2017-09-27 18:46:45 +02:00
<?xml version="1.0" encoding="utf-8"?>
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" lang = "en" xml:lang = "en" >
< head >
2018-04-12 14:01:49 +02:00
< title > < / title >
<!-- 2018 - 04 - 12 Thu 12:44 -->
< meta http-equiv = "Content-Type" content = "text/html;charset=utf-8" / >
< meta name = "generator" content = "Org-mode" / >
< meta name = "author" content = "Bob Mottram" / >
< meta name = "description" content = "How to use OpenVPN on Freedombone"
2017-09-27 18:46:45 +02:00
/>
2018-04-12 14:01:49 +02:00
< meta name = "keywords" content = "freedombone, openvpn" / >
2017-09-27 18:46:45 +02:00
< style type = "text/css" >
<!-- /* --> <![CDATA[/*> <!-- */
2018-04-12 14:01:49 +02:00
.title { text-align: center; }
2017-09-27 18:46:45 +02:00
.todo { font-family: monospace; color: red; }
2018-04-12 14:01:49 +02:00
.done { color: green; }
2017-09-27 18:46:45 +02:00
.tag { background-color: #eee; font-family: monospace;
padding: 2px; font-size: 80%; font-weight: normal; }
.timestamp { color: #bebebe; }
.timestamp-kwd { color: #5f9ea0; }
2018-04-12 14:01:49 +02:00
.right { margin-left: auto; margin-right: 0px; text-align: right; }
.left { margin-left: 0px; margin-right: auto; text-align: left; }
.center { margin-left: auto; margin-right: auto; text-align: center; }
2017-09-27 18:46:45 +02:00
.underline { text-decoration: underline; }
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
p.verse { margin-left: 3%; }
pre {
border: 1px solid #ccc;
box-shadow: 3px 3px 3px #eee;
padding: 8pt;
font-family: monospace;
overflow: auto;
margin: 1.2em;
}
pre.src {
position: relative;
overflow: visible;
padding-top: 1.2em;
}
pre.src:before {
display: none;
position: absolute;
background-color: white;
top: -10px;
right: 10px;
padding: 3px;
border: 1px solid black;
}
pre.src:hover:before { display: inline;}
2018-04-12 14:01:49 +02:00
pre.src-sh:before { content: 'sh'; }
pre.src-bash:before { content: 'sh'; }
2017-09-27 18:46:45 +02:00
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
2018-04-12 14:01:49 +02:00
pre.src-R:before { content: 'R'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-java:before { content: 'Java'; }
pre.src-sql:before { content: 'SQL'; }
2017-09-27 18:46:45 +02:00
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
caption.t-bottom { caption-side: bottom; }
td, th { vertical-align:top; }
2018-04-12 14:01:49 +02:00
th.right { text-align: center; }
th.left { text-align: center; }
th.center { text-align: center; }
td.right { text-align: right; }
td.left { text-align: left; }
td.center { text-align: center; }
2017-09-27 18:46:45 +02:00
dt { font-weight: bold; }
2018-04-12 14:01:49 +02:00
.footpara:nth-child(2) { display: inline; }
.footpara { display: block; }
2017-09-27 18:46:45 +02:00
.footdef { margin-bottom: 1em; }
.figure { padding: 1em; }
.figure p { text-align: center; }
.inlinetask {
padding: 10px;
border: 2px solid gray;
margin: 10px;
background: #ffffcc;
}
#org-div-home-and-up
{ text-align: right; font-size: 70%; white-space: nowrap; }
textarea { overflow-x: auto; }
.linenr { font-size: smaller }
.code-highlighted { background-color: #ffff00; }
.org-info-js_info-navigation { border-style: none; }
#org-info-js_console-label
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
/*]]>*/-->
< / style >
< link rel = "stylesheet" type = "text/css" href = "freedombone.css" / >
< script type = "text/javascript" >
/*
@licstart The following is the entire license notice for the
JavaScript code in this tag.
2018-04-12 14:01:49 +02:00
Copyright (C) 2012-2013 Free Software Foundation, Inc.
2017-09-27 18:46:45 +02:00
The JavaScript code in this tag is free software: you can
redistribute it and/or modify it under the terms of the GNU
General Public License (GNU GPL) as published by the Free Software
Foundation, either version 3 of the License, or (at your option)
any later version. The code is distributed WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU GPL for more details.
As additional permission under GNU GPL version 3 section 7, you
may distribute non-source (e.g., minimized or compacted) forms of
that code without the copy of the GNU GPL normally required by
section 4, provided you include this license notice and a URL
through which recipients can access the Corresponding Source.
@licend The above is the entire license notice
for the JavaScript code in this tag.
*/
<!-- /* --> <![CDATA[/*> <!-- */
function CodeHighlightOn(elem, id)
{
var target = document.getElementById(id);
if(null != target) {
elem.cacheClassElem = elem.className;
elem.cacheClassTarget = target.className;
target.className = "code-highlighted";
elem.className = "code-highlighted";
}
}
function CodeHighlightOff(elem, id)
{
var target = document.getElementById(id);
if(elem.cacheClassElem)
elem.className = elem.cacheClassElem;
if(elem.cacheClassTarget)
target.className = elem.cacheClassTarget;
}
/*]]>*///-->
< / script >
< / head >
< body >
< div id = "preamble" class = "status" >
< a name = "top" id = "top" > < / a >
< / div >
< div id = "content" >
2018-04-12 14:01:49 +02:00
< h1 class = "title" > < / h1 >
2017-09-27 18:46:45 +02:00
< div class = "figure" >
2018-04-12 14:01:49 +02:00
< p > < img src = "images/logo.png" alt = "logo.png" width = "80%" height = "10%" align = "center" / >
2017-09-27 18:46:45 +02:00
< / p >
< / div >
2018-04-12 14:01:49 +02:00
< div id = "outline-container-sec-1" class = "outline-2" >
< h2 id = "sec-1" > OpenVPN< / h2 >
< div class = "outline-text-2" id = "text-1" >
2017-09-27 18:46:45 +02:00
< blockquote >
< p >
"< i > The Net interprets censorship as damage and routes around it.< / i > " – John Gilmore
< / p >
< / blockquote >
< p >
A Virtual Private Network (VPN) allows you to move your internet traffic to a different machine in a different geographical location by creating a private cryptographically protected route to that location. The usual use cases are to get around local censorship of the internet such as when you see the message "< i > this content is not available in your area< / i > " when trying to play a video. Maybe you're on holiday and your hotel or workplace internet connection is censored. Using a VPN you can connect to your home server and then use the internet normally.
< / p >
< p >
Using a Tor browser is another way to get around censorship, but there might be occasions where you don't want to use a Tor browser or where Tor relays and bridges are blocked or where you want to run internet apps which aren't within a browser.
< / p >
2017-09-27 18:58:18 +02:00
< p >
On Freedombone the VPN is wrapped within a TLS layer of encryption, making it difficult for any deep packet inspection systems to know whether you are using a VPN or not. Since there is lots of TLS traffic on the internet your connection looks like any other TLS connection to a server, and this may help to avoid being censored. It's probably not possible for your local ISP to block TLS traffic without immediately generating a lot of irate customers, and stopping any kind of commercial activity.
< / p >
2018-04-12 14:01:49 +02:00
< / div >
< / div >
2017-09-27 18:58:18 +02:00
2018-04-12 14:01:49 +02:00
< div id = "outline-container-sec-2" class = "outline-2" >
< h2 id = "sec-2" > Installation< / h2 >
< div class = "outline-text-2" id = "text-2" >
2017-09-27 18:46:45 +02:00
< p >
ssh into the system with:
< / p >
< div class = "org-src-container" >
2018-04-12 14:01:49 +02:00
2017-09-27 18:46:45 +02:00
< pre class = "src src-bash" > ssh myusername@mydomainname -p 2222
< / pre >
< / div >
< p >
Select < b > Administrator controls< / b > then < b > Add/Remove apps< / b > then < b > vpn< / b > . Choose the port which you want the VPN to operate on and then the install will continue.
< / p >
< p >
Only use ports 443 or 80 for VPN as an < i > absolute last resort< / i > , since doing so will prevent other web based apps from running on your server.
< / p >
< / div >
< / div >
2018-04-12 14:01:49 +02:00
< div id = "outline-container-sec-3" class = "outline-2" >
< h2 id = "sec-3" > Usage< / h2 >
< div class = "outline-text-2" id = "text-3" >
2017-09-27 18:46:45 +02:00
< p >
When the installation is complete you can download your VPN keys and configuration files onto your local machine.
< / p >
< div class = "org-src-container" >
2018-04-12 14:01:49 +02:00
2017-09-27 18:46:45 +02:00
< pre class = "src src-bash" > scp -P 2222 myusername@mydomainname:/home/myusername/client.ovpn .
scp -P 2222 myusername@mydomainname:/home/myusername/stunnel* .
< / pre >
< / div >
< p >
You will need to ensure that the < i > openvpn< / i > and < i > stunnel< / i > packages are installed. On an Arch based system:
< / p >
< div class = "org-src-container" >
2018-04-12 14:01:49 +02:00
2017-10-05 16:09:17 +02:00
< pre class = "src src-bash" > sudo pacman -S openvpn stunnel4
2017-09-27 18:46:45 +02:00
< / pre >
< / div >
< p >
Or on a Debian based system:
< / p >
< div class = "org-src-container" >
2018-04-12 14:01:49 +02:00
2017-09-27 18:46:45 +02:00
< pre class = "src src-bash" > sudo apt-get install openvpn stunnel4
< / pre >
< / div >
< p >
Now you can connect to your VPN with:
< / p >
< div class = "org-src-container" >
2018-04-12 14:01:49 +02:00
2017-09-27 18:46:45 +02:00
< pre class = "src src-bash" > sudo stunnel stunnel-client.conf
sudo openvpn client.ovpn
< / pre >
< / div >
< p >
You should see a series of messages with "< i > Initialization Sequence Completed< / i > " showing at the end. Leave the terminal open and perhaps minimize it to remain connected to the VPN. To leave the VPN close the terminal window.
< / p >
< / div >
< / div >
2018-04-12 14:01:49 +02:00
< div id = "outline-container-sec-4" class = "outline-2" >
< h2 id = "sec-4" > Changing port number< / h2 >
< div class = "outline-text-2" id = "text-4" >
2017-09-27 18:46:45 +02:00
< p >
Avoiding censorship can be a cat and mouse game, and so if the port you're using for VPN gets blocked then you may want to change it.
< / p >
< div class = "org-src-container" >
2018-04-12 14:01:49 +02:00
2017-09-27 18:46:45 +02:00
< pre class = "src src-bash" > ssh myusername@mydomainname -p 2222
< / pre >
< / div >
< p >
2018-04-12 14:01:49 +02:00
Select < b > Administrator controls< / b > then < b > App Settings< / b > then < b > vpn< / b > . Choose < b > Change TLS port< / b > and enter a new port value. You can then either manually change the port within your VPN configuration files, or download them again as described in the < a href = "#sec-3" > Usage< / a > section above.
2017-09-27 18:46:45 +02:00
< / p >
< / div >
< / div >
2018-04-12 14:01:49 +02:00
< div id = "outline-container-sec-5" class = "outline-2" >
< h2 id = "sec-5" > Generating new keys< / h2 >
< div class = "outline-text-2" id = "text-5" >
2017-09-27 18:46:45 +02:00
< p >
2018-04-12 14:01:49 +02:00
It's possible that your VPN keys might get lost or compromised on your local machine. If that happens you can generate new ones from the < b > Administrator controls< / b > by going to < b > App Settings< / b > then < b > vpn< / b > then choosing < b > Regenerate keys for a user< / b > and downloading the new keys as described in the < a href = "#sec-3" > Usage< / a > section above.
2017-09-27 18:46:45 +02:00
< / p >
< / div >
< / div >
< / div >
< div id = "postamble" class = "status" >
< style type = "text/css" >
.back-to-top {
position: fixed;
bottom: 2em;
right: 0px;
text-decoration: none;
color: #000000;
background-color: rgba(235, 235, 235, 0.80);
font-size: 12px;
padding: 1em;
display: none;
}
.back-to-top:hover {
background-color: rgba(135, 135, 135, 0.50);
}
< / style >
< div class = "back-to-top" >
< a href = "#top" > Back to top< / a > | < a href = "mailto:bob@freedombone.net" > E-mail me< / a >
< / div >
< / div >
< / body >
< / html >