ubuntu-phone team mailing list archive

[Seth Ciango <seth.ciango@xxxxxxxxx>]

Francisco,

Try switching to TCP 443 to sidestep hotels and other providers that block
VPN. I've had more success with that.


Leonardo,

You will want to create two VPN connections through the Network dropdown
via VPN Settings. The first uses weaker encryption but will allow a
connection over a common unrestricted port. This is useful in hotels and
coffee shops that filter traffic. The second connection will be more secure
and should be used exclusively whenever possible.
Download both of these certificates to your phablet/Documents folder:

http://www.privateinternetaccess.com/openvpn/ca.crt
http://www.privateinternetaccess.com/openvpn/ca.rsa.4096.crt



*Connection 1: This will use the BF-CBC cipher over port 443 and work
anywhere.*
Server: italy.privateinternetaccess.com
Use Custom Gateway Port: Checked
Port: 443
All network connections: Checked
Type: OpenVPN
Protocol: TCP
Authentication Type: Password
Username and Password for your PIA account
CA Certificate: ca.crt (Browse to the file that you downloaded)
Cipher: default
Compress data: checked


*Connection 2: For normal *AES-256-CBC
Everything is the same except:

Port: 501
CA Certificate: ca.rsa.4096.crt  (Browse to the file that you downloaded)
Cipher: AES-256-CBC


After you are connected to PIA, make sure that you're using the correct
cipher. Open the terminal and run:
grep -i cipher /var/log/syslog

Something is configured incorrectly if you see: "WARNING: 'cipher' is used
inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'"

If nothing shows up in the syslog when connecting with Connection 2, you
have connected successfully with AES-256-CBC
Connection 1 will negotiate to use BF-CBC and that will show up as a
WARNING in the syslog. That is to be expected.


For more information on the different certificates and ports:
https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-



On Mon, Nov 14, 2016 at 5:54 PM, Francisco Pina Martins <
f.pinamartins@xxxxxxxxx> wrote:

> I have my OpenVPN connection working on my BQ Aquaris E4.5 OTA13.
>
> I can use it both as a local connection (which only gets used for
> resources on my VNP network), or as a fully tunnelled connection,
> effectively hiding my traffic from whatever operator I'm connected to.
>
> I have, altough, noticed that on some operators (eg. some hotel wifi
> connections) if I use the tunnel, the connection gets dropped almost
> immediately.
>
> The issue you are experiencing, though seems to be a missing "secret". You
> can try to edit the file with your VPN connection name in the directory:
>
> /etc/NetworkManager/system-connections/
>
>
> That should give you some more options to deal with.
>
>
> Best,
>
>
> Francisco
>
>
>
>
> On 14-11-2016 21:45, Leonardo Donelli wrote:
>
>> Hey guys,
>> Did anyone manage to setup Private Internet Access VPN with Ubuntu
>> Touch? (OTA-13)
>>
>> I've tried various ways that I've found online but no lack, the vpn
>> connections fails immediately with a notification: "The VPN Connection
>> <> failed because there were no valid VP.." (truncated)
>>
>>
>
> --
> Mailing list: https://launchpad.net/~ubuntu-phone
> Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-phone
> More help   : https://help.launchpad.net/ListHelp
>