Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

HOWTO: iOS Connection Guide

Guides, HOWTOs etc on how to setup Cryptostorm on PCs, smartphones, tablets and routers.

Topic Author
b3lt3r5
Posts: 27
Joined: Sun Dec 23, 2012 2:55 pm

HOWTO: iOS Connection Guide

Postby b3lt3r5 » Tue Jul 29, 2014 4:13 pm

EDIT: The configs listed below are outdated. You can find the current iOS compatible configs on GitHub

- This guide will install a CryptoStorm Darknet profile using the post-Heartbleed certificate into the OpenVPN Connect 1.0.4 build 140 app.
- This config uses the load balancers.

Assumed: You have downloaded OpenVPN Connect 1.0.4 build 140 from the Apple App Store.


1. Connect device via usb and open iTunes

2. Click on the "Library" button

3. Click on your device name

4. Click on "Apps" in the top bar of iTunes

5. Scroll to the bottom and click on the OpenVPN icon in the "File Sharing" area

6. Click "Add" (bottom right) frame and navigate to the location of the.ovpn file

7. Select the file and click "Add"

8. Open the OpenVPN app on your device and tap the green plus sign to import the profile

9. Enter your hashed token in User ID field

10. Enter a single random character in the Password field *THIS IS A MAKE OR BREAK STEP.*

** It's imperative to put something (anything) in the password field otherwise the connection will fail.

If your device is jailbroken, iFunBox makes it easy to drop the .ovpn file into the OpenVPN file sharing folder in your device file system. (You'll need to have afc2add (pre iOS7) or Apple File Conduit "2" (iOS7+) installed from Cydia)

I removed the code previously found here as it was very much out of date and giving people problems. I've instead prepackaged configuration files that should be ready to drop in and use, which are found immediately below.
- cryptostorm_support


ios_balancer1_4.ovpn
(4.54 KiB) Downloaded 953 times

ios_frankfurt1_4.ovpn
(4.55 KiB) Downloaded 734 times

ios_iceland1_4.ovpn
(4.54 KiB) Downloaded 735 times

ios_lisbon1_4.ovpn
(4.54 KiB) Downloaded 630 times

ios_london1_4 .ovpn
(4.54 KiB) Downloaded 732 times

ios_montreal1_4 .ovpn
(4.54 KiB) Downloaded 681 times

ios_paris1_4.ovpn
(4.53 KiB) Downloaded 682 times

ios_singapore1_4.ovpn
(4.55 KiB) Downloaded 669 times

ios_stpetersberg1_4.ovpn
(4.56 KiB) Downloaded 674 times

ios_usCentral1_4.ovpn
(4.55 KiB) Downloaded 779 times

ios_usWest1_4.ovpn
(4.54 KiB) Downloaded 792 times


Nasco

Re: HOWTO: iOS Connection Guide

Postby Nasco » Wed Jul 30, 2014 3:15 am

I followed the posted directions, but continually come up with:

"Error loading profile"
"option_error: option <connection> was not properly cl . . ."

I simply do not know what to do at this point.


Topic Author
b3lt3r5
Posts: 27
Joined: Sun Dec 23, 2012 2:55 pm

Re: HOWTO: iOS Connection Guide

Postby b3lt3r5 » Fri Aug 01, 2014 4:22 pm

Nasco wrote:I followed the posted directions, but continually come up with:

"Error loading profile"
"option_error: option <connection> was not properly cl . . ."

I simply do not know what to do at this point.


OK, this just did my head in. :crazy:

Did you use the "Select all" link at the top-right side of the code box to select the code?

When using that to select the code and then copy/pasting into a config file, I got the same error.
If I select the code manually by clicking and dragging the mouse pointer over the entire code text and then right-click copy/pasting it into the config file, the config imports without incident.

I'd be very interested to know if this solves your problem.
Please report back either way.

Cheers


nasco

Re: HOWTO: iOS Connection Guide

Postby nasco » Mon Aug 04, 2014 8:45 pm

The "Select All" copy and paste feature was indeed the culprit. The profile is up and running. Thank you so much.


Topic Author
b3lt3r5
Posts: 27
Joined: Sun Dec 23, 2012 2:55 pm

Re: HOWTO: iOS Connection Guide

Postby b3lt3r5 » Tue Aug 05, 2014 3:08 pm

Good times! Glad to hear that @nasco.
My pleasure.
Thanks for the feedback.


demario1289
Posts: 6
Joined: Wed Oct 01, 2014 5:20 pm

Re: HOWTO: iOS Connection Guide

Postby demario1289 » Thu Apr 02, 2015 12:51 am

Hi there! Simple question (sorry I'm kind of a newbie on this).
I'd like to use an Icelandic exit node ... how can I check if this file has an Iceland exit node and if it does not have, how can I edit/insert to use it?

Thanks! :)


prospav
Posts: 13
Joined: Sun Jan 06, 2013 7:19 pm

Re: HOWTO: iOS Connection Guide

Postby prospav » Thu Apr 02, 2015 10:51 am

In the code above, once copied to txt file, edit connections to :
remote linux-iceland.cryptostorm.net 443 udp
remote linux-iceland.cryptostorm.org 443 udp
remote linux-iceland.cstorm.pw 443 udp

Please note, original nodes in above code have been superseded with : linux-dynamic.cryptostorm.net, linux-dynamic.cryptostorm.org and linux-dynamic.cstorm.pw.


demario1289
Posts: 6
Joined: Wed Oct 01, 2014 5:20 pm

Re: HOWTO: iOS Connection Guide

Postby demario1289 » Thu Apr 02, 2015 7:02 pm

prospav wrote:In the code above, once copied to txt file, edit connections to :
remote linux-iceland.cryptostorm.net 443 udp
remote linux-iceland.cryptostorm.org 443 udp
remote linux-iceland.cstorm.pw 443 udp

Please note, original nodes in above code have been superseded with : linux-dynamic.cryptostorm.net, linux-dynamic.cryptostorm.org and linux-dynamic.cstorm.pw.


Thank you! :D


demario1289
Posts: 6
Joined: Wed Oct 01, 2014 5:20 pm

Re: HOWTO: iOS Connection Guide

Postby demario1289 » Thu Apr 02, 2015 7:31 pm

Hi there ... if I use the code above without changing anything it connects correct. When I change the 3 servers to the Iceland node, I got authentication failed. Do I have to change anything else after changing the 3 servers?


prospav
Posts: 13
Joined: Sun Jan 06, 2013 7:19 pm

Re: HOWTO: iOS Connection Guide

Postby prospav » Thu Apr 02, 2015 8:20 pm

No. I got it working first go with Iceland. Copy key correct? Input a password?

Does your changed code look like this?

<connection>
remote linux-iceland.cryptostorm.net 443 udp
</connection>

<connection>
remote linux-iceland.cryptostorm.org 443 udp
</connection>

<connection>
remote linux-iceland.cstorm.pw 443 udp
</connection>


demario1289
Posts: 6
Joined: Wed Oct 01, 2014 5:20 pm

Re: HOWTO: iOS Connection Guide

Postby demario1289 » Thu Apr 02, 2015 8:41 pm

Yap man, key correct and password any random char ... with the default code in this post I got connected, and then I just changed these 3 servers, saved the file, re-imported the profile and could not connect ... maybe I can try to post de logs here if you want

User avatar

cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: HOWTO: iOS Connection Guide

Postby cryptostorm_support » Mon Apr 20, 2015 9:37 pm

I've uploaded current configuration files to the OP and removed the old config text found there that was causing some issues. Feedback, and confirmation that these new files are working for everyone would be much appreciated :)
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm


Ernest

Re: HOWTO: iOS Connection Guide

Postby Ernest » Thu Feb 18, 2016 4:53 pm

b3lt3r5 wrote:EDIT: The hostnames referred to in some posts below such as "raw-balancer-dynamic" or "linux-dynamic" are now obsolete. The current syntax is "linux-balancer".

- This guide will install a CryptoStorm Darknet profile using the post-Heartbleed certificate into the OpenVPN Connect 1.0.4 build 140 app.
- This config uses the load balancers.

Assumed: You have downloaded OpenVPN Connect 1.0.4 build 140 from the Apple App Store.


1. Connect device via usb and open iTunes

2. Click on the "Library" button

3. Click on your device name

4. Click on "Apps" in the top bar of iTunes

5. Scroll to the bottom and click on the OpenVPN icon in the "File Sharing" area

6. Click "Add" (bottom right) frame and navigate to the location of the.ovpn file

7. Select the file and click "Add"

8. Open the OpenVPN app on your device and tap the green plus sign to import the profile

9. Enter your hashed token in User ID field

10. Enter a single random character in the Password field *THIS IS A MAKE OR BREAK STEP.*

** It's imperative to put something (anything) in the password field otherwise the connection will fail.

If your device is jailbroken, iFunBox makes it easy to drop the .ovpn file into the OpenVPN file sharing folder in your device file system. (You'll need to have afc2add (pre iOS7) or Apple File Conduit "2" (iOS7+) installed from Cydia)

I removed the code previously found here as it was very much out of date and giving people problems. I've instead prepackaged configuration files that should be ready to drop in and use, which are found immediately below.
- cryptostorm_support


ios_balancer1_4.ovpn

ios_frankfurt1_4.ovpn

ios_iceland1_4.ovpn

ios_lisbon1_4.ovpn

ios_london1_4 .ovpn

ios_montreal1_4 .ovpn

ios_paris1_4.ovpn

ios_singapore1_4.ovpn

ios_stpetersberg1_4.ovpn

ios_usCentral1_4.ovpn

ios_usWest1_4.ovpn


Hi there do u have an easier way to do it? Cos i still cant download it to my openvpn. Have done it before with other vpn configs. Thanks..


Ernest

Re: HOWTO: iOS Connection Guide

Postby Ernest » Thu Feb 18, 2016 6:12 pm

b3lt3r5 wrote:EDIT: The hostnames referred to in some posts below such as "raw-balancer-dynamic" or "linux-dynamic" are now obsolete. The current syntax is "linux-balancer".

- This guide will install a CryptoStorm Darknet profile using the post-Heartbleed certificate into the OpenVPN Connect 1.0.4 build 140 app.
- This config uses the load balancers.

Assumed: You have downloaded OpenVPN Connect 1.0.4 build 140 from the Apple App Store.


1. Connect device via usb and open iTunes

2. Click on the "Library" button

3. Click on your device name

4. Click on "Apps" in the top bar of iTunes

5. Scroll to the bottom and click on the OpenVPN icon in the "File Sharing" area

6. Click "Add" (bottom right) frame and navigate to the location of the.ovpn file

7. Select the file and click "Add"

8. Open the OpenVPN app on your device and tap the green plus sign to import the profile

9. Enter your hashed token in User ID field

10. Enter a single random character in the Password field *THIS IS A MAKE OR BREAK STEP.*

** It's imperative to put something (anything) in the password field otherwise the connection will fail.

If your device is jailbroken, iFunBox makes it easy to drop the .ovpn file into the OpenVPN file sharing folder in your device file system. (You'll need to have afc2add (pre iOS7) or Apple File Conduit "2" (iOS7+) installed from Cydia)

I removed the code previously found here as it was very much out of date and giving people problems. I've instead prepackaged configuration files that should be ready to drop in and use, which are found immediately below.
- cryptostorm_support


ios_balancer1_4.ovpn

ios_frankfurt1_4.ovpn

ios_iceland1_4.ovpn

ios_lisbon1_4.ovpn

ios_london1_4 .ovpn

ios_montreal1_4 .ovpn

ios_paris1_4.ovpn

ios_singapore1_4.ovpn

ios_stpetersberg1_4.ovpn

ios_usCentral1_4.ovpn

ios_usWest1_4.ovpn



Hi there i only can connect to the main config u gave. Its states france. As for the rest i could download it to openvpn but cant connect them. May i know y? N does it have the anti leak n kill switch like its original? Thanks..

Regards,
Ernest


prospav
Posts: 13
Joined: Sun Jan 06, 2013 7:19 pm

Re: HOWTO: iOS Connection Guide

Postby prospav » Wed Feb 24, 2016 12:54 pm

Thanks to b3lt3r5 for original instructions and configs.
I have modified the updated linux config file on Github for IOS by removing line:
ca ca.crt
I have also inserted line between tis-cipher and tls-client:
client-cert-not-required

Have tested on iOS 9.2.1 and openvpn 1.0.5 build 177.

To use other nodes, replace
remote linux-xxxxxxxx.cryptostorm.net 443 udp
remote linux-xxxxxxxx.cryptostorm.nu 443 udp
remote linux-xxxxxxxx.cryptostorm.org 443 udp
remote linux-xxxxxxxx.cstorm.pw 443 udp
with other node names, e.g. london, rome, paris etc

Attached is Frankfurt file for reference.
Attachments
IOS_frankfurt_udp.ovpn
(2.28 KiB) Downloaded 418 times


dccc
Posts: 27
Joined: Mon Jan 12, 2015 10:57 pm

Re: HOWTO: iOS Connection Guide

Postby dccc » Sun Feb 28, 2016 4:27 am

You can (should, tbh) download current configs at the Cryptostorm GitHub website: https://github.com/cryptostorm/cryptost ... tion_files


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: HOWTO: iOS Connection Guide

Postby Khariz » Mon Mar 14, 2016 7:42 am

The newest batch of Linux config files seems to have the ca ca.crt junk in them again, so they don't work natively with iOS any more. I realize it's trivial to edit them, but they should really work outside the box. Might want to edit them.


prospav
Posts: 13
Joined: Sun Jan 06, 2013 7:19 pm

Re: HOWTO: iOS Connection Guide

Postby prospav » Mon Mar 14, 2016 8:41 am

Khariz, the GitHub Linux files work as is for Linux/OSX.
To use them on iOS, you need to download them and modify as per above.
I posted a file for reference so that others could just download it and edit it for the node they want to use. All edits to the normal linux file were described.
What did you not follow?


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: HOWTO: iOS Connection Guide

Postby Khariz » Mon Mar 14, 2016 8:56 am

Did you actually read my post? I don't have any problem with the files at all. They are trivial to edit. For a little while, the .ovpn files that were uploaded to the github had the ca ca.crt line removed (and the client-cert-not-required parameter added), but the newest batch has it back in there by default. That's why my post was worded the way it was. Edit: Maybe I'm wrong about that, but I swore the files worked out of the box the first time I downloaded them. I never had to edit them until just now for some reason.

Let me ask a simple question, the answer to which might make me understand something: are there any Linux devices which MUST use ca.crt files? I've always assumed the answer to that question is "no" especially when the ca info is built into the file.

Assuming I'm correct, why aren't the Linux .ovpn files just built without reference to the ca.crt file anyway, so that the end user doesn't have to edit them out. Or am I incorrect, and some platforms need the .ovpn files to be built the way they are?

That's what I was asking for. Why is it such a big deal? Well, because while it's super easy to use a zip-viewer app to directly import .ovpn files to OpenVPN connect, the ones in the Cryptostorm ZIP (from the github) cannot be imported, because they are broken until you make the above edit (which is simple if you have a computer handy, but a pain in the butt if you just have your iPad/iPhone lying around).

I just thought it would be nice to suggest it be pre-edited for folks in the future.

User avatar

parityboy
Site Admin
Posts: 1105
Joined: Wed Feb 05, 2014 3:47 am

Re: HOWTO: iOS Connection Guide

Postby parityboy » Fri Apr 01, 2016 2:20 am

Khariz wrote:Let me ask a simple question, the answer to which might make me understand something: are there any Linux devices which MUST use ca.crt files?


Yes, Linux desktops. The VPN module for Network Manager cannot seem to parse (or just ignores) the text block containing the certificate, hence you need to have it in a separate file. As an aside, the ca.crt line should be renamed to ca2.crt, which is the file name of the post-Heartbleed revision of the certificate.


C3f
Posts: 1
Joined: Tue Jun 07, 2016 12:38 pm

Re: HOWTO: iOS Connection Guide

Postby C3f » Tue Jun 07, 2016 12:44 pm

One of the latest updates to OpenVPN or iOS completely broke these profiles on iPad as well as iPhone. Every connection attempt led to a timeout without any helpful error messages. Took me a while to figure it out. If you have the same problem do the following:

1) Go to iOS settings
2) Scroll down to the settings panel for OpenVPN
3) Look for "Force AES-CBC ciphersuites" in advanced settings
4) Enable it. It's off by default.

Connection will work again.


scottb

Re: HOWTO: iOS Connection Guide

Postby scottb » Mon Jun 13, 2016 8:34 am

Tried to import the opvn file off Github, but got an error Profile Import Failed: line too long. Any thoughts?

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: HOWTO: iOS Connection Guide

Postby df » Tue Jun 14, 2016 9:17 am

scottb: i don't have an iOS devices to test with, but my guess would be that you imported the HTML version of the page.

I.e., https://github.com/cryptostorm/cryptost ... namic.ovpn
the page you should be importing is the one in raw format from:
https://raw.githubusercontent.com/crypt ... namic.ovpn

(replace cstorm_Dynamic.ovpn with whichever config you want to use)


scottb

Re: HOWTO: iOS Connection Guide

Postby scottb » Tue Jun 14, 2016 5:02 pm

That was it! I was not aware of the raw page - must have missed that in the instructions, but thank you for pointing that out - all is well once more!


scottb

Re: HOWTO: iOS Connection Guide

Postby scottb » Thu Jun 16, 2016 9:54 pm

That was the problem - Never knew or heard about raw format and didn't see it mentioned before - I appreciate the help!


sfnywnd

Re: HOWTO: iOS Connection Guide

Postby sfnywnd » Mon Oct 03, 2016 2:25 pm

Hi:

I managed to connect using the OpenVPN code but I get periodic "Timeout" errors on the connection. I see that iOS has a native VPN function that allows for "connect on demand" - which I assume would reconnect me each time it dropped. Is it possible to use that function?

Thanks


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: HOWTO: iOS Connection Guide

Postby Khariz » Tue Oct 04, 2016 10:47 pm

I've never experienced timeouts on ios. That's interesting.

Did you do the Force AES-CBC Cybersuites fix mentioned above?

But no, the connect on demand feature is more of a "connect automatically when using or not using a specific network" feature. Not a reconnect when something is broken feature.


Dink

Re: HOWTO: iOS Connection Guide

Postby Dink » Thu Dec 15, 2016 1:48 am

df wrote:scottb: i don't have an iOS devices to test with, but my guess would be that you imported the HTML version of the page.

I.e., https://github.com/cryptostorm/cryptost ... namic.ovpn
the page you should be importing is the one in raw format from:
https://raw.githubusercontent.com/crypt ... namic.ovpn

(replace cstorm_Dynamic.ovpn with whichever config you want to use)


I'm sorry I'm such a noob, but how do I import these files from github? Do I need to register first?

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: HOWTO: iOS Connection Guide

Postby df » Thu Dec 15, 2016 2:43 am

@Dink
Nope, registration isn't required to download stuff off of GitHub.
The easiest method is probably to download the master.zip file @ https://github.com/cryptostorm/cryptost ... master.zip
Save that somewhere, unzip it, and import the configs from the 'mac' dir into whatever OpenVPN client you use.

Another option that might be easier for some is to download the configs from:
https://cryptostorm.is/mac/
That directory is setup with the correct MIME type so that the mac browser processes it correctly so that your OpenVPN client will import it instead of it being displayed in browser.


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: HOWTO: iOS Connection Guide

Postby Khariz » Thu Dec 15, 2016 2:48 am

I wrote up a guide on how to do this without the need of any external devices:

1. Download the app OpenVPN. Go into the iPhone's Settings app, locate OpenVPN, and enable "Force AES-CBC ciphersuites"

2. Download the app ZipViewer

3. Go to https://github.com/cryptostorm/cryptost ... tion_files

4. If you are on the mobile version of the page, scroll down to the bottom and click "Desktop Version"

5. Click the green "Clone or Download" button.

6. Click "Download ZIP".

7. Click "Open in..." in the upper left hand corner.

8. Select "Copy to ZipViewer".

9. Drill down into the Mac folder.

10. Select the .ovpn file of your choice.

11. Click the icon in the lower left that looks like a box with an arrow pointing up.

12. Select "Copy to OpenVPN".

13. Click the Green + sign.

14. Leave the certificate as "none selected"

15. Put your hashed (or un-hashed) token into the User ID box.

16. Put anything you want in the password field (I put a single letter).

17. Click save.

18. Connect and Enjoy.



Dink

Re: HOWTO: iOS Connection Guide

Postby Dink » Thu Dec 15, 2016 3:09 am

Thank you so much Khariz! I read up and down this thread,and couldn't find this guide. I'm really sorry you had to post it twice, but thanks again. Hope you have a good day!


taters

Re: HOWTO: iOS Connection Guide

Postby taters » Fri Dec 16, 2016 11:19 am

:D You sir are a genius. This works perfectly!!! :D :D :D


Guest

Re: HOWTO: iOS Connection Guide

Postby Guest » Thu Feb 02, 2017 5:41 am

Hey everyone,

I had some trouble getting connected on my iPhone 6s - iOS 10.2.1 with OpenVPN 1.0.7 build 199 (iOS 64bit) and figured out these settings to get my connection to work.

Follow the previously listed steps for getting your OVPN file loaded and the rest.

Hopefully someone finds some use out of this.

[img]http://imgur.com/a/mf7O4/img]


Guest

Re: HOWTO: iOS Connection Guide

Postby Guest » Thu Feb 02, 2017 5:55 am

Botched my last post, and I don't see it as an available post that I can edit, so here it is again. This time with written directions as well as the *correct* supporting image link.

I had some trouble getting connected on my iPhone 6s - iOS 10.2.1 with OpenVPN 1.0.7 build 199 (iOS 64bit) and figured out these settings to get my connection to work.

Follow the previously listed steps for getting your OVPN file loaded and the rest.

Hopefully someone finds some use out of this.

Settings I modified:
Seamless tunnel: ON (slider is green)
Protocol: TCP
Compression: No
Force AE-CBC ciphersuites: ON
Google DNS fallback: OFF

The rest should be defaults, and therefore not mentioned. I.e. I didn't mention changing it, so leave it alone.

[img]http://i.imgur.com/d8eVb4a.png[img]


Guest

Re: HOWTO: iOS Connection Guide

Postby Guest » Tue Feb 21, 2017 12:48 am

I'm not sure what the problem is, everything was working perfectly before IOS 10.x.x
I seem to be connecting fine, but when I try any .onion address I get:
"safari can not open page your iPad is not connected to the internet"
My openVPN settings match the above
Any insight into what I'm doing wrong would be greatly appreciated!

User avatar

parityboy
Site Admin
Posts: 1105
Joined: Wed Feb 05, 2014 3:47 am

Re: HOWTO: iOS Connection Guide

Postby parityboy » Tue Feb 21, 2017 5:18 pm

Guest wrote:I'm not sure what the problem is, everything was working perfectly before IOS 10.x.x
I seem to be connecting fine, but when I try any .onion address I get:
"safari can not open page your iPad is not connected to the internet"
My openVPN settings match the above
Any insight into what I'm doing wrong would be greatly appreciated!


At a guess, I would say that your DNS isn't being updated with the DNS address of the exit node you're connected to. Try a site like DNS Leak Test, to see which DNS server you're using.


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: HOWTO: iOS Connection Guide

Postby Khariz » Tue Feb 21, 2017 6:41 pm

It has been broken for me as well on iOS. Probably for the better part of six months. No dns issues or dns leak here.


NOYB

Re: HOWTO: iOS Connection Guide

Postby NOYB » Thu Feb 23, 2017 7:22 am

Khariz wrote:It has been broken for me as well on iOS. Probably for the better part of six months. No dns issues or dns leak here.


Ugly truth within CS? Things never get fixed here.


It's bad policy. Someday it will hurt them - at the worst possible time.


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: HOWTO: iOS Connection Guide

Postby Khariz » Sun Feb 26, 2017 9:24 am

Using a different browser than Safari, I managed to gather more information than just "Safari cannot open the page because your iPhone is not connected to the internet".

Using alternate browsers I get this: "The Internet connection appears to be offline. NSURLErrorDomain"

This particular error is described as: "Returned when a network resource was requested, but an internet connection is not established and cannot be established automatically, either through a lack of connectivity, or by the user's choice not to make a network connection automatically."

I'm obviously connected to the internet. I can use any web browser or app, and the connection is tunneled through the VPN, but the .onion access makes it think I'm not connected. .onion URLs used to work in iOS. I don't know if it's a change in CryptoStorm, a change in iOS, or a change in OpenVPN Connect. But I can't get it to work on my iOS devices.

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: HOWTO: iOS Connection Guide

Postby df » Sun Feb 26, 2017 10:23 am

@Khariz
If you've got console access, try `ping`ing or doing an `nslookup` against whatever .onion you're trying to access.
The .onion should resolve to something in 10.99.0.0/16, and you could also try using whatever command-line downloader iOS uses (curl, wget, lynx, fetch, etc.) to see if that will return the contents of the .onion web page. If it does, then it's most likely a browser setting that's preventing .onion access (like the fairly recent Firefox settings network.dns.blockDotOnion=true). If not, then it's something on the network level that's interfering (possibly something changing the DNS?).


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: HOWTO: iOS Connection Guide

Postby Khariz » Sun Feb 26, 2017 10:35 am

I'll try to follow up on that, but it should not be a browser setting. I've tried 7 different browsers with all the same result.

As far as DNS goes, I'm returning only CS DNS servers from external testing. I wish I had better historical records of when this began. I don't know if it began in this version of iOS, this version of OpenVPN Connect, or if it just suddenly started.

I'll try a few things based on your reply and report back.

Edit: I wonder if it is something apple is doing in iOS. If you paste an onion address into any browser without even being connected to a vpn, you get the same "not connected to the internet" message. It doesn't appear to even attempt to resolve the address. It just jumps straight to "you aren't connected".

Edit2: definitely seems iOS related. I don't have command line access, but I tried the next best thing I could think of. I used an SSL app to try to telnet to the .onion. I realize that sounds ridiculous, but if you can reach the domain, you get a completely different error than if you can't. That app is reporting the network is down as well, if I try anything with .onion. But if I type a garbage URL, I get a totally different message. Doesn't seem VPN related.


highlighter
Posts: 3
Joined: Thu Nov 27, 2014 10:33 pm

Re: HOWTO: iOS Connection Guide

Postby highlighter » Sun May 14, 2017 5:23 pm

Thank you, that fixed the problem. No modification needed. The Mac configs works well with iOS.


C3f wrote:One of the latest updates to OpenVPN or iOS completely broke these profiles on iPad as well as iPhone. Every connection attempt led to a timeout without any helpful error messages. Took me a while to figure it out. If you have the same problem do the following:

1) Go to iOS settings
2) Scroll down to the settings panel for OpenVPN
3) Look for "Force AES-CBC ciphersuites" in advanced settings
4) Enable it. It's off by default.

Connection will work again.
Bitmessage BM-2cWyjfNB1YnjTA6hWZrPmiDKZPzwdZgG6K


Guest

Re: HOWTO: iOS Connection Guide

Postby Guest » Thu Jun 15, 2017 9:15 pm

Did you ever figure this out...I've had no access for almost a year now.
It would seem that cryptostorm is no longer a viable option for .onion access on iOS.


Khariz wrote:I'll try to follow up on that, but it should not be a browser setting. I've tried 7 different browsers with all the same result.

As far as DNS goes, I'm returning only CS DNS servers from external testing. I wish I had better historical records of when this began. I don't know if it began in this version of iOS, this version of OpenVPN Connect, or if it just suddenly started.

I'll try a few things based on your reply and report back.

Edit: I wonder if it is something apple is doing in iOS. If you paste an onion address into any browser without even being connected to a vpn, you get the same "not connected to the internet" message. It doesn't appear to even attempt to resolve the address. It just jumps straight to "you aren't connected".

Edit2: definitely seems iOS related. I don't have command line access, but I tried the next best thing I could think of. I used an SSL app to try to telnet to the .onion. I realize that sounds ridiculous, but if you can reach the domain, you get a completely different error than if you can't. That app is reporting the network is down as well, if I try anything with .onion. But if I type a garbage URL, I get a totally different message. Doesn't seem VPN related.


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: HOWTO: iOS Connection Guide

Postby Khariz » Wed Nov 22, 2017 10:55 am

Still not functioning for me.


Return to “guides, HOWTOs & tutorials”

Who is online

Users browsing this forum: No registered users and 9 guests

cron

Login