psiphon user guide.indd
Contents
1. sjane4freedom This is the name of your psiphonode Note that this is just a sample name We recommend that you determine your own unique name that your psiphonites will understand If your psiphon server is running correctly the psiphon certificate page will display in your browser Website Certified by an Unknown Authority Accept the psiphon certificate Ja UAD to vety the tener of sonenae somenhere com as a std ste If your server is configured correctly you will Posstie reasons For thts emor four browser does not recognise the Certificate Authority that esued the site s certificate see the certificate warning which means that The ste s certficate i incomplete due to a server misconiguration YOu art connected bo a Sie pretending to be somenamesomewhere com podsbly to gitan your psiphonode is accepting connections to your confidential information your machine Please notify the ste s webmaster about this problem Before accepting the certificate you should examine the ste s certificate carefuby Are you wing bo bo accept this certificate for the purpose of menting the Web ste somename somenherecomT For more information on the psiphon certificate warning see the Appendix B p 11 Examine Certficate Accept this certificate permanently Accept this certiicate temporary for this session Do not accept ths certificate and do not connect bo this Wieb site OK cance Unable t2. the Citizen Lab University of Toronto Munk Centre for International Studies Q 2 O Q 7 5 Things you should know What is a psiphonode pN A psiphonode is a proxy server and censorship circumvention provider that is located in an uncensored country What is a psiphonite pl A psiphonite is a psiphon user living in a censored country The psiphonite connects to a psiphonode set up by someone they know and trust to access information freely What is an IP address An IP identifies a specific computer or other network device on a network It is analagous to a street address or a phone number What is an Internal IP An Internal IP is assigned to your computer if it is running from within a Local Area Network LAN This IP is not directly accessible from the Internet What is an External IP An external IP address is the unique identifier assigned to you by your Internet Service Provider ISP There are two types of external IP address static and dynamic Static is fixed and therefore never changes Dynamic changes every time you connect to the Internet What is a Port A port is a special number present in the header of a data packet used to map data to a particular process running on a computer Different processes run on different standard ports assigned by the Internet Assigned Numbers Authority IANA The default port for psiphon is 443 because of the https protocol However this can be custom
3. further may want to consult at their own discretion some of the following resources PSIPHON FORUM We encourage you to visit and register on the psiphon forum as many questions are answered at this user supported resource http psiphon civisec org forum index php OTHER RESOURCES An article describing psiphon installation and configuration http nubility net 2007 psiphon part ii setting up psiphon A video tutorial that describes psiphon and its installation process http www youtube com watch v sSIHPxTU2UE Hacktivismo An international group of hackers human rights workers lawyers and artists that evolved out of The Cult of the Dead Cow cDc http www hacktivismo com Tactical Technology Collective A non profit foundation promoting the use of free and open source software for non governmental organizations and producers of the Security NGO in A Box http security ngoinabox org http www tacticaltech org Reporters Without Borders Handbook for Cyber Dissidents and Bloggers http www rsf org rubrique php3 id_rubrique 542 Digital Security and Privacy for Human Rights Defenders by Dmitri Vitaliev Published by Front Line The International Foundation for the Protection of Human Rights Defenders http www frontlinedefenders org http www frontlinedefenders org manuals en esecman html Tor An anonymous internet communication system http tor eff org Torpark A secure browser built on Firefox Deer P
4. psiphon as secure as possible there are steps you can take to increase your security For those high risk users i e dissidents writers at risk etc make sure you consult the resource section of this guide and follow these recommendations BOTH psiphonode pN and psiphonite pl 1 Ensure secure communications use a secure channel of communication eg encrypted email when sending connection information 2 Ensure SSL security identify and verify your psiphon certificate see appendix C p 12 for instructions psiphonode pN 1 Ensure node stability make sure your computer is virus spyware free and your OS security patches are up to date 2 Disguise your psiphonode If your organization is well known for politically contested beliefs and actions do not host your psiphonode on the same IP as your web site domain Adversaries may infer an association between the two 3 Verify software validity make sure that you download psiphon only from http psiphon ca download php psiphonite pl 1 Use psiphon strategically Do not use psiphon as your regular internet browser for an extended period of time Limit your use of psiphon to circumventing filtered sites 2 Eliminate usage identification Thoroughly erase your cache and browser history after ending your psiphon session using a known file destruction software such as ccleaner http www ccleaner com Appendix C psiphon certificate
5. the machine that is actually running psiphon http www dlink com products pid 6 There are hundreds of home routers manufactured by many companies and each router has a unique configuration screen There is a thorough resource outlining the configuration requirements for all Known routers at the following link http psiphon civisec org router config This guide will walk you through the configuration of a D Link DI 624 router as an example D Please proceed Appendix A cont d login page errors Configuring a D Link DI 624 wireless router to run with psiphon The psiphonode is running on a sub net defined by the LAN IP mask In this example it is 192 168 0 This subnet accesses the Internet through the external IP internet address of your home router In this example identified as 172 102 45 230 When psiphon starts up it detects the psiphonode external IP address that is running and is the location of the psiphonode as seen by psiphonite users The psiphon server is running on a machine with an Internal IP address of 192 168 0 102 and psiphon is running on port 443 All home routers whether wireless or cable have a configuration and administration control panel The router is at 192 168 0 1 and it requires a username and password to login If you do not know the username and password for the router you will not be able to enable port forwarding on the router Were eg af erg ore Le bo
6. The psiphon certificate warning For pN For pl if using a Firefox Browser As a matter of standard practice high risk users should make sure to verify the SSL certificate fingerprint being exchanged is authentic The following section provides instructions for a Firefox browser Other browsers have slightly different fingerprint authentication methods but follow the same general principles Step 1 Locate your SSL certificate fingerprint by clicking on the certificate tab Step 2 Copy and Paste the fingerprint from the field marked Sha1 Fingerprint Step 3 Send the fingerprint by any secure means e g encrypted email to your pl 1 Click examine certificate Bo Choose accept this certificate temporarily for this i session SEUN ENE e Tet ly Da ii et ed Ta ee 2 Examine the fingerprint Note in other browsers the fingerprint may be referred to as a footprint ee p bi p fh m oy fo amp EE ed Oe G erates ope sais Eg bere kan eel create Ta Coe ahy ee a ced ae es oe ee Tha mr rera en mer ems ha a a ro ep ar Crt ed ey te eee Se cs pes ree ee ae eee oe ae pa eh Ss rent Be eis Or reed eM i Fe a te i ad bi e a 3 Accept or decline the certificate If the footprint matches that sent to you by your pN accept it If not click do not access Appendix D Additional Resources Note Those interested in exploring the topics raised in this guide
7. amily members that live in censored countries Appendix A login page errors If you experience a server timeout error message when clicking on the blue test link the following information will help you get your psiphonode up and running The server timeout looks like this b Tha connecta has imad cat The error may be occurring for a number of reasons Following are the 2 main reasons and the steps to rectifying the error 1 Your server is behind a firewall There are 2 types of firewalls SERVER PROGRAM software blocks incoming connections to your computer paiphom exe is tying to act as a ceiver The user decides which to allow Kieriacelione Not avalsbis ly Zane lam hardware A device in between your computer and the cee RE ROMITIPS internet not common in home computers Mate Peon r aae This program has previously asked for Inbennel access SmartDefense Advisor More into You will need to enable the port that the firewall djy Wet to have tever ales is blocking Eind out hows 2 You need to configure your router for port forwarding psiphon is designed to run from your home computer Often home computers run on a sub network or LAN that runs behind a router administered by someone in the home In these cases the psiphon server must be connected to the Internet via the home router which in turn must be configured to open a port and route all psiphonite requests to
8. ark using the Tor network http www torrify com Scatterchat A secure instant messaging client http www scatterchat com PGP GPG Encryption software http www pgpi org http www gnupg org Thunderbird GPP An email client with built in GPG encryption http www portableapps com Ultrasurf Secure Internet surfing http www ultrareach com Freegate Encrypted Internet access http www download com 3000 20 10415391 html Peacefire A censorship circumvention tool http www peacefire org
9. be installed To install in thes folder click Hagn To install to a different folder enter it belj or click Browse C Program Files CitizenLad peiphoni Advanced installer Cs Co Cancel The installer will save psiphon in a default location or the location of your choice You are ready to run psiphon Before proceeding understand the security environment in which your psiphonite lives See Appendix B High Risk Users on p 10 for details Please proceed Find the psiphon icon on your desktop and double click on it At this point you may encounter a firewall pop up window gt Windows Security Abert x D plang NaN paa mm ees Woebrws f ermal has bho bod Choose unblock if you wish to proceed Now psiphon will help you configure your server Give your server a name This name is a part of the URL identifier that your psiphonites will use to connect to your machine so give psiphon a name that your psiphonites will SER recognize as unique to you Please name your psiphon a Z 0 9 Name ggjohnnygg Then psiphon will attempt to determine your external IP address This is the final piece of the URL identifier that is needed in order for your private psiphonites to find your psiphon server Next psiphon will check if port 443 is available If psiphon cannot access the default port 443 a new port will be automatical
10. foes Bee Ves ee ee a i ee H ASA ee eee tae ee Find your router virtual Server tab Z DI 624 Windows Internet Explorer The location will vary depending on the brand of router but in this example it can J 62 gt BY ap cyPagey G tos be found in the advanced tab canes ve us G High Speed 2 4GHz Wireless Router Name this port forward connection This is a name of your choice Virtual Server is used fo allow Inlarnel users access to LAN seneces Enbe Disabled Identify the Private IP This is the IP Namo tps Clear address of the machine that is running from Provato IP 192 168 0 102 within the home LAN ae DER Prai Pot 443 Pubig Port 443 time O1 OO AM pm o From AM day Sun Sun Private Port psiphon listens on this port Virtual Servers List Apply Cancel Help A Name Privelo IP Protocol Schedule Public Port psiphonites connect to this Remote Desktop 192 168 0 101 TCP 3380 3389 aways Ghi port hep 192 168 0 102 TCP 444 444 aways 9 a E Naps gi 192 168 0 102 TCP 3229332293 aways J9 Schedule Set this to always or select a duration that the port will be opened Below is a list of all Virtual Servers running on your router Your router will now forward all outside psiphonite requests to your psiphonode Appendix B A High Risk Users General Disclaimer Although we have tried to make
11. ized What is a Router A router acts as a junction between two or more networks to transfer data packets What is a Firewall A firewall blocks packets or ports based on rules determined by the computer user These rules can range from very general to very specific What is a Server A server is a host computer on a network that handles requests for data email file transfers and other network services from other computers ie clients In the context of psiphon the psiphonode is the server What is a Proxy Server A proxy server acts as an intermediary between a user and the Internet It can be used to ensure security admistrative control and censorship circumvention among other things A psiphonode is therefore a proxy server What is an SSL certificate An SSL certificate is exchanged between a client and a server to authenticate an encrypted communication channel Is psiphon for you want to give access to blocked web content to my friends psiphon is for you please proceed want to access blocked web content X You do not need to install psiphon You need to find someone who is in an uncensored country and ask them to install psiphon and give access to it Think of whom you might know and trust in an uncensored country who would be able to help you Pm on windows psiphon is for you please proceed Pm on linux psiphon is for you please proceed lm on mac X mac versi
12. ly assigned You can also manually set psiphon to use a port number of your choice Click on the Test button to verify that psiphon can use the port that you have selected W psiphon v1 4 OFF 6 Link https 74 102 45 230 443 9gjohnnygo Now you can start psiphon Users Log Click on the start button psiphon will attempt start up the server running through all of the tests that are required in order for your server to function If all tests are passed the server will start and the top window will display as ON users Log User iD Username E Mail Date Full Name Once your server is ON then you can test that your psiphon server can be seen by outside users by clicking on the blue test link at the top of the psiphon control panel Please proceed Test psiphon The URL what appears when you click on the blue test link is made up of the following components I https EEE 30 443 jane4freedom This indicates that a secure and encrypted SSL connection will be used between the psiphonite and your psiphonode E 74 102 45 230 https 84 202 55 330 443 jane4freedom This is the external IP address that your psiphonites will need in order to connect to you 443 This is the port that your psiphonode is listening to in order to accept connections to your IP address a ane4freedom https 84 202 55 3 LIE LN IN ST https 84 202 55 330 44 Vfnaatrasdan
13. o access login page If you cannot get to the login page by clicking on the blue link that means that your psiphonode is NOT available to anyone including yourself Please refer to Appendix A pp 8 9 to get more information on how to get your psiphonode up and running Login to psiphon Click on the blue link to get to the login page i Paphan Lagin Mozilla Firefox Fie pit yew go fockmarks Took Heip J 80 moe oe ic Cerro Sherted EL Late Hendir Caie Login Copkics must be enabled Security Errar Domain Name Mismatch Meram ou hive sttemphed to estabhieh g iiare wath cera areenan rites on Ma If login is Fi successful Eyo papei he ceriiicahe hoen does not bang in E A please proceed Parsad _ fot Click bee to change pour pasted Engikah Franca Pyoceven yew Certiicate ws Add psiphonites Create user accounts for your psiphonites Click on the add button on the psiphon control panel Fill in the user details for your psiphonite After doing this they will be able to access your phonites by clicking on psiphonode By any secure means send your psiphonite the following connection information https 84 202 55 330 443 jane4freedom Connection information 1 psiphonode url 2 Username and Password O Add more psiphonite users to your psiphonode so that you can help your friends and f
14. on is not yet available please check back periodically to our website http psiphon civisec org for updates l m on a LAN psiphon may not be accessible to people outside of your network depending on its configuration Check with your network administrator I m using a router A Configuration of your router is required Please refer to Appendix A pp 8 9 i f for router configuration instructions I have a firewall Configuration of your router may be required Please refer to Appendix A pp 8 9 You re ready to start Get psiphon go here http psiphon ca download php Read and accept licence agreement in order to proceed If you are on windows click on psiphon 1 5 Win32 installer and download psiphon installation file on your desktop If you are on Linux a Ar ea hipopne ep aara hes e e tien a E eae nn A aiai aki you will need to download source here http psiphon civisec org source html J psiphon owes NOW and build psiphon yourself using the provided instructions Install psiphon This and further instructions are for WINDOWS ONLY Find psiphon installation file on your desktop and run the installation Welcome to psiphon Setup Wizard The Setup Wizard will install psiphon on your computer Click Nizerd Next to continue or Cancel to exit the Setup Wize i psiphon Setup Select Installation Folder Thes 6 the folder where paphon wall
Download Pdf Manuals
Related Search