cert/key values not configured?

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
markymarrow
OpenVpn Newbie
Posts: 8
Joined: Sun Dec 15, 2013 8:43 am

cert/key values not configured?

Post by markymarrow » Wed Feb 21, 2018 5:03 pm

Latest update seems to have broken my mobileconfig for VoD
tapping connect gets straight back to dicsonnected, console log shows:

OpenVPN VoD config error: Neither CertificatePayload nor cert/key values configured

Can use same connection from within the app fine & this config was working happily with previous version

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>IPv4</key>
			<dict>
				<key>OverridePrimary</key>
				<integer>0</integer>
			</dict>
			<key>PayloadDescription</key>
			<string>Configures VPN settings</string>
			<key>PayloadDisplayName</key>
			<string>VPN</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.vpn.managed.xxxxx</string>
			<key>PayloadType</key>
			<string>com.apple.vpn.managed</string>
			<key>PayloadUUID</key>
			<string>xxxxx</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Proxies</key>
			<dict>
				<key>HTTPEnable</key>
				<integer>0</integer>
				<key>HTTPSEnable</key>
				<integer>0</integer>
			</dict>
			<key>UserDefinedName</key>
			<string>OpenVPN xxx</string>
			<key>VPN</key>
			<dict>
				<key>AuthenticationMethod</key>
				<string>Certificate</string>
				<key>DisconnectOnIdle</key>
				<integer>0</integer>
				<key>OnDemandEnabled</key>
				<integer>1</integer>
				<key>OnDemandMatchDomainsAlways</key>
				<array>
					<string>xxx</string>
				</array>
				<key>OnDemandMatchDomainsOnRetry</key>
				<array>
					<string>.xxxxx</string>
					<string>xxxxxx</string>
				</array>
				<key>RemoteAddress</key>
				<string>xxxxxx.xxxxxx.com</string>
			</dict>
			<key>VPNSubType</key>
			<string>net.openvpn.connect.app</string>
			<key>VPNType</key>
			<string>VPN</string>
			<key>VendorConfig</key>
			<dict>
				<key>auth</key>
				<string>SHA512</string>
				<key>ca</key>
				<string>-----BEGIN CERTIFICATE-----\nMIIh\n-----END CERTIFICATE-----</string>
				<key>cert</key>
				<string>-----BEGIN CERTIFICATE-----\nMIIXI=\n-----END CERTIFICATE-----</string>
				<key>cipher</key>
				<string>AES-256-CBC</string>
				<key>key</key>
				<string>-----BEGIN PRIVATE KEY-----\nMIIg==\n-----END PRIVATE KEY-----</string>
				<key>key-direction</key>
				<string>1</string>
				<key>remote.1</key>
				<string>xxxxx.xxxxxx.com 1194 tcp</string>
				<key>tls-auth</key>
				<string>-----BEGIN OpenVPN Static key V1-----\n117\n-----END OpenVPN Static key V1-----</string>
				<key>vpn-on-demand</key>
				<string>0</string>
			</dict>
		</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>xxxxxxxxx</string>
	<key>PayloadIdentifier</key>
	<string>xxxxxxxxxxxxxx</string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>xxxxxxxxxxxxxx</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: cert/key values not configured?

Post by ordex » Wed Feb 21, 2018 5:06 pm

Same problem has been reported by another user, but I believe that AuthenticationMethod should really be "password" if no CertificatePayload has been provided. Alternatively, you can attach a p12/CertificatePayload to your mobileconfig, like it used to work before 1.2.x.

markymarrow
OpenVpn Newbie
Posts: 8
Joined: Sun Dec 15, 2013 8:43 am

Re: cert/key values not configured?

Post by markymarrow » Thu Feb 22, 2018 8:46 am

Cheers, changing to password didn't help but adding the certificate payload does indeed work again.

Post Reply