OpenVPN on iOS

mmichael1991
edited April 2013 in VPN Setup Support Posts: 7
Hi!

I tried to enable OpenVPN for iOS with the default OpenVPN profiles from PIA, but i can't get it to work.
It needs a certificate and doesn't work without it.

Can anyone help me with this?

Thanks in advance.

- Michael
Post edited by alexb on
«134

Comments

  • leoOK
    Posts: 24

    I got this problem before.

    Those ovpn files need to be modified before put it in openvpn app (Noted: only ca need to be TRUE, cert and key can use yours)

    client
    dev tun
    proto udp
    remote uk-london.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    <ca>
    -----BEGIN CERTIFICATE-----
    MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
    VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
    ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
    cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
    ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
    gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
    IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
    YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
    aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
    AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
    hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
    4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
    CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
    l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
    VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
    ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
    QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
    b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
    atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
    fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
    llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
    -----END CERTIFICATE-----
    </ca>
    <cert>
    -----BEGIN CERTIFICATE-----
    MIID6jCCA1OgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCSEsx
    DDAKBgNVBAgTA0tMTjEMMAoGA1UEBxMDVFdTMQ4wDAYDVQQKEwVLSFZQTjERMA8G
    A1UECxMIY2hhbmdlbWUxDjAMBgNVBAMTBUtIVlBOMREwDwYDVQQpEwhjaGFuZ2Vt
    ZTEhMB8GCSqGSIb3DQEJARYSS0hLRzIwMDlAR01BSUwuQ09NMB4XDTEyMTEwMjE3
    Mjg1NloXDTIyMTAzMTE3Mjg1NlowgZUxCzAJBgNVBAYTAkhLMQwwCgYDVQQIEwNL
    TE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMFS0hWUE4xETAPBgNVBAsTCGNoYW5n
    ZW1lMREwDwYDVQQDEwhDTElFTlQwMTERMA8GA1UEKRMIY2hhbmdlbWUxITAfBgkq
    hkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTTCBnzANBgkqhkiG9w0BAQEFAAOB
    jQAwgYkCgYEAlm1IYDeyrJESPlRvoUvfneJyNIvtQKT38F9VAs4HpFRA8bUTVwn0
    0+v9T71YSIl7KS+P/fA9CYIHLyfboUWgPGtiXWLMFd1zlAfLIiD6p5d6l+d3cC/d
    njSbVikZINxotTpgNVmLaIAikZd3b7ZwSAl+pvYvRMmWdxLWsJ7nqtsCAwEAAaOC
    AUkwggFFMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
    YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUs0IidaQauq68YrEv0N09qr+F4O8w
    gccGA1UdIwSBvzCBvIAUVzid2kkwXgDaDOFQXM2Byb5yR5uhgZikgZUwgZIxCzAJ
    BgNVBAYTAkhLMQwwCgYDVQQIEwNLTE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMF
    S0hWUE4xETAPBgNVBAsTCGNoYW5nZW1lMQ4wDAYDVQQDEwVLSFZQTjERMA8GA1UE
    KRMIY2hhbmdlbWUxITAfBgkqhkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTYIJ
    ANM7BA7OD4HlMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkq
    hkiG9w0BAQQFAAOBgQDKSmxD9hGJiHCMMhKfUaAVh4sxNkOL79QvlhtNb/ZVtnyV
    2a+OnzjbEdc6feAiU+g2BQEUYLHdet/mw7nu5eg0Y/TbAj0hSokqnGWsGzaIGArD
    R6StWueMlqT+R/js5/ISgUehiWDfwGsvSm3uw7eIoKT7Hw1ij8pvz5/ViTkQ2Q==
    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN RSA PRIVATE KEY-----
    MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJZtSGA3sqyREj5U
    b6FL353icjSL7UCk9/BfVQLOB6RUQPG1E1cJ9NPr/U+9WEiJeykvj/3wPQmCBy8n
    26FFoDxrYl1izBXdc5QHyyIg+qeXepfnd3Av3Z40m1YpGSDcaLU6YDVZi2iAIpGX
    d2+2cEgJfqb2L0TJlncS1rCe56rbAgMBAAECgYBKrXALzDrYbqCm7tYINhmKUPuv
    WHPs7rjjzP/wB4ZFr0oadHFoeVngxzwXFQG56P6KgME0KMq0aKfWYiwnkOAtu64A
    3i/KsDVcah/XKe3TfWycO7Y9WjgT9OSOf5dGktnP7RjusZ6w61vjQwWAviuc0J6w
    jACa9ZK53WWmkcBE8QJBAMR9gWYENs7Cly4CFDKLqS83Wf6yx/3oZU9enNc4EDZn
    F1JfX9Xt1Rdx8XmES8BxVT/E8zmOC/jNlVcORo57REkCQQDD/FejfAE02lroBnck
    aUUmiWZNp1q6BgsqDPWXS+DAkTG1OrFAgKOoKo7UqjWs5SvlNrr+dL3sumB0NRf2
    Ku4DAkAsfJXteQrHqTr9Sa80+nXloMyZY/TvwcweOjecaq8RAio/liRmlSBn3H5l
    mtRjz8UTWQ4Qe96uCC3Ftg+3dqUxAkBJ5O0OQQUbbnD0JuvpGJ/wBcJC6SS2Gu0+
    r6AxqXRWZug9EqIeVeJe15z+5iZSyB2i0N30bwPlK+iOKC6erFUNAkEAr/LPOTF3
    0rSBsvISYcPNjX8kRyPQXMG6ebbi20CcmIpqGzb9xnMlDixLPoMemk6JtG2hJcc4
    lwi3blIK1CLBVg==
    -----END RSA PRIVATE KEY-----
    </key>


  • b1895607
    Posts: 4
    Hi leoOK,

    thank you for the information this works great!
  • b1895607
    Posts: 4
    just replace uk-london.privateinternetaccess.com with the server of your choice. Can be found in the client support section of the PIA website
  • Oo0Bailey0oO
    Posts: 2
    Hi,

    I just wanted to clarify when you say "only ca need to be TRUE, cert and key can use yours", where do I find my cert and key files?

    Unlike other VPNs I've used, I don't see .cert and .key files bundled with the configuration file from PIA (other than ca.cert of course).

    Thanks
  • Pears
    edited April 2013 Posts: 1
    Has anyone gotten this to work? How do we find our cert and key strings?

    Edit: If you are jailbroken xCon blocks the vpn!
    Post edited by Pears on
  • cifzo
    edited April 2013 Posts: 1
    just replace uk-london.privateinternetaccess.com with the server of your choice. Can be found in the client support section of the PIA website
    Yes, it does work nicely.  I moved the file onto the phone using iTunes file transfer.  Thanks.
    Post edited by cifzo on
  • Ramboxman
    edited April 2013 Posts: 3
    I try the steps can anyone confirm if they have IOS 6.1.3 I have read on the OpenVPN connect reviews from apple that some are having issues. I can connect but it times out and disconnects following the steps above. 
    Thanks to all.
    Post edited by Ramboxman on
  • Ramboxman
    Posts: 3
    Got it ca.cert

    client
    dev tun
    proto udp
    remote us-east.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    <ca>
    -----BEGIN CERTIFICATE-----
    MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
    VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
    ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
    cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
    ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
    gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
    IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
    YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
    aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
    AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
    hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
    4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
    CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
    l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
    VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
    ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
    QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
    b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
    atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
    fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
    llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
    -----END CERTIFICATE-----
    </ca>
    <cert>
    -----BEGIN CERTIFICATE-----
    MIID6jCCA1OgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCSEsx
    DDAKBgNVBAgTA0tMTjEMMAoGA1UEBxMDVFdTMQ4wDAYDVQQKEwVLSFZQTjERMA8G
    A1UECxMIY2hhbmdlbWUxDjAMBgNVBAMTBUtIVlBOMREwDwYDVQQpEwhjaGFuZ2Vt
    ZTEhMB8GCSqGSIb3DQEJARYSS0hLRzIwMDlAR01BSUwuQ09NMB4XDTEyMTEwMjE3
    Mjg1NloXDTIyMTAzMTE3Mjg1NlowgZUxCzAJBgNVBAYTAkhLMQwwCgYDVQQIEwNL
    TE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMFS0hWUE4xETAPBgNVBAsTCGNoYW5n
    ZW1lMREwDwYDVQQDEwhDTElFTlQwMTERMA8GA1UEKRMIY2hhbmdlbWUxITAfBgkq
    hkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTTCBnzANBgkqhkiG9w0BAQEFAAOB
    jQAwgYkCgYEAlm1IYDeyrJESPlRvoUvfneJyNIvtQKT38F9VAs4HpFRA8bUTVwn0
    0+v9T71YSIl7KS+P/fA9CYIHLyfboUWgPGtiXWLMFd1zlAfLIiD6p5d6l+d3cC/d
    njSbVikZINxotTpgNVmLaIAikZd3b7ZwSAl+pvYvRMmWdxLWsJ7nqtsCAwEAAaOC
    AUkwggFFMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
    YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUs0IidaQauq68YrEv0N09qr+F4O8w
    gccGA1UdIwSBvzCBvIAUVzid2kkwXgDaDOFQXM2Byb5yR5uhgZikgZUwgZIxCzAJ
    BgNVBAYTAkhLMQwwCgYDVQQIEwNLTE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMF
    S0hWUE4xETAPBgNVBAsTCGNoYW5nZW1lMQ4wDAYDVQQDEwVLSFZQTjERMA8GA1UE
    KRMIY2hhbmdlbWUxITAfBgkqhkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTYIJ
    ANM7BA7OD4HlMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkq
    hkiG9w0BAQQFAAOBgQDKSmxD9hGJiHCMMhKfUaAVh4sxNkOL79QvlhtNb/ZVtnyV
    2a+OnzjbEdc6feAiU+g2BQEUYLHdet/mw7nu5eg0Y/TbAj0hSokqnGWsGzaIGArD
    R6StWueMlqT+R/js5/ISgUehiWDfwGsvSm3uw7eIoKT7Hw1ij8pvz5/ViTkQ2Q==
    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN RSA PRIVATE KEY-----
    MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJZtSGA3sqyREj5U
    b6FL353icjSL7UCk9/BfVQLOB6RUQPG1E1cJ9NPr/U+9WEiJeykvj/3wPQmCBy8n
    26FFoDxrYl1izBXdc5QHyyIg+qeXepfnd3Av3Z40m1YpGSDcaLU6YDVZi2iAIpGX
    d2+2cEgJfqb2L0TJlncS1rCe56rbAgMBAAECgYBKrXALzDrYbqCm7tYINhmKUPuv
    WHPs7rjjzP/wB4ZFr0oadHFoeVngxzwXFQG56P6KgME0KMq0aKfWYiwnkOAtu64A
    3i/KsDVcah/XKe3TfWycO7Y9WjgT9OSOf5dGktnP7RjusZ6w61vjQwWAviuc0J6w
    jACa9ZK53WWmkcBE8QJBAMR9gWYENs7Cly4CFDKLqS83Wf6yx/3oZU9enNc4EDZn
    F1JfX9Xt1Rdx8XmES8BxVT/E8zmOC/jNlVcORo57REkCQQDD/FejfAE02lroBnck
    aUUmiWZNp1q6BgsqDPWXS+DAkTG1OrFAgKOoKo7UqjWs5SvlNrr+dL3sumB0NRf2
    Ku4DAkAsfJXteQrHqTr9Sa80+nXloMyZY/TvwcweOjecaq8RAio/liRmlSBn3H5l
    mtRjz8UTWQ4Qe96uCC3Ftg+3dqUxAkBJ5O0OQQUbbnD0JuvpGJ/wBcJC6SS2Gu0+
    r6AxqXRWZug9EqIeVeJe15z+5iZSyB2i0N30bwPlK+iOKC6erFUNAkEAr/LPOTF3
    0rSBsvISYcPNjX8kRyPQXMG6ebbi20CcmIpqGzb9xnMlDixLPoMemk6JtG2hJcc4
    lwi3blIK1CLBVg==
    -----END RSA PRIVATE KEY-----
    </key>

    US East.ovpn

    client
    dev tun
    proto udp
    remote us-east.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1

    you have to remove after verb 1 ...
    reneg-sec 0
    or you will run into timeout issue like me and pull your hair out.

    Hope this helps clarify for others.
     

  • tka
    Posts: 1
    Hi, could any of uou guys who got this working post a step by step instruction of how to get this working for those of us who are technically challenged please?

    Thanks!
  • mmichael1991
    Posts: 7
    I would like to know this as well. 

    Many thanks!
  • mmichael1991
    edited June 2013 Posts: 7
    Hi!

    Here's the step by step guide. It wasn't that hard after all..


    - Step 1
    Download the OpenVPN configuration files from the Client support area.

    - Step 2
    Unzip it

    - Step 3
    Choose the server u want to use. 
    In my case it was Netherlands.ovpn

    - Step 4
    Open the .ovpn file with the basic text editor
    (it worked on my mac, I don't know if it'll work on windows)

    - Step 5
    Remove all the text and Copy and Paste this text into the .ovpn file.

    client
    dev tun
    proto udp
    remote nl.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    <ca>
    -----BEGIN CERTIFICATE-----
    MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
    VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
    ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
    cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
    ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
    gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
    IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
    YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
    aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
    AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
    hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
    4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
    CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
    l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
    VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
    ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
    QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
    b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
    atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
    fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
    llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
    -----END CERTIFICATE-----
    </ca>
    <cert>
    -----BEGIN CERTIFICATE-----
    MIID6jCCA1OgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCSEsx
    DDAKBgNVBAgTA0tMTjEMMAoGA1UEBxMDVFdTMQ4wDAYDVQQKEwVLSFZQTjERMA8G
    A1UECxMIY2hhbmdlbWUxDjAMBgNVBAMTBUtIVlBOMREwDwYDVQQpEwhjaGFuZ2Vt
    ZTEhMB8GCSqGSIb3DQEJARYSS0hLRzIwMDlAR01BSUwuQ09NMB4XDTEyMTEwMjE3
    Mjg1NloXDTIyMTAzMTE3Mjg1NlowgZUxCzAJBgNVBAYTAkhLMQwwCgYDVQQIEwNL
    TE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMFS0hWUE4xETAPBgNVBAsTCGNoYW5n
    ZW1lMREwDwYDVQQDEwhDTElFTlQwMTERMA8GA1UEKRMIY2hhbmdlbWUxITAfBgkq
    hkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTTCBnzANBgkqhkiG9w0BAQEFAAOB
    jQAwgYkCgYEAlm1IYDeyrJESPlRvoUvfneJyNIvtQKT38F9VAs4HpFRA8bUTVwn0
    0+v9T71YSIl7KS+P/fA9CYIHLyfboUWgPGtiXWLMFd1zlAfLIiD6p5d6l+d3cC/d
    njSbVikZINxotTpgNVmLaIAikZd3b7ZwSAl+pvYvRMmWdxLWsJ7nqtsCAwEAAaOC
    AUkwggFFMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
    YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUs0IidaQauq68YrEv0N09qr+F4O8w
    gccGA1UdIwSBvzCBvIAUVzid2kkwXgDaDOFQXM2Byb5yR5uhgZikgZUwgZIxCzAJ
    BgNVBAYTAkhLMQwwCgYDVQQIEwNLTE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMF
    S0hWUE4xETAPBgNVBAsTCGNoYW5nZW1lMQ4wDAYDVQQDEwVLSFZQTjERMA8GA1UE
    KRMIY2hhbmdlbWUxITAfBgkqhkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTYIJ
    ANM7BA7OD4HlMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkq
    hkiG9w0BAQQFAAOBgQDKSmxD9hGJiHCMMhKfUaAVh4sxNkOL79QvlhtNb/ZVtnyV
    2a+OnzjbEdc6feAiU+g2BQEUYLHdet/mw7nu5eg0Y/TbAj0hSokqnGWsGzaIGArD
    R6StWueMlqT+R/js5/ISgUehiWDfwGsvSm3uw7eIoKT7Hw1ij8pvz5/ViTkQ2Q==
    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN RSA PRIVATE KEY-----
    MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJZtSGA3sqyREj5U
    b6FL353icjSL7UCk9/BfVQLOB6RUQPG1E1cJ9NPr/U+9WEiJeykvj/3wPQmCBy8n
    26FFoDxrYl1izBXdc5QHyyIg+qeXepfnd3Av3Z40m1YpGSDcaLU6YDVZi2iAIpGX
    d2+2cEgJfqb2L0TJlncS1rCe56rbAgMBAAECgYBKrXALzDrYbqCm7tYINhmKUPuv
    WHPs7rjjzP/wB4ZFr0oadHFoeVngxzwXFQG56P6KgME0KMq0aKfWYiwnkOAtu64A
    3i/KsDVcah/XKe3TfWycO7Y9WjgT9OSOf5dGktnP7RjusZ6w61vjQwWAviuc0J6w
    jACa9ZK53WWmkcBE8QJBAMR9gWYENs7Cly4CFDKLqS83Wf6yx/3oZU9enNc4EDZn
    F1JfX9Xt1Rdx8XmES8BxVT/E8zmOC/jNlVcORo57REkCQQDD/FejfAE02lroBnck
    aUUmiWZNp1q6BgsqDPWXS+DAkTG1OrFAgKOoKo7UqjWs5SvlNrr+dL3sumB0NRf2
    Ku4DAkAsfJXteQrHqTr9Sa80+nXloMyZY/TvwcweOjecaq8RAio/liRmlSBn3H5l
    mtRjz8UTWQ4Qe96uCC3Ftg+3dqUxAkBJ5O0OQQUbbnD0JuvpGJ/wBcJC6SS2Gu0+
    r6AxqXRWZug9EqIeVeJe15z+5iZSyB2i0N30bwPlK+iOKC6erFUNAkEAr/LPOTF3
    0rSBsvISYcPNjX8kRyPQXMG6ebbi20CcmIpqGzb9xnMlDixLPoMemk6JtG2hJcc4
    lwi3blIK1CLBVg==
    -----END RSA PRIVATE KEY-----
    </key>  

    - Step 6
    If you want to choose another server than the NL one, change the server name on the 4th line (e.g. to ca.privateinternetaccess.com)

    - Step 7
    Save the file. If it changes the extensions change it back to .ovpn

    - Step 8
    Open iTunes, go to your iPhone > apps and scroll down to file sharing. Select he OpenVPN app and paste the edited .ovpn file and the downloaded ca.crt file. 

    - Step 9
    Open the OpenVPN app on your iPhone. The server should pop up now.

    - Step 10
    Click on the green + and enter your credentials.

    That's it!
    Post edited by mmichael1991 on
  • mmichael1991
    Posts: 7
    Hi, could any of uou guys who got this working post a step by step instruction of how to get this working for those of us who are technically challenged please?

    Thanks!
    Look above
  • mmichael1991
    Posts: 7
    I got some problems with the automatic reconnection function. When it want to re-connect it keeps loading at connect.. Anyone with the same problems?
  • Freduruncle
    edited June 2013 Posts: 5
    I'd appreciate any tips here.   I followed the step-by-step above very carefully.  In my case I wanted to use US East.ovpn.

    Everything seemed to go well but dragging the two files via itunes and starting OpenVPN got a message saying a new profile is available for import.  However, just below it I can see...

    Error loading profile: US East.ovpn
    option_error:option <key> was not closed out

    That's all I can see.  I've repeated it three times with the same result.

    Using iphone 5 with latest IOS.

    Any suggestions or am I totally misunderstanding what I'm trying to do here?

    Thanks
    Post edited by Freduruncle on
  • Freduruncle
    Posts: 5
    I'd appreciate any tips here.   I followed the step-by-step above very carefully.  In my case I wanted to use US East.ovpn.

    Everything seemed to go well but dragging the two files via itunes and starting OpenVPN got a message saying a new profile is available for import.  However, just below it I can see...

    Error loading profile: US East.ovpn
    option_error:option <key> was not closed out

    That's all I can see.  I've repeated it three times with the same result.

    Using iphone 5 with latest IOS.

    Any suggestions or am I totally misunderstanding what I'm trying to do here?

    Thanks
    Ok.  On a whim I added a second </key> to the end of the instructions above and it now loads and is asking me for my user ID and password.  

    I've made it at least load now but did I do something stupid?
  • 1b0t
    Posts: 1
    Thanks! This was very helpful.

    Here's my shortened version:

    - Step 1
    Download the OpenVPN configuration files from the Client support area.

    - Step 2
    Unzip it

    - Step 3
    Choose the server u want to use. 
    In my case it was Netherlands.ovpn

    - Step 4
    Open the .ovpn file with the basic text editor
    (it worked on my mac, I don't know if it'll work on windows)

    - Step 5
    Remove all the text and Copy and Paste this text into the .ovpn file.

    client
    dev tun
    proto udp
    remote nl.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    ca ca.crt
    setenv CLIENT_CERT 0

    Explanation
    --- to paste the ca inline is redundant. If you define it inline you don't need to copy the ca.crt to the device.
    --- the last line tells the client that PIA does not require a client certificate.

    - Step 6
    If you want to choose another server than the NL one, change the server name on the 4th line (e.g. to ca.privateinternetaccess.com)

    - Step 7
    Save the file. If it changes the extensions change it back to .ovpn

    - Step 8
    Open iTunes, go to your iPhone > apps and scroll down to file sharing. Select he OpenVPN app and paste the edited .ovpn file and the downloaded ca.crt file. 

    - Step 9
    Open the OpenVPN app on your iPhone. The server should pop up now.

    - Step 10
    Click on the green + and enter your credentials.

    END ---

    I've one issue though. It won't connect over 3G.. my best guess is that my provider blocked port 1194. Is this a fixed port or can i change it to 443?!?

    (using iOS7b2 btw)
  • alexb
    Posts: 433
    We support connections on a variety of ports, TCP 80/443/110, as well as a number of UDP ports: 53, 1194, 8080, 9201
  • defcon
    Posts: 11
    LeoOK, thanks for sharing this, this file works with the openvpn connect app for android as well
  • lux
    Posts: 7
    Just to clarify 1b0t's "shortened version" works if you copy both the ca.crt and .ovpn files in iTunes.
  • daveW
    Posts: 3
    cant get this to work after update OpenVPN Connect on my android.
    anyone facing the same problem?
  • 334md
    edited July 2013 Posts: 2
    Hi everyone,

    Please forgive my naivety but by disclosing the RSA PRIVATE KEY doesn't this compromise the actual certificate? It was my understanding that private keys should never be disclosed.

    I've got leoOK's version to work but can't get the 1b0t's shortened version to work.  It's still asking for ca.crt even though I have copied over it over in iTunes.

    I'm just worried in case there is any vulnerability with the inline version displaying the private key.  Can someone be kind to shed some light on this please and the overall security of the VPN tunnel established.
    Post edited by 334md on
  • alexb
    Posts: 433
    The RSA private key included here is not a PIA key, this is just a generated cert to deal with the fact that OpenVPN on iOS requires a client cert.
  • 334md
    Posts: 2
    The RSA private key included here is not a PIA key, this is just a generated cert to deal with the fact that OpenVPN on iOS requires a client cert.
    That's brilliant, thanks! Was worrying that the tunnel would be compromised. 

    In iOS there is an option to send all traffic via the VPN with L2TP (toggle switch).  Do these OpenVPN configurations do this by default or do you need to include an extra command in the .ovpn file? 
  • alexb
    Posts: 433
    OpenVPN routes all traffic by default
  • sibraPA
    Posts: 1
    Thanks! This was very helpful.

    Here's my shortened version:

    - Step 1
    Download the OpenVPN configuration files from the Client support area.

    - Step 2
    Unzip it

    - Step 3
    Choose the server u want to use. 
    In my case it was Netherlands.ovpn

    - Step 4
    Open the .ovpn file with the basic text editor
    (it worked on my mac, I don't know if it'll work on windows)

    - Step 5
    Remove all the text and Copy and Paste this text into the .ovpn file.

    client
    dev tun
    proto udp
    remote nl.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    ca ca.crt
    setenv CLIENT_CERT 0

    Explanation
    --- to paste the ca inline is redundant. If you define it inline you don't need to copy the ca.crt to the device.
    --- the last line tells the client that PIA does not require a client certificate.

    - Step 6
    If you want to choose another server than the NL one, change the server name on the 4th line (e.g. to ca.privateinternetaccess.com)

    - Step 7
    Save the file. If it changes the extensions change it back to .ovpn

    - Step 8
    Open iTunes, go to your iPhone > apps and scroll down to file sharing. Select he OpenVPN app and paste the edited .ovpn file and the downloaded ca.crt file. 

    - Step 9
    Open the OpenVPN app on your iPhone. The server should pop up now.

    - Step 10
    Click on the green + and enter your credentials.

    END ---

    I've one issue though. It won't connect over 3G.. my best guess is that my provider blocked port 1194. Is this a fixed port or can i change it to 443?!?

    (using iOS7b2 btw)
    1b0t's way worked like a charm for me (iPad)! All the other instructions always ended up with the same error:Freduruncle already has encountered (adding another </key> at the end of the file didn't help either):
    "Error loading profile: xxx.ovpn
    option_error:option <key> was not closed out"

    Fortunately there still was the "shortcut-way" from 1b0t, which works perfectly! So, thanks a lot 1b0t, finally none of these unstable L2TP Connections anyomore!
  • alexb
    Posts: 433
    Glue has been applied, because this is a great tutorial, thanks for everyone who's been participating!
  • carlito007
    Posts: 5
    Hello peps. I've tried the processes stated above a couple of times in a couple of ways. It just doesn't connect on my phone. Am I missing something. I don't mean to sound like a total noob, but i'ould really appreciate a comprehensive tutorial or a link.
  • VPN
    Posts: 795
    The process above is a comprehensive tutorial. You sound like you'd want individual hands-on support, which can't be done over a text based forum unless you provide detailed descriptions and/or screenshots of any problems you encounter.
  • carlito007
    Posts: 5
    The process above is a comprehensive tutorial. You sound like you'd want individual hands-on support, which can't be done over a text based forum unless you provide detailed descriptions and/or screenshots of any problems you encounter.
    ok, here goes my issue. i have downloaded the openvpn client on my iphone. i have the files from the client support area. they have been successfully transfered to my iphone via itunes. None of the profiles connect. NB. i use the user name and password i registered with.   
  • esamett
    Posts: 5
    Iphone 5 running IOS 7: 

    freduruncle technique didnt work
    the top one did for me - just changed server to my local one

    thanks to all!
Sign In or Register to comment.