Jump to content
Not connected, Your IP: 34.229.76.193

sheivoko

Members2
  • Content Count

    214
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    28

Reputation Activity

  1. Like
    sheivoko got a reaction from st4r in Android OpenVPN DNS leak ipv6?   ...
    Check your VPN connection settings, is Use default Route enabled for IPv6?
     

  2. Like
    sheivoko got a reaction from st4r in Android OpenVPN DNS leak ipv6?   ...
    Check your VPN connection settings, is Use default Route enabled for IPv6?
     

  3. Like
    sheivoko got a reaction from Mad_Max in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    The *.ssl files contain server-specific entry IP addresses and the *.ovpn files contain server-specific route addresses. Therefore you can't mix *.ovpn and *.ssl files from different servers.
     
     
     
    It don't think it makes a difference at all. The main purpose of SSL/SSH modes is firewall/censorship circumvention, not security. If your ISP does not block or throttle direct OpenVPN connections, I see little reason to use SSL or SSH.
  4. Like
    sheivoko got a reaction from mrcs3ga in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Goal

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection.



    Requirements
     
    Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too) the Android device does not have to be rooted Google PlayStore or the free & open source F-Droid market (recommended) OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary) Termux Terminal Emulator (FOSS) stunnel (FOSS), via Termux repository a separate computer to download/edit the config files (entirely optional, but recommended)  


     
    Setup instructions

    Part 1: generate AirVPN config files


    1/7: open AirVPN's config generator. When asked for your operating system, pick Linux:
     
     



     
    2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region.
     




      
    3/7: Protocols: First, enable Advanced Mode:
     



     
     
    Now select the SSL mode, port 443:
     



     
    4/7: Accept Terms of Service and generate the config files:
     
     
     



     
    5/7: Download the generated zip archive:
     
     

     


     
    6/7: unzip AirVPN.zip and open the *.ssl file in a text editor.
    find this line:
    pid = /tmp/stunnel4.pid 
    replace it with:
    pid = /data/data/com.termux/files/home/stunnel4.pid


     
    7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies.
     



    Part 2: Install and prepare Android software

    1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet.
    2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore
     
    open Termux and run: termux-setup-storage Allow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial). The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgrade now install stunnel: pkg install stunnel


     3/3: Still in Termux, jump to the AirVPN folder you copied to your phone:
    cd storage/shared/AirVPNThe command
    lsshould list 3 files:
    AirVPN*.ovpn (the OpenVPN config file) AirVPN*.ssl  (the stunnel config file) stunnel.crt (stunnel certificate) Now start stunnel:
    stunnel AirVPN*.ssl 
    press the Home button to get out of Termux. Start OpenVPN and import the AirVPN*.ovpn config file Edit your new OpenVPN connection (tap the "pencil button") in the ALLOWED APPS tab, tick the box next to Termux return to OpenVPN's connection list your VPN connection is now configured. A tap on its name will establish the connection. verify that a connection has been established by looking for the log entry Initialization Sequence Completed browse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnel Here's a short video, demonstrating the steps above: https://vimeo.com/246306477
     
     



     
    Part 3: Usage instructions
     
    Now that everything is configured, future usage will be much easier:
     
    open Termux navigate to your AirVPN folder: cd storage/shared/AirVPN now run stunnel: stunnel AirVPN*.ssl Press the Home button and open the OpenVPN app Connect to your VPN profile



    Addendum: Tips 
    as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel. don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date. To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass:
     
    you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets. enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard. you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN. you may want to consider AFWall+ for additional firewalling (root required) it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file:

    cd ~ mkdir st         cd storage/shared/AirVPN         cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running:

    cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run:
     
    cd ~/st stunnel AirVPN*.ssl  
     



     Addendum: Caveats
     
    Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks.

     
     
    Addendum: Testing and bugs
    This tutorial has been tested on:
    Stock Android 6.0 Stock Android 7.0 Stock Android 8.0 LineageOS 14.1 (~ Android 7.1.x) Fire OS 5.6.0.0 (~ Android 5.x), testing done by user steve74it

    Important Notice for Android 8.0+ (Oreo) users:

    The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage:
    https://github.com/termux/termux-app/issues/157#issuecomment-246659496

    The workaround will no longer be necessary once this bug is resolved:
    https://github.com/termux/termux-packages/issues/1578
     


     
    EDIT LOG
    Thu Dec  7 20:24 UTC 2017: initial release Thu Dec  7 20:40 UTC 2017: formatting corrections Thu Dec  7 20:58 UTC 2017: spelling Fri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-Harbinger Fri Jan  5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you! Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you! Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it) Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it)  
    Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
  5. Like
    sheivoko got a reaction from Mad_Max in SSH-Tunneled VPN on Stock Android   ...
    Tutorial: SSH-Tunneled VPN on Stock Android
     
    0. Notes
     
    - no proprietary / commercial apps required. FOSS only! (Free and Open Source Software)
    - no root / custom ROM required
    - tested on Android 4.4.4
    - minimum requirement: Android 4.x
     
     
    1. Required apps
     
    - OpenVPN for Android
    - ConnectBot (any advanced SSH client will work, )
    - CyanogenMod File Manager (or pick any file manager you like)
    I highly recommend installing all of these apps via F-Droid, a Free Open Source Software platform:
    https://f-droid.org/

    In order to install F-Droid, you may need to temporarily "Allow installation of apps from unknown sources" in Android's security settings.
     
     
    2. Generate config files

    Use the AirVPN Generator (https://airvpn.org/generator/) to create SSH config files for Linux (not Android).
    Only pick one specific server.
    Screenshot #1: http://i.imgur.com/FWcuXH2.jpg


    3. Transfer config files
     
    We only need 2 out of the 3 generated files:
        - sshtunnel.key
        - the .ovpn profile
     
    Screenshot #2: http://i.imgur.com/p2L7T0l.jpg
    Transfer both of them to your Android's sdcard.
    Also, open the .ovpn file in a text editor and look for a line that starts with "route", it contains the server's IP - we will need it in step 5.
    Example:
     
    route 199.19.94.12 255.255.255.255 net_gateway
    That's the IP we will need.
     
     
    4. Import key file in ConnectBot

    Launch ConnectBot. Go into menu and "Manage Pubkeys".
    Screenshot #3: https://i.imgur.com/uGT3UgC.jpg
    Import the sshtunnel.key file.
    Screenshot #4: https://i.imgur.com/ZPYhI6V.jpg
     
     
    5. Configure SSH connection in ConnectBot

    Go to ConnectBot's main screen.
    At the bottom of the screen, enter:

    sshtunnel@199.19.94.12
    (Notice, that's the IP we took note of in step 3).
    Screenshot #5A: http://i.imgur.com/ludTDgv.jpg

    If the default port 22 is blocked, you can try an alternative port by appending it at the end:
    sshtunnel@199.19.94.12:80
    or
    sshtunnel@199.19.94.12:53

    - Press Enter on your keyboard. It will try to connect and ask you to continue. Choose "Yes".
    Screenshot #5B: http://i.imgur.com/UJNpB9n.jpg

    - Cancel the connection, we need to configure it now.
    Long-press the newly created connection and choose "Edit host".
    Screenshot #6: https://i.imgur.com/n3OtM2D.jpg

    - Change "Use pubkey authentication" to "sshtunnel.key".
    Screenshot #7: https://i.imgur.com/CwfFSoO.jpg

    - Disable the option "Start shell session"
    Screenshot #8: https://i.imgur.com/l2niHqG.jpg
    - Consider enabling the option "Stay connected".
     
     
    6. Configure SSH port forwarding
     
    - Go to ConnectBot's main screen.
    - Long-press the new connection again, but this time choose "Edit port forwards". "Add port forward" with the following values:
     
    Type: Local
    Source port: 1412
    Destination: 127.0.0.1:2018
    Screenshot #9: https://i.imgur.com/TBnsKQx.jpg
    - Press "Create port forward".
    Configuration of the SSH connection is now complete.
    - Go back to ConnectBot's main screen and tap the connection entry to establish a connection.
    Leave the ConnectBot app using your "home" button.
     
     
    7. Import OpenVPN config

    - Launch "OpenVPN for Android"
    - Tap the folder icon. In the "Open from" dialog, choose "File Manager"
      Screenshot #10: https://i.imgur.com/Nhc6fDa.jpg
     
    - Pick the AirVPN_...SSH-22.ovpn file
    - OpenVPN will present you with an "import log", tap the "Save" file to accept.
    - You may want to dive into the new profile's settings,
    go to "ROUTING" and enable "Use default route".
    - in the ALLOWED APPS tab, find and select ConnectBot to exclude it from OpenVPN's routing
     
     
    8. Start OpenVPN connection
     
    - In OpenVPN's main screen, tap the VPN profile to establish the connection.
    - Provided that the SSH connection is still running, OpenVPN will be able to connect. Congratulations
     
     
    9. How to connect / disconnect from now on

    When establishing a connection, always
    - start the SSH connection first
    - then launch OpenVPN
    When disconnecting, always
    - disconnect the OpenVPN connection first
    - then disconnect SSH in ConnectBot
     
     
    10. Thoughts on reliabilty and firewalling

    If avoiding network leaks is important to you: be careful on Android, especially on unreliable mobile or WiFi networks that might cause the connection to collapse quite often.

    I don't have a solution for this potential issue on stock Android, but if you're on a rooted device, you should absolutely consider installing AFWall+ (available in F-Droid).
    AFWall+ allows you to firewall individual apps, restricting their network access to VPN-only.    
    (You have to dive into its settings to enable VPN mode).
     
     
    Finally: Good luck!
  6. Like
    sheivoko got a reaction from 333_half_evil in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    @333_half_evil:
    That's correct, please select Linux instead of Android.
    If you selected Android, the SSL connection mode would be unavailable as it is not one of the officially supported modes for this platform. However, the generated config files for Linux work perfectly fine on Android. Only one adjustment is necessary, which is described in step #6 of part 1.
  7. Like
    sheivoko reacted to mdtx in ISO: Usenet Providers compatible with AirVPN (& have Block Accounts)   ...
    Some prudential due diligence, courtesy of the GreyCoder   : 

    All these four Usenet Service Providers have Block Accounts and all the four domains are accessible to AirVPN:

    https://greycoder.com/best-usenet-block-accounts-2017/

    Tweaknews (Backbone: HighWinds; Servers: Netherlands)

    https://www.tweaknews.eu/en/usenet-plans
    https://www.tweaknews.eu/en/support (FAQ)
    https://airvpn.org/routes/?q=tweaknews.eu

    NewsGroupDirect (Backbone: HighWinds; Servers: USA, Netherlands and Germany)

    https://newsgroupdirect.com/#pricing
    https://newsgroupdirect.com/faq
    https://airvpn.org/routes/?q=newsgroupdirect.com

    UsenetExpress (Backbone: Self-Tier1; Servers: USA)

    https://usenetexpress.com/plans/
    https://usenetexpress.com/faq/
    https://airvpn.org/routes/?q=usenetexpress.com

    XS News (Backbone: Abavia; Servers: Netherlands)

    https://www.xsnews.nl/en/products.html
    https://www.xsnews.nl/en/faq.html
    https://airvpn.org/routes/?q=xsnews.nl
  8. Like
    sheivoko got a reaction from mrcs3ga in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Goal

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection.



    Requirements
     
    Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too) the Android device does not have to be rooted Google PlayStore or the free & open source F-Droid market (recommended) OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary) Termux Terminal Emulator (FOSS) stunnel (FOSS), via Termux repository a separate computer to download/edit the config files (entirely optional, but recommended)  


     
    Setup instructions

    Part 1: generate AirVPN config files


    1/7: open AirVPN's config generator. When asked for your operating system, pick Linux:
     
     



     
    2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region.
     




      
    3/7: Protocols: First, enable Advanced Mode:
     



     
     
    Now select the SSL mode, port 443:
     



     
    4/7: Accept Terms of Service and generate the config files:
     
     
     



     
    5/7: Download the generated zip archive:
     
     

     


     
    6/7: unzip AirVPN.zip and open the *.ssl file in a text editor.
    find this line:
    pid = /tmp/stunnel4.pid 
    replace it with:
    pid = /data/data/com.termux/files/home/stunnel4.pid


     
    7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies.
     



    Part 2: Install and prepare Android software

    1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet.
    2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore
     
    open Termux and run: termux-setup-storage Allow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial). The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgrade now install stunnel: pkg install stunnel


     3/3: Still in Termux, jump to the AirVPN folder you copied to your phone:
    cd storage/shared/AirVPNThe command
    lsshould list 3 files:
    AirVPN*.ovpn (the OpenVPN config file) AirVPN*.ssl  (the stunnel config file) stunnel.crt (stunnel certificate) Now start stunnel:
    stunnel AirVPN*.ssl 
    press the Home button to get out of Termux. Start OpenVPN and import the AirVPN*.ovpn config file Edit your new OpenVPN connection (tap the "pencil button") in the ALLOWED APPS tab, tick the box next to Termux return to OpenVPN's connection list your VPN connection is now configured. A tap on its name will establish the connection. verify that a connection has been established by looking for the log entry Initialization Sequence Completed browse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnel Here's a short video, demonstrating the steps above: https://vimeo.com/246306477
     
     



     
    Part 3: Usage instructions
     
    Now that everything is configured, future usage will be much easier:
     
    open Termux navigate to your AirVPN folder: cd storage/shared/AirVPN now run stunnel: stunnel AirVPN*.ssl Press the Home button and open the OpenVPN app Connect to your VPN profile



    Addendum: Tips 
    as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel. don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date. To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass:
     
    you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets. enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard. you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN. you may want to consider AFWall+ for additional firewalling (root required) it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file:

    cd ~ mkdir st         cd storage/shared/AirVPN         cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running:

    cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run:
     
    cd ~/st stunnel AirVPN*.ssl  
     



     Addendum: Caveats
     
    Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks.

     
     
    Addendum: Testing and bugs
    This tutorial has been tested on:
    Stock Android 6.0 Stock Android 7.0 Stock Android 8.0 LineageOS 14.1 (~ Android 7.1.x) Fire OS 5.6.0.0 (~ Android 5.x), testing done by user steve74it

    Important Notice for Android 8.0+ (Oreo) users:

    The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage:
    https://github.com/termux/termux-app/issues/157#issuecomment-246659496

    The workaround will no longer be necessary once this bug is resolved:
    https://github.com/termux/termux-packages/issues/1578
     


     
    EDIT LOG
    Thu Dec  7 20:24 UTC 2017: initial release Thu Dec  7 20:40 UTC 2017: formatting corrections Thu Dec  7 20:58 UTC 2017: spelling Fri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-Harbinger Fri Jan  5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you! Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you! Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it) Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it)  
    Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
  9. Like
    sheivoko got a reaction from cljonesey in Amule/Emule Low ID   ...
    1. There is no need to open any ports on your router, in fact, exposing the same ports you forward through AirVPN might open you up to correlation attacks (read Air's P2P FAQ)
     
    2. aMule lets you choose the "Standard TCP Port" but the UDP port is always set to TCP port + 3 (if your TCP port is set to 30500, UDP port will be 30503). Use the "Suggest a range of sequential free ports" tool on airvpn.org/ports to find 4 free, sequential ports.
     
    3. According to the P2P FAQ you should also avoid remapping Air ports to different local ports (example: don't forward Air port 30500 to local port 34012, just go with the default, straight forwarding).
     
    4. After configuring both ports I instantly received a "High ID" on every eMule server I tried. I also tried both US and Swedish AirVPN servers, no issues.
  10. Like
    sheivoko reacted to mikevvl in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Welcome Always;)! 
     
     
     
    Ok. It's need to work w/o Termux:Widget & Up One stunnel on start Termux. The one to whom it is necessary - uses (and/or expand) it.
  11. Like
    sheivoko reacted to Staff in Multi key support and management available   ...
    Hello!
     
    We're very glad to announce that a new option has been added in your account "Client Area". You will find a menu item labeled "Devices / Keys".
     
    The "Devices / Keys" tab provides you with access to a new panel to administer your client certificate/key pairs. The panel lets you use a new multi-key support from AirVPN, a comfortable and convenient feature. From now on, you will be able to have multiple keys, renew them and issue completely new keys. From each device of yours you will be free to use any key you like.
     
    Therefore you can keep all of your keys under control, administer them and also connect multiple devices to the same server and port by using a different key on each device. Eddie 2.13.6 (current stable release) already implements in the Overview window a menu which will let you choose a key before you start a connection. It will appear automagically when you create a new key from your account control panel.
     
    The Configuration Generator has been modified as well, to let you generate configuration files with the certificate/key pair you wish.
     
    Let's see in details how to use the "Devices/Keys" options.
    Device Name and Description: this is a free name or description that you can associate to any key for your comfort. Columns Type, Creation date, Last renew date and Last VPN connection are informative. Renew: this is an action button. When you click it, the corresponding certificate/key pair will be revoked, and new ones will be issued. Delete: this action button will revoke the corresponding certificate, without issuing a new one. Add a new key: this action button will create a totally new certificate/key pair which will be added without revoking or renewing any pre-existing key. View history will toggle with View Active to provide you with any relevant information on the history of your actions about keys and the current active list.   
    Some caution when using these new features:
    if you revoke or renew a certificate/key which is being used by some connected device, that device will soon be disconnected in Eddie, you will need to log your account out and then in again to force Eddie to pick a different key (new or old)  
    Kind regards and datalove
    AirVPN Staff
  12. Like
    sheivoko got a reaction from mrcs3ga in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Goal

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection.



    Requirements
     
    Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too) the Android device does not have to be rooted Google PlayStore or the free & open source F-Droid market (recommended) OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary) Termux Terminal Emulator (FOSS) stunnel (FOSS), via Termux repository a separate computer to download/edit the config files (entirely optional, but recommended)  


     
    Setup instructions

    Part 1: generate AirVPN config files


    1/7: open AirVPN's config generator. When asked for your operating system, pick Linux:
     
     



     
    2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region.
     




      
    3/7: Protocols: First, enable Advanced Mode:
     



     
     
    Now select the SSL mode, port 443:
     



     
    4/7: Accept Terms of Service and generate the config files:
     
     
     



     
    5/7: Download the generated zip archive:
     
     

     


     
    6/7: unzip AirVPN.zip and open the *.ssl file in a text editor.
    find this line:
    pid = /tmp/stunnel4.pid 
    replace it with:
    pid = /data/data/com.termux/files/home/stunnel4.pid


     
    7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies.
     



    Part 2: Install and prepare Android software

    1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet.
    2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore
     
    open Termux and run: termux-setup-storage Allow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial). The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgrade now install stunnel: pkg install stunnel


     3/3: Still in Termux, jump to the AirVPN folder you copied to your phone:
    cd storage/shared/AirVPNThe command
    lsshould list 3 files:
    AirVPN*.ovpn (the OpenVPN config file) AirVPN*.ssl  (the stunnel config file) stunnel.crt (stunnel certificate) Now start stunnel:
    stunnel AirVPN*.ssl 
    press the Home button to get out of Termux. Start OpenVPN and import the AirVPN*.ovpn config file Edit your new OpenVPN connection (tap the "pencil button") in the ALLOWED APPS tab, tick the box next to Termux return to OpenVPN's connection list your VPN connection is now configured. A tap on its name will establish the connection. verify that a connection has been established by looking for the log entry Initialization Sequence Completed browse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnel Here's a short video, demonstrating the steps above: https://vimeo.com/246306477
     
     



     
    Part 3: Usage instructions
     
    Now that everything is configured, future usage will be much easier:
     
    open Termux navigate to your AirVPN folder: cd storage/shared/AirVPN now run stunnel: stunnel AirVPN*.ssl Press the Home button and open the OpenVPN app Connect to your VPN profile



    Addendum: Tips 
    as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel. don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date. To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass:
     
    you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets. enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard. you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN. you may want to consider AFWall+ for additional firewalling (root required) it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file:

    cd ~ mkdir st         cd storage/shared/AirVPN         cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running:

    cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run:
     
    cd ~/st stunnel AirVPN*.ssl  
     



     Addendum: Caveats
     
    Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks.

     
     
    Addendum: Testing and bugs
    This tutorial has been tested on:
    Stock Android 6.0 Stock Android 7.0 Stock Android 8.0 LineageOS 14.1 (~ Android 7.1.x) Fire OS 5.6.0.0 (~ Android 5.x), testing done by user steve74it

    Important Notice for Android 8.0+ (Oreo) users:

    The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage:
    https://github.com/termux/termux-app/issues/157#issuecomment-246659496

    The workaround will no longer be necessary once this bug is resolved:
    https://github.com/termux/termux-packages/issues/1578
     


     
    EDIT LOG
    Thu Dec  7 20:24 UTC 2017: initial release Thu Dec  7 20:40 UTC 2017: formatting corrections Thu Dec  7 20:58 UTC 2017: spelling Fri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-Harbinger Fri Jan  5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you! Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you! Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it) Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it)  
    Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
  13. Like
    sheivoko got a reaction from B3nB3n in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    I think I know why: You're calling /bin/bash which likely does not exist on your phone. The shebang line (#!/bin/bash) is not necessary here, just leave it out. I've created a quick tutorial for Termux:Widget, including a small video, please try it out and compare it to your approach:
     
    Termux:Widget usage
     
    The following steps assume that you have successfully followed the main tutorial.
    Instead of manually typing the two commands necessary to launch stunnel, we can do the same with a script. A script is nothing more than a text file that contains the commands we need to run.
     
    Here is a video on Vimeo that demonstrates steps 3 to 6.
     
    1. Create a text file with the following contents. Please adjust the second line to whatever server you happen to be using! For this tutorial, I'll be using the server BE-Brussels_Capricornus:
    cd storage/shared/AirVPN stunnel AirVPN_BE-Brussels_Capricornus_SSL-443.ssl 2. Save the file; choose whatever file name you want, but make sure you use the .sh file extension. For this tutorial, I'll name the file:
    capricornus.sh Put your file into the AirVPN folder on your phone (the same folder you have already been using for the main tutorial).
     
    3. Open Termux and run:
    cd This makes sure we are in stunnel's home directory. Now run:
    mkdir .shortcuts This will create a (hidden) folder that is required for Termux:Widget. That's where we need to copy our script to:
    cp storage/shared/AirVPN/capricornus.sh .shortcuts 4. Leave Termux. Now install Termux:Widget from your preferred app store (FDroid or Google Play)
     
    5. On your phone's home screen, enter your widget/wallpaper settings by long-pressing on a free spot on your home screen. Tap the WIDGETS button and find the Termux:Widget item.
    Drag one of the Termux:Widget items onto your home screen. For this tutorial, I'll use the "All shortcuts 2x2" option.
     
    6. You should now see your script listed within that new widget on your home screen. Tap on your script to run it.
    7. You can add and use as many .sh scripts for different stunnel connections as you like, as long as you also create/generate the corresponding .ovpn and .ssl files.
  14. Like
    sheivoko got a reaction from mrcs3ga in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Goal

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection.



    Requirements
     
    Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too) the Android device does not have to be rooted Google PlayStore or the free & open source F-Droid market (recommended) OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary) Termux Terminal Emulator (FOSS) stunnel (FOSS), via Termux repository a separate computer to download/edit the config files (entirely optional, but recommended)  


     
    Setup instructions

    Part 1: generate AirVPN config files


    1/7: open AirVPN's config generator. When asked for your operating system, pick Linux:
     
     



     
    2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region.
     




      
    3/7: Protocols: First, enable Advanced Mode:
     



     
     
    Now select the SSL mode, port 443:
     



     
    4/7: Accept Terms of Service and generate the config files:
     
     
     



     
    5/7: Download the generated zip archive:
     
     

     


     
    6/7: unzip AirVPN.zip and open the *.ssl file in a text editor.
    find this line:
    pid = /tmp/stunnel4.pid 
    replace it with:
    pid = /data/data/com.termux/files/home/stunnel4.pid


     
    7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies.
     



    Part 2: Install and prepare Android software

    1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet.
    2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore
     
    open Termux and run: termux-setup-storage Allow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial). The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgrade now install stunnel: pkg install stunnel


     3/3: Still in Termux, jump to the AirVPN folder you copied to your phone:
    cd storage/shared/AirVPNThe command
    lsshould list 3 files:
    AirVPN*.ovpn (the OpenVPN config file) AirVPN*.ssl  (the stunnel config file) stunnel.crt (stunnel certificate) Now start stunnel:
    stunnel AirVPN*.ssl 
    press the Home button to get out of Termux. Start OpenVPN and import the AirVPN*.ovpn config file Edit your new OpenVPN connection (tap the "pencil button") in the ALLOWED APPS tab, tick the box next to Termux return to OpenVPN's connection list your VPN connection is now configured. A tap on its name will establish the connection. verify that a connection has been established by looking for the log entry Initialization Sequence Completed browse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnel Here's a short video, demonstrating the steps above: https://vimeo.com/246306477
     
     



     
    Part 3: Usage instructions
     
    Now that everything is configured, future usage will be much easier:
     
    open Termux navigate to your AirVPN folder: cd storage/shared/AirVPN now run stunnel: stunnel AirVPN*.ssl Press the Home button and open the OpenVPN app Connect to your VPN profile



    Addendum: Tips 
    as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel. don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date. To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass:
     
    you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets. enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard. you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN. you may want to consider AFWall+ for additional firewalling (root required) it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file:

    cd ~ mkdir st         cd storage/shared/AirVPN         cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running:

    cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run:
     
    cd ~/st stunnel AirVPN*.ssl  
     



     Addendum: Caveats
     
    Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks.

     
     
    Addendum: Testing and bugs
    This tutorial has been tested on:
    Stock Android 6.0 Stock Android 7.0 Stock Android 8.0 LineageOS 14.1 (~ Android 7.1.x) Fire OS 5.6.0.0 (~ Android 5.x), testing done by user steve74it

    Important Notice for Android 8.0+ (Oreo) users:

    The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage:
    https://github.com/termux/termux-app/issues/157#issuecomment-246659496

    The workaround will no longer be necessary once this bug is resolved:
    https://github.com/termux/termux-packages/issues/1578
     


     
    EDIT LOG
    Thu Dec  7 20:24 UTC 2017: initial release Thu Dec  7 20:40 UTC 2017: formatting corrections Thu Dec  7 20:58 UTC 2017: spelling Fri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-Harbinger Fri Jan  5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you! Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you! Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it) Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it)  
    Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
  15. Like
    sheivoko got a reaction from snaggle in SSH-Tunneled VPN on Stock Android   ...
    First off, sorry for not maintaining this thread, although the broad strokes of this guide still work to this day. I may write a new one if time permits.
     
     
     
    I assume both of you want to want connect to Air's servers on port 443, using SSH?
    That's currently not possible, but it's got nothing to do with your local port forwarding: Air's servers simply don't accept SSH connections on port 443.
    The Config Generator only lists ports 22, 80, 53 and 38915 for SSH. I'd suggest opening a ticket to ask staff about the possibilities of SSH on 443.
  16. Like
    sheivoko got a reaction from mrcs3ga in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Goal

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection.



    Requirements
     
    Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too) the Android device does not have to be rooted Google PlayStore or the free & open source F-Droid market (recommended) OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary) Termux Terminal Emulator (FOSS) stunnel (FOSS), via Termux repository a separate computer to download/edit the config files (entirely optional, but recommended)  


     
    Setup instructions

    Part 1: generate AirVPN config files


    1/7: open AirVPN's config generator. When asked for your operating system, pick Linux:
     
     



     
    2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region.
     




      
    3/7: Protocols: First, enable Advanced Mode:
     



     
     
    Now select the SSL mode, port 443:
     



     
    4/7: Accept Terms of Service and generate the config files:
     
     
     



     
    5/7: Download the generated zip archive:
     
     

     


     
    6/7: unzip AirVPN.zip and open the *.ssl file in a text editor.
    find this line:
    pid = /tmp/stunnel4.pid 
    replace it with:
    pid = /data/data/com.termux/files/home/stunnel4.pid


     
    7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies.
     



    Part 2: Install and prepare Android software

    1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet.
    2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore
     
    open Termux and run: termux-setup-storage Allow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial). The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgrade now install stunnel: pkg install stunnel


     3/3: Still in Termux, jump to the AirVPN folder you copied to your phone:
    cd storage/shared/AirVPNThe command
    lsshould list 3 files:
    AirVPN*.ovpn (the OpenVPN config file) AirVPN*.ssl  (the stunnel config file) stunnel.crt (stunnel certificate) Now start stunnel:
    stunnel AirVPN*.ssl 
    press the Home button to get out of Termux. Start OpenVPN and import the AirVPN*.ovpn config file Edit your new OpenVPN connection (tap the "pencil button") in the ALLOWED APPS tab, tick the box next to Termux return to OpenVPN's connection list your VPN connection is now configured. A tap on its name will establish the connection. verify that a connection has been established by looking for the log entry Initialization Sequence Completed browse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnel Here's a short video, demonstrating the steps above: https://vimeo.com/246306477
     
     



     
    Part 3: Usage instructions
     
    Now that everything is configured, future usage will be much easier:
     
    open Termux navigate to your AirVPN folder: cd storage/shared/AirVPN now run stunnel: stunnel AirVPN*.ssl Press the Home button and open the OpenVPN app Connect to your VPN profile



    Addendum: Tips 
    as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel. don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date. To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass:
     
    you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets. enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard. you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN. you may want to consider AFWall+ for additional firewalling (root required) it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file:

    cd ~ mkdir st         cd storage/shared/AirVPN         cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running:

    cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run:
     
    cd ~/st stunnel AirVPN*.ssl  
     



     Addendum: Caveats
     
    Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks.

     
     
    Addendum: Testing and bugs
    This tutorial has been tested on:
    Stock Android 6.0 Stock Android 7.0 Stock Android 8.0 LineageOS 14.1 (~ Android 7.1.x) Fire OS 5.6.0.0 (~ Android 5.x), testing done by user steve74it

    Important Notice for Android 8.0+ (Oreo) users:

    The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage:
    https://github.com/termux/termux-app/issues/157#issuecomment-246659496

    The workaround will no longer be necessary once this bug is resolved:
    https://github.com/termux/termux-packages/issues/1578
     


     
    EDIT LOG
    Thu Dec  7 20:24 UTC 2017: initial release Thu Dec  7 20:40 UTC 2017: formatting corrections Thu Dec  7 20:58 UTC 2017: spelling Fri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-Harbinger Fri Jan  5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you! Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you! Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it) Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it)  
    Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
  17. Like
    sheivoko reacted to LZ1 in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Hello!
     
    Thank you. What an absolutely stellar guide. The formatting alone is fantastic!
     
    I hope you won't mind that I add it to my own guide's index.
  18. Like
    sheivoko got a reaction from LZ1 in [How-To] [OBSOLETE] AirVPN through stunnel on Android   ...
    Attention everybody: A new and improved version of this tutorial  can be found here:
    https://airvpn.org/topic/24349-how-to-airvpn-via-sslstunnel-on-android-678/
  19. Like
    sheivoko got a reaction from mrcs3ga in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Goal

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection.



    Requirements
     
    Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too) the Android device does not have to be rooted Google PlayStore or the free & open source F-Droid market (recommended) OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary) Termux Terminal Emulator (FOSS) stunnel (FOSS), via Termux repository a separate computer to download/edit the config files (entirely optional, but recommended)  


     
    Setup instructions

    Part 1: generate AirVPN config files


    1/7: open AirVPN's config generator. When asked for your operating system, pick Linux:
     
     



     
    2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region.
     




      
    3/7: Protocols: First, enable Advanced Mode:
     



     
     
    Now select the SSL mode, port 443:
     



     
    4/7: Accept Terms of Service and generate the config files:
     
     
     



     
    5/7: Download the generated zip archive:
     
     

     


     
    6/7: unzip AirVPN.zip and open the *.ssl file in a text editor.
    find this line:
    pid = /tmp/stunnel4.pid 
    replace it with:
    pid = /data/data/com.termux/files/home/stunnel4.pid


     
    7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies.
     



    Part 2: Install and prepare Android software

    1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet.
    2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore
     
    open Termux and run: termux-setup-storage Allow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial). The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgrade now install stunnel: pkg install stunnel


     3/3: Still in Termux, jump to the AirVPN folder you copied to your phone:
    cd storage/shared/AirVPNThe command
    lsshould list 3 files:
    AirVPN*.ovpn (the OpenVPN config file) AirVPN*.ssl  (the stunnel config file) stunnel.crt (stunnel certificate) Now start stunnel:
    stunnel AirVPN*.ssl 
    press the Home button to get out of Termux. Start OpenVPN and import the AirVPN*.ovpn config file Edit your new OpenVPN connection (tap the "pencil button") in the ALLOWED APPS tab, tick the box next to Termux return to OpenVPN's connection list your VPN connection is now configured. A tap on its name will establish the connection. verify that a connection has been established by looking for the log entry Initialization Sequence Completed browse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnel Here's a short video, demonstrating the steps above: https://vimeo.com/246306477
     
     



     
    Part 3: Usage instructions
     
    Now that everything is configured, future usage will be much easier:
     
    open Termux navigate to your AirVPN folder: cd storage/shared/AirVPN now run stunnel: stunnel AirVPN*.ssl Press the Home button and open the OpenVPN app Connect to your VPN profile



    Addendum: Tips 
    as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel. don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date. To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass:
     
    you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets. enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard. you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN. you may want to consider AFWall+ for additional firewalling (root required) it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file:

    cd ~ mkdir st         cd storage/shared/AirVPN         cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running:

    cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run:
     
    cd ~/st stunnel AirVPN*.ssl  
     



     Addendum: Caveats
     
    Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks.

     
     
    Addendum: Testing and bugs
    This tutorial has been tested on:
    Stock Android 6.0 Stock Android 7.0 Stock Android 8.0 LineageOS 14.1 (~ Android 7.1.x) Fire OS 5.6.0.0 (~ Android 5.x), testing done by user steve74it

    Important Notice for Android 8.0+ (Oreo) users:

    The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage:
    https://github.com/termux/termux-app/issues/157#issuecomment-246659496

    The workaround will no longer be necessary once this bug is resolved:
    https://github.com/termux/termux-packages/issues/1578
     


     
    EDIT LOG
    Thu Dec  7 20:24 UTC 2017: initial release Thu Dec  7 20:40 UTC 2017: formatting corrections Thu Dec  7 20:58 UTC 2017: spelling Fri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-Harbinger Fri Jan  5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you! Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you! Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it) Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it)  
    Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
  20. Like
    sheivoko got a reaction from mrcs3ga in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Goal

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection.



    Requirements
     
    Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too) the Android device does not have to be rooted Google PlayStore or the free & open source F-Droid market (recommended) OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary) Termux Terminal Emulator (FOSS) stunnel (FOSS), via Termux repository a separate computer to download/edit the config files (entirely optional, but recommended)  


     
    Setup instructions

    Part 1: generate AirVPN config files


    1/7: open AirVPN's config generator. When asked for your operating system, pick Linux:
     
     



     
    2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region.
     




      
    3/7: Protocols: First, enable Advanced Mode:
     



     
     
    Now select the SSL mode, port 443:
     



     
    4/7: Accept Terms of Service and generate the config files:
     
     
     



     
    5/7: Download the generated zip archive:
     
     

     


     
    6/7: unzip AirVPN.zip and open the *.ssl file in a text editor.
    find this line:
    pid = /tmp/stunnel4.pid 
    replace it with:
    pid = /data/data/com.termux/files/home/stunnel4.pid


     
    7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies.
     



    Part 2: Install and prepare Android software

    1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet.
    2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore
     
    open Termux and run: termux-setup-storage Allow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial). The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgrade now install stunnel: pkg install stunnel


     3/3: Still in Termux, jump to the AirVPN folder you copied to your phone:
    cd storage/shared/AirVPNThe command
    lsshould list 3 files:
    AirVPN*.ovpn (the OpenVPN config file) AirVPN*.ssl  (the stunnel config file) stunnel.crt (stunnel certificate) Now start stunnel:
    stunnel AirVPN*.ssl 
    press the Home button to get out of Termux. Start OpenVPN and import the AirVPN*.ovpn config file Edit your new OpenVPN connection (tap the "pencil button") in the ALLOWED APPS tab, tick the box next to Termux return to OpenVPN's connection list your VPN connection is now configured. A tap on its name will establish the connection. verify that a connection has been established by looking for the log entry Initialization Sequence Completed browse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnel Here's a short video, demonstrating the steps above: https://vimeo.com/246306477
     
     



     
    Part 3: Usage instructions
     
    Now that everything is configured, future usage will be much easier:
     
    open Termux navigate to your AirVPN folder: cd storage/shared/AirVPN now run stunnel: stunnel AirVPN*.ssl Press the Home button and open the OpenVPN app Connect to your VPN profile



    Addendum: Tips 
    as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel. don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date. To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass:
     
    you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets. enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard. you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN. you may want to consider AFWall+ for additional firewalling (root required) it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file:

    cd ~ mkdir st         cd storage/shared/AirVPN         cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running:

    cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run:
     
    cd ~/st stunnel AirVPN*.ssl  
     



     Addendum: Caveats
     
    Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks.

     
     
    Addendum: Testing and bugs
    This tutorial has been tested on:
    Stock Android 6.0 Stock Android 7.0 Stock Android 8.0 LineageOS 14.1 (~ Android 7.1.x) Fire OS 5.6.0.0 (~ Android 5.x), testing done by user steve74it

    Important Notice for Android 8.0+ (Oreo) users:

    The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage:
    https://github.com/termux/termux-app/issues/157#issuecomment-246659496

    The workaround will no longer be necessary once this bug is resolved:
    https://github.com/termux/termux-packages/issues/1578
     


     
    EDIT LOG
    Thu Dec  7 20:24 UTC 2017: initial release Thu Dec  7 20:40 UTC 2017: formatting corrections Thu Dec  7 20:58 UTC 2017: spelling Fri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-Harbinger Fri Jan  5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you! Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you! Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it) Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it)  
    Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
  21. Like
    sheivoko reacted to jean claud in Firefox Quantum is out   ...
    Just a little recapitulation of some privacy extensions supported by Firefox 57:

    * decentraleyes (Mozilla Public License, version 2.0)
    * Disconnect (GPLV3) or Privacy Badger (GPLV3)
    * Https everywhere (Custom License)
    * Canvas Defender (BSD License) or Shape Shifter (GPLV3) or CanvasBlocker (MPLV2)
    * User Agent Switcher (GPLV3) or User-Agent Switcher  (MPLV2) or Custom User-Agent (Revived)  (MPLV2)
    * Noscript (GPLV2) or No-Script Suite Lite (revived)  (MPLV2) or Whitelist or Blacklist JavaScript (GPLV3) or Policy Control - JavaScript and Flash blocker (MPLV2)
    * uBlock Origin (GPLV3) + uBO-Scope (GPLV3)
    * Cookie AutoDelete (MIT/X11 License) or Cookie Cleaner (Cookie Eraser)  (MPLV2) ou EditThisCookie  (GPLV3) ou Remove Cookies Button (licence BSD)
    * pure-url (GPLV3) or Neat URL (GPLV2) ) or au-revoir-utm (WTFPLV2) or Link Cleaner (GPLV3) or ClearURLs (MPLV2)
    * Smart Referer (WTFPLV2)
    ​* Umatrix version 1.0.0 (GPLV3)

  22. Like
    sheivoko got a reaction from mrcs3ga in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Goal

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection.



    Requirements
     
    Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too) the Android device does not have to be rooted Google PlayStore or the free & open source F-Droid market (recommended) OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary) Termux Terminal Emulator (FOSS) stunnel (FOSS), via Termux repository a separate computer to download/edit the config files (entirely optional, but recommended)  


     
    Setup instructions

    Part 1: generate AirVPN config files


    1/7: open AirVPN's config generator. When asked for your operating system, pick Linux:
     
     



     
    2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region.
     




      
    3/7: Protocols: First, enable Advanced Mode:
     



     
     
    Now select the SSL mode, port 443:
     



     
    4/7: Accept Terms of Service and generate the config files:
     
     
     



     
    5/7: Download the generated zip archive:
     
     

     


     
    6/7: unzip AirVPN.zip and open the *.ssl file in a text editor.
    find this line:
    pid = /tmp/stunnel4.pid 
    replace it with:
    pid = /data/data/com.termux/files/home/stunnel4.pid


     
    7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies.
     



    Part 2: Install and prepare Android software

    1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet.
    2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore
     
    open Termux and run: termux-setup-storage Allow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial). The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgrade now install stunnel: pkg install stunnel


     3/3: Still in Termux, jump to the AirVPN folder you copied to your phone:
    cd storage/shared/AirVPNThe command
    lsshould list 3 files:
    AirVPN*.ovpn (the OpenVPN config file) AirVPN*.ssl  (the stunnel config file) stunnel.crt (stunnel certificate) Now start stunnel:
    stunnel AirVPN*.ssl 
    press the Home button to get out of Termux. Start OpenVPN and import the AirVPN*.ovpn config file Edit your new OpenVPN connection (tap the "pencil button") in the ALLOWED APPS tab, tick the box next to Termux return to OpenVPN's connection list your VPN connection is now configured. A tap on its name will establish the connection. verify that a connection has been established by looking for the log entry Initialization Sequence Completed browse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnel Here's a short video, demonstrating the steps above: https://vimeo.com/246306477
     
     



     
    Part 3: Usage instructions
     
    Now that everything is configured, future usage will be much easier:
     
    open Termux navigate to your AirVPN folder: cd storage/shared/AirVPN now run stunnel: stunnel AirVPN*.ssl Press the Home button and open the OpenVPN app Connect to your VPN profile



    Addendum: Tips 
    as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel. don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date. To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass:
     
    you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets. enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard. you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN. you may want to consider AFWall+ for additional firewalling (root required) it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file:

    cd ~ mkdir st         cd storage/shared/AirVPN         cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running:

    cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run:
     
    cd ~/st stunnel AirVPN*.ssl  
     



     Addendum: Caveats
     
    Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks.

     
     
    Addendum: Testing and bugs
    This tutorial has been tested on:
    Stock Android 6.0 Stock Android 7.0 Stock Android 8.0 LineageOS 14.1 (~ Android 7.1.x) Fire OS 5.6.0.0 (~ Android 5.x), testing done by user steve74it

    Important Notice for Android 8.0+ (Oreo) users:

    The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage:
    https://github.com/termux/termux-app/issues/157#issuecomment-246659496

    The workaround will no longer be necessary once this bug is resolved:
    https://github.com/termux/termux-packages/issues/1578
     


     
    EDIT LOG
    Thu Dec  7 20:24 UTC 2017: initial release Thu Dec  7 20:40 UTC 2017: formatting corrections Thu Dec  7 20:58 UTC 2017: spelling Fri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-Harbinger Fri Jan  5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you! Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you! Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it) Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it)  
    Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
  23. Like
    sheivoko reacted to DarkSpace-Harbinger in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    One other thing that should be mentioned, in OpenVPN for Android you have to have "Bypass VPN for local networks" unchecked.
     
    This option has exposed my IPv6 address in the past.
     
    Your also going to want use default route checked for IPv4 and IPv6 checked as well.
  24. Like
    sheivoko got a reaction from mrcs3ga in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Goal

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection.



    Requirements
     
    Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too) the Android device does not have to be rooted Google PlayStore or the free & open source F-Droid market (recommended) OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary) Termux Terminal Emulator (FOSS) stunnel (FOSS), via Termux repository a separate computer to download/edit the config files (entirely optional, but recommended)  


     
    Setup instructions

    Part 1: generate AirVPN config files


    1/7: open AirVPN's config generator. When asked for your operating system, pick Linux:
     
     



     
    2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region.
     




      
    3/7: Protocols: First, enable Advanced Mode:
     



     
     
    Now select the SSL mode, port 443:
     



     
    4/7: Accept Terms of Service and generate the config files:
     
     
     



     
    5/7: Download the generated zip archive:
     
     

     


     
    6/7: unzip AirVPN.zip and open the *.ssl file in a text editor.
    find this line:
    pid = /tmp/stunnel4.pid 
    replace it with:
    pid = /data/data/com.termux/files/home/stunnel4.pid


     
    7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies.
     



    Part 2: Install and prepare Android software

    1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet.
    2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore
     
    open Termux and run: termux-setup-storage Allow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial). The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgrade now install stunnel: pkg install stunnel


     3/3: Still in Termux, jump to the AirVPN folder you copied to your phone:
    cd storage/shared/AirVPNThe command
    lsshould list 3 files:
    AirVPN*.ovpn (the OpenVPN config file) AirVPN*.ssl  (the stunnel config file) stunnel.crt (stunnel certificate) Now start stunnel:
    stunnel AirVPN*.ssl 
    press the Home button to get out of Termux. Start OpenVPN and import the AirVPN*.ovpn config file Edit your new OpenVPN connection (tap the "pencil button") in the ALLOWED APPS tab, tick the box next to Termux return to OpenVPN's connection list your VPN connection is now configured. A tap on its name will establish the connection. verify that a connection has been established by looking for the log entry Initialization Sequence Completed browse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnel Here's a short video, demonstrating the steps above: https://vimeo.com/246306477
     
     



     
    Part 3: Usage instructions
     
    Now that everything is configured, future usage will be much easier:
     
    open Termux navigate to your AirVPN folder: cd storage/shared/AirVPN now run stunnel: stunnel AirVPN*.ssl Press the Home button and open the OpenVPN app Connect to your VPN profile



    Addendum: Tips 
    as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel. don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date. To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass:
     
    you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets. enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard. you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN. you may want to consider AFWall+ for additional firewalling (root required) it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file:

    cd ~ mkdir st         cd storage/shared/AirVPN         cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running:

    cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run:
     
    cd ~/st stunnel AirVPN*.ssl  
     



     Addendum: Caveats
     
    Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks.

     
     
    Addendum: Testing and bugs
    This tutorial has been tested on:
    Stock Android 6.0 Stock Android 7.0 Stock Android 8.0 LineageOS 14.1 (~ Android 7.1.x) Fire OS 5.6.0.0 (~ Android 5.x), testing done by user steve74it

    Important Notice for Android 8.0+ (Oreo) users:

    The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage:
    https://github.com/termux/termux-app/issues/157#issuecomment-246659496

    The workaround will no longer be necessary once this bug is resolved:
    https://github.com/termux/termux-packages/issues/1578
     


     
    EDIT LOG
    Thu Dec  7 20:24 UTC 2017: initial release Thu Dec  7 20:40 UTC 2017: formatting corrections Thu Dec  7 20:58 UTC 2017: spelling Fri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-Harbinger Fri Jan  5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you! Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you! Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it) Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it)  
    Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
  25. Like
    sheivoko got a reaction from mrcs3ga in [How-To] AirVPN via SSL/stunnel on Android 6/7/8   ...
    Goal

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection.



    Requirements
     
    Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too) the Android device does not have to be rooted Google PlayStore or the free & open source F-Droid market (recommended) OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary) Termux Terminal Emulator (FOSS) stunnel (FOSS), via Termux repository a separate computer to download/edit the config files (entirely optional, but recommended)  


     
    Setup instructions

    Part 1: generate AirVPN config files


    1/7: open AirVPN's config generator. When asked for your operating system, pick Linux:
     
     



     
    2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region.
     




      
    3/7: Protocols: First, enable Advanced Mode:
     



     
     
    Now select the SSL mode, port 443:
     



     
    4/7: Accept Terms of Service and generate the config files:
     
     
     



     
    5/7: Download the generated zip archive:
     
     

     


     
    6/7: unzip AirVPN.zip and open the *.ssl file in a text editor.
    find this line:
    pid = /tmp/stunnel4.pid 
    replace it with:
    pid = /data/data/com.termux/files/home/stunnel4.pid


     
    7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies.
     



    Part 2: Install and prepare Android software

    1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet.
    2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore
     
    open Termux and run: termux-setup-storage Allow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial). The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgrade now install stunnel: pkg install stunnel


     3/3: Still in Termux, jump to the AirVPN folder you copied to your phone:
    cd storage/shared/AirVPNThe command
    lsshould list 3 files:
    AirVPN*.ovpn (the OpenVPN config file) AirVPN*.ssl  (the stunnel config file) stunnel.crt (stunnel certificate) Now start stunnel:
    stunnel AirVPN*.ssl 
    press the Home button to get out of Termux. Start OpenVPN and import the AirVPN*.ovpn config file Edit your new OpenVPN connection (tap the "pencil button") in the ALLOWED APPS tab, tick the box next to Termux return to OpenVPN's connection list your VPN connection is now configured. A tap on its name will establish the connection. verify that a connection has been established by looking for the log entry Initialization Sequence Completed browse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnel Here's a short video, demonstrating the steps above: https://vimeo.com/246306477
     
     



     
    Part 3: Usage instructions
     
    Now that everything is configured, future usage will be much easier:
     
    open Termux navigate to your AirVPN folder: cd storage/shared/AirVPN now run stunnel: stunnel AirVPN*.ssl Press the Home button and open the OpenVPN app Connect to your VPN profile



    Addendum: Tips 
    as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel. don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date. To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass:
     
    you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets. enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard. you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN. you may want to consider AFWall+ for additional firewalling (root required) it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file:

    cd ~ mkdir st         cd storage/shared/AirVPN         cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running:

    cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run:
     
    cd ~/st stunnel AirVPN*.ssl  
     



     Addendum: Caveats
     
    Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks.

     
     
    Addendum: Testing and bugs
    This tutorial has been tested on:
    Stock Android 6.0 Stock Android 7.0 Stock Android 8.0 LineageOS 14.1 (~ Android 7.1.x) Fire OS 5.6.0.0 (~ Android 5.x), testing done by user steve74it

    Important Notice for Android 8.0+ (Oreo) users:

    The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage:
    https://github.com/termux/termux-app/issues/157#issuecomment-246659496

    The workaround will no longer be necessary once this bug is resolved:
    https://github.com/termux/termux-packages/issues/1578
     


     
    EDIT LOG
    Thu Dec  7 20:24 UTC 2017: initial release Thu Dec  7 20:40 UTC 2017: formatting corrections Thu Dec  7 20:58 UTC 2017: spelling Fri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-Harbinger Fri Jan  5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you! Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you! Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it) Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it)  
    Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
×
×
  • Create New...