ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #22860
Re: Ubuntu Phone and Private Internet Access?
Interesting. I've never encountered a captive portal as aggressive as that.
I'll try to find one and see if I can make it work. I'll let you know what
happens.
Next time it happens to you, disconnect from VPN, make sure you're
connected to their wireless, open up a terminal and type: *route *
Then connect to your VPN and type *route* again. Let's compare the two. You
might be right about the routes not behaving correctly. It could also be a
problem with their DHCP route metric if it is set too low or the tun0
metric just being set too high.
Share the results if you're able to grab the output of those two *route*
commands.
On Wed, Nov 16, 2016 at 6:10 PM, Francisco Pina Martins <
f.pinamartins@xxxxxxxxx> wrote:
> Seth,
>
> Thanks, that's actually quite a good tip for those places that block the
> standard 1194 port. But I have only ever encountered one of those.
>
> The issue is when the access point uses a web based "login" and once you
> start the tunnel you can no longer reach this login page, which ends up
> dropping your connection. Not sure there is a way around that, other than
> maybe forcing a static route. But that can't really be automated, and is
> setup dependent, I'm not sure it's worth the hassle.
>
> Cheers,
>
>
> Francisco
>
> On 15-11-2016 06:05, Seth Ciango wrote:
>
> Francisco,
>
> Try switching to TCP 443 to sidestep hotels and other providers that block
> VPN. I've had more success with that.
>
>
> Leonardo,
>
> You will want to create two VPN connections through the Network dropdown
> via VPN Settings. The first uses weaker encryption but will allow a
> connection over a common unrestricted port. This is useful in hotels and
> coffee shops that filter traffic. The second connection will be more secure
> and should be used exclusively whenever possible.
> Download both of these certificates to your phablet/Documents folder:
>
> http://www.privateinternetaccess.com/openvpn/ca.crt
> http://www.privateinternetaccess.com/openvpn/ca.rsa.4096.crt
>
>
>
> *Connection 1: This will use the BF-CBC cipher over port 443 and work
> anywhere.*
> Server: italy.privateinternetaccess.com
> Use Custom Gateway Port: Checked
> Port: 443
> All network connections: Checked
> Type: OpenVPN
> Protocol: TCP
> Authentication Type: Password
> Username and Password for your PIA account
> CA Certificate: ca.crt (Browse to the file that you downloaded)
> Cipher: default
> Compress data: checked
>
>
> *Connection 2: For normal *AES-256-CBC
> Everything is the same except:
>
> Port: 501
> CA Certificate: ca.rsa.4096.crt (Browse to the file that you downloaded)
> Cipher: AES-256-CBC
>
>
> After you are connected to PIA, make sure that you're using the correct
> cipher. Open the terminal and run:
> grep -i cipher /var/log/syslog
>
> Something is configured incorrectly if you see: "WARNING: 'cipher' is used
> inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'"
>
> If nothing shows up in the syslog when connecting with Connection 2, you
> have connected successfully with AES-256-CBC
> Connection 1 will negotiate to use BF-CBC and that will show up as a
> WARNING in the syslog. That is to be expected.
>
>
> For more information on the different certificates and ports:
> https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-
> Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-
>
>
>
> On Mon, Nov 14, 2016 at 5:54 PM, Francisco Pina Martins <
> f.pinamartins@xxxxxxxxx> wrote:
>
>> I have my OpenVPN connection working on my BQ Aquaris E4.5 OTA13.
>>
>> I can use it both as a local connection (which only gets used for
>> resources on my VNP network), or as a fully tunnelled connection,
>> effectively hiding my traffic from whatever operator I'm connected to.
>>
>> I have, altough, noticed that on some operators (eg. some hotel wifi
>> connections) if I use the tunnel, the connection gets dropped almost
>> immediately.
>>
>> The issue you are experiencing, though seems to be a missing "secret".
>> You can try to edit the file with your VPN connection name in the directory:
>>
>> /etc/NetworkManager/system-connections/
>>
>>
>> That should give you some more options to deal with.
>>
>>
>> Best,
>>
>>
>> Francisco
>>
>>
>>
>>
>> On 14-11-2016 21:45, Leonardo Donelli wrote:
>>
>>> Hey guys,
>>> Did anyone manage to setup Private Internet Access VPN with Ubuntu
>>> Touch? (OTA-13)
>>>
>>> I've tried various ways that I've found online but no lack, the vpn
>>> connections fails immediately with a notification: "The VPN Connection
>>> <> failed because there were no valid VP.." (truncated)
>>>
>>>
>>
>> --
>> Mailing list: https://launchpad.net/~ubuntu-phone
>> Post to : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>> More help : https://help.launchpad.net/ListHelp
>>
>
>
>
> --
> Mailing list: https://launchpad.net/~ubuntu-phone
> Post to : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-phone
> More help : https://help.launchpad.net/ListHelp
>
>
References