Get documents about "Your Freedom User Guide
Document Sample
You Fre dom
Y ur F eed m
uide
User Gu
ep Introduction and Refere
A Ste By Step I n eedom
ence Guide to Your Fre
ww.your-free
http://ww edom.net/
Version 2.0
se 010-10-08
Releas Date: 20
All trademarks used in this guide are trademarks of their respective owners and only used for
reference.
The most current version of this guide is available from our web page,
http://www.your- freedom.net/, in the Documentation section. Please check if there is a later
copy available if you encounter problems or you cannot find needed information in this copy.
This guide is © Copyright 2006-2010 by resolution Reichert Network Solutions GmbH,
Zweibrücken, Germany. All rights reserved. You are welcome to copy and distribute this guide
in both electronic and paper form as long as you distribute it as a whole and not in parts, you do
not modify it in any way, and the reference to the original location is kept intact. Please advise
all recipients that distributed copies may not be the latest version of the document, and that they
can always download the latest version from our web site.
1 INTRODUCTION ........................................................................................................................................ 5
1.1 WHAT IS YOUR FREEDOM? .................................................................................................................... 5
1.2 WHAT IS IT NOT?.................................................................................................................................... 5
1.3 WHAT CAN I USE IT FOR?........................................................................................................................ 5
1.4 HOW DOES IT WORK? ............................................................................................................................. 6
1.5 IS IT SECURE? IS IT ANONYMOUS? DOES IT COMPROMISE MY SECURITY? CAN I CATCH A VIRUS? ............... 7
1.6 WHAT DOES IT COST? ............................................................................................................................ 8
1.7 IS YOUR FREEDOM “SPYWARE” OR “ADWARE”? ...................................................................................... 8
1.8 HOW MANY SERVERS DO YOU HAVE? ARE THEY ALL THE SAME? ............................................................... 9
2 GETTING STARTED ............................................................................................................................... 10
2.1 REGISTRATION PROCESS ..................................................................................................................... 10
2.2 GETTING AND INSTALLING THE CLIENT SOFTWARE.................................................................................. 10
2.2.1 Users from countries with Internet censorship ........................................................................... 12
2.3 CONNECTING FOR THE FIRST TIME ........................................................................................................ 12
2.4 CONFIGURE APPLICATIONS ................................................................................................................... 21
2.4.1 Automatically .............................................................................................................................. 21
2.4.2 Manually ..................................................................................................................................... 22
Setting up Mozilla Firefox ................................................................................................................................ 24
Setting up Internet Explorer ............................................................................................................................ 25
2.5 MANUAL CONFIGURATION .................................................................................................................... 28
2.5.1 The Your Freedom configuration dialog..................................................................................... 28
2.6 STARTING AND STOPPING THE CONNECTION .......................................................................................... 32
2.6.1 Each user may only log in once ................................................................................................. 32
2.7 CHOOSING THE RIGHT SERVER ............................................................................................................. 33
2.7.1 Server location ........................................................................................................................... 33
2.7.2 Protocols .................................................................................................................................... 33
2.7.3 CGI relays .................................................................................................................................. 34
3 CONNECTING APPLICATIONS AND GAMES ...................................................................................... 36
3.1 INTRODUCTION .................................................................................................................................... 36
3.2 USING “SOCKSIFIERS” .......................................................................................................................... 36
3.2.1 Windows ..................................................................................................................................... 36
WideCap ......................................................................................................................................................... 36
SocksCap........................................................................................................................................................ 36
FreeCap .......................................................................................................................................................... 36
ProxyCap ........................................................................................................................................................ 37
Proxifier ........................................................................................................................................................... 37
Hummingbird Socks ........................................................................................................................................ 37
3.2.2 Linux and other Unix derivates .................................................................................................. 37
Dante .............................................................................................................................................................. 37
tsocks .............................................................................................................................................................. 37
3.2.3 Mac OS X ................................................................................................................................... 37
Proxifier ........................................................................................................................................................... 37
tsocks .............................................................................................................................................................. 37
3.3 OPENVPN SUPPORT............................................................................................................................ 37
3.3.1 Introduction ................................................................................................................................ 37
3.3.2 Prerequisites .............................................................................................................................. 37
Administrative rights ........................................................................................................................................ 38
OpenVPN needs to be installed ...................................................................................................................... 38
You don’t need a Your Freedom package, FreeFreedom will suffice.............................................................. 38
3.3.3 Configuration tasks .................................................................................................................... 38
Know your networking environment ................................................................................................................ 38
Tick the OpenVPN box.................................................................................................................................... 39
Start the Your Freedom connection ................................................................................................................ 39
Relay for others? ............................................................................................................................................. 39
What about the Windows firewall? .................................................................................................................. 39
3.3.4 Configure your applications ....................................................................................................... 40
3.3.5 Troubleshooting ......................................................................................................................... 40
The OpenVPN tunnel is not coming up properly ............................................................................................. 40
The OpenVPN tunnel opens, but then the Your Freedom connection fails ..................................................... 40
What are these 169.254.xxx.yyy addresses?.................................................................................................. 40
4 PLANS: PACKAGES AND VOUCHERS ................................................................................................ 41
4.1 FREEFREEDOM (USAGE FREE OF CHARGE)............................................................................................ 41
4.2 PACKAGES AND VOUCHERS.................................................................................................................. 42
4.2.1 Vouchers .................................................................................................................................... 43
4.3 TEST DRIVES ....................................................................................................................................... 43
5 ADVANCED TOPICS .............................................................................................................................. 44
5.1 PORT FORWARDS ................................................................................................................................ 44
5.1.1 Local port forwards..................................................................................................................... 44
5.1.2 SIP forwards............................................................................................................................... 44
5.1.3 Server port forwards................................................................................................................... 45
5.2 CONNECTION SHARING ........................................................................................................................ 46
5.2.1 Relaying ..................................................................................................................................... 46
5.2.2 USING OPENVPN and ICS to connect other PCs, Playstation, XBox, etc. .............................. 46
5.3 IPV6 ................................................................................................................................................... 46
5.4 FINE TUNING CGI MODE ....................................................................................................................... 47
APPENDIX A. TROUBLESHOOTING .................................................................................................... 49
Why does my app/game not work? ..................................................................................................... 49
Performing a speed test ...................................................................................................................... 49
Creating a “dump” file .......................................................................................................................... 50
Using a packet sniffer .......................................................................................................................... 50
Updating the client .............................................................................................................................. 50
APPENDIX B. COUNTRY INFORMATION ............................................................................................ 51
Country specific plans ......................................................................................................................... 51
Server availability by country .............................................................................................................. 52
Tweaks ................................................................................................................................................ 52
APPENDIX C. THE YOUR FREEDOM CLIENT CONFIGURATION FILE ............................................ 53
Where's my home directory? .............................................................................................................. 53
CONFIGURATION OPTIONS .......................................................................................................................... 53
ur e
You Freedom User Guide
Page 5 of 60
oduction
1 Intro n
hat ur om?
1.1 Wh is You Freedo
Internet acc
Is your I ed? me
cess somehow restricte Are som web pages not acce ou,
essible to yo or are
you unaable to run a f ictions? The Your Fre
applications because of such restri en r
eedom is for you.
Although the techniques used by Your Fre eedom to br rictions are fairly
reak through such restr
complic ot o
cated, it is no difficult to use.
eedom is a Connectiv Service that allows you to overcome conn
Your Fre vity e s nectivity resstrictions
d
imposed upon you by your net nistrators, yo provider or your country. It also
twork admin our r o
s onymization and it hid from you administr
provides a certain level of ano n, des ur rators and oother nosy
close to you what you are doing on the Inter
people c u rnet.
It works by turning your local P into a we proxy an a SOCK proxy tha can be us by
s PC eb nd KS at sed
your applications (w browse games, w
web er, whatever). In onnecting directly, appl
nstead of co lications
can sen connectio requests to these “proxy server provided by the clien part of the Your
nd on rs” nt e
Freedom software running on your PC, an the client part will then forward these reque
m nd t ests to
ver
the serv part runn y
ning on our connectivity servers th hrough a connection p at
protocol tha is still
available to you and through w which the client part can reach the server part. It tunnels through
n .
firewalls web proxi
s, oxies and th like. Soun complic
ies, FTP pro he nds cated? Well it is, but the good
e
news is you don’t h ry
have to worr about it, tthat’s our job.:-)
hat ot?
1.2 Wh is it no
Your Fre ot oftware. It d
eedom is no a VPN so ovide a con
does not pro nnection to a private network but
nternet.
to the In
eedom is no a firewal solution, it is meant to break thr
Your Fre ot ll alls, be
rough firewa not to b one. It
ot ur
does no make you PC any sa afer. But tha likely no your conc
at’s ot se e
cern becaus someone is
y g ell
probably protecting you too we anyway.
Your Fre ot ct
eedom is no a perfec anonymiz zer. The ser provide a ce
rvice does p of
ertain level o
anonym hiding your IP address. Instead, the connectio request a
mization by h on appears to ccome (in
oes
fact it do come) f from one of our connec r ses. But it c
ctivity server IP address ect
cannot prote you
from your own mist ws ations and p
takes or flaw in applica protocols.
Your Fre ot way
eedom is no in any w enhanc onnection. It does not provide dat
cing your co ta
compres ssion and it cannot spe it up in a way; in fact, there is a certain amount of o
t eed any overhead
s t
which is dependent on the con rotocol used so things will probabl run slowe not
nnectivity pr d, ly er,
faster.
hat use ?
1.3 Wh can I u it for?
eedom can be used to overcome:
Your Fre
Protocol re
P estrictions.
ot ain ons
If you canno use certa applicatio or servi se plications ca
ices becaus these app annot
connect to t Internet in the usua way, Your Freedom m be able to help you For
c the al r may e u.
ur e
You Freedom User Guide
Page 6 of 60
example, if your favorit online game does no work in yo place be
e te ot our meone
ecause som
decided tha you shouldn’t play it, then try Your-Freedom Games kn
d at m. rk
nown to wor well
include: WO
i OW, EVE, C e y
Counterstrike and many others.
Y may no use P2P protocols be
You ot ecause som meone thinks it’s illegal1? Most P2P clients
s P
work nicely with Your-F
w nd , es
Freedom, an you can even get a server port, which give you a
“high id”.
“
Blacklists.
Y may no visit certa web pages? Try You
You ot ain ur-Freedom It turns yo local PC into an
m. our
unrestricted web proxy that provides access t all web pa
u d y to re y
ages that ar generally
accessible.
a
Time restri
T ictions.
We
W have he eard from us ey r to
sers that the use Your Freedom t avoid time restriction In ns.
most cases, existing co
m are uch
onnections a not disrupted by su restrictio ons, and the erefore all
they need to do is to st the Your Freedom c
t o tart e ction is in pla
client before the restric ace, and
keep it open The conn
k n. ween the clie and the server part is persisten (this
nection betw ent nt
depends on the connec
d n col,
ction protoc however r).
ow t
1.4 Ho does it work?
ed e t
You nee to run the client part of the Your Freedom s n
software on your local PC. It is written in
nd
Java an should no thout the ne for administrator rig
ormally run on nearly every PC wit eed ghts. We
ovide installe versions that do not require Jav to be inst
also pro er va ou
talled, but yo may nee ed
adminis s hese.
strator rights to install th
ent e
The clie software then conne of ers on
ects to one o our serve through a connectio protocol t that is still
s
available to you. In most cases this will pr robably be a HTTP con nnection throough a web proxy
that you may use, o a “HTTPS or FTP co
u or S” onnection. I many pla
In may d
aces, UDP m be used as well.
In most cases all yo o s or
ou’ll need to provide is the address of a web o an FTP p proxy (and pprobably
authentication cred e take it from there and f
dentials); the client will t find a way to connect if one
o
exists.
Have a look at the picture belo The box on the left is your PC. Let’s say th restrictive firewall
ow. x he
won’t let you acces hotmail.co and you want to rea your priv
ss om u ad rom your wo
vate email fr orkplace;
fire up the Your Fre nt connect to o of our servers, configure your web
eedom clien and let it c one
browser to use it, a your web browser w be able to connect t hotmail.c
r and will to com by connnecting to
the Your Freedom client, who will forward the reques to one of our servers who will t
d sts f s, then
forward the request to the hotm
mail.com se eplies from t hotmail.
erver. The re the r
.com server will take
the sam route bac
me ckwards.
1
The pro ourse not ille
otocol is of co y we st
egal and it’s therefore silly to block it; w know bes because we had to
on
block it o some serv but s ost. gh
vers as well b it remains open on mo Your actions may be illegal thoug – Your
m
Freedom can’t do anything about this, it remains your resp ponsibility.
ur e
You Freedom User Guide
Page 7 of 60
only a very s
This is o nario but it il
simple scen llustrates that the Your Freedom c ation and
client applica
the Your Freedom server act a intermediate hops fo your appli
as or nections.
ication conn
it ? onymous? Does it comprom
1.5 Is i secure? Is it ano ? security? Can I
mise my s
catch a virus?
Connec ough Your F
cting to the Internet thro Freedom is g generally less dangerous than con nnecting
through a dial-up co As you
onnection. A long as y do not e explicitly configure a se orward,
erver port fo
no- one can connec to your PC though Y
ct om. ce
Your-Freedo But sinc you may d download d data from
the Internet that ma then be e
ay n y
executed on your PC (intentionally or unintent ause of
tionally beca
applicattion bugs) th nt s
here is a certain amoun of risk; it’s the same as if you co ugh
onnect throu any
other means to the Internet an download data from there. Howe
nd d ossible that y
ever it is po your
compan or whatev uses sophisticated protection m
ny ver s s
mechanisms (e.g. virus checking fo or
ads
downloa from se e not e d
ervers on the Internet) that we do n provide; in this case it is indeed less
hat
secure. But please consider th it is less secure bec ws o at
cause it allow you to do things tha you
would o ot o
otherwise no be able to do – the m most secure protection f e
from the dangers of the Internet
is an Air Gap, i.e.: p the plug You’ll be safe but als lonely.
r pull g. so
een
It has be said be our m
efore that Yo Freedom is not a fuull-blown anonymization service. It will
n
er ur on
howeve hide your IP address, unless you applicatio communi icates it “in-band”. Web server
b
admins will not be a
able to see where the a mes
access com from init will see
tially; they w instead s one of
our IP a But not y
addresses. B we do n take any further ano onymization measures: we do not r remove
g or
tracking cookies, no do we “w quest heade that you web brow
wash” the req ers ur wser sends.
ur e
You Freedom User Guide
Page 8 of 60
se or the ffers a level of encryptio compara
For thos looking fo privacy, t client off on ess
able to wirele LAN’s
28. not se
WEP-12 We cann really us strong en ncryption on a highly-sc
n ce as
caled servic like this a doing
CPUs of the servers too much. How
so would load the C e o u
wever if you have encrryption and re-keying
enabled no-one exc
d n will e
cept certain agencies w have the determination to see w re
what you ar doing.
gards to viru
With reg o any
uses: we do not have a virus pro otection mechanisms b built into the service
and therefore do no provide a virus pro
ot any otection2. Pl l software on your PC.
lease install anti-virus s
hat
1.6 Wh does it cost?
A funda vice is provided for free It is restric
amental serv e. dwidth and t number of
cted in band the r
neous strea
simultan ere e e the nd
ams, and the is a time limit for the connection between t client an the
ay ct
servers (but you ma reconnec immediat tely).
We prov de s
vide upgrad packages that reduc or remove the bandw
ce e tion and tha allow
width restrict at
for more simultaneo streams and there are server ports that y can use to allow inbound
e ous s, e r you e
connect other PC in y
tions to your PC or ano rk.
your networ The pack kages are a available as one
month, t hs, ths
three month six mont or twelve months up
e nd
pgrades, an come in t ent
three differe levels
that we call BasicFreedom, En om.
nhancedFreedom, and TotalFreedo As an a o
alternative to whole
es e
package there are vouchers c y our
carnets. Vouchers can be used to temporarily upgrade yo Your
Freedom account w a packa without having to p for a full month and not use pa of it.
m with age pay d arts
can nd er
Details c be foun in chapte 4 of this g guide.
Your Free
1.7 Is Y pyware” o “AdWa
edom “Sp or are”?
st hat ur o
No! Res assured th the You Freedom client does not contain any code to spy on yo or toou
any
cause a annoyan strictions of the FreeFreedom serv
nces (other than the res f are
vice, which a of
course t nvince you o the benef of buying a package The only reason why we
there to con of fits g e). y
ublish the so
don’t pu e so the and
ource code is because much of the code is als used in t server, a we
ant se we
don’t wa to expos it. Also, w don’t want to unnecessarily help those dev ocking
veloping blo
appliancces.
our
We do o best to p protect your privacy by not storing any more d
r ur
details on ou servers th han
ally ly --
technica or legall required - and perm ves
mitted. In fact, the servers themselv do not k keep any
at of o
logs tha could be o interest to anyone bu the develo
ut opers and o all
operators; a logs conta aining
user det stead kept on a server in Germany. However w will coop
tails are ins we perate with l legal
authorities to the exxtend requir to protect us from h
red ke
having to tak responsi ur
ibility for you
actions. This means that we m unveil yo account and payme details a well as th source
may our t ent as he
IP addre used to connect to our servers if we are fo
ess s orced to do so.
not t
We do n log what you access on the Int man
ternet; Germ telecom ns not
mmunication laws do n even
permit this. We do log the fact that you ha used ou service, fr
ave ur you
rom where y have log gged in to
vice, the low
our serv of
west 16 bit o IP addres
sses you hav connecte to (but no the full ad
ve ed ot ddress!)
and stat ded
tistical data about your usage need for acco d surance. This
ounting and quality ass
informat ally y s nger than 4 weeks. We do not
tion is typica held on file for only a few days and no lon
2
y entirely accur
Actually this is not e ur s or
rate. Outbound mail sent through You Freedom is scanned fo viruses.
his
We do th to avoid b f
blacklisting of our IP addre
esses, which would make it impossibl for our use to send
h e le ers
rough Your F
email thr ect
Freedom. It does not prote you, it pro s
otects others from you.
ur e
You Freedom User Guide
Page 9 of 60
s n ept stical, debug
use this information in any other way exce for statis gging and a purposes
accounting p
and for combating v f ms, equired by l
violations of these term unless re rities.
legal author
ere
Also, the is a con e rvers that allows us to s what us
ntrol console on the ser see sers are currently
but
doing (b not any c We
content). W only use t g, ata
this for troubleshooting and all da there is ttransient
and not stored anyw ou s And ve
where. The moment yo log off it’s all gone. A believe us; we hav better
me
ways to pass our tim than peeping on yo ou.
ow servers d you ha
1.8 Ho many s do they all th same?
ave? Are t he ?
This poi is subjec to change with relativ frequency At the tim of writing we have 31 servers
int ct e ve y. me g
nt able to supp basic w surfing o chatting b some
online, in 9 differen countries. All will be a port web or but
will refuse P2P con namely the o
nnections (n ones located in the United States). Some can handle
d .
more tra stics page at
affic than others. Have a look at the live statis t
http://wwww.yourfree 42/; ot p”
edom.net/14 servers that are no in the “p2p server gr t
roup are not suitable
are
for P2P applications, servers that are not in the “volume” group a not suita ge
able for larg file
rs, n et
transfer and so on – you’ll ge the drift.
Everyon may use all servers in the “defa
ne right now, a servers are in this gr
ault” group; r all roup, but
y
this may change.
ok
Also loo at the ser he he
rver load. Th higher th number, the more lo oaded the se d
erver. A load below
s ed s
40000 is considere low, loads above 125 onsidered high. We use a traffic light
5000 are co e
e
scheme to quickly i indicate the server stat A “green” light indica
te. e fine and
ates that the server is f
can acc cept your co ght
onnection. A “yellow” lig would ind the s
dicate that t server is up and run nning but
y sy
currently rather bus or already slightly ov y
verloaded and probably won’t be a able to provide the
best ser still e and
rvice to you – you are s welcome to use it, a the serv vice may sti be pretty good. A
ill
“red” light indicates that the se
s to
erver is down or otherwise unable t serve you u.
ur e
You Freedom User Guide
0
Page 10 of 60
ting Star
2 Gett rted
egistration process
2.1 Re n s
st sing our serv
Your firs step in us egister on ou web site. You need t visit
vice is to re ur to
ww.your-fre
http://ww eedom.net/ a create a account there. There is a link underneath t login
and an the
and pas m of
ssword form fields in the red part o the banne er.
On the rregistration page, choo a userna
ose ame (preferrably one that is not like already u
ely used) and
d.
provide a password Please m enough, it’s for your pro
make it long e s ot h
otection, no ours. Both
usernam and pass
me sword may contain upp percase and lowercase ASCII lette digits, dashes
d e ers,
and undderscores; o cters may w
other charac a e
work as well but it’s not a good idea to try. The only
equired field is your ema address (everything else is not mandatory; please don fill in
other re ail ; n’t
t ovide the inf
rubbish if you don’t want to pro Many of thes fields are only there because
formation. M se e e
we have taken th
en’t hem out.
Once yo everything in, click on t “Create account” bu
ou’ve filled e the will d
utton. You w be asked to
s g e
confirm your details by clicking on “Create account noow”.
Within a few minute you shou receive a email containing an activation link. If your e
es uld an email
s ed pam measures, please ensure that email sent from the “y
address is protecte by anti-sp t t your-
m.net” doma (i.e. ending in “@you
freedom ain ur-freedom. mitted befor you click on the
.net”) is perm re
ow”
“Create account no link. Act account by c
tivate your a the he
clicking on t link in th email (or
ste our ).
cut&pas it into yo browser) If you hav ed nk
ven’t receive the email or if the lin doesn’t wwork for
er
whateve reason, p o y e e
please send an email to our support staff, they can create or activate the
account for you if y send the an email to support@your-free
t you em edom.net, teelling them the
usernamme.
r s
What if you cannot access our web page because it’s blocked? W hen g
Well, it’s a h and egg problem
e an for
then. Either ask someone else to create a account f you (or d it from so do omewhere e else) and
modify it later, or ob e
btain the client software from another source than our se se
erver, and us the
usernam “unregistered” and t password “unregist
me the This accoun will only p
tered” in it. T nt provide
access to our web page, howe atively, if yo are able t send an e
ever. Alterna ou to r
email to our
custome support, a them to create an a
er ask o account for you. Just w write to suppport@your-
freedom t em, st
m.net telling them about your proble sugges a usernam (please l me limit yourself to
ASCII leetters and numbers, da ou
ashes and underscores) and a password. If yo want to re eceive
the YF c mail e mail
client by em just write a blank m to get@y your-freedo om.net; you’ll be given f further
w d.
instructions on how to proceed If all the o odds are aga nd t
ainst you an you can’t get the clie ent
e
software from anyw where else w ou
we’ll mail yo a CD as w well.
etting and installing the clie softwa
2.2 Ge d ent are
Once yo ed unt y
ou’ve create an accou you may use it to log in on our web page. T ve
This will giv you
access to the Down on ge.
nload sectio of the pag Log in, t ads” (Actuall you
then click on “Downloa ly
don’t ha to be log
ave everal ways to run the Y
gged on). There are se om
Your Freedo client, an nd
consequ e an
uently there is more tha one dow wnload option:
ur e
You Freedom User Guide
Page 11 of 60
Windows In
W nstaller
W
Windows us sers who already have a suitable J Java Runtim Environm 3 install on
me ment led
their system and who h
t m nstall softwa should b able to u this
have enough rights to in are be use
version. The download is about 2 megabyte in size. If you are unable to downlo files
v e n oad
ending in .e
e exe, try to co the link location and paste it in the URL fie of a new browser
opy n eld w
window, the change the .exe to .t
w en txt.
Windows F Installe
W Full er
This version comes bundled with a JRE of its own so the are no prerequisites Every
T n ere s.
Windows us should b able to use this one, provided th you may install soft
W ser be , hat y tware on
your PC. Th download is rather fa about 14 megabytes Again, this is an .exe file, try
y he d at, 4 s. e
changing th ending to .txt if this is a problem A benefit o this version is that it’
c he o s m. of ’s
compiled to native code and will probably con
c o e er
nsume fewe resources s.
Both Wi aller version are installed by runn
indows insta ns e ollow the ins
ning the .exe file. Just fo structions
nstaller and you should be done in a minute. O
in the in ent e
Once the clie software is installed d,
d
proceed to the “The ere’s also a specially pre-configure SESAWE version of the Window
ed E f ws
r,
Installer the Windo taller or the Mac OS X Application It can be e
ows Full Inst n. either downloaded
from htttp://www.you ur-freedom..net/sesawe or by writi a mail to get@your-
e/ ing o -freedom.ne and
et
just addding the keyw we"
word "sesaw to the s subject line.
Sesawe acco
Both the S ed
ount and the preconfigure Sesawe Y m only work
Your Freedom client will o
from coun
YOUR CO
ntries suppor
he
country th YF client w produce a message s
esawe projec If you try t use this ac
rted by the Se
will
F
OUNTRY OF RESIDENC CE”
ct.
saying “AUTH
to ccount from a
ON
HENTICATIO NOT VAL FOR
another
LID
Connec
cting for the first time” section unterhalb.
If you ar not running Windows or if you c
re all on ,
cannot insta software o your PC, your best c choice is
a
the Java archive v wnload the Z file and extract the contents in a folder t which
version. Dow ZIP nto to
y s o ory r , y.
you may write. This could also be a memo stick, or a CDROM, by the way Then run the Java
ar” h enough if yo double-cl
interpreter with the “freedom.ja file. With Windows it’s usually e ou lick on the
e,
JAR file but you may want to o d” ”
open a “cmd window instead, “cd” to the dire un
ectory and ru “javaw
edom.jar” instead. On U
–jar free Unix boxes y ally va
you’d norma use “jav –jar freed “kaffe –jar
dom.jar” or “
freedom mething similar; Unix us
m.jar” or som sers normally know.
o ac
We also offer a Ma OSX inst on.
taller versio Even tho ough Mac OOSX editions often ship with a
s
alled JRE, t
pre-insta ersions like Leopard tha ship with JRE 5 whic is no long
there are ve at ch ger
ed may o E
supporte so you m need to install JRE 6 manually y.
The YF cl ns 6, 5. oes with
lient only run with Java 6 not Java 5 Leopard do not ship w Java 6 b you can but
m com/java/dow
get it from http://developer.apple.c wnload/ (down for
nload "Java f Mac OS X 10.5
Update (w whatever)"). O Java 5 is still activated by default. The installer we
Once you've installed it, J y e
3
va
The Jav Runtime E t to ant
Environment is required t be complia to Java 1.6 or newer. If in doubt, v visit
va.sun.com/, click on “Jav SE” in the “Popular Downloads” sec
http://jav va right hand sid of the
ction on the r de
screen, t ad
then downloa the “JRE” or a “JDK” (w ”) C.
which contains the “JRE” and install it on your PC Sun
provides these downloads for free but please have a look at their licen terms.
s e, e k nse
ur e
You Freedom User Guide
2
Page 12 of 60
hould be able to automat
provide sh e e ersion is taken; if that doe
tically ensure the right ve esn't work try
to change the default: Open Finde go to Applications, Utili
e er, ities, Java, ru "Java Preferences".
un
the
Move "Java SE 6" to t top for appplications.
Generally, the Java archive ve
a e dom client s
ersion of the Your Freed on
should run o every computer
that has a suitable JRE – and enough me
s emory. We lo to hear from you if you’ve man
ove naged to
n piece of har
run it on an exotic p n al
rdware (or in an unusua place)!
sers from c
2.2.1 Us with Interne censorsh
countries w et hip
eedom is in partnership with Sesa
Your Fre n p awe, an inter
rnational pro ated to educ
oject dedica cate and
eople from a countries techniques to circumv
bring pe all s s vent censors ship.
sult
As a res we crea ated an acco we”
ount “sesaw with pas ssword “sesawe” with some specia al
characte ailable exclu
eristics and made it ava hose people in countrie the Sesaw
usively to th e es we
alliance considers aapply more censorship on their citi ities in the Internet.
izen’s activi
There’s also a spec onfigured SE
cially pre-co ESAWE ver rsion of the Windows In
nstaller, the Windows
Full Inst either downl
taller or the Mac OS X Application. It can be e m
loaded from http://wwww.your-
freedomm.net/sesaw or by writing a mail t get@your-freedom.n and just adding the keyword
we/ to net
e"
"sesawe to the sub bject line.
Sesawe acco
Both the S ed
ount and the preconfigure Sesawe Y m only work
Your Freedom client will o
from coun
YOUR CO
ntries suppor
he
country th YF client w produce a message s
esawe projec If you try t use this ac
rted by the Se
will
F
OUNTRY OF RESIDENC CE”
ct.
saying “AUTH
to ccount from a
ON
HENTICATIO NOT VAL FOR
another
LID
onnecting for the fi
2.3 Co g irst time
you e
When y start the Your Freed
dom client a
application f the first t
for time, you’ll b asked fo your
be or
ed e.
preferre language
ou he e
After yo choose th language of your pre eference a “
“Wizard” wil show up. I safe not to use it
ll It’s t
er red
and ente all requir informat u e, try
tion manually, but if you are unsure give it a t first. Mannual
configurration may b required in difficult c
be scenarios; p
connection s please refer to chapter 2.5 on
r
8
page 28 for details..
that you are using the w
Now let’s assume t e ent me
wizard. It will first prese a Welcom page:
ur e
You Freedom User Guide
3
Page 13 of 60
Do as y are told and click on the “Next” button. You see this page:
you n ” u’ll
If your Internet connection is th eb nter ails sure, try
hrough a we proxy, en the deta here. If you are uns
“Next” first.
to click “
ur e
You Freedom User Guide
4
Page 14 of 60
You’ll fin a Window asking yo to select which proto
nd w ou e F
ocols will be used to connect to YF servers.
d he
Selected protocols will affect th way the Wizard che ecks reachab vers. If you a
bility of serv are
unsure, leave the d
default selec “Next”:
ction. Click “
ur e
You Freedom User Guide
5
Page 15 of 60
u empty list of available s
If all you get is an e f servers like this:
ed out our
you nee to figure o about yo web pro (or confi
oxy igure everyt ally, e.g. if y want
thing manua you
an
to use a FTP proxxy!).
et ever,
If you ge this howe
then you n details prop
u’ve filled in the proxy d u uthenticate o the proxy. Click
perly but you need to au on
on “Nexxt”…
ur e
You Freedom User Guide
6
Page 16 of 60
fill
… and f in suitable login cred many cases this will be your Windo
dentials. In m s e ows Domain login
orget to fill in the domai as well!). Just try unt it works, y can clic “Next” to try.
(don’t fo n in til you ck
ee e:
If you se this page
s have not pro
it means that you h on. n d
ovided a working proxy configuratio Click on “Back” and modify
the host ddress and/ the port s
tname/IP ad /or ny ort 0
setting. Man proxies “listen” on po 80, 8080 or 3128,
e
to name the most p ts.
popular port Check yo web bro
our owser’s conf t able to
figuration; it should be a
tell you.
Oh by th way, if yo find that the wizard has the pro details a
he ou oxy d s
already filled in, then it’s not
magic – it just found them in yo PC’s reg
our probably has made life easier for you.
gistry and p s
ur e
You Freedom User Guide
7
Page 17 of 60
ssume you’v been able to make it work. (If no please ask a knowle
Let’s as ve e t ot, n
edge person around
you how you can use the web proxy, or try a manual configuratio It worke if you see
w y on). ed e
ing :
somethi like this:
ortant that y see a “y
It’s impo you yes” or a nummber in any of the colu
y umns HTTP, HTTPS, FT or
, TP
ns
UDP. A “yes” mean that the c een
client has be able to use this pro nnect to the server
otocol to con e
using th default po settings, a number w
he ort n to but
would mean that it has been able t connect b on a
t ns
different port, and a “no” mean that the p uld sed
protocol cou not be us to connect to this s server.
The results are sor erence (a nu
rted by prefe umber betw 10);
ween 0 and 1 it indica ell
ates how we the
server fits your requ ose er, k
uirements (if you’ve set any). Choo a serve then click on “Next”.
ur e
You Freedom User Guide
8
Page 18 of 60
r sername an password it’s the sa
On this page, enter your Your Freedom us nd d; ed
ame you use to
ad t web
downloa the client from our w page. C xt”.
Click on “Nex
s ne ck e The window of the Your Free
It seems you’re don now! Clic on “Save and Exit”. T main w edom
hould now lo like this
client sh ook s:
ur e
You Freedom User Guide
9
Page 19 of 60
at ’t
Note tha the client just doesn’ know anyt and
thing about the server a your ac ofile
ccount’s pro
before yyou’ve conn e at’s me
nected to the server, tha why som of the va alues seem to be someewhat odd
ng
(includin the band ed
dwidth – it’s not unlimite unless yo ou’ve bough a package Click on “Start
ht e).
connect ou ee ng
tion” and yo should se somethin like this a seconds:
after a few s
at etails are now filled in, a the bandwidth read “64.0k”. T
Note tha all the de w and ds That’s kilobits, about
ed DN
the spee of an ISD connect -speed mod
tion or a bit faster than with a high- dem. Click oon
nt
“Accoun Profile” noow.
ur e
You Freedom User Guide
0
Page 20 of 60
nel s unt
This pan contains your accou details. Without a p use
package, you may not u any spe ecial
efault ones), your bandw
servers (just the de , width is limited, your m
maximum number of
simultan
neous strea our
ams is rather low and yo server c will
connection w be termi inated after 60
s may ect
minutes (but you m reconne when it h happens). N server po are assi
No orts u
igned to you so none
ded t, no
of them are forward to you. But at least there are n access r restrictions; you may ac ccess
everythi on the In
ing nternet4.
e ure
OK, time to configu your app Please refer to chapter 2 on page 21 to learn how to
plications. P 2.4 e n
ve b o
do this. Once you’v set up at least a web browser to use Your F e ective
Freedom the main obje
be : d e
should b reached: you should be able to access the web freely!
sion of the YF client you’r using to co
If the vers F re onnect is too outdated you may see a message
e too s e t ersion as
saying the *client [is] t old*. This means you must update to the latest YF client ve
not d The d
yours is n supported anymore. T preferred method wou be to dowuld wnload the most recent
one, uninstall the old v install the new one.
version and i w
4
there are som restriction but you ca see them They are o
In fact t me ns an’t m. protect our servers and
only there to p
y.
won’t get in your way Promise!
ur e
You Freedom User Guide
Page 21 of 60
onfigure a
2.4 Co ons
applicatio
utomaticall
2.4.1 Au ly
ws n ck Applications” tab and se something like this:
Window users can simply clic on the “A ” ee
lications wh
This is a list of appl hose configu n ed
urations can be modifie automatic ur
cally by You
m. s
Freedom The ones that are in nstalled on y
your system have work
m oxes, the ot
king checkbo ther ones
yed you
are grey out. Tick the ones y wish to use with Yo m, u’ll
our-Freedom then click “OK”. You see
ing
somethi like this: :
ssful! Then c
Hope it’s all succes To s ion
click “OK”. T restore the previous configurati of your
applicat se ”,
tions, choos “Restore” and then t tick the one you would like to restore, and click “OK”.
es d
at ons
Note tha applicatio that you u’ve configured to use YYour Freedo will only work prope if the
om erly
Your Freeedom conn he s
nection to th server is up and run t
nning. Also, don’t forget to restore all your
s
settings before de-iinstalling the Your Free edom client!!
ur e
You Freedom User Guide
2
Page 22 of 60
pplications, h
To manually configure your ap k
have a look at the Ports tab first:
e 4/5” Web
Note the “SOCKS 4 and “W Proxy” c s; you
checkmarks this tells y that your local PC is nows
as
acting a a SOCKS on 0 Web 80.
S4/5 proxy o port 1080 and as a W Proxy on port 808 To chang these ge
service, then modify the port, then re-activate (this can be done on-th
values, untick the s n e e he-fly!).
s
Everything below is pretty sophisticated stuff and cer imed at first time users and will
rtainly not ai t s,
be cove pter
ered in chap 5.
If for some reason you cannot configure y ations from w
your applica our m
within the Yo Freedom client,
you nee to manua configur them to use web proxy “localhos on port “8
ed ally re st” OCKS
8080” or SO
proxy “lo n 0” oice, use SO
ocalhost” on port “1080 (if you’ve got the cho on se
OCKS versio 5). Pleas refer to
the application’s do on
ocumentatio to learn h his ho
how to do th (or ask someone wh knows – w we’ve got
some ex xamples in the FAQ/Do section of our web page http://
ocu /www.your-f freedom.net/ as
well).
OpenVP support is not enabled by defau – please see chapte 3.3 on pa 37.
PN ult e er age
anually
2.4.2 Ma
Of cours we cannot provide d
se nfiguration g
detailed con ns
guides for all application that can be used
ur m.
with You Freedom There are basically only 4 ways how applica ations are m rk
made to wor over
eedom:
Your Fre
1) By configuring them to use a web proxy. Appl at g
lications tha offer you to run using a web
proxy need to be set up to use you local PC (the hostna
p p ur P
ame is “localhost”, the IP
address is “
a 80 proxy and ev
“127.0.0.1”) on port 808 as web p hould be fine.
verything sh
2) By configuring them to use a SOC xy. fer un
CKS4/5 prox Applications that off you to ru using a
SOCKS pro need to be set up to use your local PC (ag
S oxy o localhost”
gain, the hostname is “l
and
a the IP a 80 KS his
address is “127.0.0.1”) on port 108 as SOCK proxy. Th is prefer rable over
ur e
You Freedom User Guide
3
Page 23 of 60
the oxy
t web pro configur u’ve got the choice) but both will no
ration (if you t ormally do. Use
SOCKS5 if you can. If it doesn’t w
S work (some a s gy
applications have bugg SOCKS
implementa
i ations) try SOOCKS4.
3) By using a “ g” on ur on
“socksifying applicatio to run you applicatio from. Many applicati ions are
n designe with your networking problems i mind and do not offe to run usin a web
not ed r g in er ng
or
o SOCKS p y
proxy. Many of them w work well with Your Free edom if you run them frrom inside
a “socksifier”. That’s an application that foists a modified winsock DL to the ap
n n LL pplication
which redire
w work reques to a SOC
ects all netw sts CKS proxy, in this case to the Your r
Freedom client. Examp h
ples for such applications under W Windows are: SocksCap p,
ProxyCap a FreeCap. They are covered in chapter 3.2 on page 36. Using a
and e 2
“socksifier” might also be an option if you can
“ n nnot configure your app g.
plication, e.g
because yo don’t have administra
b ou ative rights. It’s tricky h override existing
however to o
proxy config
p gurations this way.
utbound and inbound po forwards If your application on needs to access
4) By using ou d ort s. nly
one lar ia
o particul server vi a TCP co onnection on a particula port, it’s p
n ar probably moost
convenient if you creat a mirror im
c te s our ur
mage of this port on yo PC, and access you local
PC on the m nstead. Sim
mirror port in can t
milarly, you c create a mirror image of a port on your
PC on our sservers and make it acc others on th Internet5. This is cov
cessible to o he vered in
chapter 5.1 on page 44
c 4.
5
Your ac e ermit this. Cu
ccount profile needs to pe TotalFreedom packages c redirect
urrently, only owners of T m can
orts
server po to their loocal PC.
ur e
You Freedom User Guide
4
Page 24 of 60
g a
Setting up Mozilla Firefox
use d should be ju fine.
All web browsers support the u of web proxies, and option 1) s ust
Click on “Tools”, “O
n hoose the “A
Options”. Ch panel. Then click on the “Network” tab. The
Advanced” p e
ration windo
configur ke
ows should now look lik this:
ur e
You Freedom User Guide
5
Page 25 of 60
ck ngs”
Now clic on “Settin
s
Fill in the values as shown (ma e ou
aking a note of the original values so you can revert to yo
s
previous configurat ou
tion when yo are not uusing Your F Freedom), tthen click OK in both windows.
he
Firefox now uses th Your Fre eedom connection.
g et
Setting up Interne Explorer
Like all browsers, IE supports proxies dire s s figuration is actually
ectly. What’s more, IE’s proxy conf
shared by many oth applicat
her tions as welll.
Select “Tools”, “Inte ns”. lick on the “Connection tab. You’ll see some
ernet Option Then cl ns” ething like
this:
ur e
You Freedom User Guide
6
Page 26 of 60
If you ar using a L
re LAN connec on se
ction, click o “LAN Settings”, otherwise choos the connection
e t rnet and clic on “Settin
you use to connect to the Inter ck ngs”. A wind will
dow similar to this one w open:
ur e
You Freedom User Guide
7
Page 27 of 60
e es ver” and for “bypass pro server f local add
Tick the checkboxe for “Use a proxy serv r oxy for dresses”.
ick
Then cli on “Advaanced”. Ano w
other window will open::
ur e
You Freedom User Guide
8
Page 28 of 60
s hen K”
Fill in the values as shown. Th click “OK in all the windows. Innternet Explorer now uses the
Your Fre eedom conn d ently only wo
nection (and conseque orks when the connecti is up).
ion
We reco ou original settin that allo
ommend yo make a note of the o ngs revert them when
ows you to r
Your Freedo
you are not using Y om.
anual Con
2.5 Ma on
nfiguratio
Most op be ”
ptions can b configured using the “Configure” dialog ava ailable from the Status t
tab, but a
few are only availab via the c
ble advise that y avoid m
configuration file. We a you messing with the
configur nless you ar advised b us or thin you know what you a doing.
ration file un re by nk w are
he eedom con
2.5.1 Th Your Fre nfiguration dialog
he tab our m en dialog window like
Go to th “Status” t of the Yo Freedom client, the click “Configure”. A d
ould open up
this sho p:
“Server Con
On the “ e
nnection” tab, configure the Your F or
Freedom server name o IP addres ss
(several names or IPs can be separated b semicolo – but no a
by on paces!). Select the
additional sp
connect ol
tion protoco from the p ort y
pull-down menu, and the default po should automatically appear
e
(change if necessaary). Or use the wizard t see your server conn
to nection optiions and let the client
ay
choose the best wa (but conf roxy settings first!).
figure the pr s
elect the con
Also, se nnection opt tions as well. For most people the last three s cked, and
should be tic
ght
you mig want to t using DNS” as well if yo only wan to try know IP addre
tick “Avoid u ou nt wn esses for
the YF sservers and not ask your local DNS server. At this time it is not nece
d S t t isable
essarily advi
you enaable the “Automatically select best server” option, unless you know th you can use all
hat n
vers. We are working to improve th and in fa much of it is already implemented. Stay
the serv e o his, act f y
tuned.
ur e
You Freedom User Guide
9
Page 29 of 60
art ed” s
The “Sta minimize option is only availa able under W
Windows. W ed, nt
When checke the clien will
pear in the s
only app y ed. ght
system tray when starte You mig want to c Automatically
configure “A
t ” se
connect on startup” as well and maybe us the “Auto u ws.
ostart” menu of Window Just a su uggestion.
Account” ta you’ll see this:
If you click on the “A ab, e
Fill in yo Your Fre
our eedom userrname and p password, a choose a different language if you like.
and
Many te exts and me n guages and it may be easier if you change
essages are available in other lang
the setti e the change effec
ing. Note that you have to restart t client to make the c you
ctive when y are
all done e.
ur e
You Freedom User Guide
0
Page 30 of 60
an e t
There’s a lot you ca configure here. You might want to use the wizard to co web
onfigure a w proxy
but you don’t have to, there’s n much difference but the client w check if your setting appear
not will f gs
to be co u
orrect. If you know the d details, just fill them in. You’ll probably need to configure the
o
s e
address (host name or IP addr ress) and th port. If yo need to a
he ou e b
authenticate on the web proxy,
fill in use d d
ername and password as well, and if it’s an N NTLM authenticated pro add the windows
oxy
domain name as w case, usern
well. (In this c name, passw word and do probably the same
omain are p e
values t e o
that you use to log in to your PC!)
ntend to use the FTP co
If you in e method and you cannot directly FTP to servers on the
onnection m P s
Internet there may be an “FTP proxy” on your netwo (Don’t bo
t, y P ork. nfigure anything if
other to con
n p” d ill 21,
you can use the “ftp command line tool!) The port wi likely be 2 but you’ll need the hhostname
P as k
or the IP address a well – ask someone who knows, there are l e
legitimate needs to use FTP
outside web browse ers.
The most common connection scenarios a also cov
n are e
vered by the Wizard av vailable thro ough the
button o the bottom – it’s the same that i run when you start th client for the first tim and it’s
on is he me
ed
describe in detail in chapter 0 on page 12.
you e, Save and E
When y are done click on “S ges, or on “C
Exit” to save your chang abort
Cancel” to a
them.
g
So much for setting up the con ou ow p
nnection. Yo should no be able to start it up from the SStatus
panel. T connect
The or
tion indicato (the door) should ope a questi mark sh
) en, ion ar
hould appea while
nd
client an server ne egotiate, an disappear after a few seconds. If it doesn’t disappear, your
nd w
connect s k.
tion settings don’t work Have a loo at the “M
ok panel. If you can’t get th
Messages” p u he
connect tion to work, check out chapter Appendix A to see how yo can help us to help you.
o ou p
ou
Once yo are conn ck
nected, chec out your c he t
connection profile by clicking on th “Account Profile”
hould look s
tab. It sh somewhat ssimilar to this:
ur e
You Freedom User Guide
Page 31 of 60
ings in here should be fairly self-ex
Most thi e ybe ver
xplanatory, except may for “serv groups” and
e
“remote port forwarrds”.
he f may ct.
“Server groups” will indicate th groups of servers to which you m connec Multiple p permitted
groups a separat by comm Everyon will have the “defaul server gro on their profile,
are ted ma. ne e lt” oup
g may ct
meaning that you m connec to every Y om lt”
Your Freedo server in the “defaul group (at the time
rs s t change). Some account have add
of writing, all server are in this group, but this may c ts ditional
server g eir
groups in the profile, ddepending o bought pa
on all” show up in c
ackages. “a will not s customer
profiles..
profile has a server p
If your p any n te warded”
ports assigned, they will show up in the “remot ports forw
e
line. The numbers t there mean that these ports on the Your Free
e r warded to
edom server will be forw
your PC when you are connec
C ou rt
cted, and yo may use them in the “server por forwards”
configurration (see bbelow).
ur e
You Freedom User Guide
2
Page 32 of 60
ons can
All optio in here c be chan the
nged while t connect e ave
tion is active and will ha immediate effect.
wish to modif the local ports on wh
If you w fy C
hich your PC becomes a web or SO OCKS proxy,
uncheck the service first, then change the port number, and tick the box aga If you w
k e e ain. would like
C
your PC to accept r om
requests fro other PC on the loc network and forwar them thro
Cs cal k rd ough your
Your Fre eedom conn k y
nection, tick the “Relay for others” box. Note t l an
that this will only have a effect
profile permi it (check the “Relayi permitte line in the “Account Profile” pan as
if your p its ing ed” nel
shown a above).
arting and stoppin the con
2.6 Sta d ng nnection
ach may g
2.6.1 Ea user m only log in once
user can only log in from one PC a the same time. If you try to log in using
That’s right. Each u m at n
the sam user acco
me ount from an or nstance of t client, th previous session
nother PC o another in the he
erminated. This means that you w always be able to log in, but so will everyon else
will be te s will e g ne
who kno ows your de will
etails – and he or she w kick you off. The ser o r,
rvers talk to each other it
doesn’t help to just use different servers.
We know that the FTP connection code contain a bug that can be trigg
connectio and re-ope it immedia
your sess
on
sion has been terminated. Just wait a few minutes before recon
client and start it again6.
d
P
en
n
n
ns
ately thereaft You'll be told that it’s a duplicate lo
ter.
t gered if you c
close the
nnecting, or c
ogin and that
close the
t
6
s this, we would have done it already.
If it was easy to fix t e
ur e
You Freedom User Guide
3
Page 33 of 60
hoosing th right s
2.7 Ch he server
erver locati
2.7.1 Se ion
uld be the nt o rs
The YF server shou ideally b close to t YF clien or close to the server you intend to use d
through YF. Just th ers
hink about it as a triangle: the corne are your PC, the se e
ervice on the
Internet and the YF server on top. The m
t, F ngle looks li a straigh line betwe you
more the trian ike ht een
e. etter.
and the service (i.e the flatter it is), the be
Let me g n e ou g
give you an example. If you are located in the US and the service yo are using (let’s
g
say you are playing an online g so ed, will
game) is als US base a server in Europe w probably be a bady
choice. The laws of physics make it impos
f formation to travel faste than the speed of
ssible for inf o er
light7 an putting 20
nd 0.000 kilometers of add es between you and the service will
ditional wire or fibres b
e
increase latency.
al YF hat to
It is idea to use a Y server th is close t yourself. Why? Beca ause you’d n se
normally us more
e et
than one server on the Interne and you c cannot find a YF server that is topo ose
ologically clo to all
of them, but you ma be able t find one t
ay to e n hand, for applications
that is close to you. On the other h
that don care too m
n’t much about latency (lik large file transfers) the server’s location is
t ke
ary.
seconda Try the different se e e r
ervers to see which one is good for you.
The YF client will te you wher the serve is located when you a connect (and als in the
ell re er are ted so
connect
tion wizard). Unfortunattely we don’t have man servers o
ny ope, simply because
outside Euro
they are una
a) t d dwidth dedic
affordable – unmetered high-band rs y
cated server are vastly
expensive in most plac outside Europe.
e ces
the rs
b) t provider are too re estrictive in what you m do with the servers and what n – we
may s not
are d
a sick and tired of en ndless and f cussions wit US based providers and
fruitless disc th d
explaining t
e their droid staff what we do and wh we don’t do, and wh it’s not illegal, and
e hat t hy
w it’s rubbish that the server’s IP appeared in a medias
why e P il.
sentry emai
now about g
If you kn good providers we wou like to he from you But pleas consider that an
uld ear u! se
average Your Freedom server generates between 2 and 8 terab
e r fic th
bytes of traff per mont and
needs a least 1 GB of RAM an a decent CPU. And it should co
at B nd t ome with De ebian Linux.
rotocols
2.7.2 Pr
Not all o servers permit8 all p
our Some providers (you go it – they are US base place
protocols. S ot ed)
s ery y at e
protocol restrictions on us and are having kittens eve time they believe tha they have spotted
somethi ing, and what’s even w
worse, they w won’t listen to any argu if
uments. So i we want s servers
there (a we do, to provide a good, responsive serv
and e o we
vice to those of you who need it!) w need
ct
to restric some pro hem.
otocols on th
application d
If your a k ould expect, have a loo at the message window of the
doesn’t work as you wo , ok
nt.
YF clien Are you s ut
seeing messages abou a denied p protocol? It means that you’ll have to use a
t e
t
different server.
7
ntirely correct but it is for the Internet.
I know this is not en t,
8
vers allow all connection m
All serv models; this is not about how you con e dom client
nnect with the Your Freed
our
to the Yo Freedom server, but w what you do through the c connection.
ur e
You Freedom User Guide
4
Page 34 of 60
g, ver pe er f orried about protocol
Generally speaking use a serv in Europ wheneve you can if you are wo t
ons.
restrictio
s
There is one restric pplies to all s
ction that ap servers: SM ote
MTP to remo servers is not permitted.
,
Instead, all SMTP c s
connections are redirec ers
cted to one of our serve where submitted em is mail
d s M
checked for viruses and SPAM content be assed on. This is only im
efore it is pa your mail
mportant if y
applicat onnect to a s
tion must co specific mail relay – no on’t
ormally it wo be a pro ,
oblem. Also, we have
ve
extensiv protection mechanis t he be
sms against spamming built into th servers – you won’t b able to
re
rapid-fir deliver em our m. l
mails via Yo Freedom A normal user won’t notice at all but for spa ammers
ain
it’s a pa in the backside.
GI
2.7.3 CG relays
GI
The CG connection method adheres so m much to the standards t ol
that it does not only foo proxies,
enables us to put an inte
it also e o CGI n-
ermediate C script in between. Yes, that’s right, there is a
simple P PHP script t that people can put on any web se control, that can in turn provide
ervers they c t n
a Your F Freedom co o
onnection to those who don’t have access any ny
ymore to an of our ser rvers. Our
idea is tthat it’s fairly simple to block all our IP address as they pop up bec
y ses y cause we ca annot
have ne ones eve day, but it won’t be possible to do somethi about th
ew ery ing f
housands of new
URLs ev very day tha haven’t g anything in common
at got n.
It is quit obvious w people would like t use such a “CGI rela – becaus they have to.
te why to ay” se e
s
There is no other re sly,
eason because obvious this met as as
thod is not a fast and interactive a the
other co onnection m t ’re te
methods. But when you’ desperat and no ot ther way of connecting is left, it’s
han
better th nothing. But why w e r rs
would people put the script on their web server when all they get
c?
for it is a lot of additional traffic
We have thought o setting up a rewarding scheme th allows p
of g hat arn
people to ea bonus po oints that
n e
they can then trade in for pack we
kages, but w haven’t im d
mplemented it yet. We soon will w when we
feeling that our users w
get the f d
would actually like it and provide re e
elays. So tell us! But be aware
ch
that suc a relay co create hund
ould easily c dreds of giga affic per mo
abytes of tra at
onth, and tha your
r
provider probably d ual
doesn’t like it if you run it on a virtu server.
So how do you use such a CG relay? You need to know the “UR I put it in double quotes
e GI RL”.
e
because you don’t need a full- RL ed er d
-fledged UR – you nee the serve name and the URI. F For
e,
example if the script could be accessed in a web bro owser using the URL
ome.server.s
http://so somewhere e/some/path h/script.php, the CGI relay would be called
some.se erver.somewwhere/some e/path/script.php in You Freedom. Simply use it as the s
ur e server
name, c choose CGI as the conn del,
nection mod and disable automatic server s selection.
ur e
You Freedom User Guide
5
Page 35 of 60
w
And how do you kn now about th entirely. We won’t publish any
hese? Well, that’s another matter e e
d u r.
lists and we would ask that you do neither Why? Bec cause we don’t want thhese lists to simply
get impo URL blacklist But the Y client wil soon learn how to find the relays No, we
orted into U ts. YF ll n d s.
ay ure
won’t sa how, figu it out. :-)
If you wwould like to set up such a CGI rela you can download th script at http://www.
h ay, he .your-
freedom m.net/ems-dist/enduring g_freedom.p ME e
php-RENAM . Have a look at the first lines – you
need to choose which server y would like to relay t and put th server’s name in. Sa it
you to he ave
under an inconspic cuous name (use the rig ending if you have t Then te it please (use your
ght to). est
web bro e t
owser – you should see a long text page with loads of gar n’t at’s
rbage – don worry, tha fine).
ks, eb
If it work register it on our we page (htt Our will
tp://www.your-freedom.net/156/). O scripts w test it
automat tically and if it works they will add it to the database and make sure t
f that clients can find it
s
(it takes a while thoough, don’t e nts
expect clien using it immediately y).
u
Btw. you are welco ys
ome to set up CGI relay for your o al as u
own persona use only a well, you don’t
em. ers sh if
have to register the Feel free to tell othe about it, and publis the URL i you like. JJust if you
decide t register it don’t publish it. If you have befor simply ch
to t, u re, name or the path or
hange the n e
set up a copy. Do that frequen ! ery ies me hey
ntly, it helps! Remove ve old copi from tim to time, th get
unregisttered on our web page automatica (but you can do so as well).
ally
ur e
You Freedom User Guide
6
Page 36 of 60
nnecting applications and games
3 Con d
troduction
3.1 Int n
om rs, e at fit ur
Apart fro browser there are many applications tha can benef from You Freedom and
t rnet. From t
connect to the Inter ents, chat an instant m
terminal clie nd messengers (like GTalk Pandion
k,
oo
or Yaho Messenger), P2P tec chnologies (like BitTorr mes
rent), to gam can be configured to
t eedom.
connect via your-fre
apter covers some concepts neces
This cha s ake rticular application work
ssary to ma your par k.
For more specific tech
on page 4
44
hniques like local and serv port forw
rver wards see cha rt
apter 5.1 Por Forwards
sing “sock
3.2 Us ksifiers”
If your p pplication do not support the use of web or SOCKS pro
particular ap oes e oxies, it still doesn’t
hat t our m.
mean th it cannot run with Yo Freedom Since the Your Free e edom client is a full- bloown
S s fy”
SOCKS server, all you need is to “socksif your app ere eral
plication. The are seve ways to do this,o
em y
all of the basically use a feat dynamic link library preloading. Sin people hate re-
ture called d k nce
e de
inventing the wheel they came up with cod libraries that get dyn nked to the
namically lin
applicat tion at execu Like every o
ution time. L other operat ting system, Windows, Linux, Mac cOS etc.
ship with such libra ne
aries, and on particular of them of rking functio
ffers networ st
ons. The firs time
such a f referred to b the applic
function is r by ibrary autom
cation, the li matically get loaded – but only
ts
n’t the xt The to
if it hasn been loaded within t application’s contex already! T trick is t make sur that the re
has ed e d
library h already been loade before the application starts – but a hacked version of it. One
that kno ows what to do with a S SOCKS serv ver.
Windows
3.2.1 W
are ocksification tools on the market; he are som examples
There a many so e ere me s:
ap
WideCa
ap
WideCa is a free s hat es
socksifier th integrate with the system netw and ot
work stack a does no rely on
ry e
pre- loading a librar like some other sock works with m
ksifiers. It w s cations
many games and applic
that can ed
nnot be use with sock ksifiers like S
SocksCap a ap. w well
and FreeCa We know it works w with
Steam p powered ga ames.
Cap
SocksC
ocksifier free for non-co
This is a popular so e home use. Y must go
ommercial h You f
oogle for it if you
want to download itt.
FreeCap
FreeCap is, as the name sugg are
gests, freewa and is a r from the pro
available for download f oject's
age
home pa at http:/ cap.ru/eng/. There is also additiona documen
//www.freec al e
ntation there but its
ur e
You Freedom User Guide
7
Page 37 of 60
h edom is simp enough. We like this best beca
use with Your Free ple . e to
ause it's free and easy t use,
gh y l)
and it's good enoug for many (but not all applications.
Cap
ProxyC
mercial product. Have a look at http
A comm s.netwu.com
p://proxylabs m/.
er
Proxifie
very clever p
Proxifier is also a v tware. Testing for 31 da is free, a license co
piece of soft ays osts USD
40. Plus it's also av ut
vailable for Mac OS X. Check it ou on the Pro e
oxifier home page.
ingbird Soc
Hummi cks
mmingbird s
The Hum suite contains a socksif as well. It can be fo
fier ound on the Hummingb web
bird
site.
ther Unix derivates
3.2.2 Linux and ot
Dante
s cto d
Dante is the de-fac standard in the Unix
x/Linux world It's free. D
d. Download a om
available fro
ww.inet.no/d
http://ww ny tributions co
dante/. Man Linux dist ante-client” p
ontain a “da package. Once
d, d
installed you would normally h
have to conf
figure /etc/d
dante.conf to redirect tr
o priately to
raffic approp
cal he y” un
your loc SOCKS server, and then use th “socksify script to ru applicatio ons.
tsocks
s Unix/Linux w
tsocks is another U fication too also free. It can be fo
world socksif ol, urceforge.
ound on Sou
s as
There is a Mac OS X version a well.
ac
3.2.3 Ma OS X
Proxifieer
ailable for M
Proxifier is also ava MacOSX.
tsocks
out rums.macos
Check o http://for m/archive/ind
sxhints.com 5338.html fo hints about tsocks
dex.php/t-55 or
OSX.
for MacO
penVPN s
3.3 Op support
3.3.1 Introduction
s ay
There is another wa to make your applic cations conn nternet through Your Freedom
nect to the In
o
without the need to configure t y ll d s
them in any way! This is pretty wel tested and so far has proven
to be alm us fier s.
most bullet proof versu its socksif cousins In theory e cation that w
every applic works
behind a DSL or ca also should work well th
able router a hough Open nVPN mode e.
rerequisites
3.3.2 Pr s
The Ope y
enVPN way unfortunat
tely has a fe prerequis
ew ou meet for it to work on
sites that yo need to m o
C:
your PC
ur e
You Freedom User Guide
8
Page 38 of 60
istrative rig
Admini ghts
There’s no way aro PN eed
ound it: you need to be able to install OpenVP and use it, so you ne
adminis ts
strative right (on Unix llike systems you need to be able to install the OpenVPN binary
s: e N
oot
setuid ro in your p ypical compa PCs with domain lo
path). On ty any on’t
ogin you wo have
adminis ts.
strative right
sta, o
With Vis you also need to ex xplicitly run the Your Fr ent
reedom clie with adm privileges
ministrative p
s
(right-click, "Run as administra ator"). Altern ht-click on th link in the start menu, choose
natively, righ he
"Propert on
ties", click o the "Com
mpatibility" ta then tick the "run as administra
ab, k s box
ator" checkb -- this
t for ng
will fix it once and f all, as lon as you a always use t un
this link to ru the YF cclient.
PN to lled
OpenVP needs t be instal
PN
OpenVP is Freew pen e he
ware and Op Source (but please consider donating). If you have th ability
to install software o your PC, go to http:/
on //openvpn.net/download download O
d.html and d OpenVPN.
s ast 0,
It needs to be at lea 2.1_rc20 newest re elease shou do. For W
uld ere
Windows the is an ins staller,
others nneed to com mpile OpenV VPN from so ource – or m
maybe it ship with your OS’s distri
ps r ibution?
In any wway, if you oopen a comm mand shell and type op penvpn you should see hundreds of lines
u e
uctions; if no it’s not pr
of instru ot, alled. OpenV
roperly insta VPN needs to install a tunnel inter
rface on
C;
your PC on Windo ed
ows it’s calle TAP- WI nux uld
IN32, on Lin this wou be tun0 0.
ore se
Befo making us of OpenVPN please m ur
make sure you computer is properly
prote ot
ected and no infected by some virus/w worm or a tro ojan. Ensure that it is not
part of a bot net. If you don't o servers m
our might have to close down your accoun
o nt
rotect our sys
to pr stems. If you do not have a proper sec nstalled on yo
curity suite in our
PC pplease open Internet Expl d eb
lorer now and visit this we page for a free check (it
Microsoft too and will the
is a M ol work in Intern Explorer):
erefore only w net
//onecare.live
http:/ e.com/site/en n-US/default.htm
We s se
strongly advis that you r repeat this fro time to tim It is for your own
om me.
ection! If you haven't got o
prote other protect r ee
tion consider installing fre protection
ware like Microsoft Securi Essentials Avira Antiv or avast.
softw ity s, vir
dom packag FreeFre
You don’t need a Your Freed ge, l
eedom will suffice
penVPN support is not only available to payin users. Alt
That’s right. Our Op ng ning an
though runn
PN es
OpenVP tunnel endpoint use considera esources than just forw
ably more re nections;
warding conn
we decided to offer it to everyo for free. Although w know tha it wouldn’ be much f with
r one . we at ’t fun
64k.
onfiguratio tasks
3.3.3 Co on
your networking envir
Know y ronment
re d e ach addresses
If you ar behind a firewall and need to be able to rea servers that have Internet IP a
ble e ou add
but are not reachab from the Internet, yo need to a route ex es
xclusion line to your cconfig file
(see Ap YF
ppendix C: Y client con file).
nfiguration f
ur e
You Freedom User Guide
9
Page 39 of 60
on’t
99% of all users wo have to configure e ll net
excludes. Al non-Intern IP addre esses are
automat uded anyway (this cove 10.0.0.0/ 172.16.0
tically exclu y ers /8, 0.0/12, 192.168.0.0/16).
ks
Network that are a ted
already rout on your PC are exc cluded as weell.
others, add an openvpn_exclude line per IP or network as describ in Appen
For all o e P k bed ndix C,
e.g.
exclude 1
openvpn_e 1.2.3.4
exclude 2
openvpn_e 255.255.0.
2.3.0.0 2 .0
at edom is clev enough to automat
Note tha Your Free ver de dresses tha it needs
tically exclud all IP add at
to be ab to reach in order to maintain the connectio to the Your Freedom server.
ble e on m
e N
Tick the OpenVPN box
he nel ox. he mber as it is, unless
Go to th Ports pan and tick the OpenVPN checkbo Leave th port num
re why ed ort.
there ar reasons w you nee to use a different po
he eedom conn
Start th Your Fre nection
The connnection set sual, but app
t-up should look like us s
proximately 10 seconds after the d door
opens, i should op a bit more. The m
it pen g l
message log should tell you as well when it ha appens.
Have a look at your PC’s routin table (in Windows, r “cmd”, then type “ro
r ng run Unix
oute print”; U
users ty “netstat –rn” or “rou –n”); you should see a whole bunch of rou
ype ute u e utes there all going to
some 16 s. the
69.254.xxx.yyy address These routes cover t whole In nternet addrress space minus the
es We
exclude mentioned above. W cannot re y
eplace your PC’s default route, that would very likely
cut you off from you local netw
ur work and make the You Freedom server unre
ur eachable.
for
Relay fo others?
you ut
Yes, you can and y may. Bu unless yo PC masq our he s
querades th other PCs they need to rund
wn N
their ow OpenVPN session. W When you sstart the con
nnection, the Your Free
e edom client c creates
some co n e ll
onfig files in your home directory (please see Appendix C for location details) al starting
ent”
with “clie or “serv ver”; copy th
hem to their PCs into s
r ory,
some directo edit “clie ent.ovpn” an nd
with C’s
replace 127.0.0.1 w your PC internal IP address, then right-c n”
click on the “client.ovpn file and
choose the second option (Sta OpenVPN with this c
art N config file). Of course th need to install
hey o
OpenVP first!
PN
re our
For a mor general technique to share your Yo Freedom connection w miscella
nt
equipmen like XBox, Playstations or other PCs see chapte 5.2.2 on pa 46.
s er
with
age
aneous
bout the W
What ab ewall?
Windows fire
Feel free to use it, b don’t co
but omplain if it breaks thing Seriously, there i no reason why you
gs. is n
would need it, only outbound c s
connections work on the tunnel inte erface. Howwever if you suspect
your applications to secretly op connec
o pen ctions, then yes, use it! If something doesn’t w
work, try
without.
ur e
You Freedom User Guide
0
Page 40 of 60
onfigure yo applica
3.3.4 Co our ations
at’s most: you do have to No need to configure a proxy, no need for
Now tha the part you’ll like m on’t o! o
socksifie Just ma sure your applicatio are not using any p
ers. ake ons hat be
proxy and th should b it.
Note hoowever that since your P is not co
PC onnectable f from the Int gh
ternet throug the OpenVPN
applications who rely o this won’t work. If the manufactu
tunnel, a s on t e urer’s web p something
page says s
orts
about po that have to be opened inbound in your fi kely won’t w
irewall, it lik work.
ssible to com
It is pos nVPN tunneling with ser
mbine Open rwards, how
rver port for chapter
wever. See c
n or
5.1.3 on page 45 fo details.
roubleshoo
3.3.5 Tr oting
penVPN tun
The Op coming up properly
nnel is not c
og, ell d
Have a look at the message lo it may te you why. If it doesn’t, create a dump file and mail it
ee
to us (se chapter A A: ”) k rself.
Appendix A “creating a dump file” – or check it out your
f ill
Check if there is sti another O OpenVPN pr ning when th Your Fre
rocess runn he eedom connection is
wn.
shut dow Hit Ctrl- rt it
-Alt-Del, sor the tasks by name, and look for “openvpn”. Terminate i before
you rest the You Freedom connection. This can h
tart ur . e edom client is
happen if the Your Free
ted
terminat abnormally before it has a cha tting down O
ance of shut OpenVPN.
penVPN tun
The Op , the reedom con
nnel opens, but then t Your Fr ails
nnection fa
somehow cu off your c
The tunnel routes s ut Freedom se
connection to the Your F se
erver. Pleas
te edom client should be c
generat a dump file for us; the Your Free clever enough to avoid this but
gly
seeming isn’t.
re 69.254.xxx.y addres
What ar these 16 yyy sses?
That’s a class B ne rved for ad-h network
etwork reser hoc roadcast me
king on a br edium like EEthernet.
Every st olls or
tation just ro a dice fo an IP add dress and d
does some c hether it’s al
checking wh lready in
not,
use. If n it uses it.
No-one uses this network for a nly s e of
anything, on Windows does in the absence o a DHCP s server or
a static configuratio The netw
on. work is not r he and
routed on th Internet a no-one uses it privately,
that’s w we chos it. It’s very unlikely th it causes any addressing conflict anywhere
why se y hat s e.
The other end of yo OpenVP tunnel is always 169
our PN s f o
9.254.0.1; if you want to check what packet
delay is added by Y om, g dress!
Your Freedo just ping this IP add
Your PC will get an odd address from a /3 subnet w
C n 30 within this range and it w route everything
will
ven
to the ev counter ss ubnet.
rpart addres in this su
ur e
You Freedom User Guide
Page 41 of 60
ns: ages and vouche
4 Plan Packa d ers
eeFreedo (usage free of c
4.1 Fre om e charge)
er sic for
We offe a very bas service f free. It is good enou to make yourself fa
s ugh e Your
amiliar with Y
m
Freedom and test w not
whether or n your app Your Freedom. It might be good
plication will work with Y
which case you are we
enough for you, in w se ch
elcome to us it as muc as you lik ke.
There a several r
are in
restrictions i the FreeF
Freedom pro of ndwidth is v
ofile. First o all the ban very low
(about t same as our compe
the s etitors when paid ) an the numb of concu
n nd ber ms
urrent stream is low
as well (but enough for chatting, web surfing, etc.). Then there is a connecti time limit – you
h s ion
can only be connec
y cted 15 hours in a week interval, a only 6 hours in 24 h
k and al,
hours interva also
after one hour your session is disconnecte but you may conne again immediately.
r ed, ect
e eekly usage limit gets r
After the daily or we e reached, us
sers won't be able to co
e n.
onnect again A
ge u
messag telling you so will be produced s specifying approximately the time t wait before being
to
able to cconnect agaain.
ur e
You Freedom User Guide
2
Page 42 of 60
ackages a Vouch
4.2 Pa and hers
would like to have more bandwidth, more conc
If you w ams, or othe additional features,
current strea er l
would simply like to sup
or you w y pport our eff
forts to prov
vide unrestri et o
icted Interne access to
ne, r ow
everyon consider buying a package. The table belo details all available packages, t their
s,
features and their prices.
ee
Fre Basic Enhanced Total
T
dwidth
Band bit/s
64 kbit/s 256 kb bit/s
4 Mb unlimited
current Strea
Conc ams 10 50
0 00
10 200
2
Web Proxy
Socks Proxy
Link encryption
P
HTTP connection
PS
HTTP connection
connection
CGI c
connection
FTP c
UDP connection
Relay
ying permitte
ed
nection time
Conn ours
6 ho unlimi
ited mited
unlim unlimited
er
Serve Ports (5)
onth package
1 mo e ee
Fre € 4.0
00 0.00
€ 10 19.99
€1
onth package
3 mo e ee
Fre € 10.
.00 8.00
€ 28 57.99
€5
onth package
6 mo e ee
Fre € 17.
.00 0.00
€ 50 109.99
€1
month packag
12 m ge ee
Fre € 30.
.00 5.00
€ 95 199.99
€1
To buy packages, p age
please visit our web pa at www.your-freedo in r
om.net, log i with your account,
then clic on the “A
ck b.
Account” tab There is a currency c calculator as well if you’d like to convert the
s
our
price in Euros to yo local cur known to you For your orientation, 1 €
rrency or at least one k u.
roughly correspond to 1.25 U
ds US$ (at the t ng).
time of writin
ur e
You Freedom User Guide
3
Page 43 of 60
you
When y buy a pa ur
ackage, you account p profile usually gets upda ou’ll
ated within minutes (yo
hen
receive an email wh it happe ens). However some payment met thods take llonger than others to
complet Please v
te. ces” page o http://www
visit our “Pric on o ut
w.your-freedom.net/ to learn abou details
irst
(log in fi to see e ght es ntly
everything). Newly boug package are instan activate other paed; ackages
ve ed
that hav not expire yet get s ou e
suspended. However yo may use the arrow b the
buttons on t
” ove
“Prices” page to mo your pa e de
ackages around anytime and decid which of y ges
your packag is
9
currently active and which are suspended .
y d d
Please con
FreeFreed
nsider buying a package if you use Yo Freedom regularly, ev if
g
dom is enoug for you. Se
gh
developers like the occ
s
our
grow on trees and suppor staff and
ervers don’t g
casional pay-
-check as weell.
s
ven
rt
ouchers
4.2.1 Vo
e s ers u o her eb
Voucher codes are sequences of characte that you can fill into a form eith in the we site or
directly into the You Freedom client to cre
ur m eate packagges. You receive a vou from us
ucher code f
as part o a promot
of ms,
tion or as a compensation for service problem or as an expression of our
gratitude for something you he
e elped us with. You can also buy vo m eral
ouchers from us in seve
denomin nations as vvoucher car ouchers are valid for on year from the day of
rnets. Our vo e ne m
purchas se.
Our vou ts sed
ucher carnet can be us to temp rade your Y
porarily upgr Your Freedom account w a
with
e
package without ha y
aving to pay for a full m
month and no use parts of it. Also v
ot s voucher car
rnets are
rrable (i.e. not linked to an account and can b cashed in separately at any time
transfer t) be n y e.
st
4.3 Tes drives
re ing
If you ar consideri to buy a package but are not s er what you exp
sure whethe it will be w pect, how
ur e
about a test drive? Log in to ou web page at www.yo m.net, click o “Prices”, and click
our-freedom on
on the “Try Before Y Buy” lin on the le Everyone is welcom to try, but notice that we only
You nk eft. e me t t
allow test drives for accounts t
r een d
that have be created at least 3 d nd en’t
days ago an that have tested
extensiv y.
vely already Also, we rrefuse test d
drives for ac
ccounts that have been involved in payment
t n n
reversals before. H taff p
However, our support st can help you out sh eed
hould you ne addition nal
support@yo
testing; just send an email to s our-freedom.net.
During a test drive you’ll receiv all the be
ve e package, an what’s more, you
enefits of the selected p nd
en om
may eve switch fro one pac ckage type t another to test them all. Simply visit the “Tr Before
to o ry
y” ain y ur
You Buy page aga to modify or end you test drive e.
ckages, it may take a fe minutes f updates to propaga to all ser
As with bought pac ew for ate rvers, and
you may have to re
y connection o even the Your Freed
estart your c or o fference.
dom client to see the dif
9
ed ensive packa from expiring.
Yes, this can be use to protect a more expe age
ur e
You Freedom User Guide
4
Page 44 of 60
vanced To
5 Adv opics
ort rds
5.1 Po Forwar
ocal port fo
5.1.1 Lo orwards
One pos allow an app
ssibility to a connect to a service on the Interne via Your F
plication to c n et Freedom
irror” a port on the Inter
is to “mi magine there a server out there w a certain IP
rnet. Just im e’s r with
s
address and it’s list SH
tening to SS connecti would like to SSH to the server but your SSH
ions. You w e
oes S. ase
client do not support SOCKS In this ca you wou simply co uld ocal port for
onfigure a lo rward
to
similar t this one:
Now ins nnecting via SSH to “so
stead of con omewhere” o port 22, y simply instruct
ome.host.so on you
SH
your SS client to c “localhost” o port 2222 Your Free
connect to “ on 2. edom will put the conne
ection
ote r
through for you. No however that if the r t hable the SS client wil still see
remote host is unreach SH ll
a workin connectio but it will time out q
ng on, quickly.
many examp
This is just one of m ou
ples how yo can use t . f
this feature. Generally speaking, if your
applicat nect to a par
tion needs to only conn t cular port, lo
rticular host on a partic wards are
ocal port forw
t
the right choice.
IP s
5.1.2 SI forwards
at’s ou SIP
Yes, tha true! Yo can use S phones with Your F s
Freedom as well! We have seen re eports
dio
that aud only wor rked in one direction. O n me ntinue to work on it.
Once we can find the tim we’ll con
Note hoowever that this is still in early beta phase and it may not work properly; in any c
n a d case,
PN ill
OpenVP mode wi likely wor rk.
If you’d like to give it a try, here is what yo need to d Assume you are using a SIP se
e ou do. erver
called “s de”
sip.sipgate.d on port 5060, the w well-known p for SIP. If you conf
port P
figure a SIP port
ne
forward likes this on …
ur e
You Freedom User Guide
5
Page 45 of 60
… it will turn your lo o mage of the SIP server. So instead of configur
ocal PC into a mirror im d ring
“sip.sipg
gate.de” in y hone, configure “localho
your SIP ph e ou
ost”. Disable STUN if yo can, it’s
meaning s ut make things slower).
gless in this context (bu will only m s
warding is a complex ta
SIP forw ask; not only does the Y client have to forward all requests, it
y YF
s UDP forwards dynamic
also has to set up U audio and (th
cally for all a hat’s right!) video strea
ams. We
with
haven’t tested this w many d P s, ely ny
different SIP providers and phones so it’s like that man of them
don’t wo yet. We like to hear from you!
ork r
SIP forwa CP. l
arding will only work with UDP, not TC Nearly all clients and servers use UDP. Also,
note that using a SIP phone consu f on
umes a certain amount of bandwidth (depending o the
you g);
Codecs y are using the FreeFr not nough to sup
reedom profile will likely n be fast en pport SIP
will
forwarding (the voice w break up p).
erver port f
5.1.3 Se forwards
you
Would y like to m PC
make your P reachabl from the I
le hen port ds
Internet? Th server p forward are for
you. Check out the “Account P el
Profile” pane after conn ou
necting; if yo see “rem orwarded”
mote ports fo
ou
there yo can use t .
this feature. (You can c
configure it a well if no ports are f
as o forwarded to you, but
o
) d ts to oth
it won’t do a thing.) Forwarded server port are able t handle bo TCP and UDP traff fic.
It is imp nderstand th you can only forwar server po that are assigned to you (i.e.
portant to un hat rd orts o
f orts ’s you orts ed.
appear in the list of “remote po forwarded”). So let’ assume y have po assigne Add
s
forwards like this:
It is not absolutely n to ers ote nd
necessary t use the same numbe for “remo port” an “local por but we rt”,
have fou that ma applicat
und any o nounce ano
tions are too silly to ann rk”
other port to “the networ than
they act tually listen on. For exaample, BitTo orrent clients usually ca announce different e
an e external
IP addre esses and p 9 ackers will s
ports, but 99 % of all tra simply ignor this. So u the same port on
re use
ds
both end (by confi r
iguring your application accordingl and it wil all work by sheer mag
n ly) ll y gic.
e ssign ports that you request, for the simple rea
Also, we cannot as e veryone wan 6881
ason that ev nts
ch.
and suc Please d ou rts e
don’t ask, yo can only use the por that have been auto ssigned
omatically as
to your profile.
Typical usages:
G mote Access to your PC e.g. rdesktop, VNC, SSH
Getting Rem s C,
Getting High ID in eMule
G h
Speeding up of Bittorre downloa
S ent ads.
ur e
You Freedom User Guide
6
Page 46 of 60
e OTAL Packag
Currently Server Port Forwards are only included in the TO ge
onnection Sharing
5.2 Co n g
Relaying
5.2.1 R
profile suppo relaying and you h
If your p orts g ay s"
have turned on the "rela for others option, otther
in al will o
people i your loca network w be able to configure their brows plications to use your
sers and app o
er xy st e u ey
compute as a prox server jus the same way as you do. All the have to do is specify youry
er er
compute IP numbe and 8080 er r ) ock
0(or whateve port you have under web proxy) or 1080(so proxy)
applications where a pr
in their a s roxy server : port is req
quired.
oommates in a dorm or colleagues in the sam office.
Typical use is for ro r s me
SING OPEN
5.2.2 US ICS to conn
NVPN and I station, XBo etc.
nect other PCs, Plays ox,
would like to connect oth PCs, Pla
If you w her es, er
ayStations, VoIP phone whateve to the Inte ernet
through the Your Freedom con l
nnection, all you need is a second network int our
terface in yo PC.
ure sed
Make su it isn't us for anyt thing else. Y need to connect yo other PC
You o our Cs/PlayStat tion/etc.
network interface, either directly (cr
to this n able) or via a small swit
rossover ca tch/hub. Do not use
me ub ur
the sam switch/hu as for you other Eth hernet interf
face! Anothe thing that you need t ensure
er t to
your other Ethernet inte
is that y e
erface does not use the 192.168.0. es,
.0/24 network -- if it doe
reconfiggure your DSSL/cable router to use a different nnetwork.
trol >
Open Start -> Cont Panel -> Network C s.
Connections Find the u N
unused LAN interface (i it's
probably called "Lo
y ocal Area Coonnection 2" but don't rrely on it) -- you need th name. Then find
he
P32 e
the TAP interface of OpenV VPN. Right- c
click on it an choose "
nd ". he
"Properties" Click on th
"Advanc ck w work users to connect t
ced" tab. Tic the "Allow other netw s s
through this computer's Internet
connect tion" box an choose th network interface in the drop-do
nd he own menu b connects
below that c
other PCs o PlayStatio Click "O and clos the Netw
to your o or on. OK" se work Connec ow.
ctions windo
t, r station should now be a
That's it your other PCs/Plays nect to the In
able to conn nternet through Your
Freedom OpenVP connection when it's up.
m's PN s
V6
5.3 IPV
use YF .
The YF client can u IPv6 to connect to Y servers. IPv6 addre be through
esses can b reached t
the SOCCKS5 and lo rward facility but not via OpenVPN mode or w proxy. P
ocal port for y, N web Please
wever that n all of ou servers su
note how not ur upport IPv6.
re
If you ar having prroblems connnecting to YF servers (or even fin them), it is a good id to try
nd dea
and ena able IPv6 on your PC (if it is not alr
n led). Also, e
ready enabl eling
enable all kinds of tunne
mechan never know -- one of them might w
nisms, you n you
work where y are. :-)
On Wind dows Vista and Window 7, both IPv6 and Te
ws eredo tunneling are ena fault but
abled by def
unless y s P
your PC has a global IP address tuunnel mechanisms won work out of the box. To make
n't
tart", then ty "cmd" but do not hit Enter. Wait until the "c
it work, click on "St ype t cmd.exe" application
ur e
You Freedom User Guide
7
Page 47 of 60
appears in the sear list, then right-click on it and ch
s rch n strator" and confirm
hoose "Run as adminis
og. lack cmd wi
the dialo In the bl indow, type
interface ipv6 show teredo
netsh i w
s" e" ommand:
If "status is "offline try this co
interface ipv6 set teredo en
netsh i client
nterprisec
bit ck e
Wait a b then chec the state again:
interface ipv6 show teredo
netsh i w
d " nt". done type "e
It should tell you that "status" is "qualified" or "dorman When d exit".
With Windows XP S Teredo is shipped as we but not in
SP1/SP2, T ell default. You can
nstalled by d u
easily so that thou by open
ort ugh ning a cmd w window (clic Start, the click Run and type c
ck en n cmd) and
netsh interfa ipv6 ins
typing "n ace stall", then p
proceed as a ust tsh e
above (or ju type "net interface ipv6 set
teredo eenterpriseclient").
ght use ent an
You mig want to u a differe Teredo gateway tha the default; if yes ap the
ppend it to t "set
state en ent" nd. PC ehind a NAT router you can use "se state
nterpriseclie comman If your P is not be T et
nstead.
client" in
someone fil
Unless s o d 6 client will
lters Teredo this should give your PC full IPv6 connectivity. The YF c
automat e
tically notice and try IPv6.
ne de
5.4 Fin tuning CGI mod
Generally, CGI con ode
nnection mo is the slo onnection m
owest of all possible co modes. This is due to
y
the way it works, it needs to ac data before it sends it o to the oth side. But you can
ccumulate d off her
adjust a few knobs and try to m er.
make it faste
First, loc nfig s e h
cate the ".ems.cfg" con file. This file can be edited with any text ed ample
ditor, for exa
d. he t
Notepad Ensure th YF client is NOT run e r may
nning when you edit the file or your changes m be
lost. It is difficult to break this f so don't hesitate to try...
s file
There a four valu that control the timing of CGI c
are ues an any
connections and you ca change a of
We’d not rec
them. W o
commend to change any of these liimits except perhaps
t
link_maxdelay". Here a the para
"cgi_upl are h ult nd aning:
ameters with their defau values an their mea
plink_maxdelay. Defau to 500 m
cgi_up ults ta
milliseconds. The YF client will accumulate dat for at
this time un it initiates a new upli connection no matter how muc data has been
most t ntil s ink ch
accummulated. You might wan to set this to a lower value, may 200 milliseconds.
nt s ybe
cgi_up ntdelay. Defa
plink_urgen milliseconds The YF client will use this value instead
aults to 20 m s. e
alue when it has frames to deliver that are con
of the previous va gent, for example
nsidered urg
acknoowledgemen nts.
cgi_up hold. Defaul to 3. If th many fra
plink_thresh lts his ata re
ames (YF da units) ar to be deliv vered, a
new uuplink conne e ht tting this to 1 will effect
ection will be made righ away. Set tively disable data
accummulation and make your connection much more responsiv but it will also creat much
d ve, te
If
more overhead. I you don't care about how many c s
connections are made and how much
overhead it generates, set th to 1 and don't worry about the r
his y rest.
ur e
You Freedom User Guide
8
Page 48 of 60
cgi_upplink_minde second. This is the min
elay. Defaults to 1 millis unt
nimum amou of time b between
two upplink connections. You should not set it to 0 a most pe
and d
eople should not have too
ase ork on
increa it, but if your netwo connectio drops co onnection at t bursts, try
ttempts that appear in b
g her
setting it to a high value!
ownlink_con
cgi_do out
nnect_timeo
e ormally do no appear in the config file and are not configu
All these values no ot n e ugh
urable throu the
e s r at the
front end. Just add lines to the file (it does not matter where) tha contain the name of t value,
e,
a space and the nu you ike
umeric value to which y would li to set it (no unit).
Optimum performance is proba
m ed ng
ably achieve by settin cgi_uplink d
k_threshold to 1 and
cgi_uplink_mindela to maybe 20. Try it, y can't br
ay e you reak anythin if it doesn't work just remove
ng,
s
the lines again.
ur e
You Freedom User Guide
of
Page 49 o 60
pendices
App
A. bleshooting
Appendix A Troub
ur es t-in
The You Freedom client come with built troubles cilities. There is the mes
shooting fac e ssage log
u Messages ta (you may save it to a file as we but this w only
that you can access from the M ab y ell) will
u ay s. oubleshootin you need to run You
help you in everyda situations For more detailed tro ng d ur
m ” d e
Freedom in “dump” mode, and you might have to use a packet s sniffer as we ell.
oes p/game not work?
Why do my app
s no r
There is of course n off-the-shelf answer to this que he g d
estion. But th first thing you should look at
treams pane of the You Freedom client. Doe the applic
is the st el ur m es e
cation create streams there
ou
when yo use it before it comp t
plains that it cannot con operly
nnect? If no, then it is likely not pro
configur you’ve got th proxy se
red. See if y he e n on
ettings in the application right – if it’s running o the
our m e ” 0.1”
same PC as the Yo Freedom client, use “localhost” or “127.0.0 as the p address,
proxy host a
and 108 (SOCKS) or 8080 (w
80 ) ps)
web/http/http as the p proxy port. If it’s running on another PC, be
f g
sure you have relay
u ying enabled (Ports panel) and it’s permitted b your prof * (Accoun Profile
s by file nt
and our m al
panel), a you’ve used the Yo Freedom PC’s loca LAN address as the p address.
proxy host a
Then ch heck the meessage pane in the You Freedom client – do you see blo
el ur ocol
ocked proto
ges You er
messag there? Y need to use anothe Your Free er one e
edom serve then, the o you are using
w pporting a protocol that you need.
right now is not sup t
k ne
Please have a look at our onlin documen u g We s
ntation if you are having trouble. W know it’s not
perfect a the intr
and age
roduction pa is an ou me
utright sham but have a look anyw s
way, there is more in
ht p://www.you
there than you migh think. http ur-freedom.net/4/
r t he
Another plan might be to have a look at th user forums. Maybe someone e e
else had the same
m he can d
problem before? Th forums c be found at http://w eedom.net/2
www.your-fre 2/.
ming a spee test
Perform ed
d ery ow ch r e
A speed test is a ve express way to kno how muc traffic per unit of time your Your Freedom r
connect tion can han is e
ndle. For thi you need to generate enough ap raffic to satu
pplication tr urate the
link betw our m d
ween the Yo Freedom client and the Your F Freedom ser rver -- in bo directions. So
oth
un
either ru an applic ow h,
cation of which you kno that it will use the full bandwidth or use Yo our
m’s
Freedom built-in t rator. In order to use it, start the client and cre
traffic gener eate a local port
forward from some port (e.g. 1234) to a vi called “speedtest" on po 0. Then o
irtual host c ort open a
nd
comman shell (in Windows, c art", choose "Run", then type “cmd"). In this sh
click on "Sta n hell, type
ocalhost 1234" (or wha
“telnet lo you've used) -- the spee test will t
atever port y ed r
then run for one
minute, at the highe speed p
est ote ng ed
possible. No that durin the spee test, all sp peed restricctions still
apply. Y won't ge a higher b
You et bandwidth r n
reading than your profile or slider s mit,
settings perm but
you sho e our
ould see the bandwidth go up to yo slider se you
ettings - - if y don't, so lse
omething el is
limiting your speed. It could be (and likely is) the spee of your Internet connection. Try
e y ed y
*
g, o
At the time of writing relaying is permitted to all users.
ur e
You Freedom User Guide
of
Page 50 o 60
adjusting the uplink speed to th actual sp
k he peed of your Internet co e.g.
onnection (e many D DSL
connect llow 256 Kb
tions only al Kbit/s in uplink direction adjust the slider sligh below
bit/s or 384 K n; e htly
ue), ght
this valu this mig improve your throug ghput in the opposite di ease note: T
irection. Ple This traffic
generat feature is meant to b used for troubleshoo
tor s be oting; please do not use it frequently. The
best rea st you
ason to run a speed tes is that we've asked y to!
p”
Creating a “dump file
Depend ding on how you start Y e ways how to start it in d
Your Freedom, there are different w o dump
The ws
mode. T Window installer v art
version can be run in dump mode from the Sta menu; if you aref
rom the com
running the client fr mmand line, use the op ption –-dumpp[=output tfile] to a activate
mp ng t
the dum mode. If it is run usin the Start menu or if the "outputf file" is left omitted, the dump file
produced in your deskto except fo Unix like systems, in which case they will b stored
will be p op or n e be
in your hhome direct hat
tory. Note th there is a drop in peerformance when you a s
activate this mode,
may
and the dump file m grow pr er
retty big ove time.
Normally, the client does not d
t ctual packet data; if tha needed we’ll provid a
dump any ac t at’s de
modified client on r
d t
request that does.
esitate to ha a look a the file, so
Don’t he ave at obably make sense to you, some of it will
ome of it pro es o
ake o
only ma sense to the develo u big
opers. If you mail us a b dump, please comp press it! Put it in a
7z ver ase any ary s
ZIP or 7 or whatev archive file, but plea avoid a proprieta features (e.g. WinZ 10’sZIP
AES encryption mo ode).
If you ar having co
re zard in dum mode as well.
onnection problems, it helps if you run the Wiz mp
niffer
Using a packet sn
bare metal d
This is b and the
debugging a not for t faint-hea arted. There may be situations wh
e here our
you an
support staff asks y if you ca use a pa r
acket sniffer to troubleshoot connection or app plication
problem If you ca we recom
ms. an, ng rk e
mmend usin Wireshar (available from www.wireshark.o or org
www.eth hereal.org – Ethereal is the historic name of Wireshark). In most ca
s cal f ases you shhould run
ark her
Wiresha on the same PC as the YF client, and you should eith capture o the inter on rface that
ts
connect the YF cli YF
ient to the Y server or on the inte
r connects oth PCs to t YF
erface that c her the
C, ng
client PC dependin on the na ature of you problem. L the capt
ur Let en e
ture run, the re-create the
m, e.
problem then stop the capture Save the capture to a file and mail it to us (a again, we like it if
you com mpress it).
Updating the client
The YF client does not have an automatic updating fa
c need to upd
acility; you n ually from
date it manu
time to t way e eatures. Kee
time. This w you will receive the latest bug fixes and fe YF
eping your Y client
installat ate al
tion up to da is crucia in staying connected, especially when you n need to rely on YF’s
ability to get you co
o onnected.
We suggest that yo follow this procedure to update your installa
ou e ows -- on ot
ation (Windo ther
systems the proced
s lar oad, uninsta install):
dure is simil -- downlo all,
eck
1. Che on https m.net/index
s://www.your- freedom x.php?id=d downloads for new ver rsions,
mpare the ve
com ber ne d bout" screen of the YF client.
ersion numb to the on displayed on the "Ab n
ur e
You Freedom User Guide
of
Page 51 o 60
2. If the is a new version available, c
ere wer consider dow t. est ays
wnloading it We sugge you alwa keep
the d d
downloaded files of pre allations unti you are su that the new version is
evious insta il ure
work o
king properly for you so you can reevert to it.
ce ownloaded t new ver
3. Onc you've do the nnect, then exit the YF client.
rsion, discon
4. Uninnstall the cu on
urrent versio through S rams - Your Freedom - Uninstall o through
Start - Progr r or
the c el ws. t
control pane of Window While it is safe to in versions ove previous versions
nstall new v er
ou hat ays e
if yo ensure th you alwa use the same installer type, we do not rec .
commend it. Your
settiings will not be lost by uninstalling the YF clie
t ent.
5. Insta the new version by r
all ed ollowing the steps on th screen.
running the downloade file and fo he
nd
If you fin that the n n at ous
new version fails to do something properly tha the previo version did,
oth
please let us know (include bo version n possible, an tell us wh
numbers if p nd r
hich installer you are
using, N -- the sm one -- o JET -- the large one) Tell us too if it fixes a previous problem.
NSI mall or e ). o
ed w et d en
(No nee to tell us you are now able to ge connected again whe you were able preen't eviously --
we'll not tically. :-)
tice it statist
ase of are ed :
The relea versions o the client a generate as follows:
MDD-Serial
YYYYMM
Year
YYYY = Y
onth
MM = Mo
y
DD = Day
Counting up o that Day.
Serial = C on
02, ion h 04.
Example: 20040507-0 2nd Versi on the 7th of May 200
B. try mation
Appendix B Count inform
y plans
Country specific p
eedom has special plans created f those co
Your Fre for om
onnecting fro certain ccountries in which
access to the Intern restricte We omit the list of th
net ed. hose countrries here. More informaation can
d
be found in our webbsite.
In those countries, the FreeFre
e eedom pack kage behaves different. Depending on the cou
g untry
connecting f
you’re c from, the FreeFreedom can exhibit variations in the usage limits. As a general
m t
age re
rule usa limits ar eased allo n pted connec
owing for an uninterrup Also the usual 64kbps
ction time. A
dth up
bandwid can go u to 512kbps in some cases. The become aey onnects
active once the user co
e
from the affected coountry. The usual outco ome is the u tay ted
users can st connect for as lo asong
ant
they wa without li om
imitation fro our side.
r
Another kind of cou ic overed by th Sesawe p
untry specifi plan is co he .
partnership. For more
informat hapter 2.2.1 on page 12
tion read ch 2,
ur e
You Freedom User Guide
of
Page 52 o 60
y ry
Server availability by countr
the of
Saving t usage o some stra ositioned se
ategically po ervers for tho in really need of them is a
ose y
mple, the ca of some Asian and South Ame
reason, as for exam ase e h
erican servers, to which people
connect earby countr
ting from ne ries should have priority over perhaps someone in Africa.
The other reason wwould be, prreserving the server fro being abused by spa
e om ost
ammers. Mo of the
SPAM w have to c
we combat com from the same country; experience has ta
mes e at
aught us tha there’s
d
no need to allow neewly registe
ered users to connect a abuse fr
o and nd
rom them an expose t this way
r
our relationship our providers.
There a servers f everyone neverthele
are for e ess, so conn h
nection is always possible through them, no
what country you are in For up to date information visit o website o write to th
matter w y n. our or he
support staff.
A few ser on re on
rvers may deny connectio from certain countries as a measur of protectio against
abuse. W gets denied it connection attempt bec
When a user g ts n olicy applied to the
cause of a po
hey g F roduce an err saying
country th are trying to connect from, the YF client will pr ror
“AUTHEN NTICATION N NOT VALID F FOR YOUR COUNTRY O RESIDENOF NCE”. Trying a different
recommende
server is r ed.
s
Tweaks
dded in vers
This is a feature ad 204-01. It co
sion 201002 onsists basic et nd
cally of a se of rules an hard
coded b the nt
behavior in t YF clien to make c connections possible in some spec cific networkk
ons. Most pe
conditio need these and can sa
eople don’t n t u
afely leave it disabled; in fact if you are able
ect,
to conne do not e aks.
enable twea
ames are ve explicit. They have been added after we le
Their na ery d YF
earn how to make the Y client
t kind of cond
connect in certain k ditions (norm
mally very w represen
well ain es)
nted in certa countrie when
techniques don’t seem to work. If y
normal t you've got a clever way to configure the YF client to
y
t ers
connect to its serve in some unusual ne tuation, plea tell us a
etworking sit ase about it.
ur e
You Freedom User Guide
of
Page 53 o 60
C. edom clie config
Appendix C The Your Free ent guration file
nfiguration fi is stored in your "ho
The con ile ry" called ".ems
ome director and it's c two dots).
s.cfg" (yes, t
want to copy the file or e it, be su that the Y
If you w edit ure g!
Your Freedom client is not running The file
text and you may edit it with your fa
is plaint u t favourite tex editor (for example, p
xt r pico or vi on Unix
n
systems or notepa in Window
s, ad ws).
s e ?
Where's my home directory?
nix
With Un like syste ems you pro obably know because y are ther all the tim In most c
w you re me. cases
me"
there is a directory called "/hom contain each user, b his or her
ning a subdirectory for e by
usernam -- you sh
me our
hould find yo "home d directory" th
here. The co ms.cfg" is in there,
onfig file ".em n
t see use n
you just might not s it becau it's a "hidden" file in Unix terminology, star rting with a dot. Try
he
to append "-a" to th "ls" comm mand.
With Windows Vista and Windows 7, open an Explor and go to "C:\Users" In there, t
a n rer o ". there is a
directory for each u
y e his
user; the directory name is usually equivalent to your login name. Th
y ome directo
directory is your "ho ory", or "%HOMEPATH%" in Windo ows environ s,
nment terms and the
g" e.
config file ".ems.cfg is in there
In older versions of Windows t home pa is locate in “C:\Documents an Settings” (or
f the ath ed nd
equivale in your language), a
ent again, there a directory for each user’s home directory.
e’s e
of find your ho
A rule o thumb to f ome director would be executing “
ry the window.
“cmd” from t “Run” w
You’ll fin yourself in front of a black terminal with a b
nd blinking curs The tex at the left is the
sor. xt
r e
path for your home directory.
ers\myuse
C:\Use ername>_
guration o
Config options
Note! So ow ked
ome of the options belo are mark as “hidd t
den”, which means that they are not
the
accessible though t “Configu ndow but only through a text editor. These options are
uration” win
e w hat at k
for those who know exactly wh they are doing (or a least think they do). P sult
Please cons our
sure.
support staff first if you are uns
ur e
You Freedom User Guide
of
Page 54 o 60
ons e use
All optio are case sensitive, be sure to u lowerca are
ase! There a options that can only appear
file
once in the config f (type: sinngle), others can appea more than once (type: multi). Op
s ar ptions
that take only a single value w treat ever
e will r g ce f
rything after the leading whitespac as part of the
ncluding wh
value, in o
hitespace, so watch out and don’t p whitespa at the e of the lin if you
t put ace end ne
ant
don’t wa to. You may use co omments as well (they s t ut
start with a # in the first column) bu they
gone next tim the clien saves the config.
will be g me nt e
he njoy!
Now here comes th alphabetical list… en
n
Option tion
Descript Type uments
Argu
roll_messag
autoscr ges essage wind
Scroll me dow single ” (default)
“true” or “false” (
automatic new
cally when n optionaal
es
message appear
dns
avoid_d Use the sserver’s IP a
address, no
ot single ” (default)
“true” or “false” (
the host name (if knoown) optionaal
wnlink
bw_dow Desired d
downlink (se
erver to clie
ent) single per .
Bits p second. 0
th
bandwidt in bits per second optionaal ns
mean “unlimited”.
bw_uplink uplink (clien to server)
Desired u nt single per .
Bits p second. 0
bandwidt in bits per second
th optionaal mean “unlimited”.
ns
ct_on_startu
connec up Fire up connection w
when client is single ” (default)
“true” or “false” (
started optionaal
evel
debugle Turn on d
debugging o the Java
on single The l more
lower, the m
(not the mes
console ( el!)
ssage pane hiddenn verbo t
ose. Default is
“999” It probably
”.
sn’t
does do much h
more these d
anym days.
how_popup
dont_sh ps otification
Avoid popping up no single ”
“true” or “false”
een
windows on the scre optionaal ault).
(defa
tion
encrypt connection encryption
Turn on c single ”
“true” or “false”
optionaal ault). Note th the
(defa hat
rd s
wizar turns this on for
d
you. You should only
it
turn i off for debbugging!
tip
file_ext rver’s extern IP to a fi
Write ser nal ile single This allows you to use
when connnecting optionaal the s ernal IP
server’s exte
in scripts
_server_reco
follow_ o
ommendatio Allow the client to fo
e ollow the single ”
“true” or “false”
recommend
server’s r se
dations to us ault). Leave this off
(defa
ur e
You Freedom User Guide
of
Page 55 o 60
ns server
another s al
optiona ow
for no unless yyou
t h
don’t care which server
type you are using.
x
fool_pix ck fool old PixO
Try a hac that can f OS single ”
“true” or “false”
sing
versions into bypass hiddenn ault). Only tu on if
(defa urn
WebSens se you kknow that yo our
connection is pa assing
throu an old P
ugh PIX
firewall using
WebS Sense and you
cannot connect; it may
k et
work with this se to
”.
“true”
y
ftpproxy Use a noon-transpare FTP proxy
ent single n proxy’s
Put in the FTP p
FTP connec
with the F ction protoco
ol optionaal host name or IP
addre ve
ess. Remov if you
t
don’t need one.
yport
ftpproxy Use a noon-transpare FTP proxy
ent single n proxy’s
Put in the FTP p
FTP connec
with the F ction protoco
ol optionaal rol
contr port (norrmally
Remove if y
21). R you
t
don’t need an FTTP
proxyy.
rs
header al
Additiona headers wwhen sendin
ng multi u
If you need additional
requests to the web proxy al
optiona head ders or wish to
overr ride things like
o
“User-Agent”, do it here.
For eexample: “he eaders
User r-Agent:
None eOfYourBus siness
1.0”
ush
http_flu he
Close and re-open th HTTP single e
Time in millisecoonds. If
onnection at intervals
uplink co optionaal you nneed this, use the
CGI cconnection protocol
instead. This is
outdaated.
idle_kill ection when idle for this
Kill conne n s single This is obsolete and
many mil lliseconds optionaal sn’t
does work as
ected anymo
expe ore,
t
don’t use it.
ur e
You Freedom User Guide
of
Page 56 o 60
post_size
initial_p When do oing a HTTP POST, use
P e single Default is 10000 0000 or
this initial size hiddenn 10 MMegabytes. T The
t s
client decreases this by
ctor
a fac 0.8 until the
web proxy accep it or
pts
the vvalue falls beelow
minimmum_post_size. If
you kknow your p proxy’s
s ere,
limits put it in he it
on
saves connectio time.
messages
level_m Only sho message above this
ow es single “debug”, 7 is
0 is “ s
Messages pa
level in M anel optionaal “eme ergency”. Deefault is
formational”
1 “inf ”.
ge
languag Your pref uage (ISO 2
ferred langu single Defaults to “en”. Only a
owercase)
letters, lo optionaal anguages a
few la are
ported, see t
supp the
Conf alog.
figuration dia
n_x
location ates of the Y
Coordina om
Your Freedo single 0 is top left corner,
on
window o the scree en optionaal er
highe values ar re
er
furthe right
n_y
location ates of the Y
Coordina om
Your Freedo single 0 is top left corner,
on
window o the scree en optionaal highe values ar
er re
er
furthe down
um_post_siz
minimu ze Minimum HTTP POS size
m ST single 0
Default is 20000 or 20
hiddenn bytes. Only l
Kilob lower if
you kknow that yoour
y e
proxy will refuse POSTs
ve
abov 20k and y you
y
really have to.
pn
openvp N
OpenVPN port single Default is 1194, only
optionaal change if you ne this
eed
port f somethin else.
for ng
pn_exclude
openvp IPs and n
networks to be exclude
ed multi every IP or n
For e network
ting through the
from rout h hiddenn pace,
(IP address, a sp
N
OpenVPN tunnel and a netmask) that
should not be ro
outed
throu the Ope
ugh enVPN
el,
tunne add a line to the
config.
ur e
You Freedom User Guide
of
Page 57 o 60
ord
passwo ur
Your You Freedom password single One: your Your
require
ed Freed
dom passwword
cept
portacc s
Forwards a server p to a loca
port al multi er
serve port
port al
optiona local host
local port
ward
portforw s rt
Forwards a local por to a remote multi local port
port al
optiona ote
remo host
ote
remo port
ol
protoco nection protocol to use
The conn single One of: “http”, “hhttps”,
ed
require , ”.
“cgi”, “ftp”, “udp” There
more but the are
are m ey
expeerimental and they
t
don’t work.
proxy xy
The prox port single e
Make your PC a web
optionaal y ing
proxy by supplyi the
number. Se to 0 or
port n et
ove
remo to turn o off.
omain
proxydo Your dom b
main for web proxy single A Windows dom main
cation, if nee
authentic M
eded (NTLM optionaal e, ed
name if you nee one
only)
proxies o uthenticate o your
to au on
web proxy.
ost
proxyho The web proxy hostn name or IP single st
A hos name or IP
which to tun
through w nnel when optionaal addreess. Leave empty
tp”, or
using “htt “https” o “cgi” or remove if you don’t
u
d
need to use a prroxy.
ort
proxypo rt.
The web proxy’s por single Set
A port number. S to 0
optionaal or remove if you don’t
u
need to use a web
d
proxyy.
ass
proxypa Your pas
ssword to au
uthenticate o
on single A passsword, if
proxy
the web p optionaal entication is
authe s
needded.
ser
proxyus ername to au
Your use uthenticate on single A useername, if
proxy
the web p optionaal entication is
authe s
needded.
t_dns
redirect solve host names locally
Don’t res single ”
“true” or “false”
ing
when usi SOCKS optionaal ault). Use this if
(defa
your local name server
ur e
You Freedom User Guide
of
Page 58 o 60
cannot resolve Internet
name (or you d
es don’t
t
want it to)
rekey encryption k frequen
Change e key ntly single ”
“true” or “false”
optionaal (defaault). The wi izard
set
will s this to “trrue”,
and t there’s normmally no
reaso why you would
on
t
want to set it to ““false”
unles you susp
ss pect that
there a bug in our key
e’s
nego e
otiation code and
you lose connec ction.
relay hers to use y
Allow oth your Your booleaan o false”
Set to “true” or “f
m s
Freedom session as well al
optiona emove). Not that
(or re te
only works if your
this o f
profile permits it as well.
_criterion
server_ Define cr
riteria by wh
hich to multi e
name of criterionn
automaticcally select servers al
optiona ber
numb between 0 n
sed) and 10
(refus 0
(requ ult
uired), defau is 5
’t
(don’ care)
ward
sipforw remote SIP gateway
Mirror a r multi local port
al
optiona gateway add
SIP g dr
gateway por
SIP g rt
socks CKS port
The SOC single e
Make your PC a
optionaal SOC CKS proxy by
supp ort
plying the po
ber. ve
numb Remov or set
to
to 0 t turn SOC CKS off.
minimized
start_m system tray (Windows
Start in s single ” (the
“true” or “false” (
only) optionaal defauult)
host
tunnelh r
The Your Freedom s
server to us
se single st n
A hos name, an IP
ed
require addre e
ess, multiple IP
addreesses separated by
semicolon, or a CGI
y
relay URL (see F FIXME)
port
tunnelp r server port
The Your Freedom s single A port number
ed
require
ur e
You Freedom User Guide
of
Page 59 o 60
tp11
use_htt Use HTT
TP/1.1 instea of
ad single ur
If you proxy is a acting
0 ts
HTTP/1.0 in request hiddenn stupid, try if this fixes
the p an
problem. Ca either
be “tr se”
rue” or “fals
(defaault)
username ur
Your You Freedom username single One: your Your
ed
require dom userna
Freed ame
cgi_uplink_maxdel †
lay m
Maximum delay befo flush up
ore plink single r he
After this time, th
queue hiddenn ue
queu is flushed nod
er ch
matte how muc data
any).
is to be sent (if a
Default to 500ms
cgi_uplink_mindela †
ay of
Number o frames th triggers a
hat single The mminimum deelay
flush hiddenn between two queeue
flushes
(POSSTs). Default to
1ms.
delay†
cgi_uplink_urgentd m
Maximum delay for u
urgent data. single The mmaximum d delay if
hiddenn nt
urgen data is in the
queuue
(e.g. small frame e
belonnging to a stream
that h not sent data
has
for a while - --
intera
activity! --).
Defaults to 20ms s.
cgi_uplink_thresho †
old of
Number o frames th triggers a
hat single The nnumber of f frames
flush. hiddenn e at
in the queue tha cause
the mmindelay to be used
instead of the maxdelay
(0 to disable), i.e if this
e.:
many frames are
y e
outsttanding, flussh
quick Defaults to 3††
kly. s
min_holdoff
post_m wait
Time to w before nnew single 0.
Defaults to 5000
on ds)
connectio is made.(millisecond
†
e apply to the CGI uplink code If there is a keepalive fram in the queu mindelay is used -- i.e.
All these values only a e. me ue, s
elow maxdelay
values be y/mindelay sho ed
ould not be use --
ur e
You Freedom User Guide
of
Page 60 o 60
max_connec
post_m ctions: m
Maximum number of concurrent
f single e
Some people mi ight
ons.
connectio have to lower this to
e
one. It is safe to use
bigge numbers but at
er
some point it will only
e
ease overhe
incre ead.
for
Default is good f most
peopple.
min_post_siz
post_m ze m
Minimum size of a P
POST reque
est. single er
Neve lower the
maximum POST sizeT
below this limit. It could
w
ve k
starv the uplink path.
_? were specifi
The cgi_ options w ically added to help use to tweak the cgi rela mechani
d ers k ay ism. For
e, e
example if massive and frequent POSTs were undes rs =3000,
sirable user could set maxdelay=
ay=1000, urg
mindela 500
gentdelay=5 and thre eshold=0. P
POSTs will b fewer bu larger and the
be ut d
on put
impact o throughp and inter n’t
ractivity won be discreeet.
