Automatic Method to create a unified `.ovpn` file

When following the steps to configure the clients credentials, do not set a password for the PKCS12 file. This will show the icon in "Connection Status and Control" section to allow the download of the "insecure configuration package" , which will contain the .ovpn file with all certificates embedded in it.

Manual Method to create a unified .ovpn file

There are five(5) sections to a unified .ovpn file:

  1. The OpenVPN client conf section
    • The file is obtained from the Download Client Package (zip) above.
    • Download and copy the .ovpn file to a new file. Let's call it myPhone.ovpn.
    • Scroll to the end of the myPhone.ovpn file add the two lines below:
key-direction bidirectional
<ca>
  1. The Root Certificate (ca directive)
    • Open the OpenVPN webpage (Service > OpenVPN), scroll down to the Certificate Authorities and -Keys
    • Download the Root Certificate by clicking on the floppy disk. Locate the cacert.pem file in the Downloads folder.
    • Copy the contents of cacert.pem to end of the myPhone.ovpn
    • Scroll to the end of the myPhone.ovpn file add the two lines below:
</ca>
<cert>
  1. The Host Certificate (cert directive) ==> It is the Host certificate of the Client
    • Open the OpenVPN webpage (Service > OpenVPN), scroll down to Connection Status and -Control
    • Locate the correct (Client) Host Certificate and click on the Show host certificate icon (the blue circle i)
    • Scroll to the bottom of the OpenVPN - Host Certificate webpage
    • Copy all of the lines from -----BEGIN CERTIFICATE----- to the end
    • Paste those lines at the end of the myPhone.ovpn file
    • Scroll to the end of the myPhone.ovpn file add the two lines below:
</cert>
<key>
  1. The Encrypted Private Key (key)
    • The myPhone.p12 file is obtained from the Download Client Package (zip) above.
    • In the terminal, go to the directory where the myPhone.p12 file is located and enter:
PKCS12_PW=<PKCS12 File Password>  # mentioned above in Preparations
openssl pkcs12 -nocerts -in iPhone.p12 -passin pass:$PKCS12_PW -passout pass:$PKCS12_PW
  1. (continued)
    • Copy all of the lines from -----BEGIN CERTIFICATE----- to the end
    • Paste those lines at the end of the myPhone.ovpn file
    • Scroll to the end of the myPhone.ovpn file add the two lines below:
</key>
<tls-auth>
  1. The TA key (tls-auth)
    • The ta.key file is obtained from the Download Client Package (zip) above.
    • Copy the contents of ta.key to end of the myPhone.ovpn
    • Scroll to the end of the myPhone.ovpn file add the two lines below:
</tls-auth>

To install the .ovpn unified file, follow the steps here.

Done creating the unified ovpn file! The myPhone.ovpn file should look similar to the file below.

Example iphone.ovpn
Example iphone.ovpn

Edit Page ‐ Yes, you can edit!
Last changed by Jon, February 1 View Older Revisions