Today, OpenVPN Technologies released OpenVPN Connect for iOS. Finally, we can use OpenVPN on all major platforms. I know many of my blog readers have been waiting for this: my article on the iOS VPN API is one of the most popular articles on my blog.
OpenVPN Connect is not based on the classic GPL OpenVPN software (supposedly GPL and App Store are not compatible), but supposed to be fully compatible with any OpenVPN server running version 2.1 or higher (including IPv6 support with servers running the recently-released version 2.3). Supposedly it can even be managed using the “Custom SSL” option in iPhone Configuration Utility.
Two points I’d like to mention which might temporarily disappoint some people:
It currently requires client certificates (but the help promises that that’ll change soon).- Layer 2 tap interfaces are not supported. As I noted in my VPN API blog post, iOS provides a utun interface, which only does layer 3.
Go check it out on the App Store or have a look at Gert Döring’s Google+ post.
Update December 2013: Version 1.0.2 (just released) finally works for me. 1.0.0 didn’t work without client certificates and 1.0.1 had some weird SSL library issue where it would reject my server certificate. In 1.0.2 I was able to just drop my .ovpn file into iTunes and was up and running immediately, including IPv6 support.
Pingback: iOS 4.1: Undocumented VPN API, used by Cisco AnyConnect « Michael Kuron's Blog
hi mr michael
very thanks
i have a poroblem to load a config
i am using free openvpn servic(www.vpnbook)in pc and work it every tim
but when import vpnbook congif to openvpn(for ios) config cant load and program show error when imoprt config
please help me to change vpnbook config for ios openvpn client
very thanks deat michael
vpnbook config:
client
dev tun0
proto udp
remote 93.115.84.198 53 # – Server1
remote 93.114.44.253 53 # – Server2
resolv-retry infinite
nobind
persist-key
persist-tun
ca vpnbook.crt
auth-user-pass
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
remote-random
route-delay 2
redirect-gateway
auth-user-pass password.txt
crt.
—–BEGIN CERTIFICATE—–
MIID4DCCA0mgAwIBAgIJALV6JKE4wYZdMA0GCSqGSIb3DQEBBQUAMIGnMQswCQYD
VQQGEwJFVTELMAkGA1UECBMCUk8xEjAQBgNVBAcTCUJ1Y2hhcmVzdDEUMBIGA1UE
ChMLVlBOQm9vay5jb20xETAPBgNVBAsTCGNoYW5nZW1lMRcwFQYDVQQDEw5ucy52
cG5ib29rLmNvbTERMA8GA1UEKRMIY2hhbmdlbWUxIjAgBgkqhkiG9w0BCQEWE2Nv
bnRhY3RAdnBuYm9vay5jb20wHhcNMTIwOTE4MTgzNzU0WhcNMjIwOTE2MTgzNzU0
WjCBpzELMAkGA1UEBhMCRVUxCzAJBgNVBAgTAlJPMRIwEAYDVQQHEwlCdWNoYXJl
c3QxFDASBgNVBAoTC1ZQTkJvb2suY29tMREwDwYDVQQLEwhjaGFuZ2VtZTEXMBUG
A1UEAxMObnMudnBuYm9vay5jb20xETAPBgNVBCkTCGNoYW5nZW1lMSIwIAYJKoZI
hvcNAQkBFhNjb250YWN0QHZwbmJvb2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC+iQL1903mrQbBoD1kC5c2HyI7+2TPiqY6K5NxChVB17qZ02m8SyCU
/Ll6CebUi01X1dMFkvhSKIYz81k2NefsSFo+4afvBLjCN5FoOThSAw76vivu6Z37
D2PKxOGX1WQ8J46aVh9bYQjbHFgYC3CdPkRplspBAq+dmFOwfsP7VQIDAQABo4IB
EDCCAQwwHQYDVR0OBBYEFORvlp7o9xWYtdRzcN1cr5ty0dETMIHcBgNVHSMEgdQw
gdGAFORvlp7o9xWYtdRzcN1cr5ty0dEToYGtpIGqMIGnMQswCQYDVQQGEwJFVTEL
MAkGA1UECBMCUk8xEjAQBgNVBAcTCUJ1Y2hhcmVzdDEUMBIGA1UEChMLVlBOQm9v
ay5jb20xETAPBgNVBAsTCGNoYW5nZW1lMRcwFQYDVQQDEw5ucy52cG5ib29rLmNv
bTERMA8GA1UEKRMIY2hhbmdlbWUxIjAgBgkqhkiG9w0BCQEWE2NvbnRhY3RAdnBu
Ym9vay5jb22CCQC1eiShOMGGXTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAJP5k5R1bo5LKtGyBt84mHSZP5PHh5dQFIVegLJB51rvYGVzDoa8CC/CWv2l
vJj7SQnusG4d/j+NMeSfnKQ+2j8GCMXSpV28EX1Da+aRLOVxhpzqsICO4EpoNZuL
PYzDnMd4ztmP4mNfeX0R7dbuecvLmoajPz5fUfgUPSbbzJUv
—–END CERTIFICATE—–
Remove the line “auth-user-pass password.txt”, then it successfully imports. Now you’ll need to manually specify username and password in the app. You’ll also need to select a certificate (though with Vpnbook, it does not appear to matter who it’s signed by, so you can just use openssl to create a self-signed one if your iOS device does not already have some kind of certificate).
hi mr michael
sorry my english is bad
i have other porblem too whith iphone wifi
when i use openvpn udp 53 port in my pc it can baypass captive portal when my blanace is 0!!butt in iphone wifi connection fist go to captive oprtal auto and then dicconect wifi
how can i disabling captive portal login in iOS 6?
thanks
As far as I know, since Apple introduced Captive Portal detection in iOS 3.0 there has been no way to disable it. However, this has nothing to do with what this blog post is about, so you might want to google around by yourself to see if somebody has found a way to disable it.
Hi Michael,
I have no problem to install the cert and to get the connection up. But if I then invoke a internal URL in the browser the connection produces a timeout. On the MacBook the same cert in Tunnelblick runs fine. Any idea?
Klaus
Hello i need you help. My boss uses ipad and he wnts to use our network alltime. We have openvpn server. But when i sends my config to ipad it tolds me that “no certificates are present in the keychain”. What i had to do? SOrry for my english. Heres my config:
dev tun
persist-tun
persist-key
proto udp
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote *.*.*.* 2212
tls-remote “Server_CA”
auth-user-pass
pkcs12 inet-udp-2212.p12
tls-auth inet-udp-2212-tls.key 1
comp-lzo
setenv CLIENT_CERT 0
Is TAP support coming any time soon or is there a kernel drivers in iOS 7 for it?
Any update on TAP support?
Thank you,
Matt
I haven’t seen anything about TAP. Thinking about it, Layer2 VPNs don’t make too much sense on mobile devices anyway because you’d be wasting precious bandwidth and battery life on useless broadcast packets. Still, it would be nice to have.