VPN and iPhone
-
- Starting out
- Posts: 31
- Joined: Sat Mar 05, 2011 4:37 pm
- Location: Haarlem, The Netherlands
Re: VPN and iPhone
After importing the .ovpn and the ca.crt files from the Qnap-openvpn-server into the openvpn-app, I am asked to select a certificate. But when trying to select one, it says "No certificates are present in the Keychain".
Do I need to add other certificates somewhere on my iPhone?
Edit:
Never mind, I managed to install openvpn on my wrt54gl router and to generate the necessary ca, cert, key and ovpn files.
Once imported on the iPhone by means of the OpenVPN connect app everything works like a charm.
Do I need to add other certificates somewhere on my iPhone?
Edit:
Never mind, I managed to install openvpn on my wrt54gl router and to generate the necessary ca, cert, key and ovpn files.
Once imported on the iPhone by means of the OpenVPN connect app everything works like a charm.
Last edited by visuel on Sun Jan 20, 2013 11:43 pm, edited 1 time in total.
Unix if We-nix
- grobylev
- Easy as a breeze
- Posts: 262
- Joined: Fri Jul 22, 2011 2:19 am
- Location: Budapest, Hungary
Re: VPN and iPhone
Indeed. I suggest to post your question in the OpenVPN forum:
https://forums.openvpn.net/topic11954.html
https://forums.openvpn.net/topic11905.html
https://forums.openvpn.net/topic11954.html
https://forums.openvpn.net/topic11905.html
QNAP TS-459Pro II 4x2TB in RAID5 3GB RAM | Trunking: IEEE 802.3ad on Cisco SG200-08 | protected by APC SMT1500I with AP9631
QPKGs: Optware, JRE, Python, CrashPlan, Squid, Transmission | Router: Linksys E3000 | FW: DD-WRT v24-sp2 mega
QPKGs: Optware, JRE, Python, CrashPlan, Squid, Transmission | Router: Linksys E3000 | FW: DD-WRT v24-sp2 mega
-
- Getting the hang of things
- Posts: 96
- Joined: Fri Nov 18, 2011 7:29 am
Re: VPN and iPhone
Thanks grobylev for letting us know about OpenVPN for iOS.
I still cannot use OpenVPN to connect from my iPhone to my QNAP because of the certificate issue mentioned above. Hopefully there will be a solution for this problem soon.
I still feel that a secure VPN solution that is natively supported by both iPhone and QNAP, without the need for a third party application, will be a better solution.
I still cannot use OpenVPN to connect from my iPhone to my QNAP because of the certificate issue mentioned above. Hopefully there will be a solution for this problem soon.
I still feel that a secure VPN solution that is natively supported by both iPhone and QNAP, without the need for a third party application, will be a better solution.
- schumaku
- Guru
- Posts: 43579
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: VPN and iPhone
Key requirement here would be a more sophisticated certificate management system on the NAS, allowing to deal with private and public certificate authorities (CA), managing intermediate certificates. Importing these certificate chains should be a no-brainer - regardless of the OS ... iOS, Android, Windows [whatever], integrate in the NAS-created OpenVPN config packages, or finally for the L2TP/IPSec many are keen for, with user authentication by user certificates, MS-CHAPV2 Password, machine authentication by machine certificates, and shared secret.
Lack of chicken, no eggs available I'm afraid. Or was it the other way round?
Lack of chicken, no eggs available I'm afraid. Or was it the other way round?
-
- Starting out
- Posts: 16
- Joined: Thu Jan 20, 2011 1:44 am
Re: VPN and iPhone
Same problem with TS-119P+.
I assume this is a QNAP problem, not OpenVPN?
And if so, will it be fixed in the next release?
Thx, Marco
I assume this is a QNAP problem, not OpenVPN?
And if so, will it be fixed in the next release?
Thx, Marco
visuel wrote:After importing the .ovpn and the ca.crt files from the Qnap-openvpn-server into the openvpn-app, I am asked to select a certificate. But when trying to select one, it says "No certificates are present in the Keychain".
Do I need to add other certificates somewhere on my iPhone?
- schumaku
- Guru
- Posts: 43579
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: VPN and iPhone
Well - because the NAS factory certificate it's a self-signed, standalone certificate - no key chain, ... by default. And iOS and/or the OpenVPN does not allow to import such certificates - or something is wrong with the format, or whatever.
- grobylev
- Easy as a breeze
- Posts: 262
- Joined: Fri Jul 22, 2011 2:19 am
- Location: Budapest, Hungary
Re: VPN and iPhone
With the upcoming IOS client update (v1.0.1) you'll have the option to add
to your .ovpn file which should solve the issue with the client cerificate.
However I hope that in the next QNAP fw (v4) there will be an updated openssl and cerificate management system, as just Schumaku mentioned.
Code: Select all
setenv CLIENT_CERT 0
However I hope that in the next QNAP fw (v4) there will be an updated openssl and cerificate management system, as just Schumaku mentioned.
QNAP TS-459Pro II 4x2TB in RAID5 3GB RAM | Trunking: IEEE 802.3ad on Cisco SG200-08 | protected by APC SMT1500I with AP9631
QPKGs: Optware, JRE, Python, CrashPlan, Squid, Transmission | Router: Linksys E3000 | FW: DD-WRT v24-sp2 mega
QPKGs: Optware, JRE, Python, CrashPlan, Squid, Transmission | Router: Linksys E3000 | FW: DD-WRT v24-sp2 mega
-
- Starting out
- Posts: 24
- Joined: Thu Jul 17, 2008 11:44 pm
Re: VPN and iPhone
I have this openvpn.ovpngrobylev wrote:With the upcoming IOS client update (v1.0.1) you'll have the option to addto your .ovpn file which should solve the issue with the client cerificate.Code: Select all
setenv CLIENT_CERT 0
However I hope that in the next QNAP fw (v4) there will be an updated openssl and cerificate management system, as just Schumaku mentioned.
client
dev tun
script-security 3
proto udp
remote <myipaddress> 3 1194
resolv-retry infinite
nobind
ca ca.crt
auth-user-pass
reneg-sec 0
cipher AES-128-CBC
comp-lzo
where must I add the line you suggest exactly for use openvpn app correctly with Apple Iphone?
Is only one row = setenv CLIENT_CERT 0 ?
bye Max
my qnap= 219p
--------------------------------------------------------------
QNAP TVS-463
2x Hard Disk HD 3,5" 3TB WD RED
1x IP Cam D-Link DCS-942L
1x IP Cam D-Link DCS-5222
Tv Samsung 32Le650
QNAP TS-219P
2x Hard Disk HD 3,5" 3TB WD RED
QNAP TVS-463
2x Hard Disk HD 3,5" 3TB WD RED
1x IP Cam D-Link DCS-942L
1x IP Cam D-Link DCS-5222
Tv Samsung 32Le650
QNAP TS-219P
2x Hard Disk HD 3,5" 3TB WD RED
-
- Getting the hang of things
- Posts: 96
- Joined: Fri Nov 18, 2011 7:29 am
Re: VPN and iPhone
I think it can be added at any place. But this line will only be supported in V1.0.1 which hasn't been released yet.maximuss wrote: where must I add the line you suggest exactly for use openvpn app correctly with Apple Iphone?
Is only one row = setenv CLIENT_CERT 0 ?
-
- Starting out
- Posts: 11
- Joined: Thu Dec 16, 2010 11:56 pm
Re: VPN and iPhone
Trial and error and some help from openvpn forums and I have it working.
First thing someone suggested doing was incorporating dummy keys into the .ovpn file, then there's a couple of other options that need to be in there for it work. Don't ask me why, not on my pay grade, but it works for me at any rate. I dragged the ca.crt & .ovpn files through iTunes onto my phone and added it via the OpenVPN app.
Here's my .ovpn file more or less:
First thing someone suggested doing was incorporating dummy keys into the .ovpn file, then there's a couple of other options that need to be in there for it work. Don't ask me why, not on my pay grade, but it works for me at any rate. I dragged the ca.crt & .ovpn files through iTunes onto my phone and added it via the OpenVPN app.
Here's my .ovpn file more or less:
Code: Select all
client
dev tun
script-security 3
proto udp
remote hostname portno # obviously change this to your own
resolv-retry infinite
nobind
ca ca.crt
auth-user-pass
cipher AES-128-CBC
comp-lzo
## Added bits to make it work - be aware of another instance of reneg-sec above this line
pkcs12 client_iphone.p12
reneg-sec 3600
pull # may not be required
<cert>
-----BEGIN CERTIFICATE-----
MIIB1jCCAT+gAwIBAgIEAmLSTjANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpP
cGVuVlBOIENBMB4XDTEzMDExNzAyMTExMloXDTIzMDEyMjAyMTExMlowKDEmMCQG
A1UEAxQdZnJyaWN0aW9uQGdtYWlsLmNvbV9BVVRPTE9HSU4wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBALVEXIZYYu1Inmejuo4Si6Eo5AguTX5sg1pGbLkJSTR4
BXQsy6ocUnZ9py8htYkipkUUhjY7zDu+wJlUtWnVCwCYtewYfEc/+azH7+7eU6ue
T2K2IKdik1KWhdtNbaNphVvSlgdyKiuZDTCedptgWyiL50N7FMcUUMjjXYh/hftB
AgMBAAGjIDAeMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgeAMA0GCSqGSIb3
DQEBBQUAA4GBABhVzSYXHlQEPNaKGmx9hMwwnNKcHgD9cCmC9lX/KR2Y+vT/QGxK
7sYlJInb/xmpa5TUQYc1nzDs9JBps1mCtZbYNNDpYnKINAKSDsM+KOQaSYQ2FhHk
bmBZk/K96P7VntzYI5S02+hOWnvjq5Wk4gOt1+L18+R/XujuxGbwnHW2
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALVEXIZYYu1Inmej
uo4Si6Eo5AguTX5sg1pGbLkJSTR4BXQsy6ocUnZ9py8htYkipkUUhjY7zDu+wJlU
tWnVCwCYtewYfEc/+azH7+7eU6ueT2K2IKdik1KWhdtNbaNphVvSlgdyKiuZDTCe
dptgWyiL50N7FMcUUMjjXYh/hftBAgMBAAECgYEAsNjgOEYVRhEaUlzfzmpzhakC
SKT8AALYaAPbYO+ZVzJdh8mIbg+xuF7A9G+7z+5ZL35lrpXKnONuvmlxkK5ESwvV
Q7EOQYCZCqa8xf3li3GUBLwcwXKtOUr3AYXhdbOh2viQdisD4Ky7H6/Nd3yMc3bu
R4pErmWeHei+l6dIwAECQQDqljNxi9babmHiei6lHaznCMg5+jfAyDXgHvO/afFr
1bDQVDTDK+64kax4E9pvDZC6B/HGse9hOUGWXTjb0WZBAkEAxdAw/14iJIUcE5sz
HDy2R0RmbUQYFjrNgBCi5tnmr1Ay1zHAs1VEF+Rg5IOtCBO50I9jm4WCSwCtN6zF
FoFVAQJAUGfBJDcZIm9ZL6ZPXJrqS5oP/wdLmtFE3hfd1gr7C8oHu7BREWB6h1qu
8c1kPlI4+/qDHWaZtQpJ977mIToJwQJAMcgUHKAm/YPWLgT31tpckRDgqgzh9u4z
e1A0ft5FlMcdFFT8BuWlblHWJIwSxp6YO6lqSuBNiuyPqxw6uVAxAQJAWGxOgn2I
fGkWLLw4WMpkFHmwDVTQVwhTpmMP8rWGYEdYX+k9HeOJyVMrJKg2ZPXOPtybrw8T
PUZE7FgzVNxypQ==
-----END PRIVATE KEY-----
</key>
-
- Starting out
- Posts: 38
- Joined: Mon Jan 10, 2011 5:12 am
Re: VPN and iPhone
I got my QNAP openVPN server to work with my iPhone (openVPN client). More info in... https://forums.openvpn.net/topic11991.html
Obviously, it required forwarding ports on my router.
Obviously, it required forwarding ports on my router.
-
- New here
- Posts: 6
- Joined: Sat Jul 21, 2012 5:49 am
Re: VPN and iPhone
I just got my Android phone working with the setenv CLIENT_CERT 0 trick. Thanks grobytlev!
Here's the process I came up with(works on my 7" Kindle HD and Galaxy S3 so far):
To quickly connect your Android phone to a OpenVpn enabled QNAP.
1) Follow the instructions at http://www.qnap.com/index.php?lang=en&sn=4353
2) You have to modify the downloaded file to work. Start by extracting the zip
3) Copy the entire contents of the ca.crt and replace the ca ca.crt line in openvpn.ovpn with:
<ca>
ca.crt file contents
</ca>
4) To the end of the file, add a line with (there isn't a user cert for this VPN, just the username/password):
setenv CLIENT_CERT 0
5) Check that the destination host is correct. You should probably setup dynamic DNS at this point if your network doesn't have a static WAN IP. I am using no-ip as it is support by qnap and is free.
remote myhomenetwork.no-ip.biz 1194
6) Save and load the openvpn.opvn config file on the phone someplace you can find it.
7) Install OpenVPN Connect by OpenVPN, available at https://play.google.com/store/apps/deta ... nvpn&hl=en
Open the App up, select Menu->Import-> Import Profile from SD card
9) Select the openvpn.opvn file you placed on the phone in step 5
10) It should import successfully. Try to connect, accepting the trust dialog.
11) That's it, you should be connected now. If not, make sure you didn't make a typo in your config file.
Here's the process I came up with(works on my 7" Kindle HD and Galaxy S3 so far):
To quickly connect your Android phone to a OpenVpn enabled QNAP.
1) Follow the instructions at http://www.qnap.com/index.php?lang=en&sn=4353
2) You have to modify the downloaded file to work. Start by extracting the zip
3) Copy the entire contents of the ca.crt and replace the ca ca.crt line in openvpn.ovpn with:
<ca>
ca.crt file contents
</ca>
4) To the end of the file, add a line with (there isn't a user cert for this VPN, just the username/password):
setenv CLIENT_CERT 0
5) Check that the destination host is correct. You should probably setup dynamic DNS at this point if your network doesn't have a static WAN IP. I am using no-ip as it is support by qnap and is free.
remote myhomenetwork.no-ip.biz 1194
6) Save and load the openvpn.opvn config file on the phone someplace you can find it.
7) Install OpenVPN Connect by OpenVPN, available at https://play.google.com/store/apps/deta ... nvpn&hl=en
Open the App up, select Menu->Import-> Import Profile from SD card
9) Select the openvpn.opvn file you placed on the phone in step 5
10) It should import successfully. Try to connect, accepting the trust dialog.
11) That's it, you should be connected now. If not, make sure you didn't make a typo in your config file.
-
- Starting out
- Posts: 10
- Joined: Sun May 17, 2015 9:34 pm
Re: VPN and iPhone
This wasn't working for me until I found this post, with this helpful step (worked for me on Android):
goto Settings/OpenVPN and enable Force AES-CBC Ciphersuite setting, otherwise you will just sit and spin when OpenVPN client tries to connect.
-
- New here
- Posts: 4
- Joined: Sat Feb 11, 2017 5:45 am
Re: VPN and iPhone
I had been trying for hours. Did everything but didn;t work. Force AES did the trick. THANK YOU!lbwarped wrote:This wasn't working for me until I found this post, with this helpful step (worked for me on Android):goto Settings/OpenVPN and enable Force AES-CBC Ciphersuite setting, otherwise you will just sit and spin when OpenVPN client tries to connect.
-
- New here
- Posts: 4
- Joined: Sat Nov 19, 2016 10:22 am
Re: VPN and iPhone
Sure would be nice if the Helpdesk post that quoted this process included this step - it includes everything else and then leaves iPhone users hanging on the AES issue. Anyone know how to get a comment or mod added to that page (https://helpdesk.qnap.com/index.php?/De ... ile-device)? I have an account, but saw no way to comment.jaindj wrote:I had been trying for hours. Did everything but didn;t work. Force AES did the trick. THANK YOU!lbwarped wrote:This wasn't working for me until I found this post, with this helpful step (worked for me on Android):goto Settings/OpenVPN and enable Force AES-CBC Ciphersuite setting, otherwise you will just sit and spin when OpenVPN client tries to connect.