UserGuide3 0EN PDF

YourFreedomUserGuide
Page1of84
YourFreedom
UserGuide
AStepByStepIntroductionandReferenceGuidetoYourFreedom
https://www.yourfreedom.net/
Page2of84
Alltrademarksusedinthisguidearetrademarksoftheirrespectiveownersandonlyused
forreference.
Themostcurrentversionofthisguideisavailablefromourwebpage,
https://www.yourfreedom.net/,intheDocumentationsection.Pleasecheckifthereisa
latercopyavailableifyouencounterproblemsoryoucannotfindneededinformationinthis
copy.
ThisguideisCopyright20062013byresolutionReichertNetworkSolutionsGmbH,
Zweibrcken,Germany.Allrightsreserved.Youarewelcometocopyanddistributethis
guideinbothelectronicandpaperformaslongasyoudistributeitasawholeandnotin
parts,youdonotmodifyitinanyway,andthereferencetotheoriginallocationiskeptintact.
Pleaseadviseallrecipientsthatdistributedcopiesmaynotbethelatestversionofthe
document,andthattheycanalwaysdownloadthelatestversionfromourwebsite.
Page3of84
Introduction
WhatisYourFreedom?
Whatisitnot?
WhatcanIuseitfor?
Howdoesitwork?
Isitsecure?Isitanonymous?Doesitcompromisemysecurity?CanIcatcha
virus?
Whatdoesitcost?
IsYourFreedomSpywareorAdWare?
Howmanyserversdoyouhave?Aretheyallthesame?
GettingStarted
Registrationprocess
Gettingandinstallingtheclientsoftware
Connectingforthefirsttime
OnaPC
OnanAndroiddevice
Configureapplications
Automatically
Manually
ManualConfiguration
TheYourFreedomconfigurationdialog
Startingandstoppingtheconnection
Eachusermayonlyloginonce
Choosingtherightserver
Serverlocation
Protocols
CGIrelays
Page4of84
Connectingapplicationsandgames
Introduction
Usingsocksifiers
Windows
LinuxandotherUnixderivates
MacOSX
OpenVPNsupport
Introduction
Prerequisites
Configurationtasks
Configureyourapplications
Troubleshooting
UsingYourFreedomwithoutclientapp
PPTP
Generalinformation
IsPPTPsafe?
HowtoconfigurePPTP?
Whatifitdoesntwork?
SharingthePPTPconnection
DNSservers
MorethanonepredefinedPPTPconnection?
Accounttypes:Timebasedupgradesandvouchers
FreeFreedom(usagefreeofcharge)
Upgradesandvouchers
Vouchers
Testdrives
AdvancedTopics
PortForwards
Page5of84
Localportforwards
SIPforwards
Serverportforwards
ConnectionSharing
Relaying
UsingOpenVPNandICStoconnectotherPCs,Playstations,XBox,etc.
WilltetheringonAndroidworkwithYourFreedom?
IPv6
FinetuningCGImode
Appendices
AppendixA
Troubleshooting
Whydoesmyapp/gamenotwork?#
Performingaspeedtest#
Creatingadumpfile
Desktop
Android
Usingapacketsniffer#
Updatingtheclient
Countryinformation
Countryspecificplans
Serveravailabilitybycountry
Tweaks
TheYourFreedomclientconfigurationfile#
Where'smyhomedirectory?
Configurationoptions
Page6of84
Page7of84
Introduction
WhatisYourFreedom?
IsyourInternetaccesssomehowrestricted?Aresomewebpagesnotaccessibletoyou,or
areyouunabletorunapplicationsbecauseofsuchrestrictions?Areyouinaplacewhere
thereisInternetconnectivityviaapublichotspotbutyoudonthavealogintoit?ThenYour
Freedomisforyou.AlthoughthetechniquesusedbyYourFreedomtobreakthroughsuch
restrictionsarefairlycomplicated,itisnotdifficulttouse.
YourFreedomisaConnectivityServicethatallowsyoutoovercomeconnectivity
restrictionsimposeduponyoubyyournetworkadministrators,yourprovideroryour
country.Italsoprovidesacertainlevelofanonymization,andithidesfromyour
administratorsandothernosypeopleclosetoyouwhatyouaredoingontheInternet.
YourFreedomworksbyturningyourlocalPCintoawebproxyandaSOCKSproxythat
canbeusedbyyourapplications(webbrowser,games,whatever).Insteadofconnecting
directly,applicationscansendconnectionrequeststotheseproxyserversprovidedbythe
clientpartoftheYourFreedomsoftwarerunningonyourPC,andtheclientpartwillthen
forwardtheserequeststotheserverpartrunningonourconnectivityserversthrougha
connectionprotocolthatisstillavailabletoyouandthroughwhichtheclientpartcan
reachtheserverpart.Thereisalsoatransparentmodethatdoesnotrequireany
applicationconfiguration,andonAndroidphonesandotherdevicesYourFreedomwill
simplyworkwithoutanyadditionalconfiguration.
YourFreedomtunnelsthroughfirewalls,webproxies,FTPproxies,DNSserversandthe
like.Soundscomplicated?Wellitis,butthegoodnewsisyoudonthavetoworryaboutit,
thatsourjob.:)
Whatisitnot?
YourFreedomisnotaprivateVPNsoftware.Itdoesnotprovideaconnectiontoaprivate
networkbuttotheInternet.SomecallthisaVPNsoftwarebutitisreallyaconnectivity
solution.
YourFreedomisnotafirewallsolution,itismeanttobreakthroughfirewalls,nottobe
one.ItdoesnotmakeyourPCanysafer.Butthatslikelynotyourconcernbecause
someoneisprobablyprotectingyoutoowellanyway.
YourFreedomisnotaperfectanonymizer.Theservicedoesprovideacertainlevelof
anonymizationbyhidingyourIPaddress.Instead,theconnectionrequestappearstocome
(infactitdoescome)fromoneofourconnectivityserverIPaddresses.Butitcannotprotect
youfromyourownmistakesorflawsinapplicationsandprotocols.Youareanonymous
unlessyoumakemistakes.
Page8of84
YourFreedomisnotinanywayenhancingyourconnection.Itdoesnotprovidedata
compression1 ,anditcannotspeedyourconnectionupinanywayinfact,there'sacertain
amountofoverheadwhichisdependentontheconnectivityprotocolused,sothingswill
probablyrunslower,notfaster2 .
WhatcanIuseitfor?
YourFreedomcanbeusedtoovercome:
Protocolrestrictions.
Ifyoucannotusecertainapplicationsorservicesbecausetheseapplicationscannotconnect
totheInternetintheusualway,YourFreedommaybeabletohelpyou.Forexample,ifyour
favoriteonlinegamedoesnotworkinyourplacebecausesomeonedecidedthatyoushouldnt
playit,thentryYourFreedom.Gamesknowntoworkwellinclude:WorldofWarcraft,EVE
Online,Counterstrikeandmanyothers.
YoumaynotuseP2Pprotocolsbecausesomeonethinksitisillegal3 ?
MostP2PclientsworknicelywithYourFreedom,andyoucanevengetaserverport,which
givesyouahighid.
Censorship.
Youmaynotvisitcertainwebpages?TryYourFreedom.ItturnsyourlocalPCintoan
unrestrictedwebproxythatprovidesaccesstoallwebpagesthataregenerallyaccessible,or
connectsittransparentlytotheInternet
Timerestrictions.
WehaveheardfromusersthattheyuseYourFreedomtoavoidtimerestrictions.Inmost
cases,existingconnectionsarenotdisruptedbysuchrestrictions,andthereforealltheyneed
todoistostarttheYourFreedomclientbeforetherestrictionisinplace,andkeepitopen.
Theconnectionbetweentheclientandtheserverpartispersistent(thisdependsonthe
connectionprotocol,however).
Accessrestrictions.
IfthereisInternetconnectivity(throughahotspotorasimilarfacility)butyouneedaloginthat
youdonthave,welllikelybeabletogetyoufullyconnected.
Howdoesitwork?
YouneedtoruntheclientpartoftheYourFreedomsoftwareonyourlocalPC.Itiswrittenin
JavaandshouldnormallyrunonnearlyeveryPCwithouttheneedforadministratorrights.
WealsoprovideinstallerversionsthatdonotrequireJavatobeinstalled,butyoumayneed
administratorrightstoinstallthese.
OnAndroid,justinstallourYourFreedomapp,andlaunchit.
Theclientsoftwarethenconnectstooneofourserversthroughaconnectionprotocolthat
isstillavailabletoyou.InmostcasesthiswillprobablybeanHTTPconnectionthrougha
webproxythatyoumayuse,oranHTTPSorFTPconnection.Inmanyplaces,UDPor
1
Thisisnotentirelytrue.IfyouconnectthroughPPTPoruseOpenVPNmode,yourdatais
compressed.
2
Therearecases,however,whereYourFreedomisabletoactuallyenhanceyourconnectionfora
particularpurpose,forexamplebydisguisingyourtrafficastrafficthatisputintoabetterserviceclass
byyourprovider,orbyovercomingroutingissues.
3
Theprotocolisofcoursenotillegalanditisthereforesillytoblockitweknowbestbecausewehad
toblockitonsomeserversaswellbutitremainsopenonmost.Youractionsmaybeillegalthough
YourFreedomcantdoanythingaboutthis,itremainsyourresponsibility.
Page9of84
ICMPECHOmaybeusedaswell.NearlyeveryoneeverywherecanuseDNSmode.
Havealookatthepicturebelow.TheboxontheleftisyourPC.Letssaytherestrictive
firewallwontletyouaccesshotmail.comandyouwanttoreadyourprivateemailfromyour
workplacefireuptheYourFreedomclientandletitconnecttooneofourservers,configure
yourwebbrowsertouseitasaproxy,andyourwebbrowserwillbeabletoconnectto
hotmail.combyconnectingtotheYourFreedomclient,whichwillforwardtherequeststo
oneofourservers,whichwillthenforwardtherequesttothehotmail.comserver.The
repliesfromthehotmail.comserverwilltakethesameroutebackwards.
ThisisonlyaverysimplescenariobutitillustratesthattheYourFreedomclientapplication
andtheYourFreedomserveractasintermediatehopsforyourapplicationconnections.
Isitsecure?Isitanonymous?Doesitcompromise
mysecurity?CanIcatchavirus?
ConnectingtotheInternetthroughYourFreedomisgenerallylessdangerousthan
connectingthroughadialuporDSLconnection.Aslongasyoudonotexplicitlyconfigurea
serverportforward,noonecanconnecttoyourPCorphonethoughYourFreedom.But
sinceyoumaydownloaddatafromtheInternetthatmaythenbeexecutedonyourPC
(intentionallyorunintentionallybecauseofapplicationbugs)thereisacertainamountofrisk
itisthesameasifyouwereconnectingthroughanyothermeanstotheInternetand
downloaddatafromthere.Howeveritispossiblethatyourcompanyorwhateveruses
sophisticatedprotectionmechanisms(e.g.viruscheckingfordownloadsfromserverson
theInternet)thatwedonotprovideinthiscaseitisindeedlesssecure.Butplease
Page10of84
considerthatitislesssecurebecauseitallowsyoutodothingsthatyouwouldotherwise
notbeabletodothemostsecureprotectionfromthedangersoftheInternetisanAirGap
Firewall,i.e.:pulltheplug.Youllbesafebutalsolonely.
IthasbeensaidbeforethatYourFreedomisnotafullblownanonymizationservice.Itwill
howeverhideyourIPaddress,unlessyourapplicationcommunicatesitinband.Web
serveradminswillnotbeabletoseewheretheaccesscomesfrominitiallytheywill
insteadseeoneofourIPaddresses.Butwedonottakeanyfurtheranonymization
measures:wedonotremovetrackingcookies,nordowewashtherequestheadersthat
yourwebbrowsersends.
Forthoselookingforprivacy,theclientoffersahighlevelofencryptionusingtheAES
encryptionstandard,public/privatekeys,andstrongsessionkeys.Detailscanbefoundon
ourwebpageonhttps://www.yourfreedom.net/?id=encryption(youneedtobeloggedin).
Unlessyouexplicitlydisableencryption,youllbesafefromspyingeyes.
Withregardstoviruses:wedonothaveanyvirusprotectionmechanismsbuiltintothe
serviceandthereforedonotprovideanyvirusprotection4 .Pleaseinstallantivirussoftware
onyourPCorphoneyoushoulddothatanyway.
Whatdoesitcost?
Afundamentalserviceisprovidedforfree.Itisrestrictedinbandwidthandthenumberof
simultaneousstreams5 ,andthereisatimelimitofonehourfortheconnectionbetweenthe
clientandtheservers(butyoumayreconnectimmediately).Dailyusagetimeislimitedto
twohour,andweeklyusagetimeislimitedto5hours.Someofourserversarenotavailable
forFreeFreedomusers.Ifthisisgoodenoughforyou,youarewelcometostickwithit.
Weprovideupgradesthatremoveallusagetimerestrictions,expandorremovethe
bandwidthrestriction,andthatallowformoresimultaneousstreams,andthereareserver
portsthatyoucanusetoallowinboundconnectionstoyourPCoranotherPCinyour
networkifyoulike.Theupgradesareavailableasonemonth,threemonths,sixmonthsor
twelvemonthsupgrades,andcomeinthreedifferentlevelsthatwecallBasicFreedom,
EnhancedFreedom,andTotalFreedom.Asanalternativetotimebasedupgradesthereare
voucherscarnets.VoucherscanbeusedtotemporarilyupgradeyourYourFreedom
accountwithouthavingtopayforafullmonthandnotusepartsofit.Detailscanbefoundin
Accounttypes:Timebasedupgradesandvouchers.
IsYourFreedomSpywareorAdWare?
No!RestassuredthattheYourFreedomclientapplicationdoesnotcontainanycodetospy
onyouortocauseanyannoyances(otherthantherestrictionsoftheFreeFreedomservice,
4
Actuallythisisnotentirelyaccurate.OutboundemailsentthroughYourFreedomisscannedfor
viruses.WedothistoavoidblacklistingofourIPaddresses,whichwouldmakeitimpossibleforour
userstosendemailthroughYourFreedom.Itdoesnotprotectyouitprotectsothers(andus)from
you.
5
InPPTPmode,OpenVPNmodeandonAndroid,thenumberofconcurrentstreamsisnotlimited.
Page11of84
whichareofcoursetheretoconvinceyouofthebenefitsofbuyinganupgrade).Theonly
reasonwhywedontpublishthesourcecodeisbecausemuchofthecodeisalsousedin
theserver,andwedontwanttoexposeit.Wedontwanttohelpthosedevelopingblocking
applianceseither.
Wedoourbesttoprotectyourprivacybynotstoringanymoredetailsonourserversthan
technicallyorlegallyrequiredandpermitted.Infact,theconnectivityserversthemselves
donotkeepanylogsthatcouldbeofinteresttoanyonebutthedevelopersandoperators
(theyonlycontainthingslikeserverloadandexceptionaloccurrencesinserveroperation)
alllogscontaininguserdetailsareinsteadkeptonaserverinGermany.Howeverwewill
cooperatewithlegalauthoritiesinGermanytotheextentrequiredtoprotectusfromhaving
totakeresponsibilityforyouractions.Thismeansthatwemayunveilyouraccountand
paymentdetailsaswellasthesourceIPaddressusedtoconnecttoourserversifweare
forcedtodoso(andabletodeterminewhoisresponsibleforsomeaction).
WedonotlogwhatyouaccessontheInternetGermantelecommunicationslawsdo
notevenpermitthis.Wedologthefactthatyouhaveusedourservice,fromwhereyou
haveloggedintoourservice(ifweknowitatall!WithDNSmode,weusuallydont),the
lowest16bitsofIPaddressesyouhaveconnectedto(butnotthefulladdress,onlythelast
twonumbers!)andstatisticaldataaboutyourusageneededforaccountingandquality
assurance.Thisinformationistypicallyheldonfileforonlyafewdaysandnolongerthan4
weeks.Wedonotusethisinformationinanyotherwayexceptforstatistical,debuggingand
accountingpurposesandforcombatingviolationsofourterms,unlessrequiredbylegal
authoritiesinGermany.Wewillneverprovideanydetailstoprivatepartiesoroppressive
regimes.
Thereisacontrolconsoleontheserversthattheoreticallyallowsustoseewhatourusers
arecurrentlydoing.Weonlyusethisfortroubleshooting,andalldatathereistransientand
notstoredanywhere.Themomentyoulogoffitsallgone.Trustuswehavebetterwaysto
passourtimethanpeepingonyou.
Youmightsaybutothersclaimtheydontlogatall!Well,theyareeithernaveorlying.Our
competitorsneedtoprotectthemselvesagainstabusetoo,andtheycanonlydothatifthey
havedata.Wehavedecidedtobehonestwithyou.
Howmanyserversdoyouhave?Aretheyallthe
same?
Thispointissubjecttochangefrequently.Atthetimeofwritingwehave23serversonline,
in9differentcountries.Allwillbeabletosupportbasicwebsurfingorchattingbutsomewill
refuseP2Pconnections(particularlytheoneslocatedintheUnitedStates)tocomplywith
providerpolicies.Somecanhandlemoretrafficthanothers.Havealookatthelivestatistics
pageathttps://www.yourfreedom.net/?id=serversserversthatarenotinthep2pserver
grouparenotwellsuitedforP2Papplications,serversthatarenotinthevolumegroupare
notsuitableforlargefiletransfers,andsoonyoullgetthedrift.
Everyonemayuseallserversinthefreegroup,theothersarereservedtopaying
customers.Someserversmaynotbeavailabletousersconnectingfromcertaincountries,
Page12of84
oronlyavailabletousersconnectingfromsomecountries.TheYourFreedomclientwilltell
youaboutsuchrestrictionswhenyouconnect(authenticationnotvalidforyourcountryof
residence).Ifthishappenstoyou,pleaseuseanotherserver.Weonlydothiswhenwe
needtodefendourselves,i.e.notatallifwecanavoidit.
Lookattheserverloadtoo.Thehigherthenumber,themoreloadedtheserver.Loads
below40000areconsideredlow,loadsabove125000areconsideredhigh,andveryhigh
numbersindicateyoulllikelyonlygetadegradedservice.Weuseatrafficlightschemeto
quicklyindicatetheserverstate.Agreenlightindicatesthattheserverisfineandcan
acceptyourconnection.Ayellowlightwouldindicatethattheserverisupandrunningbut
currentlyratherbusy,alreadyslightlyoverloadedorotherwiseintrouble(connectivity
problemsareapossiblereason)andprobablywontbeabletoprovidethebestserviceto
youyouarestillwelcometouseit,andtheservicemaystillbeprettygood.Aredlight
indicatesthattheserverisdownorotherwiseunabletoserveyou.
Page13of84
GettingStarted
Registrationprocess
Yourfirststepinusingourserviceistoregisteronourwebsite6 .Youneedtovisit
https://www.yourfreedom.net/andcreateanaccountthere.Thereisalinkunderneaththe
loginandpasswordformfieldsintheredpartofthepagebanner.
Ontheregistrationpage,chooseausername(preferablyonethatisnotlikelyalreadyused)
andprovideapassword.Pleasemakeitlongenoughthisisforyourprotection,notours.
BothusernameandpasswordmaycontainuppercaseandlowercaseASCIIletters,digits,
dashes,andunderscores(spacesarepermittedinthepasswordtoo)othercharacters
mayworkaswell(particularlyinthepassword)butitisnotagoodideatotry.Theonlyother
requiredfieldisyouremailaddress.Everythingelseisnotmandatorypleasedonotfillin
rubbishifyoudonotwanttoprovidetheinformation,leavethesefieldsemptyinstead.You
canalwayscomebacklaterandprovideinformation(forexample,ifyouneedaqualified
invoice).
Onceyouhavefilledeverythingin,clickontheCreateaccountbutton.Youwillbeaskedto
confirmyourdetailsbyclickingonCreateaccountnow.Ifthereisaproblemwithyour
data,redmessageswillappeartellingyouwhatiswrongjustcorrectyourinputandtry
again.
Withinafewminutesyoushouldreceiveanemailcontaininganactivationlink.Ifyouremail
addressisprotectedbyantispammeasures,pleaseensurethatemailsentfromthe
yourfreedom.netdomain(i.e.endingin@yourfreedom.net)ispermittedbeforeyouclick
ontheCreateaccountnowlink.Activateyouraccountbyclickingonthelinkintheemail
(orcut&pasteitintoyourbrowser).Youcanalsosimplyreplytotheemail,quotingitinits
entirety,inyouremailreader.Ifyouhaventreceivedtheemailorifthelinkdoesntworkfor
whateverreason,pleasesendanemailtooursupportstaff,theycancreateoractivatethe
accountforyouifyouwritetosupport@yourfreedom.net,tellingthemtheusernameyou
havechosen,butnotyourpassword.
Whatifyoucannotregisteronourwebsitebecauseitsblocked?Well,itsahenandegg
problemthen.Eitheryouasksomeoneelsetocreateanaccountforyou(ordoitfrom
somewhereelse)andmodifyitlater,orobtaintheclientsoftwarefromanothersourcethan
ourserver,andusetheusernameunregisteredandthepasswordunregisteredinit.This
accountwillonlyprovideFreeFreedomaccess,however.Alternatively,ifyouareableto
sendanemailtoourcustomersupport,askthemtocreateanaccountforyou.Justwriteto
support@yourfreedom.nettellingthemaboutyourproblem,suggestausername(please
limityourselftoASCIIlettersandnumbers,dashesandunderscores)andapassword.If
youwanttoreceivetheYFclientbyemailjustwriteablankemailtoget@yourfreedom.net
6
Itisrecommendedthatyouuseapersonalaccount,butifyouonlymakeuseofourFreeFreedom
offeryoudonotneedapersonalaccount.Justuseusernameunregisteredandpassword
unregisteredintheclientapplication.TheAndroidappdoesthisbydefault.
Page14of84
youllbegivenfurtherinstructionsonhowtoproceed.Ifalltheoddsareagainstyouandyou
cantgettheclientsoftwarefromanywhereelsewellmailyouaCDaswell.
Gettingandinstallingtheclientsoftware
Onceyouvecreatedanaccountyoumayuseittologinonourwebpage7 .Login(tocheck
thatyouraccountisactive),thenclickonDownloads(youdonthavetobeloggedinto
download).ThereareseveralwaystoruntheYourFreedomclient,andconsequentlythere
ismorethanoneoptionfordownload:
WindowsInstaller
WindowsuserswhoalreadyhaveasuitableJavaRuntimeEnvironment 8installedontheir
systemandwhohaveenoughrightstoinstallsoftwareshouldbeabletousethisversion.The
downloadisabout2megabytesinsize.Ifyouareunabletodownloadfilesendingin.exe,try
tocopythelinklocationandpasteitintheURLfieldofanewbrowserwindow,thenchange
the.exeto.txt.RenamethedownloadedfileonyourPCto.exewhendone.
WindowsFullInstaller
ThisversioncomesbundledwithaJREofitsownsotherearenoprerequisites.Every
Windowsusershouldbeabletousethisone,providedthatyoumayinstallsoftwareonyour
PC.Thedownloadisratherfat,about14megabytes.Again,thisisan.exefile,trychanging
theendingto.txtifthisisaproblem.Abenefitofthisversionisthatitiscompiledtonative
codeandwillconsumefewerresources.
BothWindowsinstallerversionsareinstalledbyrunningthe.exefile.Justfollowthe
instructionsintheinstallerandyoushouldbedoneinaminute.(Ifyouareupdatingfroman
earlierversionwerecommendtouninstallthepreviousversionfirstyoursettingswillbe
kept.Ifyouchangeinstallertype,youmustuninstalltheoldversionfirst.)Oncetheclient
softwareisinstalled,proceedtoConnectingforthefirsttime.
IfyouarenotrunningWindowsorifyoucannotinstallsoftwareonyourPC,yourbest
choiceistheJavaarchiveversion.DownloadtheZIPfileandextractthecontentsintoa
foldertowhichyoumaywrite.Thiscouldalsobeamemorystick,oraCDROM,bytheway.
ThenruntheJavainterpreterwiththefreedom.jarfile.WithWindowsitisusuallysufficient
ifyoudoubleclickontheJARfile,butyoumaywanttoopenacmdwindowinstead,cd
tothedirectoryandrunjavawjarfreedom.jarinstead.OnUNIXboxesyoudnormallyuse
javajarfreedom.jarorkaffejarfreedom.jarorsomethingsimilarUNIXusersnormally
know.
Generally,theJavaarchiveversionoftheYourFreedomclientshouldrunonevery
computerthathasasuitableJREandenoughmemory.Welovetohearfromyouifyouve
managedtorunitonanexoticpieceofhardware(orinanunusualplace)!Wealsooffera
MacOSXinstallerversion.EventhoughMacOSXeditionsoftenshipwithapreinstalled
JRE,thereareversionslikeLeopardthatshipwithJRE5whichisnolongersupportedso
youmayneedtoinstallJRE6or7manually.AdditionalhintsforMacOSXandother
7
Logginginisoptional,ofcoursemostcontentisavailabletoeveryonewithoutalogin.Thespecial
unregisteredaccountcannotbeusedonthewebsite.
8
TheJavaRuntimeEnvironmentisrequiredtobecomplianttoJava6ornewer.Ifindoubt,visit
http://java.oracle.com/,clickonJavaSEintheTopDownloadssectionontherighthandsideofthe
screen,thendownloadtheJREoraJDK(whichcontainstheJRE)andinstallitonyourPC.
Oracleprovidesthesedownloadsforfree,butpleasehavealookattheirlicenseterms.
Page15of84
operatingsystemscanbefoundinthedocumentationsectiononourwebsite.
TheYFclientonlyrunswithJava6,notJava5.MacOSXdoesnotshipwithJava6
butyoucangetitfromhttp://developer.apple.com/java/download/(download"Javafor
MacOSX10.xUpdate(whatever)").Onceyou'veinstalledit,Java5maystillbe
activatedbydefault.Theinstallerweprovideshouldbeabletoautomaticallyensure
therightversionistakenifthatdoesn'tworktrytochangethedefault:OpenFinder,
gotoApplications,Utilities,Java,run"JavaPreferences".Move"JavaSE6"tothetop
forapplications.
AndroidAPK
TheYourFreedomappwillonlyrunonAndroid4.0andabovedevices.OlderAndroid
versionsarenotsupported,nomatterifthephoneisnewornot.Wecannotsupportolder
versionsbecausetheyarelackingthenecessaryVPNAPI.Ifyouareunsure,openthe
settings,goallthewaydowntoAboutphoneandcheckAndroidversioninthere.Ifits
1.x,2.xor3.xthenYourFreedomwillnotworkonyourphone.Checkwithyour
manufacturerifthereisafirmwareupdateandcomplainifnot.Wesuggestthatyoualso
checkonhttp://www.cyanogenmod.org/theymighthaveanaftermarketfirmwareforyour
phone.
TherearenootherrequirementscontrarytootherVPNapplicationsyourphonedoesnot
havetoberooted.
Wesuggestthatyouconfigureyourdevicetoallowinstallationofapplicationsfrom
externalsourcesthiswillallowyoutodownloadandinstalltheappfromourwebsiteand
receiveupdates.Openthesettings,gototheSecuritysection,findtheDevice
AdministrationsectionandtickUnknownsources.Itdoesnotjeopardizeyourphone,it
onlyjeopardizesGooglesbusinessmodel.NowdownloadtheYourFreedomAPKfileor
obtainitthroughemail(writetoget@yourfreedom.netandputthewordAndroidinthesubject
line).Clickonit,andinstallit.
Alternatively,searchforYourFreedominGooglePlayifyoucanuseit.Playhasthe
additionalbenefitthatyoucanconfiugurefullyautomatedupdates.
Page16of84
Connectingforthefirsttime
OnaPC
WhenyoustarttheYourFreedomclientapplicationforthefirsttime,youllbeaskedforyour
preferredlanguage9 .Clickabutton(youcanalwayschangethesettinglater).
AfteryouchoosethelanguageofyourpreferenceaWizardwillshowup.Itissafenotto
useitandenterallrequiredinformationmanually,butifyouareunsure,giveitatryfirst.
Manualconfigurationmayberequiredindifficultconnectionscenariospleasereferto
ManualConfiguration.
Nowletsassumethatyouareusingthewizard.ItwillfirstpresentaWelcomepage:
9
Notalltextshavebeentranslatedtoalllanguages.Youmayencountersomepartsthatappearinthe
defaultlanguage,whichisEnglish(US),anditisquitepossiblethatyouencounterbadtranslations.
Pleaseletusknow!
Wehavetakengreatefforttoensurerighttoleftlanguagesareproperlyformattedpleasebearwithus
ifthisisnotalwaysthecasenoneofusisabletoreadanyoftheselanguagessowedontnotice.
(Andletusknow!)
Page17of84
DoasyouaretoldandclickontheNextbutton.Youllseethispage:
IfyourInternetconnectionisthroughawebproxy,enterthedetailshere.Ifyouareunsure,
trytoclickNextfornow.
YoullfindaWindowaskingyoutoselectwhichprotocolswillbeusedtoconnecttoYF
servers.SelectedprotocolswillaffectthewaytheWizardchecksreachabilityofservers.
Someconnectionmodesmaynotbeavailabletoyou,dependingontheplatformand
whetherornotyouarerunningtheYourFreedomclientasadministrator(thisisa
prerequisiteforECHOmode).
Ifyouareunsure,leavethedefaultselection.ClickNext:
Page18of84
Ifallyougetisanemptylistofavailableserverslikethis:
youmightneedtofigureoutaboutyourwebproxy(orconfigureeverythingmanually,e.g.if
youwanttouseanFTPproxy!).
Ifyougetthishowever,
thenyouvefilledintheproxydetailsproperlybutyouneedtoauthenticateontheproxy.
ClickonNext
Page19of84
andfillinsuitablelogincredentials.InmanycasesthiswillbeyourWindowsDomainlogin
(dontforgettofillinthedomainaswell!).Justtryuntilitworks,youcanclickNexttotry.
Ifyouseethispage:
itmeansthatyouhavenotprovidedaworkingproxyconfiguration.ClickonBackand
modifythehostname/IPaddressand/ortheportsetting.Manyproxieslistenonport80,
8080or3128,tonamethemostpopularports.Checkyourwebbrowsersconfigurationit
shouldbeabletotellyou.
Ohbytheway,ifyoufindthatthewizardhastheproxydetailsalreadyfilledin,thenitsnot
magicitjustfoundtheminyourPCsregistryandprobablyhasmadelifeeasierforyou.
Letsassumeyouvebeenabletomakeitwork.(Ifnot,pleaseaskaknowledgeperson
aroundyouhowyoucanusethewebproxy,orclickCancelandtryamanual
configuration).Itworkedifyouseesomethinglikethis:
Page20of84
ItisimportantthatyouseeayesoranumberinanyofthecolumnsHTTP,HTTPS,FTP
orUDP.Ayesmeansthattheclienthasbeenabletousethisprotocoltoconnecttothe
serverusingthedefaultportsettings,anumberwouldmeanthatithasbeenabletoconnect
butonadifferentport,andanomeansthattheprotocolcouldnotbeusedtoconnectto
thisserver.Theresultsaresortedbypreference(anumberbetween0and10)itindicates
howwelltheserverfitsyourrequirements(ifyouvesetany).Chooseaserver,andthen
clickonNext.
Onthispage,enteryourYourFreedomusernameandpassword.ClickonNext.
Page21of84
Itseemsyouredonenow!ClickonSaveandExit.ThemainwindowoftheYourFreedom
clientshouldnowlooklikethis:
Notethattheclientjustdoesntknowanythingabouttheserverandyouraccountsprofile
beforeyouveconnectedtotheserver,thatswhysomeofthevaluesseemtobesomewhat
odd(includingthebandwidthitsnotunlimitedunlessyouveboughtapackage).Clickon
Startconnectionandyoushouldseesomethinglikethisafterafewseconds:
Page22of84
Notethatallthedetailsarenowfilledin,andthebandwidthreads64.0k.Thatskilobits,
aboutthespeedofanISDNconnectionorabitfasterthanwithahighspeedmodem.Click
onAccountProfilenow.
Page23of84
Thispanelcontainsyouraccountdetails.Withoutapackage,youmaynotuseanyspecial
servers(justthedefaultones),yourbandwidthislimited,yourmaximumnumberof
simultaneousstreamsisratherlowandyourserverconnectionwillbeterminatedafter60
minutes(butyoumayreconnectwhenithappens).Noserverportsareassignedtoyouso
noneofthemareforwardedtoyou.Butatleast,therearenoaccessrestrictionsyoumay
accesseverythingontheInternet10.
IfyouareusingtheHTTPprotocoltoconnectandyourconnectiondoesnotfullywork,try
thePOSTortheCGIconnectionmodelinstead(seeManualConfiguration).
OK,timetoconfigureyourapplications.PleaserefertoConfigureapplicationstolearnhow
todothis.OnceyouvesetupatleastawebbrowsertouseYourFreedomthemain
objectiveshouldbereached:youshouldbeabletoaccessthewebfreely!
IftheversionoftheYFclientyoureusingtoconnectistoooutdatedyoumayseeamessage
sayingthe*client[is]tooold*.ThismeansyoumustupdatetothelatestYFclientversionas
yoursisnotsupportedanymore.Thepreferredmethodwouldbetodownloadthemostrecent
one,uninstalltheoldversionandinstallthenewone.
10
Infacttherearesomerestrictionsbutyoucantseethem.Theyareonlytheretoprotectourservers
andwontgetinyourway.Promise!
Page24of84
OnanAndroiddevice
Findtheiconshownontheright,andlaunchtheYourFreedomstatusapplication
bytappingonit.Youllseeawelcomebannersimilartotheoneshownontheright,
brieflyexplainingthemostimportantthings.Youmustscrollthroughit(andwhile
youareatitanyway,maywesuggestthatyoureaditaswell)andclickeitherOK
orUsewizard.PleaseclickUsewizard.(Ifyouhappentohave
clickedOKinstead,clicktheSettingsbuttoninthetoprightcorner,
chooseExit,andstartoveragain.)Theappwillnowguideyouthrough
theinitialstepsofthesetup.Whenyouaredonewithfillinginrequested
information,clicktherightarrowtojumptothenextstep.Youcan
alwaysgobackusingtheleftarrow.Iftheconfigurationiscompleteand
youarehappywithit,clickonthetickmark.
Youlllikelynothavetoconfigureaproxyserver.Ifyouneedto,typein
itsaddressorDNSnameanditsport,andifitisaSOCKSproxy
changetheproxytype.Theappwilltrytofindoutwhetherornotyou
needauthenticationcredentialsifyouneedthem,itwillaskyoufor
them.
Wehavesomeusefultweaksforsomecountriesand/ornetworks.Ifyoursisamong
them,makethecorrectchoiceonthenextpage.Mostlikelyyoullnotneedthis,andifyou
doyoucanalwayscomebacklater.
Thenextpageprovidesalistofconnectionmodelsavailableandletsyouselectwhichones
totry.WesuggestthatyoutickHTTPS,HTTPandDNS.Generally,themoreticksyou
make,thelongeritwilltake,butyourchancesoffindingawaytoconnectwillalsoimprove.
Ifyouarehappywithpartialresults,usetheinputfieldsonthebottomtostopsearchingafter
agivennumberofattemptshavebeenmade,oragivennumberofconnectionoptionshas
beenfound.Clicktherightarrowtostartsearchingforconnectionoptionsnow.Oncethe
searchiscompleted,youllseealistofYourFreedomservers.Thetablecanbescrolled
Page25of84
verticallyandhorizontally.Itisorderedbypreference,anumberbetween0and10
calculatedbasedonyourconfiguredserverpreferences(youhaventdonethatyet)andthe
likelyserverperformance.Someofthefoundserverswillhaveacoinsymboltheseservers
areonlyavailabletopayingcustomers,whileothersareavailabletoeveryone.Tapononeof
therecordstohighlightit,andthentapontherightarrow.
Onthelastscreen,enteryourusernameandpassword(ifyouhaveonealready).Youmay
usethepreconfiguredunregisteredwithpasswordunregisteredifyoudonothaveyour
ownaccountwithusyet.Youonlyneedapersonalaccountifyouintendtomakeuseofour
BasicFreedom,EnhancedFreedomorTotalFreedomoffers.
Whenallisdone,clickonthetickmark.
OnAndroid,youdonothavetoconfigureanyapplicationsjustskipthenextsection.
Page26of84
Configureapplications
ThissectiononlyappliestoPCs,notAndroiddevices.
Automatically
Pleasenote:Werecommendmanualconfiguration.Thisfeatureisonlyprovidedforyour
convenienceandyoushouldprobablynotuseit.
WindowsuserscansimplyclickontheApplicationstabandseesomethinglikethis:
ThisisalistofapplicationswhoseconfigurationscanbemodifiedautomaticallybyYour
Freedom.Theonesthatareinstalledonyoursystemhaveworkingcheckboxes,theother
onesaregrayedout.TicktheonesyouwishtousewithYourFreedom,andthenclickOK.
Youllseesomethinglikethis:
Hopeitsallsuccessful!ThenclickOK.Torestorethepreviousconfigurationofyour
applications,chooseRestore,andthenticktheonesyouwouldliketorestore,andclick
OK.NotethatapplicationsthatyouveconfiguredtouseYourFreedomwillonlywork
Page27of84
properlyiftheYourFreedomconnectiontotheserverisupandrunning.Also,dontforgetto
restoreallyoursettingsbeforedeinstallingtheYourFreedomclient!
Tomanuallyconfigureyourapplications,havealookatthePortstabfirst:
NotetheSOCKS4/5andWebProxycheckmarksthistellsyouthatyourlocalPCis
nowactingasaSOCKS4/5proxyonport1080andasaWebProxyonport8080.To
changethesevalues,unticktheservice,thenmodifytheport,thenreactivate(thiscanbe
doneontheflywhileyouareconnected!).Everythingbelowisprettysophisticatedstuffand
certainlynotaimedatfirsttimeusers,andwillbecoveredinAdvancedTopics.
IfforsomereasonyoucannotconfigureyourapplicationsfromwithintheYourFreedom
client,youneedtomanuallyconfigurethemtousewebproxylocalhostonport8080or
SOCKSproxylocalhostonport1080(ifyouvegotthechoice,useSOCKSversion
5).Pleaserefertotheapplicationsdocumentationtolearnhowtodothis(orasksomeone
whoknowswevegotsomeexamplesintheFAQ/Docusectionofourwebpage
https://www.yourfreedom.net/?id=faqaswell).
OpenVPNsupportisnotenabledbydefaultpleaseseeOpenVPNsupport.
Manually
Ofcoursewecannotprovidedetailedconfigurationguidesforallapplicationsthatcanbe
usedwithYourFreedom.Therearebasicallyonly4wayshowapplicationsaremadeto
workviaYourFreedom:
1. Byconfiguringthemtouseawebproxy.Applicationsthatofferyoutoaccessthe
Page28of84
InternetthroughawebproxyneedtobesetuptouseyourlocalPC(thehostnameis
localhost,theIPaddressis127.0.0.1)onport8080asthewebproxyand
everythingshouldbefine.
2. ByconfiguringthemtouseaSOCKS4/5proxy.Applicationsthatofferyoutoaccess
theInternetthroughaSOCKSproxyneedtobesetuptouseyourlocalPC(again,
thehostnameislocalhostandtheIPaddressis127.0.0.1)onport1080as
SOCKSproxy.Thisispreferableoverthewebproxyconfiguration(ifyouvegotthe
choice)butbothwillnormallydo.UseSOCKS5ifyoucan.Ifitdoesntwork(some
applicationshavebuggySOCKSimplementations)trySOCKS4.
3. Byusingasocksifyingapplicationtorunyourapplicationfrom.Manyapplications
arenotdesignedwithyournetworkingproblemsinmindanddonotoffertorunusing
aweborSOCKSproxy.ManyofthemworkwellwithYourFreedomifyourunthem
frominsideasocksifier.ThatsanapplicationthatfoistsamodifiedWinsockDLL
totheapplicationwhichredirectsallnetworkrequeststoaSOCKSproxy,inthis
casetotheYourFreedomclient.ExamplesforsuchapplicationsonWindowsare:
SocksCap(32bitonly!),ProxyCapandFreeCap.TheyarecoveredinUsing
socksifiers.Usingasocksifiermightalsobeanoptionifyoucannotconfigure
yourapplication,e.g.becauseyoudonthaveadministrativerights.Itstricky
howevertooverrideexistingproxyconfigurationsthisway.
4. Byusingoutboundandinboundportforwards.Ifyourapplicationonlyneedsto
accessoneparticularserverviaatopconnectiononaparticularport,itsprobably
mostconvenientifyoucreateamirrorimageofthisportonyourPC,andaccess
yourlocalPConthemirrorportinstead.Similarly,youcancreateamirrorimageof
aportonyourPConourserversandmakeitaccessibletoothersontheInternet11
.ThisiscoveredinsectionPortForwards.
11
Youraccountprofileneedstopermitthis.Currently,onlyownersofTotalFreedompackagescan
redirectserverportstotheirlocalPC.
Page29of84
SettingupMozillaFirefox
Allwebbrowserssupporttheuseofwebproxies,andoption1)shouldbejustfine.
ClickonTools,Options.ChoosetheAdvancedpanel.ThenclickontheNetworktab.
Theconfigurationwindowsshouldnowlooklikethis:
Page30of84
NowclickonSettings
Fillinthevaluesasshown(makinganoteoftheoriginalvaluessoyoucanreverttoyou
previousconfigurationwhenyouarenotusingYourFreedom),thenclickOKinboth
windows.FirefoxnowusestheYourFreedomconnection.
SettingupInternetExplorer
Likeallbrowsers,IEsupportsproxiesdirectly.Whatsmore,IEsproxyconfigurationis
actuallysharedbymanyotherapplicationsaswell.
SelectTools,InternetOptions.ThenclickontheConnectionstab.Youllseesomething
likethis:
Page31of84
IfyouareusingaLANconnection,clickonLANSettings,otherwisechoosetheconnection
youusetoconnecttotheInternetandclickonSettings.Awindowsimilartothisonewill
open:
Page32of84
TickthecheckboxesforUseaproxyserverandforbypassproxyserverforlocal
addresses.ThenclickonAdvanced.Anotherwindowwillopen:
Fillinthevaluesasshown.ThenclickOKinallthewindows.InternetExplorernowuses
theYourFreedomconnection(andconsequentlyonlyworkswhentheconnectionisup).
Werecommendyoumakeanoteoftheoriginalsettingsthatallowsyoutorevertthem
Page33of84
whenyouarenotusingYourFreedom.
ManualConfiguration
MostoptionscanbeconfiguredusingtheConfiguredialogavailablefromtheStatustab,
butafewareonlyavailableviatheconfigurationfile.Werecommendthatyouavoid
messingwiththeconfigurationfileunlessyouareadvisedbyusorthinkyouknowwhatyou
aredoing.
TheYourFreedomconfigurationdialog
GototheStatustaboftheYourFreedomclient,thenclickConfigure.Adialogwindow
likethisshouldopenup:
OntheServerConnectiontab,configuretheYourFreedomservernameorIPaddress
(severalnamesorIPscanbeseparatedbysemicolonbutnoadditionalspaces!).Select
theconnectionprotocolfromthepulldownmenu,andthedefaultportshouldautomatically
appear(changeifnecessary).Orusethewizardtoseeyourserverconnectionoptionsand
lettheclientchoosethebestway(butconfiguretheproxysettingsfirstifyouneedtousea
proxy!).
Also,selecttheconnectionoptionsaswell.FormostpeoplethedefaultsshouldbeOKyou
mightwanttotickAvoidusingDNSaswellifyouonlywanttotryknownIPaddressesfor
theYFserversandnotaskyourlocalDNSserver.Itisnotadvisableyouenablethe
Automaticallyswitchserveroption,anditwilllikelynotbeavailableanymoreinnew
Page34of84
releases.
IfyouclickontheAccounttab,youllseethis:
FillinyourYourFreedomusernameandpassword,andchooseadifferentlanguageifyou
like.Manytextsandmessagesareavailableinotherlanguagesanditmaybeeasierifyou
changethesetting.Notethatyouhavetorestarttheclienttomakethechangeeffective
whenyouarealldone.
Page35of84
Theresalotyoucanconfigurehere.Youmightwanttousethewizardtoconfigureaweb
proxybutyoudonthaveto,theresnotmuchdifferencebuttheclientwillcheckifyour
settingsappeartobecorrect.Ifyouknowthedetails,justfillthemin.Youllprobablyneedto
configuretheaddress(hostnameorIPaddress)andtheport.Ifyouneedtoauthenticateon
thewebproxy,fillinusernameandpasswordaswell,andifitsanNTLMauthenticated
proxyaddthewindowsdomainnameaswell.(Inthiscase,username,passwordand
domainareprobablythesamevaluesthatyouusetologintoyourPC!)
IfyouintendtousetheFTPconnectionmethodandyoucannotdirectlyFTPtoserverson
theInternet,theremaybeanFTPproxyonyournetwork.(Dontbothertoconfigure
anythingifyoucanusetheftpcommandlinetool!)Theportwilllikelybe21,butyoullneed
thehostnameortheIPaddressaswellasksomeonewhoknows,therearelegitimate
needstouseFTPoutsidewebbrowsers.
ThemostcommonconnectionscenariosarealsocoveredbytheWizardavailablethrough
thebuttononthebottomitsthesamethatisrunwhenyoustarttheclientforthefirsttime
anditsdescribedindetailinConnectingforthefirsttime.
Whenyouaredone,clickonSaveandExittosaveyourchanges,oronCanceltoabort
them.
Somuchforsettinguptheconnection.YoushouldnowbeabletostartitupfromtheStatus
panel.Theconnectionindicator(thedoor)shouldopen,aquestionmarkshouldappear
whileclientandservernegotiate,anddisappearafterafewseconds.Ifitdoesntdisappear,
yourconnectionsettingsdontwork.HavealookattheMessagespanel.Ifyoucantget
theconnectiontowork,checkoutAppendixAtoseehowyoucanhelpustohelpyou.
Page36of84
Onceyouareconnected,checkoutyourconnectionprofilebyclickingontheAccount
Profiletab.Itshouldlooksomewhatsimilartothis:
Mostthingsinhereshouldbefairlyselfexplanatory,exceptmaybeforservergroupsand
remoteportforwards.
Servergroupswillindicatethegroupsofserverstowhichyoumayconnect.Multiple
permittedgroupsareseparatedbycomma.Everyonewillhavethedefaultservergroupon
theirprofile,meaningthatyoumayconnecttoeveryYourFreedomserverinthedefault
group(atthetimeofwriting,allserversareinthisgroup,butthismaychange).Some
accountshaveadditionalservergroupsintheirprofile,dependingonboughtpackages.All
willnotshowupincustomerprofiles.
Ifyourprofilehasanyserverportsassigned,theywillshowupintheremoteports
forwardedline.ThenumberstheremeanthattheseportsontheYourFreedomserverwill
beforwardedtoyourPCwhenyouareconnected,andyoumayusethemintheserver
portforwardsconfiguration(seebelow).
Page37of84
Alloptionsinherecanbechangedwhiletheconnectionisactiveandwillhaveimmediate
effect.IfyouwishtomodifythelocalportsonwhichyourPCbecomesaweborSOCKS
proxy,unchecktheservicefirst,thenchangetheportnumber,andticktheboxagain.Ifyou
wouldlikeyourPCtoacceptrequestsfromotherPCsonthelocalnetworkandforward
themthroughyourYourFreedomconnection,ticktheRelayforothersbox.Notethatthis
willonlyhaveaneffectifyourprofilepermitsit(checktheRelayingpermittedlineinthe
AccountProfilepanelasshownabove).
Startingandstoppingtheconnection
Eachusermayonlyloginonce
Thatsright.EachusercanonlyloginfromonePCatthesametime.Ifyoutrytologin
usingthesameuseraccountfromanotherPCoranotherinstanceoftheclient,the
previoussessionwillbeterminated.Thismeansthatyouwillalwaysbeabletologin,butso
willeveryoneelsewhoknowsyourdetailsandheorshewillkickyouoff.Theserverstalk
toeachother,itdoesnthelptojustusedifferentservers.
Choosingtherightserver
Serverlocation
TheYFservershouldideallybeclosetotheYFclientorclosetotheserversyouintendto
usethroughYF.Justthinkaboutitasatriangle:thecornersareyourPC,theserviceonthe
Internet,andtheYFserverontop.Themorethetrianglelookslikeastraightlinebetween
youandtheservice(i.e.theflatteritis),thebetter.
Letmegiveyouanexample.IfyouarelocatedintheUSandtheserviceyouareusing(lets
Page38of84
sayyouareplayinganonlinegame)isalsoUSbased,aserverinEuropewillprobablybea
badchoice.Thelawsofphysicsmakeitimpossibleforinformationtotravelfasterthanthe
speedoflight12 andputting20.000kilometersofadditionalwiresorfibersandadozenof
routersbetweenyouandtheservicewillincreaselatency.
ItisidealtouseaYFserverthatisclosetoyourself.Why?Becauseyoudnormallyuse
morethanoneserverontheInternetandyoucannotfindaYFserverthatistopologically
closetoallofthem,butyoumaybeabletofindonethatisclosetoyou.Ontheotherhand,
forapplicationsthatdontcaretoomuchaboutlatency(likelargefiletransfers)theservers
locationisnotimportant.Trythedifferentserverstoseewhichoneisgoodforyou.
TheYFclientwilltellyouwheretheserverislocatedwhenyouareconnected(andalsoin
theconnectionwizard).UnfortunatelywedonthavemanyserversoutsideEurope,simply
because
a. Theyareunaffordableunmeteredhighbandwidthdedicatedserversarevastly
expensiveinmostplacesoutsideEurope.
b. theprovidersaretoorestrictiveinwhatyoumaydowiththeserversandwhatnot
wearesickandtiredofendlessandfruitlessdiscussionswithUSbasedproviders
andexplainingtheirdroidstaffwhatwedoandwhatwedontdo,andwhyitsnot
illegal,andwhyitsrubbishthattheserversIPappearedinsomerobotemail.
Ifyouknowaboutgoodproviderswewouldliketohearfromyou!Butpleaseconsiderthat
anaverageYourFreedomservergeneratesbetween1and8terabytesoftrafficpermonth
andneedsatleast2GBofRAMandadecentmulticoreCPU.Anditshouldcomewith
DebianLinux.Ifitslessthan100USdollarspermonth,thatwouldbegreat.
Protocols
Notallourserverspermit 13 allprotocols.Someproviders(yougotittheyaremostlyUS
based)placeprotocolrestrictionsonusandarehavingkittenseverytimetheybelievethat
theyhavespottedsomething,andwhatsevenworse,theywontlistentoanyarguments.
Soifwewantserversthere(andwedo,toprovideagood,responsiveservicetothoseof
youwhoneedit!)weneedtorestrictsomeprotocolsonthem.
Ifyourapplicationdoesntworkasyouwouldexpect,havealookatthemessagewindowof
theYFclient.Areyouseeingmessagesaboutadeniedprotocol?Itmeansthatyoullhave
touseadifferentserver.
Generallyspeaking,useaserverinEuropewheneveryoucanifyouareworriedabout
protocolrestrictions.
Thereisonerestrictionthatappliestoallservers:SMTPtoremoteserversisnotpermitted.
Instead,allSMTPconnectionsareredirectedtooneofourserverswheresubmittedemailis
checkedforvirusesandSPAMcontentbeforeitispassedon.Thisisonlyimportantifyour
mailapplicationmustconnecttoaspecificmailrelaynormallyitwontbeaproblem(butit
meansthatyoulllikelyhavetodisabletransportlevelencryption).Also,wehaveextensive
protectionmechanismsagainstspammingbuiltintotheserversyouwontbeableto
rapidfiredeliveremailsviaYourFreedom.Anormaluserwontnoticeatallbutfor
12
Iknowthismaybenotentirelycorrect,butitisfortheInternet.
13
AllserversallowallconnectionmodelsthisisnotabouthowyouconnectwiththeYourFreedom
clienttotheYourFreedomserver,butwhatyoudothroughtheconnection.
Page39of84
spammersitsapaininthebackside,andmeanttobeone.
CGIrelays
TheCGIconnectionmethodadheressomuchtothestandardsthatitdoesnotonlyfool
proxies,italsoenablesustoputanintermediateCGIscriptinbetween.Yes,thatsright,
thereisasimplePHPscriptthatpeoplecanputonanywebserverstheycontrol,thatcanin
turnprovideaYourFreedomconnectiontothosewhodonthaveaccessanymoretoanyof
ourservers.OurideaisthatitsfairlysimpletoblockallourIPaddressesastheypopup
becausewecannothavenewoneseveryday,butitwontbepossibletodosomething
aboutthousandsofnewURLseverydaythathaventgotanythingincommon.
ItisquiteobviouswhypeoplewouldliketousesuchaCGIrelaybecausetheyhaveto.
Thereisnootherreasonbecauseobviously,thismethodisnotasfastandinteractiveas
theotherconnectionmethods.Butwhenyouredesperateandnootherwayofconnecting
isleft,itsbetterthannothing.Butwhywouldpeopleputthescriptontheirwebservers
whenalltheygetforitisalotofadditionaltraffic?
Thatssimple.Thereisarewardingscheme.Everytimeyouusetheirrelayserver,theyll
getbonuspointsthattheycanusetowardspurchasesonourwebsite.Ifyouare
consideringprovidingarelay,checkouthttps://www.yourfreedom.net/?id=cgirelaysfordetails.
Butbeawarethatsucharelaycouldeasilycreatehundredsofgigabytesoftrafficper
month,andthatyourproviderprobablydoesntlikeitifyourunitonavirtualserver.
SohowdoyouusesuchaCGIrelay?YouneedtoknowtheURL.Iputitindoublequotes
becauseyoudontneedafullfledgedURLyouneedtheservernameandtheURI.For
example,ifthescriptcouldbeaccessedinawebbrowserusingtheURL
http://some.server.somewhere/some/path/script.php,theCGIrelaywouldbecalled
some.server.somewhere/some/path/script.phpinYourFreedom.Simplyuseitasthe
servername,chooseCGIastheconnectionmodel,anddefinitelydisableautomaticserver
switching.
Page40of84
Andhowdoyouknowaboutthese?Well,thatsanothermatterentirely.Wewontpublish
anylistsandwewouldaskthatyoudoneither.Why?Becausewedontwanttheseliststo
simplygetimportedintoURLblacklists.ButtheYFclientfindstherelays.No,wewontsay
how,figureitout.:)
IfyouwouldliketosetupsuchaCGIrelay,youcandownloadthescriptat
https://www.yourfreedom.net/emsdist/enduring_freedom.phpRENAME.Havealookatthefirst
linesyouneedtochoosewhichserveryouwouldliketorelaytoandputtheserversname
in.Saveitunderaninconspicuousname(usetherightending).Thentestitplease(use
yourwebbrowseryoushouldseealongtextpagewithloadsofgarbagedontworry,
thatsfine).Ifitworks,registeritonourwebpage(https://www.yourfreedom.net/?id=cgirelays,
loginfirsttoensureyougetthecredit!).Ourscriptswilltestitautomaticallyandifitworks
theywilladdittothedatabaseandmakesurethatclientscanfindit(ittakesawhilethough
dontexpectclientstouseitimmediately).
Btw.youarewelcometosetupCGIrelaysforyourownpersonaluseonlyaswell,youdont
havetoregisterthem.Feelfreetotellothersaboutit,andpublishtheURLifyoulike.Justif
youdecidetoregisterit,dontpublishit.Ifyouhavebefore,simplychangethenameorthe
pathorsetupacopy.Dothatfrequently,ithelps!Removeveryoldcopiesfromtimeto
time,theygetunregisteredonourwebpageautomaticallysinceourserverschecktheir
existencefromtimetotime(butyoucandosoaswell).
Page41of84
Connectingapplicationsandgames
Pleasenote:Thiswholechapterisonlyapplicabletothedesktopversion,nottheAndroid
application.OnAndroid,youdonotneedtoconfigureanythingtomakeyourother
applicationsworkwithYourFreedom.
Introduction
Apartfrombrowsers,therearemanyapplicationsthatcanbenefitfromYourFreedomand
connecttotheInternet.Fromterminalclients,chatandinstantmessengers(likeGTalk,
PandionorYahooMessenger),P2Ptechnologies(likeBitTorrent),togamescanbe
configuredtoconnectviayourfreedom.
Thischaptercoverssomeconceptsnecessarytomakeyourparticularapplicationwork.
FormorespecifictechniqueslikelocalandserverportforwardsseePortForwards
Usingsocksifiers
IfyourparticularapplicationdoesnotsupporttheuseofweborSOCKSproxies,itstill
doesntmeanthatitcannotrunwithYourFreedom.SincetheYourFreedomclientisafull
blownSOCKSserver,allyouneedistosocksifyyourapplication.Thereareseveralways
todothis,allofthembasicallyuseafeaturecalleddynamiclinklibrarypreloading.Since
peoplehatereinventingthewheeltheycameupwithcodelibrariesthatgetdynamically
linkedtotheapplicationatexecutiontime.Likeeveryotheroperatingsystem,Windows,
Linux,MacOSetc.shipwithsuchlibraries,andoneparticularofthemoffersnetworking
functions.Thefirsttimesuchafunctionisreferredtobytheapplication,thelibrary
automaticallygetsloadedbutonlyifithasntbeenloadedwithintheapplicationscontext
already!Thetrickistomakesurethatthelibraryhasalreadybeenloadedbeforethe
applicationstartsbutahackedversionofitthatknowswhattodowithaSOCKSserver.
Windows
Therearemanysocksificationtoolsonthemarketherearesomeexamples:
WideCap
WideCapisafreesocksifierthatintegrateswiththesystemnetworkstackanddoesnotrely
onpreloadingalibrarylikesomeothersocksifiers.Itworkswithmanygamesand
applicationsthatcannotbeusedwithsocksifierslikeSocksCapandFreeCap.Weknowit
workswellwithSteampoweredgames.Finditonhttp://www.widecap.ru/eng/.
SocksCap
Thisisanoldbutpopularsocksifierfreefornoncommercialhomeuse(andnotavailable
anymorecommercially).Youmustgoogleforsc32r240.exeifyouwanttodownloadit.
FreeCap
Page42of84
FreeCapis,asthenamesuggests,freewareandisavailablefordownloadfromthe
project'shomepageathttp://www.freecap.ru/eng/.Thereisalsoadditionaldocumentation
therebutitsusewithYourFreedomissimpleenough.Welikethisbestbecauseit'sfree
andeasytouse,andit'sgoodenoughformany(butnotall)applications.
ProxyCap
Acommercialproduct.Havealookathttp://proxylabs.netwu.com/.
Proxifier
Proxifierisalsoaverycleverpieceofsoftware.Testingfor31daysisfree,alicensecosts
USD40.Plusit'salsoavailableforMacOSX.CheckitoutontheProxifierhomepageat
http://www.proxifier.com/.
HummingbirdSocks
TheOpenTextExceedconnectivitysuitecontainsasocksifieraswell.Itcanbefound
onhttp://connectivity.opentext.com/.
LinuxandotherUnixderivates
Dante
DanteisthedefactostandardintheUnix/Linuxworld.It'sfree.Downloadavailablefrom
http://www.inet.no/dante/.ManyLinuxdistributionscontainadanteclientpackage.Once
installed,youwouldnormallyhavetoconfigure/etc/dante.conftoredirecttraffic
appropriatelytoyourlocalSOCKSserver,andthenusethesocksifyscripttorun
applications.
Tsocks
TsocksisanotherUnix/Linuxworldsocksificationtool,alsofree.Itcanbefoundon
Sourceforge.ThereisaMacOSXversionaswell.
MacOSX
Proxifier
ProxifierisalsoavailableforMacOSX.
Tsocks
Checkouthttp://forums.macosxhints.com/archive/index.php/t55338.htmlforhintsabout
tsocksforMacOSX.
OpenVPNsupport
Introduction
ThereisanotherwaytomakeyourapplicationsconnecttotheInternetthroughYour
Freedomwithouttheneedtoconfiguretheminanyway!Thisisprettywelltestedandsofar
hasproventobealmostbulletproofversusitssocksifiercousins.Intheoryeveryapplication
thatworksbehindaDSLorcablerouteralsoshouldworkwellthoughOpenVPNmode.
Page43of84
Prerequisites
TheOpenVPNwayunfortunatelyhasafewprerequisitesthatyouneedtomeetforittowork
onyourPC:
Administrativerights
Theresnowayaroundit:youneedtobeabletoinstallOpenVPNanduseit,soyouneed
administrativerights(onUNIXlikesystems:youneedtobeabletoinstalltheOpenVPN
binarysetuidrootinyourpath).OntypicalcompanyPCswithdomainloginyouwonthave
administrativerights.
WithVista,youalsoneedtoexplicitlyruntheYourFreedomclientwithadministrative
privileges(rightclick,"Runasadministrator").Alternatively,rightclickonthelinkinthestart
menu,choose"Properties",clickontheCompatibility"tab,thentickthe"runas
administrator"checkboxthiswillfixitonceandforall,aslongasyoualwaysusethislink
toruntheYFclient.
OpenVPNneedstobeinstalled
OpenVPNisFreewareandOpenSource(butpleaseconsiderdonating).Ifyouhavethe
abilitytoinstallsoftwareonyourPC,gotohttp://openvpn.net/download.htmlanddownload
OpenVPN.Itneedstobeatleast2.1_rc20,newestreleaseshoulddo.ForWindowsthereis
aninstaller,othersneedtocompileOpenVPNfromsourceormaybeitshipswithyour
OSsdistribution?Inanyway,ifyouopenacommandshellandtypeopenvpnyoushould
seehundredsoflinesofinstructionsifnot,itsnotproperlyinstalled.OpenVPNneedsto
installatunnelinterfaceonyourPConWindowsitscalledTAPWIN32,onLinuxthis
wouldbetun0.
ForusersofWindowsVista,Windows7andaboveitsrecommendedtoconfigurethe
openvpn.exeexecutabletorununderadministrativeprivileges.Goto"C:\Program
Files\OpenVPN\bin\",rightclickontheopenvpnexecutable,selectProperties,
Compatibility,andmarktheRunasAdministratorcheckbox.Thiswillensurethe
openvpnprocessgetslaunchedwiththenecessaryprivileges.
BeforemakinguseofOpenVPNpleasemakesureyourcomputerisproperly
protectedandnotinfectedbysomevirus/wormoraTrojan.Ensurethatitisnotpart
ofabotnet.Ifyoudon'tourserversmighthavetoclosedownyouraccountto
protectoursystems.IfyoudonothaveapropersecuritysuiteinstalledonyourPC
pleaseopenInternetExplorernowandvisitthiswebpageforafreecheck(itisa
MicrosofttoolandwillthereforeonlyworkinInternetExplorer):
http://onecare.live.com/site/enUS/default.htm
Westronglyadvisethatyourepeatthisfromtimetotime.Itisforyourown
protection!Ifyouhaven'tgototherprotectionconsiderinstallingfreeprotection
softwarelikeMicrosoftSecurityEssentials,AviraAntiviroravast.
YoudontneedaYourFreedompackage,FreeFreedomwillsuffice
Thatsright.OurOpenVPNsupportisnotonlyavailabletopayingusers.Althoughrunning
anOpenVPNtunnelendpointusesconsiderablymoreresourcesthanjustforwarding
Page44of84
connectionswedecidedtoofferittoeveryoneforfree.Althoughweknowthatitwouldntbe
muchfunwith64k.
Configurationtasks
Knowyournetworkingenvironment
IfyouarebehindafirewallandneedtobeabletoreachserversthathaveInternetIP
addressesbutarenotreachablefromtheInternet,youneedtoaddrouteexclusionlinesto
yourconfigfile(seeAppendix:YFclientconfigurationfile).
99%ofalluserswonthavetoconfigureexcludes.AllnonInternetIPaddressesare
automaticallyexcludedanyway(thiscovers10.0.0.0/8,172.16.0.0/12,
192.168.0.0/16).NetworksthatarealreadyroutedonyourPCareexcludedaswell.
Forallothers,addanopenvpn_excludelineperIPornetworkasdescribedinAppendix
C,e.g.
openvpn_exclude1.2.3.4
openvpn_exclude2.3.0.0255.255.0.0
NotethatYourFreedomiscleverenoughtoautomaticallyexcludeallIPaddressesthatit
needstobeabletoreachinordertomaintaintheconnectiontotheYourFreedomserver.
TicktheOpenVPNbox
GotothePortspanelandticktheOpenVPNcheckbox.Leavetheportnumberasitis,
unlesstherearereasonswhyyouneedtouseadifferentport.
StarttheYourFreedomconnection
Theconnectionsetupshouldlooklikeusual,butapproximately10secondsafterthedoor
opens,itshouldopenabitmore.Themessagelogshouldtellyouaswellwhenithappens.
HavealookatyourPCsroutingtable(inWindows,runcmd,thentyperouteprintUnix
userstypenetstatrnorrouten)youshouldseeawholebunchofroutesthereall
goingtosome169.254.xxx.yyyaddress.TheseroutescoverthewholeInternetaddress
spaceminustheexclusionsmentionedabove.WecannotreplaceyourPCsdefaultroute
thatwouldverylikelycutyouofffromyourlocalnetworkandmaketheYourFreedomserver
unreachable.
Relayforothers?
Yes,youcanandyoumay.ButunlessyourPCmasqueradestheotherPCstheyneedto
runtheirownOpenVPNsession.Whenyoustarttheconnection,theYourFreedomclient
createssomeconfigfilesinyourhomedirectory(pleaseseeAppendixCforlocation
details)allstartingwithclientorservercopythemtotheirPCsintosomedirectory,edit
client.ovpnandreplace127.0.0.1withyourPCsinternalIPaddress,thenrightclickonthe
client.ovpnfileandchoosethesecondoption(StartOpenVPNwiththisconfigfile).Of
coursetheyneedtoinstallOpenVPNfirst!
Page45of84
ForamoregeneraltechniquetoshareyourYourFreedomconnectionwithmiscellaneous
equipmentlikeXBox,PlaystationsorotherPCsseeUsingOpenVPNandICStoconnectother
PCs,Playstations,XBox.
WhatabouttheWindowsfirewall?
Feelfreetouseit,butdontcomplainifitbreaksthings.Seriously,thereisnoreasonwhy
youwouldneedit,onlyoutboundconnectionsworkonthetunnelinterface.Howeverifyou
suspectyourapplicationstosecretlyopenconnections,thenyes,useit!Ifsomething
doesntwork,trywithout.
Configureyourapplications
Nowthatsthepartyoulllikemost:youdonthaveto!Noneedtoconfigureaproxy,noneed
forsocksifiers.Justmakesureyourapplicationsarenotusinganyproxyandthatshouldbe
it.
NotehoweverthatsinceyourPCisnotconnectablefromtheInternetthroughtheOpenVPN
tunnel,applicationswhorelyonthiswontwork.Ifthemanufacturerswebpagesays
somethingaboutportsthathavetobeopenedinboundinyourfirewall,itlikelywontwork.
ItispossibletocombineOpenVPNtunnelingwithserverportforwards,however.See
Serverportforwardsfordetails.
Troubleshooting
TheOpenVPNtunnelisnotcomingupproperly
Havealookatthemessagelog,itmaytellyouwhy.Ifitdoesnt,createadumpfileandmail
ittous(seeServerportforwards)orcheckitoutyourself.
CheckifthereisstillanotherOpenVPNprocessrunningwhentheYourFreedom
connectionisshutdown.HitCtrlAltDel,sortthetasksbyname,andlookforopenvpn.
TerminateitbeforeyourestarttheYourFreedomconnection.ThiscanhappeniftheYour
FreedomclientisterminatedabnormallybeforeithasachanceofshuttingdownOpenVPN.
TheOpenVPNtunnelopens,butthentheYourFreedomconnectionfails
ThetunnelroutessomehowcutoffyourconnectiontotheYourFreedomserver.Please
generateadumpfileforustheYourFreedomclientshouldbecleverenoughtoavoidthis
butseeminglyisnt.
Whatarethese169.254.xxx.yyyaddresses?
ThatsaclassBnetworkreservedforadhocnetworkingonabroadcastmediumlike
Ethernet.EverystationjustrollsadiceforanIPaddressanddoessomecheckingwhether
itsalreadyinuse.Ifnot,itusesit.
Nooneusesthisnetworkforanything,onlyWindowsdoesintheabsenceofaDHCP
serverorastaticconfiguration.ThenetworkisnotroutedontheInternetandnooneusesit
privately,thatswhywechoseit.Itsveryunlikelythatitcausesanyaddressingconflict
anywhere.
Page46of84
TheotherendofyourOpenVPNtunnelisalways169.254.0.1or169.254.128.1ifyouwant
tocheckwhatpacketdelayisaddedbyYourFreedom,justpingthisIPaddress!
YourPCwillgetanoddaddressfroma/30subnetwithinthisrangeanditwillroute
everythingtotheevencounterpartaddressinthissubnet.
Page47of84
UsingYourFreedomwithoutclient
app
PPTP
Generalinformation
ThenormalwaytouseourserviceisthroughtheYourFreedomclientsoftware.Itwilllet
youdothingsthatyounormallycannotdowithVPNsoftware.Buttherearetimes(and
places)whereyouonlyneedtoensureyougetconnectedwithoutsomeonespyingonyou,
oryouonlyneedtoappeartobeelsewhereandnotwhereyoureallyare.Ifthissoundslike
you,readon.
TheYourFreedomconnectivityserversarenowabletoacceptPPTPVPNconnectionstoo.
PPTPisaVPNtunnelprotocoldevelopedbyMicrosoftandsomemorecompaniesnot
renownedfordesigninggoodprotocolsinfact,PPTPisprettymuchbrokenbydesignin
manyaspects.However,itdoeshaveoneadvantage:nearlyeveryPC,nearlyevery
smartphonespeaksPPTPwithoutanyadditionalsoftware.Contrarytowelldesigned
protocolslikeOpenVPN,PPTPusesacombinationofTCPforthecontrolconnectionand
GREencapsulatedPPPframesforthedatatransport.Thatbyitselfisnottoobad.Butif
youconsiderthatyouneedtouseMSCHAPv2andMPPE128forauthenticationand
encryptionifyouwantatleastsomebitofprotection,andthateachofthesetwoareagain
completelybrokenbydesign,thisiswherethemessstarts.Butyoudon'thavetoworry
aboutthedirtydetails,wehavedonethatforyou.
Nevertheless,it's"the"standardanditisverywidespread,plusitisrelativelysecurewhen
usedproperly.Anditgetsthejobdone.
WhenwouldyouwanttousePPTP?Herearesomeexamples:
Whenconnectedtoapublicwirelesshotspotwithoutencryption,usingPPTPwill
ensurethatnoonecanseewhatyouaredoing.
IfyouliveincountryAandyouwouldliketomakeitlooktosomeInternetservicelike
youactuallyliveincountryB(greatifyouwanttowatchTVbroadcastsnotavailable
foryourcountry!).
Ifyouareinacensoringenvironmentbutthecensoringisonlyverysubtlesome
thingsjustdon'tworkanditalwayslooksliketechnicalfaults.
Ifyourprovideristhrottlingaserviceyou'dliketouse,usingPPTPmightmake
thingsworkproperly(forexample:YouTubeisslowinsomeplacesbecausethe
localproviderwantsittobeslow).
Ofcourse,theYFclientwillhelpyouinallthesesituationsaswell.ASwissarmyknifewill
letyouturnscrewstoo,butascrewdrivermightbethebettertoolattimes,eventhoughyou
cannotcutanythingwithit.Shouldthescrewdriverturnoutnottobepowerfulenough,you
canalwaysresorttoyourtrustedSwissarmyknife.
Page48of84
Theservicelevelyoureceive(FreeFreedom,BasicFreedom,EnhancedFreedom,
TotalFreedom)isthesameaswiththeYFclientapplication.Voucherscanbesentthrough
ourwebpage.YoumayuseyouraccountwithboththeclientandPPTP,butnotbothatthe
sametime.YoulluseasharedIPaddressjustaswiththeYFclient.
IsPPTPsafe?
TheYFclientusesstrongerencryptionandprotectsyourprivacybetterthanPPTP.Still,
PPTPisaboutasstrongasusingHTTPStoaccesswebservers.ItusesRC4witha128
bitmasterkeyandgeneratessessionkeyseverysooften.Notexactlystateoftheart,butit
willprobablydo.Itsbiggestweaknessisthatitreliesonasufficientlystrongpassword.
YoumighthavereadaboutattacksagainstMSCHAPv2.Thisisnotexactlynews.
MSCHAPv2andMPPEbothrelyonthesecrecyofanMD4hashofyourpassword.If
someoneisabletoobtainthisMD4hash,hecannotonlyimpersonateyoubutalsodecrypt
recordeddata.ThebigproblemhereisthatMicrosofthasnot"salted"thehash,andthis
meansthatprecomputeddictionariescanbeusedforbruteforceattacksonrecorded
MSCHAPv2authenticationpackets.Ouradviceis:useaverystrongpassword.Ifyoudo,
PPTPusingMSCHAPv2andMPPEisrelativelysecure.
HowtoconfigurePPTP?
WellexplainherehowtodoitonWindows7.Youllsurelyfindinformationabouthowtodo
itonyoursystemifyougoogleforitthereisnothingparticularaboutourPPTPservice.
First,clicktheWindowsbuttoninthedownleftcornerofthescreenandchose"Control
Panel".Itwilllooklikethis:
NowchooseNetworkandInternet:
Page49of84
Clickon"NetworkandSharingCenter".Inthenetworkandsharingcenterpanel,clickon
"Setupanewconnectionornetwork",thelinklookslikethis:
Choose"Connecttoaworkplace",evenifthatsoundssilly(andyouareprobablytryingto
escapeone),thenclicktheNextbutton:
Nowchoose"UsemyInternetconnection(VPN)",becausethat'swhatwearetryingtodo,
Page50of84
setupanewconnectionthroughyourexistingInternetconnection:
Inthenextstep,youareaskedtoenteranInternetaddresstoconnectto.FillinthePPTP
serverofyourchoice.IfyouknowtheIPaddressortheserver'snameyoumayusethis,but
wesuggestyouusethegenericbycountrynamesweprovide.Inthisexample,wewanta
USbasedserverbutitcouldbe"de"forGermanyor"uk"fortheUnitedKingdomaswell.
YoumayofcourseuseemsXX.yourfreedom.deaswiththeYFclientapplicationaswell,
oranIPaddress.The"Destinationname"iswhatyouwanttocallit,ithasnotechnical
meaning.
Tick"Don'tconnectnow"weneedtochangesomeparametersbeforetheconnectionis
finallysetup.Whendone,clickNext.
Page51of84
Inthenextstep,youareaskedtoprovideyourusernameandpassword.ThisistheYour
Freedomusernameandpassword,asyouwoulduseittologontoourwebpageorasyou
woulduseitintheYourFreedomclientsoftware.Ifyouwant,tick"showcharacters"(itwill
maketypingcrypticpasswordseasierandissafeaslongasnooneisglancingoveryour
shoulder)and"rememberpassword"(safeifthisisyourcomputerandaccesstoitis
restricted).Donotputinadomain.Whendone,click"Create".
Windowswillnowtellyouthattheconnectionisreadytouse,butitisn't.That'swhyyou
Page52of84
shouldclicktheClosebuttonnow.
Inthe"NetworkandSharingCenter"whichshouldstillbeonyourscreen(ifnot,clickthe
Windowsbutton,"ControlPanel","NetworkandSharingCenter"tobringitup),clickon
"Changeadaptersettings"onthelefthandside:
Page53of84
Thiswillshowyournetworkadapters,bothphysicalandvirtual.Thenewlycreated"WAN
Miniport"adaptershouldbeamongthem(itwillclaimitisanIKEv2typeadapter,andthat's
whyweneedtomodifyit).Rightclickonitandchoose"Properties":
Clickonthe"Security"tab,thenchangethedefaultsettings.ThetypeoftheVPNneedsto
besetto"PPTP",andyoushouldsetdataencryptiontomaximumstrengthencryption
(thoughourserverwillnegotiatethatanyway).Removethetickfrom"ChallengeHandshake
AuthenticationProtocol"andleavethetickon"MicrosoftCHAPVersion2"weneedtouse
MSCHAPv2insteadofstandardCHAPbecausethisisaprerequisiteforMPPEdata
encryption.Thewholetabshouldnowlooklikethis:
Page54of84
Nowclickonthe"Networking"tabanduntickeverythingexceptIPv4(itwillmaketheVPN
connectionless"noisy",conservebandwidthandslightlyspeeduptheconnectionsetup).
YoucannotuseIPv6atthistimebecauseourserversdonotsupportityet:
Page55of84
Whendone,click"OK".
Nowyouarereadytogo.Thereareseveralwaystobringuptheconnection.Whatworks
foreveryoneisthis:clicktheWindowsbutton,then"ControlPanel","NetworkandSharing
Center","Connecttoanetwork".(Ifthereisanetworkingiconinyourtaskbaryoumay
simplyclickonitinstead.)Thisbringsupyourlistofavailableconnections:
Page56of84
Clickontheoneyouwant,thenclick"connect":
Putinyourpasswordifyouhaven'tsaveditduringthesetupprocess,thenclick"connect",
andoffyougo!Therewillbeseveralstatusmessagespoppingup,andoncetheyaregone
youshouldbeconnected.Youcanverifythisinyourconnectionlist(seeabove)itwillnow
tellyouthatyouareconnectedviatheYourFreedomconnection.Todisconnect,clickon
Page57of84
theconnectionintheconnectionlistandchoose"disconnect"simpleasthat.
Atonepoint,apopupwindowwillaskyoutoseta"networklocation"forthenew
connection.Werecommendthatyouchoose"publicnetwork"toavoidunnecessary
securityrisks:
Whatifitdoesntwork?
Areyoureceivingthismessageduringtheconnectionsetup?
Itmeansthatourserverhasdeniedyourlogin,eitherbecauseusernameand/orpassword
Page58of84
werenotcorrect,oryouraccounthasbeendisabled,oryouare(asaFreeFreedomuser)
overtheaccount'stimebudget,orthereisaproblemwithourserver.Unfortunatelywe
cannottellyouwhichoneoftheseisthereason.Iftheproblempersistsandyouaresure
yourusernameandpasswordarecorrect,trytologintoourwebpageandseeifyour
accounthasbeendisabled.Ifnot,checkwhetheryouareoverthetimebudget
(FreeFreedomusersonlyjustlogin,thenclickon"Account").Enablingloggingwon'thelp
youatall.
Ifyouhappentoseethisduringtheconnection:
itmostlikelymeansthatourserverhaskickedyouout.YourFreeFreedomaccountmight
beoverthetimebudget,oryouraccountgotdisabled.Trytoreconnect.Ifthatworks,itwas
mostlikelysometechnicalproblem(atimeoutorwhatever).Ifproblemspersist,notedown
theexacttimeandcontactsupportaboutit.
SharingthePPTPconnection
YoucanuseWindows'Internetconnectionsharingfunctionality.You'llfinditinthe
propertiesofthevirtualnetworkadapter(seeabove).Pleasenotethatyoucannotshare
yourconnectionwithothercomputersthatareonthesamenetworkthatyouusetorunthe
PPTPtunnelover.Anexamplewouldbesomeoneinacomputerlabconnectedthrough
EthernetyoucannotsharetheconnectionwithotherPCsonthesameEthernet.Inorder
tosharetheconnection,theothercomputers(PlayStations,whatever)needtobe
connectedtoanEthernetinterfacethatyoudonotuseforanythingelsesoputina
secondEthernetcardifyourcomputerdoesnothaveasecondEthernetinterface.Itisnota
goodideatousethesamephysicalinfrastructure,i.e.thesameEthernetswitch,sinceICS
runsitsownDHCPserviceandwillconfusetheupstreamconnection.
DNSservers
Unlessyouexplicitlyconfiguresomethingelse,thePPTPconnectionwillnegotiatetheuse
ofGooglesDNSservers.Googlewillnotknowwhoyouare,theyonlyseeourserversIP
address.
MorethanonepredefinedPPTPconnection?
Youmayconfigureasmanyconnectionsasyouwant,butitisnotrecommendabletobring
upmorethanoneatatime.Forexample,youcoulddefinedifferentconnectionsfordifferent
countries.Justfollowtheprocedureabovetosetupmoreconnections.Toremovethem
Page59of84
again,opentheadapterpanelanddeletetheadapter(thisiswhereyoucanrenamea
connection,too).
Ifyouareaskingwhetheryouandyourfriendcanusethesameaccountatthesametime,
theanswerisno.YourFreedomaccountsgenerallyonlyworkforonepersonatatime.Ifa
secondconnectionisestablished,thepreviousconnectionisterminated.Ifyouareatthe
sameplace,youcansharetheconnectionasexplainedabove,though.
Page60of84
Accounttypes:Timebasedupgrades
andvouchers
FreeFreedom(usagefreeofcharge)
Weofferaverybasicserviceforfree.ItisgoodenoughtomakeyourselffamiliarwithYourFreedom
andtestwhetherornotyourapplicationwillworkwithYourFreedom.Itmightbeallyouneed,inwhich
caseyouarewelcometouseitasmuchasyoulike.
ThereareseveralrestrictionsintheFreeFreedomprofile.Firstofallthebandwidthislowandthe
numberofconcurrentstreamsislowaswell(butenoughforchatting,websurfing,etc.).Thenthereisa
connectiontimelimityoucanonlybeconnected5hoursinaweekinterval,andonly2hoursinany
24hoursinterval,alsoafteronehouryoursessionisdisconnected,butyoumayconnectagain
immediately.
Afterthedailyorweeklyusagelimitisreached,userswon'tbeabletoconnectagain.You
willseeamessagetellingyouaboutthis,indicatingtheapproximatetimeatwhichyouwill
beabletoconnectagain.
Upgradesandvouchers
Ifyouwouldliketohavemorebandwidth,moreconcurrentstreams,orotheradditionalfeatures,oryou
wouldsimplyliketosupportoureffortstoprovideunrestrictedInternetaccesstoeveryone,consider
buyinganupgrade.Thetablebelowdetailsallavailabletimebasedupgrades,theirfeatures,andtheir
prices(inEuros).
Free Basic Enhanced Total
64
Bandwidth 256 Kbit/s 4 Mbit/s unlimited
Kbit/s
Concurrent Streams 15 50 100 200
Web Proxy
Socks Proxy
OpenVPN mode
PPTP mode
SOCKS5 mode
Link encryption
HTTP connection
HTTPS connection
CGI connection
Page61of84
FTP connection
UDP connection
DNS connection
ECHO connection
Relaying permitted
Connection time 6 hours unlimited unlimited unlimited
Server Ports (5)
1 month package Free 4.00 10.00 19.99
Tobuyupgrades,pleasevisitourwebpageathttps://www.yourfreedom.net/,loginwithyour
account,thenclickontheAccounttab.Thereisacurrencycalculatoraswellifyoudlike
toconvertthepriceinEurostoyourlocalcurrencyoratleastoneknowntoyou.Foryour
orientation,1roughlycorrespondsto1.30US$(atthetimeofwriting).
OnAndroid,justvisittheinappshop.Itwillletyoupurchaseaccountupgradesthesamewayasyou
canpurchaseapps.
Whenyoubuyanupgrade,youraccountprofileusuallygetsupdatedwithinminutes(youll
receiveanemailwhenithappensandyoullnoticeifyouareconnected).Howeversome
paymentmethodstakelongerthanotherstocomplete.PleasevisitourPricespageon
https://www.yourfreedom.net/tolearnaboutdetails(loginfirsttoseeeverything).Newly
boughtpackagesareinstantlyactivatedotherpackagesthathavenotexpiredyetget
suspended.HoweveryoumayusethearrowbuttonsonthePricespagetomoveyour
packagesaroundanytimeanddecidewhichofyourpackagesiscurrentlyactiveandwhich
aresuspended14 .
PleaseconsiderbuyingapackageifyouuseYourFreedomregularly,evenif
FreeFreedomisenoughforyou.Serversdontgrowontreesandsupportstaffand
developersliketheoccasionalpaycheckaswell.
Vouchers
Vouchercodesaresequencesofcharactersthatyoucanfillintoaformeitherinthe
websiteordirectlyintotheYourFreedomclienttocreatepackages.Youreceiveavoucher
codefromusaspartofapromotionorasacompensationforserviceproblems,orasan
expressionofourgratitudeforsomethingyouhelpeduswith.Youcanalsobuyvouchers
fromusinseveraldenominationsasvouchercarnets.Ourvouchersarevalidforoneyear
14
Yes,thiscanbeusedtoprotectamoreexpensivepackagefromexpiring.
Page62of84
fromthedayofpurchase.
OurvouchercarnetscanbeusedtotemporarilyupgradeyourYourFreedomaccountwitha
packagewithouthavingtopayforafullmonthandnotusepartsofit.Alsovouchercarnets
aretransferrable(i.e.notlinkedtoanaccount)andcanbeusedseparatelyatanytime.
VouchercodescanbeaddedtothevoucherpanelintheYFclient.Simplytypeinthecode
(casedoesnotmatter)andclickAdd.Youcanimportwholevouchercarnetsinonegoif
youusethelabelweveemailedyouinsteadofindividualvouchercodes.15 Ifyoudonthave
ourconfirmationemailathand,justlogintoourwebsiteandvisittheACCOUNTsection.It
issafetoaddvouchersorwholecarnetsonseveralinstallationsofYFandevenwith
differentaccounts,butyoumayuseeachvouchercodeonlyonce.Clickupdateto
automaticallycheckwhichcodeshavebeenusedinthemeantime,andcleanupto
removeallusedcodesfromthelist.
Touseaparticularvouchercode,highlightitthenclicksendsel..OnAndroid,ifyou
highlightacategoryofcodes,thefirstunusedvouchercodeinthiscategorywillbesent.
If,forwhateverreason,youcannotusevouchercodesdirectlyfromwithintheYour
Freedomapplication,youcansendthemthroughthewebsiteinstead.
PleaseseetheVoucherFAQonourwebsiteforfurtherdetails.
Testdrives
Ifyouareconsideringbuyingapackagebutarenotsurewhetheritwillbewhatyouexpect,
howaboutatestdrive?Logintoourwebpageathttps://www.yourfreedom.net/on
Prices,andclickontheTryBeforeYouBuylinkontheleft.Everyoneiswelcometotry,
butnoticethatweonlyallowtestdrivesforaccountsthathavenotjustbeencreatedand
thathaventtestedextensivelyalready.Also,werefusetestdrivesforaccountsthathave
beeninvolvedinpaymentreversalsbefore.However,oursupportstaffcanhelpyouout
shouldyouneedadditionaltestingjustsendanemailtosupport@yourfreedom.net.
Duringatestdriveyoullreceiveallthebenefitsoftheselectedpackage,andwhatsmore,
youmayevenswitchfromonepackagetypetoanothertotestthemall.SimplyvisittheTry
BeforeYouBuypageagaintomodifyorendyourtestdrive.
Aswithboughtpackages,itmaytakeafewminutesforupdatestopropagatetoallservers,
andyoumayhavetorestartyourconnectionoreventheYourFreedomclienttoseethe
difference.
Withthelatestclientversions,youcanactivatetestdrivesfromtheAccountProfilepanel
(desktop)orthebuiltinappshop(Android).YouneedtobeconnectedtoanYFserverto
initiatetests.
15
OnAndroid,ifyoupurchasevouchercarnetsfromthebuiltinshoptheywillgetaddedautomatically.
Page63of84
AdvancedTopics
PortForwards
PleasenotethatthischapteronlyappliestothedesktopversionofYourFreedom,notthe
Androidapp.
Localportforwards
OnepossibilitytoallowanapplicationtoconnecttoaserviceontheInternetviaYour
FreedomistomirroraportontheInternet.Justimaginetheresaserverouttherewitha
certainIPaddressanditslisteningtoSSHconnections.YouwouldliketoSSHtotheserver
butyourSSHclientdoesnotsupportSOCKS.Inthiscaseyouwouldsimplyconfigurea
localportforwardsimilartothisone:
NowinsteadofconnectingviaSSHtosome.host.somewhereonport22,yousimply
instructyourSSHclienttoconnecttolocalhostonport2222.YourFreedomwillputthe
connectionthroughforyou.NotehoweverthatiftheremotehostisunreachabletheSSH
clientwillstillseeaworkingconnection,butitwilltimeoutquickly.
Thisisjustoneofmanyexampleshowyoucanusethisfeature.Generallyspeaking,ifyour
applicationneedstoonlyconnecttoaparticularhostonaparticularport,localportforwards
aretherightchoice.
SIPforwards
Yes,thatstrue!YoucanuseSIPphoneswithYourFreedomaswell!Wehaveseen
reportsthataudioonlyworkedinonedirection.Oncewecanfindthetimewellcontinueto
workonit.Notehoweverthatthisisstillinearlybetaphaseanditmaynotworkproperlyin
anycase,OpenVPNmodewilllikelywork.
Ifyoudliketogiveitatry,hereiswhatyouneedtodo.AssumeyouareusingaSIPserver
calledsip.sipgate.deonport5060,thewellknownportforSIP.IfyouconfigureaSIPport
forwardlikesthisone
Page64of84
itwillturnyourlocalPCintoamirrorimageoftheSIPserver.Soinsteadofconfiguring
sip.sipgate.deinyourSIPphone,configurelocalhost.DisableSTUNifyoucan,its
meaninglessinthiscontext(butwillonlymakethingsslower).
SIPforwardingisacomplextasknotonlydoestheYFclienthavetoforwardallrequests,it
alsohastosetupUDPforwardsdynamicallyforallaudioand(thatsright!)videostreams.
WehaventtestedthiswithmanydifferentSIPprovidersandphones,soitslikelythatmany
ofthemdontworkyet.Weliketohearfromyou!
SIPforwardingwillonlyworkwithUDP,notTCP.Nearlyallclientsandserversuse
UDP.Also,notethatusingaSIPphoneconsumesacertainamountofbandwidth
(dependingontheCodecsyouareusing)theFreeFreedomprofilewilllikelynotbefast
enoughtosupportSIPforwarding(thevoicewillbreakup).
Serverportforwards
WouldyouliketomakeyourPCreachablefromtheInternet?Thenserverportforwardsare
foryou.CheckouttheAccountProfilepanelafterconnectingifyouseeremoteports
forwardedthereyoucanusethisfeature.(Youcanconfigureitaswellifnoportsare
forwardedtoyou,butitwontdoathing.)Forwardedserverportsareabletohandleboth
TCPandUDPtraffic.
Itisimportanttounderstandthatyoucanonlyforwardserverportsthatareassignedtoyou
(i.e.appearinthelistofremoteportsforwarded).Soletsassumeyouhaveports
assigned.Addforwardslikethis:
Itisnotabsolutelynecessarytousethesamenumbersforremoteportandlocalport,
butwehavefoundthatmanyapplicationsaretoosillytoannounceanotherporttothe
networkthantheyactuallylistenon.Forexample,BitTorrentclientsusuallycanannounce
differentexternalIPaddressesandports,but99%ofalltrackerswillsimplyignorethis.So
usethesameportonbothends(byconfiguringyourapplicationaccordingly)anditwillall
workbysheermagic.
Page65of84
Also,wecannotassignportsthatyourequest,forthesimplereasonthateveryone
wants6881andsuch.Pleasedontask,youcanonlyusetheportsthathavebeen
automaticallyassignedtoyourprofile.
Typicalusages:
GettingRemoteAccesstoyourPC,e.g.rdesktop,VNC,SSH
GettingHighIDineMule
SpeedingupofBitTorrentdownloads.
CurrentlyServerPortForwardsareonlyincludedintheTotalFreedomupgrade
ConnectionSharing
Relaying
Ifyourprofilesupportsrelayingandyouhaveturnedonthe"relayforothers"option,other
peopleinyourlocalnetworkwillbeabletoconfiguretheirbrowsersandapplicationstouse
yourcomputerasaproxyserverjustthesamewayasyoudo.Alltheyhavetodoisspecify
yourcomputerIPnumberand8080(orwhateverportyouhaveunderwebproxy)or1080
(sockproxy)intheirapplicationswhereaproxyserver:portisrequired.
Typicaluseisforroommatesinadormorcolleaguesinthesameoffice.
UsingOpenVPNandICStoconnectotherPCs,Playstations,
XBox,etc.
IfyouwouldliketoconnectotherPCs,PlayStations,VoIPphones,whatevertotheInternet
throughtheYourFreedomconnection,allyouneedisasecondnetworkinterfaceinstalled
inyourPC.Makesureitisn'tusedforanythingelse.Youneedtoconnectyourother
PCs/PlayStation/etc.tothisnetworkinterface,eitherdirectly(crossovercable)orviaasmall
switch/hub.Donotusethesameswitch/hubasforyourotherEthernetinterface(unlessit
providesVLANs)!AnotherthingthatyouneedtoensureisthatyourotherEthernetinterface
doesnotusethe192.168.0.0/24networkifitdoes,reconfigureyourDSL/cablerouterto
useadifferentnetwork.
OpenStart>ControlPanel>NetworkConnections.FindtheunusedLANinterface(it's
probablycalled"LocalAreaConnection2"butdon'trelyonit)youneedtheexactname.
ThenfindtheTAP32interfaceofOpenVPN.Rightclickonitandchoose"Properties".Click
onthe"Advanced"tab.Tickthe"Allowothernetworkuserstoconnectthroughthis
computersInternetconnection"boxandchoosethenetworkinterfaceinthedropdown
menubelowthatconnectstoyourotherPCsorPlayStation.Click"OK"andclosethe
NetworkConnectionswindow.
Page66of84
That'sityourotherPCs/PlaystationsshouldnowbeabletoconnecttotheInternetthrough
YourFreedom'sOpenVPNconnectionwhenitsup.
WilltetheringonAndroidworkwithYourFreedom?
Theshortbutunsatisfactoryis:no,unfortunatelynot.
Thereareseveralreasonsforit.Firstofall,theAndroidVPNAPIdoesnotprovideameans
tosetupaddresstranslationontunnelinterfaces.Thesecondreasonisthattetheringwill
notprovideadefaultgatewaytoyourPCwhenaVPNconnectionisactive.Wearesure
Googleconsiderstheseshortcomingsasecurityfeature.
YoucanofcourseinstallthePCversionofYourFreedomonyourPCandrunthisversion
insteadtheAndroidapp,whileusingyourphonesconnectivitytogetconnected.
IPv6
TheYFclientcanuseIPv6toconnecttoYFservers.IPv6addressescanbereached
throughtheSOCKS5andlocalportforwardfacility,butnotviaOpenVPNmodeorweb
proxy.PleasenotehoweverthatnotallofourserverssupportIPv6.
IfyouarehavingproblemsconnectingtoYFservers(orevenfindthem),itisagoodideato
tryandenableIPv6onyourPC(ifitisnotalreadyenabled).Also,enableallkindsof
tunnelingmechanisms,youneverknowoneofthemmightworkwhereyouare.:)
OnWindowsVistaandWindows7,bothIPv6andTeredotunnelingareenabledbydefault
butunlessyourPChasaglobalIPaddresstunnelmechanismswon'tworkoutofthebox.
Tomakeitwork,clickon"Start",thentype"cmd"butdonothitEnter.Waituntilthe
"cmd.exe"applicationappearsinthesearchlist,thenrightclickonit,choose"Runas
administratorandconfirmthedialog.Intheblackcmdwindow,type
netshinterfaceipv6showteredo
If"status"is"offline"trythiscommand:
netshinterfaceipv6setteredoenterpriseclient
Waitabitthencheckthestateagain:
netshinterfaceipv6showteredo
Itshouldtellyouthat"status"is"qualified"or"dormant".Whendonetype"exit".
WithWindowsXPSP1/SP2,Teredoisshippedaswellbutnotinstalledbydefault.Youcan
easilysortthatthoughbyopeningacmdwindow(clickStart,thenclickRunandtypecmd)
andtypingnetshinterfaceipv6install",thenproceedasabove(orjusttype"netshinterface
ipv6setteredoenterpriseclient").
YoumightwanttouseadifferentTeredogatewaythanthedefaultifyesappendittothe
"setstateenterpriseclient"command.IfyourPCisnotbehindaNATrouteryoucanuse
"setstateclient"instead.
UnlesssomeonefiltersTeredothisshouldgiveyourPCfullIPv6connectivity.TheYFclient
Page67of84
willautomaticallynoticeandtryIPv6.
FinetuningCGImode
Generally,CGIconnectionmodeistheslowestofallpossibleconnectionmodes.Thisis
duetothewayitworksitneedstoaccumulatedatabeforeitsendsitofftotheotherside.
Butyoucanadjustafewknobsandtrytomakeitfaster.
First,locatethe"ems.cfg"configfile(seeAppendixC).Thisfilecanbeeditedwithanytext
editor,forexampleNotepad.EnsuretheYFclientisNOTrunningwhenyoueditthefileor
yourchangesmaybelost.Itisdifficulttobreakthisfilesodon'thesitatetotry...
TherearefourvaluesthatcontrolthetimingofCGIconnectionsandyoucanchangeanyof
them.Wednotrecommendchanginganyoftheselimitsexceptperhaps
"cgi_uplink_maxdelay".Herearetheparameterswiththeirdefaultvaluesandtheirmeaning:
cgi_uplink_maxdelay.Defaultsto500milliseconds.TheYFclientwillaccumulatedatafor
atmostthistimeuntilitinitiatesanewuplinkconnectionnomatterhowmuchdatahas
beenaccumulated.Youmightwanttosetthistoalowervalue,maybe200milliseconds.
cgi_uplink_urgentdelay.Defaultsto20milliseconds.TheYFclientwillusethisvalue
insteadofthepreviousvaluewhenithasframestodeliverthatareconsideredurgent,for
exampleacknowledgements.
cgi_uplink_threshold.Defaultsto3.Ifthismanyframes(YFdataunits)aretobedelivered,
anewuplinkconnectionwillbemaderightaway.Settingthisto1willeffectivelydisable
dataaccumulationandmakeyourconnectionmuchmoreresponsive,butitwillalso
createmuchmoreoverhead.Ifyoudon'tcareabouthowmanyconnectionsaremade
andhowmuchoverheaditgenerates,setthisto1anddon'tworryabouttherest.
cgi_uplink_mindelay.Defaultsto1millisecond.Thisistheminimumamountoftime
betweentwouplinkconnections.Youshouldnotsetitto0andmostpeopleshouldnot
havetoincreaseit,butifyournetworkconnectiondropsconnectionattemptsthatappear
inbursts,trysettingittoahighervalue!
cgi_downlink_connect_timeout
Allthesevaluesnormallydonotappearintheconfigfileandarenotconfigurablethroughthe
frontend.Justaddlinestothefile(itdoesnotmatterwhere)thatcontainthenameofthe
value,aspace,andthenumericvaluetowhichyouwouldliketosetit(nounit).
Optimumperformanceisprobablyachievedbysettingcgi_uplink_thresholdto1and
cgi_uplink_mindelaytomaybe20.Tryit,youcantbreakanything,ifitdoesn'tworkjust
removethelinesagain.
Page68of84
Appendices
AppendixA
Troubleshooting
TheYourFreedomclientcomeswithbuiltintroubleshootingfacilities.Thereisthemessage
logthatyoucanaccessfromtheMessagestab(youmaysaveittoafileaswell)butthis
willonlyhelpyouineverydaysituations.Formoredetailedtroubleshootingyouneedtorun
YourFreedomindumpmode,andyoumighthavetouseapacketsnifferaswell.
Whydoesmyapp/gamenotwork?16
Thereisofcoursenoofftheshelfanswertothisquestion.Butthefirstthingyoushouldlook
atisthestreamspaneloftheYourFreedomclient.Doestheapplicationcreatestreams
therewhenyouuseitbeforeitcomplainsthatitcannotconnect?Ifno,thenitislikelynot
properlyconfigured.Seeifyouvegottheproxysettingsintheapplicationrightifitsrunning
onthesamePCastheYourFreedomclient,uselocalhostor127.0.0.1astheproxy
hostaddress,and1080(SOCKS)or8080(web/http/https)astheproxyport.Ifitsrunning
onanotherPC,besureyouhaverelayingenabled(Portspanel)anditspermittedbyyour
profile17 (AccountProfilepanel),andyouveusedtheYourFreedomPCslocalLANaddress
astheproxyhostaddress.
ThencheckthemessagepanelintheYourFreedomclientdoyouseeblockedprotocol
messagesthere?YouneedtouseanotherYourFreedomserverthen,theoneyouare
usingrightnowisnotsupportingaprotocolthatyouneed.
Pleasehavealookatouronlinedocumentationifyouarehavingtrouble.Weknowitsnot
perfectandtheintroductionpageisanoutrightshamebuthavealookanyway,thereis
moreintherethanyoumightthink.https://www.yourfreedom.net/4/
Anotherplanmightbetohavealookattheuserforums.Maybesomeoneelsehadthe
sameproblembefore?Theforumscanbefoundathttps://www.yourfreedom.net/2/.
Performingaspeedtest18
AspeedtestisaveryexpresswaytoknowhowmuchtrafficperunitoftimeyourYour
Freedomconnectioncanhandle.Forthisyouneedtogenerateenoughapplicationtrafficto
saturatethelinkbetweentheYourFreedomclientandtheYourFreedomserverinboth
directions.Soeitherrunanapplicationofwhichyouknowthatitwillusethefullbandwidth,
oruseYourFreedomsbuiltintrafficgenerator.Inordertouseit,starttheclientandcreate
alocalportforwardfromsomeport(e.g.1234)toavirtualhostcalledspeedtest"onport0.
Thenopenacommandshell(inWindows,clickon"Start",choose"Run",thentypecmd").
Inthisshell,typetelnetlocalhost1234"(orwhateverportyou'veused)thespeedtestwill
16
NoapplicabletoAndroidapp
17
Atthetimeofwriting,relayingispermittedtoallusers.
18
NotavailableonAndroid
Page69of84
thenrunforoneminute,atthehighestspeedpossible.Notethatduringthespeedtest,all
speedrestrictionsstillapply.Youwon'tgetahigherbandwidthreadingthanyourprofileor
slidersettingspermit,butyoushouldseethebandwidthgouptoyourslidersettingsif
youdon't,somethingelseislimitingyourspeed.Itcouldbe(andlikelyis)thespeedofyour
Internetconnection.TryadjustingtheuplinkspeedtotheactualspeedofyourInternet
connection(e.g.manyDSLconnectionsonlyallow256Kbit/sor384Kbit/sinuplink
directionadjustthesliderslightlybelowthisvalue),thismightimproveyourthroughputin
theoppositedirection.Pleasenote:Thistrafficgeneratorfeatureismeanttobeusedfor
troubleshootingpleasedonotuseitfrequently.Thebestreasontorunaspeedtestisthat
we'veaskedyouto!
Forbesttestresults,youneedtorunmultiplespeedtestsinparallel.Anindividualstream
willlikelynotbeabletosaturateafastconnection.
Creatingadumpfile
Desktop
DependingonhowyoustartYourFreedom,therearedifferentwayshowtostartitindump
mode.TheWindowsinstallerversioncanberunindumpmodefromtheStartmenuifyou
arerunningtheclientfromthecommandline,usetheoptiondump[=outputfile]toactivate
thedumpmode.IfitisrunusingtheStartmenuorifthe"outputfile"isleftomitted,thedump
filewillbeproducedonyourdesktopexceptforUnixlikesystems,inwhichcasetheywillbe
storedinyourhomedirectory.Notethatthereisadropinperformancewhenyouactivate
thismode,andthedumpfilemaygrowprettybigovertime.
Normally,theclientdoesnotdumpanyactualpacketdataifthatsneededwellprovidea
modifiedclientonrequestthatdoes.
Donthesitatetohavealookatthefile,someofitprobablymakessensetoyou,someofit
willonlymakesensetothedevelopers.Ifyoumailusabigdump,pleasecompressit!Putit
inaZIPor7zorwhateverarchivefile,butpleaseavoidanyproprietaryfeatures(e.g.WinZIP
10sAESencryptionmode).
Ifyouarehavingconnectionproblems,ithelpsifyouruntheWizardindumpmodeaswell.
Android
OpentheconfigurationmenuthenclickGeneralSettings.Ticktheenabledumpmode
checkbox,ItisrecommendedthatyoualsotickcompressusingGZIPitwillspareyouthe
additionalstepofcompressingthedumpfilebycompressingitonthefly.Donottick
extensiveunlesswehaveaskedyouto(oryouarereallycurious).Yourdumpfilewill
appearontheSDcardinadirectorycalledYourFreedomDumps.Youllprobablyneedan
applikeESFileExplorer(highlyrecommended!)toemailittous,oraccessitby
connectingyourphoneortablettoyourPC.
Usingapacketsniffer19
Thisisbaremetaldebuggingandnotforthefainthearted.Theremaybesituationswhere
oursupportstaffasksyouifyoucanuseapacketsniffertotroubleshootconnectionor
19
HardlyapplicabletoAndroidIguess:(
Page70of84
applicationproblems.Ifyoucan,werecommendusingWireshark(availablefrom
www.wireshark.orgorwww.ethereal.orgEtherealisthehistoricalnameofWireshark).In
mostcasesyoushouldrunWiresharkonthesamePCastheYFclient,andyoushould
eithercaptureontheinterfacethatconnectstheYFclienttotheYFserveroronthe
interfacethatconnectsotherPCstotheYFclientPC,dependingonthenatureofyour
problem.Letthecapturerun,thenrecreatetheproblem,thenstopthecapture.Savethe
capturetoafileandmailittous(again,welikeitifyoucompressit).
Updatingtheclient
Itishighlyrecommendedthatyouupdateyourinstallationfromtimetotimetoensureyouve
gotthelatestbugfixesandfeatures.
UpdatingtheYFclientinstallationisveryeasyonWindowsandonAndroid:justusethe
builtinupdatefunctionalityandfollowtheindividualsteps.If,forwhateverreason,youneed
toupdatemanually,followthissimpleprocedure(Windowsonothersystemsthe
procedureissimilardownload,uninstall,install):
1. Checkonhttps://www.yourfreedom.net/index.php?id=downloadsfornewversions,
comparetheversionnumbertotheonedisplayedonthe"About"screenoftheYFclient.
2. Ifthereisanewerversionavailable,considerdownloadingit.Wesuggestyoualways
keepthedownloadedfilesofpreviousinstallationsuntilyouaresurethatthenew
versionisworkingproperlyforyousoyoucanreverttoit.Previousversionsarealso
availablefromourwebsiteincaseyouneedtorollback.
3. Onceyou'vedownloadedthenewversion,disconnect,thenexittheYFclient.
4. UninstallthecurrentversionthroughStartProgramsYourFreedomUninstallor
throughthecontrolpanelofWindows.Whileitissafetoinstallnewversionsover
previousversionsifyouensurethatyoualwaysusethesameinstallertype,wedonot
recommendit.YoursettingswillnotbelostbyuninstallingtheYFclient.
5. Installthenewversionbyrunningthedownloadedfileandfollowingthestepsonthe
screen.
Ifyoufindthatthenewversionfailstodosomethingproperlythatthepreviousversiondid,
pleaseletusknow(includebothversionnumbersifpossible,andtelluswhichinstalleryou
areusing,NSIthesmalloneorJETthelargeone).Tellustooifitfixesaprevious
problem.(Noneedtotellusyouarenowabletogetconnectedagainwhenyouweren'table
previouslywellnoticeitstatistically.:)
Page71of84
Thereleaseversionsoftheclientaregeneratedasfollows:
YYYYMMDDSerial
YYYY=Year
MM=Month
DD=Day
Serial=CountinguponthatDay.
Example:2004050702,2ndVersiononthe7thofMay2004.
OnAndroid,updatesareautomaticallyprovidedthroughGooglePlay(andwerecommend
thatyouenableautomaticupdatinginGooglePlay).Ifyouprefertouseourownbuiltin
updatingfunctionality,finditinthesettingsmenu.
Countryinformation
Countryspecificplans
YourFreedomhasspecialplanscreatedforthoseconnectingfromcertaincountriesin
whichaccesstotheInternetishighlyrestricted.Weomitthelistofthosecountrieshere.
Moreinformationcanbefoundonourwebsite.
Inthosecountries,theFreeFreedomaccounttypebehavesdifferent.Dependingonthe
countryyoureconnectingfrom,theFreeFreedomcanexhibitvariationsintheusagelimits.
Asageneralruleusagelimitsareeasedallowingforanuninterruptedconnectiontime.Also
theusual64kbpsbandwidthcangoupto512kbpsinsomecases.Theybecomeactive
oncetheuserconnectsfromtheaffectedcountry.Theusualoutcomeistheuserscanstay
connectedforaslongastheywantwithoutlimitationfromourside.
Pleasenotethatitissometimestechnicallyimpossibletodeterminewhetherornota
connectioniscomingfromacountrythatisonourlist,particularlyifyouuseDNS
connectionmode.
Serveravailabilitybycountry
Someofourserversmaynotbeavailabletousersfromallplacesatalltimes.Wemayset
upsuchlimitationstopreventserversthatarestrategicallypositionedtothoseinneedfrom
beingoverloadedbythosewhoshouldreallyuseotherservers.
Anotherreasonmightbeselfdefense,likeprotectingaserverfrombeingabusedby
Page72of84
spammers.MostoftheSPAMwehavetofightcomesfromonlyahandfulofcountrieswe
mightattimesberequiredbyourproviderstoclosethefloodgates.
Thereareserversforeveryoneneverthelessandconnectionisalwayspossibletothem,no
matterwhatcountryyouarein.Justtrytheserversonthelist.
Afewserversmaydenyconnectionfromcertaincountriesasameasureof
protectionagainstabuse.Whenausergetsdenieditsconnectionattemptbecause
ofapolicyappliedtothecountrytheyaretryingtoconnectfrom,theYFclientwill
produceanerrorsayingAUTHENTICATIONNOTVALIDFORYOURCOUNTRY
OFRESIDENCE.Tryingadifferentserverisrecommended.
Tweaks
TweaksarebasicallysetsofrulesandhardcodedbehaviorintheYFclienttomake
connectionspossibleinsomespecificnetworkconditions.Mostpeopledontneedthese
andcansafelyleavethemdisabledsoifyouareabletoconnect,donotenabletweaks.
Theirnamesareveryexplicit.Theyhavebeenaddedafterwehavelearnedhowtomake
theYFclientconnectincertainconditions(normallyverywellrepresentedincertain
countries)whennormaltechniquesdontseemtowork.Ifyou'vegotacleverwayto
configuretheYFclienttoconnecttoitsserversinsomeunusualnetworkingsituation,
pleasetellusaboutit.
Page73of84
TheYourFreedomclientconfigurationfile20
Theconfigurationfileisstoredinyour"homedirectory"andit'scalledems.cfgon
WindowsandOSXand".ems.cfg"onUnixplatforms(yes,twodots).
Ifyouwanttocopythefileoreditit,besurethattheYourFreedomclientisnotrunning!The
fileisplaintextandyoumayedititwithyourfavoritetexteditor(forexample,picoorvion
Unixsystems,ornotepadinWindows).
Where'smyhomedirectory?
WithUnixlikesystemsyouprobablyknowbecauseyouarethereallthetime.Inmostcases
thereisadirectorycalled"/homecontainingasubdirectoryforeachuser,byhisorher
usernameyoushouldfindyourhomedirectory"there.Theconfigfileems.cfgor
".ems.cfg"isinthere,youjustmightnotseeitbecauseit'sa"hidden"fileinUnix
terminology,startingwithadot.Trytoappend"a"tothe"ls"command.
WithWindowsVistaandWindows7,openanExplorerandgoto"C:\Users".Inthere,there
isadirectoryforeachuserthedirectorynameisusuallyequivalenttoyourloginname.This
directoryisyour"homedirectory",or"%HOMEPATH%"inWindowsenvironmentterms.In
thereyoushouldfindadirectorycalledAppData(ifyoudont,disablehidingofsystemfiles
asexplainedon
http://www.techrepublic.com/blog/windowonwindows/quicktiprevealhiddensystemfilesinwindowse
xplorer/2467),thenLocal,thenYourFreedom,andtheconfigfile"ems.cfg"isinthere.
InolderversionsofWindowsthehomepathislocatedinC:\DocumentsandSettings(or
equivalentinyourlanguage)again,theresadirectoryforeachusershomedirectory.
AruleofthumbtofindyourhomedirectorywouldbeexecutingcmdfromtheRun
window.
Youllfindyourselfinfrontofablackterminalwithablinkingcursor.Thetextattheleftisthe
pathforyourhomedirectory.
C:\Users\myusername>_
Configurationoptions
20
ThereisnoconfigfileonAndroid.
Page74of84
Note!Someoftheoptionsbelowaremarkedashidden,whichmeansthattheyarenot
accessiblethoughtheConfigurationwindowbutonlythroughatexteditor.Theseoptions
areforthosewhoknowexactlywhattheyaredoing(oratleastthinktheydo).Please
consultoursupportstafffirstifyouareunsure.
Alloptionsarecasesensitive,besuretouselowercase!Thereareoptionsthatcanonly
appearonceintheconfigfile(type:single),otherscanappearmorethanonce(type:multi).
Optionsthattakeonlyasinglevaluewilltreateverythingaftertheleadingwhitespaceaspart
ofthevalue,includingwhitespace,sowatchoutanddontputwhitespaceattheendofthe
lineifyoudontwantto.Youmayusecommentsaswell(theystartwitha#inthefirst
column)buttheywillbegonenexttimetheclientsavestheconfig.
Nowherecomesthealphabeticallistenjoy!
Option Description Type Arguments
aes Enableordisablestrong boolean true(default)or

(AES)encryption optional false
autoscroll_messages Scrollmessagewindow boolean trueorfalse(default)
automaticallywhennew optional
messagesappear
avoid_dns UsetheserversIPaddress,not boolean trueorfalse(default)

thehostname(ifknown) optional
bandwidth_unit Displayunitforbandwidths integer "bit/s"(default)or

optional "Bytes/s"(EXACTLY!)
barf Crashreports multiple Containsbase64
base64 encodedcrashreports
fyi notyetsenttous.
Thesereportsdonot
containanypersonal
data.
bw_downlink Desireddownlink(serverto integer Bitspersecond.0means
client)bandwidthinbitsper optional unlimited.
second(slidersetting)
bw_uplink Desireduplink(clientto integer Bitspersecond.0means

server)bandwidthinbitsper optional unlimited.
second(slidersetting)
cgi_downlink_connec Downlinkconnectiontimeout integer Defaultsto

t_timeout inCGImode,inmilliseconds hidden connect_timeout
cgi_downlink_reconn Downlinkreconnectiondelay integer Default500ms
ect_delay inCGImode,inmilliseconds hidden
cgi_uplink_maxdelay Maximumdelaybeforequeued integer Afterthistime,thequeue
isflushednomatterhow
Page75of84
framestriggeraconnection hidden muchdataistobesent(if

any).Defaultto500ms
cgi_uplink_mindelay Minimumdelaybeforeanew integer Theminimumdelay

connectionistriggered hidden betweentwoqueue
flushes
(POSTs).Defaultto1ms.
cgi_uplink_threshold Numberofqueuedframes single 0todisable,orany

thatcausemindelaytobe hidden (low)number.Defaults
usedinsteadofmaydelay to3
cgi_uplink_urgentdelay Maximumdelayforurgentdata. integer Themaximumdelayif
hidden urgentdataisinthe
queue(e.g.smallframe
belongingtoastreamthat
hasnotsentdatafora
whileinteractivity!).
Defaultsto20ms.
connect_on_startup Fireupconnectionwhenclient boolean trueorfalse(default)

isstarted optional
connect_timeout Generalconnectiontimeout, integer Defaultsto10000ms.

inmilliseconds hidden
debuglevel TurnondebuggingontheJava integer Thelower,themore
console(notthemessage hidden verbose.Defaultis999.It
panel!) probablydoesntdomuch
anymorethesedays.
dns_domain DomaintouseinDNSmode string Youshouldnot

optional manuallyconfigurethis
option,usetheconfig
panelinstead.
dns_max_tx_interval Maximumdelaybetween integer Default1000ms.
sendingtwoqueriesinDNS optional
mode,inmilliseconds
dns_min_tx_interval Minimumdelaybetween integer Default:1/500of
sendingtwoqueriesinDNS optional dns_max_tx_interval.
mode,inmilliseconds
dns_no_direct_conne Avoiddirectlysending boolean trueorfalse
ction queriestotheYFserverin optional (default)
DNSmode,forcetheuseof
aconfigurednameserver
dns_rep_interval Repeatunrepliedqueriesin integer 5times
DNSmodeafterthismany optional dns_max_tx_interval
milliseconds
dns_tx_adaption_fact AdaptionspeedinDNS float Between1.1and5.0,
Page76of84
or mode optional default1.5.Higher

valuesaremore
aggressive.
dont_show_popups Avoidpoppingupnotification boolean trueorfalse(default).
windowsonthescreen optional
echo_max_tx_interval Maximumintervalbetween integer Default1000ms

twoICMPECHOrequestsin optional
ECHOmode
echo_min_tx_interval Minimumintervalbetween integer Default1/200of
twoICMPECHOrequestsin optional echo_max_tx_interval
ECHOmode
echo_tx_adaption_fac AdaptionspeedinECHO float Between1.1and5.0,
tor mode optional default1.5.Higher
valuesaremore
aggressive
echo_max_payload_s Maximumpayloadsizein integer Default1464(the
ize ECHOmode optional maximumvalue)
encryption Turnonconnectionencryption boolean trueorfalse(default).
optional Notethatthewizardturns
thisonforyou.You
shouldonlyturn
encryptionofffor
debugging!
file_extip WriteserversexternalIPtoa string Thisallowsyoutousethe

filewhenconnecting optional serversexternalIPin
scripts
flatten_bursts Slowdownframe boolean trueorfalse

transmissioninbursty optional (default).Setifyou
periodstoobtainasmoother noticeconnection
trafficpattern hangsonbursts.
follow_server_recommen Allowtheclienttofollowthe boolean trueorfalse(default).
dations serversrecommendationsto optional DEPRECATED.
useanotherserver
fool_pix Tryahackthatcanfoolold boolean trueorfalse(default).

PixOSversionsintobypassing hidden Onlyturnonifyouknow
WebSense thatyourconnectionis
passingthroughanold
PIXfirewallusing
WebSenseandyou
cannotconnectitmay
workwiththissetto
true.
found_servers Base64encodedrecordsof multiple Dontmesswithit

Page77of84
serversfoundinlastserver base64 unlessyouknowwhat

search optional youaredoing.
ftp_mode Dataconnectionsetupstyle string both(default),
touseinFTPmode. optional normalorpassive.
normalwillcausethe
YFservertoinitiatethe
dataconnection(thisis
whatFTPnormally
does),bothwilluse
whateverworks
ftpproxy UseanontransparentFTP string PutintheFTPproxys
proxywiththeFTPconnection optional hostnameorIPaddress.
protocol Removeifyoudontneed
one(verylikely).
ftpproxyport UseanontransparentFTP integer PutintheFTPproxys

proxywiththeFTPconnection optional controlport(normally21).
protocol Removeifyoudontneed
anFTPproxy(very
likely)..
header Additionalheaderswhen multiple Ifyouneedadditional

sendingrequeststotheweb string headersorwishto
proxy optional overridethingslike
UserAgent,doithere.
Forexample:headers
UserAgent:
NoneOfYourBusiness1.0
hide_tray_icon OnWindows,donotdisplay boolean trueorfalse

atrayicon optional (default)
http_flush CloseandreopentheHTTP integer Timeinmilliseconds.If
uplinkconnectionatintervals optional youneedthis,usethe
CGIconnectionprotocol
instead.Thisisoutdated.
http_postfix InHTTPmode,appendthis string Canbeusedtocraft

aftera?totheURL hidden specialURLs
https_ssl WrapconnectioninHTTPS boolean Helpswithpickyfilters
modeinSSL(TLS). optional thatperformprotocol
detection
idle_kill Killconnectionwhenidleforthis integer Thisisobsoleteand
manymilliseconds optional doesntworkasexpected
anymore,dontuseit.
initial_post_size WhendoingaHTTPPOST,use integer Defaultis10000000or10

thisinitialsize hidden Megabytes.Theclient
decreasesthisbyafactor
0.8untilthewebproxy
Page78of84
acceptsitorthevalue
fallsbelow
minimum_post_size.If
youknowyourproxys
limitsputitinhere,it
savesconnectiontime.
keepalive_interval Sendakeepaliveframe integer Defaultis20000ms.

everythismanymilliseconds optional Connectionfault
detectionis2.5times.
level_messages Onlyshowmessagesabovethis integer 0isdebug,7is
levelinMessagespanel optional emergency.Defaultis1
informational.
locale Yourpreferredlocalelanguage string Defaultstoen.Onlya

(ISO2letters,lowercase, optional fewlanguagesare
optionallyfollowedbyan supported,seethe
underscoreandanISO2letters Configurationdialog.
countrycodeinuppercase)
location_x CoordinatesoftheYour integer 0istopleftcorner,higher

Freedomwindowonthescreen optional valuesarefurtherright
location_y CoordinatesoftheYour integer 0istopleftcorner,higher

Freedomwindowonthescreen optional valuesarefurtherdown
minimum_post_size MinimumHTTPPOSTsize integer Defaultis20000or

hidden 20Kilobytes.Onlylowerif
youknowthatyourproxy
willrefusePOSTsabove
20kandyoureallyhaveto.
min_buffersize Minimumbuffersizefor integer Defaultsto1500.Tryto

streams. optional increasethisifyou
wanttoachieve
individualstream
bandwidthsofmore
thanseveralmegabits
persecond.Maximum
is8192.
openvpn OpenVPNport integer Defaultis1194,only
optional changeifyouneedthis
portforsomethingelse.
openvpn_exclude IPsandnetworkstobeexcluded multiple ForeveryIPornetwork

fromroutingthroughthe string (IPaddress,anoptional
OpenVPNtunnel optional spaceandnetmask)that
shouldnotberouted
throughtheOpenVPN
tunnel,addalinetothe
config.
openvpn_nat_interfac Listofinterfacesthatyou multiple Usefulonlyon

Page79of84
e wanttoreroutetothe string Windows.Letsyou

OpenVPNconnectionusing optional connectyourPlay
NetworkAddressTranslation StationorXBoxor
otherPCstoasecond
LANinterfaceanduse
theYFOpenVPN
connection.
openvpn_option AdditionalOpenVPNoptions multiple Passtheseadditional
string optionsasiftheywere
hidden linesintheOpenVPN
configfile.
openvpn_path Configurefullpathof string Usethisifthe
OpenVPNexecutable optional OpenVPNexecutable
isnotinyour
executablepath
openvpn_tap_sleep Settapsleepoptionin integer Defaultis2seconds.
OpenVPNtothisvalue optional Relevantonlyon
Windows.
openvpn_route_delay Setroutedelayoptionin integer Defaultis2seconds
OpenVPNtothisvalue hidden (secondparameteris
always30).Relevant
onlyonWindows.
openvpn_route_meth ConfigureOpenVPNroute string Defaultisexe.See
od method hidden OpenVPN
documentationfor
moreoptions.Relevant
onlyonWindows.
openvpn_ip_method ConfigureOpenVPN string Defaultisdynamic.
ipwin32method hidden SeeOpenVPN
documentationfor
moreoptions.Relevant
onlyonWindows.
openvpn_tmp Temporarydirectorytobe string Defaultisyourhome
usedforOpenVPNconfig hidden folder,ora
filesandcertificates subdirectorybelowit.
Configureanabsolute
pathhere.
openvpn_udp MakeOpenVPNtunnel boolean UseUDPinsteadof
throughUDPforwarding optional TCPforwardingforthe
insteadofTCPforwardingin OpenVPNtunnel
YF connectioniftrue.
password YourYourFreedompassword string yourYourFreedom
Page80of84
required password,oran
obfuscatedformofit
portaccept Forwardsaserverporttoalocal multiple serverport

port string localhost
optional localport
portforward Forwardsalocalporttoa multiple localport

remoteport string remotehost
optional remoteport
post_avg_uplink_dur POSTmodeaverageuplink integer InPOSTmode,how

duration,inmilliseconds optional longshoundanuplink
transfertakeon
average(in
milliseconds)?
Influencesthe
maximumPOST
length.Defaultis500
ms.
post_err_holdoff POSTmodeerrorholdoff integer InPOSTmode,wait
time,inmilliseconds optional thismanymilliseconds
inanerrorcondition
beforetryingagain.
post_max_connectio Maximumnumberof integer Somepeoplemight
ns concurrentconnectionsin optional havetolowerthisto
POSTmode. one.Itissafetouse
biggernumbersbutat
somepointitwillonly
increaseoverhead.
Default(2)isgoodfor
mostpeople.
post_min_holdoff Timetowaitbeforenew integer Defaultsto5000.
connectionismade. optional
(milliseconds)
post_min_post_size MinimumsizeofaPOST integer Neverlowerthe

request. optional maximumPOSTsize
belowthislimit.Itcould
starvetheuplinkpath.
(Default:3000)
post_min_queue Miminumqueuesizeforfast integer Numberofqueued
transmissioninPOSTmode. optional framesthattriggera
newconnectionafter
onlyminimumholdoff
time(default:3)
post_typ_holdoff TypicalholdofftimeinPOST integer Waitthislongformore
mode,inmilliseconds optional framesbefore
Page81of84
triggeringaconnection
(default:500ms)
protocol Theconnectionprotocoltouse string Oneof:http,https,
required cgi,post,ftp,udp,
dns,echo.
proxy Theproxyport integer MakeyourPCaweb

optional proxybysupplyingthe
portnumber.Setto0or
removetoturnoff.Default
is8080.
proxyauth Forceaparticular string Oneofanyorenone

authenticationmethodon optional (default),basicor
webproxy. none,NTLMornone,
Digestornone.
Defaultistouse
whateverisofferedby
theproxyandprefer
moresecuremethods
overlesssecure
methods.
proxydomain Yourdomainforwebproxy string AWindowsdomainname,
authentication,ifneeded(NTLM optional ifyouneedoneto
proxiesonly) authenticateonyourweb
proxy.
proxyhost ThewebproxyhostnameorIP string AhostnameorIP

throughwhichtotunnelwhen optional address.Leaveemptyor
usinghttp,httpsorcgi removeifyoudontneed
touseaproxy.
proxypass Yourpasswordtoauthenticate string Apassword,if

onthewebproxy optional authenticationisneeded.
proxyport Thewebproxysport. integer Aportnumber.Setto0or

optional removeifyoudontneed
touseawebproxy.
proxytype Usenonstandardproxytype string WhenusingTCP

forTCPbasedconnection optional basedconnection
modes(HTTPS,HTTP, modesandaweb
POST,CGI) proxyisconfigured,
assumeitisofthis
type.Canbe
HTTP/HTTPS
(default),SOCKSv4
orSOCKSv5.
proxyuser Yourusernametoauthenticate string Ausername,if
onthewebproxy optional authenticationisneeded.
Page82of84
rcport remotecontrolport integer UseaparticularTCP

hidden portforsingularization
(i.e.ensuringthatYFis
runningonlyonce).
Defaultis62799,
boundto
127.253.19.87.
reconnect_after_shut Ifservershutsdown,tryto boolean true(default)or
down reconnectautomaticallyafter optional false
awhile
reconnect_delay Ifareconnectisrequired, integer Defaultis5000
waitthismanymilliseconds optional milliseconds.
beforeanattempt
redirect_dns Dontresolvehostnameslocally boolean trueorfalse(default).
whenusingSOCKS optional Usethisifyourlocal
nameservercannot
resolveInternetnames(or
youdontwantitto)
rekey Changeencryptionkey boolean trueorfalse(default).

frequently optional Thewizardwillsetthisto
true,andtheres
normallynoreasonwhy
youwouldwanttosetitto
falseunlessyoususpect
thattheresabuginour
keynegotiationcodeand
youloseconnection.We
highlyrecommendthat
yousetthisvalueto
true.
relay AllowotherstoshareyourYF boolean Settotrueorfalse(or

session optional remove).Notethatthis
onlyworksifyourprofile
permitsitaswell.
rtt_interval Measureroundtriptime integer 0toturnoff(i.e.only

everythismanymilliseconds optional measureonceafter10
seconds)
server_connection_pr Settunnelprotocol integer 0:whateverworks
otocol preference(influencesDNS optional 4:IPv4only
nameresolutiononly) 6:IPv6only
46:preferIPv4
64:preferIPv6
server_criterion Definecriteriabywhichto multiple nameofcriterion
automaticallyselectservers string numberbetween0
(refused)and10
Page83of84
optional (required),defaultis5
(dontcare)
sipforward MirroraremoteSIPgateway multiple localport

string SIPgatewayaddr
optional SIPgatewayport
sip_fixup_audiostrea FixdestinationIPaddressin boolean TrythisifSIP

m UDPstreamforSIPaudio optional audiostreamsare
unidirectionalonly
socks TheSOCKSport integer MakeyourPCaSOCKS
optional proxybysupplyingthe
portnumber.Removeor
setto0toturnSOCKS
off.
sslproto Ifhttps_sslisconfigured, string any(default),SSLv2

defineSSL/TLSprotocol optional orTLSv1
versiontouse
start_minimized Startinsystemtray(Windows single trueorfalse(the
only) optional default)
stopafter_found Whensearchingforservers, integer 0totryuntilnomore

stopsearchafterthismany optional potentialwaysare
servershavebeenfound. known
stopafter_tried Whensearchingforservers, integer 0totryuntilnomore
stopafterthismanyattempts optional potentialwaysare
havebeenmade. known
tunnelhost TheYourFreedomservertouse string Ahostname,anIP
required address,multipleIP
addressesseparatedby
semicolon,oraCGIrelay
URL.InDNSmode,DNS
servers(separatedby
comma)canbeappended
withsemicolontoahost
name(notanIP).In
HTTP/POSTmode,can
containahostnameand
anURI.
tunnelport TheYourFreedomserverport integer Aportnumber

required
tweaks Usethistweakset string Nameoftweaksetting

optional (useconfigwindow,
dontsetmanually),or
removefornone
udp_newsrcportevery UseanewUDPsourceport integer Valuemaybeaslow
(UDP/DNSmode)everythis as1butthiswillimpact
Page84of84
manypackets optional performance.Usewith

care.Defaultis0(no
change)
udp_newsrcporttime UseanewUDPsourceport integer Portchangesifthis
(UDP/DNSmode)everythis optional manymilliseconds
manymilliseconds havepassedsincethe
lastchange.Defaultis
0(dontchangebased
ontime)
udp_srcport UseaparticularUDPsource integer 0orremovetousean
port(UDP/DNSmode) optional ephemeralport
use_http11 UseHTTP/1.1insteadof boolean Ifyourproxyisacting
HTTP/1.0inrequests optional stupid,tryifthisfixesthe
problem.Caneitherbe
trueorfalse(default)
useragent Sendthisuseragent string Usedtofakea

headerinrequests optional particularbrowser.
YourYFusername stringrequired YourYour
Freedom
username
vm_code Vouchercodeinformation multiple Informationabout

string knownvouchercodes
optional
vpn UsenewstyleVPNmode boolean Experimental,notyet
hidden effective
webproxy Portfornewstylewebproxy integer Experimental:use
implementation hidden newstylewebproxy
implementationforyour
applications

UserGuide3 0EN PDF

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

UserGuide3 0EN PDF

Încărcat de

Drepturi de autor:

Formate disponibile

YourFreedomUserGuide

Free Basic Enhanced Total

Concurrent Streams 15 50 100 200

Connection time 6 hours unlimited unlimited unlimited

Server Ports (5)

1 month package Free 4.00 10.00 19.99

3 month package Free 10.00 28.00 57.99

6 month package Free 17.00 50.00 109.99

12 month package Free 30.00 95.00 199.99

Option Description Type Arguments

aes Enableordisablestrong boolean true(default)or

avoid_dns UsetheserversIPaddress,not boolean trueorfalse(default)

bandwidth_unit Displayunitforbandwidths integer "bit/s"(default)or

bw_uplink Desireduplink(clientto integer Bitspersecond.0means

cgi_downlink_connec Downlinkconnectiontimeout integer Defaultsto

framestriggeraconnection hidden muchdataistobesent(if

cgi_uplink_mindelay Minimumdelaybeforeanew integer Theminimumdelay

cgi_uplink_threshold Numberofqueuedframes single 0todisable,orany

connect_on_startup Fireupconnectionwhenclient boolean trueorfalse(default)

connect_timeout Generalconnectiontimeout, integer Defaultsto10000ms.

dns_domain DomaintouseinDNSmode string Youshouldnot

or mode optional default1.5.Higher

echo_max_tx_interval Maximumintervalbetween integer Default1000ms

file_extip WriteserversexternalIPtoa string Thisallowsyoutousethe

flatten_bursts Slowdownframe boolean trueorfalse

fool_pix Tryahackthatcanfoolold boolean trueorfalse(default).

found_servers Base64encodedrecordsof multiple Dontmesswithit

serversfoundinlastserver base64 unlessyouknowwhat

ftpproxyport UseanontransparentFTP integer PutintheFTPproxys

header Additionalheaderswhen multiple Ifyouneedadditional

hide_tray_icon OnWindows,donotdisplay boolean trueorfalse

http_postfix InHTTPmode,appendthis string Canbeusedtocraft

initial_post_size WhendoingaHTTPPOST,use integer Defaultis10000000or10

keepalive_interval Sendakeepaliveframe integer Defaultis20000ms.

locale Yourpreferredlocalelanguage string Defaultstoen.Onlya

location_x CoordinatesoftheYour integer 0istopleftcorner,higher

location_y CoordinatesoftheYour integer 0istopleftcorner,higher

minimum_post_size MinimumHTTPPOSTsize integer Defaultis20000or

min_buffersize Minimumbuffersizefor integer Defaultsto1500.Tryto

openvpn_exclude IPsandnetworkstobeexcluded multiple ForeveryIPornetwork

openvpn_nat_interfac Listofinterfacesthatyou multiple Usefulonlyon

e wanttoreroutetothe string Windows.Letsyou

portaccept Forwardsaserverporttoalocal multiple serverport

portforward Forwardsalocalporttoa multiple localport

post_avg_uplink_dur POSTmodeaverageuplink integer InPOSTmode,how

post_min_post_size MinimumsizeofaPOST integer Neverlowerthe

proxy Theproxyport integer MakeyourPCaweb

proxyauth Forceaparticular string Oneofanyorenone

proxyhost ThewebproxyhostnameorIP string AhostnameorIP

proxypass Yourpasswordtoauthenticate string Apassword,if

proxyport Thewebproxysport. integer Aportnumber.Setto0or

proxytype Usenonstandardproxytype string WhenusingTCP

rcport remotecontrolport integer UseaparticularTCP

rekey Changeencryptionkey boolean trueorfalse(default).

relay AllowotherstoshareyourYF boolean Settotrueorfalse(or

rtt_interval Measureroundtriptime integer 0toturnoff(i.e.only

sipforward MirroraremoteSIPgateway multiple localport

sip_fixup_audiostrea FixdestinationIPaddressin boolean TrythisifSIP

sslproto Ifhttps_sslisconfigured, string any(default),SSLv2

stopafter_found Whensearchingforservers, integer 0totryuntilnomore

tunnelport TheYourFreedomserverport integer Aportnumber

tweaks Usethistweakset string Nameoftweaksetting

manypackets optional performance.Usewith