Monday, May 13, 2013

How to connect XBOX to VPN via ICS on Mac

Note, this set up is for Lion 10.7.3. For Snow Leopard 10.6 you have
to edit a plist file in terminal.
Heres what you will need:
  1. VPN account
  2. USB to Ethernet adapter, i use the Apple Macbook Air one
  3. Ethernet Cable
You will have to manually enter the VPN connection, here is how:
  1. Open System Preferences / Network
  2. Click the add (+) interface and choose VPN
  3. IMPORTANT: In VPN-Type, select PPTP
  4. Set HidemyAss as the service name
  5. Click Create
  6. This window will now close and you will be taken back to Network Preferences window
  7. Leave the Configuration as default
  8. In the Server Address enter the PPTP IP address of the VPN Server. To get this you will have to login to the HidemyAss website and
    navigate to PPTP Server on the left of the website. 
  1. Whilst one the website note down your username and password above the server list. Bear in mind that your PPTP password is different to any other password (for security reasons).
  2. Click Authentication Setting and enter your PPTP password – NOT YOUR ACCOUNT PASSWORD!
  3. Click OK to take you back to the network window
  4. Click Advanced and tick “Send all traffic over VPN connection
  5. Click Connect and wait for the green light on the connection window.
  6. To ensure the service is running smoothy visit a IP trace website such as www.tracemyip.org

You will now need to share this VPN network with your XBOX. There two ways of doing this, over WiFi or Ethernet.
I prefer Ethernet as its fast for file sharing  (i use my XBOX as a media center also)

Option 1 Ethernet: XBOX will connect directly to you Mac with a Ethernet cable

  1. Ensure the XBOX is switched off
  2. Connect the Ethernet to USB into you Mac.
  3. Then connect an ethernet cable from the adapter directly into the back of your XBOX.
  4. Open System Preferences / Network
  5. USB to Ethernet should be listed in yellow, if not click the add (+) interface and choose USB to Ethernet
  6. Click back or Show all to take you to the main System Preferences window and select Select Internet Sharing
  7. In the pull down menu “Share you connection from” choose HidemyAss
  8. Then tick USB Ethernet adapter
  9. On the left list tick [Internet Sharing] and [Start] in the pop up window, this should now be green and active
  10. Turn you XBOX on and check the System Setting / Network / Ethernet/ Test XBOX Live to ensure you have a connection

Option 2 Wi-fi:  XBOX will connect directly to you Mac using a new Wi-Fi network

To use this you will have to have you Mac connected to the internet with an Ethernet cable
  1. Open System Preferences window and select Select Internet Sharing
  2. In the pull down menu “Share you connection from” choose HidemyAss
  3. Then tick WiFi
  4. Click the Wi-Fi Option button and set a 5 digit password (WEP Key)
  5. On the left list tick [Internet Sharing] and [Start] in the pop up window, this should now be green and active
  6. Turn you XBOX on and check the System Setting / Network / Wi-Fi/ Test XBOX Live to ensure you have a connection

Theres one more connection option which i haven’t tried but would mean your Mac connects to the internet via wifi and the XBOX will connect to the ethernet port but I’ve not tested this so I’m not sure if it will work.

Friday, May 3, 2013

How to setup OAST with OpenVPN GUI on Windows

OAST OpenVPN GUI


OAST OpenVPN GUI is a OpenVPN client for Windows

Downloads:
See below for instructions how to setup.


Windows setup

The special thing with OAST OpenVPN GUI is that it's portable, so no installation is necessary.
  • Install either the OAST standard client, or the portable one (see links above); then start the OAST.exe
  • To connect to our servers, you'll need the OpenVPN config files:
  • All TCP+UDP config files as .zip: http://hidemyass.com/vpn-config/vpn-config.zip
    Single TCP config files: http://hidemyass.com/vpn-config/TCP/
    Single UDP config files: http://hidemyass.com/vpn-config/UDP/
  • In OAST, click "Settings".
  • Next to "OpenVPN configuration file", click "Browse".
  • Browse to the folder with the *.ovpn config files you've downloaded earlier.
  • Select and open a *.ovpn config file, e.g. "Austria.Carinthia.Klagenfurt.TCP.ovpn".
  • Click "OK".
  • Enter your username and password.
  • Check "Save this username and password" if you like.
  • Click "Connect".
  • Wait till OAST shows "The connection has successfully been established" instead of "Connecting".
  • Now check your IP and location e.g. at http://geoip.hidemyass.com

How to use Viscosity on Windows and Mac

Viscosity is a VPN client for Windows and Mac. It can be used to connect to HMA Pro VPN using our config files.
Download Viscosity here: http://www.thesparklabs.com/viscosity/download/
Note that Viscosity is not a free software, you can use it for 30 days and then have to register it.
 

Windows instructions

First, let's prepare the config files for the VPN servers, to make the process a bit easier.
TCP and UDP config files can be downloaded as single files @ http://hidemyass.com/vpn-config/TCP/ and http://hidemyass.com/vpn-config/UDP/
or completely as .ZIP archive @ http://hidemyass.com/vpn-config/vpn-configs.zip
TCP is standard, and UDP makes sense if you're experiencing slow speeds or want to bypass restrictions on your network.

Create a folder on your desktop, or anywhere else. You can name "VPN config files"; extract the content of the archive into that folder.





Now, install Viscosity for Windows -> http://www.thesparklabs.com/downloads/Viscosity%20Installer.exe
During the installation, the installer wants you to confirm the driver installation of the Viscosity virtual ethernet adapter.
You must confirm it.
Once installed, the Viscosity Icon will appear in the bottom right of your desktop. Rightclick it, and select "Preferences".
The preferences windows will appear.
Now please click on the "+" at the bottom left of that window. (marked red in the screenshot)
Here, select "Import Connection" and "From File..."
A file selection dialog will pop up. Here, navigate to the "VPN config files" folder you've created earlier.
In this tutorial, we'll select "USA.Arizona.Phoenix_LOC1S1.ovpn", of course you can select any server config file you like.
Once selected, Viscosity will confirm that the config file was successfully imported, and the connection will now be available in your list.

Now please click on "Edit" in the bottom right of this window.
 
Here you can edit the settings of your new server configuration.
Go to the "Networking" tab (see screenshot ->)
Check "Send all traffic over VPN connection".
In the "DNS Servers:" field, enter:
208.67.222.222 208.67.220.220
That's OpenDNS, the DNS servers that our VPN connection is going to use.
Now click on "Save" in the bottom right.
You can close the preference window now.
Now we want to connect to our newly configured VPN server.
For that, rightclick on the Viscosity-icon in the bottom right of your desktop again.
You'll notice that the "USA.Arizona.Phoenix_LOC1S1" server is available now. Click it!
Now Viscosity will ask for your username and password.
Use the same username+password that you also use to login to the VPN control panel @ http://vpn.hidemyass.com
Check "Remember my credentials", so you don't need to enter your credentials again.
Click "OK".
Now wait a few seconds.
Once Viscosity finished connecting, a notification window will appear in the bottom right of your desktop,
telling you that you successfully connected to the VPN server.
Please note: The IP which is mentioned here, is NOT your IP! It's just a redirecting IP used by the server.
To verify your IP address, location and ISP, please go to a verifying website like http://ipaddress.com
You'll see that this data has changed from the usual, that means you're successfully connected to the VPN;
and all traffic will be routed through the VPN.

That's all! If you want to configure more servers for Viscosity, just repeat the tutorial.
But note that Viscosity creates a new virtual ethernet adapter for each server,
so using too many servers here can cause conflicts and slowdown your system.

For disconnecting from the VPN, viewing connection details and changing preferences, do this also in the
Viscosity menu as you see here ->
  

Mac instructions


1. Download the HMA config files from:
http://hidemyass.com/vpn-config/vpn-configs.zip

2. Double check on the downloaded zip file to extract it - you should see a folder called "vpn-configs".



 
Download Viscosity for Mac here -> http://www.thesparklabs.com/downloads/Viscosity.dmg
Open that .dmg file. Now a window should appear which shows you the content of this archive.
Here, open the "Viscosity" file.
Viscosity is now getting installed.
You might get asked to move Viscosity into the application folder. Confirm this.
The installation process has finished now.
 
 If Viscosity is not starting automatically now, you can also start it by clicking the Viscosity icon in your "Applications" folder. 
3. Open Viscosity, go to its menu, and open the "Preferences" window.
4. Click on the "+" button and select "Import Connection > From File…".
From here you should navigate to the "vpn-configs" folder from above.
You can either select the folder to import every single connection at once,
or you can select an individual config file from inside the folder just to import one.
Click the Open button once you have made your selection (you may have to wait a few seconds if you're importing the whole folder).

A file selection dialog will open up.
Now navigate to the folder which you created for the config files. (In this case, it's on the desktop).
In that folder, all VPN config files are available.
Select the VPN servers config file you'd like to connect to.
In this tutorial, we'll select "USA.Arizona.Phoenix_LOC1S1".


 
Viscosity will now confirm that the connection has been successfully imported.
5. From the Viscosity menu select the connection you wish to connect, and it should start connecting.


After a few seconds, you will be asked for a username and password.
Enter your VPN account username and password here, the same credentials that you use to login @ the VPN control panel
( http://vpn.hidemyass.com )
Check "Remember details in my Keychain", so you don't need to enter your login data again.
Click "OK".


In case you have installed Growl, as you should, you'll now see a notification window.
It confirms that the VPN connection has been successfully made.
Please note: The IP which is mentioned here, is NOT your IP! It's just a redirecting IP used by the server.
To verify your IP address, location and ISP, please go to a verifying website like http://ipaddress.com
You'll see that this data has changed, that means you're successfully connected to the VPN;
and all traffic will be routed through the VPN.

That's all! If you want to configure more servers for Viscosity, just repeat the tutorial with a different config file.

 

How to Connect PPTP on Linux command line

This tutorial explains how to connect via PPTP protocol on Linux using command-line,

so you don't need to use any network managers of GUIs like KDE, Gnome, etc.



Check if ppp-generic module exists. If not, it will probably not work:
modprobe ppp-generic


Install necessary packages:
apt-get install pptp-linux pptpd ppp curl

Create PPTP configuration file:
nano /etc/ppp/peers/hmavpn


Enter this as content of the "hmavpn" file:
(replace 72.11.154.130 is the IP of the PPTP server you want to connect to, and MYHMAACCOUNTUSERNAME with your username)
pty "pptp 72.11.154.130 --nolaunchpppd"
lock
noauth
nobsdcomp
nodeflate
name MYHMAACCOUNTUSERNAME
remotename hmavpn
ipparam hmavpn
require-mppe-128
usepeerdns
defaultroute
persist

Enter VPN login credentials into chap-secrets file: ([tab] being replaced by a tab, username with your VPN account username and password with your PPTP password):
nano /etc/ppp/chap-secrets
username[tab]hmavpn[tab]password[tab]*

Create script to replace default routes - otherwise the VPN is not being used by your system:
nano /etc/ppp/ip-up.local

Enter this as content of the "ip-up.local" file:
#!/bin/bash
H=`ps aux | grep 'pppd pty' | grep -v grep | awk '{print $14}'`
DG=`route -n | grep UG | awk '{print $2}'`
DEV=`route -n | grep UG | awk '{print $8}'`
route add -host $H gw $DG dev $DEV
route del default $DEV
route add default dev ppp0

Make this script executable:
chmod +x /etc/ppp/ip-up.local

To connect to the VPN:
pon hmavpn

To disconnect from the VPN:
poff hmavpn

Check your current IP:
curl http://checkip.dyndns.org


Notes:

  • You can check via "ifconfig" if there is a ppp0 adapter. If there is, you are successfully connected.
  • All commands must be run with "sudo" if you're not logged in as a root user.
  • When you are connected but the VPN is not being used by your system, incorrect iptables / routing rules are responsible.
    Try running "route add default dev ppp0". I'll list other possible fixes here ASAP.

How to Use Linux Virtual Machine instead of router for VPN

Connecting Your Home Devices To The Internet Via A VPN Service, Without A VPN Client Capable Router

I’ve just been through this process at home for a “project” I was working on. Those attempting similar “projects” will understand why you’d do it. Those asking the question “But my computer connects fine to the internet already?” can probably stop reading. To give you a hint, I’m in Australia and I’ve just purchased a Roku Media Player from Amazon.
I wanted to set up my computers at home to access the internet through a VPN service. What HMA suggest is to configure the VPN at the router. The router being the gateway between the Internet and my home network. This is fine if your router supports acting as a VPN client. Mine, a TP-Link w8960N, does not support such functionality. So what to do?
The Synology supports acting as a VPN server for connecting back home, and with some tweaking, can be made to support being a VPN client. However, I prefer not to hack my Syno box unless I really have to though. After a quick try (thanks to Greg Hughes blog for the tips), I decided it’d be safer to break something else.
I could have purchased a router that supports VPN client connectivity. There are some articles over at VPNFreedom.com such as this one by Thomas Fals that explain how to set it up. I already have a NAS, Gigabit Switch and Router in the Home theatre cabinet though so the thought of adding another box doesn’t appeal. I also thought there must be a way to do it using software and without spending more money.
In the end, I decided to attempt it using a Ubuntu Linux Virtual Machine running an openVPN cilent and using IPTables to configure routing between the home network and VPN. Sound hard? Well, I wouldn’t recommend it to a novice user but if you have some Linux experience you should be able to manage.

Ubuntu Linux VM
Firstly you’ll want to set up a Linux VM. For those unfamiliar with Virtual Machines, it’s basically just a virtual computer running on another computer. Sticking with the ‘free’ theme of this thread. I decided to go with VirtualBox from Oracle. It’s a freely available Virtualization platform that you can install at home. Unlike VMWare Player or others, it will run on any platform, Windows / Mac / Linux.
I have a MacMini at home that I use as a Plex Media Client. I already had VirtualBox installed. It’s quite a simple download and install from VirtualBox. I won’t cover the install here.
I already had a Ubuntu 10.04 Linux VM configured that I’d used for another project. I’d tried out PS3 Media Server a while ago. So I decided to use that. If you need to install Ubuntu, there are several ways to do it as detailed on the Ubuntu website. You can also just download a pre-built VM image. Oracle have them available here.
I’ll leave it up to you how you want to do it.

OpenVPN Client
I’ll assume you’ve signed up with HMA already. If not, you should sign up for an account if you plan to use it before going any further.
Log on to your Ubuntu VM with root privileges. Whether that’s as root or if you want to sudo each command I’ll again leave that up to you. There are a few packages that you need to install in order to run the openVPN client and connect to HMA. Run the following:
sudo apt-get install openvpn curl unzip dnsmasq-base wget
This installs the OpenVPN client for connecting to HMA plus some tools you’ll need.

HMA Config
Create a directory where you would like to install HMA. HMA will run self contained out of this directory. Then download and unzip the HMA config to that directory.
mkdir /opt/hma
cd /opt/hma
wget http://vpn.hidemyass.com/linux.zip
unzip linux.zip
You are now ready to test your HMA connection. As per the HMA README file you just downloaded. Run the following to connect.
/opt/hma/hma-start -l
This will list the available servers. Choose one in the country you wish to connect via and start the VPN connection e.g.
/opt/hma/hma-start "USA, California, Los Angeles (DC1 S1)"
You will be prompted for your HMA username and password. This should then establish your connection.
If you get time out errors, try a different location. You should see some entries starting with /sbin/ifconfig and /sbin/route add. These entries should be on consecutive lines, if there are errors reported. Kill the process using ctrl+c and try again.

Routing Traffic Via Your VPN Connection
The goal here is to tell our clients to connect to the internet via our Linux VM instead of out directly through the router. We also need to make sure the VM is configured to forward IP packets out to through the VPN instead of bouncing them back to the client.
Firstly, make sure you configure your Ubuntu Linux VM with a Static IP address outside your DHCP range on your local network and that the gateway of your VM is pointing to the address of your router. e.g.
IP: 192.168.1.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1 assuming your router is providing DNS information.
There’s an excellent Ubuntu doc here on configuring Internet connection sharing. I really recommend reading it. Basically, this document assumes you have two network cards (NICs) or at least two interfaces configured and that your clients are connected to one and that the Internet is connected to the other. This is exactly what we’re doing here. Your local network interface is normally eth0. What we would normally do is set up another interface on eth1 and route traffic between eth0 and eth1. The difference here is that we’re using a openVPN client. When it’s running, this client creates a vpn tunnel interface called tun0. So we will be routing traffic to eth0 out via tun0. We do that using IP tables. For the how’s and why’s check out the Ubuntu doc. In command line form though, it’s the following commands.
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo iptables -A FORWARD -o tun0 -i eth0 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables.sav
You may also have to modify the /etc/sysctl.conf file to uncomment the line
net.ipv4.ip_forward=1
Done, assuming you’ve established a VPN connection, you’ve now set up routing on the Linux VM.

Client Config
Connecting clients will vary based on what type of client it is. Computers are the easiest because they’re the most configurable. Basically, you now just change the Gateway or Router address in your network config of your computer to point to your Linux VM. In this case it would be 192.168.1.10. That’s it. If you go to google.com and type in “what is my ip address” it will now show you the IP address of the VPN connection. It will also probably ask if you’d like to stop connecting to google.com.au and use google.com instead as it now thinks you’re in the U.S.

DHCP Only Clients (Optional)
There are some clients. Notably the Roku Media Player, that don’t support static IP addresses or changing the gateway. This is a bit of a pain. Normally, DHCP addresses are provided by your router. In my case this was the TP-Link w8960N at 192.168.1.1. The problem with this is that it also tells your client that the gateway address is 192.168.1.1. This is a problem because then your client uses that for the internet connection and not your fancy new VPN software router. To get around this, I turned off the DHCP function on my router and installed a DHCP server on the Linux VM.
sudo apt-get install dhcp3-server
Then put the following in a file called /etc/dhcp3/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.10;
option domain-name-servers 192.168.1.1;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
}
Then start the dhcp server using
/etc/init.d/dhcp-server start
Reboot your clients and they should pick up an IP address from the Linux VM and be provided with the new gateway address of 192.168.1.10.
Done.

Conclusion
It looks harder than it is and it’s a bit of messing around. You might decide it’s cheaper and easier to just buy a new router that supports VPN connections. I already had VirtualBox installed and a Linux VM so the whole process only took about an hour or so. It also avoids the need for another box in your setup, and it doesn’t cost anything except your time.
Big thanks to the info in everyone’s articles I read putting that helped put this together. I’ve linked where possible.

How to Secure IP Binding for Linux

For more info and other scripts regarding IP binding on linux, please see:



This script allows Secure IP Binding for Linux:

#!/bin/bash

cd `dirname $0`
if $1 == '-l'
then
  curl -s "http://vpn.hidemyass.com/vpnconfig/countries.php"
else
  sudo iptables -F

  COUNTRY=`echo $1 | sed 's/ /+/g'`
  curl -s "http://vpn.hidemyass.com/vpnconfig/client_config.php?win=1&loc=$COUNTRY"
> client.cfg

# Allow traffic to any HMA server.
  for remote in `cat client.cfg | awk '/remote [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ { print $2; }'`;
  do
    REMOTE_IP=`echo $remote | cut -d ':' -f 1`
    sudo iptables -A INPUT -s $REMOTE_IP -j ACCEPT
  done


  # Allow local traffic.
  sudo iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT
  sudo iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT
  sudo iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT

  # Disallow everything else.
  sudo iptables -A INPUT ! -i tun+ -j DROP

# Allow traffic from any HMA server.
  for remote in `cat client.cfg | awk '/remote [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ { print $2; }'`;
  do
    REMOTE_IP=`echo $remote | cut -d ':' -f 1`
    sudo iptables -A OUTPUT -d $REMOTE_IP -j ACCEPT
  done


  # Allow local traffic.
  sudo iptables -A OUTPUT -d 10.0.0.0/8 -j ACCEPT
  sudo iptables -A OUTPUT -d 172.16.0.0/12 -j ACCEPT
  sudo iptables -A OUTPUT -d 192.168.0.0/16 -j ACCEPT

  # Disallow everything else.
  sudo iptables -A OUTPUT ! -o tun+ -j DROP

  sudo openvpn --config client.cfg --auth-user-pass client.cred --daemon
fi

Note that this Script requires a username/password auth-user-pass file called "client.cred" in the working directory of the script.

It should be formatted thusly:
YourUserName
YourPassword

Type "man openvpn" for more information.

How to setup HMA VPN via OpenVPN on Ubuntu with Network Manager

Do this to connect to HMA Pro VPN via OpenVPN on Ubuntu with the help of the integrated network manager:

  • Install network-manager-openvpn-gnome
  • Download the vpn-config.zip ( http://hidemyass.com/vpn-config/vpn-config.zip )
  • Download the linux installer ( https://vpn.hidemyass.com/linux.zip )
  • Create vpn folder (I used ~/vpn)
  • Extract both zip files there
  • Open network-manager (System->Preferences->Network Connections)
  • Go to VPN tab
  • Import the *.ovpn entry for the location you wish to connect
  • Edit the entry and change the "Type" to Password with Certificates (TLS)
  • The gateway and cert/keys should already be populated from the import
  • Add your vpn username and password
  • Apply
  • Use the network icon in the panel to navigate to your VPN entry and connect