Pfsense/openVPN configs for OpenVPN Connect (iphone)

wylekyote · Jul 30, 2016, 12:11 AM

Greetings,
Can someone tell me their working crypto/cert configurations for use with an iPhone as an endpoint client into the PFSense server.

DH Parameter length (bits) 2048
Encryption Algorithm AES-128-CBC
Auth digest algorithm SHA-1 (160 Bit)

I'd actually prefer stronger crypto, but for now thats what I set .. When I download the .ovpn file it confirms the settings

persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
remote {my remote} 1194 udp
lport 0
verify-x509-name "{my name}" name
auth-user-pass
ns-cert-type server
comp-lzo adaptive

But when I start the client on the iPhone .. It errors out with "EVENT: CORE_ERROR crypto_alg DSA-SHA1 not found" I've tried multiple crypto configs for the server but they always bail out with this same error .

Thanks in advance for any advice/pointers etc

AndrewZ · Jul 30, 2016, 7:11 PM

Server side:
DH Parameter length (bits) 2048
Encryption Algorithm AES-256-CBC
Auth digest algorithm SHA-256

My working client config (iPad):


persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
remote host.domain.tld 1194 udp
lport 0
verify-x509-name "host.domain.tld" name
auth-user-pass
ns-cert-type server
comp-lzo adaptive

 <ca>...</ca> 

 <cert>...</cert> 

 <key>...</key> 

 <tls-auth>...</tls-auth> 
 key-direction 1

wylekyote · Aug 1, 2016, 3:45 AM

Thanks! I got it working..