I have two secret files and OpenVPN on the iPad - now what?

jmortimer · Post by **jmortimer** » Sat Aug 10, 2013 8:51 am

On a computer the OpenVPN application can use these two secret files that were produced by our firewall when a new connector was set up (they are plain text - .ovpn and .txt, the .txt contains a static key), I managed to import the .ovpn file to OpenVPN on the iPad fine, but it is asking for a certificate file before I can connect.

How can I get the .txt file into OpenVPN? It is currently languishing in Mail as an attachment, Mail just displays it as a text file and I don't seem to be able to do anything else with it.

temporaer · Post by **temporaer** » Tue Aug 13, 2013 7:58 am

Hey jmortimer,

just add the content of the key-file into your .ovpn profile.
Use the following format, as the app internal help suggests:

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>

The same works for key and cert files.

Cheers

jmortimer · Post by **jmortimer** » Tue Aug 13, 2013 7:46 pm

Hmm. I just tried that but it didn't work, still asked for a certificate. I checked the online help, it looks like secret files are not currently supported. Well, looks like no iOS OpenVPN for me then until that feature is added.

mwandelaar · Post by **mwandelaar** » Wed Aug 14, 2013 5:37 am

This feature is well supported. And user Temporaer made a good suggestion, but as you are using a static key, it's not the CA which needs to be inline, but a secret:

Code: Select all

<secret>
-----BEGIN OpenVPN Static key V1-----
.......
-----END OpenVPN Static key V1-----
</secret>

And remove (or comment) any line in the configfile which starts with

Code: Select all

secret <some-file-name>

Hope this helps.

jmortimer · Post by **jmortimer** » Thu Aug 15, 2013 8:03 pm

I have done that but it is the same - it asks for a certificate from the keychain.

mwandelaar · Post by **mwandelaar** » Fri Aug 16, 2013 5:19 am

Can you post the server and client configfiles, and if possible the logging on the client? (That will be some kind of screenshot i guess)

jmortimer · Post by **jmortimer** » Fri Aug 16, 2013 7:52 am

I just have my two secret files, here is the ovpn file that I have added the key file to. I have removed some bits for security.

# "Jonathan Mortimer" client configuration

comp-lzo
dev tun
float
ifconfig 172.x.0.9 172.x.0.10
no-replay
port x
proto udp
remote x.x.x.x
resolv-retry infinite

verb 3

route 192.168.x.0 255.255.255.0
route 192.168.x.0 255.255.255.0
route 192.168.x.0 255.255.255.0

route 172.x.0.0 255.255.255.0
route 172.x.0.0 255.255.255.0
route 172.x.0.0 255.255.255.0

<secret>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
57276eeb35723b7e9b803c6106f08625
blah blah blah
81f48af63d5f347a22621dd4451cff27
-----END OpenVPN Static key V1-----
</secret>

mwandelaar · Post by **mwandelaar** » Sat Aug 17, 2013 6:58 am

As far a i know the keychain is something from the operating-system. The configfile looks OK to me and does not need any additional certificates.
Can you test if this configfile is working on your pc?

jmortimer · Post by **jmortimer** » Sat Aug 17, 2013 8:33 am

Confirmed working with Tunnelblick on the Mac (which my two secret files for the same connection work with too).

mwandelaar · Post by **mwandelaar** » Sat Aug 17, 2013 3:41 pm

This confirms the configfile is correct.
Unfortunatly i don't have a clue where the iPad is asking for: It's not the certificate for the connection for sure as you confirmed allready.
Maybe someone using an iOS device can help?

mcorriel · Post by **mcorriel** » Tue Aug 20, 2013 12:00 pm

I am having essentially the same problem with this app on the iPad. I am using a static secret key on the client and server. I create the .ovpn client profile using <secret> and </secret> to bracket the key data.

The problem is the OpenVPN Ipad client continues to require the selection of an external certificate authority. No logs are generated because the client never attempts a connection.

the text of the .ovpn profile which causes the iPad client to ask for a ca is shown here.

remote 192.168.1.50
dev tun
ifconfig 10.10.10.2 10.10.10.1
route 192.168.1.0 255.255.255.0

auth none

cipher none

key-direction bidirectional

<secret>
-----BEGIN OpenVPN Static key V1-----
72aa55e23a63f8ff72249cde056fc310
2a6b0d945603b5f11056dd7ff1b6cea5
e5a69fda0afc89b55994593b6e1cb70a
da723b1e336b98d76b2817736efed016
93506a72149145e060514a0c7b35e974
ca21cc86a37d862174fd45129413597e
4da567a15b7e18db83a730307bc9ef46
03296d0775f119ea1a1e51c38a66e08b
2b3e804b9a66f18b89aff112851257aa
5209081008041791a8f0b851aceb49b4
b378beb958b32422a4de15148f30bb9a
7a3ef5f9a01929b14a6bfff1a7a7fa17
488db512b98cb151c4b61f0bab9269c9
ea1db335a2435e0106c0ffb7943ae73a
497d5b4b82864632dcb763749b78c680
76fd09c4c1cd5b6f338eada26120d61b
-----END OpenVPN Static key V1-----
</secret>

OpenVPN Support Forum

I have two secret files and OpenVPN on the iPad - now what?

I have two secret files and OpenVPN on the iPad - now what?

Re: I have two secret files and OpenVPN on the iPad - now wh

Re: I have two secret files and OpenVPN on the iPad - now wh

Re: I have two secret files and OpenVPN on the iPad - now wh

Re: I have two secret files and OpenVPN on the iPad - now wh

Re: I have two secret files and OpenVPN on the iPad - now wh

Re: I have two secret files and OpenVPN on the iPad - now wh

Re: I have two secret files and OpenVPN on the iPad - now wh

Re: I have two secret files and OpenVPN on the iPad - now wh

Re: I have two secret files and OpenVPN on the iPad - now wh

Re: I have two secret files and OpenVPN on the iPad - now wh