Set encryption explicitly in the server configuration, e.g.:
-cipher AES-128-CBC
+cipher AES-128-CBC
auth SHA1
@@ -160,7 +161,7 @@ auth SHA1
If you want to leverage newer AES-GCM encryption, you could just use:
-ncp-ciphers AES-256-GCM # or AES-128-GCM
+ncp-ciphers AES-256-GCM # or AES-128-GCM
and the client wouldn’t need to change a thing, because the algorithm will be enforced by the server no matter what.
@@ -171,30 +172,34 @@ auth SHA1
Regarding Mullvad in particular, remember to strip spaces from the username.
+The configuration file lacks a required option (cipher)
+
+When missing, OpenVPN implies a Blowfish cipher, which is severely obsolete and unsupported. Passepartout requires that you set an AES cipher instead. For that to work, you must update your OpenVPN server to use AES by explicitly setting a cipher (e.g. cipher AES-128-CBC).
+
The configuration file contains an unsupported option (external file)
-Due to easier interoperability, the app does not support external files in the .ovpn main configuration. That’s because more often than not, it may not make sense referring to relative paths in a mobile device environment. Think of the Mail app for example. The fix is straightforward though, say you have an external ca file:
+Due to easier interoperability, the app does not support external files in the .ovpn main configuration. That’s because more often than not, it may not make sense referring to relative paths in a mobile device environment. Think of the Mail app for example. The fix is straightforward though, say you have an external ca file:
-ca my-ca.crt
+ca my-ca.crt
Just replace it with:
-<ca>
+<ca>
...
content of my-ca.crt
...
</ca>
-The same applies to other settings like cert, key, tls-auth and tls-crypt. In the specific case of tls-auth with a key direction, like:
+The same applies to other settings like cert, key, tls-auth and tls-crypt. In the specific case of tls-auth with a key direction, like:
-tls-auth ta.key 1
+tls-auth ta.key 1
Replace with:
-<tls-auth>
+<tls-auth>
...
content of ta.key
...
@@ -216,7 +221,7 @@ key-direction 1
It seems that my traffic doesn’t necessarily go through the VPN
-Unless redirect-gateway is either:
+Unless redirect-gateway is either:
- Explicitly added to the .ovpn configuration
@@ -247,7 +252,7 @@ key-direction 1
My host profile ignores DNS settings pushed by server
-Passepartout is slightly different from OpenVPN Connect when it comes to DNS. Due to the ability of overriding network settings in general, Passepartout lets the user specify what DNS servers to pick without any ambiguity (“Read .ovpn”, “Pull from server” or “Manual”). On the other hand, OpenVPN Connect merges and uses both the servers defined in the .ovpn file (first) and those pushed as dhcp-option by the VPN server (last). With this in mind, you should now understand why DNS in some networks may behave differently than the official OpenVPN clients.
+Passepartout is slightly different from OpenVPN Connect when it comes to DNS. Due to the ability of overriding network settings in general, Passepartout lets the user specify what DNS servers to pick without any ambiguity (“Read .ovpn”, “Pull from server” or “Manual”). On the other hand, OpenVPN Connect merges and uses both the servers defined in the .ovpn file (first) and those pushed as dhcp-option by the VPN server (last). With this in mind, you should now understand why DNS in some networks may behave differently than the official OpenVPN clients.
diff --git a/feed.xml b/feed.xml
index 2f95a69..b98dc33 100644
--- a/feed.xml
+++ b/feed.xml
@@ -1 +1 @@
-Jekyll 2020-06-22T19:21:52+02:00 https://passepartoutvpn.app/feed.xml Passepartout, OpenVPN client for iOS and macOS Passepartout is a non-official, user-friendly OpenVPN® client for iOS and macOS. Davide De Rosa Jekyll 2020-11-17T09:13:48+01:00 https://passepartoutvpn.app/feed.xml Passepartout, OpenVPN client for iOS and macOS Passepartout is a non-official, user-friendly OpenVPN® client for iOS and macOS. Davide De Rosa