Finally, I created an alternative to OpenVPN Connect for iOS, and it's 100% open source!

keeshux · March 7, 2025, 2:30am

TL;DR

Passepartout is a non-official, user-friendly OpenVPN® client for iOS. Soon for macOS (sneak peek).

EDIT: please subscribe to the subreddit to report issues or request new features!

Backstory

Hi!

I’m Davide, keeshux on the Internet, and I am a former iOS lead at Private Internet Access. I had deeply contributed to writing an unofficial OpenVPN client library in Swift/Obj-C, and I’m now maintaining it on my own.

Passepartout is the spin-off of a project that originally had a different goal.

However, after leaving PIA, I thought I was so frustrated myself by the clumsy look of OpenVPN Connect, that I wanted to realize my own concept of a VPN app with that library. An app with a native L&F and effective, no-fuss UI/UX. After all, VPN apps are background daemons.

Universal client

I believe that the “killer feature” of Passepartout is the ability to act as an universal client. Everybody knows that .ovpn configuration files are a pain to provision, which normally makes using proprietary VPN clients a no-brainer.

Network presets

Passepartout introduces network presets, i.e. a static API the app uses to infer how to connect to well-known VPN networks. Unsurprisingly, PIA is the first provider I rolled out in the app, but more to come. Virtually any provider having its .ovpn configurations in the public domain can be integrated into Passepartout!

Additionally, network presets can come with pre-resolved IPv4 addresses. Pretty useful where DNS is slow or even blocked.

OpenVPN features

Passepartout aims at ease of use. To do so, I bootstrapped it with key features the majority needs:

UDP/TCP communication
AES encryption (CBC and GCM)
HMAC-SHA authentication
Client certificate
NCP
Floating (WIP)
Advanced routing
IPv6
Keep-alive
Renegotiation
…

OpenVPN supports a never ending list of things that are outdated/discouraged (e.g. compression, a huge lot of weak algorithms), so I didn’t feel stripping them like a limitation.

Bonus features

Trusted networks: do not enforce a VPN connection or prevent it completely when connecting to cellular or specific Wi-Fi networks.
Disconnect on sleep: I plan to improve it, but it’s a start. Keeping the VPN on all the time may not always be necessary, given that e.g. push notifications never go through the VPN on iOS. OpenVPN Connect disconnects on sleep no matter what, I rather made it an option.
Transparent connection parameters: Passepartout displays endpoints and connection parameters in an understandable manner. This is especially interesting for VPN providers not easily disclosing their configuration via UI.

Screenshots

Known limitations

The app will soon support TLS wrapping (--tls-auth and --tls-crypt). It’s not there yet but it’s just around the corner.
UDP fragmentation will probably never be supported (--fragment). I guess OpenVPN Connect doesn’t support it either.
MTU tweaks are only partially supported (--*-mtu and --mssfix).

Disclaimer

Passepartout is independent work and is in no way affiliated to either PIA or OpenVPN Inc.

Support

Feedback and sharing would be alone a great display of appreciation.

If you want to take it further, mind supporting me on Patreon?

kovica1 · March 7, 2025, 2:30am

I don’t use Apple products, but it is still great to hear news like this. Great job!

imagepriest · March 7, 2025, 2:30am

This looks awesome! I can’t wait to try the MacOS client, too. Tunnelblick is good but a bit unintuitive.

hatuhsawl · March 7, 2025, 2:30am

I don’t have any money or know-how to support this project, but I’m all about open-source programs and really like using apps that have a UI/UX specifically for the device it’s on.

I’ll be following for when I am able to contribute either of the above!

Anonymous · March 7, 2025, 2:30am

Oh, I’m excited about this! I just got into the whole VPN…thing and I found OpenVPN Connect such a frustrating piece of software to work with.

I am a UI designer so this makes me happy twofold. Will be following this. All the best to you.

tfcjames · March 7, 2025, 2:30am

Very interesting project. I noticed that most VPN providers are unable to get approval from Apple to use OpenVPN in their iOS apps, so most are using Cisco IPsec or IKEv2. How were you able to get your app approved? Is it because it’s open source?

HighDensityPolyethyl · March 7, 2025, 2:30am

I am loving this already… the trusted connections feature is a godsend and something I’ve been wanting for a while now! Thank you so much, I will be sure to report any issues I encounter.

magicfab · March 7, 2025, 2:30am

Can this support self-hosted OpenVPN?

TotesMessenger · March 7, 2025, 2:30am

I’m a bot, bleep, bloop. Someone has linked to this thread from another place on reddit:

[/r/apple] Finally, I created an alternative to OpenVPN Connect for iOS, and it’s 100% open source!
[/r/ios] Finally, I created an alternative to OpenVPN Connect for iOS, and it’s 100% open source!

^(If you follow any of the above links, please respect the rules of reddit and don’t vote in the other threads.) ^(Info ^/ ^[1](/message/compose?to=/r/TotesMessenger))

Contact ↩︎

seedsorter · March 7, 2025, 2:30am

I downloaded it through TestFlight but unfortunately I continually disconnect and reconnect. the connection never remains active.

Using the iPhone XS Max.

HighDensityPolyethyl · March 7, 2025, 2:30am

I know this is only a first beta, but I was wondering if you were planning on supporting some of the other options offered by PIA, such as switching protocols (UDP/TCP), GCM encryption instead of CBC, etc.

Eduel80 · March 7, 2025, 2:30am

Since you know about VPN and iOS how would one go about testing if the service is open on T-Mobile?

I can get many major VPN companies to work but when I try and do my own VPN it fails. I think it’s the open ports?

Anonymous · March 7, 2025, 2:30am

I have an OpenVPN server that just uses a profile (no user account) and the app just keeps saying that i need to finish configuration.

jVCrm68 · March 7, 2025, 2:30am

Tried to install my OpenVPN profile made from my ASUS router that imports to the OpenVPN app just fine but fails on yours.

ITUserAccount · March 7, 2025, 2:30am

Looks great! Haven’t been able to test because of the tls auth limitation, but as soon as that is working I’ll try it out.

boxheadmoose · March 7, 2025, 2:30am

Thank you! Will be checking it out and keeping a close eye on this one

nodrog6 · March 7, 2025, 2:30am

Looks great! Do you have plans to make a widget with a toggle? I use a Pi-Hole as an ad-blocker and hate having to go into the settings app to toggle the VPN constantly.

LeftIsAmerican · March 7, 2025, 2:30am

Any chance you could add a feature wherein unrecognized or specific networks get VPN’d automatically with Killswitch?

This way if I’m on a new network the default is to VPN the traffic?

JayCroghan · March 7, 2025, 2:30am

Push notifications never go through the VPN on iOS.

I live in China. When the VPN is not enabled I don’t get WhatsApp or Facebook push notifications…

the_letter_bee · March 7, 2025, 2:30am

Hey Keeshux! Currently on android and was wondering how the battery optimization is on the newer iPhones while using VPNs? My android drains very quickly whenever I have a VPN on, I think it’s because android doesn’t doze when it’s got the VPN on or something along those lines. Anyways, would feel safer under apple’s umbrella nowadays and was wondering if I should switch. Thanks