Help Transferring the .ovpn File to iOS
Important
The steps below are for connecting to a generic OpenVPN server. For specific steps on importing profiles from CloudConnexa or Access Server, follow the steps on this page: Install OpenVPN Connect on iOS.
If you're looking for a connection profile from your iOS device, contact your VPN service provider as detailed here: How to Get Your Connection Profile.
If you're having trouble importing a profile on iOS, try these steps:
Save the .ovpn file to your macOS desktop.
Connect to your iPhone or iPad using a USB or USB-C cable or Wi-Fi.
In Finder (on your Mac), select iPhone.
Select Files.
Locate the OpenVPN directory.
Important
OpenVPN Connect must already be installed on your mobile device.
Drag the .ovpn file from your desktop to the OpenVPN location.
Launch OpenVPN Connect on your mobile device.
Tap Add, then File.
“1 new OpenVPN profiles are available for import” displays.
Tap Add.
Important
Profiles must be UTF-8 (or ASCII) and under 256 KB in size.
Also, consider using the unified format for OpenVPN profiles which embeds all certs and keys into the .ovpn file. This eases the management of the OpenVPN configuration as it integrates all configuration elements into a single file.
For example, a traditional OpenVPN profile might specify certs and keys as follows:
ca ca.crt cert client.crt key client.key tls-auth ta.key 1
You can convert this usage to unified form by pasting the content of the certificate and key files directly into the OpenVPN profile as follows using an XML-like syntax:
<ca> -----BEGIN CERTIFICATE----- MIIBszCCARygAwIBAgIE... . . . /NygscQs1bxBSZ0X3KRk... Lq9iNBNgWg== -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- . . . </cert> <key> -----BEGIN RSA PRIVATE KEY----- . . . </key> key-direction 1 <tls-auth> -----BEGIN OpenVPN Static key V1----- . . . </tls-auth>
Another approach to eliminate certificates and keys from the OpenVPN profile is using the iOS Keychain.
Note
When converting tls-auth to unified format, check if there is a second parameter after the filename (usually a 0 or 1). This key-direction parameter must be specified as a standalone directive when tls-auth is converted to unified format. For example, if the parameter is 1, add this line to the profile:
key-direction 1
If there is no second parameter to tls-auth, you must add this line to the profile:
key-direction bidirectional