OpenVPN Support Forum

On a computer the OpenVPN application can use these two secret files that were produced by our firewall when a new connector was set up (they are plain text - .ovpn and .txt, the .txt contains a static key), I managed to import the .ovpn file to OpenVPN on the iPad fine, but it is asking for a certificate file before I can connect.

How can I get the .txt file into OpenVPN? It is currently languishing in Mail as an attachment, Mail just displays it as a text file and I don't seem to be able to do anything else with it.

Hey jmortimer,

just add the content of the key-file into your .ovpn profile.
Use the following format, as the app internal help suggests:

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>

The same works for key and cert files.

Cheers

Hmm. I just tried that but it didn't work, still asked for a certificate. I checked the online help, it looks like secret files are not currently supported. Well, looks like no iOS OpenVPN for me then until that feature is added.

This feature is well supported. And user Temporaer made a good suggestion, but as you are using a static key, it's not the CA which needs to be inline, but a secret:
And remove (or comment) any line in the configfile which starts with Hope this helps.

I have done that but it is the same - it asks for a certificate from the keychain.

Can you post the server and client configfiles, and if possible the logging on the client? (That will be some kind of screenshot i guess)

I just have my two secret files, here is the ovpn file that I have added the key file to. I have removed some bits for security.

# "Jonathan Mortimer" client configuration

comp-lzo
dev tun
float
ifconfig 172.x.0.9 172.x.0.10
no-replay
port x
proto udp
remote x.x.x.x
resolv-retry infinite

verb 3

route 192.168.x.0 255.255.255.0
route 192.168.x.0 255.255.255.0
route 192.168.x.0 255.255.255.0

route 172.x.0.0 255.255.255.0
route 172.x.0.0 255.255.255.0
route 172.x.0.0 255.255.255.0

<secret>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
57276eeb35723b7e9b803c6106f08625
blah blah blah
81f48af63d5f347a22621dd4451cff27
-----END OpenVPN Static key V1-----
</secret>

As far a i know the keychain is something from the operating-system. The configfile looks OK to me and does not need any additional certificates.
Can you test if this configfile is working on your pc?

Confirmed working with Tunnelblick on the Mac (which my two secret files for the same connection work with too).

This confirms the configfile is correct.
Unfortunatly i don't have a clue where the iPad is asking for: It's not the certificate for the connection for sure as you confirmed allready.
Maybe someone using an iOS device can help?

I am having essentially the same problem with this app on the iPad. I am using a static secret key on the client and server. I create the .ovpn client profile using <secret> and </secret> to bracket the key data.

The problem is the OpenVPN Ipad client continues to require the selection of an external certificate authority. No logs are generated because the client never attempts a connection.

the text of the .ovpn profile which causes the iPad client to ask for a ca is shown here.

remote 192.168.1.50
dev tun
ifconfig 10.10.10.2 10.10.10.1
route 192.168.1.0 255.255.255.0

auth none

cipher none

key-direction bidirectional

<secret>
-----BEGIN OpenVPN Static key V1-----
72aa55e23a63f8ff72249cde056fc310
2a6b0d945603b5f11056dd7ff1b6cea5
e5a69fda0afc89b55994593b6e1cb70a
da723b1e336b98d76b2817736efed016
93506a72149145e060514a0c7b35e974
ca21cc86a37d862174fd45129413597e
4da567a15b7e18db83a730307bc9ef46
03296d0775f119ea1a1e51c38a66e08b
2b3e804b9a66f18b89aff112851257aa
5209081008041791a8f0b851aceb49b4
b378beb958b32422a4de15148f30bb9a
7a3ef5f9a01929b14a6bfff1a7a7fa17
488db512b98cb151c4b61f0bab9269c9
ea1db335a2435e0106c0ffb7943ae73a
497d5b4b82864632dcb763749b78c680
76fd09c4c1cd5b6f338eada26120d61b
-----END OpenVPN Static key V1-----
</secret>