Stuck Importing OpenVPN config to iOS

Continuing this from Freeland.

I configured everything server-wise on the EdgeRouter and tested it with the OpenVPN app on my PC, so I know the tunnel works. Because I need iOS setup to work just by emailing the .ovpn file (needs to be super user friendly) I found some instructions online that show you how to embed the cert text into that config file. The profile imports on my phone but doesn’t connect and I get the error message below.

a4f9b4f2260fa32776bd73dc0729b7c8af3b8634_2_281x500 d76aee0341137092808b12aa5adbd0b7faeed442_2_281x500

So apparently I need to convert my key to #PKSC12 format with this command to work with iOS

openssl pkcs12 -export -in cert -inkey key -certfile ca -name MyClient -out client.ovpn12

My root cert is called cacert.pem, key is client1.key, and client cert is client1.pem. @Heimdallr you wrote this command out with .crt format certs. Should that matter? Also where will the .ovpn12 file be output? I’m assuming this command will be issued on my EdgeRouter?

1 Like

You need to create these certs using easyrsa. I’m not sure how the edge router creates your server.

Jesus christ. I changed my mind OVPN sux lmao

Gotta figure it out tho. Lemme look that up

1 Like

OpenVPN is fine when you do the grunt work yourself or have a script you made to do it. It sucks when using some else’s stuff to do it and trying to hodge podge it together.

What is the exact nature and purpose of the tunnel?

secure access to NVRs. Gonna have to setup servers on a bunch of EdgeRouters and 2-3 clients per server

Okay well when you figure out how the edge router did it all. Compare it to the documentation discussed prior in the lounge and see where it went wrong

openssl pkcs12 -export -in client1.pem -inkey client1.key -certfile cacert.pem -name Client1 -out client1.ovpn12

this worked actually. Gonna test the next part brb tho

1 Like

Of course it worked :wink: I wrote the command out

Idk shit about cryptography bro lol. The guide I was following ran that command from his Mac

This is compounded by the fact that I’m not a Linux user lol

1 Like

Fortunately you have experienced people here.

The thing with apple is .cer is Apple’s default certificate. It can be used in xcode development and packaging. The .p12 certificate may contain both the public key and the private key. This is their difference. Except for the xcode development tool, everything else needs p12 to be packaged. So naturally on their platform even with openVPN you need a p12 to connect otherwise you only get the public key delivered which is useless without the private. Hence your private key ssl error.

OpenVPN is platform independent :wink: you can do it on Windows. Anyways keep going through the steps you need to and see if you can get the iPhone to connect

So here is my config file. Bout to try it out

client
dev tun
proto udp
remote x.x.x.x 11xx
float
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3

-----BEGIN CERTIFICATE-----
MIIDjDCCAnSgAwIBAgIJANns1KU8dG8tMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV

HSA5sht3tV2d0EstCblHmwgW9QZ5D9n0FdGZHzZXT7ra+J4q6trMbVuPiq9gmbIL
-----END CERTIFICATE-----

1 Like

It’s not showing the <\ca> in Discourse but it’s there (I know it’s a forward slash)

1 Like

Change that motherfuckin port bruh. Come on you are going to make a secure tunnel at least tunnel on a non standard port lol

I’m just testing for now.

When I click this file in Mail either has a .ovpn12 or .p12 it doesn’t do shit

It should be going to my Keychain. Oh fuck. That’s probably because the file is empty…

1 Like

Yeah that doesn’t go well :troll:

Idk how that happened lol. It’s 3.5KB on the EdgeRouter. Just redownloaded it again, Windows said it was 0 bytes

1 Like

Can you import all the certs from something externally generated and just create the open VPN on another machine then move it to the edge router and the other devices?

This is how I would do so because it allows me finer control.

WOO! It works

I don’t see why not. Maybe you could reference this and figure that out you seem to know a lot more than me

this is how I created my server

1 Like

Yeah give me a moment I’m on my phone haha