Passepartout is a non-official, user-friendly OpenVPN® client for iOS and macOS.

Overview

iOS 12+ macOS 10.15+ TunnelKit 4.0 License GPLv3

Unit Tests Release

Passepartout

Passepartout is a non-official, user-friendly OpenVPN® client for iOS and macOS.

Join Reddit Tweet

Overview

All profiles in one place

Passepartout lets you handle multiple profiles in one single place and quickly switch between them.

Ease of use

With its native look & feel, Passepartout focuses on ease of use. It does so by stripping the .ovpn flags that are today obsolete or rarely used. With good approximation, it mimics the most relevant features you will find in OpenVPN 2.4.x.

Trusted networks

Trust Wi-Fi, cellular (iOS) or wired (macOS) networks to fine-grain your connectivity. You can then choose to retain a VPN connection when entering a trusted network, or prevent it completely.

Siri shortcuts (iOS)

Enjoy the convenience of Siri shortcuts to automate frequent VPN actions.

Override network settings

Override default gateway, DNS, proxy and MTU settings right from the app. Don't bother editing the .ovpn file or your pushed server settings. This is especially useful if you want to override your provider settings, e.g. to integrate your own DNS-based ad blocking.

See your connection parameters

Passepartout strives for transparency, by showing a fairly detailed yet understandable resume of your connection parameters.

Disconnect on sleep

Keeping the VPN active in the background provides smoother operation, but may be tough for the battery. You might want to use this feature if you're concerned about battery life. When the device goes to sleep, the VPN will disconnect to then reconnect on device wake-up.

No unrequested activity

Passepartout is a VPN client and does absolutely nothing else without your consent. The providers infrastructures are obtained via a static GitHub API if and only if you manually refresh them.

Presets for major providers

Passepartout can connect to a few well-known VPN providers with an existing account:

In preset mode, you can pick pre-resolved IPv4 endpoints when DNS is problematic.

Import .ovpn profiles

Passepartout can import .ovpn configuration files. This way you can fine-tune encryption without tweaking and reimporting a new configuration.

You can find details on what may or may not work in the related section of the TunnelKit README.

Installation

Requirements

  • iOS 12.0+ / macOS 10.15+
  • Xcode 12+ (SwiftPM 5.3)
  • Git (preinstalled with Xcode Command Line Tools)
  • Ruby (preinstalled with macOS)

It's highly recommended to use the Git and Ruby packages provided by Homebrew.

Testing

Download the app codebase locally:

$ git clone https://github.com/passepartoutvpn/passepartout-apple.git

Enter the directory and clone the submodules:

$ git submodule init
$ git submodule update

For the VPN to work properly, the app requires:

  • App Groups and Keychain Sharing capabilities
  • App IDs with Packet Tunnel entitlements

both in the main app and the tunnel extension target.

Make sure to update Config.xcconfig according to your developer account and your identifiers:

CFG_TEAM_ID = A1B2C3D4E5
CFG_APP_ID = com.example.MyApp
CFG_APP_LAUNCHER_ID = com.example.MyApp.Launcher // macOS only
CFG_GROUP_ID = com.example.MyAppGroup // omit the "group." prefix
CFG_APPSTORE_ID = 1234567890 // optional for development, can be bogus

After that, open Passepartout.xcodeproj in Xcode and run the Passepartout-iOS or Passepartout-macOS target.

License

Copyright (c) 2021 Davide De Rosa. All rights reserved.

This project is licensed under the GPLv3.

Contributing

By contributing to this project you are agreeing to the terms stated in the Contributor License Agreement (CLA). For more details please see CONTRIBUTING.

Credits

The logo is taken from the awesome Circle Icons set by Nick Roach.

The country flags are taken from: https://github.com/lipis/flag-icon-css/

  • Kvitto - Copyright (c) 2015 Oliver Drobnik
  • lzo - Copyright (c) 1996-2017 Markus F.X.J. Oberhumer
  • MBProgressHUD - Copyright (c) 2009-2016 Matej Bukovinski
  • PIATunnel - Copyright (c) 2018-Present Private Internet Access
  • SSZipArchive - Copyright (c) 2010-2012 Sam Soffes
  • SwiftGen - Copyright (c) 2018 SwiftGen
  • SwiftyBeaver - Copyright (c) 2015 Sebastian Kreutzberger

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (https://www.openssl.org/)

Copyright (c) 2002-2018 OpenVPN Inc. - OpenVPN is a registered trademark of OpenVPN Inc.

Translations

  • Chinese (Simplified): OnlyThen - @OnlyThen
  • Dutch: Norbert de Vreede - @paxpacis
  • English: Davide De Rosa (author)
  • French: Julien Laniel - @linkjul
  • German: Christian Lederer, Theodor Tietze
  • Greek: Konstantinos Koukoulakis
  • Italian: Davide De Rosa (author)
  • Polish: Piotr Książek
  • Portuguese: Helder Santana - @heldr
  • Russian: Alexander Korobynikov
  • Spanish: Davide De Rosa (author), Elena Vivó
  • Swedish: Henry Gross-Hellsen - @cowpod

Usage

You are strongly encouraged to read carefully both the disclaimer and privacy policy before using this software.

Contacts

Twitter: @keeshux

Website: passepartoutvpn.app (FAQ)

Comments
  • Feature request: add DNS over TLS/HTTPS

    Feature request: add DNS over TLS/HTTPS

    It's nice that one can configure preferred DNS servers in Passepartout. Unfortunately this is only supporting the classic DNS over port 53, it seems. It would be nice if Passepartout also implemented the newer DNS over TLS (port 853) or DNS over HTTPS (port 443).

    Would it be possible to add this?

    enhancement 
    opened by pro-sumer 31
  • Error:

    Error: "Linker command failed with exit code 1 (use -v to see invocation)"

    Hello Davide you've already done enough sharing your project thank you! and I would not like to bother you, but I've already spent 2 days trying to figure out an issue when compiling your project. I'm getting a "Linker command failed with exit code 1 (use -v to see invocation)"

    Would you happen to know why Im getting this error? there is not much info about this. Thank you in advance. Cheers!

    logs

    bug 
    opened by rodrigocasillas 29
  • “Keep alive on sleep” doesn't seem to work on iOS 13 up to .2

    “Keep alive on sleep” doesn't seem to work on iOS 13 up to .2

    Hello,

    The most important problem in all of this is disabling the vpn Profile connection when the wifi is disconnected (IOS 13.1, 13.2) and nobody could reach me by call or messages. I understand this problem on side and of iOS but as i know different providers of vpn solve it somehow. Is it possible to add function to prevent sleep wi-fi? (Nevermind if battary will end fast)

    bug 
    opened by aleksslarni 14
  • Can't use connection with DNS over HTTPS

    Can't use connection with DNS over HTTPS

    Hi!

    I tried to setup DNS over HTTPS in the latest version of Passepartout (which is 1.15.0 (2617) as of now). My VPN provider is Mullvad, and I have read about the DNS issue where Mullvad hijacks DNS on the default endpoints (Mullvad ignores my custom DNS settings).

    So I chose UDP port 1400 for Endpoint and Custom DNS as Preset:

    1-main 2-endpoint 3-preset

    Now in Network settings, when I set DNS to Manual, choose HTTPS as protocol and enter my NextDNS endpoint, like so:

    4-network-settings-doh-dns

    ...it doesn't work. A connection is made, but I can't browse the internet.

    However, if I choose Cleartext as the protocol and enter the NextDNS IP addresses as endpoints (ipv6 in this case), like so:

    5-network-settings-cleartext-dns

    ...everything works perfectly fine and those DNS servers are being used (according to the NextDNS dashboard and https://www.dnsleaktest.com/).

    Now I was wondering if this is maybe because when using DNS over HTTPS, the first DNS request to find the IP for the DoH hostname is usually done by so called bootstrap DNS servers (over plain DNS). Since I can't setup those bootstrap DNS, is this why I can't use NextDNS DoH in Passepartout?

    DoH_with_bootstrap2


    OS: iOS 14.4

    bug 
    opened by sander1 13
  • Add killswitch to prevent clearnet leaks

    Add killswitch to prevent clearnet leaks

    For the macOS version it will be very useful to add killswitch. Many VPN providers have this builtin in their clients. Main purpose of this to pass traffic only through VPN and block through clearnet, except DNS resolution for VPN only, and local networks traffic.

    bug help wanted 
    opened by x13a 10
  • Connection gets stuck on Inactive if switching hosts without disconnecting first

    Connection gets stuck on Inactive if switching hosts without disconnecting first

    I’ve been working on troubleshooting a couple of OpenVPN servers and I came across an intermittent issue.

    While connected to VPN A, if I switch to VPN B and enable it without first disconnecting from the previous host, the status shows Disconnecting then Inactive. At this point I would expect it to automatically connect to VPN B. Sometimes it will but more often than not it will either stay on Inactive until I manually press Reconnect or the app will crash entirely.

    This is the debug log after I switched hosts and it got stuck on Inactive:

    Failed LINK read: Error Domain=NSPOSIXErrorDomain Code=89 "Operation canceled" 10:52:02 - Socket state is cancelled (endpoint: xx.xx.xx.xx:1194 -> xx.xx.xx.xx:1194) 10:52:02 - Cleaning up... 10:52:02 - Tunnel did stop on request 10:52:02 - Flushing log...

    Passepartout 1.10.1 (2263) iOS 13.3

    bug 
    opened by digitalec 7
  • Please make sure you have the correct access rights and the repository exists.

    Please make sure you have the correct access rights and the repository exists.

    Hi There, I just Tried to run the project like the installation doc said and I got an error when I ran the command : git submodule update

    "Please make sure you have the correct access rights and the repository exists" .

    Can someone have an issue please Thank you.

    bug 
    opened by ShishoA 7
  • VPN Profile is removed when adding trusted wifi

    VPN Profile is removed when adding trusted wifi

    I am experiencing a strange issue on my iPhone XR running the latest 14.4.2 (but is was already present in the previous iOS 14.x. I set up my vpn config via a ovpn file (pfsense openvpn connection). At some point this month or last month the iOS VPN configuration disappeared. The profile is still in passepartout and I am able to connect when I hit the Enabled toggle switch in my host config inside the app. Then the VPN configuration is readded to iOS and I connect, disconnect and re-connecr with any issue - also across reboots. But as soon as I add a Wifi to the trusted networks (without toggling the switch to trusted) the VPN configuration gets removed from iOS VPN configurations - when I reopen Passepartout the Wifi also disappeared from the Trusted Networks list.

    I am only experiencing this on the above mentioned device. Other devices (iPhone 5s, iPhone 11, iPad Air 2020) work fine. I tried removing and readding the ovpn config as well as removing and reinstalling the app without any luck...

    iOS 
    opened by alexw1982 6
  • Not works with mobile data

    Not works with mobile data

    I have issue with the mobile data when i connect my ovpn file with wifi network it works fine but when i connect with mobile data, vpn not establish connection.

    opened by manveersinghdodiya 6
  • Passepartout always sets DNS servers, even if told not to

    Passepartout always sets DNS servers, even if told not to

    I only want to access my local 10.8.0.0/24 network through the VPN, but Passepartout always sets default gw to 10.8.0.1, guiding all my traffic through my VPN. It also seems to enforce the fallback DNS servers (1.1.1.1 etc.), tcpdump of 10.8.0.0/24 shows DNS queries to 1.1.1.1.

    In my VPN profile, I have set "Default gateway" and "DNS" to "Manual", with IPv[46] disabled under "Default gateway" section, and "DNS" section left empty.

    The desired functionality would be to not touch DNS settings at all, and only direct 10.8.0.0/24 through the VPN.

    bug 
    opened by apliedes 6
  • Ukrainian translation

    Ukrainian translation

    First of all, I want to thank you for such cool app!

    I'm not a professional translator but I know English, Russian and Ukrainian, Can I somehow help to add Ukrainian language translation?

    enhancement 
    opened by josser 5
  • [Feature Request] Manually edit/add WireGuard config

    [Feature Request] Manually edit/add WireGuard config

    It would be useful to be able to edit an existing WireGuard configuration. For example, once added it's not possible to change allowed IP addresses.

    Similarly, the only way to add a WireGuard config is by using a local conf file. You can't just add new (WireGuard protocol is not selectable).

    If I could export the configuration then edit it and reimport that would work, but exporting is not available.

    enhancement 
    opened by jamieburchell 0
  • Conflict with Adguard DNS protection module

    Conflict with Adguard DNS protection module

    VPN diagnostics: https://gist.github.com/validatedev/ac3775df477c173eb04ea85c2c6529db App diagnostics: https://gist.github.com/validatedev/f01127c066e5b6eff9594f8e797ba6d9

    At 21:30 (as you can see on diagnostics), I tried connecting with my WireGuard config but it had stayed "Connecting" while AdGuard DNS protection is in use.

    This is the GUI of AdGuard DNS protection module: image

    I also tried with macOS DNS profile feature and it worked flawlessly. In addition, if official Wireguard client is used, AdGuard DNS protection module or macOS DNS profile feature takes the precedence of the selection of DNS. With Passepartout, macOS DNS profile feature is not in use (DNS values in WireGuard config is used) and Passepartout and AdGuard DNS module doesn't work together.

    opened by validatedev 1
  • The VPN disconnects and reconnect after a few seconds

    The VPN disconnects and reconnect after a few seconds

    Hello. I tried this openvpn profile on android (OpenVPN offical app), everything works great. But when running on ios, it is alway reconnected after seconds, this problem greatly affects the stability of the connection. Please see more on attach debug file [Version 2.0.2 (3395)] 14:17:41 - Trigger shutdown (error: Error Domain=TunnelKitOpenVPN Code=103 "(null)") 14:17:41 - Session did stop with error: Error Domain=TunnelKitOpenVPN Code=103 "(null)"

    debug-20221115-142415.txt

    question 
    opened by dovanvu1792 1
  • [Feature Request] Support for Obfuscation

    [Feature Request] Support for Obfuscation

    I have used Passepartout on and off and have enjoyed the flexibility and customization it provides compared to other apps. I was wondering if the developer(s) have any plans to add support for obfuscation, e.g., Cloak, to allow censorship circumvention.

    enhancement 
    opened by MahdiNazemi 3
  • [Feature Request] Per Network VPN Configuration

    [Feature Request] Per Network VPN Configuration

    A feature I'd love to see is the ability to set certain VPN configurations for certain networks. For example:

    Wifi SSID: home VPN conf: vpn_config_1 Wifi SSID: work VPN conf: vpn_config_2 Cellular VPN conf: vpn_config_3 etc

    Great work on the iOS app, love the ability to use Wireguard which came in the latest release. Thanks for all your efforts!!

    opened by ldavis9600 2
Releases(v2.0.2)
  • v2.0.2(Oct 31, 2022)

    App Store

    2.0.2 (2022-10-31)

    Added

    • OpenVPN: Support for --remote-random-hostname.

    Fixed

    • OpenVPN: Tunnel dying prematurely.
    • OpenVPN: Local network settings being ignored.
    • OpenVPN: Routes from configuration file are ignored.
    • OpenVPN: Parse IPv6 endpoints properly.
    • Restore "Reconnect" action in profiles.
    • Systematic uninstallation of VPN profile if any IAP was refunded.
    Source code(tar.gz)
    Source code(zip)
    release-notes.txt(401 bytes)
  • v2.0.1(Oct 17, 2022)

    App Store

    2.0.1 (2022-10-17)

    Added

    • IVPN provider.
    • OpenVPN: Support for --route-nopull.
    • App log in Diagnostics screen.

    Changed

    • Retain whitespaces in imported file names.

    Fixed

    • Oeck provider is available again to free users.
    • Randomic crashes on profile updates.
    • Mullvad: enforce password to avoid "Auth failed".
    Source code(tar.gz)
    Source code(zip)
    release-notes.txt(348 bytes)
  • v2.0.0(Oct 4, 2022)

    App Store

    2.0.0 (2022-10-02)

    Added

    • WireGuard support.
    • iCloud support.

    Changed

    • App completely rewritten in SwiftUI.

    Fixed

    • Files occasionally not selectable in browser.
    Source code(tar.gz)
    Source code(zip)
  • v1.18.0(Oct 4, 2022)

    App Store

    1.18.0 (2022-02-15)

    Added

    • Handle --keepalive option.

    Changed

    • Release app in the open via GitHub Actions.

    Fixed

    • Last update was not refreshed on "Refresh infrastructure".
    • Trim whitespaces in text fields.
    Source code(tar.gz)
    Source code(zip)
Owner
Passepartout
A non-official, user-friendly OpenVPN® client.
Passepartout
Simple and user-friendly application for doing the shopping list.

Shlist Simple and user-friendly application for doing the shopping list. Light _ Dark _ Features intuitive interface ability to import/export the list

Pavel Lyskov 12 Aug 20, 2022
🔌 Non-blocking TCP socket layer, with event-driven server and client.

Original authors Honza Dvorsky - http://honzadvorsky.com, @czechboy0 Matthias Kreileder - @matthiaskr1 At the request of the original authors, we ask

Vapor Community 574 Dec 7, 2022
MQTTNIO - Non-blocking, event-driven Swift client for MQTT build on SwiftNIO

This library has support for WebSocket connections and TLS. It runs on all platforms Swift NIO runs on (e.g. macOS, iOS, Linux, etc.).

Steven Roebert 41 Dec 23, 2022
The official iOS client library for api.video

api.video iOS client api.video is the video infrastructure for product builders.

api.video 8 Dec 2, 2022
Official ProtonVPN iOS and macOS app

ProtonVPN for iOS and macOS Copyright (c) 2021 Proton Technologies AG Dependencies This app uses CocoaPods for most dependencies. Everything is inside

ProtonVPN 121 Dec 20, 2022
A Swift Multiplatform Single-threaded Non-blocking Web and Networking Framework

Serverside non-blocking IO in Swift Ask questions in our Slack channel! Lightning (formerly Edge) Node Lightning is an HTTP Server and TCP Client/Serv

SkyLab 316 Oct 6, 2022
Twitter-Client - A twitter client that allow users to view tweets on their iphone

Project 3 - Twitter Client Name of your app is a basic twitter app to read your

null 0 Feb 7, 2022
Minecraft server RCON client for iOS/macOS

iRCON Minecraft server RCON client for iOS/macOS. Features Full remote console window Player list with ability to easily op, kick, ban, etc. Quickly s

JackMacWindows 7 Dec 26, 2022
WKZombie is an iOS/OSX web-browser without a graphical user interface.

WKZombie is a Swift framework for iOS/OSX to navigate within websites and collect data without the need of User Interface or API, also known as Headless browser. It can be used to run automated tests / snapshots and manipulate websites using Javascript.

Mathias Köhnke 1.1k Dec 16, 2022
Socket.io iOS and OSX Client compatible with v1.0 and later

SocketIO-Kit ⚠️ This project is no longer maintained. Please use the official framework Socket.IO-Client-Swift. SocketIO-Kit is a Socket.io iOS client

Ricardo Pereira 140 Mar 9, 2022
A network extension app to block a user input URI. Meant as a network extension filter proof of concept.

URIBlockNE A network extension app to block a user input URI. Meant as a network extension filter proof of concept. This is just a research effort to

Charles Edge 5 Oct 17, 2022
Vrrrroom - An aplication that allows the user to perform remote actions on a car

Vrrrroom Vrrrroom is an aplication that allows the user to perform remote action

Paruyr Muradian 1 Feb 20, 2022
Impervious is a privacy and security-focused browser with native DANE support and a decentralized p2p light client.

Impervious iOS The first browser with support for native DNS-Based Authentication of Named Entities (DANE) with true downgrade protection, and the fir

Impervious Inc 25 Jun 15, 2022
Beacon is a privacy and security-focused browser with native DANE support and a decentralized p2p light client.

Beacon iOS The first browser with support for native DNS-Based Authentication of Named Entities (DANE) with true downgrade protection, and the first b

Impervious Inc 25 Jun 15, 2022
SSH and SFTP client for iOS

Parrot.Flo SSH and SFTP client for iOS https://parrot-flo.site BUG ? Please Submit new issue Contact me Hey ? do you want ask about all my tools ? you

0x 4 Feb 16, 2022
This generic SOAP client allows you to access web services using a your iOS app, Mac OS X app and AppleTV app.

This generic SOAP client allows you to access web services using a your iOS app, Mac OS X app and Apple TV app. With this Framework you can create iPh

Prioregroup.com 479 Nov 22, 2022
An iOS library to route API paths to objects on client side with request, mapping, routing and auth layers

WANetworkRouting Developed and Maintained by ipodishima Founder & CTO at Wasappli Inc. Sponsored by Wisembly A routing library to fetch objects from a

null 10 Nov 20, 2022
Conforming WebSocket (RFC 6455) client library for iOS and Mac OSX

SwiftWebSocket Conforming WebSocket (RFC 6455) client library for iOS and Mac OS

null 0 Dec 24, 2021
A native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client built for iOS

A native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client built for iOS Built by Tijme Gommers – Buy me a coffee via P

Raivo OTP 770 Jan 8, 2023