Revisiting ProtonVPN -- can it be made to work?

Having suffered the notorious “No service” bug in iOS 14.7.1, for which there is currently no fix, I returned to my Xperia X which after two updates is chugging along on SFOS 4.1.0.24. Of course, I made a backup before upgrading and of course the backup contains nothing useful. (For instance, the downloaded android packages whose current replacements won’t run on aliendalvik.) When I began the process my ProtonVPN was working, but now it isn’t, nor is there any way I can find to make it work.

I began by trying the protonvpn-cli-ng package on Storeman, and can devel-su with no problem, and when I run devel-su protonvpn-cli I get a password prompt, but the device passord, the devel passord, and the long and unwieldy ProtonVPN OpenVPN password all fail to authorize. In that protonvpn-cli-ng is pitifully undocumented, I uninstalled that application and fell back on the OpenVPN via configuration file, which lacks the ability to add flags specifying the fastest server and use of the excellent upstream ad blocking.

But there’s trouble here, too. Adding a new vpn in Settings > VPN seemed to go uneventfully, though I was puzzled by the lack of a place to enter username and password. I set it to prompt me, but it never did. Nor did it connect; instead, in Settings > VPN I’m given the alternate messages under the VPN entry of “Idle,” “Connecting,” and the ever-useful “Problem with connection” every second or two.

On the old forum I found a report by a user who said he had made a text file with the OpenVPN username and password (though he didn’t specify the format – All on one line? Separate lines?) and plugged that file into the Authentication credentials > Read from file line in VPN configuration. I did this, did a cold restart – no joy.

No problem with regular internet service on the device, and ProtonVPN is working well on the other devices connected to it on this network.

So – does anyone have ProtonVPN working on current SFOS? If so, how did you make it happen?

I’ve used it for a year now, through the settings with their OpenVPN credentials. My complaint is that it sometimes drops and forgets them even though I always tell it to remember. I’ve complained about it both here and in their support many times. This has forced me to keep the credentials in my password manager and get them from there every time this happens - about 2 times a month. Other than this annoyance, it works just fine.

Hmmm. Thanks. Out of curiosity, did you try the native application?

No – I only use the Android layer when there’s no other way.

I was wondering about the SFOS-native ProtonVPN application, protonvpn-cli-ng, in Storeman. (My Android subsystem in 4.0.whatever is horribly bidened – apps seem to install, but they never show up.) Do you have any experience with protonvpn-cli or protonvpn-cli-ng?

I’m sorry to hear of your experience in the VPN dropping off every so often. Back in the SFOS 2.x and early 3,x it was perfectly stable.

I didn’t know about this application. I’d try it, but I wouldn’t use it regularly – I’d like to use the built-in capabilities of the system first. By the way, I reraised the issue about dropping in the respective thread, I hope they really do something about it this time.

(XA2 - 4.3.0.12 - flashed - no android)

Other threads about ProtonVpn / OpenVpn:
https://forum.sailfishos.org/t/sailfish-and-protonvpn/5058/7
https://forum.sailfishos.org/t/how-can-i-keep-ipv6-disabled/7024/3
https://together.jolla.com/question/163103/how-to-protonvpn-on-sailfish-os/?sort=votes&page=1

I am trying to use ProtonVpn via Settings > VPN > Openvpn.
I probably make something wrong because other users achieve to connect. But what?

I downloaded the router .ovpn file.
Gave it to Settings > VPN > Openvpn (or open it from filebrowser)
Copied/pasted OpenVPN / IKEv2 ID and Pass when asked (+ ticked “remember”)

It says “connecting…” for a infinite time and nothing.
Here is an output (anonimized) of journalctl -f | grep vpn
There in error at the end but I don’t figure what it means: No closing quotation (") in TCP:0 (The selected protocol in the advanced pane is UDP, though)

Log

Feb 01 16:50:19 MyLocalHost estart[13533]: [D] unknown:0 - VPN service property changed: “State” QVariant(QString, “idle”) “/net/connman/vpn/connection/185_159_157_148_sailfishos_org” “ab-cd-01.protonvpn.com.udp”
Feb 01 16:50:19 MyLocalHost estart[13533]: [D] unknown:0 - VPN service property changed: “Timeservers” QVariant(QStringList, (“0.sailfishos.pool.ntp.org”, “1.sailfishos.pool.ntp.org”, “2.sailfishos.pool.ntp.org”, “3.sailfishos.pool.ntp.org”)) “/net/connman/vpn/connection/185_159_157_148_sailfishos_org” “ab-cd-01.protonvpn.com.udp”
Feb 01 16:50:19 MyLocalHost estart[13533]: [D] unknown:0 - VPN service property changed: “State” QVariant(QString, “association”) “/net/connman/vpn/connection/185_159_157_148_sailfishos_org” “ab-cd-01.protonvpn.com.udp”
Feb 01 16:50:19 MyLocalHost estart[13533]: [D] unknown:0 - VPN service property changed: “Timeservers” QVariant(QStringList, (“0.sailfishos.pool.ntp.org”, “1.sailfishos.pool.ntp.org”, “2.sailfishos.pool.ntp.org”, “3.sailfishos.pool.ntp.org”)) “/net/connman/vpn/connection/185_159_157_148_sailfishos_org” “ab-cd-01.protonvpn.com.udp”
Feb 01 16:50:19 MyLocalHost estart[13533]: [D] unknown:0 - VPN connection property changed: “PreventIPv6DataLeak” QVariant(bool, true) “/net/connman/vpn/connection/185_159_157_148_sailfishos_org” “ab-cd-01.protonvpn.com.udp”
Feb 01 16:50:19 MyLocalHost estart[13533]: [D] unknown:0 - VPN connection property changed: “State” QVariant(QString, “configuration”) “/net/connman/vpn/connection/185_159_157_148_sailfishos_org” “ab-cd-01.protonvpn.com.udp”
Feb 01 16:50:19 MyLocalHost openvpn[20876]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.
Feb 01 16:50:19 MyLocalHost openvpn[20876]: OpenVPN 2.5.2 armv7l-unknown-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Sep 16 2021
Feb 01 16:50:19 MyLocalHost openvpn[20876]: library versions: OpenSSL 1.1.1l FIPS 24 Aug 2021, LZO 2.09
Feb 01 16:50:19 MyLocalHost openvpn[20876]: MANAGEMENT: unix domain socket listening on /tmp/connman-vpn-management-185_159_157_148_sailfishos_org
Feb 01 16:50:19 MyLocalHost openvpn[20876]: Need password(s) from management interface, waiting…
Feb 01 16:50:19 MyLocalHost connman-vpnd[4569]: Connected management socket
Feb 01 16:50:19 MyLocalHost openvpn[20876]: MANAGEMENT: Client connected from /tmp/connman-vpn-management-185_159_157_148_sailfishos_org
Feb 01 16:50:19 MyLocalHost connman-vpnd[4569]: openvpn request >INFO:OpenVPN Management Interface Version 3 – type ‘help’ for more info
Feb 01 16:50:19 MyLocalHost connman-vpnd[4569]: openvpn request >PASSWORD:Need ‘Auth’ username/password
Feb 01 16:50:19 MyLocalHost openvpn[20876]: MANAGEMENT: CMD ‘username “Auth” “someusername_anonimized”’
Feb 01 16:50:19 MyLocalHost openvpn[20876]: MANAGEMENT: CMD ‘password […]’
Feb 01 16:50:19 MyLocalHost openvpn[20876]: MANAGEMENT: CMD ‘somepassword_anonimized"’
Feb 01 16:50:19 MyLocalHost connman-vpnd[4569]: openvpn request SUCCESS: ‘Auth’ username entered, but not yet verified
Feb 01 16:50:19 MyLocalHost connman-vpnd[4569]: openvpn request ERROR: Options error: No closing quotation (") in TCP:0
Feb 01 16:50:19 MyLocalHost connman-vpnd[4569]: openvpn request ERROR: unknown command, enter ‘help’ for more options

1 Like

ProtonVPN works for me on Xperia 10 III with 4.5.0.18.

This looks like an OpenVPN config problem. Can you post the ovpn file?

Try the Linux ovpn file. It worked for me.

Now I have no error when enabling VPN. Therefore going to whatismyipaddress.com I have the feeling it does not work.

The free version of ProtonVPN, the only one that works with OpenVPN on SFOS is the one relying on UDP and it is limited to the IPv4 traffic only - therefore it leaks all the IPv6 traffic.

In your SIM registration with your network operator change Dual to IP and in the advanced options of the OpenVPN config select Disable IPv6: yes.

Finally, your smartphone will continue to leak some data like DNS queries and WebRTC. With Firefox (and SFOS default native browser) you are able to disable that leak but with Chrome/ium you need to install an extension that can read all the website that you visit unless you did not disable that feature.

About DNS, take a look at the Quick Start Guide (here) and choose the solution you prefer.

1 Like

Thanks for your advises.
Since my mobile provider only supports ipv6 it does not work with a data connection.
it works when I’m using wifi by disabling ipv6 as you suggested. So this is very limited.

1 Like

You are welcome.

Your network operator did a reasonable choice about IPv6-only. The ProtonVPN in paid version may not probably support the IPv6 tunneling, even if that support has been asked since 2018:

On my Android Smartphone, I was using the VPN from Google because for the $20/year they offer the 100Gb plan with bells and whistles and VPN included but also advertising in mailbox despite I am a paying user - which make me think to change - it is a little thing but annoy me everyday and the life is to short to live with a daily annoying paid service.

I found another VPN provider which seems interesting but does not support the OpenVPN, again the support for OpenVPN has been asked them since years ago. Therefore the challenge to find a reliable and affordable IPv6 / OpenVPN provider is still wide open.

I am “lucky” because my network provider supports IPv4-only connections and I can live with that limitation - even better, I can leverage free ProtonVPN plan.

UPDATE

This page can help you:

The cheapest one listed there allows me to have a OpenVPN configure file in a couple of minute. I did not tried that it works, yet.

pastebin-openvpn-config-file

This QRcode will help you to download the pastebin config file (Milan, Italy).

For IPv6 only mobile data you need a CLAT → Testing CLAT for IPv6-only mobile networks

2 Likes