From 0359de62c1901c447d27b8e45d9d859cf6aae26f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Wed, 27 Sep 2017 17:58:18 +0100
Subject: [PATCH] Mention TLS wrapper

---
 doc/EN/app_vpn.org      |  2 ++
 website/EN/app_vpn.html | 34 +++++++++++++++++++---------------
 2 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/doc/EN/app_vpn.org b/doc/EN/app_vpn.org
index d25c3e0c..0d991799 100644
--- a/doc/EN/app_vpn.org
+++ b/doc/EN/app_vpn.org
@@ -24,6 +24,8 @@ A Virtual Private Network (VPN) allows you to move your internet traffic to a di
 
 Using a Tor browser is another way to get around censorship, but there might be occasions where you don't want to use a Tor browser or where Tor relays and bridges are blocked or where you want to run internet apps which aren't within a browser.
 
+On Freedombone the VPN is wrapped within a TLS layer of encryption, making it difficult for any deep packet inspection systems to know whether you are using a VPN or not. Since there is lots of TLS traffic on the internet your connection looks like any other TLS connection to a server, and this may help to avoid being censored. It's probably not possible for your local ISP to block TLS traffic without immediately generating a lot of irate customers, and stopping any kind of commercial activity.
+
 * Installation
 
 ssh into the system with:
diff --git a/website/EN/app_vpn.html b/website/EN/app_vpn.html
index 59283898..566214c0 100644
--- a/website/EN/app_vpn.html
+++ b/website/EN/app_vpn.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-09-27 Wed 17:43 -->
+<!-- 2017-09-27 Wed 17:58 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -262,9 +262,13 @@ A Virtual Private Network (VPN) allows you to move your internet traffic to a di
 Using a Tor browser is another way to get around censorship, but there might be occasions where you don't want to use a Tor browser or where Tor relays and bridges are blocked or where you want to run internet apps which aren't within a browser.
 </p>
 
-<div id="outline-container-org74feb72" class="outline-2">
-<h2 id="org74feb72">Installation</h2>
-<div class="outline-text-2" id="text-org74feb72">
+<p>
+On Freedombone the VPN is wrapped within a TLS layer of encryption, making it difficult for any deep packet inspection systems to know whether you are using a VPN or not. Since there is lots of TLS traffic on the internet your connection looks like any other TLS connection to a server, and this may help to avoid being censored. It's probably not possible for your local ISP to block TLS traffic without immediately generating a lot of irate customers, and stopping any kind of commercial activity.
+</p>
+
+<div id="outline-container-org778c839" class="outline-2">
+<h2 id="org778c839">Installation</h2>
+<div class="outline-text-2" id="text-org778c839">
 <p>
 ssh into the system with:
 </p>
@@ -284,9 +288,9 @@ Only use ports 443 or 80 for VPN as an <i>absolute last resort</i>, since doing
 </div>
 </div>
 
-<div id="outline-container-org1a94be0" class="outline-2">
-<h2 id="org1a94be0">Usage</h2>
-<div class="outline-text-2" id="text-org1a94be0">
+<div id="outline-container-org2cfcc49" class="outline-2">
+<h2 id="org2cfcc49">Usage</h2>
+<div class="outline-text-2" id="text-org2cfcc49">
 <p>
 When the installation is complete you can download your VPN keys and configuration files onto your local machine.
 </p>
@@ -331,9 +335,9 @@ You should see a series of messages with "<i>Initialization Sequence Completed</
 </div>
 </div>
 
-<div id="outline-container-orgf3e0fef" class="outline-2">
-<h2 id="orgf3e0fef">Changing port number</h2>
-<div class="outline-text-2" id="text-orgf3e0fef">
+<div id="outline-container-orgc7282cd" class="outline-2">
+<h2 id="orgc7282cd">Changing port number</h2>
+<div class="outline-text-2" id="text-orgc7282cd">
 <p>
 Avoiding censorship can be a cat and mouse game, and so if the port you're using for VPN gets blocked then you may want to change it.
 </p>
@@ -344,16 +348,16 @@ Avoiding censorship can be a cat and mouse game, and so if the port you're using
 </div>
 
 <p>
-Select <b>Administrator controls</b> then <b>App Settings</b> then <b>vpn</b>. Choose <b>Change TLS port</b> and enter a new port value. You can then either manually change the port within your VPN configuration files, or download them again as described in the <a href="#org1a94be0">Usage</a> section above.
+Select <b>Administrator controls</b> then <b>App Settings</b> then <b>vpn</b>. Choose <b>Change TLS port</b> and enter a new port value. You can then either manually change the port within your VPN configuration files, or download them again as described in the <a href="#org2cfcc49">Usage</a> section above.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org98985f3" class="outline-2">
-<h2 id="org98985f3">Generating new keys</h2>
-<div class="outline-text-2" id="text-org98985f3">
+<div id="outline-container-orgbe4ddea" class="outline-2">
+<h2 id="orgbe4ddea">Generating new keys</h2>
+<div class="outline-text-2" id="text-orgbe4ddea">
 <p>
-It's possible that your VPN keys might get lost or compromised on your local machine. If that happens you can generate new ones from the <b>Administrator controls</b> by going to <b>App Settings</b> then <b>vpn</b> then choosing <b>Regenerate keys for a user</b> and downloading the new keys as described in the <a href="#org1a94be0">Usage</a> section above.
+It's possible that your VPN keys might get lost or compromised on your local machine. If that happens you can generate new ones from the <b>Administrator controls</b> by going to <b>App Settings</b> then <b>vpn</b> then choosing <b>Regenerate keys for a user</b> and downloading the new keys as described in the <a href="#org2cfcc49">Usage</a> section above.
 </p>
 </div>
 </div>