Page 1 of 1
How to use Openvpn Connect?
Posted: Wed Jan 23, 2013 10:22 am
by frriction
Code: Select all
# TsunamiVPN Client Config
tls-client
client
dev tun
proto udp
remote 173.245.95.76 53
#ca tsunami.crt
route-method exe
route-delay 2
resolv-retry infinite
nobind
float
persist-key
persist-tun
comp-lzo
reneg-sec 0
verb 3
mute 3
#win-sys env
script-security 2
explicit-exit-notify 2
auth-user-pass #account.txt
<snip>
fired up the itune, in the app section added added the ovpn file in "openvpn connect" app
now I can see this screen
added my user and password, but there is no option to connect
Re: How to use Openvpn Connect?
Posted: Wed Jan 23, 2013 11:24 am
by frriction
Some more info.
When I press "Select a cerificate (required)"
I see this
which certificated it is asking for and how to get one?
certificate is already in my ovpn file isn't it?
above config works perfectly well in CYDIA APP GUIZMOVPN and lot easier to setup.
Re: How to use Openvpn Connect?
Posted: Thu Jan 24, 2013 1:37 am
by jamesyonan
The problem is that 1.0.0 doesn't support client profiles that don't have a client certificate. This has already been fixed in the upcoming 1.0.1 release where you can add this to your profile to disable client certificate usage:
This is necessary to resolve an ambiguity when the profile contains no client certificate or key, because otherwise the client app can't know whether an external certificate/key pair should be obtained from the Keychain, or whether the server actually doesn't require a client certificate/key. The option is given as a "setenv" to avoid breaking other OpenVPN clients that might not recognize it.
As a workaround before 1.0.1 is available, you can simply include a randomly generated certificate/key pair. The client will send it to the server, but the server will ignore it if it doesn't require a client certificate.
James
Re: How to use Openvpn Connect?
Posted: Thu Jan 24, 2013 5:01 pm
by frriction
By adding some random key and certificate, config added successfully.
But I am not able to connect using the config, it gives connection time out.
I have tested same config on android and got same error but today evening play store has pushed update and same config worked without changes.
I think ios required update too so the same config work under ios as well.
Re: How to use Openvpn Connect?
Posted: Fri Jan 25, 2013 12:10 pm
by frriction
Code: Select all
2013-01-25 17:36:10 ----- OpenVPN Start -----
2013-01-25 17:36:10 LZO-ASYM init swap=0 asym=0
2013-01-25 17:36:10 EVENT: RESOLVE
2013-01-25 17:36:10 EVENT: WAIT
2013-01-25 17:36:10 Connecting to 173.245.95.76:9201 (173.245.95.76) via UDPv4
2013-01-25 17:36:11 EVENT: CONNECTING
2013-01-25 17:36:11 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2013-01-25 17:36:11 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1
2013-01-25 17:36:13 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=PH, ST=Manila, L=Manila, O=TsunamiVPN, CN=TsunamiVPN, emailAddress=contact@tsunamivpn.com
subject name : C=PH, ST=Manila, L=Manila, O=TsunamiVPN, CN=tsunami, emailAddress=contact@tsunamivpn.com
issued on : 2011-03-17 14:06:22
expires on : 2021-03-14 14:06:22
signed using : RSA+SHA1
RSA key size : 1024 bits
2013-01-25 17:36:13 VERIFY OK: depth=1
cert. version : 3
serial number : CB:15:27:CA:FF:EC:B8:7E
issuer name : C=PH, ST=Manila, L=Manila, O=TsunamiVPN, CN=TsunamiVPN, emailAddress=contact@tsunamivpn.com
subject name : C=PH, ST=Manila, L=Manila, O=TsunamiVPN, CN=TsunamiVPN, emailAddress=contact@tsunamivpn.com
issued on : 2011-03-17 14:06:01
expires on : 2021-03-14 14:06:01
signed using : RSA+SHA1
RSA key size : 1024 bits
2013-01-25 17:36:40 EVENT: CONNECTION_TIMEOUT [ERR]
2013-01-25 17:36:40 EVENT: DISCONNECTED
2013-01-25 17:36:40 Raw stats on disconnect:
BYTES_IN : 2805
BYTES_OUT : 5607
PACKETS_IN : 27
PACKETS_OUT : 40
CONNECTION_TIMEOUT : 1
2013-01-25 17:36:40 Performance stats on disconnect:
CPU usage (microseconds): 196688
Network bytes per CPU second: 42768
Tunnel bytes per CPU second: 0
2013-01-25 17:36:40 ----- OpenVPN Stop -----
2013-01-25 17:36:40 EVENT: DISCONNECT_PENDING
This is my log I getting connection time out, same config works in android.
Please suggest some tweak so this config works in IOS too.
Re: How to use Openvpn Connect?
Posted: Fri Mar 08, 2013 12:53 pm
by tonign
I'm having a similar problem:
In my config, using certificates, when i import the profile in iPad OpenVPN Connect client (with inline certificate), the clietn doesn't import it, and same message is displayed "No certificates are present in the Keychain"
I read version 1.0.1 can correct this, but it's not publicly realeased, isn't it?
My profile file is (also tryed adding "setenv CLIENT_CERT 0" with no success):
Code: Select all
persist-tun
persist-key
cipher AES-128-CBC
tls-client
client
remote XXXXXXXXXXXXXX 443 tcp
auth-user-pass
# dont terminate service process on wrong password, ask again
auth-retry interact
# open management channel
management 127.0.0.1 166
# wait for management to explicitly start connection
management-hold
# query management channel for user/pass
management-query-passwords
# disconnect VPN when managment program connection is closed
management-signal
# forget password when management disconnects
management-forget-disconnect
<ca>
-----BEGIN CERTIFICATE-----
...snipped...
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...snipped...
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
Re: How to use Openvpn Connect?
Posted: Sat Mar 09, 2013 6:47 pm
by frriction
You need to add some random key and cert, i have post both somewhere in forum.
Re: How to use Openvpn Connect?
Posted: Mon Mar 25, 2013 7:17 pm
by TryWait
You need to add some random key and cert, i have post both somewhere in forum.
Overall, installing and trying to use OpenVPN on my iPad has wasted a lot of my time. I cannot find anyplace in the forums about how to create and install random keys and certificates.
Re: How to use Openvpn Connect?
Posted: Tue Mar 26, 2013 6:17 am
by frriction
No need to creat one, just paste one I posted in your config.
Re: How to use Openvpn Connect?
Posted: Sun Apr 28, 2013 8:48 pm
by tamadite
I got OpenVPN to work on my iphone by just sending the ovpn file via email after replacing line "ca ca.crt" with content of the ca.crt. Here you go a copy of my openvpn.ovpn file which I slightly modified based on inputs I found in this forum:
Code: Select all
client
dev tun
script-security 3
proto udp
remote [your_wan_ip] 1194
resolv-retry infinite
nobind
<ca>
-----BEGIN CERTIFICATE-----
MIIDszCCAxygA....
....n1KLGtBBtPH9e
-----END CERTIFICATE-----
</ca>
auth-user-pass
cipher AES-128-CBC
comp-lzo
pkcs12 client_iphone.p12
reneg-sec 3600
pull
<cert>
-----BEGIN CERTIFICATE-----
MIIDszCCAxygA....
....n1KLGtBBtPH9e
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALVEXIZYYu1Inmej
uo4Si6Eo5AguTX5sg1pGbLkJSTR4BXQsy6ocUnZ9py8htYkipkUUhjY7zDu+wJlU
tWnVCwCYtewYfEc/+azH7+7eU6ueT2K2IKdik1KWhdtNbaNphVvSlgdyKiuZDTCe
dptgWyiL50N7FMcUUMjjXYh/hftBAgMBAAECgYEAsNjgOEYVRhEaUlzfzmpzhakC
SKT8AALYaAPbYO+ZVzJdh8mIbg+xuF7A9G+7z+5ZL35lrpXKnONuvmlxkK5ESwvV
Q7EOQYCZCqa8xf3li3GUBLwcwXKtOUr3AYXhdbOh2viQdisD4Ky7H6/Nd3yMc3bu
R4pErmWeHei+l6dIwAECQQDqljNxi9babmHiei6lHaznCMg5+jfAyDXgHvO/afFr
1bDQVDTDK+64kax4E9pvDZC6B/HGse9hOUGWXTjb0WZBAkEAxdAw/14iJIUcE5sz
HDy2R0RmbUQYFjrNgBCi5tnmr1Ay1zHAs1VEF+Rg5IOtCBO50I9jm4WCSwCtN6zF
FoFVAQJAUGfBJDcZIm9ZL6ZPXJrqS5oP/wdLmtFE3hfd1gr7C8oHu7BREWB6h1qu
8c1kPlI4+/qDHWaZtQpJ977mIToJwQJAMcgUHKAm/YPWLgT31tpckRDgqgzh9u4z
e1A0ft5FlMcdFFT8BuWlblHWJIwSxp6YO6lqSuBNiuyPqxw6uVAxAQJAWGxOgn2I
fGkWLLw4WMpkFHmwDVTQVwhTpmMP8rWGYEdYX+k9HeOJyVMrJKg2ZPXOPtybrw8T
PUZE7FgzVNxypQ==
-----END PRIVATE KEY-----
</key>
Sections "ca" and "cert" contains the content of ca.crt file. The section "key" is just junk data.
It is important to note that on line "remote [your_wan_ip] 1194" it is needed to replace [your_wan_ip] by the current WAN IP of the openVPN server.
Re: How to use Openvpn Connect?
Posted: Mon Apr 29, 2013 4:48 am
by Douglas
Original post snipped.
Re: How to use Openvpn Connect?
Posted: Fri Apr 21, 2017 9:24 pm
by tamadite
Unfortunately I cannot edit my previous post to give an update. Please follow these new instructions:
On the iPhone, go to Settings and scroll down until you see OpenVPN, get there and activate setting "Force AES-CBC ciphersuites"
Then edit your openvpn.ovpn file and change it as follows:
Code: Select all
client
dev tun
script-security 3
proto udp
remote [your_wan_ip] 1194
resolv-retry infinite
nobind
<ca>
-----BEGIN CERTIFICATE-----
MIIDszCCAxygA....
....n1KLGtBBtPH9e
-----END CERTIFICATE-----
</ca>
auth-user-pass
cipher AES-256-CBC
tls-cipher TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
comp-lzo
pull
where the section "ca" contains the content of ca.crt file.
It is important to note that on line "remote [your_wan_ip] 1194" it is needed to replace [your_wan_ip] with the current WAN IP of the openVPN server.