Merge .p12 .tls and .ovpn into 1 file on iOS

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Locked
Emetah
OpenVpn Newbie
Posts: 9
Joined: Sun May 31, 2020 1:35 pm

Merge .p12 .tls and .ovpn into 1 file on iOS

Post by Emetah » Sun May 31, 2020 1:42 pm

Hello,
I need help to setup my vpn on my iOS device.
I have three files (.p12 .tls .ovpn)
On w10 I enter with an user and psw.
How can I merge all these three files into one to install it on my device?
Please help me step by step is very important. Thank you.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Post by TinCanTech » Sun May 31, 2020 3:29 pm


Emetah
OpenVpn Newbie
Posts: 9
Joined: Sun May 31, 2020 1:35 pm

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Post by Emetah » Sun May 31, 2020 3:57 pm

Thx but not helped me because I don't know where to set my .p12 is it a cert or a ca?what's the difference? I don't have both and where I insert usr and psw?

Emetah
OpenVpn Newbie
Posts: 9
Joined: Sun May 31, 2020 1:35 pm

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Post by Emetah » Tue Jun 02, 2020 4:40 pm

OVPN
Client config

dev tun
persist-tun
persist-key
cipher AES-128-CBC
ncp-ciphers AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote XX.XXX.XXXX.XXX udp
verify-x509-name "YYYYY" name
auth-user-pass
pkcs12 pfSense-XXXXX-UDP4-1196-XXXXX.p12
tls-auth pfSense-XXXXX-UDP4-1196-XXXXX-tls.key 1
remote-cert-tls server
compress

TLS

#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
9f6c8f7409558aa9f851a166cf7abb93
b6d1e9424afcd7f818ef98aea1ecf78d
........
-----END OpenVPN Static key V1-----


p12

*a lot of numbers*
[oconf]


Someone can help me to set all these settings into one .ovpn file please?? I want to install it on my iOS device, thanks
Last edited by Pippin on Tue Jun 02, 2020 5:54 pm, edited 1 time in total.
Reason: Formatting

mdibella
OpenVPN Power User
Posts: 51
Joined: Thu Dec 13, 2018 11:15 pm

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Post by mdibella » Tue Jun 02, 2020 5:00 pm

The format of the file is fully described in the URL above.

You need to create a similar file with the specific data from your implementation.

The top part of the file is the contents of your .ovpn...

Code: Select all

client
dev tun
proto udp
remote vpn.server.hostname 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
verb 3
key-direction 1

Code: Select all

<ca>
-----BEGIN CERTIFICATE-----
this part of the data is the Base64 encoded server authentication certificate's ROOT certificate
-----END CERTIFICATE-----
</ca>

Code: Select all

<cert>
-----BEGIN CERTIFICATE-----
this part of the data is the Base64 encoded client authentication certificate
-----END CERTIFICATE-----
</cert>

Code: Select all

<key>
-----BEGIN RSA PRIVATE KEY-----
this part of the data is the Base64 encoded client authentication certificate's KEY
-----END RSA PRIVATE KEY-----
</key>

Code: Select all

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
this part of the data is the Base64 encoded data from the .tls file
-----END OpenVPN Static key V1-----
</tls-auth>
to convert your .p12/.pfx file into usable text, you'll need to use openssl.exe:

Code: Select all

openssl.exe pkcs12 -in certificate.pfx -out cert-data.txt -nodes

Emetah
OpenVpn Newbie
Posts: 9
Joined: Sun May 31, 2020 1:35 pm

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Post by Emetah » Tue Jun 02, 2020 6:02 pm

Client config

dev tun
persist-tun
persist-key
cipher AES-128-CBC
ncp-ciphers AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote 62.77.63.228 1196 udp
auth-user-pass
remote-cert-tls server
compress
key-direction 1

Bag Attributes
localKeyID: 17 2D 54 8E ...
subject=...
issuer=...
<ca>
-----BEGIN CERTIFICATE-----
MIIEXjCCA0agAwIBAgICANwwDQYJKoZIhvcNAQELBQAwXjEUMBIGA1UEAxMLaW50
...
-----END CERTIFICATE-----
</ca>
Bag Attributes: <No Attributes>
subject=...
issuer=...
<cert>
-----BEGIN CERTIFICATE-----
MIID/jCCAuagAwIBAgIBADANBgkqhkiG9w0BAQsFADBeMRQwEgYDVQQDEwtpbnRl
...
-----END CERTIFICATE-----
</cert>
Bag Attributes
localKeyID: 17 2D 54 8E ...
Key Attributes: <No Attributes>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1m58LyVrGGdPrHOAvojigTucmcNvDW1+R7PEk5Gw1yutJQiU
...
-----END RSA PRIVATE KEY-----
</key>

#
# 2048 bit OpenVPN static key
#
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
9f6c8f7409558aa9f851a166cf7abb93
...
-----END OpenVPN Static key V1-----
</tls-auth>
[oconf]

I setted It in this way and I get Error message: mbed TLS TLS: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed.

I extracted all key and cert with openssl ...can you help me to set it ? I think I'm near to the solution.
Last edited by Pippin on Tue Jun 02, 2020 6:09 pm, edited 1 time in total.
Reason: Formatting

mdibella
OpenVPN Power User
Posts: 51
Joined: Thu Dec 13, 2018 11:15 pm

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Post by mdibella » Tue Jun 02, 2020 6:13 pm

Remove the Bag Attributes sections from the CA, cert, and key. You only what the BEGIN to END lines.

Also make sure when you export the PKCS12 to PEM format what you don't enter a key encrypt password. Only enter the decrypt password.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Merge .p12 .tls and .ovpn into 1 file on iOS

Post by TinCanTech » Tue Jun 02, 2020 8:06 pm

@ mdibella - Thanks for writing this up.

@ Moderation, perhaps this thread could be a sticky ?

Locked