I have a problem with the VPN installation on a phone.
I use
IPFire 2.29 (x86_64) - Core-Update 187 and a smartphone
(Android 13) with OpenVPN for Android 0.7.53 from the F-Droid store.
Maybe someone in the forum uses this constellation.
Under IPFire I have set up “Certification points and keys”:
Root certificate: cacert.pem
Host certificate: servercert.pem
TLS key: ta.key
and then set up a client under “connection status and control”:
Client package: xxx-TO-IPFire.zip
I have transferred these files to the mobile phone and the client package
xxx-TO-IPFire.zip archive unpacked:
cacert.pem
xxx-TO-IPFire.ovpn
xxx.key
xxx.pem
ta.key
Launched on the mobile phone OpenVPN for Android and with the + symbol,
then with the import button the unpacked xxx-TO-IPFire.ovpn file in
importing the new profile.
I’m use by
Type: Android Certificat → password ???
or
Type: Certificates: CA Certificate: cacert.pem
Client Certificate: servercert.pem
Clien Certificate Key: ta.keys
@odongarma
i have both ta.keys in
OpenVPN for Android/Profiles introduced.
No improvement.
@hvacguy
changes to the Global Settings,
must then regenerate certification bodies and keys (root and host) and connection status and control (client) ?
I have got OpenVPN for Android version 0.7.53 working with IPFire with no problems.
However, I have used a password for the Client Connection and that means that you have the following files to import, presuming that you have enabled TLS Channel Protection.
ta.key
xxxx.p12
xxxx-TO-IPFire.ovpn
You have not used a password so you have the insecure zip file which splits the xxxx.p12 file up into two .pem and one .key file
I have not tried using the insecure connection without a password but you have to make sure that you are assigning the correct files to the correct location in OpenVPN for Android.
I may be able to get some time later tomorrow to test out installing an insecure profile without password on my OpenVPN for Android setup.
in it but you only need the xxxx-TO-IPFire.ovpn file as it contains the actual ca, cert, key and ta directly in the .ovpn file. You can see this if you open the .ovpn file with a text editor.
I just imported the xxxx-TO-IPFire.ovpn file into OpenVPN for Android and it created the profile. I then selected it and the connection was successfully made and I could confirm that I was connected on the IPFire server OpenVPN WUI page.
I also was able to ping a vm machine on my green lan.
So both the secure and the insecure connections work with OpenVPN for Android.
These were the steps I took.
On the OpenVPN for Android screen there is an icon of a white box with a downwards pointing arrow… I press this and it opens a file searcher on my android phone. I then navigate to the directory I have stored the config files on and select the .ovpn file, which is the only one highlighted.
The app then goes to the Convert Config File screen and you can accept or change the Profile Name that it suggests.
I then press the tick nark at the top right hand side of the app screen.
I am then on the app page showing all the profiles that have been created. This now contains the one I just created.
I press the profile name I just created and the connection is successfully made.
Is the above sequence of steps what you are following. If not can you give more details of the steps you are taking to import the profile.
Thank you for your specific configuration steps. I first leave the IPFire OpenVPN Global Settings to the default settings.
I now reconfigure OpenVPN for Android and log in when results are available.
Thank you for your support.
The first step was the generation of the unsure client package.
I copied this to a USB dongle and also unpacked there.
Then I tried to load the unpacked xxx-TO-IPFire.ovpn file from USB-Dongle
under OpenVPN for Android with the + icon.
This was obviously wrong.
Solution:
Only when I placed the xxx-TO-IPFire.ovpn file in the download directory and
the “white box with a downwards pointing” used with OpenVPN for Android it finally worked.
If more time is available, I regenerate a client package with a password and report.
Yes, that is the option to import the .ovpn profile and certificates (either in line in the profile or as separate files).
That is the easiest method as it takes all the settings in the .ovpn profile and uses them in the app.
The + icon is for defing a profile in the app from scratch. It doesn’t use anything from the .ovpn file at all. You have to define the file name and location for the ca, for the cert, for the cert.key and for the ta.key, each in turn and the app then integrates them into the profile that it generates.
Then you have to input the server FQDN and the port number for the IPFire server. If the protocol on the IPFire server has been changed from udp to tcp then that also needs to be specified in the app.
Then you have to define the authorisation and authentication options. So you have to know which options IPFire has set in the server and manually enter them via the tickboxes.
When all of the above is completed the app has a profile equivalent to the .ovpn file but manually defined.
I have tested the above out and it does work but it takes a lot longer to define everything manually (and you need to know what to define and with what value) than doing the import of the .ovpn file so I would always suggest the import method.
Thanks for the very detailed information to generate a special and adapted VPN connection with IPFire.
The current configuration runs perfectly for hours without expulsion.
Thanks for the support.
.
schorsch89