4. OpenVPN Export for iOS should use .ovpn12 for certs and private key

OpenVPN Export for iOS should use .ovpn12 for certs and private key

  • W

    Have a look here:
    https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-ios-keychain/

    The way things are currently set up, the private key and cert are saved in the iOS Networking/preferences.plist, and they will show up in plaintext if you ever send a sysdiagnose to Apple.

    You may verify this for yourself by triggering a sysdiagnose on an iOS device which has imported a pfSense profile exported with the exporter "for iOS" into OpenVPN Connect. Grab the sysdiagnose file from the iOS device and unpack. Examine the ProfileContent nodes in

    logs/Networking/com.apple.networkextension.plist
logs/Networking/preferences.plist

    You will find the complete, plaintext content of the .ovpn file.
    If it was in your .ovpn file, it's there.

    By following the recommendations in the OpenVPN link above, only the ca is in the .ovpn file, while the cert and key stay secret in the keystore.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy