single client - single server using only a static key

[johnmcgrath]

I've created a simple single client/ single server using only a static.key.

The server is a Raspberry Pi configured with simple server.conf:

dev tun
ifconfig 10.0.1.5 10.0.1.25
secret static.key
cipher AES-256-CBC
keepalive 10 120

On my macbook, using TunnelBlick with client.conf:
remote vpnxyz.net
dev tun
ifconfig 10.0.1.25 10.0.1.5
secret static.key
cipher AES-256-CBC
route 10.0.1.0 255.255.255.0

It works. I can connect to my vpn server from anywhere using my MacBook. I'm trying to keep a simple vpn server/client setup with as low overhead has possible so as not to overload the little Pi....

On my iPad, I've installed the OpenVPN app and created a .ovpn as follows:

remote vpnxyz.net
dev tun
ifconfig 10.0.1.25 10.0.1.5
cipher AES-256-CBC
route 10.0.1.0 255.255.255.0
key-direction 1
<ca>
</ca>
<cert>
</cert>
<key>
-----BEGIN OpenVPN Static key V1-----
b31b550dcda594a408659ba85c80ed92
d6face184564490aac8c4ad965a88d2c
5ff45b9ffd9848342a82315c24b34d4d
464271bd515d9a55eaf72845860c2733
f1d318f9b276de993b18e4daebb719d6
7d3f4e0e2843fdfdfdfd8b69f763030c
7cd682df8daa67dc984d24a9f44d56a7
a7a656ae67c537123033f77f0dc89fb2
-----END OpenVPN Static key V1-----
</key>

but when I try to connect I get the following error:

OpenVPN error: PolarSSL:error parsing ca certificate:X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected.

I'm not using a ca.crt or ta.key or client.crt configuration. Just a simple static key. I'm okay with the potential liabilities of a simple solution like this.

Can anybody give me an idea what I've done wrong with my IOS .ovpn configuration file?

Any help would be greatly appreciated.

Thanks,

John

[Traffic]

Try amending like so:

server:

Code: Select all

ifconfig 10.0.1.1 10.0.1.2
route 10.0.1.0 255.255.255.0

client:

Code: Select all

remote vpnxyz.net
ifconfig 10.0.1.6 10.0.1.5
### key-direction 1 ### Remove this

See this:
static-key-mini-howto

And check your log files.