Search the Community
Showing results for tags 'howto'.
Found 3 results
Goal We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection. Requirements Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too)the Android device does not have to be rootedGoogle PlayStore or the free & open source F-Droid market (recommended)OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary)Termux Terminal Emulator (FOSS)stunnel (FOSS), via Termux repositorya separate computer to download/edit the config files (entirely optional, but recommended) Setup instructions Part 1: generate AirVPN config files 1/7: open AirVPN's config generator. When asked for your operating system, pick Linux: 2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region. 3/7: Protocols: First, enable Advanced Mode: Now select the SSL mode, port 443: 4/7: Accept Terms of Service and generate the config files: 5/7: Download the generated zip archive: 6/7: unzip AirVPN.zip and open the *.ssl file in a text editor. find this line: pid = /tmp/stunnel4.pid replace it with: pid = /data/data/com.termux/files/home/stunnel4.pid 7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies. Part 2: Install and prepare Android software 1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet. 2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore open Termux and run: termux-setup-storageAllow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial).The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgradenow install stunnel: pkg install stunnel 3/3: Still in Termux, jump to the AirVPN folder you copied to your phone: cd storage/shared/AirVPNThe command lsshould list 3 files: AirVPN*.ovpn (the OpenVPN config file)AirVPN*.ssl (the stunnel config file)stunnel.crt (stunnel certificate)Now start stunnel: stunnel AirVPN*.ssl press the Home button to get out of Termux.Start OpenVPN and import the AirVPN*.ovpn config fileEdit your new OpenVPN connection (tap the "pencil button")in the ALLOWED APPS tab, tick the box next to Termuxreturn to OpenVPN's connection listyour VPN connection is now configured. A tap on its name will establish the connection.verify that a connection has been established by looking for the log entry Initialization Sequence Completedbrowse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnelHere's a short video, demonstrating the steps above: https://vimeo.com/246306477 Part 3: Usage instructions Now that everything is configured, future usage will be much easier: open Termuxnavigate to your AirVPN folder: cd storage/shared/AirVPNnow run stunnel: stunnel AirVPN*.sslPress the Home button and open the OpenVPN appConnect to your VPN profile Addendum: Tips as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel.don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date.To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass: you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets.enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard.you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN.you may want to consider AFWall+ for additional firewalling (root required)it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file: cd ~ mkdir st cd storage/shared/AirVPN cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running: cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run: cd ~/st stunnel AirVPN*.ssl Addendum: Caveats Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks. Addendum: Testing and bugs This tutorial has been tested on: Stock Android 6.0Stock Android 7.0Stock Android 8.0LineageOS 14.1 (~ Android 7.1.x)Fire OS 188.8.131.52 (~ Android 5.x), testing done by user steve74it Important Notice for Android 8.0+ (Oreo) users: The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage: https://github.com/termux/termux-app/issues/157#issuecomment-246659496 The workaround will no longer be necessary once this bug is resolved: https://github.com/termux/termux-packages/issues/1578 EDIT LOG Thu Dec 7 20:24 UTC 2017: initial releaseThu Dec 7 20:40 UTC 2017: formatting correctionsThu Dec 7 20:58 UTC 2017: spellingFri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-HarbingerFri Jan 5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you!Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you!Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it)Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it) Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
HowTo - Airvpn, Deluge, and Docker
bm9vbmUK posted a topic in General & SuggestionsEdit: Because this post continues to bring people to my github page, I'd like to make things a bit easier. I have pushed my images to Dockerhub, so you no longer need to build these images yourself. Unfortunately there are still a few manual steps. Here's a step-by-step to get this running: 1) You still need to install Docker and docker-compose as described below. 2) You need to grab two files from my repository. https://github.com/rahmnathan/docker/blob/master/deluge/docker-compose.yml and https://github.com/rahmnathan/docker/blob/master/deluge/airvpn/resolv.conf 3) In the docker-compose file that you grabbed, you need to set the USERNAME and PASSWORD environment variables to your AirVPN credentials. 4) In the docker-compose file that you grabbed, you need to update the 'volumes' section to point to the resolv.conf file that you grabbed. This file configures Air to use AirVpn's DNS servers. Normally this is automatic with eddie, but there are some issues in Docker that currently prevent this, so it needs to be mapped as a volume. 5) Run 'docker-compose up -d' in the directory of the docker-compose.yml file. More often than not, the airvpn container stops at 'Ready' before AirVPN connects. I haven't resolved this yet, but if you toggle 'docker-compose down'/'docker-compose up -d' a few times, it eventually goes through. If anyone knows why this is happening, please let me know or submit a pull request against my repo and I'd be happy to merge it. To expand on that, if anyone has any suggestions, I'd be happy to implement them or accept PRs. --------------------- After several days of grind, I was finally able to get my vpn/deluge Docker swarm working properly. The goal of this was to create an isolated/portable environment to use my vpn so I could run it without changing the external IP of everything else running on the host system. Fair warning, I'm terrible at how-to's... The first thing you'll want to do is install Docker and Docker Compose. I like DigitalOcean's guides for this.. Docker -> https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-16-04 Docker Compose -> https://www.digitalocean.com/community/tutorials/how-to-install-docker-compose-on-ubuntu-16-04 Now you can follow the instructions located here -> https://github.com/rahmnathan/docker . Brief Explanation: vpn - This image downloads, configures, and runs Air's Eddie client. deluge - This image downloads, configures, and runs the Deluge deamon. This image will use the network of the 'vpn' container, which is completely locked down outside of the docker swarm unless it's through the vpn. That brings us to... nginx - This image downloads, configures, and runs nginx. Because our swarm's network is isolated from the host's we need to utilize nginx as a reverse proxy to get into it. This is simply a gateway for us to access the Deluge daemon. Hopefully that's enough information for anyone interested to get started. The cool thing about this is you can force any container through the vpn while leaving the host machine/other containers running outside of the vpn. This gives us a very scalable, portable, isolated way to use the awesome service provided by Air. Feel free to ask questions and suggest edits. Thanks
howto: Linux + NetworkManager + stunnel
agarret posted a topic in General & SuggestionsHi, I've been using AirVPN for almost a year now and I am very pleased, thanks AirVPN. I need the SSL tunnel to be able to connect, which always meant manually starting stunnel and openvpn from console. (I know about Eddie, but no thanks, thats not my style . But today I figured out how to automaticly connect using a systemd service for stunnel and a slight route adjustment. Disclaimer: i am no network expert and might be doing something horribly wrong, but this works for me and seems legit. If you want to follow this guide, you should be familiar with these excellent guides: https://airvpn.org/ssl/ and https://airvpn.org/topic/11432-using-airvpn-with-ubuntu-network-manager/ 1. stunnel service 2. Add route to your network device 3. Import VPN 1.) Go to https://airvpn.org/generator/, select SSL, you know, the usual stuff Place the .ssl file and the certificate (.crt) somewhere (lets say /airvpn/airvpn.ssl and /airvpn/airvpn.crt) Create a file /etc/systemd/system/airvpn_stunnel.service [unit] Description=Stunnel [service] ExecStart=/bin/stunnel /airvpn/airvpn.ssl [install] WantedBy=default.target Enable the service systemctl enable airvpn_stunnel 2. Add a route to your connection (e.g. your ethernet connection) When you add a vpn connection all* connections go through the vpn tunnel, but your ssl tunnel should not! This is why you should add a route, that explicitly states to connect to your vpn server normally. Get your server ip ( <IP> ) Edit your connnection -> IPv4 -> Routes add a route with Address: <VPN Ip> Netmask: 255.255.255.255 Gateway: your 'normal' gateway, usually your router, something like 192.168.1.1 3. Import the .ovpn file (*chm chm* https://airvpn.org/topic/11432-using-airvpn-with-ubuntu-network-manager/) You should now be able to connect to your favorite VPN server through a ssl tunnel using networkmanager. Good luck - someonefromyourintranet