Eureka !
This "little jewel" is working for me

on iPhone 4 (iOS 6.1) with wifi and 3G after spending hours to investigate,
alas alone 
!
Now I've a secured access to remote servers via "X2 RDP Client", for example to restart a broken service or do other small tasks that don't need a large screen.
Since I'm not resentful

, I share MY solution, not THE universal solution, hoping it can help.
Tell me if it's working for you... or not !
As I read somewhere, the secret is to get rid of .p12 keychain file and to put all its content in client.ovpn file.
Perhaps not very neat but it works !
Use a client.ovpn file that works fine on PC.
All references to external files (.p12, .key) have to be disabled.
At the begining, I tried to keep keys inside .p12 file but it was a mistake.
Now, it's working but I have to type my private key password each time I start the VPN.
It's possible to save it but it's less secured except if you have a strong password to unlock your iPhone/Pad.
In fact, in my case, it's not a problem since I have to logon to remote servers with specific credentials.

Will it be possible, one day, to use .p12 and ta.key without doing such a "little do it yourself"
In any case, thanks for "OpenVPN Connect" for iOS, it's a good job !
So here is my winning profile :
Code: Select all
# Validated profile sample for "OpenVPN Connect"(v.2013/9/23) on "iPhone 4" (iOS 6.1)
port 1194
proto udp
dev tun
# pkcs12 "firstname.name.p12"
# No more used since all its content is put in this .ovpn file
pull
comp-lzo
status openvpn-status.log
verb 5
# Random failover between 10 OpenVPN servers, that's HA !
remote ovpn1.xyz.com
remote ovpn2.xyz.com
remote ovpn3.xyz.com
remote ovpn4.xyz.com
remote ovpn5.xyz.com
remote ovpn6.xyz.com
remote ovpn7.xyz.com
remote ovpn8.xyz.com
remote ovpn9.xyz.com
remote ovpn10.xyz.com
remote-random
resolv-retry 60
tls-client
nobind
#ns-cert-type server
explicit-exit-notify
resolv-retry infinite
script-security 1
# Begining of pasted content of "firstname.name.p12"
# between right tags
# Easy ! "key" tag for "PRIVATE KEY"
<key>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC, ...
DFGghTrgV
.....
DdfGhtGd==
-----END RSA PRIVATE KEY-----
</key>
# Certificate with in its "header": friendlyName: firstname.name
<cert>
-----BEGIN CERTIFICATE-----
dFGErtHRh
...
feGREGevef
-----END CERTIFICATE-----
</cert>
# Certificate with in its "header": friendlyName: rootCA
<ca>
-----BEGIN CERTIFICATE-----
KlbvDes
...
wEBytK==
-----END CERTIFICATE-----
</ca>
# Certificate with in its "header" : friendlyName: SubCA1
<ca>
-----BEGIN CERTIFICATE-----
MIErYD
...
4nkQ==
-----END CERTIFICATE-----
</ca>
#tls-auth ta.key 1
# No more used since ta.key content
# is put in this file instead of using external file ta.key
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
sdDfFgtrj
...
jrghOKdvDrv
-----END OpenVPN Static key V1-----
</tls-auth>
Regards,
Steve.