pages tagged osxFeeding the Cloudhttps://feeding.cloud.geek.nz/tags/osx/Feeding the Cloudikiwiki2021-10-09T22:48:39ZUsing OpenVPN on iOS and OSXhttps://feeding.cloud.geek.nz/posts/using-openvpn-on-ios-and-osx/
<a href="https://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International License</a>
2021-10-09T22:48:39Z2016-05-27T05:50:00Z
<p>I have written instructions on how to connect to <a href="https://feeding.cloud.geek.nz/posts/creating-a-linode-based-vpn-setup-using_openvpn_on_debian_or_ubuntu/">your own OpenVPN
server</a>
using Network Manager as well as
<a href="https://feeding.cloud.geek.nz/posts/using-openvpn-on-android-lollipop/">Android</a>.</p>
<p>Here is how to do it on iOS and OSX assuming you have followed my
instructions for the server setup.</p>
<h1 id="Generate_new_keys">Generate new keys</h1>
<p>From the easy-rsa directory you created while generating the server keys, create a new keypair for your phone:</p>
<pre><code>./build-key iphone # "iphone" as Name, no password
</code></pre>
<p>and for your laptop:</p>
<pre><code>./build-key osx # "osx" as Name, no password
</code></pre>
<h1 id="Using_OpenVPN_Connect_on_iOS">Using OpenVPN Connect on iOS</h1>
<p>The app you need to install from the App Store is <a href="https://itunes.apple.com/us/app/openvpn-connect/id590379981">OpenVPN
Connect</a>.</p>
<p>Once it's installed, connect your phone to your computer and <a href="https://support.apple.com/kb/PH12318">transfer the
following files using iTunes</a>:</p>
<ul>
<li><code>ca.crt</code></li>
<li><code>iphone.crt</code></li>
<li><code>iphone.key</code></li>
<li><code>iphone.ovpn</code></li>
<li><code>ta.key</code></li>
</ul>
<p>You should then be able to select it after launching the app. See the
<a href="https://docs.openvpn.net/docs/openvpn-connect/openvpn-connect-ios-faq.html">official FAQ</a>
if you run into any problems.</p>
<p><code>iphone.ovpn</code> is a configuration file that you need to supply since the
OpenVPN Connect app doesn't have a configuration interface. You can use <a href="https://gist.github.com/trovao/18e428b5a758df24455b">this
script</a> to generate it
or write it from scratch <a href="https://openvpn.net/index.php/open-source/documentation/howto.html#client">using this
template</a>.</p>
<p>On Linux, you can also create a configuration file using <a href="https://blogs.gnome.org/lkundrak/2016/04/20/networkmanager-1-2-is-here/">Network Manager 1.2</a>,
use the following command:</p>
<pre><code>nmcli connection export hafnarfjordur > iphone.ovpn
</code></pre>
<p>though that didn't quite work in my experience.</p>
<p>Here is the config I successfully used to connect to my server:</p>
<pre><code>client
remote hafnarfjordur.fmarier.org 1194
ca ca.crt
cert iphone.crt
key iphone.key
cipher AES-256-GCM
auth SHA512
proto udp
tls-remote server
remote-cert-tls server
ns-cert-type server
tls-auth ta.key 1
</code></pre>
<h1 id="Using_Viscosity_on_macOS">Using Viscosity on macOS</h1>
<p>One of the possible OpenVPN clients you can use on macOS is
<a href="https://www.sparklabs.com/viscosity/">Viscosity</a>.</p>
<p>Here are the settings you'll need to change when setting up a new VPN
connection:</p>
<ul>
<li><strong>General</strong>
<ul>
<li>Remote server: <code>hafnarfjordur.fmarier.org</code></li>
</ul>
</li>
<li><strong>Authentication</strong>
<ul>
<li>Type: SSL/TLS client</li>
<li>CA: <code>ca.crt</code></li>
<li>Cert: <code>osx.crt</code></li>
<li>Key: <code>osx.key</code></li>
<li>Tls-Auth: <code>ta.key</code></li>
<li>direction: 1</li>
</ul>
</li>
<li><strong>Options</strong>
<ul>
<li>peer certificate: Require certificate was signed for server use</li>
<li>Compression: Off</li>
</ul>
</li>
<li><strong>Networking</strong>
<ul>
<li>send all traffic on VPN</li>
</ul>
</li>
<li><strong>Advanced</strong>
<ul>
<li><p>add the following extra OpenVPN configuration commands:</p>
<pre><code>cipher AES-256-GCM
auth SHA512
</code></pre></li>
</ul>
</li>
</ul>