Frequently Asked Questions
- My provider is not listed
- I’m on Wi-Fi but my device shows I’m connected via LTE
- I’m unable to add my Wi-Fi to Trusted Networks
- The configuration file contains an unsupported option (external file)
- The VPN connects but immediately disconnects with “Encryption failed”
- Why don’t Siri Shortcuts execute in the background?
- It seems that my traffic doesn’t necessarily go through the VPN
- I’d like to see a Today Widget in the Notification Center
- I’d like to see my IP address in the app
- Mullvad ignores my custom DNS settings
My provider is not listed
You should contact with your provider to double check if there is interest in being added to Passepartout. Beware that some may be concerned instead. Ultimately, you can submit your provider request for a viability review to providers@passepartoutvpn.app.
I’m on Wi-Fi but my device shows I’m connected via LTE
The Wi-Fi/LTE icon (replace LTE with any cellular signal) while on VPN has been broken since iOS 10 or the like. It’s something that Apple is unable to fix or doesn’t bother fixing.
You should do a simple test. Verify your data consumption with your LTE provider website, normally phone providers have that. Now, when on VPN and the LTE icon appears in spite of Wi-Fi, download a relevant chunk of data. You may then learn that the plan is unaffected, implying that you’re actually connected via Wi-Fi.
I haven’t found a workaround for this and it’s been there for almost two years. Yeah, it’s a shame.
I’m unable to add my Wi-Fi to trusted networks
Starting from iOS 12 (or 13?), iOS has somewhat restricted what apps can learn about Wi-Fi networks. The effect of this is the inability to add the connected Wi-Fi network to trusted networks, be it with a bogus “Wi-Fi” or “WLAN” SSID name, or with the alert “You are not connected to any Wi-Fi network.”.
To work around this issue, you should trust the network while the VPN is enabled and connected through such network. I will try to restore former behavior in future versions of Passepartout, or at least add an informational footer below the “Trusted networks” section.
The configuration file contains an unsupported option (external file)
Due to easier interoperability, the app does not support external files in the .ovpn main configuration. That’s because more often than not, it may not make sense referring to relative paths in a mobile device environment. Think of the Mail app for example. The fix is straightforward though, say you have an external ca
file:
ca my-ca.crt
Just replace it with:
<ca>
...
content of my-ca.crt
...
</ca>
The same applies to other settings like cert
, key
, tls-auth
and tls-crypt
.
The VPN connects but immediately disconnects with “Encryption failed”
This happens when you rely on default OpenVPN encryption, which is normally Blowfish. The algorithm, besides being unsupported by Passepartout, is also weak and therefore discouraged. In order to fix this issue, you must switch to AES encryption. Passepartout only supports AES, be it in CBC or GCM mode.
Set encryption explicitly in the server configuration, e.g.:
cipher AES-128-CBC
auth SHA1
and don’t forget to update the client .ovpn as well with the exact same parameters.
If you want to leverage newer AES-GCM encryption, you could just use:
ncp-ciphers AES-256-GCM # or AES-128-GCM
and the client wouldn’t need to change a thing, because the algorithm will be enforced by the server no matter what.
Why don’t Siri Shortcuts execute in the background?
Unfortunately Apple is guilty of not fixing a related bug. I mean, it’s been there for years -since iOS 9 with my first bug report dating back to 2017- without them caring at all. No feedback and not even a proper response. And of course, no progress.
This is one of the several threads remarking the issue:
https://forums.developer.apple.com/thread/96020
Now, due to this bug, App Extensions can’t control VPN using custom protocols -Siri Intents Extension in this case, in order to run shortcuts in the background. Only native VPN protocols work (IKEv2, IPsec etc.).
In short, there’s really nothing I can do about it.
It seems that my traffic doesn’t necessarily go through the VPN
Unless redirect-gateway
is either:
- Explicitly added to the .ovpn configuration
- Pushed from the server
the default gateway is NOT changed. That is, your external IP won’t be the VPN’s IP. Double check the “Default gateway” entry in the “Configuration” page to see how your host profile looks like. On the other hand, the default gateway is always enforced for provider profiles.
This has been recently fixed in Passepartout 1.6.0 as it’s the standard OpenVPN behavior. Before 1.6.0, Passepartout erroneously assumed that all traffic should go through the VPN implicitly.
Try this website to test your external IP before and after this change.
I’d like to see a Today Widget in the Notification Center
The reason behind not providing a widget is exactly the same as Siri Shortcuts. A widget would still need to open the app, thus making it quite useless.
I’d like to see my IP address in the app
The reason why Passepartout does not present any personal information in app is privacy. Obtaining one’s IP address, regardless of being connected to a VPN or not, involves querying -and trusting- a third party service. Knowing such info is also of little use, given that most of the time you don’t want to share your VPN IP address and therefore link your identity to it. However, this feature might be introduced later as a diagnostic tool.
Mullvad ignores my custom DNS settings
It looks like Mullvad “hijacks” DNS on default endpoints, making custom DNS settings irrelevant. In order to do custom DNS with Mullvad, make sure to explicitly pick the “Custom DNS” preset, which will let you connect to the UDP:1400 and TCP:1401 endpoints. These endpoints do support custom DNS servers instead.
Until version 1.7.0 for iOS, you will have to do a manual “Refresh infrastructure” in order to access the new preset.
Read the related report on GitHub.