How to configure iOS OpenVPN client with password authentication

Applies to Platform: iOS 9.0 and up


This lesson illustrates how to configure iOS OpenVPN client to use password authentication.


  • Device with iOS 9.0 and up
  • Internet connectivity and Apple ID to access App Store and download OpenVPN application.


    On iOS is possible to create TUN tunnels only, as TAP tunnels are not supported by the operating system itself. For more information, please refer to OpenVPN iOS client FAQs. The OpenVPN server instance has to be configured to use TUN device.

Client Installation

Download OpenVPN application from App Store, at link and install it by clicking on Install button.


Creation of .ovpn configuration file

Before starting with the steps to configure iOS OpenVPN client, we need to create a .ovpn file where to put all our configuration parameters, as OpenVPN app for iOS allows only to import .ovpn files in order to create a VPN profile.

In order to create an .ovpn file, just open an empty file, and paste the followings:

dev tun                             
proto udp               #only if you use udp protocol
remote REDIP 1194     #1194 only if your vpn server's port is the default port     
resolv-retry infinite
verb 3 comp-lzo
setenv CLIENT_CERT 0 ns-cert-type server
#paste content of cacert.pem here

where you will have to replace REDIP above with the public RED IP of the Endian Appliance, and between <ca> and </ca> you need to put the content of the CA certificate of the Endian UTM Appliance. In order to retrieve it, click on Menubar > VPN > Certicates > Certificate Authority, then click on View details button.

Scroll down the page until you see the following:

The content to be pasted into .ovpn file is the one similar to the following:


For more information, please refer to OpenVPN iOS client FAQs.


On iOS, setenv CLIENT_CERT 0 parameter is needed to avoid iOS asking confirmation each time the user starts OpenVPN connection, only if a user certificate is not selected from iOS keychain. For more information, please read OpenVPN iOS client FAQs.

Replace <REDIP> above with the public RED IP of the Endian Appliance and save the file with .ovpn extension.

iOS OpenVPN client configuration

To successfully configure OpenVPN profile, follows these steps:

1. Import .ovpn file into your iOS device. In order to import them you have two methods, whose explanation is shown when you open OpenVPN app with no VPN profiles set, and they are the followings:


In this guide, e-mail method will be shown.

2. Send .ovpn file to an e-mail which is accessible from the iOS device in use, then open the e-mail from the same device. Look for the attachments and tap on Tap to Download to download .ovpn file.


3. Tap on .ovpn file.


4. Tap on Copy to OpenVPN.


5. Tap on ADD under .ovpn proposed profile name. Such name can be changed into the next step.


6. Type the profile name you prefer, then type the credentials of the user that will connect to VPN server, as set on the Endian UTM Appliance, then tap on ADD.


7. The following dialog window will appear, so tap on Allow.


8. Confirm VPN Configuration apply by using Touch ID or another security method set on your iOS device.


9. The OpenVPN profile now has been successfully imported. Tap on the gray slider to start the connection.


10. If the connection has been established, the state will change to Connected, the slider will become green, therefore the OpenVPN profile configuration is completed.


Have more questions? Submit a request