our server needs 2 passwords, one for the user account, one for the embedded server certificate.
client.ovpn
client
dev tun
remote server 1194
proto udp
resolv-retry infinite
auth-retry none
auth-user-pass
nobind
persist-key
persist-tun
ecdh-curve secp521r1
auth SHA512
cipher AES-256-GCM
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
remote-cert-tls server
mute-replay-warnings
explicit-exit-notify 1
verb 3
mute 20
reneg-sec 0
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>
<key>
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-----END EC PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
After importing the configuration via safari (and copy it to ovpn), use app will ask for a user and password. After that the connection throws an error like
Code: Select all
mbed TLS: error parsing config private key : PK - Given private key password does not allow for correct decryption [ERR]