Wechseln zu:Navigation, Suche
Wiki
(Die Seite wurde neu angelegt: „{{DISPLAYTITLE:Einbinden von individuellen openVPN-Profilen in iOS}} == Informationen == h1. Einbinden einer individuellen iOS-OpenVPN Verbindung in die Secure…“)
 
(Informationen)
Zeile 1: Zeile 1:
 
{{DISPLAYTITLE:Einbinden von individuellen openVPN-Profilen in iOS}}
 
{{DISPLAYTITLE:Einbinden von individuellen openVPN-Profilen in iOS}}
 +
{{DISPLAYTITLE:Einbinden einer individuellen iOS-OpenVPN Verbindung in die Securepoint Mobile Security iOS App}}
 
== Informationen ==
 
== Informationen ==
h1. Einbinden einer individuellen iOS-OpenVPN Verbindung in die Securepoint Mobile Security iOS App
+
Es gibt mehrere Wege eine individuelle openVPN-Konfig zu importieren
 +
- einen .tblk Ordner mit allen benötigten Dateien
 +
- eine .mobilconfig-Datei für den Import in das Konfigurationsporfil von iOS
  
There are multiple ways to import a new vpn configuration to your phone.
+
Beide Wege werden im Folgenden beschrieben.
* use a .tblk folder with all necessary items.
 
* use a .mobileconfig file imported into the OS as configuration profile.  
 
  
Both ways are described below.
+
== How to set up a .tblk folder ==
 
 
h2. How to set up a .tblk folder
 
  
 
# Create a folder @example.tblk@
 
# Create a folder @example.tblk@
Zeile 21: Zeile 20:
 
You can name the folder as you like, but it is important to keep these filenames inside the folder.
 
You can name the folder as you like, but it is important to keep these filenames inside the folder.
  
h3. Template for ca.crt
+
== Template for ca.crt ==
  
 
<pre>
 
<pre>
Zeile 33: Zeile 32:
 
</pre>
 
</pre>
  
h3. Template for client.crt
+
=== Template for client.crt ===
  
 
<pre>
 
<pre>
Zeile 45: Zeile 44:
 
</pre>
 
</pre>
  
h3. Template for client.key
+
=== Template for client.key ===
  
 
<pre>
 
<pre>
Zeile 56: Zeile 55:
 
</pre>
 
</pre>
  
h3. Template for config.ovpn
+
=== Template for config.ovpn ===
  
 
<pre>
 
<pre>
Zeile 71: Zeile 70:
 
</pre>
 
</pre>
  
h3. Template for pass.txt
+
== Template for pass.txt ==
  
 
<pre>
 
<pre>
Zeile 79: Zeile 78:
  
  
h2. How to import a .tblk folder
+
== How to import a .tblk folder ==
  
 
# Open Finder on your Mac and copy the .tblk folder to your iCloud folder.
 
# Open Finder on your Mac and copy the .tblk folder to your iCloud folder.
Zeile 90: Zeile 89:
 
# Select the profile and click "start VPN"
 
# Select the profile and click "start VPN"
  
h2. How to setup a .mobileconfig
+
== How to setup a .mobileconfig ==
  
 
Use the following template and replace all occurrences of {...} with the relevant information of your VPN setup.
 
Use the following template and replace all occurrences of {...} with the relevant information of your VPN setup.
Zeile 206: Zeile 205:
 
</pre>
 
</pre>
  
h2. How to import a .mobileconfig
+
== How to import a .mobileconfig ==
  
 
* Deploy it with an MDM server
 
* Deploy it with an MDM server

Version vom 3. Dezember 2018, 12:48 Uhr

Warnung: Der Anzeigetitel „Einbinden einer individuellen iOS-OpenVPN Verbindung in die Securepoint Mobile Security iOS App“ überschreibt den früheren Anzeigetitel „Einbinden von individuellen openVPN-Profilen in iOS“.

Informationen

Es gibt mehrere Wege eine individuelle openVPN-Konfig zu importieren - einen .tblk Ordner mit allen benötigten Dateien - eine .mobilconfig-Datei für den Import in das Konfigurationsporfil von iOS

Beide Wege werden im Folgenden beschrieben.

How to set up a .tblk folder

  1. Create a folder @example.tblk@
  2. The folder has to contain the following items:
    1. ca.crt
    2. client.crt
    3. client.key
    4. config.ovpn
    5. (optional) pass.txt

You can name the folder as you like, but it is important to keep these filenames inside the folder.

Template for ca.crt

-----BEGIN CERTIFICATE-----
MIIEKTCCAxGgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMCREUx
...
HqrtWy/eXrvxBk5cqsjMsiid7KYZqGxQeli9aQBByMXLD+W+5zV/EOZ3q0eXGUUY
JFnpVtR5miRxSVYMqq8JlrdYMPcjKhcf3WSru/Shj/AA+dCIFEzp2EtIuK3K6Jtu
lEAa+0y24V6nS/L9/g==
-----END CERTIFICATE-----

Template for client.crt

-----BEGIN CERTIFICATE-----
MIIDcTCCAlmgAwIBAgIQYPOoN8oxQJWEuJgFzrQbIDANBgkqhkiG9w0BAQsFADCB
rjELMAkGA1UEBhMCREUxFjAUBgNVBAgMDU5pZWRlcnNhY2hzZW4xEjAQBgNVBAcM
...
laXtTQtA4IdGFStIM0srNe81F611kvaJLu71J9ar4Qvndo2RzhkXt/4zVgsaDzhP
Zq2NuIvXEHzO/tNjJZDVA/dgfOXd
-----END CERTIFICATE-----

Template for client.key

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCjZZtl4wlvv9Th
...
CtpYImI8O795Bwn2HABjYufe3iDNrc418P5Sdem/dIOV4YvNTPTaS/kgCY7xMQ8N
JNAkJ4lGIfi4AREvV7Y/pg4=
-----END PRIVATE KEY-----

Template for config.ovpn


remote your.server.com 443 tcp
route {ip to exclude from vpn} 255.255.255.255 net_gateway
dhcp-option DNS 192.168.123.1

dev tun
cipher AES-128-CBC
auth SHA256
tun-mtu 1500
persist-key

Template for pass.txt

username
password


How to import a .tblk folder

  1. Open Finder on your Mac and copy the .tblk folder to your iCloud folder.
    1. The .tblk extension is important, because the device has to recognize the folder as a single file (package)
    2. If you use the iCloud web app, it automatically creates a .zip from the folder. This will not work
    3. If you send yourself the folder per E-Mail, make sure your client does not create a .zip from the folder. (i.e. the GMail web app does this)
  1. Inside Securepoint Mobile Security open the VPN Status Page and click "Add config"
  2. Go back to the menu and select "Profile Management"
  3. Select the profile and click "start VPN"

How to setup a .mobileconfig

Use the following template and replace all occurrences of {...} with the relevant information of your VPN setup.

<dict>
    <key>PayloadContent</key>
    <array>
      <dict>
        <key>IPv4</key>
        <dict>
          <key>OverridePrimary</key>
          <integer>0</integer>
        </dict>
        <key>PayloadDescription</key>
        <string>Configures VPN settings</string>
        <key>PayloadDisplayName</key>
        <string>VPN</string>
        <key>PayloadIdentifier</key>
        <string>com.apple.vpn.managed.5313ec66-a3c0-422c-932d-ef4d4ebb3b18</string>
        <key>PayloadType</key>
        <string>com.apple.vpn.managed</string>
        <key>PayloadUUID</key>
        <string>5313ec66-a3c0-422c-932d-ef4d4ebb3b18</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>Proxies</key>
        <dict>
          <key>HTTPEnable</key>
          <integer>0</integer>
          <key>HTTPSEnable</key>
          <integer>0</integer>
        </dict>
        <key>UserDefinedName</key>
        <string>{Insert any identifier}</string>
        <key>VPN</key>
        <dict>
          <key>AuthenticationMethod</key>
          <string>Certificate</string>
          <key>PayloadCertificateUUID</key>
          <string>5e2de92b-4b5f-4bfd-8074-47bad6c64183</string>
          <key>DisconnectOnIdle</key>
          <integer>0</integer>
          <key>OnDemandEnabled</key>
          <integer>1</integer>
          <key>OnDemandRules</key>
          <array>
            <dict>
              <key>Action</key>
              <string>Connect</string>
            </dict>
          </array>
          <key>RemoteAddress</key>
          <string>DEFAULT</string>
        </dict>
        <key>VPNSubType</key>
        <string>de.securepoint.ms.agent</string>
        <key>VPNType</key>
        <string>VPN</string>
        <key>VendorConfig</key>
        <dict id="vendorConfig">
          <key>auth-user-pass</key>
          <string>{username}\n{password}</string>
          <key>ca</key>
          <string>-----BEGIN CERTIFICATE-----\nMIIEKTCCAxGgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBrjELMAkGA1....{ The CA certificate which signed the VPN server Certificate }....hj/AA+dCIFEzp2EtIuK3K6Jtu\nlEAa+0y24V6nS/L9/g==\n-----END CERTIFICATE-----\n</string>
          <key>remote.1</key>
          <string>{VPN server hostname} {VPN server port}</string> 
          <key>proto.1</key>
          <string>{VPN server protocol (udp or tcp)}</string>
          <key>redirect-gateway</key>
          <string>def1</string>
          <key>dev</key>
          <string>tun</string>
          <key>cipher</key>
          <string>AES-128-CBC</string>
          <key>auth</key>
          <string>SHA256</string>
          <key>tun-mtu</key>
          <string>1500</string>
        </dict>
      </dict>
      <dict>
        <key>PayloadCertificateFileName</key>
        <string>Client Certificate</string>
        <key>PayloadContent</key>
        <data>MIIPsQIBAzCCD2oGCSqGSIb3DQEHAaCCD1sE{ Client Certificate in PKCS12 format }BgUrDgMCGgUABBSHgcVUxAYiLs91uoElN78YtI0rIwQU3/s72Orxrvp86coUpLfEEheyrqcCAwGGoA==</data>
        <key>PayloadDisplayName</key>
        <string>Client Certificate</string>
        <key>PayloadIdentifier</key>
        <string>Client Certificate</string>
        <key>PayloadType</key>
        <string>com.apple.security.pkcs12</string>
        <key>PayloadUUID</key>
        <string>5e2de92b-4b5f-4bfd-8074-47bad6c64183</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>Password</key>
        <string>{Password to access the PKCS12 container}</string>
        <key>PayloadDescription</key>
        <string>Adds a PKCS12-formatted certificate</string>
      </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>{Identifier in IOS settings for the certificate}</string>
    <key>PayloadIdentifier</key>
    <string>vpn.configuration</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>a4d7f358-f9a3-42e2-8083-5b26cccab6e2</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
  </dict>
</plist>

How to import a .mobileconfig

  • Deploy it with an MDM server
  • You can add one to your device using the Apple Configurator2
  • Download it using iCloud
    • If you downloaded it via iCloud, you have to select it in your files browser and import it into the system