Witopia OpenVPN/SSL Setup on Jailbroken iOS devices.
Thought I’d share how I got Witopia OpenVPN running on my Jailbroken iPhone.
First off some props, most of the info I got from the following sources:
Witopia Support Wiki -> http://wiki.witopia.net/wiki/Installing_personalVPN-SSL_on_Linux
SBSettings -> http://chandraonline.net/blog/?p=22
GuizmOVPN -> http://www.guizmovpn.com/index.php?option=com_content&view=article&id=2&Itemid=2
So first off there are a couple of apps that you can use to mange the VPN. I have tried both, and have had the most success with GuizmOVPN GUI. It is a paid app, but you do have 7 days to try it, and no I don’t work for them. I just like the easy interface, visible log file, and a nice little logo in the status bar to show your connected. You also need to be running iOS 4 or have some form of backgrounding to run the app.
I did try the SBSettings toggle as mentioned on chandraonline.net, and it works great however you can only choose one VPN site, and there is no visible log. Both use OpenVPN ported to the iOS.
I’m not going to go in-depth with either or the clients above, since they are both well documented. However here are the steps relevant to Witopia. So start with one of the two clients SBSettings or GuizmOVPN.
For both of these clients assume I will assume you have the Witopa desktop client installed, as we will need key and config files for your account. Since this is a password-less setup you should NOT share your key.key files.
Your config files and keys are stored here, depending on your OS (OSX/Win). No installer for Linux. See http://wiki.witopia.net/wiki/PersonalVPN-SSL_FAQ
OSX
Tunnelblick: ~/Library/openvpn
Viscosity: ~/Library/Application Support/Viscosity/OpenVPN/* (where * is 1-44 each representing a different VPN site)
Windows
C:\Program Files\personalvpn\config
SBSettings:
All the install steps above are fine. When you get to the config, use the conf file currently installed on your system above.
Each directory (at least on Viscosity) represents a different VPN site, so pick one. Rename the config.conf to conf.ovpn, append the up and down parts in the tutorial above, and copy it into the following directory on your iOS device along with ca.crt, cert.crt, and key.key. No need to remove the password as it’s already without one (hence the reason you don’t want to share your key).
/var/mobile/Library/OpenVpn/
Now at this point you need to either reload springboard or reboot your device. Took me a couple tries to get the toggle to work. One downside to this app is there is no easy access to the log should you need to troubleshoot. In fact I couldn’t find where it’s logging.
GuizmOVPN:
First off follow the install in the link above. This app is nice as you can see logs, as well as have multiple VPN sites. So first off lets export the configuration from Viscosity. Not sure if the other apps do it, but again you can find the config as listed above.
So fire up Viscosity. It should show up as an icon in your top menu bar. Right click on it and go to “Preferances…” and you should see something like the shot below. Click on a VPN site and hit the gear in the bottom right, and hit “Export Zipped Connection”.
Save there file wherever you like. I put it in a directory on my desktop called vpn (for scripting fun later). In fact I exported all of them. Turns out these .visz files are just good ole’ gzip files.
$ file “us – Seattle, WA.visz”
us – Seattle, WA.visz: gzip compressed data, was “~/Desktop/us – Seattle”, last modified: Mon Aug 30 22:59:39 2010, max compression.
So now you should have a directory full of these .visz files which are really just gzip files. So rename them to *.tgz, extract them, then zip them, and your ready to upload them to your device. Here are a couple lines to first remove the spaces so we can actually work with the files, then change the extension to tgz, then extract the contents. So fire up your terminal and cd to the directory containing the .visz files.
for x in *visz; do mv “$x” “`echo $x | sed -e ’s/\ /_/g’`”; done
for x in *visz ; do mv $x `basename $x `.tgz; done
for x in *.tgz; do tar zxvf $x; done
rm *.tgz
At this point you have two options. A) the easy way. SCP all those directories to /private/var/mobile/Documents/Configurations on your device. or B) continue on through the web interface within GuizmOVPN.
If you decided you like to point and click your way through life, and enjoy pain. Then run the following commands in addition to the lines above.
for x in *; do if [ -d "$x" ]; then zip -r “$x.zip” “$x”; fi;done
find . -type d -exec rm -r {} \;
Now you will have a directory filled with zip files. Your probably wondering at this point why I put you through all these commands if the .visz files are already zip files. Well because there is a difference between gzip and zip. For real, google it. Yes I did try just changing the visz to zip, doesn’t work.
Now fire up GuizmOVPN on your device and tap on the “Settings” tab. Turn that webserver on, and point your browser to the IP and port listed.
Now you can enjoy that point and click action in all it’s glory. Upload as many of these zip files as you like.
When your done, tap back on “General” and you should see a whole list of VPN sites, tap on the one you want and slide “Connect:” to on. I would also recommend you change both the settings in the DNS Configuration section to On, within the “Settings” tab. Turning them on changes your /etc/resolv.conf to reflect Witopia’s dns servers. Otherwise you will be able to connect but may be unable to resolve dns.
Tap the “Log” tab to see an output of the OpenVPN log file.
This is what good should look like, notice the nice little logo in the top right showing the connected status:
Hope someone finds this useful.
-Jon
