
It's supposed to re-connect, but it never does. It's rare that the VPN stays up for longer than a couple of hours. If I'm lucky, I notice that there's no longer a tiny "VPN" logo at the top of the screen, and I have to launch the app manually and flick the "connect" checkbox again. You'd think that clicking the "VPN" checkbox in Settings would work. It doesn't. It tries to connect and fails. Often (maybe always?) with "authentication failed". The only thing that works is launching the OpenVPN app and clicking the checkbox there, multiple times a day. It happens so often that I might as well not have a VPN.
And it's unconscionable that when it drops my VPN connection, it does so silently. "Oh, we just downgraded your security! I'm sure that's totally what you wanted, and you don't need an alert about it!"
Second, there appears to be no host, network, or IP-based whitelist. I want my mobile devices to not use the VPN when they are attached to my home network. First so that I can access my home devices, but also because that would be redundant, as my home network's first hop is Sonic.
Is there an iOS VPN client that is compatible with ovpn.sonic.net that sucks less than "OpenVPN Connect"? Or is there some other pile of settings that I missed?
I am 100% uninterested in your rambling story about the VPN service that you used that is not ovpn.sonic.net.
Does iOS have system-wide VPN settings section? Is there an entry for Sonic there? I wonder if there is some behaviour (e.g. alerts, reconnection, etc) that have to be managed at the iOS level? /shrug
So you decided you'd help by making easily-Googlable guesses about an OS that you don't even use?
Haha! I'm just helpful that way! :P
Drives my spouse crazy, too, don't you worry! :D
And have yourself a festive VPN holiday today!
Last time I checked, a couple of years ago, OpenVPN on iOS was unable to establish a permanent connection. It was only for "corporate" client like Cisco something ... Very frustrating.
Probably isn't what you want to do.. but you can jailbreak it and run a different OVPN client.
FFS, people.
There's no jailbreak for IOS 11. And why on earth would JWZ want to degrade his security in order to improve his security? 2 steps back, one step forward.
Please note - I did say probably not what you want to do :) and it was an ironic answer. The OVPN client isn’t that bulletproof on iOS sadly.
Please deliver your hilarious ironic answers directly to /dev/null.
This is a standing directive.
OpenVPN Connect is one of the few apps that puts extra settings actually in the Settings app, just on the offchance that you didn't look in there. There are options for reconnection in there.
I don't believe it has a network whitelist.
Nothing there that looks like it will fix the reconnect problem. All the switches seem to be pointing in the direction of "just do the right damned thing" as far as I can tell.
Have you tried using Apple configurator to make your own .mobileprofile?
Sonic's instructions involve downloading a mobile profile from their site, so I'm guessing that there aren't a bunch of other knobs in there for me to spin.
Googling for “always on vpn profile” says that you can’t set an always on vpn unless you put your iPhone in supervised mode which will also wipe your phone.
I am not asking for "turn my phone into a brick if the VPN server is not available", which I think is what you are describing.
Both the OS and the VPN app are clearly attempting to re-connect to the VPN when the connection drops at random.
They just collectively suck at it.
No other OpenVPN app, sadly. Making a custom profile with either Apple Configurator or programatically is probably the best bet.
https://www.derman.com/blogs/iPhone-OpenVPN-Setup
https://github.com/iphoting/ovpnmcgen.rb
Holy legacy code! The blink tag still works in Chrome on Android tablet!
I have nothing on topic to offer. Happy feast of Winterveil.
That's because there's a little bit of magic in the style sheet:
/* That's right bitches */
@keyframes blink {
0% { opacity:1; } 75% { opacity:1; } 76% { opacity:0; } 100% { opacity:0; }}
@-webkit-keyframes blink {
0% { opacity:1; } 75% { opacity:1; } 76% { opacity:0; } 100% { opacity:0; }}
@-moz-keyframes blink {
0% { opacity:1; } 75% { opacity:1; } 76% { opacity:0; } 100% { opacity:0; }}
@-ms-keyframes blink {
0% { opacity:1; } 75% { opacity:1; } 76% { opacity:0; } 100% { opacity:0; }}
@-o-keyframes blink {
0% { opacity:1; } 75% { opacity:1; } 76% { opacity:0; } 100% { opacity:0; }}
blink {
text-decoration: inherit;
animation: blink 0.75s ease-in infinite alternate;
-webkit-animation: blink 0.75s ease-in infinite alternate;
-moz-animation: blink 0.75s ease-in infinite alternate;
-ms-animation: blink 0.75s ease-in infinite alternate;
-o-animation: blink 0.75s ease-in infinite alternate;
}
fwiw, as a sonic ovpn/ios user i've run into the same problem with their setup and haven't found a good workaround. i'll note that their vpn service has been in "beta" for, like, ever. and now that the whole net neutrality fiasco is imminent, perhaps we, as paying users, should demand that they give it some more attention and bring it up-to-date with whatever will make it work with ios.
For whatever it's worth, the random disconnect and "fuck it, reconnecting is hard, and why should I notify the user" isn't a thing that is unique to Sonic. It's the OpenVPN app (and maybe possibly iOS support). For whatever reason the app developers have not felt especially motivated to add better resilience and user feedback.
In my configuration I have found:
Connection timeout: None
Network state detection: Disabled
Layer 2 reachability: TRUE
to provide some level of reconnect robustness. Your mileage may vary.
Wondering if it’s at least partly a server side problem. I use ovpn connect to a OpenVPN server I set up on a vps and it works reliably, doesn’t exhibit any of the problems you describe.
For accessing the local network, take a look in the ovpn connect app log. Is the server pushing routing and/or DNS settings that cause this behaviour?
Another thought. You could download the .ovpn file from sonic and fiddle with the settings before loading into connect.
Have you tried Sonic tech support? Whenever I've called them, I've had good experiences: usually, zero wait time; smart, informed technician on the other end that is willing to talk to me like a reasonably-tech-savvy adult and do their best to fix my problem (which is usually AT&T mucking with the lines, but occasionally the router).
Sounds from the comments like it's probably a client problem, but as a test you could set up an OpenVPN server of your own and compare the behavior. There's a project called Streisand (https://github.com/jlund/streisand/) which will do all the work of setting up a VPS for you, so setting up the server won't take long.
So now that every uninformed yahoo with some sort of tangential story has finished posting, i have some bad anecdotal info for you, I use the same OpenVPN app with my work VPN and it is rock solid reliable. I'm sorry to say (since I am also a happy Sonic customer) that the problem is on the Sonic side there.
The problem is not unique to Sonic. I use another vpn service and experience the same problem using OpenVPN on iOS.
OpenVPN on most platforms has an option (possibly called "persist" or "persist-tun" depending on how far the UI has drifted away from the native OpenVPN config syntax) which will keep the VPN in the routing table even when the VPN peer has gone away. Ideally this prevents data leakage during the few seconds until a new connection can be established. Until the connection is reestablished, given the choice of VPN or nothing, your device will have nothing. If the iOS version doesn't have that option, or if the process just dies randomly, then it's a bug in the iOS port.
None of that protects the phone before the OpenVPN app comes up, so it will still spray your outgoing packets indiscriminately across any available network interface until that happens. As far as I can tell, on all platforms fixing this requires rooting the device or bribing the appropriate userland gatekeepers.
Running your own OpenVPN host is a relatively small marginal time commitment if you're already keeping your own web host up (and probably fits on the same server hardware too). Your VPN server will work better than some random ISP's massively underprovisioned "just enough service so we can check the feature box on the brochures without spending any money" VPN server.
Still waiting for a smartphone that doesn't suck.
I'm struggling to figure out where in the three lines I wrote, you somehow got "its unique to Sonic" without several rounds of either google translate or aes.
If it helps at all, OpenVPN was updated on the App Store to version 1.2.5 a day ago and among the things that they changed is switching to the new internal framework-du-jour that iOS uses for network connectivity.
With any luck you may find that your problems are now gone. I have, so far, with a shitty mobile connection on an iPad in a rural area, had automatic reconnect work successfully in the sense that the VPN logo stays around and I can access my stuff after the mobile network comes back.
Experience with updated app so far:
* New App Store icon, but (as near as I can tell) same icon on Springboard.
* New app lost all my profiles, but they were still present in Settings -> VPN. A reboot of the phone made the OVPN app have the profiles again.
* New app doesn't seem any more, or any less, able to pin a connection and keep it always on. But I haven't paid any real attention to it either. MAYBE it's better. I'll watch more closely.