No flaws found in OpenVPN software. Our response to the CVE-2019-14899 vulnerability report.

Provisioning Profile example #1: embedded key and cert (no .p12 payload)

Request More Information

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement

It is also possible to create Provisioning Profiles having no .p12 payload. In this case key and cert have to be embedded in the VPN settings.
Please see this sample file below:
 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>IPv4</key>
            <dict>
                <key>OverridePrimary</key>
                <integer>0</integer>
            </dict>
            <key>PayloadDescription</key>
            <string>Configures VPN settings</string>
            <key>PayloadDisplayName</key>
            <string>VPN</string>
            <key>PayloadIdentifier</key>
            <string>com.apple.vpn.managed.C69FB197-D553-4A78-B024-CBCCFD7F731F</string>
            <key>PayloadType</key>
            <string>com.apple.vpn.managed</string>
            <key>PayloadUUID</key>
            <string>C69FB197-D553-4A78-B024-CBCCFD7F731F</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>Proxies</key>
            <dict>
                <key>HTTPEnable</key>
                <integer>0</integer>
                <key>HTTPSEnable</key>
                <integer>0</integer>
            </dict>
            <key>UserDefinedName</key>
            <string>test client</string>
            <key>VPN</key>
            <dict>
                <key>AuthName</key>
                <string>DEFAULT</string>
                <key>AuthenticationMethod</key>
                <string>Password</string>     <-------- NOTE: IMPORTANT WHEN NOT APPENDING A .P12 PAYLOAD
                <key>RemoteAddress</key>
                <string>DEFAULT</string>
            </dict>
            <key>VPNSubType</key>
            <string>net.openvpn.connect.app</string>    <--------- NOTE: CHANGED SINCE v1.2.5
            <key>VPNType</key>
            <string>VPN</string>
            <key>VendorConfig</key>
            <dict>
                <key>ca</key>
                <string>-----BEGIN CERTIFICATE-----\nxxxxxxxxx\n-----END CERTIFICATE-----\n</string>
                <key>cert</key>
                <string>-----BEGIN CERTIFICATE-----\nxxxxxxxxxx\n-----END CERTIFICATE-----\n</string>
                <key>cipher</key>
                <string>AES-256-CBC</string>
                <key>client</key>
                <string>NOARGS</string>
                <key>dhcp-option</key>
                <string>DNS 8.8.8.8</string>
                <key>key</key>
                <string>-----BEGIN PRIVATE KEY-----\nxxxxxxxxxx\n-----END PRIVATE KEY-----\n</string>
                <key>remote</key>
                <string>192.168.1.192 1194 udp</string>
                <key>vpn-on-demand</key>
                <string>0</string>
            </dict>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>client-LAN</string>
    <key>PayloadIdentifier</key>
    <string>myidentifier.01C011CB-5A34-486B-ACAC-699374A9D772</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>EF2888C0-F204-4B17-BF46-3FD16493C9B2</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

Share