Monday, May 13, 2013

How to Force Vuze to only load Torrents through VPN for Windows

There is an easy way to configure the torrent client Vuze
so that it only down/uploads while the VPN is connected.
This works on Windows and Mac.

Other related articles:

Mac Firewall - some basics about Mac Firewall configuration
IP Binding - all about Secure IP Binding

Windows

Download Vuze from: http://www.vuze.com/download/
Install it and run it. Now we need a torrent file for testing, a good idea would be Knoppix: http://torrent.unix-ag.uni-kl.de/
Add one of the knoppix torrents into the download list.
Connect to the VPN using the VPN protocol you want to bind Vuze to.
Otherwise you might be unable to see the corresponding interface in the list later
Now, go to "Tools", "Options" in the menu.
Under "Mode", select "Advanced" so that Vuze shows all settings.
Go to "Connection". Doubleclick it or click the arrow to get into the submenu "Advanced connection settings".
You should see something like this:

Important: Make sure the checkbox next to "Enforce IP bindings even when interfaces are not available" is checked;
otherwise it can happen that Vuze keeps downloading without using the VPN.
Of course your adapter list will be much longer, since it will show all network adapters your operating system has.
But for the purpose of IP binding for VPN, we only need the VPN related adapters, which are:

TAP-Win32 Adapter V9
WAN Miniport (PPTP)
WAN Miniport (L2TP)

The TAP adapter is responsible for OpenVPN connections, and the WAN Miniports for PPTP and L2TP connections.
OK, let's say you want to set Vuze so it only down/uploads while an OpenVPN connection is active.
For that, you just need to enter the interface identifier into the field next to "Bind to local IP address or interface".
Note that the interface identifier is named different on every system, so make sure to check how exactly it is called on yours.
In this example, it is "eth15" for OpenVPN, "net2" for PPTP" and "net1" for L2TP.
You'll most likely have several similar named interfaces in the list, for example "(TAP-Win32 Adapter V9 - Deterministic Network Enhancer Miniport)".
Make sure to only use the interfaces that are exactly named like in this example, without any suffix.
For testing, just use one of the adapters, e.g. "eth15" for OpenVPN. Enter it into the field and click "Save".
When you're disconnected from the VPN at the moment, the current downloads in Vuze should immediately stop.
That's a good sign - now, please connect to the VPN via OpenVPN protocol. You should notice that the download starts again.
Upon disconnection, the downloads will stop again. Exactly as expected, so far so good.
That's all if you're only using OpenVPN. For setting up the same for L2TP and PPTP, you can

a) replace the "eth15" with "net1" or "net2"

b) append the interface identifiers after each other, so that you would enter "eth15;net1;net2" into the field.

When doing that, make sure to test all protocols if Vuze is working correctly. Due to firewalls and additional protocols installed into the adapters, it might not work as expected.
If you were unable to find the correct interface in Vuze's list, please first connect to the VPN using your preferred protocol, and then open the options of Vuze.
Well done!

How to Use Linux Virtual Machine instead of router for VPN

Connecting Your Home Devices To The Internet Via A VPN Service, Without A VPN Client Capable Router

I’ve just been through this process at home for a “project” I was working on. Those attempting similar “projects” will understand why you’d do it. Those asking the question “But my computer connects fine to the internet already?” can probably stop reading. To give you a hint, I’m in Australia and I’ve just purchased a Roku Media Player from Amazon.
I wanted to set up my computers at home to access the internet through a VPN service. What HMA suggest is to configure the VPN at the router. The router being the gateway between the Internet and my home network. This is fine if your router supports acting as a VPN client. Mine, a TP-Link w8960N, does not support such functionality. So what to do?
The Synology supports acting as a VPN server for connecting back home, and with some tweaking, can be made to support being a VPN client. However, I prefer not to hack my Syno box unless I really have to though. After a quick try (thanks to Greg Hughes blog for the tips), I decided it’d be safer to break something else.
I could have purchased a router that supports VPN client connectivity. There are some articles over at VPNFreedom.com such as this one by Thomas Fals that explain how to set it up. I already have a NAS, Gigabit Switch and Router in the Home theatre cabinet though so the thought of adding another box doesn’t appeal. I also thought there must be a way to do it using software and without spending more money.
In the end, I decided to attempt it using a Ubuntu Linux Virtual Machine running an openVPN cilent and using IPTables to configure routing between the home network and VPN. Sound hard? Well, I wouldn’t recommend it to a novice user but if you have some Linux experience you should be able to manage.

Ubuntu Linux VM
Firstly you’ll want to set up a Linux VM. For those unfamiliar with Virtual Machines, it’s basically just a virtual computer running on another computer. Sticking with the ‘free’ theme of this thread. I decided to go with VirtualBox from Oracle. It’s a freely available Virtualization platform that you can install at home. Unlike VMWare Player or others, it will run on any platform, Windows / Mac / Linux.
I have a MacMini at home that I use as a Plex Media Client. I already had VirtualBox installed. It’s quite a simple download and install from VirtualBox. I won’t cover the install here.
I already had a Ubuntu 10.04 Linux VM configured that I’d used for another project. I’d tried out PS3 Media Server a while ago. So I decided to use that. If you need to install Ubuntu, there are several ways to do it as detailed on the Ubuntu website. You can also just download a pre-built VM image. Oracle have them available here.
I’ll leave it up to you how you want to do it.

OpenVPN Client
I’ll assume you’ve signed up with HMA already. If not, you should sign up for an account if you plan to use it before going any further.
Log on to your Ubuntu VM with root privileges. Whether that’s as root or if you want to sudo each command I’ll again leave that up to you. There are a few packages that you need to install in order to run the openVPN client and connect to HMA. Run the following:
sudo apt-get install openvpn curl unzip dnsmasq-base wget
This installs the OpenVPN client for connecting to HMA plus some tools you’ll need.

HMA Config
Create a directory where you would like to install HMA. HMA will run self contained out of this directory. Then download and unzip the HMA config to that directory.
mkdir /opt/hma
cd /opt/hma
wget http://vpn.hidemyass.com/linux.zip
unzip linux.zip
You are now ready to test your HMA connection. As per the HMA README file you just downloaded. Run the following to connect.
/opt/hma/hma-start -l
This will list the available servers. Choose one in the country you wish to connect via and start the VPN connection e.g.
/opt/hma/hma-start "USA, California, Los Angeles (DC1 S1)"
You will be prompted for your HMA username and password. This should then establish your connection.
If you get time out errors, try a different location. You should see some entries starting with /sbin/ifconfig and /sbin/route add. These entries should be on consecutive lines, if there are errors reported. Kill the process using ctrl+c and try again.

Routing Traffic Via Your VPN Connection
The goal here is to tell our clients to connect to the internet via our Linux VM instead of out directly through the router. We also need to make sure the VM is configured to forward IP packets out to through the VPN instead of bouncing them back to the client.
Firstly, make sure you configure your Ubuntu Linux VM with a Static IP address outside your DHCP range on your local network and that the gateway of your VM is pointing to the address of your router. e.g.
IP: 192.168.1.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1 assuming your router is providing DNS information.
There’s an excellent Ubuntu doc here on configuring Internet connection sharing. I really recommend reading it. Basically, this document assumes you have two network cards (NICs) or at least two interfaces configured and that your clients are connected to one and that the Internet is connected to the other. This is exactly what we’re doing here. Your local network interface is normally eth0. What we would normally do is set up another interface on eth1 and route traffic between eth0 and eth1. The difference here is that we’re using a openVPN client. When it’s running, this client creates a vpn tunnel interface called tun0. So we will be routing traffic to eth0 out via tun0. We do that using IP tables. For the how’s and why’s check out the Ubuntu doc. In command line form though, it’s the following commands.
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo iptables -A FORWARD -o tun0 -i eth0 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables.sav
You may also have to modify the /etc/sysctl.conf file to uncomment the line
net.ipv4.ip_forward=1
Done, assuming you’ve established a VPN connection, you’ve now set up routing on the Linux VM.

Client Config
Connecting clients will vary based on what type of client it is. Computers are the easiest because they’re the most configurable. Basically, you now just change the Gateway or Router address in your network config of your computer to point to your Linux VM. In this case it would be 192.168.1.10. That’s it. If you go to google.com and type in “what is my ip address” it will now show you the IP address of the VPN connection. It will also probably ask if you’d like to stop connecting to google.com.au and use google.com instead as it now thinks you’re in the U.S.

DHCP Only Clients (Optional)
There are some clients. Notably the Roku Media Player, that don’t support static IP addresses or changing the gateway. This is a bit of a pain. Normally, DHCP addresses are provided by your router. In my case this was the TP-Link w8960N at 192.168.1.1. The problem with this is that it also tells your client that the gateway address is 192.168.1.1. This is a problem because then your client uses that for the internet connection and not your fancy new VPN software router. To get around this, I turned off the DHCP function on my router and installed a DHCP server on the Linux VM.
sudo apt-get install dhcp3-server
Then put the following in a file called /etc/dhcp3/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.10;
option domain-name-servers 192.168.1.1;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
}
Then start the dhcp server using
/etc/init.d/dhcp-server start
Reboot your clients and they should pick up an IP address from the Linux VM and be provided with the new gateway address of 192.168.1.10.
Done.

Conclusion
It looks harder than it is and it’s a bit of messing around. You might decide it’s cheaper and easier to just buy a new router that supports VPN connections. I already had VirtualBox installed and a Linux VM so the whole process only took about an hour or so. It also avoids the need for another box in your setup, and it doesn’t cost anything except your time.
Big thanks to the info in everyone’s articles I read putting that helped put this together. I’ve linked where possible.
For those trying out Roku boxes in Australia, there’s a good Whirlpool thread here.

How to make Internet Connection Sharing (ICS) on Windows XP

Since the setup of Internet Connection Sharing on Windows XP differs a bit from other windows versions, you can use this special tutorial for setting it up.
To setup ICS on Windows XP, follow this steps:

Navigate to the windows control panel -> Network Connections
You should see your network adapter (the one which is connecting you to the internet)
We need to ensure that your computer has a static IP, so the Playstation later knows where to get the internet connection from.
So we first need to check what IP your computer currently has.
To do so, doubleclick your network adapter and go to the "Support" tab.
This will show your current IP address, e.g. 192.168.0.5 or 10.0.2.15
Write down the IP somewhere, or copy it to the clipboard.
Close the window so you're back where your network adapter was displayed
Rightclick your network adapter and select "Properties".
Select "Internet Protocol (TCP/IP)" and then "Properties".
Select "Use the following IP address".
Enter:

IP address: Here enter the IP you wrote down earlier.
Subnet Mask: 255.255.255.0
Default gateway: Leave blank
DNS servers: 8.8.8.8 + 8.8.4.4 (or any other DNS, e.g. OpenDNS)

Now create a L2TP connection according to this special instructions for Windows XP: http://wiki.hidemyass.com/Tutorials:WindowsXP_L2TP_connection_setup
When that is finished and you successfully tested the VPN connection, rightclick that new connection and select "Properties".
Go to the "Advanced" tab. There, check "Allow otzher network users to connect through this computer's internet connection"
and check "Allow other network users to control or disable the shared internet conection"
You can also disable the Windows firewall here under "Settings", which is a good idea if experiencing any kind of connection issues.

That's all - the rest of the configuration has to be done on your external device that should use the VPN (e.g. Playstation, XBOX, NAS, Computer, etc.)
On that device, you need to use this settings:

IP address: Should be in the same subnet as your computer. E.g. if your computer is 192.168.0.5, you could use 192.168.0.6
Subnet Mask: 255.255.255.0
Default router/Gateway: Here enter the IP of your computer, you set earlier (e.g. 192.168.0.5)
Primary DNS: Same here.
Secondary DNS: Same here.

How to Setup HMA VPN on XBOX via ICS on Mac

How to connect XBOX to VPN via ICS on Mac

Note, this set up is for Lion 10.7.3. For Snow Leopard 10.6 you have
to edit a plist file in terminal.
Heres what you will need:

VPN account
USB to Ethernet adapter, i use the Apple Macbook Air one
Ethernet Cable

You will have to manually enter the VPN connection, here is how:

Open System Preferences / Network
Click the add (+) interface and choose VPN
IMPORTANT: In VPN-Type, select PPTP
Set HidemyAss as the service name
Click Create
This window will now close and you will be taken back to Network Preferences window
Leave the Configuration as default
In the Server Address enter the PPTP IP address of the VPN Server. To get this you will have to login to the HidemyAss website and
navigate to PPTP Server on the left of the website.

Whilst one the website note down your username and password above the server list. Bear in mind that your PPTP password is different to any other password (for security reasons).
Click Authentication Setting and enter your PPTP password – NOT YOUR ACCOUNT PASSWORD!
Click OK to take you back to the network window
Click Advanced and tick “Send all traffic over VPN connection
Click Connect and wait for the green light on the connection window.
To ensure the service is running smoothy visit a IP trace website such as www.tracemyip.org

You will now need to share this VPN network with your XBOX. There two ways of doing this, over WiFi or Ethernet.
I prefer Ethernet as its fast for file sharing (i use my XBOX as a media center also)

Option 1 Ethernet: XBOX will connect directly to you Mac with a Ethernet cable

Ensure the XBOX is switched off
Connect the Ethernet to USB into you Mac.
Then connect an ethernet cable from the adapter directly into the back of your XBOX.
Open System Preferences / Network
USB to Ethernet should be listed in yellow, if not click the add (+) interface and choose USB to Ethernet
Click back or Show all to take you to the main System Preferences window and select Select Internet Sharing
In the pull down menu “Share you connection from” choose HidemyAss
Then tick USB Ethernet adapter
On the left list tick [Internet Sharing] and [Start] in the pop up window, this should now be green and active
Turn you XBOX on and check the System Setting / Network / Ethernet/ Test XBOX Live to ensure you have a connection

Option 2 Wi-fi: XBOX will connect directly to you Mac using a new Wi-Fi network

To use this you will have to have you Mac connected to the internet with an Ethernet cable

Open System Preferences window and select Select Internet Sharing
In the pull down menu “Share you connection from” choose HidemyAss
Then tick WiFi
Click the Wi-Fi Option button and set a 5 digit password (WEP Key)
On the left list tick [Internet Sharing] and [Start] in the pop up window, this should now be green and active
Turn you XBOX on and check the System Setting / Network / Wi-Fi/ Test XBOX Live to ensure you have a connection

Theres one more connection option which i haven’t tried but would mean your Mac connects to the internet via wifi and the XBOX will connect to the ethernet port but I’ve not tested this so I’m not sure if it will work.

How to do Internet Connection Sharing - ICS - on Windows

This tutorial explains how you can get your gaming console, television or similar network-capable device to use the VPN via Internet Connection Sharing (ICS).

It has been made for Windows Vista/7;

As mentioned, you can use this tutorial for any network capable devices - computer, laptop, gaming console, NAS drive, TV, etc.

Connection: ADSL router> via WiFi > Laptop > via Ethernet > PS3 Console

First you need to verify your computers IP address. You will need to find what IP addresses
the DHCP router is broadcasting. The common addresses are 192.168.1.X or 192.168.0.X
To check please do the following:

Open network and sharing Center
Click on “Change adapter settings”

)

3. Right click on your wireless connection and select “Status".
4. Click on “Details”

Note down the TCP/IPv4 address (example. 192.168.1.4)

Now you will need to setup the shared connection between your computer and the network device.
Since you know your DHCP IP pool (192.168.1.X or 192.168.0.X) you can pick a random IP.
If you have two or more computers/devices IP’s from 192.168.X.100 to 192.168.X.200 should be available.
In this tutorial we will use 192.168.x.115
To configure your ICS, first thing to do is to set your computer to have a static IP address:

Open “Network and sharing Center”
Click on “Change adapter settings”

3. Right click on “Local Area Network” and click “Properties”
4. Highlight “Internet Protocol Version 4 (TCP/IPv4) and click “Properties”

5. Under the “IP address” enter the IP address you picked (In our case 192.168.x.115)

6. Under “Subnet mask” enter "255.255.255.0"
7. Press “OK” and save your settings.
Next thing you should do is to create L2TP connection. For a detailed step-by-step tutorial with screenshots,
see: http://wiki.hidemyass.com/Tutorials:Windows_L2TP_connection_setup
Once you have created the L2TP connection please do the following:

Open “Network and sharing Center”
Click on “Change adapter settings”

3. Right click on “Your L2TP Connection” and click “Properties”
4. Select “Sharing” tab.
5. Check the “Allow other network users to connect through the computer’s internet conection box”
6. Check the “Allow other users to control or disable the shared internet connection” box.
7. Click on “OK”

Now connect to VPN and test your connection. (e.g. verify IP at http://ipadress.com)

Troubleshooting:

The windows firewall should be disabled. However, one some windows versions the windows firewall service
and the internet connection sharing service are the same, so you might be forced to leave it enabled, but
set rules to accept all traffic. Otherwise it's not going to work!
Both devices (computer and network device) should have an IP in the same subnet (e.g. 192.168.0.x)

Facts:

It's also possible to do this with a PPTP connection instead of L2TP.
OpenVPN is also possible by sharing the TAP adapter, but it's more complicated than L2TP or PPTP.

Short instructions:

Set your computers IP to an IP you can remember (e.g. 192.168.0.150)
Create a L2TP connection (instructions)
Enable ICS in the properties of the L2TP connection
Set your network device as followed:

IP: Should be in the same subnet as your computer
Subnet mask: 255.255.255.0
Gateway/router IP: IP of your computer (e.g. 192.168.0.150)
DNS: any DNS you like, e.g. 8.8.8.8

On your computer, connect to the VPN using the L2TP connection
Finished - your device should now use the VPN via ICS

That's all - the rest of the configuration has to be done on your external device that should use the VPN (e.g. Playstation, XBOX, NAS, Computer, etc.)
On that device, you need to use this settings:

IP address: Should be in the same subnet as your computer. E.g. if your computer is 192.168.0.5, you could use 192.168.0.6
Subnet Mask: 255.255.255.0
Default router/Gateway: Here enter the IP of your computer, you set earlier (e.g. 192.168.0.5)
Primary DNS: Same here.
Secondary DNS: Same here.

How to Setup Playstation 3 to use VPN via ICS

Once you have setup Internet Connection Sharing on your PC/Mac according to our instructions linked below, follow the instructions to setup your Playstation to use the VPN connection.

Next step is to set the network connection on your PS3 Console. On your XMB go to “Settings” and select “Network Settings”.
Choose “Internet connection settings”.
You will be asked to select a method, select “Custom"
Select connection method “Wired connection”
Select the operation mode for network device – select “Auto-Detect”
IP address settings – select “Manual”
Enter the following settings: IP address: 192.168.x.110 (This IP must not be the same as the IP address for ICS) Subnet Mask: 255.255.255.0 Default router: 192.168.X.115 (IP address from your “Local Area Network”) Primary DNS: 192.168.X.115 Secondary DNS: 192.168.X.115
MTU select “Automatic”
Proxy server select “Do not use”
UPnP select “Enable” Press the X button on your controller to save your settings. Test the connection. Your PS3 should be connected to VPN.

How to make Internet Connection Sharing - ICS - on Windows

This tutorial explains how you can get your gaming console, television or similar network-capable device to use the VPN via Internet Connection Sharing (ICS).It has been made for Windows Vista/7;

for ICS on Windows XP, see Tutorials:Internet Connection Sharing (ICS) on Windows XP
for ICS on Mac, see Tutorials:HMA VPN on XBOX via ICS on Mac