Home

psiphon user guide.indd

1. p Perfeemence Public Port psiphonites connect to this port a x hps gi 192 168 0 102 TCP 32293 32293 aways 9 Schedule Set this to always or select a duration that the port will be opened Below is a list of all Virtual Servers running on your router Your router will now forward all outside psiphonite requests to your psiphonode Appendix B A High Risk Users General Disclaimer Although we have tried to make psiphon as secure as possible there are steps you can take to increase your security For those high risk users i e dissidents writers at risk etc make sure you consult the resource section of this guide and follow these recommendations BOTH psiphonode pN and psiphonite pl 1 Ensure secure communications use a secure channel of communication eg encrypted email when sending connection information 2 Ensure SSL security identify and verify your psiphon certificate see appendix C p 12 for instructions 3 Node liability issues Under certain legal circumstances a psiphonode may be obliged to divulge certain information about its psiphonite it is the psiphonode s responsibility to understand the legal framework in their country to plan for any such occurrences and to inform their psiphonites of any risks they might incur psiphonode pN 1 Ensure node stability make sure your computer is virus spyware free and your OS security patches ar
2. the Citizen Lab University of Toronto Munk Centre for International Studies V AS O Q U 5 Things you should know What is a psiphonode pN A psiphonode is a proxy server and censorship circumvention provider that is located in an uncensored country What is a psiphonite pl A psiphonite is a psiphon user living in a censored country The psiphonite connects to a psiphonode set up by someone they know and trust to access information freely What is an IP address An IP identifies a specific computer or other network device on a network It is analagous to a street address or a phone number What is an Internal IP An Internal IP is assigned to your computer if it is running from within a Local Area Network LAN This IP is not directly accessible from the Internet What is an External IP An external IP address is the unique identifier assigned to you by your Internet Service Provider ISP There are two types of external IP address static and dynamic Static is fixed and therefore never changes Dynamic changes every time you connect to the Internet What is a Port A port is a special number present in the header of a data packet used to map data to a particular process running on a computer Different processes run on different standard ports assigned by the Internet Assigned Numbers Authority IANA The default port for psiphon is 443 because of the https protocol However this can be cust
3. click West To install to 8 different folder enter it below or click C Program Files CitizenLab psiphon Cancel i Next gt Cancel The installer will save psiphon in a default location or the location of your choice You are ready to run psiphon Before proceeding understand the security environment in which your psiphonite lives As a psiphonode you have the ability to monitor the URLs accessed by your psishonites while they rely on your trust not to release their browsing information for their security See Appendix B High Risk Users on p 10 for details Please proceed Start psiphon Find the psiphon icon on your desktop and double click on it At this point you may encounter a firewall pop up window Choose unblock if you wish to proceed Now psiphon will help you configure your server Give your server a name This name is a part of the URL identifier that your psiphon v1 4 OFF psiphonites will use to connect to your machine so give psiphon a name that your psiphonites will a recognize as unique to you 3 f Please name your psiphon a Z 0 9 Name ggjohnnygg Then psiphon will attempt to determine your external IP address This is the final piece of the URL identifier that is needed in order for your private psiphonites to find your psiphon server Next psiphon will check if port 443 is available If psiphon cannot
4. psiphonite requests to the machine that is actually running psiphon http www dlink com products pid 6 There are hundreds of home routers manufactured by many companies and each router has a unique configuration screen There is a thorough resource outlining the configuration requirements for all Known routers at the following link http psiphon civisec org router config This guide will walk you through the configuration of a D Link DI 624 router as an example Please proceed Appendix A cont d login page errors Configuring a D Link DI 624 wireless router to run with psiphon The psiphonode is running on a sub net defined by the LAN IP mask In this example it is 192 168 0 This subnet accesses the Internet through the external IP internet address of your home router In this example identified as 172 102 45 230 When psiphon starts up it detects the psiphonode external IP address that is running and is the location of the psiphonode as seen by psiphonite users The psiphon server is running on a machine with an Internal IP address of 192 168 0 102 and psiphon is running on port 443 All home routers whether wireless or cable have a configuration and administration control panel The router is at 192 168 0 1 and it requires a username and password to login If you do not know the username and password for the router you will not be able to enable port forwarding on the router Werning Ths
5. access the default port 443 a new port will be automatically assigned You can also manually set psiphon to use a port number of your choice Click on the Test button to verify that psiphon can use the port that you have selected W psiphon v1 4 OFF Link if A n Now you can start psiphon Users Log User ID Username E Mail Full Name Date Click on the start button psiphon will attempt start up the server running through all of the tests that are required in order for your server to function If all tests are passed the server will start and the top window will display as ON Users Log User iD Username E Mail Full Hame bate Once your server is ON then you can test that your psiphon server can be seen by outside users by clicking on the blue test link at the top of the psiphon control panel Please proceed Test psiphon The URL what appears when you click on the blue test link is made up of the following components https https 84 202 55 330 443 jane4freedom This indicates that a secure and encrypted SSL connection will be used between the psiphonite and your psiphonode 74 102 45 230 ee https 84 202 55 330 443 jane4freedom This is the external IP address that your psiphonites will need in order to connect to you oo So ee 443 https 84 202 55 3 L ane4freedom This is the port that your psiphonode is listening to in o
6. if using a Firefox Browser LAS U cee Fe deiis f meem merei eei ee be pie 1 Click examine certificate ep N Choose accept this certificate temporarily for this session 2 Examine the fingerprint Note in other browsers the fingerprint may be referred to as a footprint Legh aain e Be p eee a p T kp i Ga G W raiar a an maia _ ee deile A meem meei ei ee m nh dey rie heim ngas Se on gt mar breme ie mi oe re Fe ade dhari e Ber eud Me iee ee de ort vere Ss nr ees els eee oe penis dis a a Bme mii Eor iei mie mbd F ie m iea 3 Accept or decline the certificate If the footprint matches that sent to you by your pN accept it If not click do not access Appendix D Additional Resources Note Those interested in exploring the topics raised in this guide further may want to consult at their own discretion some of the following resources PSIPHON FORUM We encourage you to visit and register on the psiphon forum as many questions are answered at this user supported resource http psiphon civisec org forum index php OTHER RESOURCES An article describing psiphon installation and configuration http nubility net 2007 psiphon part ii setting up psiphon A video tutorial that describes psiphon and its installation process http www youtube com watch v sSIHPxTU2UE Hacktivismo An international group of hackers human rights workers lawyers and artis
7. e up to date 2 Disguise your psiphonode If your organization is well known for politically contested beliefs and actions do not host your psiphonode on the same IP as your web site domain Adversaries may infer an association between the two 3 Verify software validity make sure that you download psiphon only from http psiphon ca download php psiphonite pl 1 Use psiphon strategically Do not use psiphon as your regular internet browser for an extended period of time Limit your use of psiphon to circumventing filtered sites 2 Eliminate usage identification Thoroughly erase your cache and browser history after ending your psiphon session using a known file destruction software such as ccleaner http www ccleaner com Appendix C psiphon certificate The psiphon certificate warning As a matter of standard practice high risk users should make sure to verify the SSL certificate fingerprint being exchanged is authentic The following section provides instructions for a Firefox browser Other browsers have slightly different fingerprint authentication methods but follow the same general principles For pN Step 1 Locate your SSL certificate fingerprint by clicking on the certificate tab Step 2 Copy and Paste the fingerprint from the field marked Sha1 Fingerprint Step 3 Send the fingerprint by any secure means e g encrypted email to your pl For pl
8. ept ths certificate and do not connect bo this Web site Cx Jiou Unable to access login page If you cannot get to the login page by clicking on the blue link that means that your psiphonode is NOT available to anyone including yourself Please refer to Appendix A pp 8 9 to get more information on how to get your psiphonode up and running Login to psiphon Click on the blue link to get to the login page j Priphon Lagin Mozilla Firefox fe Edt Wew Go fodmais Took Hep gt S man O c ia Getting Started T Latest Headines ee ligin Cookies mast be enabled User rare If login is successful F you suspect the ene eaaa aug please proceed Pesma i Dkk here to change your pasri Cerificate shown does mot Delong to Engish Frangais Poca Maso A Add psiphonites Create user accounts for your psiphonites Click on the add button on the psiphon control panel Fill in the user details for your psiphonite After doing this they will be able to access your psiphonode By any secure means send your psiphonite the following connection information Connection information https 84 202 55 330 443 jane4freedom 1 psiphonode url 2 Username and Password Establish your rules of service e g your psiphonode s schedule and whether or not you plan to monitor their browsing and remind them that the URLs they visit are displayed on your ps
9. ion is not yet available please check back periodically to our website http psiphon civisec org for updates l m on a LAN psiphon may not be accessible to people outside of your network depending on its configuration Check with your network administrator I m using a router A Configuration of your router is required Please refer to Appendix A pp 8 9 E o for router configuration instructions a d I have a firewall Configuration of your router may be required Please refer to Appendix A pp 8 9 You re ready to start Get psiphon go here http psiphon ca download php Read and accept licence agreement in order to proceed If you are on windows Click on psiphon 1 5 Win32 installer and download psiphon installation file on your desktop If you are on Linux You will need to download source here http psiphon civisec org source html and build psiphon yourself using the provided instructions Install psiphon This and further instructions are for WINDOWS ONLY Find psiphon installation file on your desktop and run the installation i psiphon Setup x 1 amp psiphon Setup Select Installation Folder This is the folder whare pephon wil be mstalled Welcome to psiphon Setup Wizard The Setup Wizard will install psiphon on your computer Click Next to continue or Cancel to ext the Setup Wizard To install in this folder
10. iphonode That s it 5 O Add more psiphonite users to your psiphonode so that you can help your friends and family members that live in censored countries Appendix A login page errors If you experience a server timeout error message when clicking on the blue test link the following information will help you get your psiphonode up and running The server timeout looks like this The error may be occurring for a number of reasons Following are the 2 main reasons and the steps to rectifying the error 1 Your server is behind a firewall There are 2 types of firewalls SERVER PROGRAM software blocks incoming connections to your computer hOn ana le UYING 19 PEt AE ERIVER The user decides which to allow Peed en eee a hardware A device in between your computer and the SowcelP CAOOHTTPS internet not common in home computers More Information Available This pogam har pevioushy asked for Inbemnet access SmarDefense Advisor You will need to enable the port that the firewall is blocking Find out hove 2 You need to configure your router for port forwarding psiphon is designed to run from your home computer Often home computers run on a sub network or LAN that runs behind a router administered by someone in the home In these cases the psiphon server must be connected to the Internet via the home router which in turn must be configured to open a port and route all
11. omized What is a Router A router acts as a junction between two or more networks to transfer data packets What is a Firewall A firewall blocks packets or ports based on rules determined by the computer user These rules can range from very general to very specific What is a Server A server is a host computer on a network that handles requests for data email file transfers and other network services from other computers ie clients In the context of psiphon the psiphonode is the server What is a Proxy Server A proxy server acts as an intermediary between a user and the Internet It can be used to ensure security admistrative control and censorship circumvention among other things A psiphonode is therefore a proxy server What is an SSL certificate An SSL certificate is exchanged between a client and a server to authenticate an encrypted communication channel Is psiphon for you want to give access to blocked web content to my friends psiphon is for you please proceed want to access blocked web content X You do not need to install psiphon You need to find someone who is in an uncensored country and ask them to install psiphon and give access to it Think of whom you might know and trust in an uncensored country who would be able to help you Pm on windows psiphon is for you please proceed Pm on linux psiphon is for you please proceed lm on mac X mac vers
12. rder to accept connections to your IP address e ES Eoo jane4freedom This is the name of your psiphonode Note that this is just a sample name We recommend that you determine your own unique name that your psiphonites will understand https 84 202 55 330 44 ATEI If your psiphon server is running correctly the psiphon certificate page will display in your browser Website Certified by an Unknown Authority Accept the psiphon certificate jp Urabe vey the dent ol somenane someuhere com as a sted ste If your server is configured correctly you will Porsble ressons for this error Your browser does not recognise the Certificate Authority that saved the site s certificate see the certificate warning which means that The ste s certfate 5 incomplete due to a server misconiguration YOu Bre connected bo a She pretending to be somenametomewhere com pakib to obtain your psiphonode is accepting connections to your confdental information your machine Please notify the site s webmaster about this prodblem Belore accepting ths certificate you should examine the sfe s certificate carefuby Are you wing fo bo accept this certificate for the purpose of denthying the Web site SOMenaMne sonenhene com For more information on the psiphon certificate warning see the Appendix B p 11 Examine Certficate Accept this cerhficate permanenti a Accept this certiicate temporarty for thes session 5 Do not acc
13. server is requesting that you username and pesmord be sent n an msecure manner Desc Aradia United Arad Emirates Vietnam and others We re aming at gang people access to stes ike Villopedia a free Uter martaned onine encyclopeda and other r cemabon and news sources Michaeli Hull owphon s lead enaneer told CBC News Onine Find your router virtual Server tab The location will vary depending on the brand of router but in this example it can be found in the advanced tab DI 624 Windows Internet Explorer AirPius MraeveCS High Speed 2 4GHz Wireless Router Name this port forward connection This is a name of your choice K J Virtual Server is used to allow Intemet users access to LAN services Enabled Disabled Name https Ctear Prate IP 192 168 0 102 Protocol Type Private Port 443 Public Port 443 Schedule Always time 01 00 AM to 01 00 v From IAM Identify the Private IP This is the IP address of the machine that is running from within the home LAN Protocol Type Set this to TCP Private Port psiphon listens on this port ME e TCP Trews day Sun tj Sun O 00 Virtual Servers List Apply Cancel Heip Name Private IP Protocol Schedule Remote Desktop 192 168 0 101 TCP 3389 3389 aways j hitp 192 168 0 102 TCP 444 444 aways j
14. ts that evolved out of The Cult of the Dead Cow cDc http www hacktivismo com Tactical Technology Collective A non profit foundation promoting the use of free and open source software for non governmental organizations and producers of the Security NGO in A Box http security ngoinabox org http www tacticaltech org Reporters Without Borders Handbook for Cyber Dissidents and Bloggers http www rsf org rubrique php3 id_rubrique 542 Digital Security and Privacy for Human Rights Defenders by Dmitri Vitaliev Published by Front Line The International Foundation for the Protection of Human Rights Defenders http www frontlinedefenders org http www frontlinedefenders org manuals en esecman html Tor An anonymous internet communication system http tor eff org Torpark A secure browser built on Firefox Deer Park using the Tor network http www torrify com Scatterchat A secure instant messaging client http www scatterchat com PGP GPG Encryption software http www pgpi org http www gnupg org Thunderbird GPP An email client with built in GPG encryption http www portableapps com Ultrasurf Secure Internet surfing http www ultrareach com Freegate Encrypted Internet access http www download com 3000 20 10415391 html Peacefire A censorship circumvention tool http www peacefire org

psiphon user guide.indd

Contents

Download Pdf Manuals

Related Search

Related Contents