Skip to content

OpenVPN on iPad

Vacation time ahead, and the iPad in the house (who ever had the idea of buying one?) needs a proper VPN connection, in order to be able to access Netflix in Germany.

On Android it's fairly easy: install the app, drop CA cert, private cert, and key on the device, add everything - done. Three devices ready in less than 10 minutes.

And then I tried the iPad ...


First question: how to copy the files to the device? Well, the file manager found on the device can't do network connections. Useless.

In the end I settled with copying the zip to a fileserver and used Safari to download it.

At least the file manager can unpack the zip - but why is iOS always generating numbers when the file already exist, instead of asking me if I want to overwrite it? After some tests I ended up with "ca.crt", "ca 01.crt", "ca 02.crt" and so on. Just stupid.

On to OpenVPN, installed the app, and it tells me that I need a ".opvn" file - why? Ok, next round of zip files. But the app itself cannot open the .opvn file, instead I have to use the file manager and then use "open with". Talk about obvious ...

Next round: I can't select the cert and key files, everything has to be provided as part of the .opvn configuration file. Added the filenames to the file:

ca ca.crt
cert ipad.crt
key ipad.key

Not helpful - even when all files are in the same directory, the iPad will not find the files, and OpenVPN complains. Further reading reveals that everything can be part of the .opvn file:




That works, the iPad can start the VPN connection. However after starting the tunnel, no network access is possible. Looks like DNS servers are missing, although the VPN server is pushing 2 DNS servers as part of the connection configuration. Ok, well, let's specify DNS servers as part of the .opvn file ...

dhcp-option DNS
dhcp-option DNS

Plus the "usual":

remote 443
ping 10

Finally, VPN is working!


No Trackbacks


Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
To leave a comment you must approve it via e-mail, which will be sent to your address after submission.
Form options