We have moved to a new Sailfish OS Forum. Please start new discussions there.
438

VPN client [released]

asked 2013-12-24 17:25:48 +0300

Manankanchu gravatar image

updated 2015-05-16 12:19:55 +0300

r0kk3rz gravatar image

As I use my phone also for business purposes and services like SwissVPN I would love to see a VPN client with GUI configuration on board.

My options would be (highest preference on top):

  • PPTP/MPPE (I know it's hackable but it's the most distributed type of VPN and my security requirements are low)
  • L2TP/IPSec
  • SSL VPN / SSTP
  • OpenVPN
  • OpenConnect / VPNC
  • tinc

Username/Password would be sufficient for me, others may require certs

EDIT: added tinc (see https://together.jolla.com/question/14495/mer-tools-package-for-tinc-vpn-software/)

EDIT: @developers of VPN GUI: I can provide you with test accounts for PPTP/MPPE, L2TP/IPsec, OpenVPN and SSL VPN servers - please contact me at jollavpn (at) manankanchu.com

EDIT: added OpenConnect as requested protocol, see https://together.jolla.com/question/5817/duplicate-cisco-ssl-vpn-support-openconnect/ (resolved thru native app "SecureFishNet")

EDIT 05/15: Open VPN Support announced on SailfishOS Roadmap

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by nthn
close date 2017-03-06 12:49:11.310288

Comments

16

Also for Cisco VPN

renegade22 ( 2013-12-25 21:15:28 +0300 )edit
16

Don't know if it's possible, but i'd like to have the possibility to auto connect some vpn depending on the wifi network I'm connected to.

kael ( 2013-12-26 16:07:04 +0300 )edit
2

kael: this sounds as work for Profilematic successor .. :)

Kaacz ( 2013-12-31 02:45:51 +0300 )edit
5

If someone starts coding a gui for this, Connman (used as a connection manager in Sailfish) has a readily made dbus api for handling at least OpenConnect, OpenVPN, VPNC, L2TP and PPTP. For example autoconnecting a certain vpn depending on the wifi network should be very easily doable with it.

Jare ( 2014-01-01 10:39:15 +0300 )edit
2

for me, PPTP is also quite important. Of course, GUI for both pptp and ipsec would be very welcome.

casanunda ( 2014-01-06 01:06:50 +0300 )edit

8 Answers

Sort by » oldest newest most voted
48

answered 2013-12-24 17:37:53 +0300

lbt gravatar image

updated 2013-12-24 17:38:22 +0300

openvpn is available already; however you need developer mode to access it and there's currently no app to help set it up.

Login as nemo and:

 ssu ar mer-tools
 pkcon refresh
 pkcon install openvpn
edit flag offensive delete publish link more

Comments

8

Yeah, OpenVPN is definitely a "must have". We still need a GUI :)

PhixGre ( 2013-12-24 18:00:43 +0300 )edit
1

I have OpenVPN set up and working as described above. Gui would be nice, but then again whenever I need it on my phone I do need the fingerterm as well.

Frye ( 2013-12-24 19:02:57 +0300 )edit
9

True, OpenVPN is running perfectly from the shell. A GUI like on N900 wold be quite handy. Maybe it could even be integrated as little icon in "settings" like GPS, or flight mode?

ibins ( 2013-12-24 20:19:21 +0300 )edit
1

Can we also have openconnect ?

Sfiet_Konstantin ( 2013-12-24 22:10:55 +0300 )edit
8

YES! Need install vpnc & openconnect rpm

openconnect --certificate='/home/nemo/VPN/my-personal-cert.p12' --no-passwd --cafile='/home/nemo/VPN/CA-server-signed.pem' --disable-ipv6 --useragent='Cisco AnyConnect VPN Agent for Linux 3.0.2052' --script='/etc/vpnc/vpnc-script' vpngw.mydomain.com
Kaacz ( 2013-12-28 04:59:01 +0300 )edit
24

answered 2014-10-30 01:09:22 +0300

hook gravatar image

There is also SecureFishNet:

SecureFishNet is OpenVPN client manager for Sailfish. You can manage openvpn connection with it. It requires Openvpn and that will be downloaded from repository. (If not you can do it with “pkcon install openvpn”).

edit flag offensive delete publish link more

Comments

3

VPN is surely very important - even for private use nowadays. My first two preferencies would be 1. L2TP/IPSec 2. Open VPN (to configure from GUI)

Downloaded and installed package openvpn as inidcated above. How can I configure this in the absence of a GUI possibility and how can I activate a connectiion when needed?

imagomundi ( 2014-12-02 15:12:47 +0300 )edit

SecureFishNet works like a charm for OpenVPN connections. Luckily, my company just switched from PPTP to OpenVPN, so no I can use it for connecting to both my home and company network...

casanunda ( 2015-01-27 17:57:48 +0300 )edit

Just downloaded SFN, works very well with my OpenVPN server! GUI is a bit weird but works nice.

ozzi ( 2015-07-03 14:00:49 +0300 )edit
2

answered 2015-07-01 09:09:22 +0300

BirdZhang gravatar image

updated 2015-07-01 10:58:11 +0300

For PPTP/MPPE users:

Install ppp&pptp&pptp-setup from warehouse

Links:

https://openrepos.net/content/ketilk/ppp

https://openrepos.net/content/ketilk/pptp

https://openrepos.net/content/ketilk/pptp-setup

Use these commands in terminal(devel-su needed)

 pptpsetup --create vpn --server XXX.XXX.XXX.XX --username jolla --password jolla --encrypt --start

If success ,will show like this:

Using interface ppp0

Connect: ppp0 <–> /dev/pts/2

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local  IP address 192.168.111.103

remote IP address 192.168.111.100

Then,add ppp0 to route

route add -net 0.0.0.0 dev ppp0

Note:Everytime your network changed,you should execute these commands:

pppd call vpn

route add -net 0.0.0.0 dev ppp0
edit flag offensive delete publish link more

Comments

I have to disagree - as this solution does not work.

Well - at least for me - have tried for several times now - never successfully.

See: https://together.jolla.com/question/88176/pptp-cant-be-installed/

Also in my opinion such a basic feature - as much needed and voted for as that simply needs to be integrated of a client in the official store - but not through a command line solution.

kaktux ( 2015-07-01 11:25:10 +0300 )edit

@kaktux I also want a GUI not a command. But at this time,there is none GUI. I only want to share my solution for sailors who want. And it works for me.

BirdZhang ( 2015-07-02 04:50:11 +0300 )edit
1

answered 2015-05-23 14:45:01 +0300

chruldt gravatar image

I just built strongswan on my Jolla, but it seems I need some more kernel modules to get it working as I get 'unable to allocate SPIs from kernel'

https://lists.strongswan.org/pipermail/users/2012-January/002441.html links to a page saying I need all of these:

CONFIG_XFRM_USER is not set

CONFIG_NET_KEY_MIGRATE is not set

CONFIG_INET_IPCOMP is not set

CONFIG_INET_XFRM_TUNNEL is not set

CONFIG_INET_LRO is not set

CONFIG_INET_UDP_DIAG is not set

CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set

CONFIG_INET_IPCOMP is not set

CONFIG_IPV6_SIT_6RD is not set

CONFIG_IPV6_TUNNEL is not set

CONFIG_IPV6_MROUTE is not set

CONFIG_NETFILTER_DEBUG is not set

CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set

CONFIG_NETFILTER_XT_TARGET_CT is not set

CONFIG_NETFILTER_XT_TARGET_DSCP is not set

CONFIG_NETFILTER_XT_TARGET_HL is not set

CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set

CONFIG_NETFILTER_XT_TARGET_NFLOG is not set

CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set

CONFIG_NETFILTER_XT_TARGET_RATEEST is not set

CONFIG_NETFILTER_XT_TARGET_TEE is not set

CONFIG_NETFILTER_XT_TARGET_TPROXY is not set

CONFIG_NETFILTER_XT_TARGET_TRACE is not set

CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set

CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set

CONFIG_NETFILTER_XT_MATCH_ADDRTYPE is not set

CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set

CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set

CONFIG_NETFILTER_XT_MATCH_CPU is not set

CONFIG_NETFILTER_XT_MATCH_DCCP is not set

CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set

CONFIG_NETFILTER_XT_MATCH_DSCP is not set

CONFIG_NETFILTER_XT_MATCH_ESP is not set

CONFIG_NETFILTER_XT_MATCH_OSF is not set

CONFIG_NETFILTER_XT_MATCH_OWNER is not set

CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set

CONFIG_NETFILTER_XT_MATCH_RATEEST is not set

CONFIG_NETFILTER_XT_MATCH_REALM is not set

CONFIG_NETFILTER_XT_MATCH_RECENT is not set

CONFIG_NETFILTER_XT_MATCH_SCTP is not set

CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set

edit flag offensive delete publish link more
1

answered 2015-09-10 18:38:41 +0300

lobelia gravatar image

I know this thread is pretty old but in case it helps somebody I got is working with openvpn

  • Install openvpn
devel-su
pkcon install openvpn
  • Create config file (conf.ovpn)
tls-client
fragment 1450
pull
comp-lzo
dev tun
remote vpn.myvpn.com 2195
proto udp
ca /home/nemo/vpn/ca-pem.crt
ns-cert-type server
tls-client
key /home/nemo/vpn/vpn_key.pem
cert /home/nemo/vpn/vpn_cert.pem
auth-user-pass
  • Launch openvpn
openvpn --config /home/nemo/vpn/conf.ovpn
edit flag offensive delete publish link more

Comments

...or install SecureFishnet as mentioned above to do configuration and starting of VPN through a GUI...

casanunda ( 2015-09-10 19:12:29 +0300 )edit

I couldn't find it in the Jolla store and I don't usually install Android apps

lobelia ( 2015-09-10 22:12:05 +0300 )edit
1

It would make more sense to utilize connman-vpn and its openvpn plugin instead of running these commands by hand. Check vpn-config-format.txt how to create suitable config file for openvpn. Routes etc. are setup properly if you use connman-vpn and also connman then knows about the vpn link.

jr ( 2015-09-10 22:15:52 +0300 )edit
1

@lobelia: SecureFishNet is not in the official Jolla store, it is in the community OpenRepos that have their own app store called Warehouse. You can read more about it on the link in this comment.

hook ( 2015-10-01 09:17:36 +0300 )edit

Thanks hook, SecureFishNet app makes things much easier, and I don't know how I managed to live without OpenRepos and Warehouse until now :)

lobelia ( 2015-10-01 11:01:39 +0300 )edit
0

answered 2015-03-14 22:11:00 +0300

iourine gravatar image

updated 2015-03-14 22:15:12 +0300

PPTP is not the best option since nowdays many mobile providers (and some fixed ones) do block protocols other than the well-known three (TCP, UDP, ICMP). PPTP utilises GRE and thus does not work in this case. I had many complaints from my customers about this, and the only solution was switching to TCP- or UDP-based tunneling.

OpenVPN is great but definitely it needs a GUI client for regular users, which are not networking experts.

IPsec + X.509 + NAT Traversal (that is, AH/ESP-over-UDP) is also highly desirable, but there is a caveat: there are 2 popular implementations for Linux, StrongSWAN and OpenSWAN. They are _said_ to be compatible to standards and to each other, yet never I have seen a working examle of communication between them. Nor could I couple them myself. Thus, none is perfect, and none will provide 100% compatibility with the other systems. Thus, a perfect system should have an option to select either of the *SWANs to be de/re/installed on user's choice.

What is even more discouraging is that Jolla shipbuilders cannot even say definitely if IPsec support is complied into the kernel or not. Not to say which of the two...

edit flag offensive delete publish link more
0

answered 2016-03-26 14:11:32 +0300

Tuep gravatar image

Is there somewhere an easy step-by-step instruction how one can setup a connection via vpnc? I set up an VPN via my Frizbox router and would like to connect with the jolla.

edit flag offensive delete publish link more

Comments

Have you tried this? https://talk.maemo.org/showthread.php?t=92338

max ( 2016-03-26 16:34:23 +0300 )edit

I edited now the conf file, but i dont know how to proceed the instructions are unclear to me.

Tuep ( 2016-03-26 17:09:16 +0300 )edit
0

answered 2017-03-06 12:48:48 +0300

nthn gravatar image

VPN is at last available inside Settings as of 2.1.0.9. There are some bugs left, especially with importing VPN configurations, but generally it works. Closing!

edit flag offensive delete publish link more

Comments

And when will 2.1.0.9 be available?

Julf ( 2017-03-07 16:00:31 +0300 )edit

I can connect to my openVPN, but my traffic is not routed through it. Is there an option in the GUI or do I have to set the routing manually?

JaVaEs ( 2017-03-17 17:58:12 +0300 )edit
1

@JaVaEs - add the ovpn then connect once and reboot the device - that way it works for me - this is needed for every new server - after that it works like a charm - for security reasons I do an IP check after I connect to a new network to be sure it's working as expected ...

elastic ( 2017-04-04 22:12:05 +0300 )edit

Question tools

Follow
90 followers

subscribe to rss feed

Stats

Asked: 2013-12-24 17:25:48 +0300

Seen: 30,620 times

Last updated: Mar 06 '17

Related questions

[Feature-request] Exchange contacts global directory search

Password manager for Sailfish [answered]

Calendar Cover should show future appointments

Provide an option to set default "From:" mail address [released]

[Feature-request] Track & protect my Jolla

Landscape mode [duplicate]

PBAP bluetooth profile support is requested [released]

[Implemented in 1.0.3.8] Landscape mode in keyboard, gestures, browser and messages [released]

My Jolla does not recognise any micro sd card. What I can do? [answered]

[Implemented in 1.0.4.20] WiFi tethering [released]

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49