Yes. VPN-On-Demand (VoD) is a new technology introduced by Apple in iOS 6 that allows a VPN profile to specify the conditions under which it will automatically connect. In addition, using a VoD profile on iOS 7 allows OpenVPN to be connected and disconnected using the iOS Settings App under the VPN tab (although note that on iOS 8 and higher, ordinary OpenVPN profiles can be connected using the Settings App, as long as they don't require credential entry). OpenVPN on iOS fully supports VoD, with the following features:
The iPhone Configuration Utility can be used to create an OpenVPN VoD profile by entering OpenVPN configuration file parameters as key/value pairs. The OpenVPN app supports connect and disconnect actions triggered by the iOS VoD subsystem.
The OpenVPN app recognizes VoD profiles and will show them in the UI and allow them to be monitored and controlled like other OpenVPN profiles (with the exception that VoD profiles cannot be manually connected from the app UI, they can only be disconnected -- this is because a VoD profile is designed to be connected automatically by iOS).
OpenVPN VoD profiles can be created using the iPhone Configuration utility. Unfortunately, the process is a bit cumbersome at the moment because the directives of the OpenVPN profile must be manually entered as key/value pairs into the iPhone Configuration utility UI.
For now, to create a VoD profile, open the iPhone Configuration utility (these directions were tested with version 3.5 on a Mac tethered to an iPad running iOS 6.0.1), go to the File menu, and select "New Configuration Profile".
Next, edit the newly created Configuration Profile. Click on General in the left pane and fill out the fields such as Name, Identifier, Organization, etc. Click on VPN in the left pane and a "Configure VPN" dialog box should appear in the main window. Click the "Configure" button. Fill out the VPN settings as described below:
Connection Name should be set to a name that will identity this profile on the device.
Connection Type should be set to Custom SSL. Identifier should be set to "net.openvpn.connect.app". (on older versions this used to be net.openvpn.OpenVPN-Connect.vpnplugin). Server can be set to a hostname, or "DEFAULT" to use the hostname(s) from the OpenVPN configuration.
User Authentication should be set to Certificate, and the client certificate+key should be attached as a PKCS#12 file. VPN On Demand should be enabled and match entries should be defined to instruct iOS under which conditions the VPN profile should be automatically connected. In addition, parameters normally given in the OpenVPN client configuration file may instead be defined using key/value pairs in the Custom Data section:
VoD requires an OpenVPN autologin profile, i.e. a profile that authenticates using only a client certificate and key, without requiring a connection password.
Define each OpenVPN directive as a key, with arguments specified as the value. As in the OpenVPN configuration file, arguments are space-delimited and may be quoted. At a minimum, key/value pairs for ca and remote must be defined (Note that OpenVPN cannot get the CA list from the VoD profile, therefore it must be provided using a ca key/value pair). Key value pairs for tls-auth, key-direction, comp-lzo, cipher, ns-cert-type, and remote-cert-tls must be defined if the server requires them.
For OpenVPN directives with no arguments, use "NOARGS" as the value. If multiple instances of the same directive are present, when entering the directive as a key, number the directives in the order they should be given to OpenVPN by appending .n to the directive, where n is an integer, such as remote.1or remote.2
For multi-line directives such as ca and tls-auth, where the argument is a multi-line file, an escaping model has been provided to allow the file content to be specified as a single-line value. The procedure is to convert the multi-line data to a single line by replacing line breaks with "\n" (without the quotes). Note that because of this escaping model, you must use "\\" to pass backslash itself.
For OpenVPN Access Server meta-directives such as "OVPN_ACCESS_SERVER_USERNAME", remove the OVPN_ACCESS_SERVER_ prefix, giving USERNAME as the directive. Once the VoD profile has been defined, you have two options for exporting it to an iOS device:
If your device is currently tethered, click on your device name in the left pane. Then in the main window, click on the Configuration Profiles tab. You should see the name of your Configuration Profile and a button to install it on the device.
You can also save the Configuration Profile as a .mobileconfig file, and make it available to iOS clients via email or the web. To do this, select your Configuration Profile, go to the File menu, and select "Export...". An Export Configuration Profile dialog box will appear. Select a Security option -- "Sign configuration profile" is a reasonable choice. Press the Export button and save the profile.
When an iOS device receives a VoD profile (via Mail attachment, Safari download, or pushed by the iPhone Configuration utility), it will raise a dialog box to facilitate import of the profile. After import, the profile will be visible in the Settings App under General / Profiles. It will also be visible as a profile in the OpenVPN app. Note that the profile must be the currently-enabled VPN profile in order for the VoD functionality to work.
Apple configurator utility for Mac
https://itunes.apple.com/gb/app/apple-configurator-2/id1037126344?mt=12
Can I import an OpenVPN profile via an iOS .mobileconfig file?
A: Yes, OpenVPN profiles can be created using the iPhone Configuration utility and exported to a .mobileconfig file, which in turn can be imported onto one or more iOS devices. Unfortunately, the process is a bit cumbersome at the moment because the directives of the OpenVPN profile must be manually entered as key/value pairs into the iPhone Configuration utility UI. To create a .mobileconfig-based profile, open the iPhone Configuration utility, go to the File menu, and select "New Configuration Profile" (note that these directions were tested with version 3.5 of the iPhone Configuration utility on a Mac tethered to an iPad Air running iOS 7.0.4).
Next, edit the newly created Configuration Profile. Click on General in the left pane and fill out the fields such as Name, Identifier, Organization, etc. Click on VPN in the left pane and a "Configure VPN" dialog box should appear in the main window. Click the "Configure" button. Fill out the VPN settings as described below:
Connection Name should be set to a name that will identity this profile on the device. Connection Type should be set to Custom SSL. Identifier should be set to "net.openvpn.connect.app". Server must be set to "DEFAULT". The actual server hostname will be configured via OpenVPN remote directives in the Custom Data section. User Authentication should be set to Password, and the password field should be left blank.
Parameters normally given in the OpenVPN client configuration file must be defined using key/value pairs in the Custom Data section: Define each OpenVPN directive as a key, with arguments specified as the value. As in the OpenVPN configuration file, arguments are space-delimited and may be quoted.
Key value pairs for remote, ca, cert, key, tls-auth, key-direction, auth-user-pass, comp-lzo, cipher, auth, ns-cert-type, remote-cert-tls must be defined if the server requires them.
If your server doesn't require clients to authenticate with a client certificate and private key, you can omit key/value pairs for ca and cert, but be sure to add the key/value pair "setenv" : "CLIENT_CERT 0".
The client certificate and private key can be separately imported onto the iOS device using a PKCS#12 file, in which case you can omit key/value pairs for ca and cert.
If you are attaching a private key to the configuration using the key directive, consider encrypting the key with a password to protect it while in transit to the target iOS device.
You must add a special key/value pair "vpn-on-demand" : "0" so that OpenVPN can distinguish this profile from an iOS VPN-On-Demand profile.
For OpenVPN directives with no arguments, use "NOARGS" as the value. If multiple instances of the same directive are present, when entering the directive as a key, number the directives in the order they should be given to OpenVPN by appending .n to the directive, where n is an integer, such as remote.1 or remote.2
For multi-line directives such as ca, cert, key and tls-auth, where the argument is a multi-line file, an escaping model has been provided to allow the file content to be specified as a single-line value. The procedure is to convert the multi-line data to a single line by replacing line breaks with "\n" (without the quotes). Note that because of this escaping model, you must use "\\" to pass backslash itself.
For OpenVPN Access Server meta-directives such as "OVPN_ACCESS_SERVER_USERNAME", remove the OVPN_ACCESS_SERVER_ prefix, giving USERNAME as the directive. Once the profile has been defined, you have two options for exporting it to an iOS device:
If your device is currently tethered, click on your device name in the left pane. Then in the main window, click on the Configuration Profiles tab. You should see the name of your Configuration Profile and a button to install it on the device.
You can also save the Configuration Profile as a .mobileconfig file, and make it available to iOS clients via email or the web. To do this, select your Configuration Profile, go to the File menu, and select "Export...". An Export Configuration Profile dialog box will appear. Select a Security option -- "Sign configuration profile" is a reasonable choice. Press the Export button and save the profile.
When an iOS device receives an OpenVPN .mobileconfig profile (via Mail attachment, Safari download, or pushed by the iPhone Configuration utility), it will raise a dialog box to facilitate import of the profile. After import, the profile will be visible in OpenVPN.
example.mobileconfig for iOS
For custom vpn configs see the Apple configurator howto here
Yes, AdBlock Speed VPN for iPhone. AdBlock VPN for iOS Config Howto
The AdBlock data transmission and CPU savings will combine with the low overhead of the new OpenVPN client to a negligible impact on your iPhone battery.
No. For higher grade encryption we support OpenVPN. Or for legacy OS we support PPTP
Yes, you can point your corporate routers to dedicated cloud DNS and VPN servers. We offer 20 options of geographically diverse datacenters across usa, europe and asia.
Also available custom filter lists and access policies running on your own dedicated virtual dns servers. Full root access.
Business, Hotspot, School and Campus filtering bundles available.
Yes, we can provide custom adblock, vpn, firewall, filtering cloud dedicated servers.
BA.net Adblock DNS Server FlashBoot is a complete Software Appliance. Built in a simple USB Flash Boot package. Or Managed Server Virtual Image. Free Download
You can download a free preview of the Administrator Manual
free Administrator Manual E-Book Preview
Free eBook Preview PDF 2.5M
Documentation Index
.
.
.
.
BA.net - AdBlock Split Speed VPN for Mobile iPhone iOS Android Save Data Usage
content filter tracking profiling openvpn blinkt tunnelblick pptp malware protection business security library campus school cybercafe cipa affordable easy alternative for legacy cisco vpn umbrella webtitan barracuda fortinet sonicwall sophos untangle managed pihole vpn adblock-speed-vpn-iphone adblock@ba.net