Follow

How to configure iOS OpenVPN client with password authentication

Applies to Platform: iOS 9.0 and up

Background

This lesson illustrates how to configure iOS OpenVPN client to use password authentication.

Prerequisites

  • Device with iOS 9.0 and up
  • Internet connectivity and Apple ID to access App Store and download OpenVPN application.

    Warning

    On iOS is possible to create TUN tunnels only, as TAP tunnels are not supported by the operating system itself. For more information, please refer to OpenVPN iOS client FAQs. The OpenVPN server instance has to be configured to use TUN device.

Client Installation

Download OpenVPN application from App Store, at link https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8 and install it by clicking on Install button.

IMG_6552.jpg

Creation of .ovpn configuration file

Before starting with the steps to configure iOS OpenVPN client, we need to create a .ovpn file where to put all our configuration parameters, as OpenVPN app for iOS allows only to import .ovpn files in order to create a VPN profile.

In order to create an .ovpn file, just open an empty file, and paste the followings:

client
dev tun                             
proto udp               #only if you use udp protocol
remote <REDIP> 1194     #1194 only if your vpn server's port is the default port     
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
verb 3 comp-lzo
setenv CLIENT_CERT 0 ns-cert-type server
<ca>
#paste content of cacert.pem here
</ca>

where between <ca> and </ca> you need to put the content of the CA certificate of the Endian UTM Appliance. In order to retrieve it, click on Menubar > VPN > Certicates > Certificate Authority, then click on View details button.

Scroll down the page until you see the following:

The content to be pasted into .ovpn file is the one similar to the following:

-----BEGIN CERTIFICATE-----
MIIEEjCCAvqgAwIBAgIQabYWy0MLMLVk74ZBpiTSNzANBgkqhkiG9w0BAQsFADAs
MQswCQYDVQQGEwJJVDEM[...]iqc6eG+zGY39UjD40lQahFm
Gng0GqYDIVemRo2XqSBQCYJbCZSjQj+YOQ+8HAHJRVvoSXwsm6Q=
-----END CERTIFICATE-----

For more information, please refer to OpenVPN iOS client FAQs.

Note

On iOS, setenv CLIENT_CERT 0 parameter is needed to avoid iOS asking confirmation each time the user starts OpenVPN connection, only if a user certificate is not selected from iOS keychain. For more information, please read OpenVPN iOS client FAQs.

Replace <REDIP> above with the public RED IP of the Endian Appliance and save the file with .ovpn extension.

iOS OpenVPN client configuration

To successfully configure OpenVPN profile, follows these steps:

1. Import .ovpn file into your iOS device. In order to import them you have two methods, whose explanation is shown when you open OpenVPN app with no VPN profiles set, and they are the followings:

IMG_6554.jpg

In this guide, e-mail method will be shown.

2. Send .ovpn file to an e-mail which is accessible from the iOS device in use, then open the e-mail from the same device. Look for the attachments and tap on Tap to Download to download .ovpn file.

IMG_6555.jpg

3. Tap on .ovpn file.

IMG_6556.jpg

4. Tap on Copy to OpenVPN.

IMG_6557.jpg

5. Tap on ADD under .ovpn proposed profile name. Such name can be changed into the next step.

IMG_6558.jpg

6. Type the profile name you prefer, then type the credentials of the user that will connect to VPN server, as set on the Endian UTM Appliance, then tap on ADD.

IMG_6559.jpg

7. The following dialog window will appear, so tap on Allow.

IMG_6560.PNG

8. Confirm VPN Configuration apply by using Touch ID or another security method set on your iOS device.

 IMG_6569.PNG

9. The OpenVPN profile now has been successfully imported. Tap on the gray slider to start the connection.

IMG_6570.jpg

10. If the connection has been established, the state will change to Connected, the slider will become green, therefore the OpenVPN profile configuration is completed.

IMG_6578.jpg

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments