What are /r/passepartout's favorite Products & Services?

From 3.5 billion Reddit comments

Quickly addressing two major negotiation issues:

• "TLS failed" (Synology, pfSense) - link to beta build ASAP
• "Timeout" (ProtonVPN) - still looking into this

Until then, please DO NOT update to 1.17.0

Sorry for the annoyance.

You're right. I've yet to find a solution that works for all infrastructures to render those weird ones. Even though from a logical standpoint, NordVPN displays UK-NL with the UK flag, so I deem it correct.

Whoever is affected by this issue, please contact me on with a mention of "ProtonVPN timeout" in the subject. I'll invite you on TestFlight to send the older working version and, hopefully soon, a fixed new version.

Using OpenSSL on iOS has been a PITA since the beginning of time, as it's always added useless extra work in the package, especially on Xcode/CocoaPods upgrades. When I recently decided to migrate the whole project to SwiftPM -also the very first step towards WireGuard-, I lost almost one damn month to make OpenSSL work properly, yet to no avail.

Out of frustration, I found that SwiftNIO uses BoringSSL and exposes it as a subpackage. I gave it a go and for the 99.99%, the transition was seamless. It looks like these devices (and ProtonVPN) fit the 0.01%.

So, sorry for the annoyance and I'm here for fixing this. Too bad no beta testers have reported it.

In the meantime, I can provide you with a fully working build in no time via TestFlight.

I've never used ProtonVPN, but I get the impression it's more of a vpn-in-a-box end-user solution; the type where you connect to some random VPN server somewhere in the planet which presumably has your best interests at heart.

Nothing wrong with that. Or maybe you aren't trying to protect anything, and you just want to appear to be in a different country... That's cool too.

This isn't that. This is for users who have a specific OpenVPN server that they, or perhaps their business, is already hosting on the public net - and they want to connect to that specific server. Unless I'm mistaken, there aren't a hundred pre-configured global vpn servers available in this app.

Just did that after your other comment about them only supporting TCP. Great. Works now. That’s instant support!�� Thanks for a great app with constant updates and improvements.

My original issue was on NordVPN’s head.

I noticed that some servers like NL #2 and #3 are "translated" to United Kingdom. The same happens for other servers as well. Could it be that those are the Double VPNs from NordVPN? So in this case it might be the UK-NL server.

Thank you so much for your post! You helped me to get it working finally!

In case anyone ever stumbles upon this in the future: This.

Thanks man I appreciate it. Thank you for trying!

You said you set your local LAN IP in the NordVPN app on your iPhone???? Where did you do this!??!?! I have the latest version of the Nord App on my iphone and I don't see anywhere to set DNS. (this has been something Nord Mac users have complained about for years).

Yeah its definitely an issue that this vpn app is sending via utun3. I'll try checking on my Pi-hole settings to see if I can make changes there to make it work. Since it works on my mac laptop with Tunnelblick (skipping setting DNS) I know that it'll work and Nord's servers are not the problem. It's a routing issue somehow. I'm not strong in networking even though I'm in I.T. as my career.

I could host my own OpenVPN server I suppose. Didn't really want to go that route but maybe I will, since I've paid for Nord for 2 years I kinda wanna use it. Dont worry about grammar I could care less and I know my grammar sucks!

Cheers buddy, if you could post a screenshot of the NordVPN app on your iPhone where you set DNS I would die to see that.

I tried to set my pihole server’s lan ip on the NordVPN app on my iphone and it let me but I was getting no internet. I dont think this has to do with Passepartout or OpenVPN. Theres a setting to block changing dns servers on OpenVpn server I know.

im not too great on networking but I believe they may have it set so it encrypts and tunnels everything so when you try to access your dns server on 192.168.x.x your on NordVPN’s lan and your trying to access it there. If this is the case you’d need to port forward your pihole and allow dns requests on the pihole not on the same lan.

or they may be blocking lan dns servers? On OpenVPN, I dont have my current client settings right now accessible, but I believe I have it set it to fetch from ovpn settings and the settings are set to fetch from server and then the server is the one dipicting what dns server to use?

If anything you try doesnt work and you cant fix it I would recommend hosting your own OpenVPN server on your lan from a PfSense VM. Using a PfSense VM makes it very easy to setup a nordvpn server becuase they have a GUI you can use to set it up. Also if you choose to go down this root theres a bug or something with the vpn procotol where if I set it to either “tcp” or “udp” i get no connection, it only works with “tcp/udp” for some reason. Not sure why but I spent way to long troubleshooting it.

its 2 am for me so i may have made a few grammatical mistakes sorry ill try to respond better in the morning.

Why don’t you simply connect though VPN to your own router at home so you can use Pi-hole?

It doesn’t make sense to use NordVPN (for privacy?) and use your own DNS server. Your VPN connection is leaking by default this way.

Are you able to do a shorter version of what you just said? Bit hard to keep up because im confused what NordVPN has to do with OpenVPN. I also have a OpenVPN server and its using my pihole server too as my dns and it works fine.

With the announcement of openly available Wireguard configurations from Proton, this is really exciting news!

Have you tried contacting providers like Mullvad or IVPN for help? They tend to be quite supportive.

Either way, this announcement is fantastic news! Passepartout is, for me, the gold standard for OpenVPN clients on iOS, and I hope it becomes the same for WireGuard.

For those interested: I settled with a DNS configuration solution, which is now an option in newer versions of both iOS and macOS. You just have to download and install the configuration file from the AdGuard website: https://adguard.com/en/blog/encrypted-dns-ios-14.html
You'll lose control over the trackers the app gives you, but it works just fine with TorGuard VPN through Passepartout. The only thing is that now my iOS AdGuard app shows that safari adguard plugin is not enabled, although it clearly is. I don't know if it's anyhow related, but I suppose it could be. Maybe the app is entirely redundant with adblocking DNS configuration enabled through system setting, but I'm too noob to know ))

Take a look at SpaceEngine. The latest version costs 25 dollars but you can download older versions for free. All I’m asking is to download a free version that isn’t hosted.

Passepartout 1.9.0 migrates to a freemium model, which means the app will be FREE to download, with additional features available for purchase, namely:

• Trusted networks
• Siri shortcuts
• Unlimited hosts (>2)
• Providers (one tiny purchase each)

To former users: do not worry, you will of course retain full access to all features and providers.

If you however are still prompted for a purchase, have a look at this FAQ:

https://passepartoutvpn.app/faq/#i-had-purchased-this-app-before-yet-it-prompts-me-for-purchases

Cheers, Davide

What's new:

• Fix "Trust current Wi-Fi" in iOS 13
• Disclose server network/configuration
• Import hosts via Files picker
• Multiple DNS search domains
• Support proxy via PAC URL
• Enforce providers as default gateway (TunnelBear wasn't)
• Fix infrastructures not updated in non-English locales

That's kind of intended: https://passepartoutvpn.app/faq/#id-like-to-see-my-ip-address-in-the-app

But I understand you mean the IP address internal to the VPN, correct? IIRC the duration information was broken when read from the official VPN framework. I'll take note anyway.

https://passepartoutvpn.app/faq/#the-configuration-file-contains-an-unsupported-option-external-file

..and problem resolved. This was the (non)-issue: https://passepartoutvpn.app/faq/#the-configuration-file-contains-an-unsupported-option-external-file

​

Please read the FAQ before anything else. Thanks!

I'm using Passepartout for ProtonVPN in combination with NextDNS and have no noticeable higher battery drain. Now I must admit, I only use it to set up a secure VPN connection when I'm outdoors, outside of the range of trusted wifi networks as my connection at home is via the VPN client on my router and as I have some physical challenges I don't get out for long periods of time daily, so that might definitely make a difference in the amount of discharge. As I can't use NextDNS in combination with the ProtonVPN client, I also don't have a comparison with that.

It’s ‘normal behavior’ for iOS because you’re using a custom DNS. I have exactly the same, using ProtonVPN and NextDNS. As soon as you ask Passepartout to override your DNS, iOS now shows a privacy warning.

Well something changed because I don’t receive my signal messages anymore when the phone has been in sleep mode. Until I open the messaging app again after that I’m offline. Using the Mullvad app instead of passepartout everything works normally.

I only use the phone over WiFi no cellular connection.

About reporting the issue and sending in a logfile, I use a VPN for privacy.

Yes, to understand if it’s only due to the iOS update or limited to some devices only.

it worked just fine before on the same device.

I’m not sure though if the latest iOS update was the moment it stopped working.

Are you also using Mullvad?

Yeah I saw that after you pointed out that server network doesn’t show the correct dns. For some reason my ads aren’t blocked though and I can’t access the Pi-Hole interface. I’ll check later again if Pi-Hole receives the dns requests. Also, when connected to my local WiFi and connecting to Mullvad, using custom dns I’m not able to excess my network shares.. so I still feel like there’s something going on.. or do I have to change something else for Mullvad?

No.

Do your research and pick a VPN provider you trust. Personally, I use Mullvad and pay for it by stuffing cash in an envelope and mailing it to them with no return address.

This is a truly insane level of paranoia, but it seems like an option you may want to consider if ULTIMATE OPSEC is your priority.

Within your Mullvad profile In Passepartout, turn OFF trusted networks, turn ON ‘Keep alive on sleep’, and enable the profile.

Go to the iPhone settings app and under ‘VPN’, find the Passepartout configuration (should have a check mark), select the i next to it, and make sure ‘Connect On Demand’ is turned ON.

Doing the above is the closest to mimicking the Mullvad Mac app’s behavior short of setting up your own MDM profile/config. Also know that this setup is going to drain your battery faster since iOS makes network changes when left idle for awhile so Passepartout has to occasionally re-connect in the background. It may not be 100% leakproof if Passepartout and/or iOS happen to crap out in a specific way amongst the connecting/disconnecting.

WireGuard utilizes a different protocol all together. Passepartout is a leaner ovpn client, not a WireGuard client. The WireGuard client does very little work on your device compared to the OVPN protocol, so I don’t foresee third party WireGuard clients making much of a difference in performance/battery.

Thanks for your reply! I’ve followed your process to mimic the Mac app, that was really helpful!

Regarding Wireguard, are you saying using Mullvad in the Wireguard app would be better for my device battery? If so, how does it compare to using an OVPN such as Passepartout? Is it more secure?

Thanks for taking time to help :)

I haven’t done direct battery testing versus Passepartout specifically, but WireGuard is inherently better for battery life compared to using the OVPN protocol. WG should be more secure, but I’m waiting for it to mature a bit more. Personally I prefer Passepartout since it lets you switch Mullvad locations on the fly compared to exporting/importing individual WG configuration files.

Hm, ‘Default gateway’ is ‘None’, but it seems that there’s no change in DNS (using my ISP’s).

The iOS OpenVPN app using the same profile works as a DNS-only VPN with LAN access. I had the same profile working around the Mullvad integration update, but my DNS-only vpn profile doesn’t seem to work anymore (tried both v1.5 and v1.6.0 (1757).

Hello, the latest update messed up the app.

When you choose a server, the application will crash immediately.

I tried choosing different servers, and each time the app crashes

I am using NordVPN servers iOS 12.1.4 iPhone X

Installed this and loaded my ovpn file and it works brilliantly. Loving the trusted network feature as well. Have spoken to NordVPN about implementing this in the past and they didn’t even know it was a thing. Think this would be the best vpn app for iOS if it can get on the App Store!

Agreed, I think this implementation is the best out of what I have used via the App Store (i.e. OpenVPN app and NordVPN). I wish NordVPN would also support OpenVPN on their iOS app as well - but it seems they are more focused on updates such as Siri Shortcuts that most people will probably not even use..