When following the steps to configure the clients credentials, do not set a password for the PKCS12 file. This will show the icon in "Connection Status and Control" section to allow the download of the "insecure configuration package" , which will contain the .ovpn
file with all certificates embedded in it.
Manual Method to create a unified .ovpn
file
There are five(5) sections to a unified .ovpn
file:
- The OpenVPN client conf section
- The file is obtained from the Download Client Package (zip) above.
- Download and copy the
.ovpn
file to a new file. Let's call itmyPhone.ovpn
. - Scroll to the end of the
myPhone.ovpn
file add the two lines below:
key-direction bidirectional
<ca>
- The Root Certificate (ca directive)
- Open the OpenVPN webpage (Service > OpenVPN), scroll down to the Certificate Authorities and -Keys
- Download the Root Certificate by clicking on the floppy disk. Locate the
cacert.pem
file in the Downloads folder. - Copy the contents of
cacert.pem
to end of themyPhone.ovpn
- Scroll to the end of the
myPhone.ovpn
file add the two lines below:
</ca>
<cert>
- The Host Certificate (cert directive) ==> It is the Host certificate of the Client
- Open the OpenVPN webpage (Service > OpenVPN), scroll down to Connection Status and -Control
- Locate the correct (Client) Host Certificate and click on the Show host certificate icon (the blue circle i)
- Scroll to the bottom of the OpenVPN - Host Certificate webpage
- Copy all of the lines from
-----BEGIN CERTIFICATE-----
to the end - Paste those lines at the end of the
myPhone.ovpn
file - Scroll to the end of the
myPhone.ovpn
file add the two lines below:
</cert>
<key>
- The Encrypted Private Key (key)
- The
myPhone.p12
file is obtained from the Download Client Package (zip) above. - In the terminal, go to the directory where the
myPhone.p12
file is located and enter:
- The
PKCS12_PW=<PKCS12 File Password> # mentioned above in Preparations
openssl pkcs12 -nocerts -in iPhone.p12 -passin pass:$PKCS12_PW -passout pass:$PKCS12_PW
- (continued)
- Copy all of the lines from
-----BEGIN CERTIFICATE-----
to the end - Paste those lines at the end of the
myPhone.ovpn
file - Scroll to the end of the
myPhone.ovpn
file add the two lines below:
- Copy all of the lines from
</key>
<tls-auth>
- The TA key (tls-auth)
- The
ta.key
file is obtained from the Download Client Package (zip) above. - Copy the contents of
ta.key
to end of themyPhone.ovpn
- Scroll to the end of the
myPhone.ovpn
file add the two lines below:
- The
</tls-auth>
To install the .ovpn
unified file, follow the steps here.
Done creating the unified ovpn file! The myPhone.ovpn
file should look similar to the file below.