IOS 10.0.1 has removes PPTP VPN. Now what?

  • 2
  • Problem
  • Updated 3 years ago
  • Solved
After months and months of successful remote ops using my iPad and iPhone and PPTP VPN from my ASUS RT-AC66U router, the latest iOS update to 10.0.1 has removed PPTP VPN, leaving only IKEv2. IPSec, and L2TP, none of which seem to be supported by the ASUS router.

Using OpenVPN I have achieved a connection to my 6500 halfway....
Using TUN, TCP mode on OpenVPN and static IP mode on SSDR-iOS instead of Discovery or Scan, I can make it connect, and it functions as a remote control surface, but no audio or pan/waterfall diaplay.

I may need to switch to SoftEther.net, but would rather use my router without need for another computer or my Raspberry Pi running.

Anyone else have luck getting it going this way with OpenVPN on their router? I feel like I have gone from confident expert to noob overnight! Ha ha!

Ken - NM9P
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4189 Posts
  • 1334 Reply Likes

Posted 3 years ago

  • 2
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2311 Posts
  • 950 Reply Likes
PPTP VPN is horribly insecure. You should look into SoftEther or OpenVPN. I use OpenVPN without issue. 
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4189 Posts
  • 1334 Reply Likes
Yes, PPTP security is probably why apple finally dropped it. I have used OpenVPN successfully from my office and laptop windows machines, but haven't gotten it to completely connect using OpenVPN and the iPad. I am experimenting with some port forwarding, etc., trying to get it going. If I can't, then it is back to the Raspberry Pi3 and SoftEther.net.
(Edited)
Photo of WX7Y

WX7Y

  • 755 Posts
  • 153 Reply Likes
Can't you run Softether on your windows computer you run the smartSDR on, or even another another computer in your home  that is always on?

I run mine on my Home entertainment (PLEX) server which is always on and is just a Intel NUC. 

I run my Soferther VPN connection as a TAP connection and works perfectly.
73's
Bret
WX7Y
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4189 Posts
  • 1334 Reply Likes
I can and have run it on the main shack computer, but I want an option that will work if the shack computer is not available... thus the router. I have it working on asus' Router OpenVPN with my laptop and office computers remotely. But I am trying to get the iPad running with it again.
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2311 Posts
  • 950 Reply Likes
For OpenVPN you need to use their app, as there is no option in iOS itself. I don't know how the ASUS router is, but it may have an option to export the config which you can then put on your phone. 
Photo of Richard McClelland, AA5S

Richard McClelland, AA5S

  • 296 Posts
  • 61 Reply Likes
Netgear just released a Nighthawk X10 router with built-in OpenVPN support: 

"Other non-speed-related goodies that come with the X10 include new mobile support for OpenVPN, so you can tap into your home network even when you're overseas."

https://www.engadget.com/2016/10/19/netgear-s-new-nighthawk-router-doubles-as-a-plex-server/

Possibly useful to some here.
Photo of Jim Gilliam

Jim Gilliam

  • 924 Posts
  • 217 Reply Likes

How did you update SmartSDR IOS? I don't see an update option on my iPhone.


Jim, K6QE

Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4188 Posts
  • 1333 Reply Likes
Settings>General>Software Update....
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2311 Posts
  • 949 Reply Likes
Jim - SmartSDR wasn't updated. This is the iOS software update, which is the 10.0 release to debut with the iPhone 7. 
Photo of Lawrence Kellar KB5ZZB

Lawrence Kellar KB5ZZB

  • 202 Posts
  • 32 Reply Likes
My softether was not affected but my asus router pptp connection was.  I changed over to openvpn and installed openvpn connect on ipad but radio does not show up in finder smartsdr for ios
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2311 Posts
  • 949 Reply Likes
Set up SmartSDR (iOS) for connection mode "fixed" rather than "discover" and manually specify the IP. 
(Edited)
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4188 Posts
  • 1333 Reply Likes
I discovered the "fixed" trick earlier and was able only to get "half-connected." i.e. I got a Connection and picture of the rig, but no audio in or out, and no movement or updates of the screen...

THEN...I forwarded port 4492 for TCP & UDP, and port 4491 for UDP, and it seems to be working, sort of. I need to run some more tests.

Are there any more ports that need to be forwarded? I think I almost have it whipped....
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2311 Posts
  • 949 Reply Likes
That usually happens when smartSDR is running on my home PC and I try to use the iOS app. With a VPN you shouldn't have to do any port forwarding.
(Edited)
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9186 Posts
  • 3541 Reply Likes
You do if your VPN server is behind your firewall.
Photo of Lawrence Kellar KB5ZZB

Lawrence Kellar KB5ZZB

  • 202 Posts
  • 32 Reply Likes
Ken if you get it working can you detail the steps you did to do it?  I have been fighting with asus router folks (clueless)
Photo of Lawrence Kellar KB5ZZB

Lawrence Kellar KB5ZZB

  • 202 Posts
  • 32 Reply Likes
Ken i got it!!!!!  Under fixed mode it would not disconnect my maestro.  I connected with my old softether connection and kicked the maestro off.  I then reconnected via openvpn on asus router and fixed mode in smartsdr for ios and it is working
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2311 Posts
  • 949 Reply Likes
Makes sense Tim. I assumed it was part of the firewall, as mine is.
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9186 Posts
  • 3541 Reply Likes
Mine isn't.  Using an RPi3 as the VPN server.  Too stingy to replace the firewall ;-)
Photo of Frank, IZ7AUH/AK1CQ

Frank, IZ7AUH/AK1CQ

  • 178 Posts
  • 6 Reply Likes
Change router and buy a Fritz!box 3490 best one for IPSec VPN and great iOS SmartSDR operation on remote!
Photo of spopiela

spopiela

  • 82 Posts
  • 10 Reply Likes
Ken,

I tried a quick test after the ssdr update to the radio and windows 10 app. . I have an Netgear R7000 router with Open VPN. I connected to my home router through openvpn using my ATT cell data and easily connected to the radio and saw panadpter and all my functions working on IOS SSDR on my I PAd..

good luck

You have helped me a lot

Stan

N1THL
(Edited)
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4187 Posts
  • 1333 Reply Likes
I need to run into the office in a bit. I will test from there with my iPad and iPhone via wifi. My verizon connection is marginal at the house. I'll report any success and other steps....
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4187 Posts
  • 1333 Reply Likes
One other note. I received a new ASUS router firmware update yesterday, too. Between the ASUS router update and the iOS update, apparently the OpenVPN may be working a little differently. One other thing is that I apparently needed to export the OpenVPN client definition file from the router again after the two devices were updated. I don't know which firmware was the one that required the new file, but it apparently helped.
Photo of Jay -- N0FB

Jay -- N0FB, Elmer

  • 538 Posts
  • 212 Reply Likes
I'm waiting for the new version of OSX Server to be released. This is my methodology of doing VPN. I alsready have OSX Sierra installed, but server is not available yet.
(Edited)
Photo of Lawrence Kellar KB5ZZB

Lawrence Kellar KB5ZZB

  • 202 Posts
  • 32 Reply Likes
Jay: avid Mac user here. Can you explain or give a link on how you are getting OS X Server to be a vpn server?
Photo of Chris DL5NAM

Chris DL5NAM

  • 667 Posts
  • 151 Reply Likes
...  there any download possible where i can get a image ( copy of a SD card) for a VPN server running on a Raspi3? Want run SSDR-IOS remote . Any hint welcome dl5nam@gmx.de
Photo of Winston VK7WH

Winston VK7WH

  • 314 Posts
  • 74 Reply Likes
Chris, I would be grateful if you could pass on to me any useful information you receive to me. I have a Raspberry Pi 3 setup and ready to go but, alas, I lack the Programming skills to do it myself. winston(dot)henry(at)bigpond(dot)com

Thank you

Winston
Photo of Chris DL5NAM

Chris DL5NAM

  • 667 Posts
  • 151 Reply Likes
Winston will do but till today get not any hint :-(
Photo of John-K3MA

John-K3MA

  • 102 Posts
  • 29 Reply Likes
I hate when Apple decides what is best for me.  No PPTP No Headphone.  Except for Smart SDR for iOS I would not have a Apple device.  I guess I will not be updating it to iOS 10 since I have a ASUS router also.  Hopefully, someone finds a work around using the ASUS router.

Ken thanks for posting this issue as I was going to upgrade just before taking the iPAd on vacation.
(Edited)
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1362 Posts
  • 290 Reply Likes

John, see my response below. Just upgraded to OpenVPN and working fine with IOS 10.


Dave wo2x


Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4180 Posts
  • 1332 Reply Likes
I had it working from the office last night on both the iPad via wifi & OpenVPN and via the iPhone and Verizon Cellular and OpenVPN.  Here are a few highlights:

A]  ***Be sure that your home router and the remote location you are using have their IP addresses on DIFFERENT Subnets.  This has probably been one of the most common problems in people getting these VPN connections working.  The subnet is the third number in the sequence of four in your IP address:  192.168.{Subnet].[device number], etc.

(I have my home network on a much higher subnet than most people think about.  it can be anything from 1-254.  I would pick something over 10 when defining my home network IP addresses.)

B]  Be sure to set up a DDNS account via ASUS.COM or NO-IP, or something else acceptable to your router.  I am using one coordinated by ASUS.  (NOTE:  This is not needed if your ISP has given you a Static IP address.)

C]  In the ASUS VPN Tab, slide the "Enable OpenVPN Server" switch.
Then select ADVANCED SETTINGS:
The parameters I am using are.....(there may be better ones, but these are working.  If the Network Gurus on the board have better settings, PLEASE SHARE THEM...I am all ears!)

Interface Type: TUN 
Protocol: TCP
Server Port: (Default : 1194)
Firewall: Auto
Authorization Mode: TLS
Username / Password Auth. Only: Yes
Extra HMAC authorization: Disable

VPN Subnet:  [set this to a public subnet that is DIFFERENT from the subnet at either your shack or remote location]
Netmask:  [I use a standard 255.255.255.0]

 Poll Interval   0 minutes 
Push LAN to clients:  Yes

Direct clients to redirect Internet traffic: Yes/No  {your choice]  
      YES=all internet traffic goes through the VPN internet connection at the shack...  
      NO=regular internet traffic continues through the local connection at your remote location (i.e. your hotel room, etc)

Respond to DNS: Yes
Advertise DNS to clients: Yes
Encryption cipher:  AES-256-CBC
Compression:  Adaptive 
TLS Renegotiation Time:  -1 seconds (Default : -1)
Manage Client-Specific Options: Yes
Allow Client <-> Client: Yes
Allow only specified clients: No

BE SURE TO HIT "APPLY" before you leave this screen....

D] Then....IN OpenVPN GENERAL SETTINGS:
1) Setup at least one user name and password.  This will be the VPN client and password you will need to enter from your remote location to open the VPN.
2)Hit APPLY again for this screen.

Then hit the EXPORT button and save the file.
You will need to email that file to your iPad/iPhone or transfer it in some other way (iCloud, Dropbox, etc.) in order to import it to your OpenVPN client.

E]  In the WAN> NAT PASSTHROUGH tab:
Set these to ENABLE  (I don't know if they are all necessary.  Since PPTP has been disabled in IOS and it is insecure, I set that to DISABLE.)

L2TP Passthrough
IPSec Passthrough
RTSP Passthrough
H.323 Passthrough
SIP Passthrough

F]  Download the OpenVPN Connect App to your iPhone/iPad  (or install OpenVPN client to your Windows machine.)

After installation, import the Client.ovpn file you exported in step D, above.
The easiest way would be to transfer it via iCloud or Dropbox.  Open your cloud folder and click on the Client.ovpn file.  The OpenVPN App should open and allow you to import it.

G] Run the OpenVON Connect App on your iPad, or other client.

When setting it up, you need to enter the following pieces of information:
Your VPN Username: (the one you set up in Step D)  WEnter it in the slot with the little human looking icon on the app...)
Your VPN Password:  (that you set up in Step D)

Slide the switch to "Save"
Then slide the switch below it to "Connect"
If you have done things correctly, you should get a connection....

Rejoice!  your VPN connection is now active.......But you are not done.....

H]  open your SSDR-IOS app.
Go to Settings:  In Connection Mode:  select "Fixed"
Enter the Reserved or Static IP Address that you have set up for your Flex Radio.

The best way, most of the time, is to use your router to set up a RESERVED IP address that is linked to your FlexRadio.  Set it up OUTSIDE the range usually assigned to other DHCP users on your LAN.  So if you have your router's DHCP set up to assign 192.168.90.20 through 192.168.90.100 to users on your system.  ( or the DHCP Range is set to begin at 192.168.90.20 and maximum allowable assignments of 70)  set your Reserved IP to 192.168.90.150 or something like that.

NOW.  go to the Panadapter screen on SSDR-IOS and hit CON or "Tap Here to Connect"

If you get the "please select your device" and your rig shows up, GREAT!  Click it and you should be in business.

BUT SOMETIMES you have to work it to get a connection...
I have had times where the rig didn't show up immediately.  in that case, Here are a few steps I took:
a) Tap another place on the screen and try again.
b) Close the App and open it again.  Double check your selection of Static IP in the Settings.  It may not have been saved correctly.
Sometimes it took two or three times before it recognized my rig....but it finally did.

In other cases, depending upon your firewall situation It may be necessary to go to your router and/or modem/firewall and forward a couple of ports...

If you need to do this, 

Go to WAN> Virtual Server/Port Forwarding:
On the Port Forwarding List,
Forward Port 4992 to BOTH TCP and UDP
Forward port 4991 to UDP

I thought I needed to do this.  It worked.  But then I removed the port forwarding and it still worked, but required me to tap and close a few times before it recognized the rig.

I hope these steps will get you going with your SSDR-IOS on your ASUS router and OpenVPN.

Good Luck!  Let me know if you get it going or need other help.
Any additional helpful feedback from Networking experts is welcome!

Ken - NM9P
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1369 Posts
  • 293 Reply Likes
Official Response

I switched over to OpenVPN and here are the steps I did with an Asus RT-AC3200 router. I have previously set the radio to a static IP address on my network. (new feature in 1.9.7 SSDR)

1) Under VPN in router disable PPTP (unless you have other clients that support it)

2) Click on OpenVPN tab then enable it.

3) add a user and password then click apply.

4) On the OpenVPN server tab change VPN server details from General to Advanced.

5) On the advanced tab change settings to screenshot below. The VPN subnet can be a different subnet but should be unique and different from your home network and remote network.

Speaking of that, you should change your home network to a subnet that will not conflict with remote subnets. It should not be 192.168.1.0 or 192.168.0.0. I use 10.4.0.0 for the home network and 10.8.0.0 for the VPN subnet.

6) On the iPhone/iPad, download OpenVPN Client app from the AppStore.

7) In the router under the OpenVPN General tab click on export and save the client.ovpn file to your computer. Email it to yourself.

8) On the iPhone open the email containing the ovpn file and tap on the file. Under the choices select OpenVPN (you might have to scroll to the right to see that choice.

9) It will open the OpenVPN client and you will see your home IP and a green + Click on the + to add the profile.

10) Enter the username and password you created in step 3.

11) Optional, click save if you do not want to enter your password every time (careful! Security)

12) click connect

13) once connected open SmartSDR for IOS and click on settings (gear icon on bottom right)

14) Change connection mode to fixed and enter the IP address of you radio.

15) Click on Panadapter and then click CON on top. It should connect.


Make sure you are not on the same WiFi network as the radio when testing or it will not connect.

Be careful to turn off the VPN connection when not in use and if you are using cellular data keep an eye on you datausage. You don't want overages!


Dave wo2x



(Edited)
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4185 Posts
  • 1333 Reply Likes
Ha, David!
You and I must have been typing at the same time!
I'll read yours and see if it is any different!
It looks like IOS 10 added some things to the mix, because I couldn't get it going with OpenVPN before.  Perhaps I never tried the "Fixed" option before, either.

Ken - NM9P
Photo of John-K3MA

John-K3MA

  • 102 Posts
  • 29 Reply Likes
For the Interface type.  Can TAP be used instead of TUN.  I had several windows laptops working via TAP they connect and find the Flex.  Now with TUN they connect but do not find the Flex.  Is there something I need to change on the windows laptops to use TUN and find the Flex or can I go back to what worked and use TAP with iOS 10?  The Flex has a reserved IP address on the network and all other setting are correct.

John K3MA
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4180 Posts
  • 1332 Reply Likes
John, try using the "fixed" option in the settings form of SSDR-IOS. (In the program, not the rig or router). Set the IP address to whatever reserved IP you have assigned to the rig from the router. It sometimes makes a difference. See posts above for other information.
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4180 Posts
  • 1332 Reply Likes
Btw... if you are using OpenVPN and wish to change from TAP to TUN, or the other way around, you must export a new configuration file and import it to your iPad.
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4180 Posts
  • 1332 Reply Likes
But TUN is easier to get working....
Photo of John-K3MA

John-K3MA

  • 102 Posts
  • 29 Reply Likes
In OpenVPN connect for iOS I get the message "iOS doesn't support TAP-based tunnels.  I guess the only option is to work on getting TAP working with the windows based hardware.
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2311 Posts
  • 949 Reply Likes
Or you can use the static option in SmartSDR for iOS.

I used OpenVPN and then switched to L2TP with a dedicated vpn box using softether. A $60 Raspberry pi can have you setup in one evening. If you want help, I've helped several others. It's not too hard.
Photo of Chris DL5NAM

Chris DL5NAM

  • 667 Posts
  • 151 Reply Likes
Ria, if you can write down the steps it help, i think, many others who "fighting" with this type of software (like me)  We will be thankful. A Raspberry solution will be great ...
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2311 Posts
  • 949 Reply Likes
There are videos on YouTube that explain it a lot better than a set of written steps. K6OZY has made one I know.
Photo of Chris DL5NAM

Chris DL5NAM

  • 667 Posts
  • 151 Reply Likes
Ria, your right and i know the video. I try 3 times with no success.
Maybe i to old for this job with Linux.

I have asked before some weeks can any share a image from his PI. Looks like nobody have success with video .... ;-)  [OK, was a joke]
2 or 3 OM's send me a email and ask me .. did you get a response ... can we get also a copy
So i am happy, i am not alone so stupid.

I have to wait till Dayton (any year) for SSDR 2.0 - i waiting now only 3 years for WAN 

73 Chris
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2311 Posts
  • 949 Reply Likes
Chris - there is no image per se because each config has a unique key. But I can try configuring your setup if you want.

I may end up doing a script to automate the process as well.

But let me know if you want me to try.
Photo of Chris DL5NAM

Chris DL5NAM

  • 667 Posts
  • 151 Reply Likes
Ria, i know there will be no 100% ready PI image. Making some small changes (to personalize) will be not the problem. All needed hardware i have.

Maybe i have to give a 4 try and should reduce speed of Youtube video - maybe then i can follow.

Chris
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2311 Posts
  • 949 Reply Likes
I have some scripts you can try if you like. I don't see an email where I can send them to you. It should fully automate the process, except for port forwarding and setting static DHCP in your router. If you would like to try it out, let me know and let me know where I can email it to you. 
Photo of Winston VK7WH

Winston VK7WH

  • 313 Posts
  • 73 Reply Likes
Hi Ria, I would be very much appreciate if you could also send the scripts to me, as I am really out of my comfort zone trying to get set up a SoftEther Server on my PI 3

Many tnx Winston
winston(dot)henry(@)bigpond(dot)com
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4180 Posts
  • 1332 Reply Likes
Rita. I purchased a pi3 at Dayton this year, but haven't done much with it.

Is there a GUI interface for Softether for the PI? I would rather not mess with script. If I could configure it the way I did on my Windows machine when I played with it, I might try it for a while.
Photo of John-K3MA

John-K3MA

  • 102 Posts
  • 29 Reply Likes
I got pissed at the fact that Apple has caused me a issue.  So I decided to load Softether on the shack WIndows PC and set it up for use by the remote Windows laptops.  Now I have WIndows laptops using Softether successfully and iPads using OpenVPN connect.  All works but I hate having to use two solutions so I need to see how to allow L2TP on the same Softether server so that the iPads can connect natively along with the WIndows laptops.  Then I can remove OpenVPN from both the ASUS router, iPAds and Windows computers.  Not what I wanted to do but once again its Apples way or no way.
Photo of John-K3MA

John-K3MA

  • 102 Posts
  • 29 Reply Likes
Really quite easy to add L2TP to the Softether Server and now able to connect with native VPN clients in both Windows and Apple hardware.
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2311 Posts
  • 949 Reply Likes
Hi Ken-

There is a GUI, SoftEther VPN Server manager. It has a wizard for Easy VPN setup.

I only made the script because people have been asking for an image. 

- Ria (no t) :)
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 4180 Posts
  • 1332 Reply Likes
Sorry, Ria. My sister-in-law's name is Rita and my "auto-corrupt" changed it. I didn't notice until your response.
It tried to change it again in this post!

Thanks for the info. I will hook it up and try it later this week.
(Edited)