OpenVPN on iOS
  • Hi!

    I tried to enable OpenVPN for iOS with the default OpenVPN profiles from PIA, but i can't get it to work.
    It needs a certificate and doesn't work without it.

    Can anyone help me with this?

    Thanks in advance.

    - Michael
    Last edited at 2013-04-19 18:09:31
  • leoOK
    Posts: 12

    I got this problem before.

    Those ovpn files need to be modified before put it in openvpn app (Noted: only ca need to be TRUE, cert and key can use yours)

    client
    dev tun
    proto udp
    remote uk-london.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    <ca>
    -----BEGIN CERTIFICATE-----
    MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
    VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
    ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
    cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
    ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
    gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
    IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
    YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
    aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
    AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
    hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
    4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
    CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
    l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
    VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
    ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
    QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
    b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
    atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
    fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
    llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
    -----END CERTIFICATE-----
    </ca>
    <cert>
    -----BEGIN CERTIFICATE-----
    MIID6jCCA1OgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCSEsx
    DDAKBgNVBAgTA0tMTjEMMAoGA1UEBxMDVFdTMQ4wDAYDVQQKEwVLSFZQTjERMA8G
    A1UECxMIY2hhbmdlbWUxDjAMBgNVBAMTBUtIVlBOMREwDwYDVQQpEwhjaGFuZ2Vt
    ZTEhMB8GCSqGSIb3DQEJARYSS0hLRzIwMDlAR01BSUwuQ09NMB4XDTEyMTEwMjE3
    Mjg1NloXDTIyMTAzMTE3Mjg1NlowgZUxCzAJBgNVBAYTAkhLMQwwCgYDVQQIEwNL
    TE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMFS0hWUE4xETAPBgNVBAsTCGNoYW5n
    ZW1lMREwDwYDVQQDEwhDTElFTlQwMTERMA8GA1UEKRMIY2hhbmdlbWUxITAfBgkq
    hkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTTCBnzANBgkqhkiG9w0BAQEFAAOB
    jQAwgYkCgYEAlm1IYDeyrJESPlRvoUvfneJyNIvtQKT38F9VAs4HpFRA8bUTVwn0
    0+v9T71YSIl7KS+P/fA9CYIHLyfboUWgPGtiXWLMFd1zlAfLIiD6p5d6l+d3cC/d
    njSbVikZINxotTpgNVmLaIAikZd3b7ZwSAl+pvYvRMmWdxLWsJ7nqtsCAwEAAaOC
    AUkwggFFMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
    YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUs0IidaQauq68YrEv0N09qr+F4O8w
    gccGA1UdIwSBvzCBvIAUVzid2kkwXgDaDOFQXM2Byb5yR5uhgZikgZUwgZIxCzAJ
    BgNVBAYTAkhLMQwwCgYDVQQIEwNLTE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMF
    S0hWUE4xETAPBgNVBAsTCGNoYW5nZW1lMQ4wDAYDVQQDEwVLSFZQTjERMA8GA1UE
    KRMIY2hhbmdlbWUxITAfBgkqhkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTYIJ
    ANM7BA7OD4HlMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkq
    hkiG9w0BAQQFAAOBgQDKSmxD9hGJiHCMMhKfUaAVh4sxNkOL79QvlhtNb/ZVtnyV
    2a+OnzjbEdc6feAiU+g2BQEUYLHdet/mw7nu5eg0Y/TbAj0hSokqnGWsGzaIGArD
    R6StWueMlqT+R/js5/ISgUehiWDfwGsvSm3uw7eIoKT7Hw1ij8pvz5/ViTkQ2Q==
    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN RSA PRIVATE KEY-----
    MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJZtSGA3sqyREj5U
    b6FL353icjSL7UCk9/BfVQLOB6RUQPG1E1cJ9NPr/U+9WEiJeykvj/3wPQmCBy8n
    26FFoDxrYl1izBXdc5QHyyIg+qeXepfnd3Av3Z40m1YpGSDcaLU6YDVZi2iAIpGX
    d2+2cEgJfqb2L0TJlncS1rCe56rbAgMBAAECgYBKrXALzDrYbqCm7tYINhmKUPuv
    WHPs7rjjzP/wB4ZFr0oadHFoeVngxzwXFQG56P6KgME0KMq0aKfWYiwnkOAtu64A
    3i/KsDVcah/XKe3TfWycO7Y9WjgT9OSOf5dGktnP7RjusZ6w61vjQwWAviuc0J6w
    jACa9ZK53WWmkcBE8QJBAMR9gWYENs7Cly4CFDKLqS83Wf6yx/3oZU9enNc4EDZn
    F1JfX9Xt1Rdx8XmES8BxVT/E8zmOC/jNlVcORo57REkCQQDD/FejfAE02lroBnck
    aUUmiWZNp1q6BgsqDPWXS+DAkTG1OrFAgKOoKo7UqjWs5SvlNrr+dL3sumB0NRf2
    Ku4DAkAsfJXteQrHqTr9Sa80+nXloMyZY/TvwcweOjecaq8RAio/liRmlSBn3H5l
    mtRjz8UTWQ4Qe96uCC3Ftg+3dqUxAkBJ5O0OQQUbbnD0JuvpGJ/wBcJC6SS2Gu0+
    r6AxqXRWZug9EqIeVeJe15z+5iZSyB2i0N30bwPlK+iOKC6erFUNAkEAr/LPOTF3
    0rSBsvISYcPNjX8kRyPQXMG6ebbi20CcmIpqGzb9xnMlDixLPoMemk6JtG2hJcc4
    lwi3blIK1CLBVg==
    -----END RSA PRIVATE KEY-----
    </key>


  • b1895607
    Posts: 4
    Hi leoOK,

    thank you for the information this works great!
  • b1895607
    Posts: 4
    just replace uk-london.privateinternetaccess.com with the server of your choice. Can be found in the client support section of the PIA website
  • Hi,

    I just wanted to clarify when you say "only ca need to be TRUE, cert and key can use yours", where do I find my cert and key files?

    Unlike other VPNs I've used, I don't see .cert and .key files bundled with the configuration file from PIA (other than ca.cert of course).

    Thanks
  • Pears
    Posts: 1
    Has anyone gotten this to work? How do we find our cert and key strings?

    Edit: If you are jailbroken xCon blocks the vpn!
    Last edited at 2013-04-16 19:45:49
  • cifzo
    Posts: 1

    b1895607 said:

    just replace uk-london.privateinternetaccess.com with the server of your choice. Can be found in the client support section of the PIA website



    Yes, it does work nicely.  I moved the file onto the phone using iTunes file transfer.  Thanks.
    Last edited at 2013-04-17 16:44:05
  • Ramboxman
    Posts: 3
    I try the steps can anyone confirm if they have IOS 6.1.3 I have read on the OpenVPN connect reviews from apple that some are having issues. I can connect but it times out and disconnects following the steps above. 
    Thanks to all.
    Last edited at 2013-04-25 16:46:58
  • Ramboxman
    Posts: 3
    Got it ca.cert

    client
    dev tun
    proto udp
    remote us-east.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    <ca>
    -----BEGIN CERTIFICATE-----
    MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
    VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
    ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
    cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
    ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
    gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
    IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
    YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
    aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
    AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
    hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
    4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
    CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
    l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
    VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
    ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
    QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
    b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
    atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
    fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
    llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
    -----END CERTIFICATE-----
    </ca>
    <cert>
    -----BEGIN CERTIFICATE-----
    MIID6jCCA1OgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCSEsx
    DDAKBgNVBAgTA0tMTjEMMAoGA1UEBxMDVFdTMQ4wDAYDVQQKEwVLSFZQTjERMA8G
    A1UECxMIY2hhbmdlbWUxDjAMBgNVBAMTBUtIVlBOMREwDwYDVQQpEwhjaGFuZ2Vt
    ZTEhMB8GCSqGSIb3DQEJARYSS0hLRzIwMDlAR01BSUwuQ09NMB4XDTEyMTEwMjE3
    Mjg1NloXDTIyMTAzMTE3Mjg1NlowgZUxCzAJBgNVBAYTAkhLMQwwCgYDVQQIEwNL
    TE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMFS0hWUE4xETAPBgNVBAsTCGNoYW5n
    ZW1lMREwDwYDVQQDEwhDTElFTlQwMTERMA8GA1UEKRMIY2hhbmdlbWUxITAfBgkq
    hkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTTCBnzANBgkqhkiG9w0BAQEFAAOB
    jQAwgYkCgYEAlm1IYDeyrJESPlRvoUvfneJyNIvtQKT38F9VAs4HpFRA8bUTVwn0
    0+v9T71YSIl7KS+P/fA9CYIHLyfboUWgPGtiXWLMFd1zlAfLIiD6p5d6l+d3cC/d
    njSbVikZINxotTpgNVmLaIAikZd3b7ZwSAl+pvYvRMmWdxLWsJ7nqtsCAwEAAaOC
    AUkwggFFMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
    YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUs0IidaQauq68YrEv0N09qr+F4O8w
    gccGA1UdIwSBvzCBvIAUVzid2kkwXgDaDOFQXM2Byb5yR5uhgZikgZUwgZIxCzAJ
    BgNVBAYTAkhLMQwwCgYDVQQIEwNLTE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMF
    S0hWUE4xETAPBgNVBAsTCGNoYW5nZW1lMQ4wDAYDVQQDEwVLSFZQTjERMA8GA1UE
    KRMIY2hhbmdlbWUxITAfBgkqhkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTYIJ
    ANM7BA7OD4HlMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkq
    hkiG9w0BAQQFAAOBgQDKSmxD9hGJiHCMMhKfUaAVh4sxNkOL79QvlhtNb/ZVtnyV
    2a+OnzjbEdc6feAiU+g2BQEUYLHdet/mw7nu5eg0Y/TbAj0hSokqnGWsGzaIGArD
    R6StWueMlqT+R/js5/ISgUehiWDfwGsvSm3uw7eIoKT7Hw1ij8pvz5/ViTkQ2Q==
    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN RSA PRIVATE KEY-----
    MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJZtSGA3sqyREj5U
    b6FL353icjSL7UCk9/BfVQLOB6RUQPG1E1cJ9NPr/U+9WEiJeykvj/3wPQmCBy8n
    26FFoDxrYl1izBXdc5QHyyIg+qeXepfnd3Av3Z40m1YpGSDcaLU6YDVZi2iAIpGX
    d2+2cEgJfqb2L0TJlncS1rCe56rbAgMBAAECgYBKrXALzDrYbqCm7tYINhmKUPuv
    WHPs7rjjzP/wB4ZFr0oadHFoeVngxzwXFQG56P6KgME0KMq0aKfWYiwnkOAtu64A
    3i/KsDVcah/XKe3TfWycO7Y9WjgT9OSOf5dGktnP7RjusZ6w61vjQwWAviuc0J6w
    jACa9ZK53WWmkcBE8QJBAMR9gWYENs7Cly4CFDKLqS83Wf6yx/3oZU9enNc4EDZn
    F1JfX9Xt1Rdx8XmES8BxVT/E8zmOC/jNlVcORo57REkCQQDD/FejfAE02lroBnck
    aUUmiWZNp1q6BgsqDPWXS+DAkTG1OrFAgKOoKo7UqjWs5SvlNrr+dL3sumB0NRf2
    Ku4DAkAsfJXteQrHqTr9Sa80+nXloMyZY/TvwcweOjecaq8RAio/liRmlSBn3H5l
    mtRjz8UTWQ4Qe96uCC3Ftg+3dqUxAkBJ5O0OQQUbbnD0JuvpGJ/wBcJC6SS2Gu0+
    r6AxqXRWZug9EqIeVeJe15z+5iZSyB2i0N30bwPlK+iOKC6erFUNAkEAr/LPOTF3
    0rSBsvISYcPNjX8kRyPQXMG6ebbi20CcmIpqGzb9xnMlDixLPoMemk6JtG2hJcc4
    lwi3blIK1CLBVg==
    -----END RSA PRIVATE KEY-----
    </key>

    US East.ovpn

    client
    dev tun
    proto udp
    remote us-east.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1

    you have to remove after verb 1 ...
    reneg-sec 0
    or you will run into timeout issue like me and pull your hair out.

    Hope this helps clarify for others.
     

  • tka
    Posts: 1
    Hi, could any of uou guys who got this working post a step by step instruction of how to get this working for those of us who are technically challenged please?

    Thanks!
  • I would like to know this as well. 

    Many thanks!
  • Hi!

    Here's the step by step guide. It wasn't that hard after all..


    - Step 1
    Download the OpenVPN configuration files from the Client support area.

    - Step 2
    Unzip it

    - Step 3
    Choose the server u want to use. 
    In my case it was Netherlands.ovpn

    - Step 4
    Open the .ovpn file with the basic text editor
    (it worked on my mac, I don't know if it'll work on windows)

    - Step 5
    Remove all the text and Copy and Paste this text into the .ovpn file.

    client
    dev tun
    proto udp
    remote nl.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    <ca>
    -----BEGIN CERTIFICATE-----
    MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
    VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
    ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
    cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
    ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
    gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
    IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
    YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
    aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
    AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
    hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
    4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
    CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
    l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
    VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
    ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
    QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
    b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
    atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
    fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
    llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
    -----END CERTIFICATE-----
    </ca>
    <cert>
    -----BEGIN CERTIFICATE-----
    MIID6jCCA1OgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCSEsx
    DDAKBgNVBAgTA0tMTjEMMAoGA1UEBxMDVFdTMQ4wDAYDVQQKEwVLSFZQTjERMA8G
    A1UECxMIY2hhbmdlbWUxDjAMBgNVBAMTBUtIVlBOMREwDwYDVQQpEwhjaGFuZ2Vt
    ZTEhMB8GCSqGSIb3DQEJARYSS0hLRzIwMDlAR01BSUwuQ09NMB4XDTEyMTEwMjE3
    Mjg1NloXDTIyMTAzMTE3Mjg1NlowgZUxCzAJBgNVBAYTAkhLMQwwCgYDVQQIEwNL
    TE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMFS0hWUE4xETAPBgNVBAsTCGNoYW5n
    ZW1lMREwDwYDVQQDEwhDTElFTlQwMTERMA8GA1UEKRMIY2hhbmdlbWUxITAfBgkq
    hkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTTCBnzANBgkqhkiG9w0BAQEFAAOB
    jQAwgYkCgYEAlm1IYDeyrJESPlRvoUvfneJyNIvtQKT38F9VAs4HpFRA8bUTVwn0
    0+v9T71YSIl7KS+P/fA9CYIHLyfboUWgPGtiXWLMFd1zlAfLIiD6p5d6l+d3cC/d
    njSbVikZINxotTpgNVmLaIAikZd3b7ZwSAl+pvYvRMmWdxLWsJ7nqtsCAwEAAaOC
    AUkwggFFMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
    YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUs0IidaQauq68YrEv0N09qr+F4O8w
    gccGA1UdIwSBvzCBvIAUVzid2kkwXgDaDOFQXM2Byb5yR5uhgZikgZUwgZIxCzAJ
    BgNVBAYTAkhLMQwwCgYDVQQIEwNLTE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMF
    S0hWUE4xETAPBgNVBAsTCGNoYW5nZW1lMQ4wDAYDVQQDEwVLSFZQTjERMA8GA1UE
    KRMIY2hhbmdlbWUxITAfBgkqhkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTYIJ
    ANM7BA7OD4HlMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkq
    hkiG9w0BAQQFAAOBgQDKSmxD9hGJiHCMMhKfUaAVh4sxNkOL79QvlhtNb/ZVtnyV
    2a+OnzjbEdc6feAiU+g2BQEUYLHdet/mw7nu5eg0Y/TbAj0hSokqnGWsGzaIGArD
    R6StWueMlqT+R/js5/ISgUehiWDfwGsvSm3uw7eIoKT7Hw1ij8pvz5/ViTkQ2Q==
    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN RSA PRIVATE KEY-----
    MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJZtSGA3sqyREj5U
    b6FL353icjSL7UCk9/BfVQLOB6RUQPG1E1cJ9NPr/U+9WEiJeykvj/3wPQmCBy8n
    26FFoDxrYl1izBXdc5QHyyIg+qeXepfnd3Av3Z40m1YpGSDcaLU6YDVZi2iAIpGX
    d2+2cEgJfqb2L0TJlncS1rCe56rbAgMBAAECgYBKrXALzDrYbqCm7tYINhmKUPuv
    WHPs7rjjzP/wB4ZFr0oadHFoeVngxzwXFQG56P6KgME0KMq0aKfWYiwnkOAtu64A
    3i/KsDVcah/XKe3TfWycO7Y9WjgT9OSOf5dGktnP7RjusZ6w61vjQwWAviuc0J6w
    jACa9ZK53WWmkcBE8QJBAMR9gWYENs7Cly4CFDKLqS83Wf6yx/3oZU9enNc4EDZn
    F1JfX9Xt1Rdx8XmES8BxVT/E8zmOC/jNlVcORo57REkCQQDD/FejfAE02lroBnck
    aUUmiWZNp1q6BgsqDPWXS+DAkTG1OrFAgKOoKo7UqjWs5SvlNrr+dL3sumB0NRf2
    Ku4DAkAsfJXteQrHqTr9Sa80+nXloMyZY/TvwcweOjecaq8RAio/liRmlSBn3H5l
    mtRjz8UTWQ4Qe96uCC3Ftg+3dqUxAkBJ5O0OQQUbbnD0JuvpGJ/wBcJC6SS2Gu0+
    r6AxqXRWZug9EqIeVeJe15z+5iZSyB2i0N30bwPlK+iOKC6erFUNAkEAr/LPOTF3
    0rSBsvISYcPNjX8kRyPQXMG6ebbi20CcmIpqGzb9xnMlDixLPoMemk6JtG2hJcc4
    lwi3blIK1CLBVg==
    -----END RSA PRIVATE KEY-----
    </key>  

    - Step 6
    If you want to choose another server than the NL one, change the server name on the 4th line (e.g. to ca.privateinternetaccess.com)

    - Step 7
    Save the file. If it changes the extensions change it back to .ovpn

    - Step 8
    Open iTunes, go to your iPhone > apps and scroll down to file sharing. Select he OpenVPN app and paste the edited .ovpn file and the downloaded ca.crt file. 

    - Step 9
    Open the OpenVPN app on your iPhone. The server should pop up now.

    - Step 10
    Click on the green + and enter your credentials.

    That's it!
    Last edited at 2013-06-18 17:38:37
  • tka said:

    Hi, could any of uou guys who got this working post a step by step instruction of how to get this working for those of us who are technically challenged please?

    Thanks!



    Look above
  • I got some problems with the automatic reconnection function. When it want to re-connect it keeps loading at connect.. Anyone with the same problems?
  • I'd appreciate any tips here.   I followed the step-by-step above very carefully.  In my case I wanted to use US East.ovpn.

    Everything seemed to go well but dragging the two files via itunes and starting OpenVPN got a message saying a new profile is available for import.  However, just below it I can see...

    Error loading profile: US East.ovpn
    option_error:option <key> was not closed out

    That's all I can see.  I've repeated it three times with the same result.

    Using iphone 5 with latest IOS.

    Any suggestions or am I totally misunderstanding what I'm trying to do here?

    Thanks
    Last edited at 2013-06-19 00:42:40
  • I'd appreciate any tips here.   I followed the step-by-step above very carefully.  In my case I wanted to use US East.ovpn.


    Everything seemed to go well but dragging the two files via itunes and starting OpenVPN got a message saying a new profile is available for import.  However, just below it I can see...

    Error loading profile: US East.ovpn
    option_error:option <key> was not closed out

    That's all I can see.  I've repeated it three times with the same result.

    Using iphone 5 with latest IOS.

    Any suggestions or am I totally misunderstanding what I'm trying to do here?

    Thanks


    Ok.  On a whim I added a second </key> to the end of the instructions above and it now loads and is asking me for my user ID and password.  

    I've made it at least load now but did I do something stupid?
  • 1b0t
    Posts: 1
    Thanks! This was very helpful.

    Here's my shortened version:

    - Step 1
    Download the OpenVPN configuration files from the Client support area.

    - Step 2
    Unzip it

    - Step 3
    Choose the server u want to use. 
    In my case it was Netherlands.ovpn

    - Step 4
    Open the .ovpn file with the basic text editor
    (it worked on my mac, I don't know if it'll work on windows)

    - Step 5
    Remove all the text and Copy and Paste this text into the .ovpn file.

    client
    dev tun
    proto udp
    remote nl.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    ca ca.crt
    setenv CLIENT_CERT 0

    Explanation
    --- to paste the ca inline is redundant. If you define it inline you don't need to copy the ca.crt to the device.
    --- the last line tells the client that PIA does not require a client certificate.

    - Step 6
    If you want to choose another server than the NL one, change the server name on the 4th line (e.g. to ca.privateinternetaccess.com)

    - Step 7
    Save the file. If it changes the extensions change it back to .ovpn

    - Step 8
    Open iTunes, go to your iPhone > apps and scroll down to file sharing. Select he OpenVPN app and paste the edited .ovpn file and the downloaded ca.crt file. 

    - Step 9
    Open the OpenVPN app on your iPhone. The server should pop up now.

    - Step 10
    Click on the green + and enter your credentials.

    END ---

    I've one issue though. It won't connect over 3G.. my best guess is that my provider blocked port 1194. Is this a fixed port or can i change it to 443?!?

    (using iOS7b2 btw)
  • alexb
    Posts: 433
    We support connections on a variety of ports, TCP 80/443/110, as well as a number of UDP ports: 53, 1194, 8080, 9201
    Alexander B

    Tier II Technical Support
    Private Internet Access Inc.
  • defcon
    Posts: 8
    LeoOK, thanks for sharing this, this file works with the openvpn connect app for android as well
  • lux
    Posts: 1
    Just to clarify 1b0t's "shortened version" works if you copy both the ca.crt and .ovpn files in iTunes.
  • daveW
    Posts: 3
    cant get this to work after update OpenVPN Connect on my android.
    anyone facing the same problem?
  • 334md
    Posts: 2
    Hi everyone,

    Please forgive my naivety but by disclosing the RSA PRIVATE KEY doesn't this compromise the actual certificate? It was my understanding that private keys should never be disclosed.

    I've got leoOK's version to work but can't get the 1b0t's shortened version to work.  It's still asking for ca.crt even though I have copied over it over in iTunes.

    I'm just worried in case there is any vulnerability with the inline version displaying the private key.  Can someone be kind to shed some light on this please and the overall security of the VPN tunnel established.
    Last edited at 2013-07-22 20:12:31
  • alexb
    Posts: 433
    The RSA private key included here is not a PIA key, this is just a generated cert to deal with the fact that OpenVPN on iOS requires a client cert.
    Alexander B

    Tier II Technical Support
    Private Internet Access Inc.
  • 334md
    Posts: 2
    alexb said:

    The RSA private key included here is not a PIA key, this is just a generated cert to deal with the fact that OpenVPN on iOS requires a client cert.



    That's brilliant, thanks! Was worrying that the tunnel would be compromised. 

    In iOS there is an option to send all traffic via the VPN with L2TP (toggle switch).  Do these OpenVPN configurations do this by default or do you need to include an extra command in the .ovpn file? 
  • alexb
    Posts: 433
    OpenVPN routes all traffic by default
    Alexander B

    Tier II Technical Support
    Private Internet Access Inc.
  • sibraPA
    Posts: 1
    1b0t said:

    Thanks! This was very helpful.


    Here's my shortened version:

    - Step 1
    Download the OpenVPN configuration files from the Client support area.

    - Step 2
    Unzip it

    - Step 3
    Choose the server u want to use. 
    In my case it was Netherlands.ovpn

    - Step 4
    Open the .ovpn file with the basic text editor
    (it worked on my mac, I don't know if it'll work on windows)

    - Step 5
    Remove all the text and Copy and Paste this text into the .ovpn file.

    client
    dev tun
    proto udp
    remote nl.privateinternetaccess.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    ca ca.crt
    setenv CLIENT_CERT 0

    Explanation
    --- to paste the ca inline is redundant. If you define it inline you don't need to copy the ca.crt to the device.
    --- the last line tells the client that PIA does not require a client certificate.

    - Step 6
    If you want to choose another server than the NL one, change the server name on the 4th line (e.g. to ca.privateinternetaccess.com)

    - Step 7
    Save the file. If it changes the extensions change it back to .ovpn

    - Step 8
    Open iTunes, go to your iPhone > apps and scroll down to file sharing. Select he OpenVPN app and paste the edited .ovpn file and the downloaded ca.crt file. 

    - Step 9
    Open the OpenVPN app on your iPhone. The server should pop up now.

    - Step 10
    Click on the green + and enter your credentials.

    END ---

    I've one issue though. It won't connect over 3G.. my best guess is that my provider blocked port 1194. Is this a fixed port or can i change it to 443?!?

    (using iOS7b2 btw)


    1b0t's way worked like a charm for me (iPad)! All the other instructions always ended up with the same error:Freduruncle already has encountered (adding another </key> at the end of the file didn't help either):
    "Error loading profile: xxx.ovpn
    option_error:option <key> was not closed out"

    Fortunately there still was the "shortcut-way" from 1b0t, which works perfectly! So, thanks a lot 1b0t, finally none of these unstable L2TP Connections anyomore!
  • alexb
    Posts: 433
    Glue has been applied, because this is a great tutorial, thanks for everyone who's been participating!
    Alexander B

    Tier II Technical Support
    Private Internet Access Inc.
  • carlito007
    Posts: 5
    Hello peps. I've tried the processes stated above a couple of times in a couple of ways. It just doesn't connect on my phone. Am I missing something. I don't mean to sound like a total noob, but i'ould really appreciate a comprehensive tutorial or a link.
  • VPN
    Posts: 508
    The process above is a comprehensive tutorial. You sound like you'd want individual hands-on support, which can't be done over a text based forum unless you provide detailed descriptions and/or screenshots of any problems you encounter.
  • carlito007
    Posts: 5
    VPN said:

    The process above is a comprehensive tutorial. You sound like you'd want individual hands-on support, which can't be done over a text based forum unless you provide detailed descriptions and/or screenshots of any problems you encounter.



    ok, here goes my issue. i have downloaded the openvpn client on my iphone. i have the files from the client support area. they have been successfully transfered to my iphone via itunes. None of the profiles connect. NB. i use the user name and password i registered with.   
  • esamett
    Posts: 7
    Iphone 5 running IOS 7: 

    freduruncle technique didnt work
    the top one did for me - just changed server to my local one

    thanks to all!
  • esamett
    Posts: 7
    Ips7 iPhone 5
    Working from home but not from work public hotspot. Suspect default port blocked. How to modify script and what ports to try please?

    Thanks.
  • VPN
    Posts: 508
    Change the last value in the remote-line, try 53.
  • FryVolt
    Posts: 4
    Hi guys,

    For those who are having problems connecting with OpenVPN on iOS, here is what I do. You may try it as one of the many ways, but this is what worked for me.

    I just downloaded the OVN configuration files from the Client Support Area. Next, from the App Store, I installed OpenVPN Connect by OpenVPN Technologies.
    Then back onto my computer, I simply unzipped the archive with the configuration files into an empty folder.
    I then connected my iPhone/iPad to my computer.
    I then launched iTunes and here I copied everything from that folder where I extracted the configuration files.
    I then launched the OpenVPN App on the iPhone, added all the 16 profiles.
    Just picked on any of the server I want to connect to and enter my username and password (the same as I enter on the User control panel not the one generated for the L2TP/PPTP/Socks tool after logging in).
    After doing this, you will see your device connected without issues.

    Wish you all the best. You will note that I did not edit any configuration file in Notepad or TextEdit: just copy those files as they are to your device's OpenVPN app. Hope this helps,
  • Regression Bug: Cannot handle wifi to cell re-connect

    Overview
    :

    One of the supposed resolved issues stated in the release notes for OpenVPN
    Connect iOS version 1.0.1, says "as device moves between WiFi and
    cellular networks, proactively reconnect."

    However, it seems this functionality is not implemented or working in my case (and several
    others, with a simple search). I have not come across anyone that is
    taking this issue seriously, but perhaps it was not conveyed well--so I
    will provide an attempt.


    Steps to Reproduce:

    1. Device connected to wifi and cell network
    2. Turn off wifi
    3. Check OpenVPN Connect and logs


    Expected Results:

    OpenVPN Connect gracefully transitions over to cellular network.


    Actual Results:

    OpenVPN
    Connect displays issue as 'Paused (network is currently unavailable)'
    with it never being able to 'un-pause' itself and forcing the user to
    cycle the on/off to re-enable.


    Additional Information:

    Device Used: iPhone 5 (A1428, AT&T Wireless, Unlocked)
    iOS Version: 7.0.2 (though I've observed this ever since I've had OpenVPN Connect in iOS 6.1.4)

    OVPN Config: http://pastebin.com/g6xtGu5E
    OpenVPN Connect Log: http://pastebin.com/f0p2T6U1

    This is a re-post from OVPN forums, trying to increase exposure and get more help on this issue. However, I am running my VPN through PIN, so this is still appropriate.
    Last edited at 2013-10-09 15:56:26
  • Additional 'Pause' event with more info:

    013-10-09 14:47:49 OS Event: NET UNAVAILABLE (PAUSE): Reachability<reachable=1 connectionRequired=0 isWWAN=0>
    2013-10-09 14:47:49 UDP send error: send: Can't assign requested address
    2013-10-09 14:47:49 EVENT: PAUSE
    Last edited at 2013-10-10 01:21:24
  • From the OVPN Thread:

    First of all I suggest you ask your provider for their requirements for
    you to be able to connect or at least carefully read their published
    details, most likely on their website.

    Also, as you are roaming
    they may need to take this into account on their server and they may not
    have done so, perhaps they require "float" in the server config:

    The Manual wrote:

    Code:
    --float
                  Allow remote peer to change its IP address and/or port number, such as due to DHCP
                  (this  is  the  default  if  --remote  is  not used).  --float when specified with
                  --remote allows an OpenVPN session to initially connect  to  a  peer  at  a  known
                  address,  however if packets arrive from a new address and pass all authentication
                  tests, the new address will take control of the session.  This is useful when  you
                  are  connecting  to a peer which holds a dynamic address such as a dial-in user or
                  DHCP client.

                  Essentially, --float tells  OpenVPN  to  accept  authenticated  packets  from  any
                  address, not only the address which was specified in the --remote option.

  • VPN
    Posts: 508

    (this is the default if --remote is not used)


    --remote is never used on servers.

    The error message you've posted above is entirely client network related. Nothing in it indicates that the network is in fact working but the server disconnects or rejects the new IP address.
  • Janielptb
    Posts: 1
    Olá pessoal, toda vez que a tela de bloqueio no meu iphone o túnel OpenVPN está pendente, mudou todas as configurações ainda não pode resolver este problema.Alguém pode me ajudar? Segue o log: PAUSA (rede não está disponível)

    2013/11/14  15:14:48 OS Evento: Sleep 
    2013/11/14 15:14:48 EVENTO: PAUSA 
    2013/11/14 15:15:47 Evento OS: WAKEUP
  • nybbles
    Posts: 6
    This no longer works with the 1.0.2 version just released for OpenVPN Connect...

    I get this error message...

    https://forums.openvpn.net/topic12035.html

    I would really appreciate it, if somebody could fix it....
  • Hi there, I'm getting this error too, grateful if anyone has a solution...

    I have managed to uninstall and re install openvpn app so it remains at the earlier version so still works but if i upgrade I get the above error and cannot connect.

    Pls help
  • Also having this issue.
  • blckspder
    Posts: 2
    same here!
  • vkk1
    Posts: 1
    Hello everybody.

    I got this error too. In my case the following helped to get it running again (on iPhone 5 with iOS 6.1.4):

    - Remove VPN profile(s) and OpenVPN app

    - Edit the ovpn file(s): Remove 'RSA' from the key section: 

    Change
    -----BEGIN RSA PRIVATE KEY----- 
    into 
    -----BEGIN PRIVATE KEY-----

    and 
    -----END RSA PRIVATE KEY-----
    into
    -----END PRIVATE KEY-----

    Reinstall app and recreate your VPN profile(s) in openvpn connect app
  • rjrjrj
    Posts: 2
    I updated OpenVPN Connect and have not had this problem. IOS6.x and iPad2.
  • nybbles
    Posts: 6
    VKK1 - YOU ARE CORRECT!!! THANK YOU!

    So simple...
  • blckspder
    Posts: 2
    VKK1 worked great! im using ios 7 on an iphone 5.

    Thanks for the fix!
  • Thanks VKK1, worked great, i am up and running again!

    Cheers
  • nybbles
    Posts: 6
    WARNING!  It doesn't reconnect to cellular and potentially worse part.. it BLOCKS all data until you manually reconnect.

    There are quite a few threads about this on the openvpn forums... I really hope it can be fixed.  I noticed it back in 1.0.1, but it didn't block data... so I would just reactivate it, no biggie.. but now that it's blocking data... not good... I like my security, but I also like my functionality.  and my text messages are through Google Voice... so I need the data up and running at all times.
    Last edited at 2013-12-19 22:31:34
  • I got that RSA parsing error as well but rather than do what vkk1 did (editing the inline version removing the RSA text) I redid my setup following 1b0t's shortened instructions and it just worked with no fuss.

    I did this because I neglected to save the .opvn files that I had used a few months  back to get this going and decided that the 'short' way was a lot easier then creating the inline version like before......if it worked.... which it did for me.

    For what its worth...
    Freduruncle

  • btw, I also didn't delete the app or anything like at.  Just imported the new .opvn file in iTunes and enabled it in openVPN and it worked.  Will just delete the old ones for various PIA servers....

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


VPN Service

twitter facebook google plus youtube