passepartoutvpn / passepartout-apple Goto Github PK

VPN client for Apple platforms.

License: GNU General Public License v3.0

Ruby 0.10% Swift 98.33% Shell 1.00% Rich Text Format 0.11% Objective-C 0.46%

openvpn openvpn-client vpn ios network-extension macos osx siri-shortcuts ovpn shortcuts wireguard swiftui swiftui-learning combine tvos

passepartout-apple's Introduction

Passepartout

Passepartout is a user-friendly OpenVPN® and WireGuard® client for Apple platforms. The OpenVPN stack also implements the Tunnelblick XOR patch.

Overview

All profiles in one place

Passepartout lets you handle multiple profiles in one single place and quickly switch between them.

Ease of use

With its native look & feel, Passepartout focuses on ease of use. It does so by stripping the flags that are today obsolete or rarely used. With good approximation, it mimics the most relevant features you will find in the official OpenVPN and WireGuard clients.

Not to mention iCloud support, which makes your VPN profiles available on all your devices without any additional effort!

On demand

Define rules for Wi-Fi, cellular (iOS) or wired (macOS) networks to fine-grain how you automate your VPN connectivity.

Siri shortcuts

Enjoy the convenience of Siri shortcuts to automate frequent VPN actions.

Override network settings

Override default gateway, DNS (plus DoH/DoT), proxy and MTU settings right from the app. Don't bother editing the configuration file or your server settings. This is especially useful if you want to override your provider settings, e.g. to integrate your own DNS-based ad blocking.

See your connection parameters

Passepartout strives for transparency, by showing a fairly detailed yet understandable resume of your connection parameters.

Disconnect on sleep

Keeping the VPN active in the background provides smoother operation, but may be tough for the battery. You might want to use this feature if you're concerned about battery life. When the device goes to sleep, the VPN will disconnect to then reconnect on device wake-up.

No unrequested activity

Passepartout is a VPN client and does absolutely nothing else without your consent. The providers infrastructures are obtained via a static GitHub API if and only if you manually refresh them.

Presets for major providers

Passepartout can connect to a few well-known VPN providers with an existing account:

In preset mode, you can pick pre-resolved IPv4 endpoints when DNS is problematic.

Import configuration files

Passepartout can import .ovpn (OpenVPN) and .conf/.wg (WireGuard) configuration files as is. You can find details on what may or may not work in the related section of the TunnelKit README.

Installation

Requirements

iOS 15+ / macOS 12+ / tvOS 17+
Xcode 13+ (SwiftPM 5.3)
Git (preinstalled with Xcode Command Line Tools)
Ruby (preinstalled with macOS)
golang

It's highly recommended to use the Git and Ruby packages provided by Homebrew.

Testing

Download the app codebase locally:

$ git clone https://github.com/passepartoutvpn/passepartout-apple.git

Enter the directory and clone the submodules:

$ git submodule init
$ git submodule update

For everything to work properly, make sure to comply with all the capabilities/entitlements, both in the main app and the tunnel extension target.

Make sure to update Config.xcconfig according to your developer account and your identifiers:

CFG_TEAM_ID = A1B2C3D4E5
CFG_APP_ID = com.example.MyApp
CFG_APP_LAUNCHER_ID = com.example.MyApp.Launcher // macOS only
CFG_GROUP_ID = com.example.MyAppGroup // omit the "group." prefix
CFG_APPSTORE_ID = 1234567890 // optional for development, can be bogus

Also, PATH must include your golang installation in order to compile WireGuardKit:

PATH = $(PATH):/path/to/golang

To eventually test the app, open Passepartout.xcodeproj in Xcode and run the Passepartout target.

License

This project is licensed under the GPLv3.

Contributing

By contributing to this project you are agreeing to the terms stated in the Contributor License Agreement (CLA). For more details please see CONTRIBUTING.

Credits

The logo is taken from the awesome Circle Icons set by Nick Roach.

The country flags are taken from: https://github.com/lipis/flag-icon-css/

Kvitto - Copyright (c) 2015 Oliver Drobnik
lzo - Copyright (c) 1996-2017 Markus F.X.J. Oberhumer
PIATunnel - Copyright (c) 2018-Present Private Internet Access
SwiftGen - Copyright (c) 2018 SwiftGen
SwiftyBeaver - Copyright (c) 2015 Sebastian Kreutzberger

OpenVPN

WireGuard

OpenSSL

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (https://www.openssl.org/)

Community

A huge credit goes to:

My tiny group of 3 private beta testers
The 3600+ public testers using the beta on a daily basis
The continued support and feedback from the Passepartout community on Reddit
The overall patience of users affected by my bugs that actively collaborate in resolving them
All those who contributed to the amazingly high rating on the App Store

Translations

Chinese (Simplified): OnlyThen - @OnlyThen
Dutch: Norbert de Vreede - @paxpacis
English: Davide De Rosa (author)
French: Julien Laniel - @linkjul
German: Christian Lederer, Theodor Tietze
Greek: Konstantinos Koukoulakis
Italian: Davide De Rosa (author)
Polish: Piotr Książek
Portuguese: Helder Santana - @heldr
Russian: Alexander Korobynikov
Spanish: Davide De Rosa (author), Elena Vivó
Swedish: Henry Gross-Hellsen - @cowpod
Ukranian: Dmitry Chirkin - @josser

Usage

You are strongly encouraged to read carefully both the disclaimer and privacy policy before using this software.

Contacts

Twitter: @keeshux

Website: passepartoutvpn.app (FAQ)

passepartout-apple's People

Contributors

Stargazers

Watchers

Forkers

iremark bobqian1130 phrozen77 heldr shahidge4 brandonmreeves thelou1s kokos1405 trendingtechnology chengjingfeng imcto412 bobwang1979 aeonyang cowdogg cnucky zpzgone onlythen suwenclub deutsch4534 janvier-vip wuheidechuan opensourceios lijidarkx dovanvu1792 slicol uhtred009 outsourcestudio kevinheader finalwxj mingxinliang tools-env jsonpaul neotrilabs-myunghwan serkandurmaz mrsmoon yucheng82 chrisyu-chn happydreamtaken thepowerofswift damoguyan8844 tencentcoder acsaki rphaeh 4ndy-69 learnswifty stefanlemm jimmy54 archie02 hellotime linny006 bytesnomad ttmobl ndlwill touchfriend stribog-konsult-ltd chago iwoonnkaa tiffanggang zouxifeng surichard archideus hvince1 zhangyuge magicafe chen77777 lk26 optionalendeavors yanggis turlodales w22gb8 ajunlonglive xcly01 mylee0sptek rennaldy saynikolay romnial uwerasche fansidele kknet xygkevin akyyew panthro1 mario911 lzqlawrence johsonluo pig98 song-meng baronrustamov anatsking yaoqin8 sinyear mapbased josser zhanggenlove guanzhenbin okkann liaostr sintezcs seatimx ionicube

passepartout-apple's Issues

VPN status cell doesn't always enter active profile

E.g. consistently fails for profiles in non-visible cells.

I can not run it after finish pod install.

error: /Users/qsk/Desktop/qisike/passepartout-ios 2/Pods/Pods/Target Support Files/Pods-Passepartout-iOS-Tunnel/Pods-Passepartout-iOS-Tunnel.debug.xcconfig: unable to open file (in target "Passepartout-iOS-Tunnel" in project "Passepartout") (in target 'Passepartout-iOS-Tunnel')

Can I restrict the running of some software to connect via the OpenVPN configured line?

Excuse me, I want to ask you a question: Can you restrict certain software connections through OpenVPN configured lines in iOS, while other applications do not connect via OpenVPN configured lines?

testflight

its possible to enter onde more?:P

Use custom domain to access API

Something's very wrong with iOS (ATS?), in that GitHub API endpoints don't work when redirected (301) to custom domain. Replace passepartoutvpn.github.io with passepartoutvpn.app to work around the issue.

default	23:41:23.120043 +0100	Passepartout	23:41:23.111 💚 DEBUG WebServices.parse():81 - GET https://passepartoutvpn.github.io/passepartout-api/api/v2/net/pia.json
default	23:41:23.120290 +0100	Passepartout	23:41:23.112 💚 DEBUG WebServices.parse():82 - Request headers: ["If-Modified-Since": "Tue, 04 Dec 2018 09:58:28 GMT"]
default	23:41:24.374562 +0100	Passepartout	[2 <private> stream, pid: 7920, url: https://passepartoutvpn.app/passepartout-api/api/v2/net/pia.json, tls] cancelled. Events:
default	23:41:24.406525 +0100	Passepartout	23:41:24.404 ❤️ ERROR WebServices.parse():87 - Error (response): A server with the specified hostname could not be found.
default	23:41:24.407356 +0100	Passepartout	23:41:24.406 ❤️ ERROR InfrastructureFactory.update():140 - No response from web service or missing Last-Modified

Allow any character in profile name?

Thank you for supporting the dot in profile names!

Would it be possible to allow spaces as well?

(I think you can use those in filenames)

PS: I'm no native English speaker, but "Legal characters" (as currently used in the App) sounds weird to me. Rather than "legal" I would use "valid", "acceptable", or "allowed", but maybe a native speaker can provide a better word?

git submodule update failed

git submodule update failed with master and tag v1.7.0

Feature request: add DNS over TLS/HTTPS

It's nice that one can configure preferred DNS servers in Passepartout. Unfortunately this is only supporting the classic DNS over port 53, it seems. It would be nice if Passepartout also implemented the newer DNS over TLS (port 853) or DNS over HTTPS (port 443).

Would it be possible to add this?

Integration of low battery mode

Hi, it would be nice that "keep connection alive when device is asleep" feature (which use a lot of battery) auto toogle on and off whether phone is on power saver mode or not.

Thank 🙏

SoftEther connects without VPN icon

In fact nothing is routing through the VPN.

Pushing DOMAIN has no effect

Server version: OpenVPN 2.4.0 running on Debian 9.8

Using the option push "dhcp-option DOMAIN example.com" on the OpenVPN server has no effect when using Passepartout. You're still required to use FQDN when accessing a domain. It works without problem when using the OpenVPN Connect app.

This is probably not the right place to ask, but I'd love to join the beta-testing of this app since I'm very interested in the project!

Incorrect VPN status after the profile was renamed

Version: 1.0.3(1323)

When you try to rename "In use" host name that is active, VPN status in UI changes from "Enabled" to "Disabled". In reality, the connection is active and enabled. UI may need some update to reflect the correct status.

Support for split tunneling DNS-only ovpn profiles

Usecase: DNS-only VPN tunneling to a home OpenVPN/Pi-Hole DNS server to block ads via DNS filtering over cellular data and to SSH home computers. DNS-only tunnel used to block ads with minimal impact on home internet bandwidth. PiVPN is used to manage ovpn profiles/credentials.

Currently the OpenVPN Connect iOS app can successfully handle this feature. OpenVPN server version 2.4.0; OpenSSL 1.0.2r, LZO 2.08.

Sidenote: As a control, full tunneling via Mullvad was used to verify that Passepartout works on my phone.

Issue: On Passepartout v1.6.0 (1779) and below, my home's LAN is accessible and my DNS server is properly logging my DNS requests, but websites do not resolve. Side note, for DNS-only tunneling to work, my OpenVPN server cannot use the “redirect-gateway” flag.
In all scenarios using Passepartout:

Default gateway: None
Domain: None
Proxy/Proxy (HTTPS): None

Successful password-protected OVPN profile (via OpenVPN Conect app) with certs, IP’s, and keys omitted:

client
dev tun
proto udp
remote 108.xxx.x.xxx 1194
<ca>
-----BEGIN CERTIFICATE-----
[cert goes here]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[cert goes here]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
[key goes here]
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
[key goes here]
-----END OpenVPN Static key V1-----
</tls-crypt>

Successful connection log via OpenVPN iOS app (both home LAN access and DNS resolution):

2019-04-26 13:19:57 1

2019-04-26 13:19:57 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct  3 2018 06:35:04

2019-04-26 13:19:57 Frame=512/2048/512 mssfix-ctrl=1250

2019-04-26 13:19:57 EVENT: RESOLVE

2019-04-26 13:19:57 Contacting [108.203.8.184]:1194/UDP via UDP

2019-04-26 13:19:57 EVENT: WAIT

2019-04-26 13:19:57 Connecting to [108.xxx.x.xxx]:1194 (108.xxx.x.xxx) via UDPv4

2019-04-26 13:19:57 EVENT: CONNECTING

2019-04-26 13:19:57 Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client

2019-04-26 13:19:57 Creds: UsernameEmpty/PasswordEmpty

2019-04-26 13:19:57 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=1
IV_AUTO_SESS=1
IV_BS64DL=1


2019-04-26 13:19:57 VERIFY OK : depth=1
cert. version     : 3
serial number     : 9F:xx:xx:xx:xx:xx:xx:xx
issuer name       : CN=ChangeMe
subject name      : CN=ChangeMe
issued  on        : 2018-10-24 21:00:42
expires on        : 2028-10-21 21:00:42
signed using      : ECDSA with SHA256
EC key size       : 256 bits
basic constraints : CA=true
key usage         : Key Cert Sign, CRL Sign


2019-04-26 13:19:57 VERIFY OK : depth=0
cert. version     : 3
serial number     : 6B:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
issuer name       : CN=ChangeMe
subject name      : CN=server_xxxxxxxxxx
issued  on        : 2018-10-24 21:00:42
expires on        : 2028-10-21 21:00:42
signed using      : ECDSA with SHA256
EC key size       : 256 bits
basic constraints : CA=false
subject alt name  : server_xxxxxxxxxx
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication


2019-04-26 13:19:57 SSL Handshake: TLSv1.2/TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

2019-04-26 13:19:57 Session is ACTIVE

2019-04-26 13:19:57 EVENT: GET_CONFIG

2019-04-26 13:19:57 Sending PUSH_REQUEST to server...

2019-04-26 13:19:57 OPTIONS:
0 [dhcp-option] [DNS] [192.168.1.82] 
1 [block-outside-dns] 
2 [route-gateway] [10.8.0.1] 
3 [topology] [subnet] 
4 [ping] [10] 
5 [ping-restart] [60] 
6 [ifconfig] [10.8.0.2] [255.255.255.0] 
7 [peer-id] [0] 
8 [cipher] [AES-256-GCM] 


2019-04-26 13:19:57 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA1
  compress: NONE
  peer ID: 0

2019-04-26 13:19:57 EVENT: ASSIGN_IP

2019-04-26 13:19:57 NIP: preparing TUN network settings

2019-04-26 13:19:57 NIP: init TUN network settings with endpoint: 108.xxx.x.xxx

2019-04-26 13:19:57 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0

2019-04-26 13:19:57 NIP: adding (included) IPv4 route 10.8.0.0/24

2019-04-26 13:19:57 NIP: adding DNS 192.168.1.82

2019-04-26 13:19:57 NIP: adding match domain ALL

2019-04-26 13:19:57 NIP: adding DNS specific routes:

2019-04-26 13:19:57 NIP: adding (included) IPv4 route 192.168.1.82/32

2019-04-26 13:19:57 Connected via NetworkExtensionTUN

2019-04-26 13:19:57 EVENT: CONNECTED 108.xxx.x.xxx:1194 (108.xxx.x.xxx) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

This ovpn profile used in Passepartout (1.5.0/1.6.0 b1779) successfully allows me to access my home's LAN DNS server while on cellular. Attempts to connect to websites show up as successfully forwarded in my DNS server logs, but do not resolve.

OVPN profile with no password via Passepartout v1.5.0 Debug log (successul LAN access):

App: Passepartout 1.5.0 (1733)
OS: iOS 12.1.1
Device: iPhone

13:51:34 - Starting tunnel...
13:51:34 - App version: Passepartout 1.5.0 (1733)
13:51:34 - 	Protocols: [UDP:1194]
13:51:34 - 	Cipher: AES-256-GCM
13:51:34 - 	Digest: HMAC-SHA1
13:51:34 - 	Compression framing: disabled
13:51:34 - 	Compression algorithm: disabled
13:51:34 - 	Client verification: enabled
13:51:34 - 	TLS wrapping: crypt
13:51:34 - 	Keep-alive: never
13:51:34 - 	Renegotiation: never
13:51:34 - 	Server EKU verification: disabled
13:51:34 - 	MTU: 1250
13:51:34 - 	Debug: true
13:51:34 - 	Masks private data: true
13:51:34 - Current SSID: none (disconnected from WiFi)
13:51:34 - Creating link session
13:51:34 - DNS resolve hostname: #310347224060b108#
13:51:34 - DNS resolved addresses: ["#310347224060b108#"]
13:51:34 - Will connect to #310347224060b108#:1194
13:51:34 - Socket type is NEUDPSocket
13:51:34 - Socket state is preparing (endpoint: #47c48f45b5fa3155# -> in progress)
13:51:34 - Socket state is ready (endpoint: #e70c6d350c1d7438# -> #72fc98e7ec07700d#)
13:51:34 - Starting VPN session
13:51:34 - Send hard reset
13:51:34 - Negotiation key index is 0
13:51:34 - Control: Enqueued 1 packet [0]
13:51:34 - Control: Write control packet {HARD_RESET_CLIENT_V2 | 0, sid: 4c650e08556c66a7, pid: 0, [0 bytes]}
13:51:34 - Send control packet (54 bytes): 384c650e08556c66a7000000015cc36f56afa0981cbeebcf0908f75a539196228fb4abae893d96a7e4d6c8e169e8d9fcbd14c00f4a51
13:51:34 - Control: Try read packet with code HARD_RESET_SERVER_V2 and key 0
13:51:34 - Control: Read packet {HARD_RESET_SERVER_V2 | 0, sid: 9d81ec74d47cea07, acks: {[0], 4c650e08556c66a7}, pid: 0}
13:51:34 - Send ack for received packetId 0
13:51:34 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[0], 9d81ec74d47cea07}}
13:51:34 - Control: Remote sessionId is 9d81ec74d47cea07
13:51:34 - Start TLS handshake
13:51:34 - TLS.connect: Pulled ciphertext (176 bytes)
13:51:34 - Control: Enqueued 1 packet [1]
13:51:34 - Control: Write control packet {CONTROL_V1 | 0, sid: 4c650e08556c66a7, pid: 1, [176 bytes]}
13:51:34 - Send control packet (230 bytes): 204c650e08556c66a7000000035cc36f568be988d78c42f98d001eef442d57fbe0697d8ec41b82e80435161cf2dd8c847ede6a1d6db40689d7c20bf75ba542d6f8224e215b0e022ea479888d431703624405e912b21e7bd2f4ebfa0385799b3704a25af5386df035b5d4534f8b9c8019cab2e937d468a15db7eac0f0f748e3bc09237bdc6f3d7fe67ee041f7faba80ffd9dc90f65fbb50d1c92d8147895f7a0b6244b8d714f7b42e55d97832d24fa1e16e66c7f2cf274e59c49475a7b9f831af3bcf331499129f855bc17ae48fedacea10132b91665472b88fb1b00b1249402f222248db0799
13:51:34 - Ack successfully written to LINK for packetId 0
13:51:34 - Control: Try read packet with code CONTROL_V1 and key 0
13:51:34 - Control: Read packet {CONTROL_V1 | 0, sid: 9d81ec74d47cea07, acks: {[1], 4c650e08556c66a7}, pid: 1, [1062 bytes]}
13:51:34 - Send ack for received packetId 1
13:51:34 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[1], 9d81ec74d47cea07}}
13:51:34 - TLS.connect: Put received ciphertext (1062 bytes)
13:51:34 - Control: Try read packet with code CONTROL_V1 and key 0
13:51:34 - Control: Read packet {CONTROL_V1 | 0, sid: 9d81ec74d47cea07, pid: 2, [160 bytes]}
13:51:34 - Send ack for received packetId 2
13:51:34 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[2], 9d81ec74d47cea07}}
13:51:34 - TLS.connect: Put received ciphertext (160 bytes)
13:51:34 - TLS.connect: Send pulled ciphertext (1093 bytes)
13:51:34 - Control: Enqueued 1 packet [2]
13:51:34 - Control: Write control packet {CONTROL_V1 | 0, sid: 4c650e08556c66a7, pid: 2, [1093 bytes]}
13:51:34 - Send control packet (1147 bytes): 204c650e08556c66a7000000065cc36f56b6a56c0fa427bd3b58c483c24ddd0e8ef56ccc920beef8978fce2ad26615874a13651f6c44aa4513d329757e3e865d41aa2f5807004ea7d2e8f3c012d061d160cf348381c6ee84406f29c8473acd493e42c76529149bcec81881e516e45fc84e470597a1866f3f7ace7e93f3372ed0bb4fe7dde31b4c3a407998be56c5b2e44d0abd54b67cc879be4babf3aaebca1d3f86f7d8ccced9f776fcfdd4179be3a9d87b653509f0e0676bda7ff099ee0af4d34baccd06d52de3c4d2cdc0fb00e7efa1c42fa3581909929075c9c609a59a6487c44056f54eabbc309bc32c0459081bd50399ad115f817bd5a68da8082916dd81c34981c6f1d8929ce3ae805e0010bbb88309b92d7823d2a7724682fe66b5fc06167238e2e6ba3801d5f80a520f387a7f73efe29c3c4b51a526b2a3ddc048207c269908815a35e007813dba9472540b0b2b65fab9b45f863de11cc4049914b6029d380f91376e351cc4e0c35e908f998d40109caee25ed9c91451ace30f06f616a56e371b070195f4b00d8cdcd350def5ad788fc3baf4a8e01a41c1a3b9f3395b054e0018a6713e59cb68e5e9bb492199860e0e1f3c5102d0e3684599a983236afcc17ea380b31e3d49e9639198762d4606900e71a6b7f3a49af372a7e4ac03e271c6a4eadb21067d41ca16cd851bfd710fc017ca48cb6f33801ab77a624b81909b1f965dd17fe05a2637fcc8e1f46ca4db8aad3c2e83fc9df424e4f0064a868fbc7d098f2207d0312116f7a569fb7cb603da2915ef6363456ab9380108b183c5c93718b545a3e636bf0df6ec9df051843aaeea36ba0f02b461956026efc7af9202fe5daafee8d472b39ccb836aaf437b08b1a6f646b7e9fadee2ac75c9c4c2dceac66ba62db82064e7bd44948e8f93e16cbb9dbae3ff86621a086b5f25c2c8b37d8b273fffaa5fab183381b53ab7cb58c2508ef3338a8b650af5f8e6193d8d7a6a22ff3f7682fb3c5d6d1fec43936559f7f5a3594883f1f4d72c1dd60900c7292fb33367d16b67aa94c63c0cc41e700489333350d99a312c5f2c3c71ce217a3e62200b22df5987211dd1a97dca5935e7bec9421c31454d0cc55c582a5b05ef92908d342768c10aac0baee7796020c617f60d9b268da9e4902da373b17027169f81d768e0de2d15986bac248ddc4006aa7f44e626725151902812b727858291b372b625907e3bb06b65da4ebaa9c0338d4e377afe5d87fa13c482240eb00d1a4b2be67ee2b65ad2e1680e8a0ca30d7c0ee007304aac5d051af93ed2f525ee7d1b65deaafd43bb6644748afd3e641def66aa81af0e7123e9baf30e4770bf670af96d967a671a08fd1fb832d78015abf3300d13830125bf8e56fb4cddb592eb869748ee2d2c7cc085ca422da6b6c72832775f59946b5fed130189fbafc127e8bd540e67f5f1c7b96ef48e24d54520b0939803dc76178e1e9f5bacd08e7c1558110cd44a0ebe03d92b2d447454c3f81d3011367d792e94105962eaf46ad163d9e1a247abf3e47994d8facb6332d375a455603c78b218b9c52551f62858e2899b52e9a046cf76394f1d73d5b44a25529f958e1049245a2dcbf65e6712
13:51:34 - Ack successfully written to LINK for packetId 1
13:51:34 - Ack successfully written to LINK for packetId 2
13:51:34 - Control: Skip writing packet with packetId 2 (sent on 2019-04-26 20:51:34 +0000, 0.02056896686553955 seconds ago)
13:51:34 - Control: Try read packet with code CONTROL_V1 and key 0
13:51:34 - Control: Read packet {CONTROL_V1 | 0, sid: 9d81ec74d47cea07, acks: {[2], 4c650e08556c66a7}, pid: 3, [51 bytes]}
13:51:34 - Send ack for received packetId 3
13:51:34 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[3], 9d81ec74d47cea07}}
13:51:34 - TLS.connect: Put received ciphertext (51 bytes)
13:51:34 - TLS.connect: Handshake is complete
13:51:34 - TLS.auth: Local options: V4,cipher AES-256-GCM,auth SHA1,keysize 256,tls-crypt
13:51:34 - TLS.auth: Put plaintext (325 bytes)
13:51:34 - TLS.auth: Pulled ciphertext (354 bytes)
13:51:34 - Control: Enqueued 1 packet [3]
13:51:34 - Control: Write control packet {CONTROL_V1 | 0, sid: 4c650e08556c66a7, pid: 3, [354 bytes]}
13:51:34 - Send control packet (408 bytes): 204c650e08556c66a7000000085cc36f568d305a88bfc785a992b0d4207300dca42552585244f19a5242474bef0c0ff8efd47b04f66b804bacf94076bafac8722bdcc7b646865848b9516247774f69074eb7a8135ca2dd4d86186f6c9a684034237378b06a95312e2bd1ec35c49a415adf15054127c22694bbe7ffd3f56e9a816f7c5f996b626c1c794a5f61c4829e343928ed5c44997fb052b45e18f42eca59bc7cdbb0e8c47eea2ee0f0ccfe499b0709188210ee2b8fd2e2ba4deff5d026162d06d8517b6d653e96adeb543846a9df47d5c58f2deea25966390106e3e4891dd5c076762d18e9995cdd353e8cccce3e842d052e7613e3f5dce9a4dc18625073f6d12af028c2cae0d35d7bedccd2ede90a2e0f5dbcd5a4512a476a8422298da44a06b2486c98b0151a361e4ff64dbf9469b68ad50693f4e4afd594df78d65aa71921121e5d16cd224bea872c3a92588b6cece50d7708967c9147df271926e3a7a4566e867a0aff91faa45c250ee6d93057abd6016b0fc6c3d10db5f5951a379c1db0ca113ff1b1b885dcc148ff08084b4e32bcd866b8eb69
13:51:34 - Ack successfully written to LINK for packetId 3
13:51:34 - Control: Skip writing packet with packetId 3 (sent on 2019-04-26 20:51:34 +0000, 0.07237398624420166 seconds ago)
13:51:35 - Control: Try read packet with code CONTROL_V1 and key 0
13:51:35 - Control: Read packet {CONTROL_V1 | 0, sid: 9d81ec74d47cea07, acks: {[3], 4c650e08556c66a7}, pid: 4, [228 bytes]}
13:51:35 - Send ack for received packetId 4
13:51:35 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[4], 9d81ec74d47cea07}}
13:51:35 - TLS.connect: Put received ciphertext (228 bytes)
13:51:35 - Pulled plain control data (199 bytes)
13:51:35 - TLS.auth: Parsed server random
13:51:35 - TLS.auth: Parsed server opts: "V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server"
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Ack successfully written to LINK for packetId 4
13:51:35 - TLS.ifconfig: Put plaintext (PUSH_REQUEST)
13:51:35 - TLS.ifconfig: Send pulled ciphertext (42 bytes)
13:51:35 - Control: Enqueued 1 packet [4]
13:51:35 - Control: Write control packet {CONTROL_V1 | 0, sid: 4c650e08556c66a7, pid: 4, [42 bytes]}
13:51:35 - Send control packet (96 bytes): 204c650e08556c66a70000000a5cc36f578e4bfc88cd598d1f2ba3821de3c36afdbb3ecb4874f8a2f3fa202fb3b57c89fc39ee683826bb4534d05678a4eaae2a6e6ef901efd79a49f98a3499c8018934b3ea6c252e608ae730ce1f13b1b3fed1
13:51:35 - Control: Skip writing packet with packetId 4 (sent on 2019-04-26 20:51:35 +0000, 0.004279971122741699 seconds ago)
13:51:35 - Control: Try read packet with code ACK_V1 and key 0
13:51:35 - Control: Read packet {ACK_V1 | 0, sid: 9d81ec74d47cea07, acks: {[4], 4c650e08556c66a7}}
13:51:35 - Control: Try read packet with code CONTROL_V1 and key 0
13:51:35 - Control: Read packet {CONTROL_V1 | 0, sid: 9d81ec74d47cea07, pid: 5, [211 bytes]}
13:51:35 - Send ack for received packetId 5
13:51:35 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[5], 9d81ec74d47cea07}}
13:51:35 - TLS.connect: Put received ciphertext (211 bytes)
13:51:35 - Pulled plain control data (182 bytes)
13:51:35 - Parsed control message (181 bytes)
13:51:35 - Received PUSH_REPLY: "#a35ef33beb75dc70#"
13:51:35 - Set up encryption
13:51:35 - 	Negotiated cipher: AES-256-GCM
13:51:35 - 	Negotiated keep-alive: 10.0 seconds
13:51:35 - Session did start
13:51:35 - Returned ifconfig parameters:
13:51:35 - 	Remote: #310347224060b108#
13:51:35 - 	IPv4: addr #a528a528834309ef# netmask 255.255.255.0 gw #38fc73bfa953c6f4# routes []
13:51:35 - 	IPv6: not configured
13:51:35 - 	DNS: ["#2b624e5f15f7f2e9#"]
13:51:35 - 	Domain: not configured
13:51:35 - Ack successfully written to LINK for packetId 5
13:51:35 - Tunnel interface is now UP
13:51:45 - Data: Received ping, do nothing
13:51:58 - Data: Received ping, do nothing
13:52:08 - Data: Received ping, do nothing
13:52:12 - Stopping tunnel...
13:52:12 - Trigger shutdown on request
13:52:12 - Session did stop
13:52:12 - Failed LINK read: Error Domain=NSPOSIXErrorDomain Code=89 "Operation canceled"
13:52:12 - Socket state is cancelled (endpoint: #76a270e3ffdceff4# -> #456f78a1449bd2a5#)
13:52:12 - Cleaning up...
13:52:12 - Tunnel did stop on request
13:52:12 - Flushing log...

OVPN profile with no password via Passepartout v1.6.0 (1779) Debug log attempting to connect to GitHub.com:

App: Passepartout 1.6.0 (1779)
OS: iOS 12.1.1
Device: iPhone

14:04:44 - Starting tunnel...
14:04:44 - App version: Passepartout 1.6.0 (1779)
14:04:44 - 	Protocols: [UDP:1194]
14:04:44 - 	Cipher: AES-256-GCM
14:04:44 - 	Digest: HMAC-SHA1
14:04:44 - 	Compression framing: disabled
14:04:44 - 	Compression algorithm: disabled
14:04:44 - 	Client verification: enabled
14:04:44 - 	TLS wrapping: crypt
14:04:44 - 	Keep-alive: never
14:04:44 - 	Renegotiation: never
14:04:44 - 	Server EKU verification: disabled
14:04:44 - 	Default gateway: no
14:04:44 - 	DNS: default
14:04:44 - 	MTU: 1250
14:04:44 - 	Debug: true
14:04:44 - 	Masks private data: true
14:04:44 - Current SSID: none (disconnected from WiFi)
14:04:44 - Creating link session
14:04:44 - DNS resolve hostname: #310347224060b108#
14:04:44 - DNS resolved addresses: ["#310347224060b108#"]
14:04:44 - Will connect to #310347224060b108#:1194
14:04:44 - Socket type is NEUDPSocket
14:04:44 - Socket state is ready (endpoint: #bbbb753a7261c5db# -> in progress)
14:04:44 - Starting VPN session
14:04:44 - Send hard reset
14:04:44 - Negotiation key index is 0
14:04:44 - Control: Enqueued 1 packet [0]
14:04:44 - Control: Write control packet {HARD_RESET_CLIENT_V2 | 0, sid: 5bc32ea217028a6f, pid: 0, [0 bytes]}
14:04:44 - Send control packet (54 bytes): 385bc32ea217028a6f000000015cc3726ce30091305bdaa2faee24c180f5e6575e485cc1a35cea9d8fb02680e292bcf5cb6bb5001d78
14:04:44 - Socket state is ready (endpoint: #17362caa976d00a4# -> #d10cbfdc763c01c6#)
14:04:44 - Control: Try read packet with code HARD_RESET_SERVER_V2 and key 0
14:04:44 - Control: Read packet {HARD_RESET_SERVER_V2 | 0, sid: caafe4052af89e6c, acks: {[0], 5bc32ea217028a6f}, pid: 0}
14:04:44 - Send ack for received packetId 0
14:04:44 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[0], caafe4052af89e6c}}
14:04:44 - Control: Remote sessionId is caafe4052af89e6c
14:04:44 - Start TLS handshake
14:04:44 - TLS.connect: Pulled ciphertext (176 bytes)
14:04:44 - Control: Enqueued 1 packet [1]
14:04:44 - Control: Write control packet {CONTROL_V1 | 0, sid: 5bc32ea217028a6f, pid: 1, [176 bytes]}
14:04:44 - Send control packet (230 bytes): 205bc32ea217028a6f000000035cc3726ca60a195e8e14295451bb62fe337a08b7eb825f4b6af598fc0caff3d28ca7c7dc738456332619ad2e98515c36abfc72467e1f6c44a44d1a04c27f2ee53e42a66fa3284f679d6381dda53db3af9e468b0834b4a3850813179515ed5569a7b3145fcd614a027e43b8f8b0189648edab28a639aa4ec610ff6fb1c5bee9b59be6115e694159754da3b76744ce35f6bebefc6514ad0b0763351dbace1c371015402bf2e695312cd462660b21b58aa139482ae228e4036b9f8cb9ee26425fd2ee080ffb04c1e8c8ea0e622feea4cc659758663bd9cb059415
14:04:44 - Ack successfully written to LINK for packetId 0
14:04:44 - Control: Skip writing packet with packetId 1 (sent on 2019-04-26 21:04:44 +0000, 0.06633496284484863 seconds ago)
14:04:44 - Control: Try read packet with code CONTROL_V1 and key 0
14:04:44 - Control: Read packet {CONTROL_V1 | 0, sid: caafe4052af89e6c, acks: {[1], 5bc32ea217028a6f}, pid: 1, [1062 bytes]}
14:04:44 - Send ack for received packetId 1
14:04:44 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[1], caafe4052af89e6c}}
14:04:44 - TLS.connect: Put received ciphertext (1062 bytes)
14:04:44 - Control: Try read packet with code CONTROL_V1 and key 0
14:04:44 - Control: Read packet {CONTROL_V1 | 0, sid: caafe4052af89e6c, pid: 2, [160 bytes]}
14:04:44 - Send ack for received packetId 2
14:04:44 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[2], caafe4052af89e6c}}
14:04:44 - TLS.connect: Put received ciphertext (160 bytes)
14:04:44 - TLS.connect: Send pulled ciphertext (1092 bytes)
14:04:44 - Control: Enqueued 1 packet [2]
14:04:44 - Control: Write control packet {CONTROL_V1 | 0, sid: 5bc32ea217028a6f, pid: 2, [1092 bytes]}
14:04:44 - Send control packet (1146 bytes): 205bc32ea217028a6f000000065cc3726c55101429d079ae0c4aa338bb55dca98fbdbe90a0004113f86ad0cc781fc7098f77c5e33521c0c48addf83f29e7937488644241a415ef4f513070d1b5262cb8e1219eaf339bf96570e70992d3948d0b7d2c639756e7b5388c9411bcfe50d8c435ed25bb4e94dfd4519c12d182281e9bdbee076f70fc5a4f33596ebc075499bf9f67eb82ed001a90b94376168aaecaaac60eeed7261cd35a4e53bc2d5c1c799026a4dad6f1d7aae300714f52012b37f7e0e9e767e2bc46fe41a91edf81039618f238c04074e4f1670cdcc522e4f5aa8c499fe16ab01c21bc71e673701e3b1f23fa335664db1fe4852cb6fba5401acec277f3af5b497f04f1625693bce13d7316d34251a81838c6f2849ce471c0d27ba54d5c859c29bedade304226fd885df32265cdcc34f150d09e3fd55a67d22ec5139909bf8db6b5f6e8bb08f356f9a41ac534e644a644a2cd0d86ce8e0395b528529d45ced14983aa6db23fd85abaef7a097e0e137b6420b102246ef4f89f682379bc3be75f9c75c3b0b4f03553a5d997843a8ffb02fc7da167fcd567035496b61b116d346e98dd6983d312f8833a560fc967fbf8de0049cd28c6ba877fdc0bccb50072f2d5ffd4963fd0311fa840246f7d497f16eb9fdc2134a27096a51858af58eb1be96437566a5a8238b3fd0d335cf94ef61849a8f5a6dc691429341cf35a3a185905e924a11077f5cde739a17a89cbc753692168464d4ea8723cd56e354ae07ab7633a8d7c2c2e12d2ad0032015e80d2e04b53e517ddc108395414999bf3cf154f3b82efc866e703803bef858b196f7975978d2926f42808689a12e222adc3934168e13af1fced2fdde6d4f49ca2f81e977527557a170fbd86c451cdcea2d9d221e3cc1b6eb7eca4869d7482a8495308c2d92bf5258b9a7d3f8f30a43c647d12cd613a6abce306d7f70b910d80e0caae741554e0ea0de26da774159aabfd91aebf7da0c68a330a0f624e5c233a5cda29c600d20bf0f3c766c7e1f4a4a991c27a9c0c383d132984350d35ed425b27391f7fb77f0c49d60da8bdf34e8f5858b74aa414791cfad372f13c3c4c9c6f9fe6073b0467b436c06944582366934864d873b0f755c547af41c78520b832afc75e2219e07272eabef405cbfa1d1ee238239bd9f2ac1b743f2bc3d2ef06b3526abbbb7b4fc0381f4c29525714330385c90e70f72d122df7cb10d086f8dc34ce719a102e566f24e8a74fc7b1a31ae96241fc645f5db4ba34daab3681fb097600975cd8fd36b296f25dd6cf97ef2e3493d4e42dcd9a702e1c88afc21babf2799c1d58841cdcf52528ab039852944f22001501d3c424a02ca4215430fdcdfb94b932806a89f156278322a6268f07391646ac76d8ec45d59497dc04452fc39b8d9774f143fc02dd1b5e9d829f7b81a857d5f08e90f3dddde771f4b105e377158ccc52b0d30f812b0356a400dfdd1148145bc528a9d919ab9454dfb44f3eb98f1f5fc154f1d9cf019c722730c33be07bf3e83ed106548681056ff38a23c668d350be836a18f2acc61e31ef34c4a7d9852a8e2d9ed17eacb515aa11df20d7043740be8082fe5c6240149be931135a
14:04:44 - Ack successfully written to LINK for packetId 1
14:04:44 - Ack successfully written to LINK for packetId 2
14:04:44 - Control: Try read packet with code CONTROL_V1 and key 0
14:04:44 - Control: Read packet {CONTROL_V1 | 0, sid: caafe4052af89e6c, acks: {[2], 5bc32ea217028a6f}, pid: 3, [51 bytes]}
14:04:44 - Send ack for received packetId 3
14:04:44 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[3], caafe4052af89e6c}}
14:04:44 - TLS.connect: Put received ciphertext (51 bytes)
14:04:44 - TLS.connect: Handshake is complete
14:04:44 - TLS.auth: Local options: V4,dev-type tun,cipher AES-256-GCM,auth SHA1,keysize 256,key-method 2,tls-client,keydir 1
14:04:45 - TLS.auth: Put plaintext (361 bytes)
14:04:45 - TLS.auth: Pulled ciphertext (390 bytes)
14:04:45 - Control: Enqueued 1 packet [3]
14:04:45 - Control: Write control packet {CONTROL_V1 | 0, sid: 5bc32ea217028a6f, pid: 3, [390 bytes]}
14:04:45 - Send control packet (444 bytes): 205bc32ea217028a6f000000085cc3726c223a0cb5d6bdff9ef0a92ccfe9e5f44ce7293287c48b324e068a3b6e72e9651a6357d2eb8c211ec4318e58bad4521cb0a349bcaba08249739bd2a7d40aa25e66c049407867929d35e2e47d50617fd30d729129d0dcac7ee445b4ca27a1096585f0a84a39e524c66932e300590398476d1327e6f4c9848d429c1b9fd55893369be6be49823e3b0f5d86f97d8a5796acc049c2dfcb63a9dcad35caad3174dfe97d827b27b2988dec784283644c1c3c6671722b4445eadd0661e00dfaf682162f66ccd72e519f8ab51a8e9a717f223e93dbc181a6c33e65be8da05f920400a6830eb48c11ea7770fea67098d4987e6dbb475c85ac87ac281001bdfb4b373c3f76951fd6af2690d4b9fb2abf5e5137012fbad85b610f2b7536606129c25cdc1d8bb6aaec0430087c7be17b4ce6230e2961d6868c0a7ffc97de29a846156bf687552792a706982abbb6a62dc9a2e8053e55ee2d2eca6a13c67dd0221c70e885fc8dc6806ea94063bbdd27af2cd05dba5fcbc6bffeeffff973fad95e0b6272956a31776b2e872d88c45b62dbc5b2d86596feac20c498e494b25c5f14829241842e2e3cf1356b52b9334cf1501a97
14:04:45 - Ack successfully written to LINK for packetId 3
14:04:45 - Control: Skip writing packet with packetId 3 (sent on 2019-04-26 21:04:45 +0000, 0.01120901107788086 seconds ago)
14:04:45 - Control: Try read packet with code CONTROL_V1 and key 0
14:04:45 - Control: Read packet {CONTROL_V1 | 0, sid: caafe4052af89e6c, acks: {[3], 5bc32ea217028a6f}, pid: 4, [228 bytes]}
14:04:45 - Send ack for received packetId 4
14:04:45 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[4], caafe4052af89e6c}}
14:04:45 - TLS.connect: Put received ciphertext (228 bytes)
14:04:45 - Pulled plain control data (199 bytes)
14:04:45 - TLS.auth: Parsed server random
14:04:45 - TLS.auth: Parsed server opts: "V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server"
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Ack successfully written to LINK for packetId 4
14:04:45 - TLS.ifconfig: Put plaintext (PUSH_REQUEST)
14:04:45 - TLS.ifconfig: Send pulled ciphertext (42 bytes)
14:04:45 - Control: Enqueued 1 packet [4]
14:04:45 - Control: Write control packet {CONTROL_V1 | 0, sid: 5bc32ea217028a6f, pid: 4, [42 bytes]}
14:04:45 - Send control packet (96 bytes): 205bc32ea217028a6f0000000a5cc3726cccbe78aa938255c8727aad2ef22668c78f339173c724c8cd70b0bb09ff4c77a20b295aceab9eab58f429a864c9449044c36db10b437ec3d90e396041b82acaee39c3fd7e945956aaeb2287bcef7da8
14:04:45 - Control: Skip writing packet with packetId 4 (sent on 2019-04-26 21:04:45 +0000, 0.00359499454498291 seconds ago)
14:04:45 - Control: Try read packet with code ACK_V1 and key 0
14:04:45 - Control: Read packet {ACK_V1 | 0, sid: caafe4052af89e6c, acks: {[4], 5bc32ea217028a6f}}
14:04:45 - Control: Try read packet with code CONTROL_V1 and key 0
14:04:45 - Control: Read packet {CONTROL_V1 | 0, sid: caafe4052af89e6c, pid: 5, [211 bytes]}
14:04:45 - Send ack for received packetId 5
14:04:45 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[5], caafe4052af89e6c}}
14:04:45 - TLS.connect: Put received ciphertext (211 bytes)
14:04:45 - Pulled plain control data (182 bytes)
14:04:45 - Parsed control message (181 bytes)
14:04:45 - Received PUSH_REPLY: "#6d345acacf19b44f#"
14:04:45 - Set up encryption
14:04:45 - 	Negotiated cipher: AES-256-GCM
14:04:45 - 	Negotiated keep-alive: 10.0 seconds
14:04:45 - Session did start
14:04:45 - Returned ifconfig parameters:
14:04:45 - 	Remote: #310347224060b108#
14:04:45 - 	IPv4: addr #a528a528834309ef# netmask 255.255.255.0 gw #38fc73bfa953c6f4# routes []
14:04:45 - 	IPv6: not configured
14:04:45 - 	Default gateway: not configured
14:04:45 - 	DNS: ["#2b624e5f15f7f2e9#"]
14:04:45 - 	Domain: not configured
14:04:45 - Ack successfully written to LINK for packetId 5
14:04:45 - Tunnel interface is now UP
14:04:55 - Send ping
14:04:55 - Data: Received ping, do nothing
14:05:02 - Stopping tunnel...
14:05:02 - Trigger shutdown on request
14:05:02 - Session did stop
14:05:02 - Failed LINK read: Error Domain=NSPOSIXErrorDomain Code=89 "Operation canceled"
14:05:02 - Socket state is cancelled (endpoint: #6327397583d5df22# -> #399ce04eb2200064#)
14:05:02 - Cleaning up...
14:05:02 - Tunnel did stop on request
14:05:02 - Flushing log...

Edit digest separately despite GCM cipher

I also noticed that if I change the 'Cipher' to CBC, the 'Authentication' type chosen is what the debug log lists under 'Digest' when switching the Cipher from CBC to GCM. E.g., If I choose AES-256-CBC and HMAC-SHA1, change Cipher to AES-256-GCM, and attempt to connect, then the Debug log lists Digest: HMAC-SHA1.

Digest is also used for --tls-auth, so leave it editable regardless of the cipher.

Add a feature to go back to default app language (english)

Hi,

I'm an english and french speaker, since my phone is in french the app automatically take the french translated version but it's completely trash, full of typos and words that are not even french (wtf?). Can you please give a way or an option to the app to leave it in english, it's really destroying my eyes. Note that I wanted to correct everything from the french translation but I don't have time for it. Also, switching to english on my phone is not an option.

Thanks

Extra whitespaces in .ovpn cause trouble

The parser is not tolerant to more than one whitespace between option name and parameters.

E.g. strings like this one:

remote   example.com     1194  udp

will not be parsed correctly.

Some characters not allowed in name of (host) profile

As instructed in the release notes I deleted Passepartout and re-installed 1.0 (1194) from scratch. When adding my host profile for Encrypt.me I noticed that I could not use a dot in the profile name (nor a space), while this was possible before.

Is this intentional? If so, why?

(I would like to name this profile "Encrypt.me"; now it's "EncryptMe" because the dot is not allowed)

how to get amount of data which was uploaded and downloaded?

Domain=NSPOSIXErrorDomain Code=57

May connect via cellular despite Wi-Fi available

Through use of the cell data usage meter and router logs, I confirmed that when connected to a VPN only cellular data is being used, even when connected to a WiFi network. If I disable cellular data, or use a WiFi only device, the connection uses the WiFi connection.

Support multiple remotes

Currently, any further remote entry after the first one is discarded, unless it shares the same host parameter.

Cannot manually connect to a VPN profile

I cannot connect to other iOS VPN profiles I have setup using the OpenVPN app.

If I try to connect to a profile that is not the Passepartout one it says Connecting... then changes to Not Connected.

If I use the OpenVPN app I can successfully connect.

Even if Passepartout is set to Disabled the iOS VPNs always never connect or what I think is happening is Passepartout is disconnecting it.

TLS failed issue

I'm unable to connect to my VPN with Passepartout due to a TLS issue. Have tested the ovpn file in the OpenVPN connect app and it works fine. Have attached debug log. What am I doing wrong?

debug-20181029-135020.txt

Hosts gone while connected

https://www.reddit.com/r/passepartout/comments/9sm1rw/hosts_gone_while_connected/

Connected to VPN, browsed for a while. Went back to Passepartout to disconnect VPN, but hosts were gone. Still connected.

VPN on system settings confirms that, and I disconnect from there, after a couple of tries, as the VPN kept trying to reconnect.

Went back to Passepartout and hosts were still gone. Quit app, restart, they’re back.

Unable to connect with TCP using Internet Sharing.

Hi,

The connection with the TCP never made when I have my iPhone connected with the Internet Sharing from macbook pro (http://osxdaily.com/2012/01/05/enable-internet-sharing-mac-os-x/) but when I connect iPhone with the wifi the VPN successfully gets connected.

Can you please look into the following logs.

App: Passepartout 1.6.1 (1)
OS: iOS 12.1.3
Device: iPhone

18:26:07 - Starting tunnel...
18:26:07 - App version: Passepartout 1.6.1 (1)
18:26:07 - Protocols: [TCP:80]
18:26:07 - Cipher: AES-256-CBC
18:26:07 - Digest: HMAC-SHA1
18:26:07 - Compression framing: disabled
18:26:07 - Compression algorithm: disabled
18:26:07 - Client verification: enabled
18:26:07 - TLS wrapping: auth
18:26:07 - TLS security level: 0
18:26:07 - Keep-alive: never
18:26:07 - Renegotiation: never
18:26:07 - Server EKU verification: enabled
18:26:07 - Gateway: not configured
18:26:07 - DNS: not configured
18:26:07 - MTU: 1250
18:26:07 - Debug: true
18:26:07 - Masks private data: true
18:26:07 - Current SSID: none (disconnected from WiFi)
18:26:07 - Creating link session
18:26:07 - DNS resolve hostname: #ae5f56665133e6b6#
18:26:07 - DNS resolved addresses: ["#d9fc5a9a27718f5c#"]
18:26:07 - Will connect to #e0006b52c104e836#:80
18:26:07 - Socket type is NETCPSocket
18:26:07 - Socket state is connecting (endpoint: #501aff4313ce271c# -> in progress)
18:26:10 - Socket state is waiting (endpoint: #62a0dfb594344182# -> in progress)
18:26:11 - Socket state is connecting (endpoint: #af17b0aa1679452d# -> in progress)
18:26:13 - Socket timed out waiting for activity, cancelling...
18:26:13 - No more protocols available
18:26:13 - Flushing log...

Crash due to empty provider preset

Reported on latest beta.

Some infrastructure preset ids were recently renamed from "recommended" to "default", thus resulting in an empty "Preset" for those providers who were updated. Enabling the VPN in such state results in a persistent crash here:

https://github.com/passepartoutvpn/passepartout-ios/blob/3403d0265aa03dbb353868991344663450e43abc/Passepartout/Sources/Model/Profiles/ProviderConnectionProfile.swift#L111

Actively selecting a "Preset" in the app fixes the issue for good, but users may not easily realize it.

All infrastructures provide a default preset id, therefore the deserialization should fall back to that value instead.

Warn about configuration with compression potentially enabled

Dangerous values:

comp-lzo with no arguments or yes
compress with any argument

Can make client/server unable to communicate, unless server overrides them in PUSH_REPLY.

Move OVPN parsing logic to TunnelKit?

Hi,

Would it be possible to move https://github.com/keeshux/passepartout-ios/blob/master/Passepartout/Sources/VPN/TunnelKitProvider%2BFileConfiguration.swift to tunnel kit?

TunnelKit has an App Store exception. And I would love to be able to use your bit of parsing logic to parse OVPN config format in the EduVPN app with a bit of code that's available and open for inclusion in an app release.

Error: "Linker command failed with exit code 1 (use -v to see invocation)"

Hello Davide you've already done enough sharing your project thank you! and I would not like to bother you, but I've already spent 2 days trying to figure out an issue when compiling your project. I'm getting a "Linker command failed with exit code 1 (use -v to see invocation)"

Would you happen to know why Im getting this error? there is not much info about this. Thank you in advance. Cheers!

Host diagnostics like ping and traceroute

Would be great to be able to do diagnostics on the VPN Hosts.
For example ping or traceroute to find the best VPN host at that location.

Encrypted keys in .ovpn

Take encryption passphrase via user input at the time of import.

Unable to access App Group container

2019-03-29 12:02:22.106262-0600 Passepartout[385:15448] 12:02:22.094 💚 DEBUG TransientStore.migrateDocumentsToAppGroup():125 - App documentsURL: file:///var/mobile/Containers/Data/Application/C6354CB3-EF24-4DF9-8594-AD0B1E4DCBA6/Documents/

2019-03-29 12:02:22.108341-0600 Passepartout[385:15448] 12:02:22.108 💚 DEBUG TransientStore.migrateDocumentsToAppGroup():126 - Group documentsURL: file:///var/mobile/Containers/Data/Application/C6354CB3-EF24-4DF9-8594-AD0B1E4DCBA6/Documents/Documents/

2019-03-29 12:02:22.114766-0600 Passepartout[385:15456] 12:02:22.114 ❤️ ERROR TransientStore.migrateDocumentsToAppGroup():143 - Could not migrate documents to App Group: Error Domain=NSCocoaErrorDomain Code=512 "“Documents” couldn’t be moved to “Documents”." UserInfo={NSSourceFilePathErrorKey=/var/mobile/Containers/Data/Application/C6354CB3-EF24-4DF9-8594-AD0B1E4DCBA6/Documents/Documents, NSUserStringVariant=(

Move

), NSDestinationFilePath=/var/mobile/Containers/Data/Application/C6354CB3-EF24-4DF9-8594-AD0B1E4DCBA6/Documents/Documents/Documents, NSFilePath=/var/mobile/Containers/Data/Application/C6354CB3-EF24-4DF9-8594-AD0B1E4DCBA6/Documents/Documents, NSUnderlyingError=0x282e90f60 {Error Domain=NSPOSIXErrorDomain Code=22 "Invalid argument"}}

2019-03-29 12:02:22.416315-0600 Passepartout[385:15447] 12:02:22.415 💙 INFO GracefulVPN.prepare():64 - Preparing...

2019-03-29 12:17:41.408890-0600 Passepartout[385:16933] 12:17:41.408 💙 INFO GracefulVPN.reconnect():75 - Reconnecting...

2019-03-29 12:17:41.446844-0600 Passepartout[385:16933] 12:17:41.446 💚 DEBUG IntentDispatcher.donateAndLog():315 - Donated <ConnectVPNIntent: 0x28355fd80> {

context = host;

profileId = ca_compress;

}

2019-03-29 12:17:52.400056-0600 Passepartout[385:17050] 12:17:52.400 💚 DEBUG Reviewer.reportEvent():52 - App last reviewed for version 1

2019-03-29 12:17:52.400739-0600 Passepartout[385:17050] 12:17:52.400 💚 DEBUG Reviewer.reportEvent():57 - App already reviewed for version 1

Profile does not activate if no other profile is active

Steps:

Have at least 2 profiles.
Delete active profile.
Close app.
Select any profile.
Activate profile.
Nothing happens.

That's because manager is nil in StandardVPNProvider.disconnect, so completionHandler is never invoked.

Mullvad dies due to ping timeout on inactivity

Yet to find the reason why.

Add widget extension

Hello, it would be nice to have a widget that give a status on current active connection with rates. Thank.

By the way great job on this app!! 👍

EDIT

Organize configuration presets by category

OpenVPN configurations may differ across provider pool categories.

E.g. NordVPN common servers support UDP/TCP endpoints, whereas "double" servers only support TCP endpoints.

Feature request - Support "compress lzo"

The VPN provider OVPN.com use "compress lzo" which your app doesn't seem to support?

Unable to access App Group container Extension

Hello guys, for any one struggling with this issue, as ricardogalvan23 and I did.
Besides adding:

App Groups and Keychain Sharing capabilities
App IDs with Packet Tunnel entitlements

you also have to change a few constants in directory: "Passepartout/Sources/GroupConstants.swift"

there you will have to change this constants as they are from passepartout project and will not match your new identifiers:

public static let teamId = "your team Id"
public static let appId = "your app Id"
public static let appGroup = "group.your.group.Id"
public static let tunnelIdentifier = "com.yourTunnelExtension.bundleIdentifier"

Hopely this helps any one struggling with the same issue. Something so easy made me spend several hours to find the solution.

Allow password prompt on each connect?

Hello, my work VPN doesn't allow certificates or static password, on each connect I must enter the password together with a passcode generated by a 2 factor device. I think this setup is pretty common in an enterprise environment. Is this feature on the roadmap? thanks for making a better openvpn client!

.ovpn files can't be opened unless OpenVPN Connect is installed

That's because of a drag about testing file association, it's using their file type definition. Define an own file type instead.

Either handle or reject encrypted certificate key

The debug log knows they're unsupported, but the UI is lacking and leaves the user wondering.

Either handle them by providing the user a way to enter the encryption password, or signal lack of support in the UI.

Enhancement: support ProtonVPN (free plan) as a network

Currently ProtonVPN has a rather lengthy OpenVPN Connect based setup for iOS, since they have no native App. This setup can be done in Passepartout (as a "Host") as well. However, it's quite some work and makes the "Host" list longer than needed, as each server will have its own entry.

It would be great if Passepartout could support ProtonVPN as a network instead of a host. Then one would have just a single entry with multiple location/endpoints/presets?

Maybe a small start could be to just support the 5 servers (2x 🇺🇸, 2x 🇳🇱, 1x 🇯🇵) of ProtonVPN's free plan?

Profile change doesn't disconnect active VPN

While connected to a VPN profile, activate a different profile. The VPN status toggle will still show as connected. Instead, it should disconnect.

This is another regression caused by 3ddfa87.

Enhancement: Support Windscribe (free/premium?) as a network

Title.

I’m not sure personally if they have an easily accessible API, but if they do then this could likely be made to work. They do have OpenVPN configs for DD-WRT however.
https://windscribe.com/guides/ddwrt

So that could help.

The APP is not available

Prompt when installing in apple store in China: at present, this APP is not available in your country or region.

Regression in profile activation

When no profile is in use yet, tapping "Use this profile" will crash the app. After reopening the app, though, the formerly activated profile should be now correctly "In use".

This happens due to a fix in 1.0.2 (commit 3ddfa87) that, with VPN profile preparation, triggers a VPN status update that the table is not ready to handle yet. Granted, fatalError() is a bit too unforgiving in this scenario.

https://github.com/passepartoutvpn/passepartout-ios/blob/master/Passepartout-iOS/Scenes/ServiceViewController.swift#L494

Masking preference is not always respected

More often than not it seems to have no effect, especially while disconnected.

Regression in DNS configuration

Due to a recent bug in a TunnelKit refactoring, dnsServers in profile configuration is overriding server-pushed DNS servers even when empty. Thus resulting in misconfigured DNS.

Reported by several users to be an issue with host profiles, not sure about providers.

Working in 1.3.0, broken in 1.4.0.

Internet may escape on-demand rules in some (borderline, unclear) scenarios

I can provide an example. I connected to a hospital WiFi yesterday. They block openvpn traffic. I connected to their open hotspot, accepted the hotspot agreement page that pops up (DNS redirection? Not sure how apple does that). In the back ground the vpn software is trying to connect. The WiFi signal bar disappeared - and i still could access web pages (slowly). I suspect that during the VPN connect/reconnect window there is a stage where traffic is allowed through

Remove Mullvad password suggestion

It's misleading as it's only valid for temporary accounts.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.