PIA client doesn't connect, OpenVPN works...

Hi,

I'm on an iPhone 7 iOS 10.1.1 using both the official PIA client and OpenVPN Connect.

On the network at uni it looks like udp vpn connections are blocked. The PIA client fails to connect while OpenVPN connects if I set it to use tcp. However, when using OpenVPN I don't get the benefits of MACE (ad blocking). On other networks PIA works fine.

Is there a way to force the PIA client to use tcp? Or, is there a way to enable MACE (ad blocking) using the OpenVPN Connect client?

Thanks :)

Comments

  • Posts: 1
    +1

    If these aren't options, is there an appropriate place to post a feature request for the iOS app?
  • I'm using the pia app with my mobile phone that uses android v1.3.2(90) and i could go into settings but on my ipad v2.0(1871) the only setting i could select is reconnection automatic and mace were as before it had settings like my android phone.Is there a bug in the app pia for ios?
  • Workaround:

    I added the following to my opvn config files so that the Adguard DNS servers are used:

    dhcp-option DNS 176.103.130.130
    dhcp-option DNS 176.103.130.131
    block-outside-dns

    Here's the complete ovpn for AU Sydney. It uses tcp and includes the required ca and crl so they don't have to be imported separately:


    client
    dev tun
    proto tcp
    remote aus.privateinternetaccess.com 501
    resolv-retry infinite
    nobind
    persist-key
    persist-tun

    <ca>
    -----BEGIN CERTIFICATE-----
    MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
    VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
    BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
    dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
    IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
    FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQw
    MzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
    EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
    QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
    AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
    ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
    bmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVk
    hjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULN
    De4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9K
    V2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ
    25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SND
    fCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZyl
    p7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7p
    Kwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzj
    tRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wi
    jSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNz
    meGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz
    1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNV
    HQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRt
    yWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
    EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
    cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
    HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
    ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
    aW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkq
    hkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCt
    pXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dv
    Em89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1G
    tF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZu
    LfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs
    6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj3
    5xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnX
    JUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJ
    iyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l
    8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW
    +no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ=
    -----END CERTIFICATE-----
    </ca>

    cipher aes-256-cbc
    auth sha256
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    reneg-sec 0
    disable-occ
    dhcp-option DNS 176.103.130.130
    dhcp-option DNS 176.103.130.131
    block-outside-dns

    <crl-verify>
    -----BEGIN X509 CRL-----
    MIIDWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
    EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
    cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
    HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
    ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
    aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa
    MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG
    9w0BAQ0FAAOCAgEAppFfEpGsasjB1QgJcosGpzbf2kfRhM84o2TlqY1ua+Gi5TMd
    KydA3LJcNTjlI9a0TYAJfeRX5IkpoglSUuHuJgXhP3nEvX10mjXDpcu/YvM8TdE5
    JV2+EGqZ80kFtBeOq94WcpiVKFTR4fO+VkOK9zwspFfb1cNs9rHvgJ1QMkRUF8Pp
    LN6AkntHY0+6DnigtSaKqldqjKTDTv2OeH3nPoh80SGrt0oCOmYKfWTJGpggMGKv
    IdvU3vH9+EuILZKKIskt+1dwdfA5Bkz1GLmiQG7+9ZZBQUjBG9Dos4hfX/rwJ3eU
    8oUIm4WoTz9rb71SOEuUUjP5NPy9HNx2vx+cVvLsTF4ZDZaUztW9o9JmIURDtbey
    qxuHN3prlPWB6aj73IIm2dsDQvs3XXwRIxs8NwLbJ6CyEuvEOVCskdM8rdADWx1J
    0lRNlOJ0Z8ieLLEmYAA834VN1SboB6wJIAPxQU3rcBhXqO9y8aa2oRMg8NxZ5gr+
    PnKVMqag1x0IxbIgLxtkXQvxXxQHEMSODzvcOfK/nBRBsqTj30P+R87sU8titOox
    NeRnBDRNhdEy/QGAqGh62ShPpQUCJdnKRiRTjnil9hMQHevoSuFKeEMO30FQL7BZ
    yo37GFU+q1WPCplVZgCP9hC8Rn5K2+f6KLFo5bhtowSmu+GY1yZtg+RTtsA=
    -----END X509 CRL-----
    </crl-verify>
  • I have similar issue with both iPhone 6 and 7.

    My wife and I used to be android users using PIA. When we change the network(WiFi to cellular) automatically(leaving the coverage area of WiFi) PIA used to auto connect. However there are tons of apps who have learnt to avoid VPN tunnelling (including banking apps) for which I could always add an exception. Everything was great until we both moved to iOS recently.

    PIA app on iOS is highly pathetic. It installs the VPN configuration into the system settings. There are toggle buttons to set auto connect which doesnt work as expected. My VPN works in WiFi but fails when I turn it off. Cellular network works without VPN just fine. Contacting support is mostly useless as they dont understand what I am asking(or I am not descriptive enough) VPN also fails to connect over any public wifi. It looks like there is deeper problem underneath and not just cellular.

    Overall I am not happi with PIA. I would neither renew nor recommend my peers/friends to move into this service. I guess there are other cheaper and better options which work more reliably.
  • edited December 2016 Posts: 3
    So im having similar issues, while on Cellular data (LTE T-mobile) it seems like Tmobile has switched to an IPv6 ip addressing. The PIA app was fine connecting up until a few days ago. I can no longer connect to PIA servers while connected on my cell data. Wifi works fine. Is there a fix?
    Post edited by Glenlivet99 on
  • Posts: 3
    The past few months, the iOS PIA client has worked in fewer and fewer places; it never worked at work, and now it has stopped working at home and at a friend's house. I'm not privy to how PIA connects, but obviously, it's method is blocked by some ISPs. now, I'm using iOS L2TP, but that means I have to be very aware of it disconnecting whenever I change networks, i.e. when I'm out of range of my WLAN, or when I'm getting into range of another wifi network to which I have access. Very cumbersome, and also basically flawed from a security standpoint.

    The PIA iOS client still works with my mobile provider, but with fewer ISPs. In desperation, I checked out a VPN competitor iOS client, which worked flawlessly, so I surmise that it's not a problem that can't be overcome. If this is not solved, I will NOT be renewing my PIA subscription when this prepaid year is up. In its current iteration, this is not a secure client for iOS VPN.

    That said, the OS X client works nicely, it's just the iOS client that is iffy (I've tested with several iOS devices on several networks, all with the latest iOS, and even with a fresh iOS install).

    Hope to see a fix really soon now!
  • Posts: 3
    OK, I found what caused this behaviour at home at least: my firewall was set to block fragmented IP packets (for security reasons). Allowing fragmented packages solved it. I believe it's the same at work. I can't see why the packets should be fragmented though.
  • Posts: 3
    I now see that the OS X PIA application supports "small frames". I suspect that some issues are caused by jumbo frames being blocked, so if this was available in the PIA iOS app as well, that might do the trick...
Sign In or Register to comment.