Bypass Censorship By VPN

in #censorship4 months ago

Description

Virtual private network (VPN) contains the word "private network" and "virtual". During the time of the writing of this article, a public network is just another term to the Internet while private networks are outside of the Internet. Example nodes residing in the public network are Google and Youtube. Example nodes residing in the private network are clients or users accessing Google and Youtube. This situation exists because the current Internet infrastructure is too small to host all the computers in the world. Therefore, clients and users are mostly outside of the Internet where they need to go through mediaries to communicate with those in the Internet, I like to call them gateways (see my simple introduction to computer network to understand the basics).

While the Internet or public network is like the streets and outside world where we can go out and travel, a private network is like our house where it is private and only us can enter. A vritual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Analogically, it is like an open house where other people can enter but ofcourse with the permission of the house owner. For example, when we are at home or outside but we need to access our office's internal network, we usually need to run back to our office, but with VPN, we can access on the spot.

When we enter a VPN, we are subjected to different rules. It is unfortunate that most Internet connection today have enforcers. When we want to access a website, we always ask that enforcer and the result is whether we are granted access or not. The role of VPN other than privacy is censorship resistance. When we go to a VPN, our enforcer changes or if we are lucky, we have our enforcer removed. For example in Indonesia, access to anime, manga, and reddit are prohibited, but if we access from Japan, it is granted. Then what is the difference between VPN and proxy server? Proxy server is just one server while VPN is a whole network which contains routes and servers.

bypass-censorship-vpn-illustration.gif

Bypass Censorship through VPN Illustration

Setting VPN Client

Interestingly, setting a VPN can either be easier or harder than setting dns and proxy. That is because there are different choices unlike dns or proxy where simply just inputing numbers. It is easier because there are many ready applications available where the steps are just installing and run. It is harder if you choose to set the configuration manually which can involve more than just setting the VPN server's IP address.

Ready VPN Application

As the word "ready", these kinds of VPN applications only needs to be installed and run to enjoy bypassing censorships. In Windows, you can try finding from Microsoft Store. In Linux, check your own package manager. In Android and IOS you can search their respective stores. Generally, you can find portable archives or go for installable files. Ready VPN application are also available in form of browser extensions.

bittubevpn.PNG

Although bittube browser extension are primarily about Tube cryptocurrency coin where you can earn Tubes for your time on the Internet, monetization, and as a Tube wallet for storing and staking your Tube coins, it also provides VPN services. All you need to do is go to the VPN menu and choose a VPN you want to connect to and enjoy bypassing censorship. It also have a referral system. Therefore, I will be very thankful you download from this link: https://bittube.app/?ref?2JY4FE0CP if you haven't tried it before.

Screenshot_20200423-034736_TunnelBear.jpg

On my android smartphone, I found tunnel bear. It easy to use where you just have to install and choose your VPN. The animation is also amusing showing a bear popping up on the VPN that you chose. When I was in Indonesia, I rely on tunnel bear to access my entertainments which are manga, manhua, manhwa, comics, and anime which are mostly blocked in the country.

There are many ready applications out there. Leave a comment you know a good onw. To prevent this article from becoming to long, I can only advice you to search the search engine such as Google to find the VPN the you want. Example search terms: "vpn", "free", "Windows", "Linux", "Android", "United States", "Japan", "Indonesia", "Europe", "China", etc.

Manual VPN Clients

If you search for "free vpn list" on search engine, you may stumble upon a website that give a list of open vpns for example https://www.freeopenvpn.org. If they provide you a profile that you can use with just a click, that's great. However, if you are given configuration details that you have to write yourself, or use default or other vpn clients, you need to set them correctly. Usually, there are more than just IP address and port for example, transport protocol, compression, and certificates.

freeopenvpnorg.PNG

Example Open VPN on https://www.freeopenvpn.org.

Premium VPN

When you try free VPN, you may find disatisfaction. A VPN can be slow because your browsing perception is based on the slowest part of the whole network connection. If the VPN is slower, that you will perceive a slow connection eventhough your main connection is fast. On the other hand, you will also feel slow if your main connection itself is slow even if you use a fast VPN.

Another factor, is the privacy and security which I'm skeptical about for most free VPN. Sure that VPN may provide no or different censorship, and privacy from the main surveilance but you maybe monitored deeply by the administrators of the VPN themselves. If not, who knows if their security is low that other people can easily monitor and steal your private data. Therefore, it is not recommended to expose private data such as inputing username and password on a login form.

Therefore, there are premium or paid VPNs where they generally provide quality at a price. If you are a skilled technician, then you can test whether the VPN is good quality or not. If not, then you have to research yourself such as see if there are licenses or certificates on their VPNs, read people's reviews, and how long have the VPNs been running.

Building OpenVPN Server Linux

If you want a single script building which is the simplest way, you can try pivpn. I built openvpn server a few times but I just cannot completely remember the steps, maybe because I have not repeated it enough. I will be honest, the reason I wrote and record my computer tutorials is mainly for myself to remember when I need to do them again. But, why not share them with everyone else by publishing them online and I was surprised that I can monetize them. Now, going back to OpenVPN server on Linux, the detailed steps may seem overwhelming for beginners but the overview is actually only a few which are:

  1. Install openvpn server and certificate authority creator.
  2. Create certificates, server key, and client keys.
  3. Configure the openvpn server which includes linking the certificates, use compression or not, allow clients to access the Internet through the VPN or not, etc.

Installing OpenVPN Server and Certificate Authority Creator

I was using Debian based Linux like Ubuntu:

sudo apt install openvpn easy-rsa    

Creating Certificates

Become an administrator for example using the command:

sudo su

Create an certificate directory for openvpn, work there, and configuration samples from easy-rsa share directory:

mkdir /etc/openvpn/easy-rsa/
cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/

Edit "/etc/openvpn/easy-rsa/vars" and fill in at least the lines that are not commented and edit the names and information as you see fit. There are instructions you can read within the file. Then generate certificate authority (CA).

cd /etc/openvpn/easy-rsa/
source vars
./clean-all
./build-ca

Generate a private key for the server. Name it whatever you want but keep it consistent through out the installation.

./build-key-server myservername

Generate Deffie Hellman

./build-dh

Generate client certificates and keys for as many clients as you want. After generating, you can copy the "ca.cert" and all client certficate and keys to the clients. I'm not sure whether you can use the same cert and keys for the multiple clients but you can generate them by repeating the following commands:

source vars
./build-key client1

All keys and certificates are in the "keys/" subdirectory. You can leave them there but remember to specify the correct paths in the configurations. If not, then just copy to "/etc/openvpn" subdirectory:

cd keys/
cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/

Configuring OpenVPN server

Configuration examples of both client and server are available on "/usr/share/doc/openvpn/examples/sample-config-files". You can reuse and edit the example server configuration:

cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gzip -d /etc/openvpn/server.conf.gz

Edit "server.conf" as you see fit, explanations of how to edit them are available within the file. Just make sure the configuration is consistent to your inteded client configuration. For example, if the server does not use compression while the client uses compression then communication will not work and vice versa. Here's an example of my server configuration:

port 1194
proto udp
dev tun
ca ca.crt
cert myservername.crt
key myservername.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
push "route 192.168.0.0 255.255.255.0"
client-to-client
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"

The last four lines are my own additional where I want the VPN to find the local network 192.168.0.0 attached to it and allows connection between clients. The last two lines are probably the ones you want to add which is to allow the use of Internet connection of the VPN and add 8.8.8.8 Google DNS. Next is to edit "/etc/sysctl.conf" to allow port forwarding by setting "#net.ipv4.ip_forward=1". Finally, reload sysctl and start or restart openvpn server:

sysctl -p /etc/sysctl.conf
systemctl start [email protected]

OpenVPN in Client

At first I used tunnel bear in Indonesia to access my entertainments which are manga, manhua, manhwa, and anime but eventually, I ran out of quota. Luckily, my appartment in Japan provides a dynamic public IP address in my apartment and I was able to install an openvpn server during those periods. So, I connect to that server which is suprisingly, more reliable then tunnel bear, probably because I was the only one using it.

OpenVPN client Linux

You can either use the network manager or install openvpn just like you install on the server (only "apt install openvpn"). If you use the network manager, input the keys and certificates, username and password if you set, and go to advance and make sure you match the configuration to the server. One difference will make it unconnectable. If you install openvpn, just copy the sample client configuration to the openvpn configuration subdirectory:

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/

Match the client configuration to the server with the differences are declaring the configuration file as client along with the client certificates and keys and inform the hostname or address of the remote openvpn server:

ca ca.crt
cert client1.crt
key client1.key
client
remote 0fajarpurnama0.ddns.net 1194

Then start the openvpn client:

systemctl start [email protected]

OpenVPN client Windows

It's more convenient to rename the "client.conf" to "client.OVPN" where for some reason, the extension must be in capital letter to work. You can keep it in the same directory as the certificates and keys, but it is more convenient to have them embeded into "client.OVPN":

client
dev tun_c_ovpn
proto udp
remote 0fajarpurnama0.ddns.net 1194
resolv-retry infinite
keepalive 5 10
nobind
persist-key
persist-tun
verb 3
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgIUbZAu8yajhVulFYZ4CWNqGc8xWncwDQYJKoZIhvcNAQEL
BQAwgccxCzAJBgNVBAYTAkpQMQ8wDQYDVQQIEwZLeXVzaHUxETAPBgNVBAcTCEt1
bWFtb3RvMRcwFQYDVQQKEw4wZmFqYXJwdXJuYW1hMDEXMBUGA1UECxMOMGZhamFy
cHVybmFtYTAxGjAYBgNVBAMTETBmYWphcnB1cm5hbWEwIENBMRcwFQYDVQQpEw4w
ZmFqYXJwdXJuYW1hMDEtMCsGCSqGSIb3DQEJARYeZmFqYXJAaGljYy5jcy5rdW1h
bW90by11LmFjLmpwMB4XDTE5MTIwMTE2NDQ1M1oXDTI5MTEyODE2NDQ1M1owgccx
CzAJBgNVBAYTAkpQMQ8wDQYDVQQIEwZLeXVzaHUxETAPBgNVBAcTCEt1bWFtb3Rv
MRcwFQYDVQQKEw4wZmFqYXJwdXJuYW1hMDEXMBUGA1UECxMOMGZhamFycHVybmFt
YTAxGjAYBgNVBAMTETBmYWphcnB1cm5hbWEwIENBMRcwFQYDVQQpEw4wZmFqYXJw
dXJuYW1hMDEtMCsGCSqGSIb3DQEJARYeZmFqYXJAaGljYy5jcy5rdW1hbW90by11
LmFjLmpwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6HwIppc9/Kwl
Hkd+yUpEk8UveacjcGvEsvBdSLzn1IeUgDNkvKy8uuFcptV3sqg89+lagaM3z1MI
Ere2GFHQFPHX1of78v2XY9r31KSArtN2tqpIWS8EMpt7xOLaFXTJiSBgG0LwVy/7
DppaloPiFwYXu/itzZXjN26fuHvbFQEfYlh1MdcxpHj9Reswjk3+EOrtnLchHdQ+
E/xIR5WzA2vlpw1ie4fy1SLPulUZf7ZG/SIPTrXcWvTljti2LJgxt3xHElD/KmTN
6t5KIHv7Mx9BY2Q98YgwmzPzkG0FQ03NygEan4HXJ85RIK5rJVmbR2+9hWqFDV54
RQL42Nq6hwIDAQABo4IBPDCCATgwHQYDVR0OBBYEFMvHUSxayCjwg9n4z8NzHNQ1
e8zBMIIBBwYDVR0jBIH/MIH8gBTLx1EsWsgo8IPZ+M/DcxzUNXvMwaGBzaSByjCB
xzELMAkGA1UEBhMCSlAxDzANBgNVBAgTBkt5dXNodTERMA8GA1UEBxMIS3VtYW1v
dG8xFzAVBgNVBAoTDjBmYWphcnB1cm5hbWEwMRcwFQYDVQQLEw4wZmFqYXJwdXJu
YW1hMDEaMBgGA1UEAxMRMGZhamFycHVybmFtYTAgQ0ExFzAVBgNVBCkTDjBmYWph
cnB1cm5hbWEwMS0wKwYJKoZIhvcNAQkBFh5mYWphckBoaWNjLmNzLmt1bWFtb3Rv
LXUuYWMuanCCFG2QLvMmo4VbpRWGeAljahnPMVp3MAwGA1UdEwQFMAMBAf8wDQYJ
KoZIhvcNAQELBQADggEBAJS159tPUrmnPjVffVZi5fvRBishiuaB91EUH5MEbqkk
hrootBEQSNSxCGh3nOlGVFherpyla1a+G1F0pnyobrnzLTpcf28fQdKN6ZbV5psA
/+CSwBYO1BLnarwu+VYnZeQxHYc/3v3xMNNZV5oE9uil7VAxMJV5zGUSxQi7fQZS
Wo4AV8AHpKKdpdOXr8UyirXqDgiZY7nZpmnJaTPYacKbCk/pziTEjSkwGiYIE8q4
EWaAD+3WnjpE7K2ky7TWGuK/a0G+Jx2YZCkirXnc9znWELa7B5M7RLJrDhTC0Whz
4zNpn5HClk+XzTu850So9xxPQ73L0Veob7sBfNZlBu8=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIFoTCCBImgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBxzELMAkGA1UEBhMCSlAx
DzANBgNVBAgTBkt5dXNodTERMA8GA1UEBxMIS3VtYW1vdG8xFzAVBgNVBAoTDjBm
YWphcnB1cm5hbWEwMRcwFQYDVQQLEw4wZmFqYXJwdXJuYW1hMDEaMBgGA1UEAxMR
MGZhamFycHVybmFtYTAgQ0ExFzAVBgNVBCkTDjBmYWphcnB1cm5hbWEwMS0wKwYJ
KoZIhvcNAQkBFh5mYWphckBoaWNjLmNzLmt1bWFtb3RvLXUuYWMuanAwHhcNMTkx
MjAxMTY0ODExWhcNMjkxMTI4MTY0ODExWjCBvTELMAkGA1UEBhMCSlAxDzANBgNV
BAgTBkt5dXNodTERMA8GA1UEBxMIS3VtYW1vdG8xFzAVBgNVBAoTDjBmYWphcnB1
cm5hbWEwMRcwFQYDVQQLEw4wZmFqYXJwdXJuYW1hMDEQMA4GA1UEAxMHY2xpZW50
MTEXMBUGA1UEKRMOMGZhamFycHVybmFtYTAxLTArBgkqhkiG9w0BCQEWHmZhamFy
QGhpY2MuY3Mua3VtYW1vdG8tdS5hYy5qcDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ2GVHKPqK/xfCCjK0+bVI07BTpbM4dCE3IElGBmKALY28D43zGF
74OjAWo+ifTru2ThlpOkfa9PtBaMxqY/EWj6sjY6Bt1fm3QmcnasOeFWMSH5ZTV3
PiNcb8QJeusWL0EtDjz1anbe2H1UqYepAHhmFxTKap6oqQnXDTO/gQuDBvC/LgfF
S07GxGfjTUSM6CyPKAmWOJIIqM7KRR0UA3cLiIDbbmQy4RicBAF6jfKUSa6SeFQn
7YTNrnOOrbK0r78JcDJ+OU0whnr1dW7PZdByzRFxXxzlHZM1m9Me/4I8VcNFeh0Z
Y3ATmIGaIcfQmfC4nO14W4k1XULvzF5pGA0CAwEAAaOCAZ4wggGaMAkGA1UdEwQC
MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
ZTAdBgNVHQ4EFgQUxH6LrB12M55RSYC4FGcVZaWp5kkwggEHBgNVHSMEgf8wgfyA
FMvHUSxayCjwg9n4z8NzHNQ1e8zBoYHNpIHKMIHHMQswCQYDVQQGEwJKUDEPMA0G
A1UECBMGS3l1c2h1MREwDwYDVQQHEwhLdW1hbW90bzEXMBUGA1UEChMOMGZhamFy
cHVybmFtYTAxFzAVBgNVBAsTDjBmYWphcnB1cm5hbWEwMRowGAYDVQQDExEwZmFq
YXJwdXJuYW1hMCBDQTEXMBUGA1UEKRMOMGZhamFycHVybmFtYTAxLTArBgkqhkiG
9w0BCQEWHmZhamFyQGhpY2MuY3Mua3VtYW1vdG8tdS5hYy5qcIIUbZAu8yajhVul
FYZ4CWNqGc8xWncwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBIG
A1UdEQQLMAmCB2NsaWVudDEwDQYJKoZIhvcNAQELBQADggEBABzfVo8l4yUplgrb
wi3TT3nZnfz9j+5bHHvy2NRIGGmLlcZGrr+qJ+zwvDF6aPuaJ1goB9nSuPfcHEnR
HTVsHIcUQ+yOSiNIrUIFuasQlWiZ5TA0CIChVWrKaWpvuZUgBUIra4Qj8qrHypj0
M2X551F6vspNA8to+oNpH6/wDtRIo6y3wac/hnv2vrpCg5TmVcAqammk02GMxITh
wa/zMWZsCccbt/jmeJ7QVX33nZGWykep2vf3CbROxmK0L9amPkMCOPvG7evCuLE4
UMOA7q2KARVeoSq6xVVi65h+KCzXvhUQ/Z2W+9g88L+w0Jcr666CgHUjYc0pBHCW
LKvLkjs=
-----END CERTIFICATE-----

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCdhlRyj6iv8Xwg
oytPm1SNOwU6WzOHQhNyBJRgZigC2NvA+N8xhe+DowFqPon067tk4ZaTpH2vT7QW
jMamPxFo+rI2OgbdX5t0JnJ2rDnhVjEh+WU1dz4jXG/ECXrrFi9BLQ489Wp23th9
VKmHqQB4ZhcUymqeqKkJ1w0zv4ELgwbwvy4HxUtOxsRn401EjOgsjygJljiSCKjO
ykUdFAN3C4iA225kMuEYnAQBeo3ylEmuknhUJ+2Eza5zjq2ytK+/CXAyfjlNMIZ6
9XVuz2XQcs0RcV8c5R2TNZvTHv+CPFXDRXodGWNwE5iBmiHH0JnwuJzteFuJNV1C
78xeaRgNAgMBAAECggEBAIdKmvb1uXy7W8+wNH+fugO+gCP5tozhzE+t7T3KH20q
kbrwRMmE7gxSEOIOKnCHkh/3vFq7+RJ70wFXEToxiqNuRWdbeQ/ikGI2rzKLgv6t
B2/Vgf5klqLKPlfRiJemKxnAN61VXoYPqUIjV6NjHDtL+2Do5J+13dDMudMLFCss
meMzGCchAQ3Lm2zybdRUNOsVCIQIgIGpVAsmn80lCr+DWWsdee6PIknn/76Wc2Ie
phi0tAruQAGxxDnMJMPG03yRQ6xmllVRoNncNVEr3gRk4NiKBWn2R26ia7Llw6K0
Z3abIO1qJj3SoRzb1ZIevPoYPqH8GE1EceXD5RfqwCECgYEAzMMQExmXvImbYoi7
dxQQiUPwt1FDIr9mYZHmhd6z2DDF3T8bOU5Z8DG5oMrIIofQK0flesvULastuheB
wmbId4KUBl6STEg4uOXCTZeYNp3pTQu2MDOvICgVcrQSnkOuZTckasvq+5l2jE/7
DL2i4ZQE4FwlSEE4a+Nr8/IgfJUCgYEAxPFGpZ18CN/dKanchVWDC9crAZ5F2Qb/
RT0yJKie1WF4LkI+E4we+BegDginy5pGjaRUueUB5IRtCefvb4dp+6rFFhSMluIM
Na64FAJYM+5J227iYjo8rtYhQVWCjkcXUcJDQTUfoogtXBj3X3TP+VCHwxawtMYw
v+8gnFIIV5kCgYAMzCQ1DWRuZCtR/Tm6N4bRDW3+BxYrFctQTc4aj9Ctsl6rdUY+
TqdQW8s+QW5AujxIeDXfdt3L/ObeuplhjQr6bS7TNxXtrpXc+H8sWk0pHLV4G0NH
v/MyD09H2/lN6uz7ZnbgNd552x2Np3IJWdDUSGwFmby6x1i/ZXdZx8hAAQKBgQCS
FDEFuRl+b6ZZOAA0+ieYycHBkodWokUIM4sU++nMdl6xWTs4Po/eD5ANuMfVUpqQ
h1q9BCtyN/O1DE9iV3v6S0Gizh018XeC/hTV6qNH6bDozYenunC2cmf6URXkuMCI
SWKfZGsRoJacoHwkVr3IvL3mq9boT7VrOFDlAkfjyQKBgECDXo/MJoB22loxjFX9
1PycP92ZLYHUnIDHhAkgzmd65+qCrhk10d0BIiBcgfgL3Z0Kv/G/xNhEbZu20tua
cEKPaqUD5xUjZyZKXLzQ8k7pLCRN6XQ26UhnUPNZS8BxqkJIAu2x0SbIZjnXblF3
GZ+xa6lVwhHCq7EKcDvGHvLe
-----END PRIVATE KEY-----

You can now carry that .OVPN file anywhere with you. Next is to download the openvpn client for Windows if your Windows default client does not support.

OpenVPN client Android

Same method as Windows, get your .OVPN file and download openvpn client for Android.