OpenVPN Profile and iTunes

borderliner · Post by **borderliner** » Sun Oct 08, 2017 7:32 pm

Hello.
I've just installed Gargoyle on my Archer C7 V2 router and wanted to begin with OpenVPN. I chose all the default settings for creating a VPN Server, and downloaded the installation file for my iPhone.

How do I get it onto my OpenVPN app on the phone? iTunes doesn't seem to manage apps anymore. The iPhone won't recognize the zip file as an OpenVPN option, and if I try to import the several files manually, one at a time, the phone app say the others are missing--which they are!

Post by **Lantis** » Sun Oct 08, 2017 10:42 pm

Can you use iCloud Drive?
This was included in iOS 11

Post by **ispyisail** » Mon Oct 09, 2017 12:25 am

I know the answer to this one.

Many years ago OpenVPN had separate files to form a config/connection.

Eric very wisely combined all these files into one zip file (many years ago)

Sometime after this OpenVPN has changed to a single file format. Basically all the information is now in one file (same information)

https://www.digitalocean.com/community/ ... untu-16-04

If you look down toward the bottom of this how-to under "Creating a Configuration Generation Script" It shows how-to combine all the files into one file via a script.

If you are careful you can manually create this file via a sample file.

your iphone needs the single file

Post by **ispyisail** » Mon Oct 09, 2017 1:18 am

Code: Select all

#!/bin/bash

# First argument: Client identifier

KEY_DIR=~/openvpn-ca/keys
OUTPUT_DIR=~/client-configs/files
BASE_CONFIG=~/client-configs/base.conf

cat ${BASE_CONFIG} \
    <(echo -e '<ca>') \
    ${KEY_DIR}/ca.crt \
    <(echo -e '</ca>\n<cert>') \
    ${KEY_DIR}/${1}.crt \
    <(echo -e '</cert>\n<key>') \
    ${KEY_DIR}/${1}.key \
    <(echo -e '</key>\n<tls-auth>') \
    ${KEY_DIR}/ta.key \
    <(echo -e '</tls-auth>') \
    > ${OUTPUT_DIR}/${1}.ovpn

Post by **ispyisail** » Mon Oct 09, 2017 2:42 am

I tried to get this to work but I need someone more skilled than me

Code: Select all

#!/bin/bash

# First argument: Client identifier

KEY_DIR=/etc/openvpn/client_conf
OUTPUT_DIR=/tmp
BASE_CONFIG=/etc/openvpn/client_conf

cat ${BASE_CONFIG}/${1}/${1}.conf \
    < echo -e '<ca>' \
    ${KEY_DIR}/${1}/ca.crt \
    < echo -e '</ca>\n<cert>' \
    ${KEY_DIR}/${1}/${1}.crt \
    < echo -e '</cert>\n<key>' \
    ${KEY_DIR}/${1}/${1}.key \
    < echo -e '</key>\n<tls-auth>' \
    ${KEY_DIR}/${1}/ta.key \
    < echo -e '</tls-auth>' \
    > ${OUTPUT_DIR}/${1}1.ovpn

Code: Select all

 sh make_config.sh client1

Won't let me create a file

Code: Select all

make_config.sh: line 19: can't open echo: no such file

Post by **Lantis** » Tue Oct 10, 2017 4:09 am

ispyisail wrote:
Code: Select all
 sh make_config.sh client1
Won't let me create a file
Code: Select all
make_config.sh: line 19: can't open echo: no such file

Code: Select all

#!/bin/bash

# First argument: Client identifier

KEY_DIR=/etc/openvpn/client_conf
OUTPUT_DIR=/tmp
BASE_CONFIG=/etc/openvpn/client_conf

cat << EOF > ${OUTPUT_DIR}/${1}.ovpn
$(cat ${BASE_CONFIG}/${1}/${1}.conf)
$(echo -e '<ca>')
$(cat ${KEY_DIR}/${1}/ca.crt)
$(echo -e '</ca>\n<cert>')
$(cat ${KEY_DIR}/${1}/${1}.crt)
$(echo -e '</cert>\n<key>')
$(cat ${KEY_DIR}/${1}/${1}.key)
$(echo -e '</key>\n<tls-auth>')
$(cat ${KEY_DIR}/${1}/ta.key)
$(echo -e '</tls-auth>')
EOF

Try this out. Bit uglier, but it will do the job.

Can you also please explain the use case for this? When and why it needs to be done?
I can put it into the UI if i understand it and it will be a common case?
Would need to clean it up and protect the script but it works

Post by **ispyisail** » Tue Oct 10, 2017 4:47 am

I'm having trouble finding references except the web site listed above

From my understanding.....

Compile our base configuration with the relevant certificate, key, and encryption files

Basically Android phones, iphones and windows clients are now looking for one file instead of many files. (all the files are combined into one)

Code: Select all

*.ovpn

Post by **ispyisail** » Tue Oct 10, 2017 4:53 am

Found a reference

https://www.brainfart.sg/index.php/2012 ... pn-config/

Post by **ispyisail** » Tue Oct 10, 2017 4:58 am

In the comments for the original post

Worked like a charm ! thanks a lot.. I think this is must if you want to use the profile on openVPN iphone app. Thanks a lot for sharing !

Post by **Lantis** » Tue Oct 10, 2017 7:29 am

I've hashed something out on my own router as a test. Works fine. I've never used openvpn before so i'll need to test it before pushing. Unless you want to take a look?

Replace contents of /www/utility/openvpn_download_creditials.sh with:
https://pastebin.com/4EaCvbNM

Replace contents of /www/js/openvpn.js with:
https://pastebin.com/ciPCuLvF

Replace contents of /www/i18n/English-EN/openvpn.js with:
https://pastebin.com/5404ip6k

Careful with the i18n one. Recommend only copy pasting everything after the header:

Code: Select all

/*
 * UTF-8 (with BOM) English-EN text strings for OpenVPN elements
 */

and leaving the original header in tact. There is a special byte order marker at the beginning of the file which you may accidentally delete

Gargoyle Forum

OpenVPN Profile and iTunes

OpenVPN Profile and iTunes

Re: OpenVPN Profile and iTunes

Re: OpenVPN Profile and iTunes

Re: OpenVPN Profile and iTunes

Re: OpenVPN Profile and iTunes

Re: OpenVPN Profile and iTunes

Re: OpenVPN Profile and iTunes

Re: OpenVPN Profile and iTunes

Re: OpenVPN Profile and iTunes

Re: OpenVPN Profile and iTunes