Frequently Asked Questions
- My provider is not listed
- Why is compression not supported?
- The configuration file contains an unsupported option (external file)
My provider is not listed
You should contact with your provider to double check if there is interest in being added to Passepartout. Beware that some may be concerned instead. Ultimately, you can submit your provider request for a viability review to providers@passepartoutvpn.app.
Why is compression not supported?
Some users may have noticed that Passepartout is not compatible with any compression algorithm supported by OpenVPN. This is intentional and comes from a logical reasoning. Besides being a relevant overhead against marginal gains -most protocols in the application layer (e.g. HTTP) already use compression nowadays-, compression is vulnerable to an attack that may be able to reveal the secret session keys.
The attack is called VORACLE and is extensively explained by the very authors of OpenVPN. Most major providers have taken action and fixed the issue, but many are still refraining to disable compression for no acceptable reason. In case this happens, you are warmly encouraged to report the issue immediately and possibly link to either the official resource you find above, as it comes directly from the software makers, or this page.
BEWARE: it’s not about making the app work, this is about your safety. Do prompt your provider to disable compression ASAP. Most of the time it’s as easy as tweaking a single configuration line on their backends.
Keeping it broken is absolutely irresponsible.
The configuration file contains an unsupported option (external file)
Due to easier interoperability, the app does not support external files in the .ovpn main configuration. That’s because more often than not, it may not make sense referring to relative paths in a mobile device environment. Think of the Mail app for example. The fix is straightforward though, say you have an external ca
file:
ca my-ca.crt
Just replace it with:
<ca>
...
content of my-ca.crt
...
</ca>
The same applies to other settings like cert
, key
, tls-auth
and tls-crypt
.