How to to use ExpressVPN?

Post Reply
Canadow
OpenVpn Newbie
Posts: 2
Joined: Sat Jul 21, 2018 4:45 am

How to to use ExpressVPN?

Post by Canadow » Sat Jul 21, 2018 5:12 am

I'm subscribed to ExpressVPN but as their Android app has no kill switch, I'm trying to setup OpenVPN Connect for Android, using ExpressVPN's OpenVPN profiles.

Whenever I try to connect, the error message is "There was an error attempting to connect to the selected server". There is a toast message at the same time that says "OpenVPN core error".

The log shows:
EVENT: CORE_THREAD_ERROR info='option_error: sorry, 'fragment' directive is not supported, nor is connecting to a server that uses 'fragment' directive'

So, before posting this, I found in the FAQ:
"The fragment directive is not supported due to the complexity it adds to the OpenVPN implementation and the fact that it is usually better to leave fragmentation up to the lower-level transport protocols. Note as well that the client does not support connecting to a server that uses the fragment directive."

I have no idea what that means... but I did some tinkering and commented out the "fragment 1300" line in the profile, after which it connected without error, but I was unable to connect to any websites.

Is it possible at all to somehow get ExpressVPN to work with the OpenVPN Connect app?

Canadow
OpenVpn Newbie
Posts: 2
Joined: Sat Jul 21, 2018 4:45 am

Re: How to to use ExpressVPN? (SOLVED)

Post by Canadow » Sun Jul 22, 2018 11:43 am

For the benefit of anyone else who may one day search for the answer to this question...
I posed this question to OpenVPN's tech support for Android, and got the following reply:

"The OpenVPN Connect app for Android uses our latest software based on OpenVPN3 codebase and is more secure, faster, efficient, and has more support for various methods of defeating troublesome firewalls. However, it does not support the fragment directive.

Instead, try Arne Schwabe's OpenVPN for Android. That is the official open source OpenVPN client and it should still support the fragment directive. At the moment it still uses OpenVPN2 codebase.

The comments from the FAQ are correct, it's best left up to the underlying transport protocol instead of forcing it inside OpenVPN. For some reason though, they appear to be forcing it in OpenVPN2 and this is causing an incompatibility with OpenVPN3 codebase. In the future they might change this, but that's up to them, we have no control over ExpressVPN's services."


There are actually setup instructions for Arne Schwabe's "OpenVPN for Android" app on ExpressVPN's website, but they are not very complete, and make no mention of a Kill Switch. I have since questioned ExpressVPN's tech support about this, and they provided the following instructions:

"You can try these steps to utilize Android's Kill-switch which is called the "Always-on" feature in the meantime to be used as a kill-switch for OpenVPN for Android.

To do this for Android devices that run on Android 7 and up:
1) Turn off the VPN first. Then go to your device’s VPN settings. On some other Android devices, these can be found at Settings -> Connections -> More connection settings -> VPN, but this may vary by device.
2) Click on the gear icon next to the VPN app or connection you want to set a kill switch for.
3) Turn on both “Always -on VPN” and Block connections without VPN.
4) Confirm that you want a kill switch for your VPN

For older Android devices:
You can configure OpenVPN for Android to act as a kill switch. This may not be quite as secure as the previous method as it will not protect you if the OpenVPN for Android app crashes, but it is still pretty effective.

1) Edit the specific VPN connection in the “Profiles” tab (where your VPN connection profiles are listed).
2) Go to the “Advanced” tab and check “Persistent Tun” and set “Connection retries” to Unlimited."


I've also found another Android VPN app that provides kill switch functionality and which works with ExpressVPN. It's called "OpenVPN Client Free" and is also available on Google Play. The steps to enable the kill switch function are:
- edit the VPN
- tap on "Options"
- select "Drop packets on connect/reconnect/unexpected disconnect"

I hope the above info may help any ExpressVPN customers having the same issue. Actually, to be precise about it: ALL users of the official ExpressVPN apps for both Android and iOS have this issue, whether they realize it or not. Until ExpressVPN incorporates a kill switch (seamless tunneling) option, the official ExpressVPN app should not be considered safe to use on public wifi, and especially so in those hotspots without passwords.

Thank you to the excellent tech support at both OpenVPN.net and ExpressVPN for their assistance in providing solutions.

Post Reply