passepartoutvpn.github.io/faq/index.html

181 lines
12 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en" itemscope itemtype="http://schema.org/Blog">
<head>
<title>Passepartout, OpenVPN client for iOS and macOS</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="author" content="Davide De Rosa" />
<meta name="description" content="Passepartout is a non-official, user-friendly OpenVPN® client for iOS and macOS." />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="apple-mobile-web-app-title" content="Passepartout">
<!-- Twitter -->
<meta name="twitter:card" content="summary" />
<meta name="twitter:site" content="@keeshux" />
<meta name="twitter:title" content="Passepartout" />
<meta name="twitter:url" content="https://passepartoutvpn.app" />
<meta name="twitter:image" content="https://passepartoutvpn.app/s/logo.png?1556698448" />
<meta name="twitter:description" content="Passepartout is a non-official, user-friendly OpenVPN® client for iOS and macOS." />
<!-- Facebook -->
<meta property="og:type" content="website" />
<meta property="og:url" content="https://passepartoutvpn.app" />
<meta property="og:title" content="Passepartout" />
<meta property="og:site_name" content="Passepartout" />
<meta property="og:description" content="Passepartout is a non-official, user-friendly OpenVPN® client for iOS and macOS." />
<meta property="og:image" content="https://passepartoutvpn.app/s/logo.png?1556698448" />
<!-- Google+ -->
<meta itemprop="name" content="Passepartout" />
<meta itemprop="description" content="Passepartout is a non-official, user-friendly OpenVPN® client for iOS and macOS." />
<meta itemprop="image" content="https://passepartoutvpn.app/s/logo.png?1556698448" />
<link rel="canonical" href="https://passepartoutvpn.app" />
<link rel="author" href="https://plus.google.com/+keeshux" />
<link rel="stylesheet" href="/s/main.css?1556698448" />
<link rel="stylesheet" href="/s/main-mobile.css?1556698448" media="only screen and (max-width: 600px)" />
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.3.1/css/all.css" integrity="sha384-mzrmE5qonljUremFsqc01SB46JvROS7bZs3IO2EmfFsd15uHvIt+Y8vEf7N7fWAU" crossorigin="anonymous">
<link rel="shortcut icon" href="/s/favicon.ico?1556698448" />
<link rel="apple-touch-icon" href="/s/iphone-icon-precomposed.png?1556698448" />
</head>
<body>
<div id="container">
<header>
<a href="https://passepartoutvpn.app"><img id="logo" src="/s/logo.svg" alt="Passepartout" /></a>
<h1><a href="https://passepartoutvpn.app">Passepartout</a></h1>
<p>A non-official, user-friendly OpenVPN® client for iOS. Soon for macOS.</p>
</header>
<main>
<h2 id="frequently-asked-questions">Frequently Asked Questions</h2>
<ul>
<li><a href="#my-provider-is-not-listed">My provider is not listed</a></li>
<li><a href="#why-is-compression-not-supported">Why is compression not supported?</a></li>
<li><a href="#im-on-wi-fi-but-my-device-shows-im-connected-via-lte">Im on Wi-Fi but my device shows Im connected via LTE</a></li>
<li><a href="#the-configuration-file-contains-an-unsupported-option-external-file">The configuration file contains an unsupported option (external file)</a></li>
<li><a href="#why-dont-siri-shortcuts-execute-in-the-background">Why dont Siri Shortcuts execute in the background?</a></li>
<li><a href="#it-seems-that-my-traffic-doesnt-necessarily-go-through-the-vpn">It seems that my traffic doesnt necessarily go through the VPN</a></li>
<li><a href="#id-like-to-see-a-today-widget-in-the-notification-center">Id like to see a Today Widget in the Notification Center</a></li>
<li><a href="#id-like-to-see-my-ip-address-in-the-app">Id like to see my IP address in the app</a></li>
</ul>
<h3 id="my-provider-is-not-listed">My provider is not listed</h3>
<p>You should contact with your provider to double check if there is interest in being added to Passepartout. Beware that some may be concerned instead. Ultimately, you can submit your provider request for a viability review to <a href="mailto:providers@passepartoutvpn.app">providers@passepartoutvpn.app</a>.</p>
<h3 id="why-is-compression-not-supported">Why is compression not supported?</h3>
<p><strong>UPDATE</strong>: due to user demands and broader compatibility, today Passepartout <em>does</em> support compression, but LZO only. Both <code class="highlighter-rouge">--comp-lzo [yes]</code> and <code class="highlighter-rouge">--compress lzo</code> are now legal options. Other algorithms (e.g. LZ4) are not supported and never will. All in all, the use of compression is still discouraged.</p>
<p>~</p>
<p>Some users may have noticed that Passepartout <del>is</del> was not compatible with any compression algorithm supported by OpenVPN. This <del>is</del> was intentional and <del>comes</del> came from a logical reasoning. Besides being a relevant overhead against marginal gains -most protocols in the application layer (e.g. HTTP) already use compression nowadays-, compression is vulnerable to an attack that may be able to reveal the secret session keys.</p>
<p>The attack is called VORACLE and is <a href="https://community.openvpn.net/openvpn/wiki/VORACLE">extensively explained</a> by the very authors of OpenVPN. Most major providers have taken action and fixed the issue, but many are still refraining to disable compression for no acceptable reason. In case this happens, you are warmly encouraged to report the issue immediately and possibly link to either the official resource you find above, as it comes directly from the software makers, or this page.</p>
<p>BEWARE: its not about making the app work, this is about <em>your safety</em>. Do prompt your provider to disable compression ASAP. Most of the time its as easy as tweaking a single configuration line on their backends.</p>
<p>Keeping it broken is absolutely irresponsible.</p>
<h3 id="im-on-wi-fi-but-my-device-shows-im-connected-via-lte">Im on Wi-Fi but my device shows Im connected via LTE</h3>
<p>The Wi-Fi/LTE icon (replace LTE with any cellular signal) while on VPN has been broken since iOS 10 or the like. Its something that Apple is unable to fix or doesnt bother fixing.</p>
<p>You should do a simple test. Verify your data consumption with your LTE provider website, normally phone providers have that. Now, when on VPN and the LTE icon appears in spite of Wi-Fi, download a relevant chunk of data. You may then learn that the plan is unaffected, implying that youre actually connected via Wi-Fi.</p>
<p>I havent found a workaround for this and its been there for almost two years. Yeah, its a shame.</p>
<h3 id="the-configuration-file-contains-an-unsupported-option-external-file">The configuration file contains an unsupported option (external file)</h3>
<p>Due to easier interoperability, the app does not support external files in the .ovpn main configuration. Thats because more often than not, it may not make sense referring to relative paths in a mobile device environment. Think of the Mail app for example. The fix is straightforward though, say you have an external <code class="highlighter-rouge">ca</code> file:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ca my-ca.crt
</code></pre></div></div>
<p>Just replace it with:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&lt;ca&gt;
...
content of my-ca.crt
...
&lt;/ca&gt;
</code></pre></div></div>
<p>The same applies to other settings like <code class="highlighter-rouge">cert</code>, <code class="highlighter-rouge">key</code>, <code class="highlighter-rouge">tls-auth</code> and <code class="highlighter-rouge">tls-crypt</code>.</p>
<h3 id="why-dont-siri-shortcuts-execute-in-the-background">Why dont Siri Shortcuts execute in the background?</h3>
<p>Unfortunately Apple is guilty of not fixing a related bug. I mean, its been there for years -since iOS 9 with my first bug report dating back to 2017- without them caring at all. No feedback and not even a proper response. And of course, no progress.</p>
<p>This is one of the several threads remarking the issue:</p>
<p><a href="https://forums.developer.apple.com/thread/96020">https://forums.developer.apple.com/thread/96020</a></p>
<p>Now, due to this bug, App Extensions cant control VPN using custom protocols -Siri Intents Extension in this case, in order to run shortcuts in the background. Only native VPN protocols work (IKEv2, IPsec etc.).</p>
<p>In short, theres really <em>nothing</em> I can do about it.</p>
<h3 id="it-seems-that-my-traffic-doesnt-necessarily-go-through-the-vpn">It seems that my traffic doesnt necessarily go through the VPN</h3>
<p>Unless <code class="highlighter-rouge">redirect-gateway</code> is either:</p>
<ul>
<li>Explicitly added to the .ovpn configuration</li>
<li>Pushed from the server</li>
</ul>
<p>the default gateway is NOT changed. That is, your external IP wont be the VPNs IP. Double check the “Default gateway” entry in the “Configuration” page to see how your host profile looks like. On the other hand, the default gateway is always enforced for provider profiles.</p>
<p>This has been recently fixed in Passepartout 1.6.0 as its the standard OpenVPN behavior. Before 1.6.0, Passepartout erroneously assumed that all traffic should go through the VPN implicitly.</p>
<p>Try <a href="https://www.iplocation.net/">this website</a> to test your external IP before and after this change.</p>
<h3 id="id-like-to-see-a-today-widget-in-the-notification-center">Id like to see a Today Widget in the Notification Center</h3>
<p>The reason behind not providing a widget is exactly the same as Siri Shortcuts. A widget would still need to open the app, thus making it quite useless.</p>
<h3 id="id-like-to-see-my-ip-address-in-the-app">Id like to see my IP address in the app</h3>
<p>The reason why Passepartout does not present any personal information in app is <em>privacy</em>. Obtaining ones IP address, regardless of being connected to a VPN or not, involves querying -and trusting- a third party service. Knowing such info is also of little use, given that most of the time you dont want to share your VPN IP address and therefore link your identity to it. However, this feature might be introduced later as a diagnostic tool.</p>
</main>
<footer>
<ul class="contacts">
<li><a href="https://www.producthunt.com/posts/passepartout-vpn" title="Passepartout on Product Hunt" class="fab fa-product-hunt"></a></li>
<li><a href="https://github.com/passepartoutvpn" title="Passepartout on GitHub" class="fab fa-github"></a></li>
<li><a href="https://patreon.com/keeshux" title="Support the author on Patreon!" class="fab fa-patreon"></a></li>
<li><a href="https://twitter.com/keeshux" title="Follow the author on Twitter!" class="fab fa-twitter"></a></li>
<li><a href="mailto:info@passepartoutvpn.app" title="Submit an inquiry" class="fa fa-envelope"></a></li>
</ul>
<ul class="secondary">
<li><a href="/faq/" title="Frequently Asked Questions">FAQ</a></li>
<li>&mdash;</li>
<li><a href="/disclaimer/" title="Disclaimer">Disclaimer</a></li>
<li>&mdash;</li>
<li><a href="/privacy/" title="Privacy policy">Privacy policy</a></li>
</ul>
<p class="notice">
Copyright (c) 2018 <a href="https://davidederosa.com" title="The author website">Davide De Rosa</a><br />
The logo is taken from the awesome <a href="https://www.iconfinder.com/iconsets/circle-icons-1" title="Circle Icons">Circle Icons</a> set by <a href="https://www.elegantthemes.com/" title="Elegant Themes">Nick Roach</a>
</p>
</footer>
</div>
</body>
</html>