Skip to main content

iOS Security FAQs

Wondering about OpenVPN Connect security and best practices? Refer to these FAQs.

What can I do to ensure good security on my iOS device?

Given that mobile devices are easily lost or stolen, we recommend these two steps to provide extra protection for your phone to secure VPN profiles against compromise of a lost device:

  1. Save the private key in the device keychain—it’s the most sensitive data in a profile. Consider removing the client certificate and private key from the profile and saving them in the iOS Keychain instead.

  2. Use a strong, device-level password. A strong password is critical for protecting data stored in the iOS Keychain.

Is it safe to save passwords?

Yes, it is safe to save your password if you have set up a strong device-level password. OpenVPN Connect stores authentication and private key passwords in the iOS Keychain, which the device-level password protects.

Note

OpenVPN Connect can access the iOS Keychain only after the user has unlocked the device at least once after restart.

Is OpenVPN Connect vulnerable to Heartbleed?

No, OpenVPN Connect uses the OpenSSL library, which is immune to Heartbleed.

Why is the save password switch sometimes unavailable?

The save password switch on the authentication password field is typically turned on, but you can turn it off by adding the following OpenVPN directive to the profile:

setenv ALLOW_PASSWORD_SAVE 0

Important

The above directive only applies to the user authentication password. The private key password, if it exists, can always be saved.

Does OpenVPN Connect support the tls-crypt option?

Yes, OpenVPN Connect includes support the the tls-crypt option in recent versions.

In this section: