How use PeerFreedom VPN on Linux

From PeerFreedom Wiki
Jump to navigation Jump to search

PEERFREEDOM VPN IS INVITE ONLY; ALSO IT IS NOT FULLY CONFIGURED YET SO CERTAIN THINGS DON'T WORK

You need to install OpenVPN client. In Debian or similar system run:

# apt install openvpn

Now go to: https://peerfreedom.org/vpn

Type your username and password and select GNU/Linux as OS, a press "Get configuration files" button.

Unpack your config files and go to unpacked directory. Now in that directory run as root:

# openvpn ./client.ovpn

Voilà!

Make sure that you are not using the same login/password on more than one machine!

Check that your IP is 93.180.178.214.

Optional: use TCP instead of UDP

Edit your client.ovpn file and replace

proto udp

with:

proto tcp

Optional: prevent simple IP leakage

Set up firewall as described here.

Then modify output chain. Let's assume that your WAN interface is eth0 and VPN interface is tun0. If they differ modify accordingly.

        chain output {
                type filter hook output priority 0; policy drop;
                oif "lo" accept
                oifname "eth0" ip daddr 93.180.178.214 udp dport 1194 accept
		oifname "eth0" ip daddr 93.180.178.214 tcp dport 1194 accept
		oifname "tun0" accept
        }


Optional: save password in file

Create text file, for example pass_file, with following content:

your_login
your_password

Of course change your_login and your_password with your credentials.

Now modify client.ovpn and replace:

auth-user-pass

with:

auth-user-pass pass_file

If it doesn't work then MAKE SURE you DELETE any other "auth-user-pass" besides the one with your file.

Optional: setup firewall to allow all outgoing connections over tun0 (port 80 and 443 is to this Wiki server, ports 33434: is for traceroute, see manual page)

Tested on QubesOS 4.0 with iptables firewall

-A OUTPUT -o tun0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o tun0 -p udp --dport 33434:33534 -j ACCEPT
-A OUTPUT -o tun0 -p icmp -j ACCEPT
-A OUTPUT -o tun0 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o tun0 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o tun0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -d 93.180.178.214 -p udp -m udp --dport 1194 -j ACCEPT
-A OUTPUT -d 93.180.178.214 -p tcp -m tcp --dport 1194 -j ACCEPT
-A OUTPUT -d 93.180.178.214 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -d 93.180.178.214 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -j DROP

Optional: rename your TUN device

Modify client.ovpn and replace:

dev tun

with:

dev newname0
dev-type tun

Troubleshooting: access some services from our VPN

Some services we are hosting share external IP with OpenVPN tunnel. To access these services via our VPN you can add following entries to your /etc/hosts:

For UDP:

10.9.8.1	wiki.peerfreedom.org
10.9.8.1	mumble.junta.pl
#and so on...

For TCP:

10.9.9.1	wiki.peerfreedom.org
10.9.9.1	mumble.junta.pl
#and so on...

Example /etc/hosts

10.9.8.1 peerfreedom.org
10.9.8.1 www.peerfreedom.org
10.9.8.1 wiki.peerfreedom.org
10.9.8.1 devwiki.peerfreedom.org
10.9.8.1 cryptpad.junta.pl
10.9.8.1 sandbox.junta.pl
10.9.8.1 mumble.junta.pl


Admin

https://peerfreedom.org/vpn/index.php?admin#menu0