Airvpn
A VPN based on OpenVPN and operated by activists and hacktivists in defence of net neutrality, privacy and against censorship.
Contents
1 Configuring OpenVPN to connect as a client to an AirVPN server
OpenVPN describes configuration from scratch for both servers and clients, including generating keys and certificates.
If you're interested in simply getting OpenVPN to work with credentials provided by a third-party VPN service, just install the openvpn package available in the Official Repositories.
- Airvpn generates your config for you, if you have an account and are logged in. You can choose a server, port, and proxy settings, and download a zip file with certificates and settings. It was downloaded from "Access without a client" on 01.20.2012.
- You should now have an archive air.zip containing 4 files:
air.ovpn, ca.crt, user.crt, user.key
- Extract them to /etc/openvpn:
# bsdtar -C /etc/openvpn -xf ~/air.zip
- Open air.ovpn and note the lines:
ca "ca.crt"
user "user.crt"
key "user.key"
- Set permissions on the files and delete the zip:
# chmod 400 air.ovpn ca.crt user.crt user.key
# shred --remove ~/air.zip
- Point openvpn at the config file as superuser:
# openvpn --config /etc/openvpn/air.ovpn
- You should get a couple dozen verbose connection logs, hopefully ending in something like
Sat Jan 21 02:16:47 2012 Initialization Sequence Completed
I'm not sure how to start OpenVPN automatically. Perhaps putting a small script in /etc/rc.conf.d/ would be appropriate. For security's sake I don't want to guess at it, since some VPN users can't risk leaking untunnelled data. Presumably it should start before any torrent clients, irc, etc.
1.1 Troubleshooting
If you have a custom kernel, note that OpenVPN requires TUN/TAP modules enabled as described in OpenVPN. They should already work on default kernels.
I was setting this up on a virtual Arch system running in Virtualbox on a Windows 7 host machine. While testing I already had my Windows client tunnelling all traffic through my Windows AirVPN client. Trying to initialize a second tunnel from within the VM failed with an authentication failure, until I turned off the Windows client.
If the files are chmod 400, you must execute openvpn as superuser or it will fail with "Error opening configuration file."
See OpenVPN for lots more.
1.1.1 Sample configuration
Sample configuration profiles are included in /usr/share/openvpn/examples/, but here is one for reference:
############################################## ## Air VPN | https://airvpn.org | OpenVPN Client Configuration ############################################## client dev tun proto tcp remote 123.123.1.147 443 resolv-retry infinite nobind persist-key persist-tun ca "ca.crt" cert "user.crt" key "user.key" ns-cert-type server cipher AES-256-CBC comp-lzo verb 3