Re: [Ubuntu-phone] Ubuntu Phone and Private Internet Access?

2016-11-16 Thread Seth Ciango 
Interesting. I've never encountered a captive portal as aggressive as that.
I'll try to find one and see if I can make it work. I'll let you know what
happens.
Next time it happens to you, disconnect from VPN, make sure you're
connected to their wireless, open up a terminal and type: *route *
Then connect to your VPN and type *route* again. Let's compare the two. You
might be right about the routes not behaving correctly. It could also be a
problem with their DHCP route metric if it is set too low or the tun0
metric just being set too high.
Share the results if you're able to grab the output of those two *route*
commands.

On Wed, Nov 16, 2016 at 6:10 PM, Francisco Pina Martins <
f.pinamart...@gmail.com> wrote:

> Seth,
>
> Thanks, that's actually quite a good tip for those places that block the
> standard 1194 port. But I have only ever encountered one of those.
>
> The issue is when the access point uses a web based "login" and once you
> start the tunnel you can no longer reach this login page, which ends up
> dropping your connection. Not sure there is a way around that, other than
> maybe forcing a static route. But that can't really be automated, and is
> setup dependent, I'm not sure it's worth the hassle.
>
> Cheers,
>
>
> Francisco
>
> On 15-11-2016 06:05, Seth Ciango wrote:
>
> Francisco,
>
> Try switching to TCP 443 to sidestep hotels and other providers that block
> VPN. I've had more success with that.
>
>
> Leonardo,
>
> You will want to create two VPN connections through the Network dropdown
> via VPN Settings. The first uses weaker encryption but will allow a
> connection over a common unrestricted port. This is useful in hotels and
> coffee shops that filter traffic. The second connection will be more secure
> and should be used exclusively whenever possible.
> Download both of these certificates to your phablet/Documents folder:
>
> http://www.privateinternetaccess.com/openvpn/ca.crt
> http://www.privateinternetaccess.com/openvpn/ca.rsa.4096.crt
>
>
>
> *Connection 1: This will use the BF-CBC cipher over port 443 and work
> anywhere.*
> Server: italy.privateinternetaccess.com
> Use Custom Gateway Port: Checked
> Port: 443
> All network connections: Checked
> Type: OpenVPN
> Protocol: TCP
> Authentication Type: Password
> Username and Password for your PIA account
> CA Certificate: ca.crt (Browse to the file that you downloaded)
> Cipher: default
> Compress data: checked
>
>
> *Connection 2: For normal *AES-256-CBC
> Everything is the same except:
>
> Port: 501
> CA Certificate: ca.rsa.4096.crt  (Browse to the file that you downloaded)
> Cipher: AES-256-CBC
>
>
> After you are connected to PIA, make sure that you're using the correct
> cipher. Open the terminal and run:
> grep -i cipher /var/log/syslog
>
> Something is configured incorrectly if you see: "WARNING: 'cipher' is used
> inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'"
>
> If nothing shows up in the syslog when connecting with Connection 2, you
> have connected successfully with AES-256-CBC
> Connection 1 will negotiate to use BF-CBC and that will show up as a
> WARNING in the syslog. That is to be expected.
>
>
> For more information on the different certificates and ports:
> https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-
> Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-
>
>
>
> On Mon, Nov 14, 2016 at 5:54 PM, Francisco Pina Martins <
> f.pinamart...@gmail.com> wrote:
>
>> I have my OpenVPN connection working on my BQ Aquaris E4.5 OTA13.
>>
>> I can use it both as a local connection (which only gets used for
>> resources on my VNP network), or as a fully tunnelled connection,
>> effectively hiding my traffic from whatever operator I'm connected to.
>>
>> I have, altough, noticed that on some operators (eg. some hotel wifi
>> connections) if I use the tunnel, the connection gets dropped almost
>> immediately.
>>
>> The issue you are experiencing, though seems to be a missing "secret".
>> You can try to edit the file with your VPN connection name in the directory:
>>
>> /etc/NetworkManager/system-connections/
>>
>>
>> That should give you some more options to deal with.
>>
>>
>> Best,
>>
>>
>> Francisco
>>
>>
>>
>>
>> On 14-11-2016 21:45, Leonardo Donelli wrote:
>>
>>> Hey guys,
>>> Did anyone manage to setup Private Internet Access VPN with Ubuntu
>>> Touch? (OTA-13)
>>>
>>> I've tried various ways that I've found online but no lack, the vpn
>>> connections fails immediately with a notification: "The VPN Connection
>>> <> failed because there were no valid VP.." (truncated)
>>>
>>>
>>
>> --
>> Mailing list: https://launchpad.net/~ubuntu-phone
>> Post to : ubuntu-phone@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
>
> --
> Mailing list: https://launchpad.net/~ubuntu-phone
> Post to : ubuntu-phone@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~ubuntu-phone

Re: [Ubuntu-phone] Ubuntu Phone and Private Internet Access?

2016-11-16 Thread Francisco Pina Martins 

Seth,

Thanks, that's actually quite a good tip for those places that block the 
standard 1194 port. But I have only ever encountered one of those.


The issue is when the access point uses a web based "login" and once you 
start the tunnel you can no longer reach this login page, which ends up 
dropping your connection. Not sure there is a way around that, other 
than maybe forcing a static route. But that can't really be automated, 
and is setup dependent, I'm not sure it's worth the hassle.


Cheers,


Francisco


On 15-11-2016 06:05, Seth Ciango wrote:

Francisco,

Try switching to TCP 443 to sidestep hotels and other providers that 
block VPN. I've had more success with that.



Leonardo,

You will want to create two VPN connections through the Network 
dropdown via VPN Settings. The first uses weaker encryption but will 
allow a connection over a common unrestricted port. This is useful in 
hotels and coffee shops that filter traffic. The second connection 
will be more secure and should be used exclusively whenever possible.

Download both of these certificates to your phablet/Documents folder:

http://www.privateinternetaccess.com/openvpn/ca.crt
http://www.privateinternetaccess.com/openvpn/ca.rsa.4096.crt



*Connection 1: This will use the BF-CBC cipher over port 443 and work 
anywhere.*
Server: italy.privateinternetaccess.com 


Use Custom Gateway Port: Checked
Port: 443
All network connections: Checked
Type: OpenVPN
Protocol: TCP
Authentication Type: Password
Username and Password for your PIA account
CA Certificate: ca.crt (Browse to the file that you downloaded)
Cipher: default
Compress data: checked


*Connection 2: For normal *AES-256-CBC
Everything is the same except:

Port: 501
CA Certificate: ca.rsa.4096.crt  (Browse to the file that you downloaded)
Cipher: AES-256-CBC


After you are connected to PIA, make sure that you're using the 
correct cipher. Open the terminal and run:

grep -i cipher /var/log/syslog

Something is configured incorrectly if you see: "WARNING: 'cipher' is 
used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'"


If nothing shows up in the syslog when connecting with Connection 2, 
you have connected successfully with AES-256-CBC
Connection 1 will negotiate to use BF-CBC and that will show up as a 
WARNING in the syslog. That is to be expected.



For more information on the different certificates and ports:
https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-



On Mon, Nov 14, 2016 at 5:54 PM, Francisco Pina Martins 
> wrote:


I have my OpenVPN connection working on my BQ Aquaris E4.5 OTA13.

I can use it both as a local connection (which only gets used for
resources on my VNP network), or as a fully tunnelled connection,
effectively hiding my traffic from whatever operator I'm connected to.

I have, altough, noticed that on some operators (eg. some hotel
wifi connections) if I use the tunnel, the connection gets dropped
almost immediately.

The issue you are experiencing, though seems to be a missing
"secret". You can try to edit the file with your VPN connection
name in the directory:

/etc/NetworkManager/system-connections/


That should give you some more options to deal with.


Best,


Francisco




On 14-11-2016 21:45, Leonardo Donelli wrote:

Hey guys,
Did anyone manage to setup Private Internet Access VPN with Ubuntu
Touch? (OTA-13)

I've tried various ways that I've found online but no lack,
the vpn
connections fails immediately with a notification: "The VPN
Connection
<> failed because there were no valid VP.." (truncated)



-- 
Mailing list: https://launchpad.net/~ubuntu-phone


Post to : ubuntu-phone@lists.launchpad.net

Unsubscribe : https://launchpad.net/~ubuntu-phone

More help   : https://help.launchpad.net/ListHelp





-- 
Mailing list: https://launchpad.net/~ubuntu-phone
Post to : ubuntu-phone@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-phone
More help   : https://help.launchpad.net/ListHelp

Re: [Ubuntu-phone] Ubuntu Phone and Private Internet Access?

2016-11-15 Thread Seth Ciango 
Well, at least we're getting an error. Let's search */var/log/syslog* from
the terminal with *grep*. We want to look for things like "*vpn* and
*cipher*." If that doesn't give us what we need, we can also search for
more things like "*nm-*, *Network*, *tun0, *and *failed*." We want to
ignore case sensitivity so we'll use the "*-i*" argument with *grep*.
I'm sure there's an easier way to find this information, but let's just
hunt it down and export the information to a new log file in your Documents
folder.  From the terminal, type:

*grep -i 'vpn\|cipher' /var/log/syslog > ~/Documents/VPNError.log*

Or, if you don't want to export it to a file, just do this:

*grep -i 'vpn\|cipher' /var/log/syslog*

That will display the results in the terminal window without creating a
file.






On Tue, Nov 15, 2016 at 2:59 PM, Leonardo Donelli 
wrote:

> Thank you for your help,
>
> Seth, I followed your instructions to the letter but I still
> immediately get the same error: "The VPN connection failed because
> there were no valid VP..."
>
> On 15 November 2016 at 07:05, Seth Ciango  wrote:
> > Francisco,
> >
> > Try switching to TCP 443 to sidestep hotels and other providers that
> block
> > VPN. I've had more success with that.
> >
> >
> > Leonardo,
> >
> > You will want to create two VPN connections through the Network dropdown
> via
> > VPN Settings. The first uses weaker encryption but will allow a
> connection
> > over a common unrestricted port. This is useful in hotels and coffee
> shops
> > that filter traffic. The second connection will be more secure and
> should be
> > used exclusively whenever possible.
> > Download both of these certificates to your phablet/Documents folder:
> >
> > http://www.privateinternetaccess.com/openvpn/ca.crt
> > http://www.privateinternetaccess.com/openvpn/ca.rsa.4096.crt
> >
> >
> >
> > Connection 1: This will use the BF-CBC cipher over port 443 and work
> > anywhere.
> > Server: italy.privateinternetaccess.com
> > Use Custom Gateway Port: Checked
> > Port: 443
> > All network connections: Checked
> > Type: OpenVPN
> > Protocol: TCP
> > Authentication Type: Password
> > Username and Password for your PIA account
> > CA Certificate: ca.crt (Browse to the file that you downloaded)
> > Cipher: default
> > Compress data: checked
> >
> >
> > Connection 2: For normal AES-256-CBC
> > Everything is the same except:
> >
> > Port: 501
> > CA Certificate: ca.rsa.4096.crt  (Browse to the file that you downloaded)
> > Cipher: AES-256-CBC
> >
> >
> > After you are connected to PIA, make sure that you're using the correct
> > cipher. Open the terminal and run:
> > grep -i cipher /var/log/syslog
> >
> > Something is configured incorrectly if you see: "WARNING: 'cipher' is
> used
> > inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'"
> >
> > If nothing shows up in the syslog when connecting with Connection 2, you
> > have connected successfully with AES-256-CBC
> > Connection 1 will negotiate to use BF-CBC and that will show up as a
> WARNING
> > in the syslog. That is to be expected.
> >
> >
> > For more information on the different certificates and ports:
> > https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-
> Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-
> >
> >
> >
> > On Mon, Nov 14, 2016 at 5:54 PM, Francisco Pina Martins
> >  wrote:
> >>
> >> I have my OpenVPN connection working on my BQ Aquaris E4.5 OTA13.
> >>
> >> I can use it both as a local connection (which only gets used for
> >> resources on my VNP network), or as a fully tunnelled connection,
> >> effectively hiding my traffic from whatever operator I'm connected to.
> >>
> >> I have, altough, noticed that on some operators (eg. some hotel wifi
> >> connections) if I use the tunnel, the connection gets dropped almost
> >> immediately.
> >>
> >> The issue you are experiencing, though seems to be a missing "secret".
> You
> >> can try to edit the file with your VPN connection name in the directory:
> >>
> >> /etc/NetworkManager/system-connections/
> >>
> >>
> >> That should give you some more options to deal with.
> >>
> >>
> >> Best,
> >>
> >>
> >> Francisco
> >>
> >>
> >>
> >>
> >> On 14-11-2016 21:45, Leonardo Donelli wrote:
> >>>
> >>> Hey guys,
> >>> Did anyone manage to setup Private Internet Access VPN with Ubuntu
> >>> Touch? (OTA-13)
> >>>
> >>> I've tried various ways that I've found online but no lack, the vpn
> >>> connections fails immediately with a notification: "The VPN Connection
> >>> <> failed because there were no valid VP.." (truncated)
> >>>
> >>
> >>
> >> --
> >> Mailing list: https://launchpad.net/~ubuntu-phone
> >> Post to : ubuntu-phone@lists.launchpad.net
> >> Unsubscribe : https://launchpad.net/~ubuntu-phone
> >> More help   : https://help.launchpad.net/ListHelp
> >
> >
> >
> > --
> > Mailing list: https://launchpad.net/~ubuntu-phone
> > Post to :

Re: [Ubuntu-phone] Ubuntu Phone and Private Internet Access?

2016-11-15 Thread Leonardo Donelli 
Thank you for your help,

Seth, I followed your instructions to the letter but I still
immediately get the same error: "The VPN connection failed because
there were no valid VP..."

On 15 November 2016 at 07:05, Seth Ciango  wrote:
> Francisco,
>
> Try switching to TCP 443 to sidestep hotels and other providers that block
> VPN. I've had more success with that.
>
>
> Leonardo,
>
> You will want to create two VPN connections through the Network dropdown via
> VPN Settings. The first uses weaker encryption but will allow a connection
> over a common unrestricted port. This is useful in hotels and coffee shops
> that filter traffic. The second connection will be more secure and should be
> used exclusively whenever possible.
> Download both of these certificates to your phablet/Documents folder:
>
> http://www.privateinternetaccess.com/openvpn/ca.crt
> http://www.privateinternetaccess.com/openvpn/ca.rsa.4096.crt
>
>
>
> Connection 1: This will use the BF-CBC cipher over port 443 and work
> anywhere.
> Server: italy.privateinternetaccess.com
> Use Custom Gateway Port: Checked
> Port: 443
> All network connections: Checked
> Type: OpenVPN
> Protocol: TCP
> Authentication Type: Password
> Username and Password for your PIA account
> CA Certificate: ca.crt (Browse to the file that you downloaded)
> Cipher: default
> Compress data: checked
>
>
> Connection 2: For normal AES-256-CBC
> Everything is the same except:
>
> Port: 501
> CA Certificate: ca.rsa.4096.crt  (Browse to the file that you downloaded)
> Cipher: AES-256-CBC
>
>
> After you are connected to PIA, make sure that you're using the correct
> cipher. Open the terminal and run:
> grep -i cipher /var/log/syslog
>
> Something is configured incorrectly if you see: "WARNING: 'cipher' is used
> inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'"
>
> If nothing shows up in the syslog when connecting with Connection 2, you
> have connected successfully with AES-256-CBC
> Connection 1 will negotiate to use BF-CBC and that will show up as a WARNING
> in the syslog. That is to be expected.
>
>
> For more information on the different certificates and ports:
> https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-
>
>
>
> On Mon, Nov 14, 2016 at 5:54 PM, Francisco Pina Martins
>  wrote:
>>
>> I have my OpenVPN connection working on my BQ Aquaris E4.5 OTA13.
>>
>> I can use it both as a local connection (which only gets used for
>> resources on my VNP network), or as a fully tunnelled connection,
>> effectively hiding my traffic from whatever operator I'm connected to.
>>
>> I have, altough, noticed that on some operators (eg. some hotel wifi
>> connections) if I use the tunnel, the connection gets dropped almost
>> immediately.
>>
>> The issue you are experiencing, though seems to be a missing "secret". You
>> can try to edit the file with your VPN connection name in the directory:
>>
>> /etc/NetworkManager/system-connections/
>>
>>
>> That should give you some more options to deal with.
>>
>>
>> Best,
>>
>>
>> Francisco
>>
>>
>>
>>
>> On 14-11-2016 21:45, Leonardo Donelli wrote:
>>>
>>> Hey guys,
>>> Did anyone manage to setup Private Internet Access VPN with Ubuntu
>>> Touch? (OTA-13)
>>>
>>> I've tried various ways that I've found online but no lack, the vpn
>>> connections fails immediately with a notification: "The VPN Connection
>>> <> failed because there were no valid VP.." (truncated)
>>>
>>
>>
>> --
>> Mailing list: https://launchpad.net/~ubuntu-phone
>> Post to : ubuntu-phone@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>> More help   : https://help.launchpad.net/ListHelp
>
>
>
> --
> Mailing list: https://launchpad.net/~ubuntu-phone
> Post to : ubuntu-phone@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~ubuntu-phone
> More help   : https://help.launchpad.net/ListHelp
>

-- 
Mailing list: https://launchpad.net/~ubuntu-phone
Post to : ubuntu-phone@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-phone
More help   : https://help.launchpad.net/ListHelp

Re: [Ubuntu-phone] Ubuntu Phone and Private Internet Access?

2016-11-14 Thread Seth Ciango 
Francisco,

Try switching to TCP 443 to sidestep hotels and other providers that block
VPN. I've had more success with that.


Leonardo,

You will want to create two VPN connections through the Network dropdown
via VPN Settings. The first uses weaker encryption but will allow a
connection over a common unrestricted port. This is useful in hotels and
coffee shops that filter traffic. The second connection will be more secure
and should be used exclusively whenever possible.
Download both of these certificates to your phablet/Documents folder:

http://www.privateinternetaccess.com/openvpn/ca.crt
http://www.privateinternetaccess.com/openvpn/ca.rsa.4096.crt



*Connection 1: This will use the BF-CBC cipher over port 443 and work
anywhere.*
Server: italy.privateinternetaccess.com
Use Custom Gateway Port: Checked
Port: 443
All network connections: Checked
Type: OpenVPN
Protocol: TCP
Authentication Type: Password
Username and Password for your PIA account
CA Certificate: ca.crt (Browse to the file that you downloaded)
Cipher: default
Compress data: checked


*Connection 2: For normal *AES-256-CBC
Everything is the same except:

Port: 501
CA Certificate: ca.rsa.4096.crt  (Browse to the file that you downloaded)
Cipher: AES-256-CBC


After you are connected to PIA, make sure that you're using the correct
cipher. Open the terminal and run:
grep -i cipher /var/log/syslog

Something is configured incorrectly if you see: "WARNING: 'cipher' is used
inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'"

If nothing shows up in the syslog when connecting with Connection 2, you
have connected successfully with AES-256-CBC
Connection 1 will negotiate to use BF-CBC and that will show up as a
WARNING in the syslog. That is to be expected.


For more information on the different certificates and ports:
https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-



On Mon, Nov 14, 2016 at 5:54 PM, Francisco Pina Martins <
f.pinamart...@gmail.com> wrote:

> I have my OpenVPN connection working on my BQ Aquaris E4.5 OTA13.
>
> I can use it both as a local connection (which only gets used for
> resources on my VNP network), or as a fully tunnelled connection,
> effectively hiding my traffic from whatever operator I'm connected to.
>
> I have, altough, noticed that on some operators (eg. some hotel wifi
> connections) if I use the tunnel, the connection gets dropped almost
> immediately.
>
> The issue you are experiencing, though seems to be a missing "secret". You
> can try to edit the file with your VPN connection name in the directory:
>
> /etc/NetworkManager/system-connections/
>
>
> That should give you some more options to deal with.
>
>
> Best,
>
>
> Francisco
>
>
>
>
> On 14-11-2016 21:45, Leonardo Donelli wrote:
>
>> Hey guys,
>> Did anyone manage to setup Private Internet Access VPN with Ubuntu
>> Touch? (OTA-13)
>>
>> I've tried various ways that I've found online but no lack, the vpn
>> connections fails immediately with a notification: "The VPN Connection
>> <> failed because there were no valid VP.." (truncated)
>>
>>
>
> --
> Mailing list: https://launchpad.net/~ubuntu-phone
> Post to : ubuntu-phone@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~ubuntu-phone
> More help   : https://help.launchpad.net/ListHelp
>
-- 
Mailing list: https://launchpad.net/~ubuntu-phone
Post to : ubuntu-phone@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-phone
More help   : https://help.launchpad.net/ListHelp

Re: [Ubuntu-phone] Ubuntu Phone and Private Internet Access?

2016-11-14 Thread Francisco Pina Martins 

I have my OpenVPN connection working on my BQ Aquaris E4.5 OTA13.

I can use it both as a local connection (which only gets used for 
resources on my VNP network), or as a fully tunnelled connection, 
effectively hiding my traffic from whatever operator I'm connected to.


I have, altough, noticed that on some operators (eg. some hotel wifi 
connections) if I use the tunnel, the connection gets dropped almost 
immediately.


The issue you are experiencing, though seems to be a missing "secret". 
You can try to edit the file with your VPN connection name in the directory:


/etc/NetworkManager/system-connections/


That should give you some more options to deal with.


Best,


Francisco



On 14-11-2016 21:45, Leonardo Donelli wrote:

Hey guys,
Did anyone manage to setup Private Internet Access VPN with Ubuntu
Touch? (OTA-13)

I've tried various ways that I've found online but no lack, the vpn
connections fails immediately with a notification: "The VPN Connection
<> failed because there were no valid VP.." (truncated)




--
Mailing list: https://launchpad.net/~ubuntu-phone
Post to : ubuntu-phone@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-phone
More help   : https://help.launchpad.net/ListHelp