Friday, May 17, 2013

How to Connect OpenVPN on Android

This tutorial explains how to configure the "OpenVPN Connect" app on Android devices for HMA! Pro VPN:

First you need to do 2 things:

1. Getting the configuration files:
Either get all config files as .zip archive from: http://hidemyass.com/vpn-config/vpn-config.zip
Then extract the .zip somewhere, e.g. into /sdcard/Download
Alternatively, get the single config files from the servers you'd like to connect to from:
http://hidemyass.com/vpn-config/TCP/
http://hidemyass.com/vpn-config/UDP/

2. Install the app "OpenVPN Connect" from Google Play:
https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en

Now follow the steps below to configure the app ->

3. Start the OpenVPN Connect app and press the menu button	4. Select "Import" to import an OpenVPN config file

5. Select "Import Profile from SD card"	6. Browse to the folder where you saved the .ovpn config files. Select the config file from the server you'd like to connect to. Then tap "Select"*.

7. Enter your login credentials into "Username" and "Password". If you want to save it, check the "Save" box. Now tap "Connect".	8. You can see the connection progress -> "Connecting..."

9. Once it looks like in the screenshot below, you're successfully connected. You can see the connection stats and the "Disconnect" button now. To be sure you're properly connected, verify your IP and location at e.g. http://geoip.hidemyass.com	10. By pressing the menu button again and selecting "Preferences", you can see all possible settings for the app. You can leave them to default, but see below for options you might want to activate, e.g.: Seamless Tunnel, Reconnect on reboot, DNS Fallback, Notifications - they all increase security in some way. That's all :)

How to setup VPN on HP Touchpad

HP TouchPad instructions

On this page you will find setup instructions for setting up PPTP on your HP TouchPad.

1. Install the "PPTP VPN Plugin"

Navigate to HP App Catalog and search for "PPTP VPN Plugin", then install it.

2. Add VPN Profile

Navigate to HP Launcher and to the "SETTINGS" panel and tap the "VPN" icon

Tap "Add profile"

Select "PPTP" from "CONNECTION TYPE"
Login to http://vpn.hidemyass.com and navigate to your PPTP page to find server details.
Enter a server IP address into the "VPN SERVER" field, tap "Next".

Now you need to enter your username and PPTP password (this can be found on the PPTP page your PTTP password is different to your VPN account password)
within this screen, ensure only "MSCHAPv2" is checked within authentication methods.

Hit connect... you should now be connected.
If successful, a tick should be adjacent to the profile name and a little VPN icon in the top right corner.
You could verify your IP at websites like http://ipaddress.com now

How to setup VPN on Chrome OS

Chrome OS

In case you're running Chrome OS (e.g. on Chromebook, on a virtual machine, etc.), follow the steps below to create a L2TP or OpenVPN based VPN connection.
Note that when you want to connect simply via the ChromeOS GUI, you'll have to use L2TP protocol.
For using OpenVPN protocol, you'll have to use the console which might require that you get into developer mode. How to is explained below.

Setting up a VPN on Chromebook (quick instructions) To set up a VPN on your Chromebook, follow these quick instructions, or scroll down for the step-by-step tutorial with screenshots. Click the network icon in the top-right corner of your screen. In the list that appears, select Private networks. Click Add private network. In the box that appears, fill in the information below. Server hostname: One of the L2TP server IPs http://hidemyass.com/vpn/r4662 Service name: Name it as you like. Eg: HMA! L2TP. Provider type: Select L2TP/IPsec + Pre-shared key. Pre-shared key: HideMyAss (case sensitive!) Username: Your VPN account username Password: Your PPTP Password. Can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details Click Connect.
Step by step tutorial with screenshots
First, rightclick the time-bar in the bottom right of your desktop. The settings overview will appear. Here, click "Settings".
We want to create a new private network connection, so please select "Add connection" and and then select "Add private network...".
The "Add private network" window will appear. Here, please enter: Server hostname: One of the L2TP server IPs http://hidemyass.com/vpn-config/l2tp/ Service name: Anything you want, e.g. "HMA L2TP VPN" Provider type: L2TP/IPsec + pre-shared key Pre-shared key: HideMyAss (attention, case sensitive!!) Username: Your VPN account username Password: Your PPTP password (get it from the VPN control panel under "PPTP servers") Leave everything else to default (like in this screenshot). Now click "Connect" and Chromium will attempt to connect to the VPN server you chose.
While Chromium is still connecting, you'll see this icon next to the private network connection you just created: Once the connection has been made, the icon will change to
You should now see the icon, which means that the connection has successfully beem made. You can now select "Network options..." to get into a status window of the newly created connection. Or you can select "Disconnect" here, to disconnect from the VPN again.
This is the "Network options..." window that shows you additional info about the connection, and allows you to set proxy-settings (in case you're connected to the internet through a local proxyserver) You can disconnect here as well. That's all. To verify your current IP, go to websites like http://ipaddress.com

Additional notes:

There have been reports of a bug making your VPN experience a bit annoying: about every 5 minutes, it automatically disconnects from your VPN and you can't reconnect unless you log out and in again, or delete your VPN and configure it again.
The Chrome OS developers are aware of this problem and you can keep track of this problem here and here. Star this issue in order to get it fixed earlier.
A workaround for now is opening a terminal (Ctrl+Alt+T) and starting an endless ping using ping google.com. This seems to work fine for affected systems.

OpenVPN on ChromeOS

Connecting via OpenVPN protocol on ChromeOS is a little bit tricky, because it currently does not accept common certificates and keys.
That means you can't connect using the ChromeOS GUI, like you would do with L2TP protocol as explained above.
So you'll have to use a small workaround:

First you need to get into the console mode. On some ChromeOS systems/devices this requires to enable the developer mode first.
How this is done differs from device to device, here's a list with links to instructions: http://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices
General information on how to access console/terminal and other related info can be found at: http://www.chromium.org/chromium-os/poking-around-your-chrome-os-device

Now you have 2 options to get into the console mode. Which one you use, does not matter.

Option 1: Console mode:
To get into the console mode, try either

CTRL+ALT+F2 or
CTRL+ALT+RIGHTARROW

You should now get asked for a username and password.
If you didn't change any usernames/passwords of the system before, try:

User: chronos Password: facepunch
Other possible usernames and passwords: chronos, chroneos, chrome, chromeos, facepunch

Option 2: Terminal mode:
To create a new terminal mode window, hit

CTRL+ALT+T

You should see this:
crosh>
Here, enter "shell"

You're now logged in with a restricted user account.
The next step is to get root access.
Enter: "sudo su"
You should now get asked to select a root password. Make sure to write it down somewhere, in case you forget it!
Now is the time to connect to the VPN.
You'll need the *.ovpn config files of the serves you'd like to connect to. Get them from

To connect via OpenVPN-TCP: http://hidemyass.com/vpn-config/TCP
To connect via OpenVPN-UDP: http://hidemyass.com/vpn-config/TCP
TCP+UDP config files as .zip archive: http://hidemyass.com/vpn-config/vpn-config.zip

You can of course download them from your normal desktop
and put them into a specific folder where you can find them later.
To leave the console mode, hit CTRL+ALT+F1 or CTRL+ALT+LEFTARROW
to leave the terminal mode, hit ALT+TAB
To download a config file from the console/terminal mode, you could enter e.g.
"wget http://hidemyass.com/vpn-config/UDP/Bulgaria.Sofia.UDP.ovpn"
Now the file has been saved into the folder you're currently in.

That said, as long as you're in a folder that contains the *.ovpn config files within the console mode,
you can simply connect to the VPN by running:
"openvpn Bulgaria.Sofia.UDP.ovpn"
You'll then get asked for your HMA! Pro VPN username + password (the same that you use to login to the VPN control panel), and the client will connect.
Once the client shows you something like
"Sun Apr 21 07:45:21 2013 Initialization Sequence Completed",
that means you are successfully connected and you can go back to your normal desktop.

To leave the console mode, hit CTRL+ALT+F1 or CTRL+ALT+LEFTARROW
to leave the terminal mode, hit ALT+TAB

To confirm that you are successfully connected, you could e.g. browse to http://ipaddress.com
and verify your IP, ISP and location.

To disconnect from the VPN, go back to console mode (CTRL+ALT+F2 or CTRL+ALT+RIGHTARROW, for terminal mode just ALT+TAB )
and hit CTRL+C.

How to use all VPN protocols

HideMyAss is offering the following VPN protocols: OpenVPN-TCP (standard), OpenVPN-UDP, PPTP and L2TP.
This article will show how to use each of them for different devices and operating systems.
Especially when experiencing any kind of connection issues, the first thing to do is to try all protocols.

Windows

When using the HMA Pro VPN client software, you can use the protocols OpenVPN-TCP and PPTP.
See the screenshot on the right for how to change between both protocols (marked red):
Should you experience any kind of connection issues, try several servers, and both protocols.
Below are links to articles on how to use the other protocols, and what client applications you can also use.

OpenVPN-TCP:

OpenVPN-UDP:

PPTP:

Use the HMA Pro VPN client software
Create a manual PPTP connection directly from within Windows:

Use our dialer

L2TP:

Create manual L2TP connection directly from within Windows:

Use our dialer

Mac

OpenVPN-UDP:

PPTP:

L2TP:

How to Force Mac OS X to automatically reconnect to VPN

Open up Applescript (Applications > Utilities) and paste in this code (replace "VPN_Connection_Name" with the name of your VPN connection):

UNIQ24186b68670829f7-pre-00000001-QINU Then, save the script as an application with the "Stay Open" box checked.
Run it. Now OS X will automatically reconnect if the connection drops for some reason.

How to Use Proxyserver as VPN router alternative

By running a proxy server on a Linux device, you can let multiple devices use your VPN connection without the need of getting a VPN router.
This works on any Linux-based device, e.g. Raspberry Pi, Linux-on-Android (e.g. via Linux Deploy) or even on a virtual machine.

If you want even more security, prevent fallsbacks to your real IP and ensure that your whole system is using the VPN, check this:

Tutorials:Using local PPTP server as VPN router alternative

Advantages:

you can even let devices use the VPN that only support proxies
you can let an unlimited number of devices use the VPN
you can use the VPN from anywhere, even on places where VPN is blocked
you don't need a VPN router

Example scenarios of use:

Your router does not support VPN: But using a local proxy server on your Linux device, you can just let all your devices connect to the proxy in order to have them protected by HMA Pro VPN.
You have devices that do not support VPN, but do support proxies. Now they can be protected by the VPN as well!
You don't want to use internet connection sharing or purchase a VPN router to protect all your devices by the VPN.
HMA's servers are blocked on a public or on your mobile connection. Using the local proxyserver you can now use the VPN from anywhere, since you are still able to connect to your home IP.

This tutorial is using tinyproxy as proxy server.
Basic Linux knowledge is required though!

Step 1: Install necessary packages

apt-get install wget curl sed tinyproxy openvpn iptables nano

Step 2: Modify /etc/tinyproxy.conf

nano /etc/tinyproxy.conf

Scroll down to this part:

# Allow: Customization of authorization controls. If there are any
# access control keywords then the default action is to DENY. Otherwise,
# the default action is ALLOW.
#
# The order of the controls are important. All incoming connections are
# tested against the controls based on order.
#
Allow 127.0.0.1

Here you can add IPs or subnets that are allowed to use the proxy.
So if you want to let only client IP 192.168.0.35 use the proxy, add:
Allow 192.168.0.35

If you want to let the whole subnet 192.168.0.x use the proxy, add:
Allow 192.168.0.0/24

Now, scroll down to this part:

# ConnectPort: This is a list of ports allowed by tinyproxy when the
# CONNECT method is used. To disable the CONNECT method altogether, set
# the value to 0. If no ConnectPort line is found, all ports are
# allowed (which is not very secure.)
#
# The following two ports are used by SSL.
#
ConnectPort 443
ConnectPort 563

Comment the "ConnectPort 443" line, so it looks like this:
# ConnectPort 443
Of course you can also remove it.
This is required, otherwise the proxy can't be used while the VPN is connected via OpenVPN-TCP on port 443.

Save the file, exit nano.

Now, enable forwarding if you wish to have access to your entire home network while away.
Edit the ‘sysctl’ file.
nano /etc/sysctl.conf
Find “net.ipv4.ip_forward=1” and uncomment it (or change =0 to =1) to enable forwarding.
Now, execute the following command to apply changes:
sysctl -p

Step 3: Testing the proxy

Start tinyproxy by running "tinyproxy".

Now get onto your client to test the proxy.
Set it to use the IP of the device where tinyproxy is running, at standard port 8888.
This is easily done in Windows by opening Internet Explorers menu:
Tools - Internet Options - Connections - LAN settings
Check: Use a proxy server for your LAN
Address: IP of the device where tinyproxy is running on
Port: If not configured in tinyprox.conf otherwise, its 8888
Click OK.

Browse to e.g. ipaddress.com
If you get an error page, tinyproxy.conf wasn't properly configured to allow you access.
If you can browse, tinyproxy is working.

Step 4: Connecting to VPN

Now download the HideMyAss OpenVPN connection script:
wget http://hmastuff.com/hma-vpn.sh

Make it executable:
chmod +x hma-vpn.sh

Connect to the VPN (e.g. "./hma-vpn.sh -p tcp Texas")
When the VPN is connected, go to ipaddress.com on your client computer and check location again.
It should now show you the location of the VPN server. Thats all!
Now you can set any device to use the proxy server, and it will automatically use the VPN connection.

Notes

If you get any permission denied errors, or can't modify file contents in the editor, make sure you have root access.
Do so either by first running "su" and then proceed, or prefix each command with "sudo".

Feel free to use other VPN connection methods, e.g. PPTP or L2TP via a GUI like LXDE, Gnome, Unity;
PPTP via command line, or gOpenVPN via GUI.

To use the proxyserver from outside of our local network, you'll need to create a port forwarding rule on your router
for the port the proxyserver is running on (in this example, TCP port 8888) to the IP of the linux device.
Here's a list of tutorials for various routers on how to create port forwarding rules.
Since you may not always know your external IP, consider using a Dynamic DNS service on it.

When running the proxyserver on a virtual machine, you will have to use a bridged network setup in your virtualization software,
so that the device fetches its own IP from your networks DHCP server.

To prevent non-proxified traffic, you could forbid all traffic that is not coming from / going to the proxy servers IP, e.g. with Windows or Comodo Firewall.
For links on how IP binding rules are created, see the article IP Binding

If you want even more security, prevent fallsbacks to your real IP and ensure that your whole system is using the VPN, check this tutorial:
Tutorials:Using local PPTP server as VPN router alternative

Having trouble with this tutorial? Have suggestions, improvements, questions? Feel free to email in at wiki@hmastuff.com

How to make bittorrent only use VPN IP (Static IP without router)

This tutorial is with the use of Comodo Firewall but we will add any info we find about other firewalls at the bottom. I highly suggest using Comodo Firewall and it is free. Gives program specific control over any and all applications.

***This tutorial will work with OpenVPN (installed) client and PPTP connections for each server once setup!

Download Comodo Firewall here.. http://personalfirewall.comodo.com/

You can choose only to install the firewall during setup if you choose to keep your antivirus.

Step 1:

Open Comodo Firewall and click Firewall, Advanced, then Network Security Policy. It already opens to Application Rules and where you will control your bittorrent client. If you haven't already run your client since installing Comodo do so now to be asked to allow and it will be inserted here. Otherwise click Add (top right) then Select (top right, new window) and choose running processes or browse to find (ie. program files/utorrent/utorrent.exe).

Step 2:

You will need you real IP to do the following so go here with VPN disconnected if you do not know your own IP.. http://whatismyipaddress.com/

Right click bittorrent in application rule list and choose Add and 1st rule will be IN rule leaving source as ANY.. add real IP

Step 3:

Right click bittorrent in application rule list and choose Add and 2nd rule will be OUT rule leaving destination as ANY.. add real IP

Step 4:

Note: If you already ran the bittorrent and chose allow then you can just use the allow rule already there and skip this rule but make sure it's the 3rd rule underneath the two block rules of you IP.

Right click bittorrent in application rule list and choose Add and 3rd rule will be ALLOW rule for all other IP's (ie. VPN IP).. leaving source and destination as ANY will do this..

Make sure you keep the two block rules above the allow rule or it will allow your real IP to connect, should look like this..

You can move the rules by highlighting and then move up or down on the right side of the panel.

Now click OK (bottom right)

Done! Smile

Warning! This only works for static IP address that are permanent, not dynamic or those
using public WIFI! This also does not work if using a router and need to use the
"universal" tutorial This only works going directly through the modem.
Link.. http://forum.hidemyass.com/showthread.php?tid=1462

Warning! Do not do this to HMA Pro VPN client, openvpn, DNS (ie. OpenDNSupdater)
and also System and svchost's or you will have problems!!!!! Best to control the last two
mentioned using port security. You can read more about that
here.. http://forum.hidemyass.com/showthread.php?tid=1416

To test run the VPN and then start a torrent file. Allow it to transfer to assure it's
active and choose Trackers to watch trackers for this.

Now right click HMA tray icon and choose Disconnect and you will see transfer
slow to a stop and the tracker will show this..

Note: This is related to the trackers updating so will not show refused until it
updates and changes to the above but your real IP will be blocked immediately!
You can speed this up to check by stopping and restarting torrent file or right click
torrent and choose Update Tracker.

Note: Doing the reverse, starting torrent with without VPN connection and then
connect to VPN you will see the trackers update to Working.

Check firewall and you will see this..

Note: This is after VPN is disconnected and this is mainly the DHT (I keep on) trying to find others which uTorrent will continue to do.

This is my active connection in Comodo with 2 popular torrents trying to run disconnected from VPN. My real IP is only connected to the OpenDNS Updater which is correct just as your DNS will update with real IP. I suggest adjusting to use OpenDNS instead of your ISP. To setup go here.. https://store.opendns.com/get/basic

If it isn't doing this then reread tutorial and start over.

Update: Now follow this link to learn how to quickly apply the same rules to any application in seconds.. http://forum.hidemyass.com/showthread.php?tid=1457

HideMyAss VPN