This easy way methode is working.
I have question for other methods:
I created client package with password.
Do i have to insert this password to create_ovpn.sh file or not?
In this line: echo "Usage: create_ovpn12 <ovpn_file> "
I created .ovpn once with and password and second time without password. Each time connection is not created, it stops.
What errors do you see? Or what page does it stop on?
Are these errors when trying to do the install? Or trying to connect?
Also, What version of IPFire are you using?
First, I dont know if i have to edit script or not? Add password in create_ovpn.sh file?
Second, OpenVPN app on phone (log file) shows no error. It stops, i think, EVENT:CONNECTING…
I have to recreate .ovpn, because already deleted.
You do NOT need to edit the script. And the password is NOT added to the create_ovpn.sh file by editing.
The password is part of the command line.
./create_ovpn12 <your_ovpn_file> <your_PKCS12_File_Password>
I just went thru all of the iOS Keychain Method instructions step-by-step and all worked A-OK.
For me it is not working, but it is 99% probability that i am doing something wrong 
Using test-TO-IPFire.ovpn to create test.ovpn and test.ovpn12
created Root Certificate
created TLS Authentification Key
created test.ovpn
created Client Certificate
created test.ovpn12
clean-up files
[root@ipfire ios]#
What mtu do you have, mine is 1492, but is working with easy way method.
Log have BUFFER_ERROR:5
| 11:55:10 | openvpnserver[9797]: | xxxxxxxx:58415 TLS: Initial packet from [AF_INET]xxxxxxxx:58415, sid=1 7d06c51 eecd1fa1 |
|---|---|---|
| 11:55:10 | openvpnserver[9797]: | xxxxxxxx:58415 TLS Error: reading acknowledgement record from packet |
| 11:55:21 | openvpnserver[9797]: | xxxxxxxx:58415 TLS Error: reading acknowledgement record from packet |
| 11:55:31 | openvpnserver[9797]: | xxxxxxxx:58415 TLS Error: reading acknowledgement record from packet |
| 11:55:34 | openvpnserver[9797]: | xxxxxxxx:58415 TLS Error: reading acknowledgement record from packet |
| 11:55:39 | openvpnserver[9797]: | xxxxxxxx:58415 TLS Error: reading acknowledgement record from packet |
| 11:55:40 | openvpnserver[9797]: | xxxxxxxx:58415 TLS Error: reading acknowledgement record from packet |
| 11:56:10 | openvpnserver[9797]: | xxxxxxxx:58415 TLS Error: TLS key negotiation failed to occur within 60 sec onds (check your network connectivity) |
| 11:56:10 | openvpnserver[9797]: | xxxxxxxx:58415 TLS Error: TLS handshake failed |
| 11:56:10 | openvpnserver[9797]: | xxxxxxxx:58415 SIGUSR1[soft,tls-error] received, client-instance restarting |
I found this thread:
There is no ‘tls-auth’ directive line in server.conf and client.ovpn.
Hi @digiz222
Looking through other forum posts and on the internet for the above error message a common theme is that the setting for TLS Auth is missing on one side, either on the server or the client.
The script you are following includes the creation of the TLS Authentication key. What it actually does is create the location in your .ovpn file and then copies across what is in the ta.key file on your IPFire system. I suspect that you have not enabled the TLS Channel Protection box on your OpenVPN Server page. If that is the case then the script would have copied nothing across so your ta.key section will be empty.
I suspect you don’t have the TLS Auth enabled on the server so you need to enable the TLS Channel Protection on the server.
You could alternatively edit the test.ovpn file created by the script to remove all the ta.key sections (or comment them out). I don’t know if something would need to be done with the test.ovpn12 file without going through the script in much more detail.
Edit:-
It’s the test.ovpn12 file that you would need to edit the ta.key sections out of. The test.ovpn file includes the Client certificate and the private key.
You are right. No TLS Channel Protection box checked.
I will repeat process again from start. Thx.
