can't get riseup VPN to work on iphone (can't locate .pem)

[sketchyproposal]

hi there,
i'm trying to get the Riseup VPN to work using Openvpn Connect on an iphone 4.

I've tried to add separate .ovpn and .pem files, but Openvpn Connect can never seem to find the .pem file. It asks for a certificate, and i can't figure out why it isn't finding it. I add the two files simultaneously, but only one ever shows up.

for this scenario, I've set up my ovpn file as follows (i.e. exactly as I would on my macbook):

client
dev tun
auth-user-pass
remote nyc.vpn.riseup.net 443
remote-cert-tls server
ca RiseupCA.pem

I've also tried to combine the two files, as indicated in the help files that come with the Ovpn Connect app. This involves pasting my cert files into the ovpn file. The instructions on exactly what to modify in the ovpn files when one does this are not terribly explicit (or i read them wrong or missed something, which is def possible), so i kind of guessed and did this:

client
dev tun
auth-user-pass
remote seattle.vpn.riseup.net 443
<ca>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</cert>

in neither case does it find a cert file.
what am I doing wrong?

[hidden]

If you get an answer to this I sure would like to be copied. I am having the same issue on my Ipad.

[IrateBeagle]

To answer the question, Riseup doesn't use a client certificate so you need to add

Code: Select all

setenv CLIENT_CERT 0

into the ovpn file and either declare the CA

Code: Select all

ca RiseupCA.pem

and sync the separate pem file through itunes or embed the ca directly into the ovpn file via the <ca></ca>.

However PolarSSL throws a fit when you attempt to connect and says it can't parse the certificate. I emailed the pem file to the developers to see about getting it fixed.

[lucidme]

I am having similar issues,

I was able to import the RiseupCA.pem cert into a Profile that was successfully installed on iOS 7.

However, when I attempt to add my OVPN file (tried iTunes and Mail), I was getting the missing RiseupCA.pem file error. So I followed other instructions on the forum and pasted the txt into the ovpn file.

Like so:

client
dev tun
auth-user-pass auth.txt
remote seatle.vpn.riseup.net 443
ca RiseupCA.pem
setenv CLIENT_CERT 0
<ca>
-----BEGIN CERTIFICATE-----

***As a side note tried w/ and w/out ['s on both ends of ca code here, got same error.

-----END CERTIFICATE-----
</ca>

Now the error I get each time is - "Error loading profile: riseup.ovpn - option_error: option <ca> was not properly closed out". I fear I am missing something very obvious here? Any help would be greatly appreciated! Thanks!

also attempted installing VPN directly thru settings, but nothing seemed to work there. I suspect it needs the OpenVPN app to work....so back to this again.

[lucidity]

Updated since my last post...
I continued to get the same error, "Error loading profile: riseup.ovpn - option_error: option <ca> was not properly closed out". whenever I attempted to import my .ovpn file using iTunes.

I removed <ca> and </ca>

And used this config .opvn file (mostly from my Windows computer's config file which works perfectly):

Code: Select all

client
dev tun
tun-mtu 1500
auth-user-pass auth.txt
remote nyc.vpn.riseup.net
resolv-retry infinite
ca RiseupCA.pem
redirect-gateway
verb 9
push "redirect-gateway local def1"
setenv CLIENT_CERT 0

-----BEGIN CERTIFICATE-----
*omitted*
-----END CERTIFICATE-----

So now, it accepts my .pem doc and my new .opvn config doc (above). Victory! I thought...

Then when I go to connect, it forces me to choose either "Tester Cert" OR "Tester Cert". Though my imported .ovpn file shows "External certificate profile" and the Certificate badge, which should be sufficient you'd think.

I enter my credentials. Turn the VPN to ON. Next it shows "connecting" for a couple minutes. And suddenly switches to "disconnecting". No errors. Nothing. In the end it just shows "disconnected" with an OFF switch.

I know my credentials are correct. I am completely at a loss here. It took me forever for it to even accept the .ovpn and .pem files.

Any suggestions? I'd really really appreciate any ideas or suggestions, anything. Thanks again!

[rampantparanoia]

the following config worked for me, using ios 7.0.4 and openVPN connect

Code: Select all

client
dev tun
proto udp
auth-user-pass
remote seattle.vpn.riseup.net 1194
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
setenv CLIENT_CERT 0
<ca>
-----BEGIN CERTIFICATE-----
blahblahblah (replace this with the contents of RiseupCA.pem)
-----END CERTIFICATE-----
</ca>