OpenVPN Roadwarrior Mobile setup

ns_nirosh · April 17, 2020, 3:32pm

Dear Everyone, our gateway nethserver 7 is configured as VPN server-client environment.
Roadwarrier Bridge with Server - Client environment.
I would just like to know how to setup Iphones to connect using Openvpn to our server and use only web interface to view it’s status…Thanks.

royceb · April 17, 2020, 3:47pm

You choose the VPN client for your mobile Roadwarrior deployment
https://apps.apple.com/us/app/openvpn-connect/id590379981 for IOS

To view/disconnect via web; log into your NS, navigate to VPN and then the Roadwarrior tab.

ns_nirosh · April 18, 2020, 8:39pm

Is there any specific procedure to accomplish this - like the installing a profile in the ios…
Thanks.

Andy_Wismer · April 18, 2020, 8:56pm

@ns_nirosh

For IOS…

I’m using OPNsense firewall, but i think you can export the config - per user - from the interface…

Here’s from the docu on my firewall:

Import the hostname-udp-1194-ios-config.ovpn file into OpenVPN Connect. Clicking the file should be enough to get it imported. When asked for an application to open the file with, select OpenVPN Connect.

From here:
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

My 2 cents
Andy

EddieA · April 18, 2020, 10:16pm

Select the 3 dots on the right of the user who needs access. Select Download to extract the OpenVPN client file which you then import to the mobile device.

Cheers.

ns_nirosh · April 22, 2020, 9:59am

Yesterday I tried to import files that are needed to connect through openvpn by Apple ios. I imported Downloaded ovpn and other files from ns web interface to itunes and opened openvpn app on my telefon. Ovpn file was successfully imported but certificate .p12 is asking me a password to import. I was realized the password is not the password that i have used to loggin. What is that password which is asking me to enter?

EddieA · April 22, 2020, 3:11pm

You only need the import the ovpn file. It has all the required certificates embedded in it.

Cheers.

ns_nirosh · April 22, 2020, 5:48pm

I downloaded onlu ovpn file and edited only tap to tun because ios not supported. But i get this error at the assign ip address phrase; Authentication fail;

2020-04-22 7:44:09 PM Client exception in transport_recv: tun_prop_error: ifconfig addresses are not in the same /30 subnet (topology net30)

How to edit my config???

EddieA · April 22, 2020, 8:29pm

I’m guessing you have set up Bridged mode, as the device is tap.

Selecting Routed mode will use tun. But then you will have to change how the IP addressing is used.

Cheers.

ns_nirosh · April 22, 2020, 9:18pm

Yes I have configured our server as bridge mode. If i change it to router mode, will other openvpn users be getting the same effect o do I have to create vpn accounts again for them?

EddieA · April 22, 2020, 9:56pm

You’ll have to re-download all the opvn files after the change and then re-import into the clients as all the clients will use the same tun device.

Cheers.

ns_nirosh · April 22, 2020, 10:44pm

may be we have to think about the users.

EddieA · April 22, 2020, 11:04pm

Depending on the number of users and those who need routed mode vs bridged mode, maybe consider running 2 servers. One on port 1194, the other on 1195. You may have to set up a couple of additional routing options and also open the firewall for the non-1195 server.

Cheers.