
-
- OpenVPN User
- Posts: 20
- Joined: Mon Jun 30, 2014 11:04 pm
Re: VPN On Demand - 1.2.6
Is this thread related to this question I posted? Can I tweak the .mobileconfig to make it work?
viewtopic.php?f=36&t=25657
https://community.openvpn.net/openvpn/ticket/988
viewtopic.php?f=36&t=25657
https://community.openvpn.net/openvpn/ticket/988
-
- OpenVpn Newbie
- Posts: 18
- Joined: Thu Apr 04, 2013 8:24 am
Re: VPN On Demand - 1.2.6
Looks like it. You might want to inline your cert and key, in addition to the .p12 payload and see if it works for you?iPhrankie wrote:Is this thread related to this question I posted? Can I tweak the .mobileconfig to make it work?
viewtopic.php?f=36&t=25657
https://community.openvpn.net/openvpn/ticket/988
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Jan 18, 2018 1:25 pm
Re: VPN On Demand - 1.2.6
Definitely mate, that log entry confused me also as im using the new one now.iphoting wrote: ↑Thu Jan 18, 2018 9:53 pmThis doesn’t look right from the logs:
Are you sure the previous profile has been removed from the device?Code: Select all
Failed to find VPN plugin bundle container with ID net.openvpn.OpenVPN-Connect.vpnplugin
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Jan 18, 2018 1:25 pm
Re: VPN On Demand - 1.2.6
Managed to get back up and running using a custom ovpn file, not ideal but should keep everyone up and running until this fix gets done by OpenVPN.
Thanks for all your help on this guys!
Thanks for all your help on this guys!
-
- OpenVPN User
- Posts: 20
- Joined: Mon Jun 30, 2014 11:04 pm
Re: VPN On Demand - 1.2.6
What are the security implications of putting everything inline?
With the P12 method the key and cert were protected by a password. There is a password prompt at the time of importing the profile into the iPhone.
With this new method if the .mobileconfig escapes in transit then everything is compromised by having everything inline.
With the P12 method the key and cert were protected by a password. There is a password prompt at the time of importing the profile into the iPhone.
With this new method if the .mobileconfig escapes in transit then everything is compromised by having everything inline.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jan 23, 2018 6:57 pm
Re: VPN On Demand - 1.2.6
Hi all...so I stumbled onto this thread trying to make an .mobileconfig file for my home OpenVPN server that is built into my Netgear 7000P router. I'm having similar issues with the iOS client and no log information. When the ca.crt, client.crt, client3.key and *.opvpn file are copied over to an ios device and the openvpn connect app the vpn works just fine. I'm also an amateur at .mobileconfig. I've been building it in Apple Configurator 2. I have the two .crt files being imported as certificates, key file as a key/value pair as well as the information in the .opvpn as key/value pairs. without any log data i can't tell what is and isn't working.
my purpose is to create an always on vpn connection anytime my son's iphone is not on our home wifi. so i've figured out the conditional parts of the .mobileconfig to handle that but i feel i need to do something more to the .mobileconfig file that the AC2 program doesn't provided for.
Since im brand new, did i read in other parts of this thread that i will have to include the ca and client as key/value pairs and using \n to keep it all on one line (ugh, was trying to avoid that). So my main question for this thread am i running into a client side bug on the iOS app?
Thanks, trifster
my purpose is to create an always on vpn connection anytime my son's iphone is not on our home wifi. so i've figured out the conditional parts of the .mobileconfig to handle that but i feel i need to do something more to the .mobileconfig file that the AC2 program doesn't provided for.
Since im brand new, did i read in other parts of this thread that i will have to include the ca and client as key/value pairs and using \n to keep it all on one line (ugh, was trying to avoid that). So my main question for this thread am i running into a client side bug on the iOS app?
Thanks, trifster
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Jan 11, 2018 7:44 pm
Re: VPN On Demand - 1.2.6
Be careful, I Believe Netgear uses MD5 to sign as opposed to SHA. They're trying to update this now...trifster wrote: ↑Tue Jan 23, 2018 7:51 pmHi all...so I stumbled onto this thread trying to make an .mobileconfig file for my home OpenVPN server that is built into my Netgear 7000P router. I'm having similar issues with the iOS client and no log information. When the ca.crt, client.crt, client3.key and *.opvpn file are copied over to an ios device and the openvpn connect app the vpn works just fine. I'm also an amateur at .mobileconfig. I've been building it in Apple Configurator 2. I have the two .crt files being imported as certificates, key file as a key/value pair as well as the information in the .opvpn as key/value pairs. without any log data i can't tell what is and isn't working.
my purpose is to create an always on vpn connection anytime my son's iphone is not on our home wifi. so i've figured out the conditional parts of the .mobileconfig to handle that but i feel i need to do something more to the .mobileconfig file that the AC2 program doesn't provided for.
Since im brand new, did i read in other parts of this thread that i will have to include the ca and client as key/value pairs and using \n to keep it all on one line (ugh, was trying to avoid that). So my main question for this thread am i running into a client side bug on the iOS app?
Thanks, trifster
-
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jan 23, 2018 6:57 pm
Re: VPN On Demand - 1.2.6
Thanks. I'm less worried about privacy and more looking to keep kids cellular through my parental-controls enabled home network. With respect to MD5 vs SHA (im fully aware MD5 is compromised) does it change anything i have to specify in my .mobileconfig file?jason.salameh wrote: ↑Tue Jan 23, 2018 10:24 pmBe careful, I Believe Netgear uses MD5 to sign as opposed to SHA. They're trying to update this now...trifster wrote: ↑Tue Jan 23, 2018 7:51 pmHi all...so I stumbled onto this thread trying to make an .mobileconfig file for my home OpenVPN server that is built into my Netgear 7000P router. I'm having similar issues with the iOS client and no log information. When the ca.crt, client.crt, client3.key and *.opvpn file are copied over to an ios device and the openvpn connect app the vpn works just fine. I'm also an amateur at .mobileconfig. I've been building it in Apple Configurator 2. I have the two .crt files being imported as certificates, key file as a key/value pair as well as the information in the .opvpn as key/value pairs. without any log data i can't tell what is and isn't working.
my purpose is to create an always on vpn connection anytime my son's iphone is not on our home wifi. so i've figured out the conditional parts of the .mobileconfig to handle that but i feel i need to do something more to the .mobileconfig file that the AC2 program doesn't provided for.
Since im brand new, did i read in other parts of this thread that i will have to include the ca and client as key/value pairs and using \n to keep it all on one line (ugh, was trying to avoid that). So my main question for this thread am i running into a client side bug on the iOS app?
Thanks, trifster
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Sep 17, 2015 8:14 am
Re: VPN On Demand - 1.2.6
Is there a time schedule for fixing this issue? I have the same problem here with my mobileconfig.CHRISLINDSAY wrote: ↑Fri Jan 19, 2018 10:55 amManaged to get back up and running using a custom ovpn file, not ideal but should keep everyone up and running until this fix gets done by OpenVPN.
-
- OpenVPN User
- Posts: 20
- Joined: Mon Jun 30, 2014 11:04 pm
Re: VPN On Demand - 1.2.6
Yes, any ETA would be welcome. Our organization is offline. We are approaching 3 weeks with being offline.
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: VPN On Demand - 1.2.6
The next release should be out soon (Apple has been quite slow on this round). Re-enabling .p12 payloads should go in the release right after.
However, in the meantime, doesn't embedding key/cert in the .mobileconfig work for you? Or if you need to use a .p12, why not uploading a separate profile (non mobileconfig) and ovpn12 file?
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Sep 17, 2015 8:14 am
Re: VPN On Demand - 1.2.6
No, my mobileconfigs donot work any more - we have approx 600 devices running with 140 OpenVpn Servers.
Our procedure in the past was.
1. sending an cert-File and
2. using an integrated complete mobileconfig
I must admit, I was not responsible for the VPN stuff in the past, but unfortunately now I am.
As far as I know, this mobileconfig was somehow generated with an Mac/iTunes and only the relevant parts are changed during config process. This has been working til version 1.2.5
I made an experienent with changing
Code: Select all
<key>VPNSubType</key>
<string>net.openvpn.OpenVPN-Connect.vpnplugin</string>
Code: Select all
<key>VPNSubType</key>
<string>net.openvpn.connect.app</string>
I also did seperate uploading a p12 file, a ovpn12 file and a cert file, but this didnot connect properly, either. At least I saw there, that the client tried to connect to the servers, whereas in the other case (mobileconfig), nothing can be seen in the log (as reported other users before).
I hope there is a chance to avoid updating the 140 Severs (who provide the configs via webserver) and the 600 Clients.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jan 23, 2018 6:57 pm
Re: VPN On Demand - 1.2.6
Micky, Spend the time to get ovpnmcgen.rb working and use it to generate the .mobileconfig. its handling of sucking in the certs/keys got me working. be sure to install with the --pre option (gem install ovpnmcgen.rb --pre). https://github.com/iphoting/ovpnmcgen.rbMicky42 wrote: ↑Fri Jan 26, 2018 12:00 pmNo, my mobileconfigs donot work any more - we have approx 600 devices running with 140 OpenVpn Servers.
Our procedure in the past was.
1. sending an cert-File and
2. using an integrated complete mobileconfig
I must admit, I was not responsible for the VPN stuff in the past, but unfortunately now I am.
As far as I know, this mobileconfig was somehow generated with an Mac/iTunes and only the relevant parts are changed during config process. This has been working til version 1.2.5
I made an experienent with changingto tCode: Select all
<key>VPNSubType</key> <string>net.openvpn.OpenVPN-Connect.vpnplugin</string>
as I read somewhere here, but this didnot make any difference.Code: Select all
<key>VPNSubType</key> <string>net.openvpn.connect.app</string>
I also did seperate uploading a p12 file, a ovpn12 file and a cert file, but this didnot connect properly, either. At least I saw there, that the client tried to connect to the servers, whereas in the other case (mobileconfig), nothing can be seen in the log (as reported other users before).
I hope there is a chance to avoid updating the 140 Severs (who provide the configs via webserver) and the 600 Clients.
Trifster
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Sep 17, 2015 8:14 am
Re: VPN On Demand - 1.2.6
Hi Trifster,
thanks for the hint. I tried - just for a test - to install this (it did) but I have no idea of howto start this ruby-Script after installing on my Linux machine. I have no ruby expierience at all...
thanks for the hint. I tried - just for a test - to install this (it did) but I have no idea of howto start this ruby-Script after installing on my Linux machine. I have no ruby expierience at all...
-
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jan 23, 2018 6:57 pm
Re: VPN On Demand - 1.2.6
Same here, never used ruby before ever. i just typed ovpnmcgen.rb followed by the arguments and it worked. This is on macOS High Sierra. Here's the command i used:
ovpnmcgen.rb generate --v12compat --host dynamic_hostename.ddns.net --port 12973 --proto udp --cafile ca.crt --cert client.crt --key client.key --vod --trusted-ssids TrifNet5,TrifNet2.4 --security-level medium --url-probe https://www.apple.com/ --ovpnconfigfile client3.ovpn --output TrifHome2.mobileconfig trifster iphone
One note, i ran this from a folder where all the files were located together so i didn't have to specify paths above.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Sep 17, 2015 8:14 am
Re: VPN On Demand - 1.2.6
Ok. I will try to install it on a windows machine.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Sep 17, 2015 8:14 am
Re: VPN On Demand - 1.2.6
Under windows I could install and execute the ruby file. The config file seems (at a first sight) to be same as my old but the p12 was there integrated in the config. I didnot test the new one, but is the p12 Certifcate in the config the problem?
-
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jan 23, 2018 6:57 pm
Re: VPN On Demand - 1.2.6
From what i've been reading in this thread is that the fix for 1.2.x client issues is that it needs to be in the .mobileconfig file. I don't have a p12 file in my usage so you may need to see if there is a different way to handle that.