OpenVPN on iPad

Posted by ads' corner on Sunday, 2017-12-24
Posted in [Apple][Online][Software]

Vacation time ahead, and the iPad in the house (who ever had the idea of buying one?) needs a proper VPN connection, in order to be able to access Netflix in Germany.

On Android it’s fairly easy: install the app, drop CA cert, private cert, and key on the device, add everything - done. Three devices ready in less than 10 minutes.

And then I tried the iPad

First question: how to copy the files to the device? Well, the file manager found on the device can’t do network connections. Useless.

In the end I settled with copying the zip to a fileserver and used Safari to download it.

At least the file manager can unpack the zip - but why is iOS always generating numbers when the file already exist, instead of asking me if I want to overwrite it? After some tests I ended up with ca.crt, ca 01.crt, ca 02.crt and so on. Just stupid.

On to OpenVPN, installed the app, and it tells me that I need a .opvn file - why? Ok, next round of zip files. But the app itself cannot open the .opvn file, instead I have to use the file manager and then use “open with”. Talk about obvious …

Next round: I can’t select the cert and key files, everything has to be provided as part of the .opvn configuration file. Added the filenames to the file:

ca ca.crt
cert ipad.crt
key ipad.key

Not helpful - even when all files are in the same directory, the iPad will not find the files, and OpenVPN complains. Further reading reveals that everything can be part of the .opvn file:

<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>

That works, the iPad can start the VPN connection. However after starting the tunnel, no network access is possible. Looks like DNS servers are missing, although the VPN server is pushing 2 DNS servers as part of the connection configuration. Ok, well, let’s specify DNS servers as part of the .opvn file …

dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4

Plus the “usual”:

remote vpn.server.name 443
ping 10
comp-lzo

Finally, VPN is working!

Categories: [Apple] [Online] [Software]
Tags: [Android] [Ios] [Ipad] [Netflix] [Openvpn] [Vpn]

Andreas 'ads' Scherbaum

Friends