How to connect to ExpressVPN using manual OpenVPN configurations

June 27, 2018 Update


The ExpressVPN Taiwan 3 manual OpenVPN server is now working again in China using this method.


June 25, 2018 Update


The great firewall of China has blocked almost all VPN servers this afternoon around 3pm including the ExpressVPN Taiwan 3 manual OpenVPN server. I will still leave this tutorial up in case someone might find it useful in the future.


Many VPN services are currently 100% blocked without a single working server.


I'm happy to confirm that my top 3 recommended VPNs for China have been restoring servers for users in China very quickly and they each have a few servers that are working good right now.


See the 2018 VPN in China blog for daily updates and server speed tests.


If you are having trouble connecting to ExpressVPN, you will need to log out of your account and then re-authenticate using the activation code from your account setup page on the ExpressVPN website. Hong Kong 4, Los Angeles 2, Los Angeles 3, Tokyo, and Singapore Jurong and a few others should be working after you do this.


If you are having trouble with VPN.ac, you will need to restart the app to refresh the server list. Then you should be able to connect to Los Angeles 4, Los Angeles 5, Tokyo 2, Hong Kong 2, and Germany.


12VPN with tested with the Shadowsocks protocol on the China Optimized 2 (HK) and China Optimized 4 (SG) servers. Both were working very well.

How to connect to ExpressVPN using manual OpenVPN configurations


Published on June 24, 2018


In today's tutorial I am going to show you how to connect to ExpressVPN using manual OpenVPN configuration files with third party OpenVPN clients for Windows, Mac, Android, and iOS.


Why use third party OpenVPN clients instead of the ExpressVPN app?


As the best VPN for China, ExpressVPN has some seriously fast servers for China and very nice dedicated apps to connect to them with. Unfortunately, the fastest servers have been blocked in China for the last few days.


I was experimenting with different server locations and connection methods trying to find the fastest server to use and I discovered that Taiwan 3 was not blocked when connecting with the manual OpenVPN configuration (although it's blocked when using the app).


ExpressVPN appears to be using separate IP addresses for the app servers and the manual OpenVPN servers. If a server IP used by the app is blocked, sometimes the manual OpenVPN connection for the same server location will still work.


As these manual OpenVPN servers get used much less often, I suspect that they tend to stay "under the radar" of the GFW and don't get blocked as easily.


Another reason for using third party OpenVPN clients is that most of them are open source and considered the safest to use by security experts. Although I trust the ExpressVPN app, I often use the OpenVPN GUI app with manual OpenVPN configs when testing other VPN services that I don't know or trust.


The disadvantage of using these third party apps is that they lack many of the nice features of the ExpressVPN dedicated apps such as built-in server speed testing, kill switch, nice user interface, etc.


Most VPNs will not work at all in China using manual OpenVPN connections. This is because most of VPN providers have not figured out how to make the standard OpenVPN protocol work in China.


Only ExpressVPN and a few others have managed to figured this out.


Ok, let's get started.


How to setup manual OpenVPN on Windows


Step 1 - Download the client


Download the latest version of the OpenVPN GUI client and install it.


Download from here if you are in China without an existing VPN.


Step 2 - Download the ExpressVPN .ovpn config file


Go to the ExpressVPN website and log into your account. 


If you don't already have another VPN installed, you can access the ExpressVPN website using the link on the China-accessible VPN links page.


After you log into your account, go to the setup page and choose Manual Config as shown below.

ExpressVPN manual OpenVPN setup page

Download the configuration files for the servers that you want to connect to. I am just doing Taiwan 3 for this tutorial but you may want to set up a few different locations. Leave this page open because you will need to come back here later to copy your username and password.


Step 3 - Edit the config to block DNS leaks (for Windows 10)


If you are using Windows 7 or Windows 8 then you can skip this step.


Windows 10 is notorious for DNS leaks and the VPN will not working properly unless we add the block-outside-dns directive to the configuration file.


Open the .ovpn file in a text editor and add a new line with the text block-outside-dns as shown below.

edit config file for windows 10

Now save the file. If you rename the file, make sure that the file extensions stays as .ovpn and not .txt.

Step 4 - Import the configuration file


Open the OpenVPN GUI app and then right-click on the icon in the taskbar and choose Import file...

Windows OpenVPN gui import file

Step 5 - Connect


After importing the file, you should see a new server on the right-click menu. If I recall correctly, it won't show you the file name when you only have 1 configuration imported. It will just say "connect" or something. In my case, I already have many configurations imported so I can see the name of the file I imported on the bottom of the list.


Choose the Connect option as shown below.

Windows OpenVPN GUI connect

You will need to enter your username and password (shown in step 2) the first time you connect.

How to setup manual OpenVPN on Mac


The instructions are almost exactly the same as Windows except there is no need to edit the configuration file to block DNS leaks before importing it.


There is no official OpenVPN client for Mac, but you can use the open source Tunnelblick app.


Download the latest version of Tunnelblick

How to setup manual OpenVPN on Android


Android is a little more difficult.


The standard .ovpn configuration file from ExpressVPN will not work on the official OpenVPN Connect Android app because the OpenVPN Connect app does not support connecting to a server that uses the fragment directive. And ExpressVPN is using the fragment directive in their config.


I later found out that there is another OpenVPN app for Android that does support the fragment directive. You can use the OpenVPN by Arne Schwabe app (alternative download here) with the config files directly.


For this tutorial, I am going to show you how to modify the config file for TCP so it can be used with the official OpenVPN Connect app (I will need to do this for iOS anyway because there is no OpenVPN app for iOS that supports the fragment directive).


Step 1 - Install the OpenVPN Connect app


Download OpenVPN Connect from the Play Store.


Or, download it here if you are in China without another VPN already installed.


Step 2 - Download the config files


You can either download the .ovpn file on your computer to edit (and then transfer it to your Android). Or, you can download and edit directly on your Android.


I am going to download the file directly on my Android and edit it using the QuickEdit app.

Step 3 - Edit the config file for TCP


To convert the ExpressVPN config file to TCP for Android, follow the steps below.

1. Remove the line that starts with fragment (or add the # symbol to the beginning of the line).

2. Change the port to 443 on the line that starts with "remote" (the number at the end).

3. Add another new line with text proto tcp-client.
ovpn config file changes

Save the .ovpn file to your Android's storage after you have made the changes.


Step 4 - Import the config file


Open the OpenVPN Connect app and then tap on the + symbol to import a new server.


Then choose the .ovpn file that you edited in step 3 and tap IMPORT on the top right.


Now enter your username and password shown in the ExpressVPN setup page (see the Windows instructions for screenshot).


Note - To enter the password, you need to choose the option "Save password". Otherwise, you can only enter the username and it will ask you for the password each time you connect.


After you have entered everything, tap on ADD on the top right.

Step 5 - Connect


Now that you have imported and saved your profile with your username and password, just choose the profile and tap the toggle switch to connect.

OpenVPN Connect for Android GUI

How to setup manual OpenVPN on iOS (iPhone and iPad)


I found the iOS setup the most difficult (probably because I don't normally use iOS). At first I couldn't find a way to edit the .ovpn config file on the device, so I thought I could edit the file on my computer and then transfer it with a USB cable. I found out that such a simple task is not possible on iOS. What a stupid POS operating system.


Maybe it would have been possible if I installed iTunes on my computer, but that isn't going to happen.


Anyway, I was finally able to do it by downloading the Documents by Readdle app.


Step 1 - Install the OpenVPN Connect app and the Documents by Readdle app


If you have a Chinese iTunes account, you will need to make a US iTunes account first before you can download the OpenVPN Connect app (Apple removed all VPN apps from the China App store).


Download OpenVPN Connect and Documents by Readdle.


Step 2 - Get the config file


Open the ExpressVPN website with Safari and log into your account. Use the link on the China-accessible VPN links page if you are in China without an existing a VPN to connect to.


Open the setup page and choose Manual Config and then choose the configuration file that you want to set up.


After you tap on the config file that you want, Choose the More... option. Do not choose "Open in OpenVPN".

Download config file with Safari

Step 3 - Edit the config file with the Documents app


After you choose More.. then you should see a list of programs. Choose Copy to Documents. If you don't see it then you haven't installed the Documents app yet.

Choose copy to documents

Now you should have the config file opened in the Documents app.


We need to make the same changes as shown in the Android instructions.


Make the changes and then tap the ... symbol on the top right and then choose Share.

Make the changes and then choose share

Now choose Copy to OpenVPN.

Copy to OpenVPN

Step 4 - Import the profile


You should see a message in the OpenVPN Connect app that a new profile is available for import. Tap the + button as shown below.

iOS openvpn connect import profile

Step 5 - Enter your credentials and connect


You will need to get your username and password from the ExpressVPN setup page and enter them in the OpenVPN Connect profile.


This part is a little difficult. If you paste your username and then go back to Safari to copy your password, your username will be erased when you come back to the OpenVPN Connect app.


You can only copy and paste either your username or password. I suggest copying and pasting your password because you can't see the characters when you enter it (easy to make a mistake and impossible to check).


After you paste your password from the clipboard, enter your username manually (I suggest writing it down on a piece of paper or viewing it on another device because it's too long to remember).


After you enter your username and password, choose the option to save your password so you don't have to enter it every time you connect.


Finally, you can connect using the Connection button.

Enter credentials and connect

Testing the speeds


This tutorial wouldn't be complete without doing some speed tests.


These tests were done throughout the day today (June 24, 2018) from Zhuhai, Guangdong on a China Telecom 100/20M Fibre connection. Taiwan 3 server.


Android



Windows 10



iPad


What's your speed on Taiwan 3? Leave a comment below!