freedombone/doc/EN/app_vpn.org

3.8 KiB
Raw Blame History

/free/freedombone/src/commit/5648acd1481f994bc91a3e135f3139958e9a49bc/doc/EN/images/logo.png

OpenVPN

"The Net interprets censorship as damage and routes around it." John Gilmore

A Virtual Private Network (VPN) allows you to move your internet traffic to a different machine in a different geographical location by creating a private cryptographically protected route to that location. The usual use cases are to get around local censorship of the internet such as when you see the message "this content is not available in your area" when trying to play a video. Maybe you're on holiday and your hotel or workplace internet connection is censored. Using a VPN you can connect to your home server and then use the internet normally.

Using a Tor browser is another way to get around censorship, but there might be occasions where you don't want to use a Tor browser or where Tor relays and bridges are blocked or where you want to run internet apps which aren't within a browser.

On Freedombone the VPN is wrapped within a TLS layer of encryption, making it difficult for any deep packet inspection systems to know whether you are using a VPN or not. Since there is lots of TLS traffic on the internet your connection looks like any other TLS connection to a server, and this may help to avoid being censored. It's probably not possible for your local ISP to block TLS traffic without immediately generating a lot of irate customers, and stopping any kind of commercial activity.

Installation

ssh into the system with:

ssh myusername@mydomainname -p 2222

Select Administrator controls then Add/Remove apps then vpn. Choose the port which you want the VPN to operate on and then the install will continue.

Only use ports 443 or 80 for VPN as an absolute last resort, since doing so will prevent other web based apps from running on your server.

Usage

When the installation is complete you can download your VPN keys and configuration files onto your local machine.

scp -P 2222 myusername@mydomainname:/home/myusername/client.ovpn .
scp -P 2222 myusername@mydomainname:/home/myusername/stunnel* .

You will need to ensure that the openvpn and stunnel packages are installed. On an Arch based system:

sudo pacman -S openvpn stunnel4

Or on a Debian based system:

sudo apt-get install openvpn stunnel4

Now you can connect to your VPN with:

sudo stunnel stunnel-client.conf
sudo openvpn client.ovpn

You should see a series of messages with "Initialization Sequence Completed" showing at the end. Leave the terminal open and perhaps minimize it to remain connected to the VPN. To leave the VPN close the terminal window.

Changing port number

Avoiding censorship can be a cat and mouse game, and so if the port you're using for VPN gets blocked then you may want to change it.

ssh myusername@mydomainname -p 2222

Select Administrator controls then App Settings then vpn. Choose Change TLS port and enter a new port value. You can then either manually change the port within your VPN configuration files, or download them again as described in the /free/freedombone/src/commit/5648acd1481f994bc91a3e135f3139958e9a49bc/doc/EN/Usage section above.

Generating new keys

It's possible that your VPN keys might get lost or compromised on your local machine. If that happens you can generate new ones from the Administrator controls by going to App Settings then vpn then choosing Regenerate keys for a user and downloading the new keys as described in the /free/freedombone/src/commit/5648acd1481f994bc91a3e135f3139958e9a49bc/doc/EN/Usage section above.