End User Instructions
- You must be at a minimum of IOS v5. Upgrade your iPad before the following if you are not. See http://notebooks.com/2011/03/09/how-to-upgrade-your-iphone-ipod-touch-or-ipad-to-ios-4-3/ for more information and pretty pictures.
- Open the App Store
- Search for "openvpn connect" and install it. It is a free download
- Start OpenVPN Connect.
- You will need to install the OpenVPN Client Certificate (provided by your sysadmin). There are several ways, but the easiest is using the iTues Sync. Instructions are on the page, but basically you unpack the zip file and add the contents to iTunes. There are some good instructions at http://www.ivpn.net/knowledgebase/71/iPad---OpenVPN-Connect-Setup-Guide.html, or if you want, you can use the instructions below
- Plug your iPad into the computer and let iTunes recognize it.
- From iTunes
- Click on the iPad
- Click on Apps
- You will see OpenVPN as one of the apps that can work with documents.
- Click OpenVPN, and to the right will be a place for documents. Drag the .ovpn file into that
- On iPad
- You will see the new connection show up in the OpenVPN profile on the iPad
- You can now click the plus sign to bring you into the main screen (return to this screen by selecting Help option)
- Making the connection
- Start OpenVPN Connect
- You will now see the standard screen for your OpenVPN. Click on the connection, then move Connection to On.
- You will see the connection being made, and the status will change to Connected
- You can go back to your main screen and work with the remote network
- When you are done, open the OpenVPN Connect again, and move your Connection to Off to disconnect.
OpenVPN creates the certificates as on .p12 file. This is a binary file that contains the CA, User Cert and private key. OpenVPN Connect requires these be broken down into base64 and made part of the ovpn configuration file. Also, IPFire uses tls-remote which OpenVPN Connect does not handle.
The first task is to conver the .p12 certificate file into something we can import into OpenVPN Connect. From a Unix command line, issue the following command, where cert.p12 is the name of the users .p12 file. You will be asked for the password for that file (it is the private key's password). NOTE: This removes security from the private key, so take that into account when setting up your vpn connection.
openssl pkcs12 -in p12file.p12 -out certificate.cer -nodes
This will create a file, certificate.cer That file has three sections of the form:
Bag Atributes ...stuff... -----BEGIN something----- -----END same_something-----
What you will do is insert everything between Bag Attributes and the END into the .ovpn file surrounded by an XML tag which describes what each is. Now, let's look at the .ovpn file generated by IPFire
Sample IPFire configuration (.ovpn) file
------------------------------------------ #OpenVPN Server conf tls-client client dev tun proto udp tun-mtu 1500 remote 192.168.1.1 1194 pkcs12 my.p12 cipher BF-CBC verb 3 ns-cert-type server tls-remote 192.168.1.1 ------------------------------------------
- comment out the tls-remote line.
- copy/paste (or simply cat >>) the contents of certificate.cer at the bottom of the file (position doesn't really matter, I don't think)
- Find the block that is the private key (hint, it has -----BEGIN RSA PRIVATE KEY----- in it). Put the tag <key> </key> around it (ie, <key> before Bag Attributes and </key> after the END of the block)
- Find the CA (Certificate of Authority) block (hint, look for CA in the friendly name, and the friendly name will NOT be the user). Put a <ca> </ca> around this
- The final block will be the users cert. Put <cert> </cert> around it.
See the attached sample for clarification.
Attached files: johnnyboy.ovpn