Apple Lightning to USB 3 Camera Adapter Revelation
Haven't had the opportunity to really flesh this one out yet, and there are a ton of UI inconsistencies, but it's true: there is a way to enable Ethernet on iOS devices.
The Apple USB to Ethernet adapter, when plugged into the Lightning to USB 3 adapter, and plugged into power, will work as an ethernet interface. There's no way to check your IP information and the UI keeps crying about turning on WiFi, but it works.
OpenVPN on Demand for iOS Devices
This project allows iOS users to connect to an OpenVPN server with minimal effort and technical knowledge. Once you create and distribute the .mobileconfig files, clients can securely connect to your VPN from their iOS devices with minimal hassle. This guide is geared towards technically-savvy users.
I take no responsibility for how you use this guide or any systems you create with its help.
Follow the tutorial found here. It's well-written, straightforward, and my contribution comes afterwards anyway. Just be sure you end up with a working .ovpn file afterwards. Test it using the OpenVPN Connect iOS client.
Generate a .p12 file from the private key and crt. Enter this on the pi: openssl pkcs12 -export -in your_private.crt -inkey your_private.key -out new_private.p12
Set up a port forwarding rule on your external firewall to direct all UDP traffic on port 1194 to the Raspberry PI. For most people, this means their Cable or FIOS modem.
iOS Profile Creation
Here, you're gonna use Apple Configurator to create a profile for your devices. This profile can be loaded either by direct USB connection or by .mobileconfig file. If you opt for the second route, please ensure you transfer the file securely, as it will contain the certificates and passwords necessary to connect to your OpenVPN server.
Start the Application and click on the Supervise button on the top
Click the plus sign under the Profiles pane along the right side of the window
Select Create New Profile...
Fill out the General section however you like. Make sure to fill out the name field.
Add the .p12 certificate you created earlier under the Certificates section. Easy.
Next, enter the following variables under the VPN section:
Connection Type: Custom SSL
Server: Your server's public IP address
Account: Doesn't matter. Just put anything.
ca | The -----BEGIN CERTIFICATE----- through -----END CERTIFICATE----- section from your .ovpn file (with "n" after every line except for the absolute last one. No spaces.)
cipher | AES-128-CBC
client | NOARGS
comp-lzo | value
dev | tun
key-direction | 1
mute | 20
mute-replay-warnings | NOARGS
nobind | NOARGS
ns-cert-type | server
persist-key | NOARGS
persist-tun | NOARGS
proto | udp
remote | Your public IP
resolv-retry | infinite
tls-auth | The -----BEGIN OpenVPN Static key V1---- through -----END OpenVPN Static key V1----- section from your .ovpn file (with "n" after every line except for the absolute last one. No spaces.)
verb | 1
Credential: Will be the certificate you attached earlier
Enable VPN On Demand: Checked
Match Domain or Host/On Demand Action:
This is the meat and potatoes of VPN On Demand. It will establish the tunnel based on what you put here. To clarify:
Match Domain or Host: Fairly easy. The IP Address or Hostname you're trying to connect to. Typically, this is inside your network.
On Demand Action: Always Establish/Never Establish/Establish if Needed. Self-explanatory. Except for the last one. It attempts to resolve the host first. If it can't, then your device pins up the tunnel and tries again. This is best used if you use the same DNS entry for internal/external hosts.
Disconnect on Idle: Your choice. In my opinion, some apps running in the background or otherwise transmitting network traffic will override this setting.
Proxy Setup: None
Click Save and:
Load the profile onto iOS device using Configurator by clicking the Prepare button, followed by the Install Profiles... button. Follow the directions. Or...
Select the profile you just made and click the Export icon underneath the pane to export it to a .mobileconfig file. Get that file onto an iOS device and you're good to go.
Once the profile's installed on your device, try browsing to a host or IP address you specified in the Match Domain or Host/On Demand Action field. The VPN icon should light up. If you wish to manually disconnect the tunnel, go to the VPN settings in the Settings app and turn it off from there.
Congratulations. You now have OpenVPN On Demand. Bear in mind that some third-party apps may not automatically start the tunnel, so make sure to check your status bar to make sure you're secure and as always, be cautious when using a connection not your own. Happy (safe) surfing.