Lenovo Thinkpad P52 Review

So I was going to make this review into a Youtube video… but boy I’m not sure if I have a face for video. 😉 Any how I got a new laptop I wanted to review, especially since it appeared that there’s not been much media attention toward this laptop. Possibly like you guys, I was looking for a review on this laptop before pulling the trigger and was disappointed when I couldn’t find anything what so ever in regards to a proper review. It could also possibly be the point that this laptop just got announced about a month ago, so hey, I guess I’ll be the first.

So to give a little back story. I’ve been in the market for a new laptop for awhile now being that my 2011 15” Macbook Pro is already 7 years old. In that time I’ve had to the replace the motherboard once due to overheating and graphics issues, purchased several new batteries and charge adapters, so I wanted to sell that thing before it completely lost all of its value.

Since about 2014, I’ve moved away from design and advertising work into computer IT security, so considering buying a new Mac was not as practical as it used to be. I like upgradeability, which unfortunately(or maybe fortunately) Macs no longer offer.

The following was a important for my buying decision:

  • Upgradability. I like the option of adding additional memory/ram. 32GB would be direction I would like to go probably soon. Anything higher than that would be a luxury, but it’s nice to know I have options. Also, hard drive space is important. 512GB is definitely good starter.
  • Removable Battery. Though I’m not as much of a road warrior like I used to be, not having to be tethered to the wall at a conference would be nice.
  • Build Quality. Coming from a mac, I’m used to quality. Unfortunately, that was one of the major things that deterred me from going with a System76 laptop. 🙁
  • Price. I want my cake and eat it too. If I’m going to spend the big bucks, I want a lot out of it and I don’t want to compromise. I want options. I want features. And I also want a decent warranty.

So after scouring the web for weeks, I wanted Mac like quality and proven reputation, without the Mac Tax, and with a lot features. I’ve always kind of know that Thinkpads were the businessman’s choice of machine, but I didn’t want to compromise on specs. I knew I was going to have to bypass the Yogas and move into the Thinkpad line. The meat of my work is on my laptop is for personal interest. Long are the days that I relied on my laptop to ring in the dough. I spend a lot of my time in VMs using software like virtual box as well as doing my studies and research in information security related topics. I wanted something that would work well with Linux(the P50 and P51 were Ubuntu certified) so things like Kali would give me no issues. I almost had my sights on a Thinkpad P51, seeing a lot of great reviews online, an awesome price tag, and the like. But then I notice more and more that the 8th Gen 6 core CPUs were coming out on more laptops. Feeling greedy(especially for VM work), I knew I had to wait it out for a Thinkpad with a new snazzy Intel CoffeeLake processor. After bugging Lenovo sales support for a system that would meet every need of mine, I got a bit lucky(timing mostly) with the new Thinkpad P52, so I pulled the trigger.

Lets get down to features:

  • CPU/Processor
      • The model that I purchase ran for about $2000, model # 20M9000FUS
      • It came with an 8th generation CoffeeLake i7-8750H sporting 6 cores and 12 threads with a base clock speed of 2.2 Ghz and a max turbo frequency of 4.1 Ghz. Soon future models of this laptop should be coming with i9 and Xeon options, but at the time of this review, they are not released.
  • Memory/RAM
      • The model I chose came with 16GB of DDR4 2666 Memory. Hats off to Lenovo though, this system comes with 4 dimm slots, and they only used 1 slot with this configuration. This will allow you to put up to an astounding 64GB of memory into this system, though my battery may suffer for it. On the product page on lenovo’s website, they state that it is upgradable to 128GB of memory, but when talking to support, i had not gotten a straight answer on that. That option may rely on the i9 or Xeon CPU option.
  • Internal Storage
      • In addition to fast memory, this system also came with a 512GB PCIe m.2  NVME drive that is blazing fast. After running CrystalDiskMark, sequential read speeds were around 3300MB per second and writes were around 1900 MB per second. That is the fastest I’ve seen on a laptop yet(personally).
      • The system comes with two M.2 slots, as well a empty space for a sata drive to go. Note, the sata connection port and drive cradle is not included! The part is around $20 on amazon though. Check it out here
  • Graphics
      • Now lets talk graphics. The model I got came with a Nvidia Quadro P1000 dedicated graphics card with 4GB of GDDR5 memory as well as Intel’s integrated UHD 630. The Quadro is definitely no GTX when it comes to gaming, but sporting 512 CUDA cores, the Quadro is great for professional work including video editing, 3D graphics, simulations and more. I did gave GTA 5 a test play and on “nearly” ultra high settings, the game still played at 30 frames a second. If you decide on getting into gaming in the near future, you can always attached a eGPU to the system. I spent a lot of time going back and forth on if I should get a system with GTX in it for gaming, but besides the fact that Thinkpad line doesn’t typically carry those cards, I typically spend most of my “graphics intensive” time in applications like 3D Studio Max working on 3D print models.(when I’m not busy brute forcing passwords with Hashcat).
  • Peripherals
      • This system is packed with perferrials! In regards to options of adding a eGPU to your Thinkpad P52, this laptop rocks not one, but two Thunderbolt USB 3.1 ports, three additional regular usb 3.1 type A ports(one being an always-on charging port), an SD card reader, gigabit ethernet, HDMI, mini displayport, and a headphone mic combo port! (Beat that macbook!!! No dongle hell) With the amount of ports on this laptop, it could possibly be a desktop replacement, allowing for up to 4 external monitors to be connected as well as the option of an external GPU. It may also be a good idea to consider a Thunderbolt dock as well to eliminate the amount to items to plug in each time you dock and undock.

  • Keyboard
    • Beside plugable peripherals, the Thinkpad P52 comes with a spill proof 105 key keyboard with backlit led keys and a full size number keypad. This keyboard is very nice to type on. Even more so than what you may find on a Dell or an older Macbook, this keyboard has plenty of travel in regards to the key pressing depth and the distance between the individual keys is also comfortable. Also the clickiness noise level is pretty mild. Though the satisfaction of this keyboard doesn’t compare with my 1987 IBM Model M keyboard, it is still enjoyable. Going back to the mention of spill proof, I like many have spilt drinks on my keyboard. My first Macbook had a beer poured onto it after an all night hackathon. 🙁 (it survived besides the fact of being sticky)
    • Note: There’s a very useful Function-Lock key to lock the top row of quick keys from the F1-12 keys. Also, if you don’t like the placement of the CTRL button and Function key, you can swap that easily with the included software.
  • Trackpoint & Trackpad
      • The laptop comes with the beloved Lenovo trackpoint navigation nub as well as a decent trackpad with physical keys. Though I think I would prefer a trackpad that pushed in to click(like the Macs and Dells), this one is not that bad. It’s definitely something to get used to though in my opinion.
  • Fingerprint Reader
      • One thing I have not mention yet was the included fingerprint reader. It does a decent job and works great with Windows Hello and unlocking bios settings. It is a bit slow though….
  • Speakers/Audio
      • Lets talk about audio. Lenovo touts a great Dolby Atmos experience with headphones, the built in speaker bar simply sucks. Audio is not loud… at all, and is pretty muffled. There are mids, but barely any highs or no lows. If you’re planning on using this laptop for media creation, stick to headphones or external speakers. I did plug in a pair of Bose in ear headphones into the laptop’s standard headphone port and did enjoy the audio a great deal. Though it’s been awhile since I purchased a new Windows PC, I did notice that the drivers on this laptop offer a 32bit audio driver, which I will assume is good for you audiophiles out there.
      • Moving on to the microphone array. Besides the speakers being a bit of a disappointment, the built in microphone is depressing as well. The sound is very muffled and tinny(is that a word?). I’m sure throwing some tape over the microphones would cut out most, if not all of the sound(if you didn’t want anyone listening). The webcam though, being fairly decent, has a built in cover that you can slide open or closed. A very good feature for the security conscious.(no more tape!) 
  • Backlit Screen
    • Ok, enough on the audio front, lets move to the screen. The screen that came with the model laptop I purchased was the 1080p Full HD IPS matte screen with a brightness of 300 nits. I was kind of nervous moving to this laptop due to the low brightness rating, but so far, in real day to day use, I am quite satisfied with the brightness. Even working outside, it is not that bad. Watching a movie in direct sunlight would definitely not be the best experience, especially during darker scenes, but working on things like typing and web browsing, you shouldn’t have any issues at all. When Lenovo introduces the 4K version of this screen for this laptop, I believe it was noted at 400 – 450 nits. If you want to compare this to the new Macbook pros, their screens are 500 nits. (Wow that’s bright.)

I know I keep bringing up Macbooks, so lets talk heat! Compared to my 2011 Macbook Pro, this laptop chills around 10 to 20 degrees cooler. It idles around 40 – 50 degrees celsius, going up to around 70 degrees with heavy web surfing. Getting into more intensive tasks, the laptop will get to around 80 – 85 degrees celsius. I have seen it get to 97 just before the fans ramp on, but it’s usually for a quick second or two. For day to day work including writing reports, web browsing, watching movies, etc, this laptop can definitely work fairly well on your lap without burning you. Once you move to more intensive tasks, you will want to get it on a table or laptop cooler. Besides the newly improved CPU, the laptop stays cool due to its well ventilation. I has two fans, and 4 exhaust ports(2 on the sides, and 2 on the back. The bottom is ventilated as well). To my surprise, the sides of the laptop does not spew hot air onto my hand when using a mouse.

Now to one of my favorites, battery life! This Thinkpad P52 packs a user replaceable 6 cell 90wh battery located on the bottom side of the laptop. Though you can’t hot swap it while the system is on, you can still quickly remove and replace it when the laptop is off. Lenovo touts up to 10 hours of battery but from my testing, I easily get about 6-7 hours of battery while doing low powered lasts like web browsing and watching movies. The great thing is, if I’m at a conference or on the road and the battery dies, I can just drop in a replacement and keep going(after a reboot of course). Fun fact: The included charger for the laptop is 170 watts. Though the laptop doesn’t have anything like the MagSafe charge ports or cables like the MacBooks had(RIP), most Lenovo’s like this one have a non motherboard soldered female charge port. This means that if you happen to break the charger port(by tripping over the cable), you can easily replace the port for around $10.

Warranty

This Thinkpad(unlike a lot of other ones) gets a 3 year carry in and depot warranty. Macbooks on the other hand come with only a 1 year warranty, or pay an extra $350~ for 3 years of AppleCare.

So to conclude, here are a few Pros and Cons for this laptop:

Pros

  • Upgradability
  • Peripherals
  • Build Quality

Cons

  • Weight and thickness
  • Microphone
  • Speaker

I’ll be adding more photos and more information to this post shortly. Stay tuned!

Windows 10 now offering 2FA

If you have Windows 10 Pro 1709 or above, you can now take advantage of a surprising new feature part of Windows Hello for Business dubbed  Multifactor Unlock.

I’ve been looking for a viable multifactor authentication solution for Windows for awhile now, looking at options like Duo Security and Yubikey(both which I’ve used and love). Unfortunately, Duo requires an internet connection to work, and Yubikey doesn’t work when your system is locked(It only works on initial boot).

Windows Hello Multifactor Unlock  can work with a PIN(can be alphanumeric), fingerprint, facial recognition, and/or trusted signal(cell phone proximity or network location). Microsoft breaks down the information here.

The first unlock factor can be a: PIN, Fingerprint, or Facial Recognition.

The second unlock factor can be a: Trusted Signal or PIN

The failsafe feature(in case your face melts or your fingers go missing) is your main account password. So in theory, you can make your pin be simple and your main account password extra strong.

In regards to “Trusted Signal”, it can be the bluetooth signal from your phone, another computer, wearable and a few others, or if can be a “trusted network”, which possibly could be your work/home network. You can definitely get into the weeds, but for simplicity, a bluetooth signal from your paired phone may be the easiest. I personally like the fingerprint + PIN solution. If you don’t have a fingerprint reader on your computer, a bluetooth signal from your paired phone or using your face can work. Note: facial recognition requires a special IR camera.

The following group policy settings can be modified to achieve this solution:

The special GUIDs from Microsoft’s website are as followed:

Credential Provider GUID
PIN {D6886603-9D2F-4EB2-B667-1971041FA96B}
Fingerprint {BEC09223-B018-416D-A0AC-523971B639F5}
Facial Recognition {8AF662BF-65A0-4D0A-A540-A338A999D36F}
Trusted Signal
(Phone proximity, Network location)
{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}

More information on this new security feature is on their website including more details on Trusted Signal.

Be sure to let me know what you thoughts are on this and if and/or how you plan on using the feature.

Deleted My Facebook

For the name of science… and of course, privacy, I officially deleted my Facebook account today, April 2, 2018. It’s a distraction that I well believe that myself(and personally others) could do without. I feel that it’s not as important to me to always stay on top of what people are doing in their lives. If I really want to know what is up, I should physically call them, text them, and of course see them in person. I’ll be just as reachable as I’ve always been still connected via cell phone/sms, Wire, Signal, email, Twitter, etc. Speaking of Twitter, you can follow me at @seanryan_. I enjoy twitter a lot more since I follow more news outlets that interest me, tech/security folk and less potential drama.

In regards to privacy and security, my Facebook is a treasure trove of knowledge I just don’t want people, marketers, and computers to knowing about me. When I was much younger on Facebook, I was a lot more careless of what I posted. As I grew older and more aware, my habits got better. But still, that data sits on their servers. There are though a lot of good memories on my Facebook account, so I took the time to backup and encrypt MY data from Facebook to be saved in a safe place.

My final thoughts: Facebook is more than a habit. It’s kind of an addiction. Like caffeine, it can have good and bad side effects. I probably pulled my phone out about 20+ times a day to look at Facebook and spent probably about 30 minutes or more a day staring into it. I don’t want to rant, so I’ll stop. Maybe I’ll use my extra time I have each day now to blog a bit more 😉

iOS OpenVPN VPN On Demand

So connecting back to my home network securely has been a fairly easy task for the last few years thanks to OpenVPN. With that, generating OpenVPN configs via the PFSense add-on openvpn-client-export and then importing them into the OpenVPN Connect app for iOS(also for Android) is also easy. But the one gripe I’ve always had is the inconsistency of the connection staying alive. I’ll connect to a wifi network or be out roaming the streets when I then notice that my VPN connection has dropped off(WTH!?). There goes some security and the point of the VPN all together. This has been important due to the RasPBX set up I have use at home that I forward my Google Voice numbers to(part of my fight against telemarkers). I use my VPN mainly for connecting back to my VOIP server so I can have a secure mode of communications(on at least my side).

As of late, I’ve been digging into options for an always on VPN solution to connect back home. I’ve attempted setting up a IKEv2 IPSec connection from my PFSense router to my iPhone with some success which I’ll explain in a post later. After many hours, I did have some success with that when I was connected to a network outside of my local network. I used the Apple Configurator and in short configured a profile which then got it on my iPhone working. The issue though was while at home connected to my home wifi, my IKEv2 IPSec connection on my phone would stop loading web traffic and would freak out. After much trial and error, I determined that this issue was most likely due to NAT. This solution was soon thrown into the trash of failed ideas.

Diving back into the issue, I kept finding reference to “VPN on Demand” or “Connect on Demand”. I’ve recently been looking at alternate options for a outsourced VPN connection for general web browsing from what I’ve been using for the last few years which has been AirVPN. After downloading and testing NordVPN on my iPhone, I notice that their VPN had the option of “Connect on Demand” under the iOS VPN settings. Enabling this I noticed that my VPN wouldn’t disconnect randomly anymore(or at least not as often). That got me thinking again.  I dove back into the idea of looking into options for an always on VPN solution to connect my iPhone back to my home network.

I stumbled onto this FAQ article on OpenVPN’s website discussing VPN-On-Demand toward the bottom (See “Can I use iOS 6+ VPN-On-Demand with OpenVPN”). It was a Thursday night and I had time to burn, so I gave it a shot.

Below are the directions from the article above explained in my version that worked for me. As noted below, this setup is described using PFSense 2.4.1( as your OpenVPN Server). Note that the current version of iOS I am on is 11.1.

  1.  If you haven’t done so already, download and install Apple Configurator 2(currently 2.5 at the time of this writing) from the Mac App Store(yeah, Mac OSX only, sorry :\ If you don’t have a mac, may look into options like this at your own risk 😉 )
  2. Open up Apple Configurator, click File and then click New Profile
  3. Give your profile a meaningful name.
  4. Then on the bar on the left, click VPN, which should take you to the VPN profile settings. Give it a meaningful name under Connection Name. Under Connection Type, click Custom SSL.
    For Identifier, put the following text:
    net.openvpn.OpenVPN-Connect.vpnpluginFor Server and Account, put the word: DEFAULTProvider Bundle Identifier can be left blank.
  5. We’re going to side track real quick. You will need to generate a OpenVPN configuration file from OpenVPN server or what not. I’m going to explain how to do it from the PFSense perspective due to its popularity and since I use it and have verified that it works.So in regards to PFSense being your OpenVPN server and you have verified that it’s been working in the past, we’ll export a configuration using the pfsense openvpn-client-export plug in that can be added on as package to PFSense.So export the Inline Configuration at the top labeled Most Clients

    Once you have download that file(which ends in .ovpn), open it up in TextEdit or another text editor(like Atom, my new fav)The top section will look something like:

    dev tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    ncp-ciphers AES-256-CBC
    auth SHA512
    tls-client
    client
    resolv-retry infinite
    remote test.dyndns.com 1194 udp
    lport 0
    verify-x509-name "test-server-cert" name
    remote-cert-tls server
    comp-lzo adaptive
  6. Now back in Apple Configurator, in the VPN section you were on, head down to Custom Data. We want to add the info from the top of your .opvn file into this field.You’ll have a key and a value column. So you’ll input the data from the top of your config like the following:In the key column, you’ll put: cipher
    In the value column, you’ll put: AES-256-CBC
    For for items that that are single word like “client”, you’ll put the word: NOARGS in the value section.I found that you can ignore: dev tun, resolv-retry infinite, and lport 0 from my testings. Also, add key-direction   1    into your custom data field, this information may be located at the bottom of your .opvn file.

    In my situation, here what worked for me(ignore duplicates you see):

    For the keys “ca” and “tls-auth“, you’ll need to got to your .opvn file and pull the certificate for your “ca” between <ca> and </ca> and pull the key for “tls-auth” between <tls-auth> and <\tls-auth> disregarding anything with # symbols.

    The following is an example of the ca information from the .ovpn.

    The following is an example of the tls key information from the .ovpn.

    The goal is to take each one and convert it to a single line where each line break is represented with a \n

    I’ve created a CyberChef recipe to automate this task. Seperately input your ca and tls key information in there and hit bake each time to generate a single line output.

    Should give your something like this for your ca(and something similar for tls):
    -----BEGIN CERTIFICATE-----\nUCNKYUpucnyupcnuyZYCNPUYYUPuycnyuP32YUPYNCYuyuYUKCYunyzukcyznuun\nMjKTLqXFLKqDKvBIWA8gNAINFAAROgJLnHX0kG4hOjKBLqXFLKyDMu15SOXflHLr\nlxuhSNKoLquarusQ9g0LMAOGOHBvm3BKnQFjnQ1rkGgeI29dWBWgOAINFAANOgzE\nJHX0D1JADuXLWBKgNqINFAAVOgnTFMLOJHL0WL4HNDO3WDOhWDK1WtA1YFyHNDS3\nNKCNkcnvKCNUPUVKTNCVPTNUVCKUNvkknutkuvctnvuktcvutnkvcutnkvuctnuv\nkuntvkuctgobgyosbpuccptutcxpxNPXNxpuvcxp32xpUNXpuxcuxnupxcuxcpuc\nJHX0ARBvm3BdIGvcVwXflDODWLOQK1EOKhWUFQFjnO9GEO5NADOAWK4QK1EOMhWR\nCFAqBQFgnNMMKCSgNAITUyJSrfmXKAOLLAKNqqOZKNMMKAyMqqOLKTuNeS2wfZk9\nsk8RgWGfOs3ts73zDyG7JgZKcOm+T+T7vxBo3UQpjzYwBqZBvtDep42DUUKIdPlw\ny1FxJtgVPB9sR8PCah/SqD+DxS8mT1g+V87a9tZbPevydmhbinDFlyBXDLiOn+lC\nZVjALDbfFMBEYb6qTVkfrL08b1xq35cU2dO8aCbvGdc/EihkPHpdGaRlW9c2WCnX\n4DUDOZoObe9F/goWy3104UN//BTha/Z+/6xNqWPGDmpPqttSkkeRuGlnGwtNdTCx\neWxaasv6qRdymCxak+q/w7c/g0TmsSg6bGZ0/aUWVopvJNPxZHY+UbcofCr6QfQv\nLdgy/1aNxX8MKgOKKkYL9tML8jKnLqXFRA4OPqAE1Yu/wAMeTisIjON3jb6fq+/1\n65cgqlIQK1EnSgCLbtMLa4KE1Yu/wAMeTisIjON3jb6fq+/165erqI+uqIggqIuh\nMjKTLqXFLKIDKvFDWAcgMAINFAASOgTEGNOZWK0QK1EOLhWQAHFjnQveWBWgOAIN\nFAAUOgzXoCLNl21gIG55WCKgRqITUyJSrfmXKAuLPrP0JHX0ARBvm3BdIGvcVwXf\nlDODWLOQK1EOKhWUFQFjnO9GEO5NADOAWK4QK1EOMhWRCFAqBQFgnSSLKNKWLqXF\nRBWOLDKNKAR/WKcQK1EnNgAOKgSLLtKXLquarusQ9g0LKAcPKKYMKAOKZeM+gmiX\n4uv8FBRIuTgUkJpbxuReBRxQEsJVy25PPFljrnxTMsUzx+4kSpkR8whGd7m+W7si\nYVtN6oBDoZzlD0MtzDeVQ6oMLjmrZLV+JxXP6Bnf/UEp+j6p7o/ejnLF96D5Xh5v\nZGYZVnAo2SLye0EGpINYnHpbrrlhIlqwLz2oM395jFpON7E/KH8EX+bULkRoOcUC\nHh0Oa+qqIF8onGN4zvrbFZl6mpLHhA/DhaWHS1W/ikBL9vHkV0MQ63Tfc4n/eGy4\naGwgJcwXbcWR1J/gD12xn9hYnCAgbxWb0ZafRn3jBIw/2wAxaD8AwcYrCK+7J9a9\nMLNTYN/MWw2qlg==\n-----END CERTIFICATE-----

    You’ll notice if you dump it into a text editor, it will appear to be on all one line, instead having line breaks.

  7. You’ll do that both for ca and tls keys and dump the correct information into the appropriate Custom Data “key” field.
  8. Moving along, your next step is to go back to PFsense to it’s certificate manager and go down to your user certificate and export the certificate file (.crt) and .key file You’ll then want to load up Terminal on your mac to generate a pkcs12 certificate file with exports as .pfx. Use the following command. The site I used to get this command can be found here.openssl pkcs12 -export -out certificate.pfx -inkey your-userkey.key -in your-user-cert.crtIt will ask you to create a password. Please remember it for the next step.
  9. You should now have a .pfx file. Go to the Apple Configurator and click on “Certificates” on the left hand bar.
    You’ll then hit Configure and upload the .pfx file you just created. Then enter your password you created when generating that file. You should now have your user certificate uploaded.
  10. Now head back to your VPN settings in the Apple Configurator Profile. Under User Authentication, click Certificate from the drop down. Then go to Credential and select the user certificate your uploaded. In my case, it was test-user-cert.pfx
  11. For the final steps, you’ll want to enable VPN On Demand. Under Match Domain or Host, I put a wildcard * assuming it would define all websites and traffic. I haven’t determined if this actually does anything. My goal is have the VPN active for all web traffic. If there are specific websites your want to be sure to have the VPN or disabled for, you can add in those hosts or domains and chose your On Demand Action for it.
  12. After that, set Disconnect On Idle to Never for both and Proxy Setup according to any proxies you use.
  13. Now save your Profile. It is time to upload it to your phone!
  14. Plug your iPhone into your Mac via USB lightning cable and unlock your phone
  15. Go to the main screen for Apple Configurator. It should look something like this:
  16. No click Add on the top navigation bar and select Profiles
  17. Then find your saved profile we just created and upload it. Make sure your iPhone is unlocked.
  18. Your iPhone will then pop up with a few messages to install the profile. Hit Install, then put in your iPhone lock screen passcode, and then click Install again. Then click Done.
  19. Now that that is all complete, head to your iPhone’s main Settings Page and click on VPN.
  20. On the VPN select screen, select your newly created VPN and click the connection status button on the top to verify your your VPN will connect.
  21. You can click the “i” Information button to get more details. Here is where you can verify your VPN connection details like IP Address and uptime. You will also want to make sure Connect On Demand is selected.

Now that you have completed everything, you should have a working OpenVPN set up that should stay active alot longer than a normal OpenVPN session typically will survive. Please check out the iOS OpenVPN FAQ page for information on further securing your OpenVPN connection. (See “What is the meaning of the various OpenVPN settings in the iOS Settings App?”) These are the settings I’m using at this time:

If you have any comments for me or looking for possible assistance, email me at: [email protected]