This tutorial explains the OpenVPN iPhone client configuration steps for remote connectivity to a Ubiquiti EdgeRouter OpenVPN server. Create the OpenVPN configuration profile (.ovpn), sync with iTunes and import the profile into OpenVPN Connect.
Project series index:
- Ubiquiti EdgeRouter Lite SOHO Network Design
- Ubiquiti EdgeRouter Lite SOHO Network Configuration
- EdgeRouter Lite SOHO Network Firewall Rules
- Ubiquiti EdgeRouter OpenVPN Server-Client Configuration Tutorial
- EdgeRouter OpenVPN: Create Public Key Infrastructure with Easy-RSA
- EdgeRouter OpenVPN Server – Client Mode Configuration Steps
- OpenVPN iPhone Client Configuration Steps (you are here)
- OpenVPN Windows 10 Client Configuration Steps
OpenVPN iPhone Client Configuration Steps
The iPhone client configuration steps are summarized in the following excerpt from the OpenVPN configuration process diagram:
5. Configure OpenVPN Clients
The Public Key Infrastructure (PKI) was created using the easy-rsa 2 batch scripts included with OpenVPN on the Admin Desktop PC:
The various certificates and keys for the Certificate Authority (CA), EdgeRouter server, iPhone and Laptop clients are in the
C:\OpenVPN-Server-Client-Build\easy-rsa\keys> folder on the Admin PC:
The OpenVPN configuration file (.ovpn) needs to be created, then merge the certs & keys and installed on the iPhone.
6 iPhone OpenVPN Client Configuration
Organize the files for each OpenVPN client by creating a folder for it’s set of certs and keys.
Create a new iPhone subfolder (
C:\OpenVPN-Server-Client-Build\easy-rsa\keys\iPhone>) and copy the files:
If you need to configure several smart phone clients, create a unique folder name for each such as “Bob_iPhone” and “Alex_iPhone” instead of a generic “iPhone”.
Note: The above links to the actual certificates and private keys used in this tutorial are provided to compare with the Bob_iPhone.opvn configuration file that will be created shortly. There’s no risk to by disclosing this information because I tore down and created a new PKI after verifying everything worked. (It has no value to a hacker.) A .txt file extension is added such that the files are not interpreted in a special way by the web browser and other applications on your computer.
Also the BobER3.dyndns.org host name is no longer valid. And if it is, someone else reserved it.
An OpenVPN client Profile which has an .ovpn file extension. It’s a text file that specifies the client configuration parameters. The configuration file used in the tutorial is Bob_iPhone.ovpn. It’s saved to the
C:\OpenVPN-Server-Client-Build\easy-rsa\keys\iPhone\ folder. The folder now contains:
6.a Create OpenVPN Profile: iPhone.ovpn
The easiest way to create an .ovpn configuration profile is modify mine: iPhone_OpenVPN_Configuration_Template.ovpn. Many thanks to GainfulShrimp on the Ubiquiti EdgeMax forum for posting his client configuration that I copied for my setup.
Because the iPhone doesn’t have folders and directories like a personal computer, it’s best to use the “Unified Format” with the certs and keys embedded in the .ovpn configuration file.
Edit your .opvn profile with a text editor.
The .ovpn file sections you’ll need to customize for your network are:
# Connect to the server at port 443 at yourdomainname.com (replace with your
# actual domain name, if you’ve setup dynamic (or static) DNS, or put your
# static external IP address if not)
remote BobER3.dyndns.org 443
# Use medium level verbosity for the logs. For debug purposes, increase this to
# a value between 6 – 11, where higher numbers give far more detail about what
# is happening. 3 is standard.
Certificates & Keys:
# These files must be installed on the OpenVPN iPhone client.
# ca cacert.pem
# cert iPhone.pem
# key iPhone.key
# tls-auth ta.key 1
contents of ca.crt
only the –BEGIN CERTIFICATE– to –END CERTIFICATE–
section of Bob_iPhone.crt
contents of Bob_iPhone.key
# The following line defines the direction of TLS authentication, when using
# inline format for the key:
contents of ta.crt
Note the key-direction must be 1 for all clients and 0 (zero) on the EdgeRouter server.
I’m using UltraEdit to copy & paste the CA certificate into the iPhone.ovpn here but any text editor is fine:
6.b Install OpenVPN Client App (iTunes Store)
6.c Sync OpenVPN Profile with iPhone using iTunes: iPhone.ovpn
Connect the iPhone to your computer, open iTunes and click the device icon to select your iPhone.
- Click on Apps in the left panel in iTunes.
- Scroll down in the main panel until you see the File Sharing section.
Click on OpenVPN.
- Drag and drop the iPhone.ovpn file from your computer to the OpenVPN Documents panel.
The steps are illustrated in this iTunes screen grab:
The .ovpn file is copied to your iPhone:
Click the Done button at the bottom of the iTunes screen and disconnect your iPhone from iTunes.
Aside: The UltraEdit (UE) icon is shown because I’ve made it the default app for .ovpn files on my PC.
6.d Import Profile into OpenVPN Connect
Open the OpenVPN Connect app on the iPhone. A notice “New Profiles are Available…” is displayed with your OpenVPN profile.
Click the green circle with the plus sign to import the profile:
Disable iPhone WiFi if it’s connected to WiFi on the EdgeRouter network. This will force the iPhone to use your wireless carrier’s LTE network to verify OpenVPN works over a remote Internet connection.
Enter the Private Key Password (a.k.a. PEM pass phrase) if you configured one, an optionally tap the Save button to save the password. OpenVPN Connect stores PEM phass phrase in the iOS Keychain which is protected by iPhone device password. The iPhone password in this tutorial “opensaysme2”:
Tap the button below Disconnected to connect to the EdgeRouter OpenVPN server. The OpenVPN Connect app displays the connection statistics:
Tap anywhere on the “Connected” row to view the session logs which are very useful for debugging.
At this point I can access the EdgeRouter GUI, my security cameras (IP Cam Viewer Pro works great) and home automation controller from the iPhone.
This tutorial is concluded in OpenVPN Windows 10 Client Configuration Steps.
Copyright © 2017 HandymanHowTo.com Reproduction strictly prohibited.