Integration of individual openVPN profiles in iOS
- New:
New article
Last adaption: 12.2020
Preparation & Selection
There are multiple ways to import a configuration to your phone.
- use a configuration folder with all necessary items.
- use a .mobileconfig file imported into the OS as configuration profile.
Both ways are described below.
Configuration Folder
1. Create a new folder 2. The folder has to contain the following items:
- Certificate Authority ca.crt
- Client Certificate client.crt
- Client Certificate Private Key client.key
- Configuration File config.ovpn
- (optional) Password file pass.txt
3. Compress the folder as .zip
Templates
Following you`ll find templates for all needed files.
Certificate Authority ca.crt
Template for Certificate Authority ca.crt
-----BEGIN CERTIFICATE----- MIIEKTCCAxGgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMCREUx ... HqrtWy/eXrvxBk5cqsjMsiid7KYZqGxQeli9aQBByMXLD+W+5zV/EOZ3q0eXGUUY JFnpVtR5miRxSVYMqq8JlrdYMPcjKhcf3WSru/Shj/AA+dCIFEzp2EtIuK3K6Jtu lEAa+0y24V6nS/L9/g== -----END CERTIFICATE-----
Client Certificate Private Key client.key
Template for Client Certificate Private Key client.key
-----BEGIN CERTIFICATE----- MIIDcTCCAlmgAwIBAgIQYPOoN8oxQJWEuJgFzrQbIDANBgkqhkiG9w0BAQsFADCB rjELMAkGA1UEBhMCREUxFjAUBgNVBAgMDU5pZWRlcnNhY2hzZW4xEjAQBgNVBAcM ... laXtTQtA4IdGFStIM0srNe81F611kvaJLu71J9ar4Qvndo2RzhkXt/4zVgsaDzhP Zq2NuIvXEHzO/tNjJZDVA/dgfOXd -----END CERTIFICATE-----
Client Certificate Private Key client.key
Template for Client Certificate Private Key client.key
-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCjZZtl4wlvv9Th ... CtpYImI8O795Bwn2HABjYufe3iDNrc418P5Sdem/dIOV4YvNTPTaS/kgCY7xMQ8N JNAkJ4lGIfi4AREvV7Y/pg4= -----END PRIVATE KEY-----
Configuration file config.ovpn
Template for configuration file config.ovpn
remote {your.server.com} 443 tcp route {ip to route into tunnel} 255.255.255.255 vpn_gateway dhcp-option DNS 192.168.123.1 dev tun cipher AES-128-CBC auth SHA256 tun-mtu 1500 persist-key
Password file pass.txt (optional)
Template for password file pass.txt (optional)
username password
Configuration Folder
with iCloud
- Opening of Finder on the Mac and copy the created .zip file into the iCloud folder.
- In the Securepoint Mobile Security App: Open the menu Profiles and click on the "Plus" symbol
- Select the .zip file in the iCloud folder
with Apple Configurator 2
- Connecting the machine to a Mac with a cable
- Opening the Apple Configurator 2
- Moving the created .zip file with the mouse to the displayed device in Apple Configurator 2
- Selecting the Securepoint VPN Client folder
- In the Securepoint Mobile Security App: Opening of the menu Profiles and clicking on the "Plus" symbol
- Selection of the .zip file in the Securepoint VPN Client folder
.mobileconfig file
In the following template the placeholders {...} must be replaced with the individually relevant information. This file is then imported into the device.
Template
<dict> <key>PayloadContent</key> <array> <dict> <key>IPv4</key> <dict> <key>OverridePrimary</key> <integer>0</integer> </dict> <key>PayloadDescription</key> <string>Configures VPN settings</string> <key>PayloadDisplayName</key> <string>VPN</string> <key>PayloadIdentifier</key> <string>com.apple.vpn.managed.5313ec66-a3c0-422c-932d-ef4d4ebb3b18</string> <key>PayloadType</key> <string>com.apple.vpn.managed</string> <key>PayloadUUID</key> <string>5313ec66-a3c0-422c-932d-ef4d4ebb3b18</string> <key>PayloadVersion</key> <integer>1</integer> <key>Proxies</key> <dict> <key>HTTPEnable</key> <integer>0</integer> <key>HTTPSEnable</key> <integer>0</integer> </dict> <key>UserDefinedName</key> <string>{Insert any identifier}</string> <key>VPN</key> <dict> <key>AuthenticationMethod</key> <string>Certificate</string> <key>PayloadCertificateUUID</key> <string>5e2de92b-4b5f-4bfd-8074-47bad6c64183</string> <key>DisconnectOnIdle</key> <integer>0</integer> <key>OnDemandEnabled</key> <integer>1</integer> <key>OnDemandRules</key> <array> <dict> <key>Action</key> <string>Connect</string> </dict> </array> <key>RemoteAddress</key> <string>DEFAULT</string> </dict> <key>VPNSubType</key> <string>de.securepoint.ms.agent</string> <key>VPNType</key> <string>VPN</string> <key>VendorConfig</key> <dict id="vendorConfig"> <key>auth-user-pass</key> <string>{username}\n{{c|{password}|r]]</string> <key>ca</key> <string>-----BEGIN CERTIFICATE-----\n{MIIEKTCCAxGgAwIBAgIBAD.... The CA certificate which signed the VPN server Certificate ....0y24V6nS/L9/g==}\n-----END CERTIFICATE-----\n</string> <key>remote.1</key> <string>{VPN server hostname} {VPN server port}</string> <key>proto.1</key> <string>{VPN server protocol (udp or tcp)}</string> <key>redirect-gateway</key> <string>def1</string> <key>dev</key> <string>tun</string> <key>cipher</key> <string>AES-128-CBC</string> <key>auth</key> <string>SHA256</string> <key>tun-mtu</key> <string>1500</string> </dict> </dict> <dict> <key>PayloadCertificateFileName</key> <string>Client Certificate</string> <key>PayloadContent</key> <data>{MIIPsQIBAzCCD... Client Certificate in PKCS12 format ...pLfEEheyrqcCAwGGoA==}</data> <key>PayloadDisplayName</key> <string>Client Certificate</string> <key>PayloadIdentifier</key> <string>Client Certificate</string> <key>PayloadType</key> <string>com.apple.security.pkcs12</string> <key>PayloadUUID</key> <string>5e2de92b-4b5f-4bfd-8074-47bad6c64183</string> <key>PayloadVersion</key> <integer>1</integer> <key>Password</key> <string>{Password to access the PKCS12 container}</string> <key>PayloadDescription</key> <string>Adds a PKCS12-formatted certificate</string> </dict> </array> <key>PayloadDisplayName</key> <string>{Identifier in IOS settings for the certificate}</string> <key>PayloadIdentifier</key> <string>vpn.configuration</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>a4d7f358-f9a3-42e2-8083-5b26cccab6e2</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>
How to import a .mobileconfig file
with iCloud
- Opening of Finder on the Mac and copy the created .mobileconfig file into the iCloud folder.
- Opening of the iCloud folder on the device and importing of the .mobileconfig file.
with Apple Configurator 2
- Connecting the machine to a Mac with a cable
- Moving the created .mobileconfig file with the mouse to the displayed device in Apple Configurator 2
- The configuration is implemented automatically
with an MDM Server
- This process differs depending on the MDM manufacturer. The corresponding documentation has to be checked.