OpenVPN

Restrictions

Nobody likes spam, and due to numerous cases of malware installed on the computers of people using our VPN, we have unfortunately found it necessary to restrict certain types of traffic. The following restrictions are in place while connecting to the VPN:

  • All outbound email not using IMAP or a web email client will be blocked
  • The number of SSH connections that can be made at a given time has been limited

Security

It is advisable to make sure that your OpenVPN client is always up to date, so it contains all the latest security patches. The servers are also being updated regularly, which requires no action from you.

Please be aware that the servers are currently not using very strong methods for authentication and encryption of the data transport. This means your traffic will be encrypted, but using relatively basic methods, which can't be assumed as being very secure. It's currently not possible to enforce stronger settings by changing the client configuration.

  • The control channel is using TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
  • The data channel is using cipher BF-CBC with a 128 bit key (Using 160 bit message hash 'SHA1' for HMAC authentication)

Improving the configuration is planned. As soon as there will be new standard settings applied, it will be reflected in this wiki. It will be necessary to re-download your configuration file below then.

Windows

  • Download the OpenVPN client.
  • Install with the default options
  • Download your configuration file: Windows 7 or higher, Windows Vista, Windows XP
  • Place your configuration file in C:\Program Files\OpenVPN\config\
  • Run "OpenVPN GUI" from your Start Menu. If you are not a system administrator, you will need to right-click the shortcut and select "Run as administrator". You can make sure it always runs as an administrator by going to the shortcut properties' Compatibility tab, and checking "Run this program as an administrator". OpenVPN needs administrator access to correctly route your traffic through the VPN.
  • Right-click the OpenVPN GUI icon in your status bar and choose "Connect"
  • Enter your slot username and password
  • Check if it's working with our proxy checker

Mac OS X

Tunnelblick

  • Download your Server.ovpn
  • Then open Terminal (found in Applications/Utilities) and paste the following:

mkdir -p ~/Library/Application\ Support/Tunnelblick/Configurations
cd ~/Library/Application\ Support/Tunnelblick/Configurations
mv ~/Downloads/*.ovpn ~/Library/Application\ Support/Tunnelblick/Configurations

  • Download the "Latest Stable Release" of Tunnelblick (You will need to use the Beta release for Mac OS X 10.9)
  • Install and open Tunnelblick, giving it your administrative password where necessary.
  • Then, from the tunnel icon in your menubar, select "Connect Server"
  • Enter your local administrative password
  • Enter your login details for the server (optionally saving to keychain)
  • Check if it's working with our proxy checker
  • Note: If you experience problems connecting, try with the Viscosity client mentioned below before opening a support ticket.

Viscosity

Other clients

Linux

OpenVPN CLI Client

  • Grab openvpn from your package manager. This is generally just openvpn
  • Download your Server.ovpn
  • Run as root: openvpn --daemon --config Server.ovpn
  • Enter your username and password when prompted.
  • Check if it's working with our proxy checker - Alternatively, you can use curl to check your IP with another source: curl -s checkip.dyn.com | grep -Eo [0-9.]+
  • If it is not working, double check that your kernel has TUN/TAP device driver support enabled natively or as a loaded kernel module. This is necessary for OpenVPN to function.

Network-Manager

Network-Manager used to not work for connecting to the Whatbox VPN, but it appears to be working now. It has been successfully tested with Ubuntu 12.04 to work as expected by using the following steps.

  • Install the NetworkManager OpenVPN package using your package manager. This is usually either networkmanager-openvpn or network-manager-openvpn.
  • Download your Server.ovpn
  • Go to Network Settings and click the Add or + button to add a new network connection.
  • Select VPN on list of connection types that appear.
  • Select "Import from file..." from the list of VPN connection types.
  • Select your Server.ovpn file.
  • Under Authentication, change Type from "Certificates (TLS)" to "Password" and enter your slot username and password. Change the CA Certificate from "(None)" to your Server.ovpn file.
    • By default it will only look for PEM files (.pem, .cer, etc) so you may need to manually enter the path to your Server.ovpn file or rename your file
    • You may also drag the Server.ovpn file to the CA certificate selection box
  • Click "Add", and the VPN connection should be ready. Select it and change the toggle to "On" to connect.
  • It is also suggested that you change the IPv4 settings from Automatic to address only and specify your own DNS

Android

OpenVPN for Android (de.blinkt.openvpn)

This application requires Android 4.0 or higher.

  • Install OpenVPN for Android from the Play Store.
  • Download your Server.ovpn on your Android device.
  • Launch OpenVPN for Android
  • Select the Folder icon at the bottom of the app.
  • Browse to your downloaded Server.ovpn. Select it, press "Select" in the lower left of the app, and click the Save button on the following screen (floppy disk icon)
  • Press the Settings icon next to the server. Select "Basic" and enter your slot username and password at the bottom of the page.
  • Hit Back until you are at the main screen.
  • Select your server. Hit "OK" on the following dialog, along with trusting the application to use Android's VPN services.
  • Check if it's working with our proxy checker

iOS

OpenVPN Connect

  • Install OpenVPN Connect from the App Store.
  • Connect your iOS device to your computer running iTunes. Select your device, go to the Apps page, and scroll down to "File Sharing" and select OpenVPN.
  • Download the Server.ovpn profile to your computer. Drag and drop the file into the "OpenVPN Documents" pane.
  • Open OpenVPN Connect on your iOS device. Tap the green plus icon below the profile matching your server.
  • Enter your slot username and password. You may optionally save the credentials to your iOS Keychain as well.
  • Tap the slider below "Disconnected" to connect.
  • Check if it's working with our proxy checker after OpenVPN shows "Connected."

OpenVPN Connect without using iTunes

  • Install OpenVPN Connect from the App Store.
  • Email the Server.ovpn profile to your phone.
  • Open OpenVPN Connect on your iOS device. Tap the green plus icon below the profile matching your server.
  • Enter your slot username and password. You may optionally save the credentials to your iOS Keychain as well.
  • Tap the slider below "Disconnected" to connect.
  • Check if it's working with our proxy checker after OpenVPN shows "Connected."