Jump to content
Not connected, Your IP: 18.191.171.10
Sharrow

Why no how-to guide for using AirVPN with OpenVPN on iOS?

Recommended Posts

I really could have used such a how-to guide for iOS as with the default UDP443 I was getting constant authentication errors and the AirVPN service was frustratingly unreliable. Only with a bit of digging did I find this thread on the forums which suggested using TCP443 instead of UDP443. This very simple change together with some suggested settings for OpenVPN on iOS has resulted in a VERY stable connection, exactly what I wanted and expected in the first place.

 

Please note that I am based in the UK and am connecting primarily to the Netherlands servers. Users in other locations may well experience less/more issues than I did.

 

For more very helpful information about using AirVPN please see this excellent thread by LZ1.

 

-------

 

So, to get AirVPN up and running reliably on iOS:

 

1. Install the free OpenVPN app from the App Store.

 

2. Use TCP, port 443 when generating config file(s) for iOS from your AirVPN client area (and not UDP, port 443 which is the default).

 

3. I used the via iTunes method for getting the .ovpn config files from my desktop onto my iPhone where OpenVPN picks them up automatically. There are various other options available.

 

4. Adjust the OpenVPN settings below as suggested by users SlyFox & Keksjdjdke:

 

(Note that these settings are only available via the main iOS Settings app as the OpenVPN app has no settings of its own)

 

- Seamless tunnel (ON) - for those on iOS8 or newer.

- Connect via: any network

- Reconnect on wakeup (ON)

- Protocol: Adaptive

- Compression: Full (the default I think?)

- Connection timeout: None

- Network state detection: Active

- Force AES-CBC ciphersuites: OFF (OFF = better encryption method - AES-256-CBC with HMAC-SHA1 (when ON) vs AES-256-GCM with HMAC-SHA384 (when OFF).

- Google DNS fallback: ON (the default I think but up to the individual user of course)

- Layer 2 reachability: ON

 

5. Launch the OpenVPN app and connect.

 

 

EDIT 03July: updated guide with some extra details.

Share this post


Link to post

UDP443, TCP or UDP 53 or 80 work just fine too, latter are ports used by DNS. If you're having issues with UDP443, chances are its your ISP blocking the port or you have packet loss causing performance issues.

Share this post


Link to post

There is a guide located here:

https://airvpn.org/ios/

I think the point he is trying to make is that settings for the app are not specified. I had to do trial and error to figure out what worked best. Even then I cannot use anything other than North American servers because if I use anything else it will timeout upon waking the device ( something I have never had a problem with any other provider). Which is strange because on the android devices I have used in the past there has never been a problem. AirVPN on iOS is quite problematic and we pretty much have to deal with it which is even more annoying because an AirVPN app on iOS could probably fix these issues.

Share this post


Link to post

A native VPN app is not possible on iOS due to platform restrictions.

OpenVPN is supported only via the native app, to which Apple explicitly allowed to use the

system wide VPN route. Other apps just seem to be delivering config files for the official app.

But the guide is for iOS 6.x, the screenshots might need a small refresh to match iOS 9.x.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

A native VPN app is not possible on iOS due to platform restrictions.

OpenVPN is supported only via the native app, to which Apple explicitly allowed to use the

system wide VPN route. Other apps just seem to be delivering config files for the official app.

But the guide is for iOS 6.x, the screenshots might need a small refresh to match iOS 9.x.

Although that explains why there isn't a app for AirVPN that still does not describe why I have problems reconnecting from wake up with them but no other provider. My point is AirVPN's config files have compatibility issues with iOS. Surely I can't be the only one experiencing issues

Share this post


Link to post

55+ hours now connected to GB servers on my iphone without a single issue. Nice. Previously I would go maybe 20min tops before encountering an authentication error and a disconnect. I only use GB or Dutch servers.

 

 

UDP443, TCP or UDP 53 or 80 work just fine too, latter are ports used by DNS. If you're having issues with UDP443, chances are its your ISP blocking the port or you have packet loss causing performance issues.

 

I use UDP443 on the desktop without a single issue so doubtful my serious problems with UDP443 on the iphone on the same network could be ISP related. Or could they?

 

 

There is a guide located here:

https://airvpn.org/ios/

 

Why no link to it then from the How-To section? Because it's so outdated?

 

 

 

There is a guide located here:
https://airvpn.org/ios/


I think the point he is trying to make is that settings for the app are not specified. I had to do trial and error to figure out what worked best. Even then I cannot use anything other than North American servers because if I use anything else it will timeout upon waking the device ( something I have never had a problem with any other provider). Which is strange because on the android devices I have used in the past there has never been a problem. AirVPN on iOS is quite problematic and we pretty much have to deal with it which is even more annoying because an AirVPN app on iOS could probably fix these issues.

 

Did you try TCP443 instead of UDP443 and the rest of the suggested OpenVPN settings?

 

 

A native VPN app is not possible on iOS due to platform restrictions.

OpenVPN is supported only via the native app, to which Apple explicitly allowed to use the

system wide VPN route. Other apps just seem to be delivering config files for the official app.

But the guide is for iOS 6.x, the screenshots might need a small refresh to match iOS 9.x.

 

No doubt that it needs not only an update but an expansion to include both a note about using TCP/UDP on iOS and suggested OpenVPN settings. And a link to it from the How-To section...

Share this post


Link to post

Although that explains why there isn't a app for AirVPN that still does not describe why I have problems reconnecting from wake up with them but no other provider. My point is AirVPN's config files have compatibility issues with iOS. Surely I can't be the only one experiencing issues

Never had issues with config files. It would be great if the next rev of OpenVPN Connect included VPN over SSH SSL or ability to use pluggable transport like obsf or Meek. I typically buy latest iOS devices who they come out and the A9 core could handle the overhead.

 

@Staff isn't there a way to disable logging within the openVPN app (iOS, OSX, Win, etc) via config file setup? That would be my request for something that could be done on Airs side.

Share this post


Link to post

55+ hours now connected to GB servers on my iphone without a single issue. Nice. Previously I would go maybe 20min tops before encountering an authentication error and a disconnect. I only use GB or Dutch servers.

 

 

UDP443, TCP or UDP 53 or 80 work just fine too, latter are ports used by DNS. If you're having issues with UDP443, chances are its your ISP blocking the port or you have packet loss causing performance issues.

 

I use UDP443 on the desktop without a single issue so doubtful my serious problems with UDP443 on the iphone on the same network could be ISP related. Or could they?

 

 

>

There is a guide located here:

https://airvpn.org/ios/

 

Why no link to it then from the How-To section? Because it's so outdated?

 

 

 

There is a guide located here:

https://airvpn.org/ios/

I think the point he is trying to make is that settings for the app are not specified. I had to do trial and error to figure out what worked best. Even then I cannot use anything other than North American servers because if I use anything else it will timeout upon waking the device ( something I have never had a problem with any other provider). Which is strange because on the android devices I have used in the past there has never been a problem. AirVPN on iOS is quite problematic and we pretty much have to deal with it which is even more annoying because an AirVPN app on iOS could probably fix these issues.

 

Did you try TCP443 instead of UDP443 and the rest of the suggested OpenVPN settings?

 

 

A native VPN app is not possible on iOS due to platform restrictions.

OpenVPN is supported only via the native app, to which Apple explicitly allowed to use the

system wide VPN route. Other apps just seem to be delivering config files for the official app.

But the guide is for iOS 6.x, the screenshots might need a small refresh to match iOS 9.x.

 

No doubt that it needs not only an update but an expansion to include both a note about using TCP/UDP on iOS and suggested OpenVPN settings. And a link to it from the How-To section...

 

 

My issue mainly occurs on servers outside North America. I can connect to American and Canadian servers without the endless reconnect on wakeup (which is why i use them so often) its when i use any other server in any other part of the world that this causes a problem. Even GB servers time out when i wake up my phone. I am not sure where you physically are, but if you want to replicate my issue try using a server farthest away from you for most of the day and you should see what i am talking about.

Share this post


Link to post

Disable "force AES-CBC ciphersuites", disabling this option will 'enable AES-256-GCM with HMAC-SHA384'. When the option "force AES-CBC cipher suites" is enabled the Vpn client will use AES-256-CBC with HMAC-SHA1.

Share this post


Link to post

Disable "force AES-CBC ciphersuites", disabling this option will 'enable AES-256-GCM with HMAC-SHA384'. When the option "force AES-CBC cipher suites" is enabled the Vpn client will use AES-256-CBC with HMAC-SHA1.

Just curious, what difference does that make ? Does the client have an easier time reconnecting or is it just a better encryption method?

Share this post


Link to post

 

Disable "force AES-CBC ciphersuites", disabling this option will 'enable AES-256-GCM with HMAC-SHA384'. When the option "force AES-CBC cipher suites" is enabled the Vpn client will use AES-256-CBC with HMAC-SHA1.

Just curious, what difference does that make ? Does the client have an easier time reconnecting or is it just a better encryption method?

Better encryption method.

AES-256-CBC with HMAC-SHA1 VS AES-256-GCM with HMAC-SHA384.

With AES-256-GCM with HMAC-SHA384 being the stronger cipher.

Share this post


Link to post

 

 

Disable "force AES-CBC ciphersuites", disabling this option will 'enable AES-256-GCM with HMAC-SHA384'. When the option "force AES-CBC cipher suites" is enabled the Vpn client will use AES-256-CBC with HMAC-SHA1.

Just curious, what difference does that make ? Does the client have an easier time reconnecting or is it just a better encryption method?

Better encryption method.

AES-256-CBC with HMAC-SHA1 VS AES-256-GCM with HMAC-SHA384.

With AES-256-GCM with HMAC-SHA384 being the stronger cipher.

 

Thanks for this info!

Share this post


Link to post

 

 

 

 

 

 

 

 

 

Disable "force AES-CBC ciphersuites", disabling this option will 'enable AES-256-GCM with HMAC-SHA384'. When the option "force AES-CBC cipher suites" is enabled the Vpn client will use AES-256-CBC with HMAC-SHA1.

 

Just curious, what difference does that make ? Does the client have an easier time reconnecting or is it just a better encryption method?
Better encryption method.

AES-256-CBC with HMAC-SHA1 VS AES-256-GCM with HMAC-SHA384.

With AES-256-GCM with HMAC-SHA384 being the stronger cipher.

 

Thanks for this info!

No problem.

Share this post


Link to post

To follow up: I was still getting authentication errors once every two days or so on iOS so I have adjusted the following OpenVPN setting:

 

Layer 2 reachability: ON

 

This seems to have reduced the authentication errors still further. I still get them but it's much less frequent.

Share this post


Link to post

To follow up: I was still getting authentication errors once every two days or so on iOS so I have adjusted the following OpenVPN setting:

 

Layer 2 reachability: ON

 

This seems to have reduced the authentication errors still further. I still get them but it's much less frequent.

Can you post your logs from openvpn connect? Just go into the app then tap on word status after that copy all the text and post it here. Use the spoiler ta spoiler tags when you post the log.

Share this post


Link to post

Bringing this thread back on with a little question:

 

On desktops we have the Network Lock option to avoid network leak; now, is this possible to have it on iOS, since logging into Twitter for example, I see my original IP from time to time, even though I have the VPN Status Bar Icon on, 99% of the time, but, it seems that for a tiny moment till the iPhone wakes up, and it gets connected to AirVPN it leaks something there.

 

It's not something that bothers me, but I would like to have a fix to it, IF would be possible.

 

Thank You.

Share this post


Link to post

It's not something that bothers me, but I would like to have a fix to it, IF would be possible.

 

There are a few threads in the past talking about this, including this. It's due to how iOS is designed, there's nothing AirVPN or even OpenVPN can do.

And Network Lock is an Eddie feature. There's not even a client on Android, and that's the easier OS to implement a VPN on.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...