OpenVPN’s client is an easy-to-use, free tool for secure, encrypted connections on your iPhone or iPad. It allows VPN connections without having to jailbreak the device. However, OpenVPN doesn’t work as seamlessly as it does on a Mac or PC. To workaround this problem, you will need to extract your certificate and key information from the pkcs12 (.p12) file, and modify the .ovpn configuration file before uploading to the OpenVPN app.
There are a couple ways to accomplish this task. Both require copying files to the OpenVPN app on your device. The first modifies the .ovpn file to call other files that contain the certificate and key info. The second method modifies the .ovpn file to embed the certificate and key details into the file directly. The first method requires less work with less chance of a syntax error, so that’s what I’m outlining below.
Download and install the OpenVPN app from the Apple App Store onto your iOS device and connect it (via wifi or USB) to a computer that has OpenSSL installed on it (if you have a Mac, it’s already there). iTunes is not required, but makes uploading the files to your device easier. If you don’t have iTunes, you can still achieve the same results, but you’ll have to use the second method as mentioned above, and email the files, but that’s for another discussion.
From your certificate authority (CA), firewall, etc., create and download your own personal .ovpn and .p12 files. I use an IPCop firewall that contains a CA, and offers both an OpenVPN and IPSec server. The OpenVPN server stores both the .ovpn and .p12 files in a .zip archive for convenience. If this is the case, extract the files first before modifying them.
I’m going to provide the instructions for Mac users. The Windows commands should be similar, but done from the command line shell.
In this example, my info is contained in bill.p12. Throughout the process described below, substitute the word “bill” with the name of your .p12 file. When you are prompted for a password during the extraction, use the pass phrase set up when the certificate was created. This is not your user or machine password, but one established by you or the certificate administrator when the certificate was created. It should be the same throughout the process.
Open the Terminal app and navigate to where the zipped files are saved. I have mine in the Downloads folder. All files extracted by this process should show up here too unless you specify a different path.
Extract the CA’s certificate using openssl. Remember to substitute your .p12 filename with bill.p12. Leave the extracted file name as ca.crt. This will avoid a naming conflict later.
Extract your private key using openssl. Remember to substitute your .p12 filename with bill.p12. Name the new .key file with the name of your .p12 file (e.g., bill.key)
Extract your personal certificate using openssl. Remember to substitute your .p12 filename with bill.p12. Name the new .crt file to match the name of your .p12 file (e.g., bill.crt).
Open your .ovpn file with Text Edit (or any other editor that will save as UTF-8 format).
Modify your .ovpn file to “comment out” a reference to the pkcs12 info, and “call out” the individual components of it (i.e., the files you just extracted) instead. The uncommented pkcs12 line is the offending piece of code that keeps OpenVPN from working, so you can remove it all together if you’d like.
You also need to modify the line with hostname.jumpingcrab.com to use your own hostname or IP address. If your domain is vpn.abc.com, that’s what you would insert there, replacing the previous hostname or IP address (leave the port as is unless you know different).
Assuming you have iTunes installed on the same machine used to perform the modifications above, open it and select the iOS device you wish to connect via VPN. Select the Apps category just under Summary. If you don’t have iTunes, you will need to embed the certificate and key info into the .ovpn file and email the file, but that’s for another topic.
In iTunes’ File Sharing section, select the OpenVPN app. Click the Add button at the bottom of the File Sharing window. (You may have to scroll creatively to see it.) Navigate to where the .ovpn and other files are stored and add them all at once.
Go back to your device. With the OpenVPN app started, it should automatically recognize a new profile and offer to import it. Click the + button in the OpenVPN app to do that. The files should disappear from iTunes File Sharing if successful.
Toggle the Connect slider and you should be good.