Pfsense/openVPN configs for OpenVPN Connect (iphone)



  • Greetings,
    Can someone tell me their working crypto/cert configurations for use with an iPhone as an endpoint client into the PFSense server.

    DH Parameter length (bits) 2048
    Encryption Algorithm  AES-128-CBC
    Auth digest algorithm SHA-1 (160 Bit)

    I'd actually prefer stronger crypto, but for now thats what I set ..  When I download the .ovpn file it confirms the settings

    persist-tun
    persist-key
    cipher AES-128-CBC
    auth SHA1
    tls-client
    client
    remote {my remote}  1194 udp
    lport 0
    verify-x509-name "{my name}" name
    auth-user-pass
    ns-cert-type server
    comp-lzo adaptive

    But when I start the client on the iPhone .. It errors out with "EVENT: CORE_ERROR crypto_alg DSA-SHA1 not found" I've tried multiple crypto configs for the server but they always bail out with this same error .

    Thanks in advance for any advice/pointers etc



  • Server side:
    DH Parameter length (bits) 2048
    Encryption Algorithm  AES-256-CBC
    Auth digest algorithm SHA-256

    My working client config (iPad):

    
    persist-tun
    persist-key
    cipher AES-256-CBC
    auth SHA256
    tls-client
    client
    remote host.domain.tld 1194 udp
    lport 0
    verify-x509-name "host.domain.tld" name
    auth-user-pass
    ns-cert-type server
    comp-lzo adaptive
    
     <ca>...</ca> 
    
     <cert>...</cert> 
    
     <key>...</key> 
    
     <tls-auth>...</tls-auth> 
     key-direction 1
    
    


  • Thanks!  I got it working..


Log in to reply