Wednesday, September 28, 2011
All trademarks used in this guide are trademarks of their respective owners and only
used for reference.
The most current version of this guide is available from our web page,
http://www.your-freedom.net/, in the Documentation section. Please check if there is
a later copy available if you encounter problems or you cannot find needed information in this copy.
This guide is © Copyright 2006, 2007 by resolution Reichert Network Solutions
GmbH, Saarbrücken, Germany. All rights reserved. You are welcome to copy and
distribute this guide in both electronic and paper form as long as you distribute it as a whole and not in parts, you do not modify it in any way, and the reference to the
original location is kept intact. Please advise all recipients that distributed copies may
not be the latest version of the document, and that they can always download the latest version from our web site.
Index
1 Introduction...................................................................................................... 5
1.1 What is Your Freedom?............................................................................. 5
1.2 What is it not?........................................................................................... 5
1.3 What can I use it for? ................................................................................ 5
1.4 How does it work?..................................................................................... 6
1.5 Is it secure? Is it anonymous? Does it compromise my security? Can I catch
a virus? ............................................................................................................... 7
1.6 What does it cost?..................................................................................... 8
1.7 Is Your Freedom —Spyware“ or —AdWare“? ................................................. 8
1.8 How many servers do you have? Are they all the same?............................ 8
2 First steps...................................................................................................... 10
2.1 Registration process ............................................................................... 10
2.2 Getting and installing the client software .................................................. 10
2.3 Connecting for the first time..................................................................... 11
2.4 Configure applications............................................................................. 20
2.4.1 Automatically ................................................................................... 20
2.4.2 Manually .......................................................................................... 21
2.5 Sophisticated configurations.................................................................... 27
2.5.1 The Your Freedom configuration dialog ............................................ 27
2.5.2 The Your Freedom client configuration file ........................................ 33
2.5.3 Configuration options ....................................................................... 33
2.6 Starting and stopping the connection ....................................................... 41
2.6.1 Each user may only log in once ........................................................ 41
2.7 Choosing the right server ........................................................................ 41
2.7.1 Server location ................................................................................. 41
2.7.2 Protocols.......................................................................................... 42
2.7.3 CGI relays........................................................................................ 42
2.8 Using —socksifiers“................................................................................... 44
2.8.1 Windows .......................................................................................... 44
2.8.2 Linux and other Unix derivates.......................................................... 44
2.8.3 Mac OS X ........................................................................................ 45
2.9 OpenVPN support................................................................................... 45
2.9.1 Introduction ...................................................................................... 45
2.9.2 Prerequisites .................................................................................... 45
2.9.3 Configuration tasks........................................................................... 46
2.9.4 Configure your applications .............................................................. 47
2.9.5 Troubleshooting ............................................................................... 47
3 Advanced usage ............................................................................................ 49
3.1 FreeFreedom (usage free of charge) ....................................................... 49
3.2 Packages and Vouchers.......................................................................... 49
3.2.1 Vouchers ......................................................................................... 50
3.3 Test drives .............................................................................................. 50
4 Troubleshooting ............................................................................................. 51
4.1 Why does my app/game not work? .......................................................... 51
4.2 Creating a —dump“ file.............................................................................. 51
4.3 Using a packet sniffer.............................................................................. 52
4.4 Using encrypted email to contact us ........................................................ 53
1 Introduction
1.1 What is Your Freedom?
Is your Internet access somehow restricted? Are some web pages not accessible to you, or are you unable to run applications because of such restrictions? Then Your
Freedom is for you. Although the techniques used by Your Freedom to break through such restrictions are fairly complicated, it is not difficult to use.
Your Freedom is a Connectivity Service that allows you to overcome connectivity restrictions imposed upon you by your network administrators, your provider or your country. It also provides a certain level of anonymization, and it hides from your administrators and other nosy people close to you what you are doing on the
Internet.
It works by turning your local PC into a web proxy and a SOCKS proxy that can be used by your applications (web browser, games, whatever). Instead of connecting directly, applications can send connection requests to these —proxy servers“ provided
by the client part of the Your Freedom software running on your PC, and the client part will then forward these requests to the server part running on our connectivity servers through a connection protocol that is still available to you and through which the client part can reach the server part. It tunnels through firewalls, web
proxies, FTP proxies and the like. Sounds complicated? Well it is, but the good news
is you don‘t have to worry about it, that‘s our job. ☺
1.2 What is it not?
Your Freedom is not a VPN software. It does not provide a connection to a private
network but to the Internet.
Your Freedom is not a firewall solution, it is meant to break through firewalls, not to
be one. It does not make your PC any safer. But that‘s likely not your concern
because someone is probably protecting you too well anyway.
Your Freedom is not a perfect anonymizer. The service does provide a certain level
of anonymization by hiding your IP address. Instead, the connection request appears
to come (in fact it does come) from one of our connectivity server IP addresses. But it cannot protect you from your own mistakes or flaws in applications and protocols.
Your Freedom is not in any way enhancing your connection. It does not provide data compression and it cannot speed it up in any way; in fact, there is a certain amount of overhead which is dependent on the connectivity protocol used, so things will probably run slower, not faster.
1.3 What can I use it for?
Your Freedom can be used to overcome:
• Protocol restrictions
If you cannot use certain applications or services because these applications
cannot connect to the Internet in the usual way, Your Freedom may be able to help you. For example, if your favourite online game does not work in your
place because someone decided that you shouldn‘t play it, then try Your
Freedom. Games known to work well include: WOW, EVE, Counterstrike and
many others.
You may not use P2P protocols because someone thinks it‘s illegal*? Most
P2P clients work nicely with Your Freedom, and you can even get a server port, which gives you a —high id“.
• Blacklists
You may not visit certain web pages? Try Your Freedom. It turns your local PC
into an unrestricted web proxy that provides access to all web pages that are generally accessible.
• Time restrictions
We have heard from users that they use Your Freedom to avoid time
restrictions. In most cases, existing connections are not disrupted by such restrictions, and therefore all they need to do is to start the Your Freedom client before the restriction is in place, and keep it open. The connection between the client and the server part is persistent (this depends on the connection protocol, however).
1.4 How does it work?
You need to run the client part of the Your Freedom software on your local PC. It is written in Java and should normally run on nearly every PC without the need for administrator rights. We also provide installer versions that do not require Java to be installed, but you may need administrator rights to install these.
The client software then connects to one of our servers through a connection protocol that is still available to you. In most cases this will probably be a HTTP connection through a web proxy that you may use, or a —HTTPS“ or FTP connection. In many places, UDP may be used as well. In most cases all you‘ll need to provide is the
address of a web or an FTP proxy (and probably authentication credentials); the client will take it from there and find a way to connect if one exists.
Have a look at the picture below. The box on the left is your PC. Let‘s say the
restrictive firewall won‘t let you access hotmail.com and you want to read your private
email from your workplace; fire up the Your Freedom client and let it connect to one
of our servers, configure your web browser to use it, and your web browser will be able to connect to hotmail.com by connecting to the Your Freedom client, who will forward the requests to one of our servers, who will then forward the request to the
hotmail.com server. The replies from the hotmail.com server will take the same route
backwards.
* The protocol is of course not illegal and it‘s therefore silly to block it; we know best because we had
to block it on some servers as well but it remains open on most. Your actions may be illegal though œ
Your Freedom can‘t do anyt hing about this, it remains your responsibility.
This is only a very simple scenario but it illustrates that the Your Freedom client
application and the Your Freedom server act as intermediate hops for your
application connections.
1.5 Is it secure? Is it anonymous? Does it compromise my security? Can I catch a virus?
Connecting to the Internet through Your Freedom is generally less dangerous than connecting through a dial-up connection. As long as you do not explicitly configure a server port forward, no-one can connect to your PC though Your Freedom. But since you may download data from the Internet that may then be executed on your PC
(intentionally or unintentionally because of application bugs) there is a certain amount
of risk; it‘s the same as if you connect through any other means to the Internet and download data from there. However it is possible that your company or whatever
uses sophisticated protection mechanisms (e.g. virus checking for downloads from
servers on the Internet) that we do not provide; in this case it is indeed less secure. But please consider that it is less secure because it allows you to do things that you would otherwise not be able to do œ the most secure protection from the dangers of
the Internet is an Air Gap, i.e.: pull the plug. You‘ll be safe but also lonely.
It has been said before that Your Freedom is not a full-blown anonymization service.
It will however hide your IP address, unless your application communicates it —in- band“. Web server admins will not be able to see where the access comes from
initially, they will instead see one of our IP addresses. But we do not take any further anonymization measures: we do not remove tracking cookies, nor do we —wash“ the request headers that your web browser sends.
With regards to viruses: we do not have any virus protection mechanisms built into
the service and therefore do not provide any virus protection†. Please install anti-virus software on your PC.
1.6 What does it cost?
A fundamental service is provided for free. It is restricted in bandwidth and the
number of simultaneous streams, and there is a time limit for the connection between the client and the servers (but you may reconnect immediately).
We provide upgrade packages that reduce or remove the bandwidth restriction and that allow for more simultaneous streams, and there are server ports that you can
use to allow inbound connections to your PC or another PC in your network. The
packages are available as one month, three months, six months or twelve months upgrades, and come in three different levels that we call BasicFreedom, EnhancedFreedom, and TotalFreedom. As an alternative to whole packages exist vouchers carnets. Vouchers can be used to temporarily upgrade your Your Freedom account with a package without having to pay for a full month and not use parts of it. Details can be found in chapter 3.2 of this guide.
1.7 Is Your Freedom —Spyware“ or —AdWare“?
No! Rest assured that the Your Freedom client does not contain any code to spy on you or to cause any annoyances (other than the restrictions of the FreeFreedom service, which are of course there to convince you of the benefits of buying a
package). The only reason why we don‘t publish the source code is because much of the code is also used in the server, and we don‘t want to expose it. Also, we don‘t
want to unnecessarily help those developing blocking appliances.
The servers do a certain amount of logging, however, but we do not log any details about your streams other than when they started, when they ended, and how much data was transferred. This is purely for statistical reasons, and the log file data is not kept on the connectivity servers themselves but on a central server in Germany.
Also, there is a control console on the servers that allows us to see what users are currently doing (but not any content). We only use this for troubleshooting, and all
data there is transient and not stored anywhere. The moment you log off it‘s all gone. And believe us, we have better ways to pass our time than peeping on you.
1.8 How many servers do you have? Are they all the same?
At the time of writing we have 18 servers online, in 3 different countries. All will be able to support basic web surfing or chatting but some will refuse P2P connections (namely the ones located in the United States). Some can handle more traffic than others. Have a look at the live statistics page at http://www.your-freedom.net/142/; servers that are not in the —p2p“ server group are not suitable for P2P applications,
servers that are not in the —volume“ group are not suitable for large file transfers, and
so on œ you‘ll get the drift.
† Actually this is not entirely accurate. Outbound mail sent through Your Freedom is scanned for viruses. We do this to avoid blacklisting of our IP addresses, which would make it impossible for our users to send email t hrough Your Freedom. It does not protect you, it protects others from you.
Everyone may use all servers in the —default“ group; right now, all servers are in this group, but this may change.
Also look at the server load. The higher the number, the more loaded the server. A
load below 40000 is considered low, loads above 125000 are considered high. We
use a traffic light scheme to quickly indicate the server state. A —green“ light indicates that the server is fine and can accept your connection. A —yellow“ light would indicate that the server is up and running but currently rather busy or already slightly
overloaded and probably won‘t be able to provide the best service to you œ you are
still welcome to use it, and the service may still be pretty good. A —red“ light indicates
that the server is down or otherwise unable to serve you.
2 First steps
2.1 Registration process
Your first step in using our service is to register on our web site. You need to visit http://www.your-freedom.net/ and create an account there. There is a link underneath the login and password form fields in the red part of the banner.
On the registration page, choose a username (preferably one that is not likely already used) and provide a password. Please make it long enough, it‘s for your protection,
not ours. Both username and password may contain uppercase and lowercase ASCII
letters, digits, dashes and underscores; other characters may work as well but it‘s not
a good idea to try. The only other required field is your email address (everything else
is not mandatory; please don‘t fill in rubbish if you don‘t want to provide the
information. Many of these fields are only there because we haven‘t taken them out. Once you‘ve filled everything in, click on the —Create account“ button. You will be
asked to confirm your details by clicking on —Create account now“.
Within a few minutes you should receive an email containing an activation link. If your email address is protected by anti-spam measures, please ensure that email sent
from the —your-freedom.net“ domain (i.e. ending in —@your-freedom.net“) is permitted before you click on the —Create account now“ link. Activate your account by clicking
on the link in the email (or cut&paste it into your browser). If you haven‘t received the email or if the link doesn‘t work for whatever reason, please send an email to our support staff, they can create or activate the account for you if you send them an
email to support@your-freedom.net, telling them the username.
What if you cannot access our web page because it‘s blocked? Well, it‘s a hen and egg problem then. Either ask someone else to create an account for you (or do it
from somewhere else) and modify it later, or obtain the client software from another source than our server, and use the username —unregistered“ and the password
—unregistered“ in it. This account will only provide access to our web page, however. Alternatively, if you are able to send an email to our customer support, ask them to create an account for you. Just write to support@your-freedom.net telling them about your problem, suggest a username (please limit yourself to ASCII letters and
numbers, dashes and underscores) and a password, and ask them to email you the
client software (please state which type you‘d like, see chapter 2.2 on page 10). If all the odds are against you and you can‘t get the client software from anywhere else
we‘ll mail you a CD as well.
2.2 Getting and installing the client software
Once you‘ve created an account you may use it to log in on our web page. This will give you access to the Download section of the page. Log in, then click on
—Downloads“(Actually you don‘t have to be logged on). There are several ways to run the Your Freedom client, and consequently there is more than one download option:
• Windows Installer
Windows users who already have a suitable Java Runtime Environmentfl
installed on their system and who have enough rights to install software should
be able to use this version. The download is about 1 megabyte in size. If you are unable to download files ending in .exe, try to copy the link location and
paste it in the URL field of a new browser window, then change the .exe to .txt.
• Windows Full Installer
This version comes bundled with a JRE of its own so there are no
prerequisites. Every Windows user should be able to use this one, provided
that you may install software on your PC. The download is rather fat, about 28
megabytes. Again, this is an .exe file, try changing the ending to .txt if this is a problem. A benefit of this version is that it‘s compiled to native code and will probably consume less resources.
Both Windows installer versions are installed by running the .exe file. Just follow the instructions in the installer and you should be done in a minute. Once the client software is installed, proceed to chapter 2.3 on page 11.
If you are not running Windows or if you cannot install software on your PC, your best choice is the Java archive version. Download the ZIP file and extract the contents
into a folder to which you may write. This could also be a memory stick, or a CDROM,
by the way. Then run the Java interpreter with the —freedom.jar“ file. With Windows
it‘s usually enough if you double-click on the JAR file, but you may want to open a
—cmd“ window instead, —cd“ to the directory and run —javaw œjar freedom.jar“ instead.
On Unix boxes you‘d normally use —java œjar freedom.jar“ or —kaffe œjar freedom.jar“
or something similar; Unix users normally know.
We also offer a Mac OSX installer version but we do not create these installers ourselves, so it might be less current than the others. You should be able to use the Java archive version on your Mac without problems œ OSX is built on Unix and ships with a pre-installed JRE.
Generally, the Java archive version of the Your Freedom client should run on every computer that has a suitable JRE œ and enough memory. We love to hear from you if you‘ve managed to run it on an exotic piece of hardware (or in an unusual place)!
2.3 Connecting for the first time
When you start the Your Freedom client application for the first time, you‘ll be presented with a —wizard“. It‘s safe not to use it and enter all required information manually, but if you are unsure, give it a try first. Manual configuration may be required in difficult connection scenarios; please refer to chapter 2.5 on page 27 for details.
Now let‘s assume that you are using the wizard. It will first present a Welcome page:
fl Every Java Runt ime Environment compliant to Java 1.4 or newer should be good enough. If in doubt, visit http://java.sun.com/, click on —Java SE“ in the —Popular Downloads“ section on the right hand side
of the screen, then download the —JRE“ or a —JDK“ (which contains the —JRE“) and install it on your PC. Sun provides these dow nloads for free, but please have a look at their license terms.
We used to recommend JRE 1.4.2 but have found that the latest JRE 1.5 releases are finally stable enough as well.
Do as you are told and click on the —Next“ button. You‘ll see this page:
If your Internet connection is through a web proxy, enter the details here. If you are unsure, try to click —Next“ first. If all you get is an empty list of available servers like this:
(ignore the —auto-choose best“ part) you need to figure out about your web proxy (or configure everything manually, e.g. if you want to use an FTP proxy!). If you get this:
then you‘ve filled in the proxy details properly but you need to authenticate on the proxy. Click on —Next“…
… and fill in suitable login credentials. In many cases this will be your Windows
Domain login (don‘t forget to fill in the domain as well!). Just try until it works, you can
click —Next“ to try.
If you see this page:
it means that you have not provided a working proxy configuration. Click on —Back“
and modify the hostname/IP address and/or the port setting. Many proxies —listen“ on
port 80, 8080 or 3128, to name the most popular ports. Check your web browser‘s configuration, it should be able to tell you.
Oh by the way, if you find that the wizard has the proxy details already filled in, then
it‘s not magic œ it just found them in your PC‘s registry and probably has made life
easier for you.
Let‘s assume you‘ve been able to make it work. (If not, please ask a knowledge
person around you how you can use the web proxy, or try a manual configuration). It worked if you see something like this:
It‘s important that you see a —yes“ or a number in any of the columns HTTP, HTTPS, FTP or UDP. A —yes“ means that the client has been able to use this protocol to
connect to the server using the default port settings, a number would mean that it has been able to connect but on a different port, and a —no“ means that the protocol could not be used to connect to this server. The results are sorted by preference (a number
between 0 and 10), it indicates how well the server fits your requirements (if you‘ve set any). Choose a server (any will do for now, unless it‘s all —no“ œ don‘t use —auto-
choose best“), then click on —Next“.
On this page, enter your Your Freedom username and password; it‘s the same you used to download the client from our web page. Click on —Next“.
It seems you‘re done now! Click on —Save and Exit“. The main window of the Your
Freedom client should now look like this:
Note that the client just doesn‘t know anything about the server and your account‘s profile before you‘ve connected to the server, that‘s why some of the values seem to
be somewhat odd (including the bandwidth œ it‘s not unlimited unless you‘ve bought a package). Click on —Start connection“ and you should see something like this after a
few seconds:
Note that all the details are now filled in, and the bandwidth reads —64.0k“. That‘s kilobits, about the speed of an ISDN connection or a bit faster than with a high-speed modem. Click on —Account Profile“ now.
This panel contains your account details. Without a package, you may not use any special servers (just the default ones), your bandwidth is limited, your maximum number of simultaneous streams is rather low and you may not relay connections
from other PCs that use your PC as proxy. Your server connection will be terminated after 60 minutes (but you may reconnect when it happens). No server ports are assigned to you so none of them are forwarded to you. But at least, there are no
access restrictions, you may access everything on the Internet.§
OK, time to configure your applications. Please refer to chapter 2.4 on page 20 to
learn how to do this. Once you‘ve set up at least a web browser to use Your Freedom the main objective should be reached: you should be able to access the web freely!
§ In fact there are some restrictions but you can‘t see them. They are only t here to protect our servers and won‘t get in your way. Promise!
2.4 Configure applications
2.4.1 Automatically
Windows users can simply click on the —Applications“ tab and see something like this:
This is a list of applications whose configurations can be modified automatically by
Your Freedom. The ones that are installed on your system have working checkboxes,
the other ones are greyed out. Tick the ones you wish to use with Your Freedom, then click —OK“. You‘ll see something like this:
Hope it‘s all successful! Then click —OK“. To restore the previous configuration of your applications, choose —Restore“, then tick the ones you would like to restore, and click
—OK“. Note that applications that you‘ve configured to use Your Freedom will only
work properly if the Your Freedom connection to the server is up and running. Also, don‘t forget to restore all your settings before de-installing the Your Freedom client!
To manually configure your applications, have a look at the Ports tab first:
This tells you that your local PC is now acting as a SOCKS4/5 proxy on port 1080
and as a Web Proxy on port 8080. To change these values, untick the service, then modify the port, then re-activate (this can be done on-the-fly!). —Relay for others“ will only work with some packages. Everything below is pretty sophisticated stuff and certainly not aimed at first time users, and will be covered in chapter 2.5 on page 27.
If for some reason you cannot configure your applications from within the Your
Freedom client, you need to manually configure them to use web proxy —localhost“ on port —8080“ or SOCKS proxy —localhost“ on port —1080“ (if you‘ve got the choice, use SOCKS version 5). Please refer to the application‘s documentation to learn how to do this (or ask someone who knows œ we‘ve got some examples in the FAQ/Docu
section of our web page http://www.your-freedom.net/ as well).
OpenVPN support is not enabled by default œ please see chapter 2.9 on page 45.
2.4.2 Manually
Of course we cannot provide detailed configuration guides for all applications that can be used with Your Freedom. There are basically only 4 ways how applications
are made to work over Your Freedom:
1) By configuring them to use a web proxy. Applications that offer you to run using a web proxy need to be set up to use your local PC (the hostname is
—localhost“, the IP address is —127.0.0.1“) on port 8080 as web proxy and everything should be fine.
2) By configuring them to use a SOCKS4/5 proxy. Applications that offer you to run using a SOCKS proxy need to be set up to use your local PC (again, the hostname is —localhost“ and the IP address is —127.0.0.1“) on port 1080 as SOCKS proxy. This is preferable over the web proxy configuration (if you‘ve
got the choice) but both will normally do. Use SOCKS5 if you can. If it doesn‘t work (some applications have buggy SOCKS implementations) try SOCKS4.
3) By using a —socksifying“ application to run your application from. Many applications are not designed with your networking problems in mind and do not offer to run using a web or SOCKS proxy. Many of them work well with
Your Freedom if you run them from inside a —socksifier“. That‘s an application that foists a modified winsock DLL to the application which redirects all
network requests to a SOCKS proxy, in this case to the Your Freedom client.
Examples for such applications under Windows are: SocksCap, ProxyCap and
FreeCap. They are covered in chapter 2.8 on page 44. Using a —socksifier“
might also be an option if you cannot configure your application, e.g. because you don‘t have administrative rights. It‘s tricky however to override existing
proxy configurations this way.
4) By using outbound and inbound port forwards. If your application only needs to access one particular server via a TCP connection on a particular port, it‘s probably most convenient if you create a mirror image of this port on your PC,
and access your local PC on the mirror port instead. Similarly, you can create
a mirror image of a port on your PC on our servers and make it accessible to others on the Internet.** This is covered in chapter 2.5.1 on page 27.
** Your account profile needs to permit this. Currently, only owners of TotalFreedom packages can redirect server ports to their local PC.
2.4.2.1 Setting up Mozilla Firefox
All web browsers support the use of web proxies, and option 1) should be just fine. Click on —Tools“, —Options“. Choose the —Advanced“ panel. Then click on the
—Network“ tab. The configuration windows should now look like this:
Now click on —Settings“.
Fill in the values as shown (making a note of the original values so you can revert to you previous configuration when you are not using Your Freedom), then click OK in both windows. Firefox now uses the Your Freedom connection.
2.4.2.2 Setting up Internet Explorer
Like all browsers, IE supports proxies directly. What‘s more, IE‘s proxy configuration
is actually shared by many other applications as well.
Select —Tools“, —Internet Options“. Then click on the —Connections“ tab. You‘ll see something like this:
If you are using a LAN connection, click on —LAN Settings“, otherwise choose the connection you use to connect to the Internet and click on —Settings“. A window similar to this one will open:
Fill in the values as shown. Then click —OK“ in all the windows. Internet Explorer now uses the Your Freedom connection (and consequently only works when the
connection is up).
We recommend you make a note of the original settings that allows you to revert them when you are not using Your Freedom.
2.5 Sophisticated configurations
Most options can be configured using the —Configure“ dialog available from the Status tab, but a few are only available via the configuration file. We advise that you avoid messing with the configuration file unless you are advised by us or think you know
what you are doing. ☺
2.5.1 The Your Freedom configuration dialog
Go to the —Status“ tab of the Your Freedom client, then click —Configure“. A dialog window like this should open up:
On the —Server Connection“ tab, configure the Your Freedom server name or IP address (several names or IPs can be separated by semicolon œ but no additional spaces!). Select the connection protocol from the pull-down menu, and the default port should automatically appear (change if necessary). Or use the wizard to see
your server connection options and let the client choose the best way (but configure the proxy settings first!).
Also, select the connection options as well. For most people the last three should be ticked, and you might want to tick —Avoid using DNS“ as well if you only want to try known IP addresses for the YF servers and not ask your local DNS server. At this
time it is not necessarily advisable you enable the —Automatically select best server“
option, unless you know that you can use all the servers. We are working to improve this, and in fact much of it is already implemented. Stay tuned.
The —Start minimized“ option is only available under Windows. When checked, the client will only appear in the system tray when started. You might want to configure
—Automatically connect on startup“ as well and maybe use the —Autostart“ menu of
Windows. Just a suggestion. ☺
If you click on the —Account“ tab, you‘ll see this:
Fill in your Your Freedom username and password, and choose a different language
if you like. Many texts and messages are available in other languages and it may be
easier if you change the setting. Note that you have to restart the client to make the change effective when you are all done.
Now click on the —Proxy Settings“ tab:
There‘s a lot you can configure here. You might want to use the wizard to configure a web proxy but you don‘t have to, there‘s not much difference but the client will check
if your settings appear to be correct. If you know the details, just fill them in. You‘ll
probably need to configure the address (host name or IP address) and the port. If you need to authenticate on the web proxy, fill in username and password as well, and if
it‘s an NTLM authenticated proxy add the windows domain name as well. (In this
case, username, password and domain are probably the same values that you use to log in to your PC!)
If you intend to use the FTP connection method and you cannot directly FTP to
servers on the Internet, there may be an —FTP proxy“ on your network. (Don‘t bother
to configure anything if you can use the —ftp“ command line tool!) The port will likely
be 21, but you‘ll need the hostname or the IP address as well œ ask someone who knows, there are legitimate needs to use FTP outside web browsers.
The most common connection scenarios are also covered by the Wizard available through the button on the bottom œ it‘s the same that is run when you start the client
for the first time and it‘s described in detail in chapter 2.3 on page 11.
When you are done, click on —Save and Exit“ to save your changes, or on —Cancel“ to abort them.
So much for setting up the connection. You should now be able to start it up from the
Status panel. The connection indicator (the door) should open, a question mark
should appear while client and server negotiate, and disappear after a few seconds.
If it doesn‘t disappear, your connection settings don‘t work. Have a look at the
—Messages“ panel. If you can‘t get the connection to work, check out chapter 4.1 on
page 51 to see how you can help us to help you.
Once you are connected, check out your connection profile by clicking on the
—Account Profile“ tab. It should look somewhat similar to this (but it won‘t be as generous as mine I‘m afraid ☺):
Most things in here should be fairly self-explanatory, except maybe for —server groups“ and —remote port forwards“.
—Server groups“ will indicate the groups of servers to which you may connect. Multiple permitted groups are separated by comma. Everyone will have the —default“ server
group on their profile, meaning that you may connect to every Your Freedom server
in the —default“ group (at the time of writing, all servers are in this group, but this may
change). Some accounts have additional server groups in their profile, depending on bought packages. —all“ will not show up in customer profiles.
If your profile has any server ports assigned, they will show up in the —remote ports forwarded“ line. The numbers there mean that these ports on the Your Freedom
server will be forwarded to your PC when you are connected, and you may use them
in the —server port forwards“ configuration (see below).
Now click on the —Ports“ tab. It will probably look like this:
All options in here can be changed while the connection is active and will have immediate effect. If you wish to modify the local ports on which your PC becomes a web or SOCKS proxy, uncheck the service first, then change the port number, and
tick the box again. If you would like your PC to accept requests from other PCs on
the local network and forward them through your Your Freedom connection, tick the
—Relay for others“ box. Note that this will only have an effect if your profile permits it
(check the —Relaying permitted“ line in the —Account Profile“ panel as shown above).
At the time of writing, only users with a —FreeFreedom“ package are unable to relay for others.
2.5.1.1 Local port forwards
One possibility to allow an application to connect to a service on the Internet via Your
Freedom is to —mirror“ a port on the Internet. Just imagine there‘s a server out there with a certain IP address and it‘s listening to SSH connections. You would like to
SSH to the server but your SSH client does not support SOCKS. In this case you would simply configure a local port forward similar to this one:
Now instead of connecting via SSH to —some.host.somewhere“ on port 22, you simply instruct your SSH client to connect to —localhost“ on port 2222. Your Freedom will put
the connection through for you. Note however that if the remote host is unreachable the SSH client will still see a working connection, but it will time out quickly.
This is just one of many examples how you can use this feature. Generally speaking,
if your application needs to only connect to a particular host on a particular port, local port forwards are the right choice.
2.5.1.2 SIP forwards
Yes, that‘s true! You can use SIP phones with Your Freedom as well! Note however that this is still in early beta phase and it may not work properly; we have seen
reports that audio only worked in one direction. Once we can find the time we‘ll continue to work on it.
If you‘d like to give it a try, here is what you need to do. Assume you are using a SIP
server called —sip.sipgate.de“ on port 5060, the well-known port for SIP. If you
configure a SIP port forward like this one …
… it will turn your local PC into a mirror image of the SIP server. So instead of configuring —sip.sipgate.de“ in your SIP phone, configure —localhost“. Disable STUN if you can, it‘s meaningless in this context (but will only make things slower).
SIP forwarding is a complex task; not only does the YF client have to forward all requests, it also has to set up UDP forwards dynamically for all audio and (that‘s right!) video streams. We haven‘t tested this with many different SIP providers and phones, so it‘s likely that many of them don‘t work yet. We like to hear from you!
Note that SIP forwarding will only work with UDP, not TCP. Nearly all clients and servers use UDP. Also, note that using a SIP phone consumes a certain amount of bandwidth (depending on the Codecs you are using); the FreeFreedom profile will likely not be fast enough to support SIP forwarding (the voice will break up).
2.5.1.3 Server port forwards
Would you like to make your PC reachable from the Internet? Then server port forwards are for you. Check out the —Account Profile“ panel after connecting; if you
see —remote ports forwarded“ there you can use this feature. (You can configure it as well if no ports are forwarded to you, but it won‘t do a thing.)
It is important to understand that you can only forward server ports that are assigned
to you (i.e. appear in the list of —remote ports forwarded“). So let‘s assume you have
ports assigned. Add forwards like this:
It is not absolutely necessary to use the same numbers for —remote port“ and —local
port“, but we have found that many applications are too silly to announce another port
to —the network“ than they actually listen on. For example, BitTorrent clients usually
can announce different external IP addresses and ports, but 99 % of all trackers will simply ignore this. So use the same port on both ends (by configuring your
application accordingly) and it will all work by sheer magic.
At present, server port forwards only work for TCP. We have considered (and in fact tried) to implement it for UDP as well but we found that there is not a single
application that would actually benefit from it, not even P2P apps using KAD
networks.
Also, we cannot assign ports that you request, for the simple reason that everyone wants 6881 and such. Please don‘t ask, you can only use the ports that have been automatically assigned to your profile.
2.5.2 The Your Freedom client configuration file
The Your Freedom client stores all settings in your —home directory“ (for Windows, this is typically —C:\Documents and Settings\yourUserName“) in a file called
—.ems.cfg“. Note that this file is normally invisible because it starts with a dot. You may safely edit this file but close the Your Freedom client first. There are some settings that can only be modified using a text editor œ for example, if the client window appears to no longer be on your screen and you can‘t find it anymore, set
—location_x“ and location_y“ to 0 or low numbers.
2.5.3 Configuration options
Note! Some of the options below are marked as —hidden“, which means that they are not accessible though the —Configuration“ window but only through a text editor.
These options are for those who know exactly what they are doing (or at least think they do). Please consult our support staff first if you are unsure.
All options are case sensitive, be sure to use lowercase! There are options that can only appear once in the config file (type: single), others can appear more than once (type: multi). Options that take only a single value will treat everything after the
leading whitespace as part of the value, including whitespace, so watch out and don‘t
put whitespace at the end of the line if you don‘t want to. You may use comments as well (they start with a # in the first column) but they will be gone next time the client saves the config.
Now here comes the alphabetical list… enjoy!
Option Description Type Arguments
autoscroll_messages Scroll message window automatically when new messages appear single optional —true“ or —false“ (default)
avoid_dns Use the server‘s IP address, not the host name (if known) single optional —true“ or —false“ (default)
bw_downlink Desired downlink (server to client) bandwidth in bits per second single optional Bits per second. 0
means —unlimited“.
bw_uplink Desired uplink (client to server) bandwidth in bits per second single optional Bits per second. 0
means —unlimited“.
connect_on_startup Fire up connection when client is started single optional —true“ or —false“ (default)
debuglevel Turn on debugging on the Java console (not the message panel!) single hidden The lower, the more verbose. Default is
—999“. It probably doesn‘t do much anymore these days.
dont_show_popups Avoid popping up notification windows on the screen single optional —true“ or —false“ (default).
encryption Turn on connection encryption single optional —true“ or —false“ (default). Note that the wizard turns this on for you. You should only turn it off for debugging!
file_extip Write server‘s external IP to a file when connecting single optional This allows you to use the server‘s external IP in scripts
follow_server_recommend ations Allow the client to follow the server‘s recommendations to use another server single optional —true“ or —false“ (default). Leave this off for now unless you don‘t care which server type you are using.
fool_pix Try a hack that can fool old PixOS versions into bypassing WebSense single hidden —true“ or —false“ (default). Only turn on if you know that your connection is passing through an
old PIX firewall using
WebSense and you
cannot connect; it
may work with this
set to —true“.
ftpproxy Use a non-transparent FTP proxy with the FTP connection protocol single optional Put in the FTP
proxy‘s host name or IP address. Remove if you don‘t need one.
ftpproxyport Use a non-transparent FTP proxy with the FTP connection protocol single optional Put in the FTP proxy‘s control port (normally 21). Remove if you don‘t need an FTP proxy.
headers Additional headers when sending requests to the web proxy multi optional If you need additional headers or wish to override things like
—User-Agent“, do it
here. For example:
—headers User-Agent: NoneOfYourBusiness
1.0“
http_flush Close and re-open the HTTP
uplink connection at intervals single optional Time in milliseconds. If you need this, use the CGI connection
protocol instead. This
is outdated.
idle_kill Kill connection when idle for this many milliseconds single optional This is obsolete and doesn‘t work as expected anymore, don‘t use it.
initial_post_size When doing a HTTP POST, use this initial size single hidden Default is 10000000
or 10 Megabytes.
The client decreases this by a factor 0.8 until the web proxy accepts it or the
value falls below
minimum_post_size. If you know your proxy‘s limits put it in here, it saves connection time.
level_messages Only show messages above this level in Messages panel single optional 0 is —debug“, 7 is
—emergency“. Default is 1 —informational“.
language Your preferred language (ISO
2 letters, lowercase) single optional Defaults to —en“. Only a few languages are supported, see the Configuration dialog.
location_x Coordinates of the Your Freedom window on the screen single optional 0 is top left corner, higher values are further right
location_y Coordinates of the Your Freedom window on the screen single optional 0 is top left corner, higher values are further down
minimum_post_size Minimum HTTP POST size single hidden Default is 20000 or
20 Kilobytes. Only lower if you know that your proxy will refuse POSTs above 20k
and you really have
to.
openvpn OpenVPN port single optional Default is 1194, only change if you need this port for something else.
openvpn_exclude IPs and networks to be excluded from routing through the OpenVPN tunnel multi hidden For every IP or network (IP address, a space, and a netmask) that should
not be routed through
the OpenVPN tunnel, add a line to the config.
password Your Your-Freedom password single required One: your Your
Freedom password
portaccept Forwards a server port to a local port multi optional server port local host local port
portforward Forwards a local port to a remote port multi optional local port remote host remote port
protocol The connection protocol to use single required One of: —http“, —https“,
—cgi“, —ftp“, —udp“.
There are more but they are experimental and they don‘t work.
proxy The proxy port single Make your PC a web
optional proxy by supplying
the port number. Set
to 0 or remove to turn off.
proxydomain Your domain for web proxy authentication, if needed (NTLM proxies only) single optional A Windows domain name, if you need one to authenticate on your web proxy.
proxyhost The web proxy hostname or IP through which to tunnel when using —http“, —https“ or —cgi“ single optional A host name or IP address. Leave empty or remove if
you don‘t need to use a proxy.
proxyport The web proxy‘s port. single optional A port number. Set to
0 or remove if you don‘t need to use a web proxy.
proxypass Your password to authenticate on the web proxy single optional A password, if authentication is needed.
proxyuser Your username to authenticate on the web proxy single optional A username, if authentication is needed.
redirect_dns Don‘t resolve host names locally when using SOCKS single optional —true“ or —false“ (default). Use this if your local name
server cannot resolve
Internet names (or you don‘t want it to)
rekey Change encryption key frequently single optional —true“ or —false“ (default). The wizard will set this to —true“, and there‘s normally no reason why you would want to set it to
—false“ unless you
suspect that there‘s a bug in our key negotiation code and you lose connection.
relay Allow others to use your Your
Freedom session as well boolean optional Set to —true“ or —false“ (or remove). Note
that this only works if your profile permits it
as well.
server_criterion Define criteria by which to automatically select servers multi optional name of criterion number between 0 (refused) and 10 (required), default is
5 (don‘t care)
sipforward Mirror a remote SIP gateway multi optional local port
SIP gateway addr
SIP gateway port
socks The SOCKS port single optional Make your PC a SOCKS proxy by supplying the port number. Remove or set to 0 to turn SOCKS off.
start_minimized Start in system tray (Windows only) single optional —true“ or —false“ (the default)
tunnelhost The Your Freedom server to use single required A host name, an IP address, multiple IP addresses separated by semicolon, or a CGI relay URL (see FIXME)
tunnelport The Your Freedom server port single required A port number
use_http11 Use HTTP/1.1 instead of
HTTP/1.0 in requests single hidden If your proxy is acting stupid, try if this fixes the problem. Can either be —true“ or
—false“ (default)
username Your Your-Freedom username single required One: your Your
Freedom username
cgi_uplink_maxdelay†† Maximum delay before flush uplink queue single hidden After this time, the queue is flushed no matter how much data is to be sent (if any). Defaults to
500ms
cgi_uplink_mindelay†† Minimum time span between flushes single hidden The minimum delay between two queue flushes
(POSTs). Defaults to
1ms
cgi_uplink_urgentdelay†† Maximum delay for urgent data single hidden The maximum delay if urgent data is in the
queue
(e.g. small frame
belonging to a stream that has not
sent data for a while -
--interactivity!--). Defaults to 20ms
cgi_uplink_threshold†† Number of frames that triggers a flush single hidden The number of frames in the queue that cause
the mindelay to be used instead of the maxdelay (0 to disable), i.e.: if this many frames
are outstanding, flush quickly. Defaults to
3††
These last 4 values were specially added to help users to tweak the cgi relay mechanism. For example, if massive and frequent POSTs were undesirable users could set maxdelay=3000, mindelay=1000, urgentdelay=500 and threshold=0.
POSTs will be fewer but larger and the impact on throughput and interactivity won't
be discreet.
.
†† All these values only apply to the CGI uplink code. If there is a keepalive frame in the queue, mindelay is used -- i.e. values below maxdelay/ mindelay should not be used --
2.6 Starting and stopping the connection
2.6.1 Each user may only log in once
That‘s right. Each user can only log in from one PC at the same time. If you try to log
in using the same user account from another PC or another instance of the client, the previous session will be terminated. This means that you will always be able to log in, but so will everyone else who knows your details œ and he or she will kick you off.
The servers talk to each other, it doesn‘t help to just use different servers.
We know that the FTP connection code contains a bug that can be triggered if you close the connection and re-open it immediately thereafter. You‘ll be told that it‘s a duplicate login and that your session has been terminated. Just wait a few minutes
before reconnecting, or close the client and start it again.7
2.7 Choosing the right server
2.7.1 Server location
The YF server should ideally be close to the YF client or close to the servers you intend to use through YF. Just think about it as a triangle: the corners are your PC,
the service on the Internet, and the YF server on top. The more the triangle looks like
a straight line between you and the service (i.e. the flatter it is), the better.
Let me give you an example. If you are located in the US and the service you are
using (let‘s say you are playing an online game) is also US based, a server in Europe will probably be a bad choice. The laws of physics make it impossible for information
to travel faster than the speed of light8 and putting 20.000 kilometers of additional
wires or fibres between you and the service will increase latency.
It is ideal to use a YF server that is close to yourself. Why? Because you‘d normally use more than one server on the Internet and you cannot find a YF server that is
topologically close to all of them, but you may be able to find one that is close to you. On the other hand, for applications that don‘t care too much about latency (like large
file transfers) the server‘s location is secondary. Try the different servers to see which one is good for you.
The YF client will tell you where the server is located when you are connected (and also in the connection wizard). Unfortunately we don‘t have many servers outside Europe, simply because
a) they are unaffordable œ unmetered high-bandwidth dedicated servers are vastly expensive in most places outside Europe.
b) the providers are too restrictive in what you may do with the servers and what not œ we are sick and tired of endless and fruitless discussions with US based providers and explaining their droid staff what we do and what we don‘t do,
and why it‘s not illegal, and why it‘s rubbish that the server‘s IP appeared in a mediasentry email.
7 If it was easy to fix this, we would have done it already.
8 I know this is no entirely correct, but it is for the Internet.
If you know about good providers we would like to hear from you! But please
consider that an average Your Freedom server generates between 2 and 8 terabytes
of traffic per month and needs at least 1 GB of RAM and a decent CPU. And it should come with Debian Linux. ☺
2.7.2 Protocols
Not all our servers permit all protocols9. Some providers (you got it œ they are US
based) place protocol restrictions on us and are having kittens every time they
believe that they have spotted something, and what‘s even worse, they won‘t listen to
any arguments. So if we want servers there (and we do, to provide a good,
responsive service to those of you who need it!) we need to restrict some protocols
on them.
If your application doesn‘t work as you would expect, have a look at the message window of the YF client. Are you seeing messages about a denied protocol? It means that you‘ll have to use a different server.
Generally speaking, use a server in Europe whenever you can if you are worried about protocol restrictions.
There is one restriction that applies to all servers: SMTP to remote servers is not permitted. Instead, all SMTP connections are redirected to one of our servers where submitted email is checked for viruses and SPAM content before it is passed on. This
is only important if your mail application must connect to a specific mail relay œ
normally it won‘t be a problem. Also, we have extensive protection mechanisms against spamming built into the servers œ you won‘t be able to rapid-fire deliver emails via Your Freedom. A normal user won‘t notice at all but for spammers it‘s a pain in the backside. We are very proud that so far not a single case has been brought to our attention where YF has been abused by spammers, and intend to keep it that way.
2.7.3 CGI relays
The CGI connection method adheres so much to the standards that it does not only fool proxies, it also enables us to put an intermediate CGI script in-between. Yes,
that‘s right, there is a simple PHP script that people can put on any web servers they control, that can in turn provide a Your Freedom connection to those who don‘t have access anymore to any of our servers. Our idea is that it‘s fairly simple to block all
our IP addresses as they pop up because we cannot have new ones every day, but it won‘t be possible to do something about thousands of new URLs every day that
haven‘t got anything in common.
It is quite obvious why people would like to use such a —CGI relay“ œ because they have to. There is no other reason because obviously, this method is not as fast and
interactive as the other connection methods. But when you‘re desperate and no other way of connecting is left, it‘s better than nothing. But why would people put the script
on their web servers when all they get for it is a lot of additional traffic?
9 All servers allow all connection models; this is not about how you connect with the Your Freedom client to the Your Freedom server, but what you do through t he connection.
We have thought of setting up a rewarding scheme that allows people to earn bonus points that they can then trade in for packages, but we haven‘t implemented it yet.
We soon will when we get the feeling that our users would actually like it and provide relays. So tell us! But be aware that such a relay could easily create hundreds of gigabytes of traffic per month, and that your provider probably doesn‘t like it if you run
it on a virtual server.
So how do you use such a CGI relay? You need to know the —URL“. I put it in double quotes because you don‘t need a full-fledged URL œ you need the server name and
the URI. For example, if the script could be accessed in a web browser using the URL http://some.server.somewhere/some/path/script.php, the CGI relay would be called some.server.somewhere/some/path/script.php in Your Freedom. Simply use it as the server name, choose CGI as the connection model, and disable automatic server selection.
And how do you know about these? Well, that‘s another matter entirely. We won‘t publish any lists and we would ask that you do neither. Why? Because we don‘t want these lists to simply get imported into URL blacklists. But the YF client will soon learn how to find the relays. No, we won‘t say how, figure it out. :-)
If you would like to set up such a CGI relay, you can download the script at http://www.your-freedom.net/ems-dist/enduring_freedom.php-RENAME . Have a look
at the first lines œ you need to choose which server you would like to relay to and put
the server‘s name in. Save it under an inconspicuous name (use the right ending if
you have to). Then test it please (use your web browser œ you should see a long text page with loads of garbage œ don‘t worry, that‘s fine). If it works, register it on our
web page (http://www.your-freedom.net/156/). Our scripts will test it automatically
and if it works they will add it to the database and make sure that clients can find it (it takes a while though, don‘t expect clients using it immediately).
Btw. you are welcome to set up CGI relays for your own personal use only as well,
you don‘t have to register them. Feel free to tell others about it, and publish the URL
if you like. Just if you decide to register it, don‘t publish it. If you have before, simply
change the name or the path or set up a copy. Do that frequently, it helps! Remove very old copies from time to time, they get unregistered on our web page automatically (but you can do so as well).
2.8 Using —socksifiers“
If your particular application does not support the use of web or SOCKS proxies, it still doesn‘t mean that it cannot run with Your Freedom. Since the Your Freedom client is a full-blown SOCKS server, all you need is to —socksify“ your application.
There are several ways to do this, all of them basically use a feature called dynamic link library preloading. Since people hate re-inventing the wheel they came up with code libraries that get dynamically linked to the application at execution time. Like every other operating system, Windows, Linux, MacOS etc. ship with such libraries,
and one particular of them offers networking functions. The first time such a function
is referred to by the application, the library automatically gets loaded œ but only if it hasn‘t been loaded within the application‘s context already! The trick is to make sure that the library has already been loaded before the application starts œ but a hacked version of it. One that knows what to do with a SOCKS server.
2.8.1 Windows
There are many socksification tools on the market; here are some examples:
2.8.1.1 SocksCap
This is a popular socksifier free for non-commercial home use. You must google for it
if you want to download it.
2.8.1.2 FreeCap
FreeCap is available for download from the project's home page at http://www.freecap.ru/eng/. There is also additional documentation there but its use with Your Freedom is simple enough -- the documentation provided here should suffice: http://www.freecap.ru/eng/
2.8.1.3 ProxyCap
A commercial product. Have a look at http://proxylabs.netwu.com/.
2.8.2 Linux and other Unix derivates
Have a look at the Dante SOCKS client implementation available from http://www.inet.no/dante/. Many Linux distributions contain a —dante-client“ package. Once installed, you would normally have to configure /etc/dante.conf to redirect traffic appropriately to your local SOCKS server, then use the —socksify“ script to run applications.
2.8.3 Mac OS X
Check out http://forums.macosxhints.com/archive/index.php/t-55338.htmlfor hints about an application called —tsocks“.
2.9 OpenVPN support
2.9.1 Introduction
There is another way to make your applications connect to the Internet through Your
Freedom without the need to configure them in any way! This is pretty well tested
and so far has proven to be almost bullet proof versus its socksifier cousins. In theory
every application that works behind a DSL or cable router also should work well though OpenVPN mode.
2.9.2 Prerequisites
The OpenVPN way unfortunately has a few prerequisites that you need to meet for it
to work on your PC:
2.9.2.1 Administrative rights
There‘s no way around it: you need to be able to install OpenVPN and use it, so you need administrative rights (on Unix like systems: you need to be able to install the OpenVPN binary setuid root in your path). On typical company PCs with domain
login you won‘t have administrative rights.
2.9.2.2 OpenVPN needs to be installed
OpenVPN is Freeware and Open Source (but please consider donating). If you have the ability to install software on your PC, go to http://openvpn.net/download.html and download OpenVPN. For Windows there is an installer, others need to compile OpenVPN from source œ or maybe it ships with your OS‘s distribution? In any way, if you open a command shell and type openvpn you should see hundreds of lines of instructions; if not, it‘s not properly installed. OpenVPN needs to install a tunnel interface on your PC; on Windows it‘s called TAP-WIN32, on Linux this would be
tun0.
2.9.2.3 You don‘t need a Your Freedom package, FreeFreedom will suffice That‘s right. Our OpenVPN support is not only available to paying users. Although running an OpenVPN tunnel endpoint uses considerably more resources than just
forwarding connections; we decided to offer it to everyone for free. Although we know
that it wouldn‘t be much fun with 64k.
2.9.2.4 You need at least client version 20070123-01
That‘s when we first made OpenVPN support publically available.
2.9.2.5 You need to use an OpenVPN enabled server
We can only offer OpenVPN capability on Your Freedom servers that have no traffic restrictions. This no longer excludes our U.S. based servers. We are offering it there too.
This is good news for those playing online games in the U.S. To find OpenVPN
enabled servers, open the configuration dialog, click on the —Server Selection“ tab
and move the OpenVPN slider completely to the left. Then go back to the Connection page and click on the Wizard button in the top right corner. Servers not capable of terminating OpenVPN tunnels will now have a preference value of 0.0.
2.9.3 Configuration tasks
2.9.3.1 Choose a suitable server
See before. Note that when you enable OpenVPN tunnelling, automatic server selection is disabled.
2.9.3.2 Know your networking environment
If you are behind a firewall and need to be able to reach servers that have Internet IP
addresses but are not reachable from the Internet, you need to add route exclusion lines to your config file (see chapters 2.5.2 and 2.5.3 on page 33).
99% of all users won‘t have to configure excludes. All non-Internet IP addresses are automatically excluded anyway (this covers 10.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16). Networks that are already routed on your PC are excluded as well. For all others, add an openvpn_exclude line per IP or network as described in the
config file chapter, e.g.
openvpn_exclude 1.2.3.4
openvpn_exclude 2.3.0.0 255.255.0.0
Note that Your Freedom is clever enough to automatically exclude all IP addresses that it needs to be able to reach in order to maintain the connection to the Your Freedom server.
2.9.3.3 Tick the OpenVPN box
Go to the Ports panel and tick the OpenVPN checkbox. Leave the port number as it
is, unless there are reasons why you need to use a different port.
2.9.3.4 Start the Your Freedom connection
The connection set-up should look like usual, but approximately 10 seconds after the door opens, it should open a bit more. ☺ The message log should tell you as well
when it happens. Have a look at your PC‘s routing table (in Windows, run —cmd“, then type —route print“; Unix users type —netstat œrn“ or —route œn“); you should see a whole bunch of routes there all going to some 169.254.xxx.yyy address. These routes cover the whole Internet address space minus the excludes mentioned above. We cannot replace your PC‘s default route, that would very likely cut you off from your local
network and make the Your Freedom server unreachable.
2.9.3.5 Relay for others?
Yes, you can and you may. But unless your PC masquerades the other PCs they need to run their own OpenVPN session. When you start the connection, the Your
Freedom client creates some config files in your home directory (please see chapter
2.5.2 on page 33 for location details) all starting with —client“ or —server“; copy them to their PCs into some directory, edit —client.ovpn“ and replace 127.0.0.1 with your PC‘s
internal IP address, then right-click on the —client.ovpn“ file and choose the second option (Start OpenVPN with this config file). Of course they need to install OpenVPN first!
2.9.3.6 What about the Windows firewall?
Feel free to use it, but don‘t complain if it breaks things. ☺ Seriously, there is no reason why you would need it, only outbound connections work on the tunnel interface. However if you suspect your applications to secretly open connections, then yes, use it! If something doesn‘t work, try without.
2.9.4 Configure your applications
Now that‘s the part you‘ll like most: you don‘t have to! No need to configure a proxy,
no need for socksifiers. Just make sure your applications are not using any proxy and that should be it.
Note however that since your PC is not connectable from the Internet through the OpenVPN tunnel, applications who rely on this won‘t work. If the manufacturer‘s web page says something about ports that have to be opened inbound in your firewall, it likely won‘t work.
It is possible to combine OpenVPN tunnelling with server port forwards, however. See chapter 2.5.1.3 on page 33 for details.
2.9.5 Troubleshooting
2.9.5.1 The OpenVPN tunnel is not coming up properly
Have a look at the message log, it may tell you why. If it doesn‘t, create a dump file and mail it to us (see chapter 4.2 on page 51) œ or check it out yourself.
Be sure you are using a server that supports it!
Check if there is still another OpenVPN process running when the Your Freedom connection is shut down. Hit Ctrl-Alt-Del, sort the tasks by name, and look for
—openvpn“. Terminate it before you restart the Your Freedom connection. This can
happen if the Your Freedom client is terminated abnormally before it has a chance of shutting down OpenVPN.
2.9.5.2 The OpenVPN tunnel opens, but then the Your Freedom connection fails
The tunnel routes somehow cut off your connection to the Your Freedom server.
Please generate a dump file for us; the Your Freedom client should be clever enough
to avoid this but seemingly isn‘t.
2.9.5.3 What are these 169.254.xxx.yyy addresses?
That‘s a class B network reserved for ad-hoc networking on a broadcast medium like Ethernet. Every station just rolls a dice for an IP address and does some checking whether it‘s already in use. If not, it uses it.
No-one uses this network for anything, only Windows does in the absence of a
DHCP server or a static configuration. The network is not routed on the Internet and
no-one uses it privately, that‘s why we chose it. It‘s very unlikely that it causes any addressing conflict anywhere.
The other end of your OpenVPN tunnel is always 169.254.0.1; if you want to check what packet delay is added by Your Freedom, just ping this IP address!
Your PC will get an odd address from a /30 subnet within this range and it will route everything to the even counterpart address in this subnet.
3 Advanced usage
3.1 FreeFreedom (usage free of charge)
We offer a very basic service for free. It is good enough to make yourself familiar with
Your Freedom and test whether or not your application will work with Your Freedom.
It might be good enough for you, in which case you are welcome to use it as much as you like.
There are several restrictions in the FreeFreedom profile. First of all the bandwidth is very low (about the same as our competitors when paid ☺) and the number of concurrent streams is low as well (but enough for chatting, web surfing, etc.). Then there is a connection time limit œ you can only be connected 18 hours a week, and
only 6 hours in one day, also after one hour your session is disconnected, but you may connect again immediately.10
3.2 Packages and Vouchers
If you would like to have more bandwidth, more concurrent streams, or other additional features, or you would simply like to support our efforts to provide unrestricted Internet access to everyone, consider buying a package. The table below details all available packages, their features, and their prices.
Free Basic Enhanced Total
Bandwidth 64 kbit/s 256 kbit/s 4 Mbit/s unlimited
Concurrent Streams 6 30 100 200
Web Proxy
Socks Proxy
Link encryption
HTTP connection
HTTPS connection
CGI connection
FTP connection
UDP connection
Relaying permitted
Connection time 1 hour unlimited unlimited unlimited
Server Ports (5)
1 month package Free ⁄ 4.00 ⁄ 10.00 ⁄ 19.99
3 month package Free ⁄ 10.00 ⁄ 28.00 ⁄ 57.99
6 month package Free ⁄ 17.00 ⁄ 50.00 ⁄ 109.99
12 month package Free ⁄ 30.00 ⁄ 95.00 ⁄ 199.99
To buy packages, please visit our web page at www.your-freedom.net, log in with
your account, then click on the —Prices“ tab. There is a currency calculator as well if
you‘d like to convert the price in Euros to your local currency or at least one known to
10 We know there are several hacks to reconnect immediately, but why bother when you can simply
buy a package?
you. For your orientation, 1 ⁄ roughly corresponds to 1.25 US$ (at the time of writing).
When you buy a package, your account profile usually gets updated within minutes (you‘ll receive an email when it happens). However some payment methods take longer than others to complete. Please visit our —Prices“ page on http://www.your-
freedom.net/ to learn about details (log in first to see everything). Newly bought packages are instantly activated, other packages that have not expired yet get suspended. However you may use the arrow buttons on the —Prices“ page to move
your packages around anytime and decide which of your packages is currently active and which are suspended.11
Please consider buying a package if you use Your Freedom regularly, even if FreeFreedom is enough for you. Servers don‘t grow on trees and support staff and developers like the occasional pay-check as well.
3.2.1 Vouchers
Voucher codes are sequences of characters that you can fill into a form either in the web site or directly into the your-freedom client to create packages. You receive a voucher code from us as part of a promotion or as a compensation for service
problems, or as an expression of our gratitude for something you helped us with. You
can also buy vouchers from us in several denominations as voucher carnets. Our vouchers are valid for one year from the day of purchase.
Our voucher carnets can be used to temporarily upgrade your Your Freedom account with a package without having to pay for a full month and not use parts of it. Also voucher carnets are transferrable (i.e. not linked to an account) and can be cashed in separately at any time.
3.3 Test drives
If you are considering to buy a package but are not sure whether it will be what you expect, how about a test drive? Log in to our web page at www.your-freedom.net,
click on —Prices“, and click on the —Try Before You Buy“ link on the left. Everyone is welcome to try, but notice that we only allow test drives for accounts that have been created at least 3 days ago and that haven‘t tested extensively already. Also, we
refuse test drives for accounts that have been involved in payment reversals before. However, our support staff can help you out should you need additional testing; just send an email to support@your-freedom.net.
During a test drive you‘ll receive all the benefits of the selected package, and what‘s more, you may even switch from one package type to another to test them all. Simply visit the —Try Before You Buy“ page again to modify or end your test drive.
As with bought packages, it may take a few minutes for updates to propagate to all servers, and you may have to restart your connection or even the Your Freedom client to see the difference.
11 Yes, this can be used to protect a more expensive package from expiring.
4 Troubleshooting
The Your Freedom client comes with built-in troubleshooting facilities. There is the message log that you can access from the Messages tab (you may save it to a file as well) but this will only help you in everyday situations. For more detailed
troubleshooting you need to run Your Freedom in —dump“ mode, and you might have
to use a packet sniffer as well.
4.1 Why does my app/game not work?
There is of course no off-the-shelf answer to this question. But the first thing you should look at is the streams panel of the Your Freedom client. Does the application create streams there when you use it before it complains that it cannot connect? If
no, then it is likely not properly configured. See if you‘ve got the proxy settings in the application right œ if it‘s running on the same PC as the Your Freedom client, use
—localhost“ or —127.0.0.1“ as the proxy host address, and 1080 (SOCKS) or 8080 (web/http/https) as the proxy port. If it‘s running on another PC, be sure you have relaying enabled (Ports panel) and it‘s permitted by your profile12 (Account Profile
panel), and you‘ve used the Your Freedom PC‘s local LAN address as the proxy host address.
Then check the message panel in the Your Freedom client œ do you see blocked protocol messages there? You need to use another Your Freedom server then, the one you are using right now is not supporting a protocol that you need.
Please have a look at our online documentation if you are having trouble. We know it‘s not perfect and the introduction page is an outright shame but have a look
anyway, there is more in there than you might think. http://www.your-freedom.net/4/
Another plan might be to have a look at the user forums. Maybe someone else had the same problem before? The forums can be found at http://www.your-
freedom.net/2/.
4.2 Creating a —dump“ file
Depending on how you start Your Freedom, there are different ways how to start it in dump mode. All of them have in common that they use a command line option, but
this may be hidden from you by your desktop environment. The Windows installer version can be run in dump mode from the Start menu; they create a file called
—dump.log“ in the installation directory. If you are running the client from the
command line, use the option œdump=somefile to activate the dump mode. Note that there is a drop in performance when you activate this mode, and the dump file may grow pretty big over time.
Normally, the client does not dump any actual packet data; if that‘s needed we‘ll provide a modified client on request that does.
Don‘t hesitate to have a look at the file, some of it probably makes sense to you,
some of it will only make sense to the developers. If you mail us a big dump, please
12 At the time of writing, only the TOTAL package permits relaying œ it won‘t work without a TOTAL
package no matter how often you enable it.
compress it! Put it in a ZIP or 7z or whatever archive file, but please avoid any proprietary features (e.g. WinZIP 10‘s AES encryption mode).
If you are having connection problems, it helps if you run the Wizard in dump mode
as well.
4.3 Using a packet sniffer
This is bare metal debugging and not for the faint-hearted. There may be situations where our support staff asks you if you can use a packet sniffer to troubleshoot connection or application problems. If you can, we recommend using Wireshark (available from www.wireshark.org or www.ethereal.org œ Ethereal is the historical
name of Wireshark). In most cases you should run Wireshark on the same PC as the
YF client, and you should either capture on the interface that connects the YF client
to the YF server or on the interface that connects other PCs to the YF client PC, depending on the nature of your problem. Let the capture run, then re-create the problem, then stop the capture. Save the capture to a file and mail it to us (again, we like it if you compress it).
4.4 Using encrypted email to contact us
If you are concerned that someone may be spying on you or that your dumps reveal details that you would rather keep confidential, we recommend that you use PGP
when contacting us. This public key belongs to info@your-freedom.net (it is also
available from many key servers):
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.3 (MingW32)
mQGiBEVlp18RBAD6ZFqJn/hhdpwsI6P/yFVt8XaBVDbQXRRrgoDiquszCxpr3GeR
5T5RgE7/0cJQaUjq5vqTm7cto2d/NMwkNeOONnOucnDuooRujzkb3JdptuL0eR0n FUMH28QCkQBL3Er0o7cUORff34tPjI+LmvMhqAqSuBdx51swgh4RXDAJ1wCgp0St CC23WL/CSXAnhjPZcapgUR8EAOykbSfcqJALW6EnbqYOsXtVv8A8aoZbagQQxvBw
0Doc6rcg7eEF5Bn0QJVKy11Jnz1fjNcflP+1NxdlBNN+COBEBQiJmLVEEE5VkxK7
GOWgvaDLRSDoWTL0lT2p+FGh91TNp0QSmxQ15+2c3HbOKwVFgoozkr1dRaD6XNPv
r3iCA/9BtU70ZXHVFb8yjcG03maMNTyA+MMtsKQ77dULOdAYii8GDQ8SdLgr1gAk B3O9IYupa9X/uojLx4jNuq7/zXmTw8z1+dok9rBT8fMxn5nF/IOcIbgAgqN1Kx0U EP6O6iIti5Vkmwh6LW6ZwlF8Hz0LNxMc5BITH2e2oLiL59e7LrQvWW91ciBGcmVl ZG9tIChIZWxwZGVzaykgPGluZm9AeW91ci1mcmVlZG9tLm5ldD6IZgQTEQIAJgUC RWWnXwIbIwUJCWYBgAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEIhgg11q73cP jgcAn1gxUa9gz2CWhzp24tOzxK1RF1aMAJ9Ds5zAe8dnFe9ClglblX3WN+tln4hG BBMRAgAGBQJFZaj0AAoJEL3eBfqpID+5N8wAnjuUb4t7GvRkaP0y7vlHzzrvknqh AJ9eB2csiPbkuJBm3Le7ztxrjWrTCbkCDQRFZadwEAgA90ZDIAf8Xl0y718Pcd7h xfOHfTeBSrliZkBTKQYLJRKuGtmt5Q0aG3J29URT4dG1vT05AlDck3hQAMLytRTg T4+TRHZP2xl5r5HQ/CNkuEQGozJR+EyfHqrdLhT8VbeYhDOMGtM9AcMTQdxbPx1A fOUmeYalrByPh6c+FI/ds5HMwIm4/Vx8oBDGoLumVts9HUYDCg9X0N/zJE3GYM+f
2nh+LAoTnyzA8BU2LtXu6jZYMmBcBQ+JbA9mW7M+v3H3H1jpGxSGDCjDsLv7Bn1/ PlHVF9W7l6/FrA44bvzb1aVuNebQ5279jBFspsrvv1S4nmcXVMTrNA3TxWk5XO1/ OwADBgf/TPB3roYjJuXPtefmKM3zrvCCMq7m91NdJYxgTJj24bWLKs7WPw0tKSPX Qt2l5gpobgt5iA1qnjMDvy7sg7n7HoNmxwIpYhvMfah0Mf0G/nT+zA1rRHdIDQFn sKvSVbLAsVcNrSoTN3mpt2RqZWjUESrzflRMvNVyf6xsdaayZ9xKY4+oKvq5kdFk DqcOMmEtKbLrfAmO6zwRQEXtNCBSO5iLYGPewb7B9NlrrwFld5sw5DW3v+UjwVuV WajxMwAW+9l0hfNWW8g449te+STRxeInT8FKvCJFApVxC6otjYKEMzNLbRVZJxRS sj6jtmk3qW8JUqcIW9ETI6X3ArRpr4hPBBgRAgAPBQJFZadwAhsMBQkJZgGAAAoJ EIhgg11q73cPQ5cAnA+CYyAGb8v85J5VRXaVe3We50IiAJ45PJ4UNj34bMEfUVj8
C6KDyVuugA==
=bXqu
-----END PGP PUBLIC KEY BLOCK-----
for download your freedom: click here
FOR REGISTER : click here
DOWNLOAD YOUR FREEDOM USER GUIDE for WINDOWS 7
THANK YOU