OpenVPN for iOS - Finally Available!
-
Yeah there's not a ton of room there to write it all out. I had to make room to put in what is there. I'm hoping someone is smart enough that if they installed OpenVPN Connect they'll at least consider the option of clicking the name of the client they did install.
Or they'll be smarter and not install OpenVPN Connect on Android :p
-
Well I tried OpenVPN for Android.. as you recommended.. now I get this error while importing the android config
Error reading config file
Option tls-remote has 2 parameters, expected between 1 and 1Moving back to my iOS config on the Android. That works on this new client as well.
-
check the box to quote the server cn before exporting.
And in the future, don't put spaces in your certificate common names. :-)
-
Finally.. that worked. Thanks!
Why is the iOS config not affected by the space?
-
It doesn't support tls-remote so that line is left out entirely for the OpenVPN Connect config.
The OpenVPN connect config will also work in the OpenVPN for Android client but it is missing a few lines that can be beneficial for security reasons (like tls-remote)
-
My fix to continual:
Jan 21 13:38:51 openvpn[26787]: xyz123/xxx.xxx.xxx.xxx:xxxxx TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:xxxxx
Jan 21 13:38:51 openvpn[26787]: xyz123/xxx.xxx.xxx.xxx:xxxxx Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #120 / time = (1358793515) Mon Jan 21 13:38:35 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warningsWas to not use: reneg-sec 0 in the client config. Most clients think this means to use what the server uses. Apparently iOS and Android think this means just keep renegotiating forever. reneg-sec 21600 works fine. It would be nice if renegotiation didn't require re-entry of a (new) OTP…
-
I can't believe how easy this was. Worked the first time, except for a restrictive firewall rule. This is great work! 8)
-
Wow works great!
Am I missing something or can you only have one profile in the phone/app at a time?
Every time I import another cofig for a different router it blows out the one that's installed. -
Do your firewalls have unique hostnames? I thought I had multiple profiles in the other day when testing, but I think all of mine had different hostnames and thus different exported filenames and such.
-
Yes different host names, confirmed on the iPad as well, only one profile at a time ???
-
I currently have 4 profiles to the same box. One is tcp on 443, and other is udp on standard 1194 port. Then 2 more with those same settings other routing all traffic through the vpn.
You could have as many configs as you would I would think all pointing to the same server if you just just call the ovpn file something different for import.
-
There's an update for the iPhone Configuration Utility, OpenVPN can now be preconfigured, too.
-
Hello,
the default config works well since my first try. Nice Work!
Just one Question: Is is possible to require a password before the VPN-Connection is established?Jan
-
If you use user auth on the server side, and you don't save the password on the client side, yes.
If you are only doing certificate auth, probably not.
