OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Merge .p12 .tls and .ovpn into 1 file on iOS

https://forums.openvpn.net/viewtopic.php?t=30395

Page 1 of 1

Merge .p12 .tls and .ovpn into 1 file on iOS

Posted: Sun May 31, 2020 1:42 pm
by Emetah
Hello,
I need help to setup my vpn on my iOS device.
I have three files (.p12 .tls .ovpn)
On w10 I enter with an user and psw.
How can I merge all these three files into one to install it on my device?
Please help me step by step is very important. Thank you.

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Posted: Sun May 31, 2020 3:29 pm
by TinCanTech
https://community.openvpn.net/openvpn/wiki/IOSinline

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Posted: Sun May 31, 2020 3:57 pm
by Emetah
Thx but not helped me because I don't know where to set my .p12 is it a cert or a ca?what's the difference? I don't have both and where I insert usr and psw?

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Posted: Tue Jun 02, 2020 4:40 pm
by Emetah
OVPN
Client config

dev tun
persist-tun
persist-key
cipher AES-128-CBC
ncp-ciphers AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote XX.XXX.XXXX.XXX udp
verify-x509-name "YYYYY" name
auth-user-pass
pkcs12 pfSense-XXXXX-UDP4-1196-XXXXX.p12
tls-auth pfSense-XXXXX-UDP4-1196-XXXXX-tls.key 1
remote-cert-tls server
compress

TLS

#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
9f6c8f7409558aa9f851a166cf7abb93
b6d1e9424afcd7f818ef98aea1ecf78d
........
-----END OpenVPN Static key V1-----


p12

*a lot of numbers*
[oconf]


Someone can help me to set all these settings into one .ovpn file please?? I want to install it on my iOS device, thanks

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Posted: Tue Jun 02, 2020 5:00 pm
by mdibella
The format of the file is fully described in the URL above.

You need to create a similar file with the specific data from your implementation.

The top part of the file is the contents of your .ovpn...

Code: Select all

client
dev tun
proto udp
remote vpn.server.hostname 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
verb 3
key-direction 1

Code: Select all

<ca>
-----BEGIN CERTIFICATE-----
this part of the data is the Base64 encoded server authentication certificate's ROOT certificate
-----END CERTIFICATE-----
</ca>

Code: Select all

<cert>
-----BEGIN CERTIFICATE-----
this part of the data is the Base64 encoded client authentication certificate
-----END CERTIFICATE-----
</cert>

Code: Select all

<key>
-----BEGIN RSA PRIVATE KEY-----
this part of the data is the Base64 encoded client authentication certificate's KEY
-----END RSA PRIVATE KEY-----
</key>

Code: Select all

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
this part of the data is the Base64 encoded data from the .tls file
-----END OpenVPN Static key V1-----
</tls-auth>
to convert your .p12/.pfx file into usable text, you'll need to use openssl.exe:

Code: Select all

openssl.exe pkcs12 -in certificate.pfx -out cert-data.txt -nodes

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Posted: Tue Jun 02, 2020 6:02 pm
by Emetah
Client config

dev tun
persist-tun
persist-key
cipher AES-128-CBC
ncp-ciphers AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote 62.77.63.228 1196 udp
auth-user-pass
remote-cert-tls server
compress
key-direction 1

Bag Attributes
localKeyID: 17 2D 54 8E ...
subject=...
issuer=...
<ca>
-----BEGIN CERTIFICATE-----
MIIEXjCCA0agAwIBAgICANwwDQYJKoZIhvcNAQELBQAwXjEUMBIGA1UEAxMLaW50
...
-----END CERTIFICATE-----
</ca>
Bag Attributes: <No Attributes>
subject=...
issuer=...
<cert>
-----BEGIN CERTIFICATE-----
MIID/jCCAuagAwIBAgIBADANBgkqhkiG9w0BAQsFADBeMRQwEgYDVQQDEwtpbnRl
...
-----END CERTIFICATE-----
</cert>
Bag Attributes
localKeyID: 17 2D 54 8E ...
Key Attributes: <No Attributes>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1m58LyVrGGdPrHOAvojigTucmcNvDW1+R7PEk5Gw1yutJQiU
...
-----END RSA PRIVATE KEY-----
</key>

#
# 2048 bit OpenVPN static key
#
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
9f6c8f7409558aa9f851a166cf7abb93
...
-----END OpenVPN Static key V1-----
</tls-auth>
[oconf]

I setted It in this way and I get Error message: mbed TLS TLS: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed.

I extracted all key and cert with openssl ...can you help me to set it ? I think I'm near to the solution.

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Posted: Tue Jun 02, 2020 6:13 pm
by mdibella
Remove the Bag Attributes sections from the CA, cert, and key. You only what the BEGIN to END lines.

Also make sure when you export the PKCS12 to PEM format what you don't enter a key encrypt password. Only enter the decrypt password.

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Posted: Tue Jun 02, 2020 8:06 pm
by TinCanTech
@ mdibella - Thanks for writing this up.

@ Moderation, perhaps this thread could be a sticky ?
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/