www.krikkit.net

...don´t Panic!

  • Increase font size
  • Default font size
  • Decrease font size

Using OpenVPN Client on a jailbroken iPhone 3GS

Wednesday, 17 February 2010 13:04
Print PDF

This howto describes how to connect to a OpenVPN server with a jailbroken iPhone 3GS.

[update 2010-06-23] ...simplier solution available: GuizmOVPN

 

Due to the limitations of the openvpn client on the iPhone, we need to setup a routing OpenVPN Server (which uses TUN devices).

 

The basic setup of this server is nearly identical to the setup of a bridged OpenVPN Server as described in one of my previous howtos: Openvpn on Linksys

So to get started we should already have all the keys an certificates as described in the OpenVPN PKI Howto.

Now the actual Server Config File (i have this running on a Linksys WRT54G, with cusom Firmware DD-WRT v24-sp2 (07/22/09) vpn):

mode server
proto tcp-server
port 1194 
dev tun
ifconfig 10.8.0.1 10.8.0.2
ifconfig-pool 10.8.0.1 10.8.0.100
push "route 192.168.1.0 255.255.255.0"
keepalive 10 60
verb 3
comp-lzo
client-to-client
duplicate-cn
tls-server
ca /tmp/ca.crt
dh /tmp/dh1024.pem
cert /tmp/server.crt
key /tmp/server.key
persist-tun
persist-key
ping-timer-rem
daemon

you need to customize the ip's, especially the part with push route to match your network setup...

...so this is the Server Part, now get to the Client part...

You need an jailbroken iPhone 3GS (i think it will work on 3g also) with Firmware version 3.1.2 (only tested with this version, but probably works on future version too).

On the iPhone start Cydia, and search for package named: OpenVpn Toggle for Sbsetting ...install this, requires sbsettings but most of you will have sbsettings already :) After installing this you can enable a OpenVPN toggle in SBsettings, but without config file this button does nothing.

So we need a client config file:

tls-client
dev tun
ifconfig 10.8.0.2 10.8.0.1
pull
proto tcp-client
remote your.host.com 1194 
float
resolv-retry infinite
keepalive 10 60
persist-key
persist-tun
ping-timer-rem
ca ca.crt
cert client2.crt
key client2.key
ns-cert-type server
comp-lzo
verb 3
log tun.log

...but this text in a file named "conf.ovpn" in the "/var/mobile/Library/OpenVpn" directory on your iPhone.

In the same directory you also have to put the CA-Certificate (ca.crt), Client-Certificate (client2.crt) and the Client-Key (client2.key). The key file needs to be without a password, because there is currently no way to enter this when connecting, to remove a password from a keyfile use the following command on a machine with installed openssl:

openssl rsa -in client.key -out client.key

...now just give it a try, should work if your setup is correct... to debug look in the log file on the iphone and enable logging on the server side!

 

< Prev   Next >
Last Updated on Monday, 14 June 2010 13:20