Private Internet Access OpenVPN on iOS

I use Private Internet Access for my VPN needs. They have servers in many countries and provide OpenVPN, L2TP, and PPTP access. Been using them for a year now and no complaints so far. For Android and Windows they provide apps that use OpenVPN, but for iDevices you are stuck with L2TP and PPTP and while that’s fine I prefer OpenVPN (see here and here; also worth reading this on why TCP isn’t a good idea for tunneling). Thankfully iOS has an OpenVPN client so this is something one can setup manually.

Private Internet Access provides a zip file containing all the certificates and config files for OpenVPN. You can’t use these config files directly in the client though. Will have to use iTunes and copy over the files to the OpenVPN app (with a modification to the config files which I’ll come to in a minute). Or you can make two changes to these config files (one of which you have to make even in the iTunes case) and skip iTunes. That’s what I am going to do here. I avoid iTunes if I can (not coz I hate it but generally, I don’t like to be tied to it).

The zip file provided by Private Internet Access contain files with an ovpn extension – which are the configuration files for their server at each location – as well as a ca.crt file which is the certificate for the Private Internet Access servers. The first thing we have to do is combine this ca.crt file into each of the ovpn files. This way we don’t have to worry about how to have both files in the same location as the contents are now merged into one.

The second thing we have to do is added a line like this to each of the ovpn files:

This line tells the OpenVPN client there is no client certificate. By default the iOS OpenVPN client expects a client certificate so unless make this change to the config files the client will not let us connect.

To combine the ca.crt file into each of the config files copy paste the contents of file into each of the config files, surrounding the contents with <ca> and </ca> tags. Alternatively, you could be a geek and use something like PowerShell to automate the process. Copy paste the snippet below and run it in the folder where you extracted the zip file from Private Internet Access.

Pretty straightforward. Replace the line with the contents of the file, add an extra line.

I did this for the files from Private Internet Access and uploaded the resulting files to a zip file you can download from here.

You can download the zip file on your computer, extract the contents, and email the config files you want to an email account you have on the iDevice. Opening the config file from the email will launch OpenVPN and let you add the profile to it.

Alternatively you could visit the above link in a browser such as iCab Mobile on your iDevice. Or even in a browser such as Safari, but download and open with an app like File Explorer (or any other app really which lets you open a zip file and pass the contents to another app).