Your Freedom User Guide
Contents
1. wee a LA OPENSSYOUR As WORD 2 Configuration options Note Some of the options below are marked as hidden which means that they are not accessible though the Configuration window but only through a text editor These options are for those who know exactly what they are doing or at least think they do Please consult our support staff first if you are unsure All options are case sensitive be sure to use lowercase There are options that can only appear once in the config file type single others can appear more than once type multi Options that take only a single value will treat everything after the leading whitespace as part of the value including whitespace so watch out and don t put whitespace at the end of the line if you don t want to You may use comments as well they start with a in the first column but they will be gone next time the client saves the config Now here comes the alphabetical list enjoy Option Description Type Arguments aes Enable or disable strong boolean true default or AES encryption optional false autoscroll_messages Scroll message window boolean true or false default automatically when new optional messages appear avoid_dns Use the server s IP address boolean true or false default not the host name if known optional bandwidth_unit Display unit for bandwidths integer bit s default or optional B2. Checking Proxy Settings We will now check if your proxy settings are working or whether we need more configuration Please stand by fora second Your proxy settings do not seem to be working Please click on the Back button and see if they are correct then come back to check again it means that you have not provided a working proxy configuration Click on Back and modify the hostname IP address and or the port setting Many proxies listen on port 80 8080 or 3128 to name the most popular ports Check your web browser s configuration it should be able to tell you Oh by the way if you find that the wizard has the proxy details already filled in then it s not magic it just found them in your PC s registry and probably has made life easier for you Let s assume you ve been able to make it work If not please ask a knowledge person around you how you can use the web proxy or click Cancel and try a manual configuration It worked if you see something like this Version 3 0 Release Date 2013 06 26 YOUR FRE Your Freedom User Guide Page 21 of 86 Found Freedom Servers A search found the following servers Please highlight one of them and click on the Next button a zi Dea pes pes pes pao ar amat8 yonr feedom de 85 214 45 166 jems24 your freedom de 94 126 16 7 98 zez de yes Pa ems10 your freedom de 385 214 151 156 9 8 yes ems15 your freedom de 193 37 152 232 97
3. Page 31 of 86 Now click on Settings Configure Proxies to Access the Internet No proxy Auto detect proxy settings for this network Manual proxy configuration HTTP Proxy localhost Port E Use this proxy server for all protocols SSL Proxy localhost Port ETP Proxy localhost Port Gopher Proxy localhost SOCKS Host localhost SOCKSv4 SOCKS v5 No Proxy for localhost 127 0 0 1 Example mozilla org net nz 192 168 1 0 24 Automatic proxy configuration URL Reload Fill in the values as shown making a note of the original values so you can revert to you previous configuration when you are not using Your Freedom then click OK in both windows Firefox now uses the Your Freedom connection Setting up Internet Explorer Like all browsers IE supports proxies directly What s more IE s proxy configuration is actually shared by many other applications as well Select Tools Internet Options Then click on the Connections tab You ll see something like this Version 3 0 Release Date 2013 06 26 KOUR EREEDOM SPENSLYOUR DOOR IC WORLD Page 32 of 86 To set up an Internet connection click Setup Dial up and Virtual Private Network settings Choose Settings if you need to configure a proxy server for a connection spe Never dial a connection Dial whenever a network connection is not present Always di
4. Version 3 0 Release Date 2013 06 26 ER d KI Your Freedom User Guide Page 25 of 86 On an Android device Find the icon shown on the right and launch the Your Freedom status application by tapping on it You ll see a welcome banner similar to the one shown on the right briefly explaining the most important things You must Your scroll through it and while you are at it anyway may we Freedom suggest that you read it as well and click either OK or Use Sa is eee wizard Please click Use wizard If you happen to have clicked eee web sites that are otherwise unaccessible to OK instead click the Settings button in the top right corner choose You If your Internet access 1s censored or otherwise restricted YF will open your door to the world Exit and start over again The app will now guide you through the PE initial steps of the setup When you are done with filling in requested This app and information click the right arrow to jump to the next step You can always go back using the left arrow If the configuration is complete and you are happy with it click on the tick mark an ace n www You ll likely not have to configure a proxy server If you need to type in its address or DNS name and its port and if it is a SOCKS proxy change the proxy type The app will try to find out whether or not you need authentication credentials if you need them it will ask you fo
5. and mark the Run as Administrator checkbox This will ensure the openvpn process gets launched with the necessary privileges Before making use of OpenVPN please make sure your computer is properly protected and not infected by some virus worm or a Trojan Ensure that it is not part of a bot net If you don t our servers might have to close down your account to protect our systems If you do not have a proper security suite installed on your PC please open Internet Explorer now and visit this web page for a free check it is a Microsoft tool and will therefore only work in Internet Explorer http onecare live com site en US default htm We strongly advise that you repeat this from time to time It is for your own protection If you haven t got other protection consider installing free protection software like Microsoft Security Essentials Avira Antivir or avast Version 3 0 Release Date 2013 06 26 Page 44 of 86 You don t need a Your Freedom package FreeFreedom will suffice That s right Our OpenVPN support is not only available to paying users Although running an OpenVPN tunnel endpoint uses considerably more resources than just forwarding connections we decided to offer it to everyone for free Although we know that it wouldn t be much fun with 64k 3 3 3 Configuration tasks Know your networking environment If you are behind a firewall and need to be able to reach servers that have Internet IP addre
6. Configure Freedom Account YF Config Wizard Congratulations Please fill in your Freedom username and password in Wl should be set up now and you are ready to free the form below Click the Next button when you are done yourself from your chains To open the door to Freedom lick on the Start connection button in the Status panel To obtain a Freedom account go to https www your freedom net and register there H you need an account to be able to access our web page and create an account use unregistered password unregistered for now Username unregistered Password Show password in clear When all is done click on the tick mark On Android you do not have to configure any applications just skip the next section Version 3 0 Release Date 2013 06 26 ge ER D EN SOU GDOOp TO THE WO Your Freedom User Guide Page 27 of 86 2 4 Configure applications This section only applies to PCs not Android devices 2 4 1 Automatically Please note We recommend manual configuration This feature is only provided for your convenience and you should probably not use it Windows users can simply click on the Applications tab and see something like this Status Streams Account Profile Ports Messages Vouchers Applications About Applications currently supported by this tool Browsers Instant Messengers Filesharing Tools C MS Internet Explorer C
7. Help me choose 4 1 4 What if it doesn t work Are you receiving this message during the connection set up Version 3 0 Release Date 2013 06 26 DPENSIYOUR DOOR O THE WO Your Freedom User Guide Page 60 of 86 A Error Connecting to Your Freedom US Verifying user name and password Eror 734 The PPP link control protocol was terminated if you continue to receive error messages you can enable logging for analysis Su E Enable logging For logging options see diagnostics Logging options can also be accessed by clicking the Remote Access Preferences menu item under the Advanced menu of the Network Connection Folder __Redai 55 1 Gm It means that our server has denied your login either because username and or password were not correct or your account has been disabled or you are as a FreeFreedom user over the account s time budget or there is a problem with our server Unfortunately we cannot tell you which one of these is the reason If the problem persists and you are sure your username and password are correct try to log in to our web page and see if your account has been disabled If not check whether you are over the time budget FreeFreedom users only just log in then click on Account Enabling logging won t help you at all If you happen to see this during the connection e A gt Network Connections Link to Your Freedom US failed Reconnect p
8. Pret HTTPS HTTP you might need to figure out about your web proxy or configure everything manually e g if you want to use an FTP proxy If you get this however Checking Proxy Settings We will now check if your proxy settings are working or whether we need more configuration Please stand by for a second Your proxy settings appear to be good however it seems that you have to authenticate on the proxy Please click on the Next button and fill in your username and password in the next panel then you ve filled in the proxy details properly but you need to authenticate on the proxy Click on Next Version 3 0 Release Date 2013 06 26 Proxy Server Authentication Your proxy server requires you to authenticate by supplying a username and a password Please enter these values in the fields below If you have no idea what to supply there try your Windows domain username and password and if that does not work fill in your windows domain as well or try to prepend it to the username with a backslash If all fails ask a knowledgeable person around you When done click on Next to check Proxy Username Proxy Password Proxy Domain and fill in suitable login credentials In many cases this will be your Windows Domain login don t forget to fill in the domain as well Just try until it works you can click Next to try If you see this page
9. Sun Oct 17 06 42 22 EDT 2010 Server groups default gaming Maximum uplink bandwidth junlimited Maximum downlink bandwidth unlimited Maximum simultaneous streams 200 ly es SOCKS4 5 BIND permitted lyes Relaying permitted Sp yes Maximum server port forwards 5 Maximum connection time _ lunlimited Remote ports forwarded 20478 20479 20480 20481 20482 Access restrictions Rue Address permit jany Most things in here should be fairly self explanatory except maybe for server groups and remote port forwards Server groups will indicate the groups of servers to which you may connect Multiple permitted groups are separated by comma Everyone will have the default server group on their profile meaning that you may connect to every Your Freedom server in the default group at the time of writing all servers are in this group but this may change Some Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 37 of 86 accounts have additional server groups in their profile depending on bought packages All will not show up in customer profiles If your profile has any server ports assigned they will show up in the remote ports forwarded line The numbers there mean that these ports on the Your Freedom server will be forwarded to your PC when you are connected and you may use them in the server port
10. This means that you will always be able to log in but so will everyone else who knows your details and he or she will kick you off The servers talk to each other it doesn t help to just use different servers Version 3 0 Release Date 2013 06 26 Page 38 of 86 2 7 Choosing the right server 2 7 1 Server location The YF server should ideally be close to the YF client or close to the servers you intend to use through YF Just think about it as a triangle the corners are your PC the service on the Internet and the YF server on top The more the triangle looks like a straight line between you and the service i e the flatter it is the better Let me give you an example If you are located in the US and the service you are using let s say you are playing an online game is also US based a server in Europe will probably be a bad choice The laws of physics make it impossible for information to travel faster than the speed of light and putting 20 000 kilometers of additional wires or fibers and a dozen of routers between you and the service will increase latency It is ideal to use a YF server that is close to yourself Why Because you d normally use more than one server on the Internet and you cannot find a YF server that is topologically close to all of them but you may be able to find one that is close to you On the other hand for applications that don t care too much about latency like large file transfers
11. it only jeopardizes Google s business model Now download the Your Freedom APK file or obtain it through email write to get your freedom net and put the word Android in the subject line Click on it and install it Alternatively search for Your Freedom in Google Play if you can use it Play has the additional benefit that you can confiugure fully automated updates 2 3 Connecting for the first time OnaPC When you start the Your Freedom client application for the first time you ll be asked for your preferred language Click a button you can always change the setting later Not all texts have been translated to all languages You may encounter some parts that appear in the default language which is English US and it is quite possible that you encounter bad translations Please let us know Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Bahasa Indonesia Bieser Dansk EE K 2 English UK English US Espa ol Fran ais Hrvatski Italiano Deutsch mee Magyar Portugu s Romana Ti ng Vi t ing ZE X G8 T rk e Pycekn iu _Engisn us Nederlands aa After you choose the language of your preference a Wizard will show up It is safe not to use it and enter all required information manually but if you are unsure give it a try first Manual configuration may be required in
12. new connection after only minimum holdoff time default 3 post_typ_holdoff Typical holdoff time in POST integer mode in milliseconds optional Wait this long for more frames before triggering a connection default 500 ms protocol The connection protocol to string One of http https use required cgi post ftp udp dns echo proxy The proxy port integer Make your PC a web optional proxy by supplying the port number Set to 0 or remove to turn off Default is 8080 proxyauth Force a particular string One of any ore none authentication method on optional default basic or web proxy none NTLM or none Digest or none Default is to use whatever is offered by the proxy and prefer more secure methods over less secure methods proxydomain Your domain for web proxy string A Windows domain authentication if needed optional name if you need one NTLM proxies only to authenticate on your web proxy proxyhost The web proxy hostname or string A host name or IP IP through which to tunnel optional address Leave empty when using http https or or remove if you don t cgi need to use a proxy proxypass Your password to string A password if authenticate on the web optional authentication is proxy needed Version 3 0 Release Date 2013 06 26 Your Freedom User Guide age OD OT 36 proxyport The web
13. Freedom It might be all you need in which case you are welcome to use it as much as you like There are several restrictions in the FreeFreedom profile First of all the bandwidth is low and the number of concurrent streams is low as well but enough for chatting web surfing etc Then there is a connection time limit wou can only be connected 5 hours in a week interval and only 2 hours in any 24 hours interval also after one hour your session is disconnected but you may connect again immediately After the daily or weekly usage limit is reached users won t be able to connect again You will see a message telling you about this indicating the approximate time at which you will be able to connect again Version 3 0 Release Date 2013 06 26 Your Freedom User Guide 5 2 Upgrades and vouchers Page 63 of 86 If you would like to have more bandwidth more concurrent streams or other additional features or you would simply like to support our efforts to provide unrestricted Internet access to everyone consider buying an upgrade The table below details all available time based upgrades their features and their prices in Euros ree Le enone Lem Web Proxy Socks Proxy OpenVPN mode i PPTP mode SOCKS5 mode 4 44s F E HTTP connection Ze KIER IE SIE SES HTTPS connection CGI connection FTP connection E 5 UDP connection DNS connection S ECHO connection Score 1 D Ver
14. Use anew UDP source port integer Port changes if this UDP DNS mode every this optional many milliseconds many milliseconds have passed since the last change Default is 0 don t change based on time udp_srcport Use a particular UDP source integer 0 or remove to use an port UDP DNS mode optional ephemeral port use_http11 Use HTTP 1 1 instead of boolean If your proxy is acting HTTP 1 0 in requests optional stupid try if this fixes the problem Can either be true or false default useragent Send this user agent string Used to fake a header in requests optional particular browser Your YF username stringrequ Your Your Freedom ired username vm_code Voucher code information multiple Information about string known voucher codes optional vpn Use new style VPN mode boolean Experimental not yet hidden effective webproxy Port for new style web proxy integer Experimental use implementation hidden new style web proxy implementation for your applications Version 3 0 Release Date 2013 06 26
15. Yahoo Messenger Cl BitSpirit C Mozilla Firefox Lica Pr itimedia Play C Windows Live Me C mir Options Configure your applications to use YF Restore your old configuration settings This is a list of applications whose configurations can be modified automatically by Your Freedom The ones that are installed on your system have working checkboxes the other ones are grayed out Tick the ones you wish to use with Your Freedom and then click OK You ll see something like this GZ Client Configuration Wizard Task completed total 1 successful 0 skipped 1 Hope it s all successful Then click OK To restore the previous configuration of your applications choose Restore and then tick the ones you would like to restore and click OK Note that applications that you ve configured to use Your Freedom will only work properly if the Your Freedom connection to the server is up and running Also don t forget to restore all your settings before de installing the Your Freedom client Version 3 0 Release Date 2013 06 26 Page 28 of 86 Status Streams Account Profile Ports Messages Vouchers Applications About Local Services v SOCKS 4 5 Port OpenVPN Port 1194 Relay for others vi Web Proxy Port Use UDP for OpenVPN _ Flatten traffic bursts Local Port Forwards Local Port Remote Address Remote Port Add SIP F
16. allow for more simultaneous streams and there are server ports that you can use to allow inbound connections to your PC or another PC in your network if you like The upgrades are available as one month three months six months or twelve months upgrades and come in three different levels that we call BasicFreedom EnhancedFreedom and TotalFreedom As an alternative to time based upgrades there are vouchers carnets Vouchers can be used to temporarily upgrade your Your Freedom account without having to pay for a full month and not use parts of it Details can be found in chapter 0 of this guide 1 7 Is Your Freedom Spyware or AdWare No Rest assured that the Your Freedom client application does not contain any code to spy on you or to cause any annoyances other than the restrictions of the FreeFreedom service which are of course there to convince you of the benefits of buying an upgrade The only reason why we don t publish the source code is because much of the code is also used in the server and we don t want to expose it We don t want to help those developing blocking appliances either We do our best to protect your privacy by not storing any more details on our servers than technically or legally required and permitted In fact the connectivity servers themselves do not keep any logs that could be of interest to anyone but the developers and operators Actually this is not entirely accurate Outbound email sent
17. an email containing an activation link If your email address is protected by anti spam measures please ensure that email sent from the your freedom net domain i e ending in your freedom net is permitted before you click on the Create account now link Activate your account by clicking on the link in the email or cut amp paste it into your browser You can also simply reply to the email quoting it in its entirety in your email reader If you haven t received the email or if the link doesn t work for whatever reason please send an email to our support staff they can create or activate the account for you if you write to support your freedom net telling them the username you have chosen but not your password What if you cannot register on our web site because it s blocked Well it s a hen and egg problem then Either you ask someone else to create an account for you or do it from somewhere else and modify it later or obtain the client software from another source than Our server and use the username unregistered and the password unregistered in it This account will only provide FreeFreedom access however Alternatively if you are able to send an email to our customer support ask them to create an account for you Just write to support your freedom net telling them about your problem suggest a username please limit yourself to ASCII letters and numbers dashes and underscores and a password If y
18. dial up connection to the Internet Cu Set up a new network Configure a new router or access point 4 Set up a dial up connection Connect to the Internet using a dial up connection Now choose Use my Internet connection VPN because that s what we are trying to do set up a new connection through your existing Internet connection Version 3 0 Release Date 2013 06 26 YOUR FREEDOM oe W 9 TIENTS aa Your Freedom User Guide Page 51 of 86 grsecoeeccneneyacoencegeoeneneocoueceseacsanouacaeuassenenacocucnsussgenenecsenensuaenensuacneusgenenacounensuosnenseasnsacnsnenenaeosaenansenenansuacnenassenenacseacoeuaeseneyacaeuacseaeneneeacneunsasnesscagnenseacsenevacousceaeoescnacacsenanseaseaeeseses Use my Internet connection VPN i Connect using a virtual private network VPN connection through the Internet Dial directly Connect directly to a phone number without going through the Internet e p What is a VPN connection In the next step you are asked to enter an Internet address to connect to Fill in the PPTP server of your choice If you know the IP address or the server s name you may use this but we suggest you use the generic by country names we provide In this example we want a US based server but it could be de for Germany or uk for the United Kingdom as well You may of course use emsXX your freedom de as with the YF client application as well or an IP address The Destination name
19. fest ue 71 CTE AlING A dump EE 72 Using a packet CN 72 Updating EE 73 Appendix B Country information ssessssneeeeeesseeenerrrtttsserrrttrnntrssertrttrnnttnserrnntnnnnnnserennne 74 Country specifie EE 74 Server availability DY Country 74 TWAS eege ege eege eelere Eed ees e 74 Appendix C The Your Freedom client configuration fie 76 Where s my home CISION EE 76 re 77 Version 3 0 Release Date 2013 06 26 PENS YOUR PAra e F Gates 7 Sg z acai 2 io Your Freedom User Guide Page 8 of 86 1 Introduction 1 1 What is Your Freedom Is your Internet access somehow restricted Are some web pages not accessible to you or are you unable to run applications because of such restrictions Are you in a place where there is Internet connectivity via a public hotspot but you don t have a login to it Then Your Freedom is for you Although the techniques used by Your Freedom to break through such restrictions are fairly complicated it is not difficult to use Your Freedom is a Connectivity Service that allows you to overcome connectivity restrictions imposed upon you by your network administrators your provider or your country It also provides a certain level of anonymization and it hides from your administrators and other nosy people close to you what you are doing on the Internet Your Freedom works by turning your local PC into a web proxy and a SOCKS proxy that can be used by your applications web browse
20. forwards configuration see below Your Freedom Status Streams Account Profile Ports Messages Vouchers Applications About Local Services 7 SOCKS Ap Port OpenVPN Port Je Relay for others Je Web Proxy Port Use UDP for OpenVPN Dai Flatten traffic bursts Local Port Forwards Local Pot Remote Address _RemotePot ada SIP Forwards LocaiPot Remote SIP Proxy _ _ _RemotePot aga Server Port Forwards Remote Port Local Address Local Pot Ada All options in here can be changed while the connection is active and will have immediate effect If you wish to modify the local ports on which your PC becomes a web or SOCKS proxy uncheck the service first then change the port number and tick the box again If you would like your PC to accept requests from other PCs on the local network and forward them through your Your Freedom connection tick the Relay for others box Note that this will only have an effect if your profile permits it check the Relaying permitted line in the Account Profile panel as shown above 2 6 Starting and stopping the connection 2 6 1 Each user may only log in once That s right Each user can only log in from one PC at the same time If you try to log in using the same user account from another PC or another instance of the client the previous session will be terminated
21. if you like Many texts and messages are available in other languages and it may be easier if you change the setting Note that you have to restart the client to make the change effective when you are all done KR Freedom Configurati d i besse i Server Selection Account information Proxy Settings OpenVPN Settings Server Connection General Settings i POST Settings HTTP HTTPS CGI Proxy Server Proxy Address Proxy Port Proxy Username Proxy Password Proxy Domain Proxy Type HTTP HTTPS e Prony Authentication 7 User Agent FTP Proxy Server Proxy Address Proxy Port emaa Lem ome i a EE Theresa lot you can configure here You might want to use the wizard to configure a web proxy but you don t have to there s not much difference but the client will check if your settings appear to be correct If you know the details just fill them in You ll probably need to configure the address host name or IP address and the port If you need to authenticate on the web proxy fill in username and password as well and if it s an NTLM authenticated proxy add the windows domain name as well In this case username password and domain are probably the same values that you use to log in to your PC Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 36 of 86 If you intend to use the FTP connection meth
22. in band Web server admins will not be able to see where the access comes from initially they will instead see one of our IP addresses But we do not take any further anonymization measures we do not remove tracking cookies nor do we wash the request headers that your web browser sends For those looking for privacy the client offers a high level of encryption using the AES encryption standard public private keys and strong session keys Details can be found on our web page on https www your freedom net id encryption you need to be logged in Unless you explicitly disable encryption you ll be safe from spying eyes With regards to viruses we do not have any virus protection mechanisms built into the service and therefore do not provide any virus protection Please install anti virus software on your PC or phone you should do that anyway 1 6 What does it cost A fundamental service is provided for free It is restricted in bandwidth and the number of simultaneous streams and there is a time limit of one hour for the connection between the client and the servers but you may reconnect immediately Daily usage time is limited to two hour and weekly usage time is limited to 5 hours Some of our servers are not available for FreeFreedom users If this is good enough for you you are welcome to stick with it We provide upgrades that remove all usage time restrictions expand or remove the bandwidth restriction and that
23. one of our connectivity server IP addresses But it cannot protect you from your own mistakes or flaws in applications and protocols You are anonymous unless you make mistakes Your Freedom is not in any way enhancing your connection It does not provide data compression and it cannot speed your connection up in any way in fact there is a certain This is not entirely true If you connect through PPTP or use OpenVPN mode your data is compressed Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 9 of 86 amount of overhead which is dependent on the connectivity protocol used so things will probably run slower not faster 1 3 What can use it for Your Freedom can be used to overcome e Protocol restrictions If you cannot use certain applications or services because these applications cannot connect to the Internet in the usual way Your Freedom may be able to help you For example if your favorite online game does not work in your place because someone decided that you shouldn t play it then try Your Freedom Games known to work well include World of Warcraft EVE Online Counterstrike and many others You may not use P2P protocols because someone thinks it is illegal Most P2Pclients work nicely with Your Freedom and you can even get a server port which gives you a high id e Censorship You may not visit certain web pages Try Your Freedom It turns your local PC into an unrest
24. proxy s port integer A port number Set rot optional or remove if you don t need to use a web proxy proxytype Use non standard proxy type string When using TCP for TCP based connection optional based connection modes HTTPS HTTP modes and a web POST CGI proxy is configured assume it is of this type Can be HTTP HTTPS default SOCKSv4 or SOCKSv5 proxyuser Your username to string A username if authenticate on the web optional authentication is proxy needed rcport remote control port integer Use a particular TCP hidden port for singularization i e ensuring that YF is running only once Default is 62799 bound to 127 253 19 87 reconnect_after_shut If server shuts down try to boolean true default or down reconnect automatically after optional false a while reconnect_delay If a reconnect is required integer Default is 5000 wait this many milliseconds optional milliseconds before an attempt redirect_dns Don t resolve host names boolean true or false locally when using SOCKS optional default Use this if your local name server cannot resolve Internet names or you don t want it to Version 3 0 Release Date 2013 06 26 rekey Change encryption key frequently Your Freedom User Guide boolean optional true or false default The wizard will set this to true and there s normally no r
25. re open the HTTP integer Time in milliseconds If uplink connection at intervals optional you need this use the CGI connection protocol instead This is outdated http_posttfix In HTTP mode append this string Can be used to craft after a to the URL hidden special URLs https_ssl Wrap connection in HTTPS boolean Helps with picky filters mode in SSL TLS optional that perform protocol detection Ode kill Kill connection when idle for integer This is obsolete and this many milliseconds optional doesn t work as expected anymore don t use it initial_post_size When doing a HTTP POST integer Default is 10000000 or use this initial size hidden 10 Megabytes The client decreases this by a factor 0 8 until the web proxy accepts it or the value falls below minimum_post_size If you know your proxy s limits put it in here it saves connection time keepalive_interval Send a keepalive frame integer Default is 20000 ms every this many milliseconds optional Connection fault detection is 2 5 times level_ messages Only show messages above integer 0 is debug 7 is this level in Messages panel optional emergency Default is Version 3 0 Release Date 2013 06 26 1 informational Your Freedom User Guide locale Your preferred locale string Defaults to en Only a language ISO 2 letters optional few languages are lowercase optionally supported see the followed by an undersc
26. server Initial POST size vi Enable encryption Minimum POST size lv Enable re keying FTP mode both v On the Server Connection tab configure the Your Freedom server name or IP address several names or IPs can be separated by semicolon but no additional spaces Select the connection protocol from the pull down menu and the default port should automatically appear change if necessary Or use the wizard to see your server connection options and let the client choose the best way but configure the proxy settings first if you need to use a Also select the connection options as well For most people the defaults should be OK you might want to tick Avoid using DNS as well if you only want to try known IP addresses for the YF servers and not ask your local DNS server It is not advisable you enable the Automatically switch server option and it will likely not be available anymore in new releases If you click on the Account tab you ll see this Version 3 0 Release Date 2013 06 26 YOUR FREEDOM OPENSSYOUR DOO Page 35 of 86 Server Selection Account Information Proxy Settings OpenVPN Settings i r Server Connection General Settings POST Settings Account Details Username myusername Password Jesssssssss Language English United States v Fill in your Your Freedom username and password and choose a different language
27. set up process then click connect and off you go There will be several status messages popping up and once they are gone you should be connected You can verify this in your connection list See above it will now tell you that you are connected via the Your Freedom connection To disconnect click on the connection in the connection list and choose disconnect simple as that At one point a pop up window will ask you to set a network location for the new connection We recommend that you choose public network to avoid unnecessary security risks Select a location for the Your Freedom US network This computer is connected to a network Windows will automatically apply the correct network settings based on the network s location Sm Home network a If all the computers on this network are at your home and you recognize them this is a trusted home network Don t choose this for public places such as coffee shops or airports Work network F all the computers on this network are at your workplace and you recognize them this is a trusted work network Don t choose this for public places such as coffee shops or airports Public network If you don t recognize all the computers on the network for example you re in a coffee shop or airport or you have mobile broadband this is a public sa REMEE EE o E ETT TE TRESTLE TTT TE TEES Treat all future networks that I connect to as public and don t ask me again
28. through Your Freedom is scanned for viruses We do this to avoid blacklisting of our IP addresses which would make it impossible for our users to send email through Your Freedom It does not protect you it protects others and us from ou In PPTP mode OpenVPN mode and on Android the number of concurrent streams is not limited Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 12 of 86 they only contain things like server load and exceptional occurrences in server operation all logs containing user details are instead kept on a server in Germany However we will cooperate with legal authorities in Germany to the extent required to protect us from having to take responsibility for your actions This means that we may unveil your account and payment details as well as the source IP address used to connect to our servers if we are forced to do so and able to determine who is responsible for some action We do not log what you access on the Internet German telecommunications laws do not even permit this We do log the fact that you have used our service from where you have logged in to our service if we know it at all With DNS mode we usually don t the lowest 16 bits of IP addresses you have connected to but not the full address only the last two numbers and statistical data about your usage needed for accounting and quality assurance This information is typically held on file for only a few days and no l
29. 0 and most people should not have to increase it but if your network connection drops connection attempts that appear in bursts try setting it to a higher value cgi_downlink_connect_timeout All these values normally do not appear in the config file and are not configurable through the front end Just add lines to the file it does not matter where that contain the name of the value a space and the numeric value to which you would like to set it no unit Optimum performance is probably achieved by setting cgi_uplink_threshold to 1 and cgi_uplink_mindelay to maybe 20 Try it you can t break anything if it doesn t work just remove the lines again Version 3 0 Release Date 2013 06 26 Appendices Appendix A Troubleshooting The Your Freedom client comes with built in troubleshooting facilities There is the message log that you can access from the Messages tab you may save it to a file as well but this will only help you in everyday situations For more detailed troubleshooting you need to run Your Freedom in dump mode and you might have to use a packet sniffer as well Why does my app game not work There is of course no off the shelf answer to this question But the first thing you should look at is the streams panel of the Your Freedom client Does the application create streams there when you use it before it complains that it cannot connect If no then it is likely not properly configured See if you v
30. 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 34 of 86 We recommend you make a note of the original settings that allows you to revert them when you are not using Your Freedom 2 5 Manual Configuration Most options can be configured using the Configure dialog available from the Status tab but a few are only available via the configuration file We recommend that you avoid messing with the configuration file unless you are advised by us or think you know what you are doing 2 5 1 The Your Freedom configuration dialog Go to the Status tab of the Your Freedom client then click Configure A dialog window like this should open up Ia Your Freedom Configuration mm mmm mmm arnim Server Selection ji Account Information Proxy Settings OpenVPN Settings Server Connection General Settings POST Settings 5 Your Freedom Server Address ems04 your freedom de Port 443 wi Wizard LE e e Connection mode HTTPS Sal Tweaks None Options C Automatically switch server Minimum buffer size E Automatically connect on startup RTT measurements proxy Reconnect after server shutdown OR O C Use true SSL with HTTPS M Hea UTTD 4 Keepalive interval Reconnection delay SSL protocol version TL Svi v HND erenart i i Avoid using DNS C SOCKS4 5 DNS lookups on
31. AhE E EEENEE EES 9 1 5 Is it secure Is it anonymous Does it compromise my security Can catch a virus Bee 10 1 6 What do s it EE 11 1 7 Is Your Freedom Spyware or Ach are 11 1 8 How many servers do you have Are they all the samedi 12 2 Getting As na reete deaa Aae deana ea Eiaa aE ted iai Earra iA 14 be ees 14 2 2 Getting and installing the client software 15 2 3 Connecting for the first time ies cscs earitecs erceancneruoss de acenandaasdesiia cited cetidaadertuendetisentenetse 16 Ona PO reer eee TT ee CRE EE 16 On an Android GOVICE E 25 2 4 Configure applications E 27 E Eeer 27 EE 28 2 5 Manual OP NATO E 34 2 5 1 The Your Freedom configuration dialog 34 2 6 Starting and stopping the Connection 37 2 6 1 Each user may only log iN ONCE uu ceeeeccecceeeceeeeeeneeeceeeceeeceneeeeeceeaceeeseneaeeesenaaeeetnneaeeesnnaeeeetned 37 2 7 Nee el 38 2 7 1 Server location E 38 2 7 2 PLOLOCOIS EE 38 RER 39 3 Connecting applications and Games sicrcixcdetivsesunves iceanediawsesioe tecunetarieaveremeeneturenenedenonseebunee 41 Klee EE 41 3 2 USiNg SSO CE SIONS erect ss ha ote aie et ee rete ee ee a 41 32 1 lee 41 3 2 2 Linux and other Unix derivates ccccccccccceesessneecececeseeneaaeceseceecedeaeaaeeeseceseedeaeeaseeseeneeeneaaes 42 B23 MaC OS E 42 3 3 CODEN E ee 42 iS le Deele EE 42 B 3 2 Ee ME 43 3 3 3 CONPIQUIATION LASKS ccssccecececeteeceenseceeneeceececsaeeeeasecesaeecaaeessaeseeaseceeaeessnseseasssensec
32. If you would like to connect other PCs PlayStations VoIP phones whatever to the Internet through the Your Freedom connection all you need is a second network interface installed in your PC Make sure it isn t used for anything else You need to connect your other PCs PlayStation etc to this network interface either directly crossover cable or via a small switch hub Do not use the same switch hub as for your other Ethernet interface unless it provides VLANs Another thing that you need to ensure is that your other Ethernet interface does not use the192 168 0 0 24 network if it does reconfigure your DSL cable router to use a different network Open Start gt Control Panel gt Network Connections Find the unused LAN interface it s probably called Local Area Connection 2 but don t rely on it you need the exact name Then find the TAP32 interface of OpenVPN Right click on it and choose Properties Click on the Advanced tab Tick the Allow other network users to connect through this computer s Internet connection box and choose the network interface in the drop down menu below that connects to your other PCs or PlayStation Click OK and close the Network Connections window That s it your other PCs Playstations should now be able to connect to the Internet through Your Freedom s OpenVPN connection when it s up 6 2 3 Will tethering on Android work with Your Freedom The short but unsatisfactory is no unfortunately n
33. SYOUR FREEDOM NPENSIYOUR DOOR TC tHe WOR Your Freedom User Guide A Step By Step Introduction and Reference Guide to Your Freedom https www your freedom net Version 3 0 Release Date 2013 06 26 OPENSSYOURIDOOR TOTHE WOR Your Freedom User Guide Page 5 of 86 All trademarks used in this guide are trademarks of their respective owners and only used for reference The most current version of this guide is available from our web page httos www your freedom net in the Documentation section Please check if there is a later copy available if you encounter problems or you cannot find needed information in this copy This guide is Copyright 2006 2013 by resolution Reichert Network Solutions GmbH Zweibr cken Germany All rights reserved You are welcome to copy and distribute this guide in both electronic and paper form as long as you distribute it as a whole and not in parts you do not modify it in any way and the reference to the original location is kept intact Please advise all recipients that distributed copies may not be the latest version of the document and that they can always download the latest version from our web site Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 6 of 86 Et ee IIe ON EE 8 1 1 What is Your CT Te KEE 8 Te Whatis it NOt ees asa a ei a miss EEES ia i EEE Ea 8 1 3 What can USE It Eegen 9 1 4 How does it work e ereugeteeushe Eege Seege egEENE
34. Your Freedom string your Your Freedom password required password or an obfuscated form of it portaccept Forwards a server porttoa multiple server port local port string local host optional local port portforward Forwards a local port to a multiple local port remote port string remote host optional remote port post_avg_uplink_dur POST mode average uplink integer In POST mode how duration in milliseconds optional long shound an uplink transfer take on average in milliseconds Influences the maximum POST length Default is 500 ms post_err_holdoff POST mode error holdoff integer In POST mode wait time in milliseconds optional this many milliseconds in an error condition before trying again post_max_connection Maximum number of integer Some people might S concurrent connections in optional have to lower this to POST mode one Itis safe to use bigger numbers but at some point it will only increase overhead Default 2 is good for most people post_min_holdoff Time to wait before new integer Defaults to 5000 connection is made optional milliseconds post_min_post_size Minimum size of a POST integer Never lower the request optional maximum POST size Version 3 0 Release Date 2013 06 26 below this limit It could starve the uplink path Default 3000 post_min_queue Miminum queue size for fast integer transmission in POST mode optional Your Freedom User Guide Number of queued frames that trigger a
35. a for Mac OS X 10 x Update whatever Once you ve installed it Java 5 may still be activated by default The installer we provide should be able to automatically ensure the right version is taken if that doesn t work try to change the default Open Finder go to Applications Utilities Java run Java Preferences Move Java SE 6 to the top for applications e Android APK The Your Freedom app will only run on Android 4 0 and above devices Older Android versions are not supported no matter if the phone is new or not We cannot support older versions because they are lacking the necessary VPN API If you are unsure open the settings go all the way down to About phone and check Android version in there If it s 1 x 2 x or 3 x then Your Freedom will not work on your phone Check with your manufacturer if there is a firmware update and complain if not We suggest that you also check on hiitp www cyanogenmod org they might have an aftermarket firmware for your phone There are no other requirements contrary to other VPN applications your phone does not have to be rooted We suggest that you configure your device to allow installation of applications from external sources this will allow you to download and install the app from our website and receive updates Open the settings go to the Security section find the Device Administration section and tick Unknown sources It does not jeopardize your phone
36. adapters both physical and virtual The newly created WAN Miniport adapter should be among them it will claim it is an IKEv2 type adapter and that s why we need to modify it Right click on it and choose Properties A Your Freedom US D H Disconnected Status Set as Default Connection Create Copy Create Shortcut Delete Rename Properties Click on the Security tab then change the default settings The type of the VPN needs to be set to PPTP and you should set data encryption to maximum strength encryption though our server will negotiate that anyway Remove the tick from Challenge Handshake Authentication Protocol and leave the tick on Microsoft CHAP Version 2 we need to use Version 3 0 Release Date 2013 06 26 KOUR EREEDOM amp OPENSIYOUR DOOR TITHE Page 56 of 86 MS CHAPv2 instead of standard CHAP because this is a prerequisite for MPPE data encryption The whole tab should now look like this Point to Point Tunneling Protocol PPTP X ES Data encryption Use Extensible Authentication Protocol EAP d Properties Allow these protocols F Unencrypted password PAP Challenge Handshake Authentication Protocol CHAP Automatically use my Windows logon name and password and domain if any Now click on the Networking tab and untick everything except IPv4 it will make the VPN connection less noisy conserve bandwidth and slightl
37. adheres so much to the standards that it does not only fool proxies it also enables us to put an intermediate CGI script in between Yes that s right there is a simple PHP script that people can put on any web servers they control that can in turn provide a Your Freedom connection to those who dont have access anymore to any of our servers Our idea is that it s fairly simple to block all our IP addresses as they pop up because we cannot have new ones every day but it won t be possible to do something about thousands of new URLs every day that haven t got anything in common It is quite obvious why people would like to use such a CGI relay because they have to There is no other reason because obviously this method is not as fast and interactive as the other connection methods But when you re desperate and no other way of connecting is left it s better than nothing But why would people put the script on their web servers when all they get for it is a lot of additional traffic That s simple There is a rewarding scheme Every time you use their relay server they ll get bonus points that they can use towards purchases on our web site If you are considering providing a relay check out https www your freedom net id cgirelays for details But be aware that such a relay could easily create hundreds of gigabytes of traffic per month and that your provider probably doesn t like it if you run it on a virtual server So how d
38. administrative rights It s tricky however to override existing proxy configurations this way By using outbound and inbound port forwards If your application only needs to access one particular server via atop connection on a particular port it s probably most convenient if you create a mirror image of this port on your PC and access your local PC on the mirror port instead Similarly you can create a mirror image of a port on your PC on our servers and make it accessible to others on the Internet This is covered in chapter 6 1 on page 66 Your account profile needs to permit this Currently only owners of TotalFreedom packages can redirect server ports to their local PC Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 30 of 86 Setting up Mozilla Firefox All web browsers support the use of web proxies and option 1 should be just fine Click on Tools Options Choose the Advanced panel Then click on the Network tab The configuration windows should now look like this Ko Main Tabs Content Applications Privacy General Network Update Encryption Connection Configure how Firefox connects to the Internet Offline Storage Use up to Of MB of space for the cache Tell me when a website asks to store data for offline use The following websites have stored data for offline use Version 3 0 Release Date 2013 06 26 YOUR FREEDOM DEENSvOU E DGOR
39. ailable from http www inet no dante Many Linux distributions contain a dante client package Once installed you would normally have to configure etc dante conf to redirect traffic appropriately to your local SOCKS server and then use the socksify script to run applications Tsocks Tsocks is another Unix Linux world socksification tool also free It can be found on Sourceforge There is a Mac OS X version as well 3 2 3 Mac OS X Proxifier Proxifier is also available for MacOSX Tsocks Check out http forums macosxhints com archive index php t 55338 html for hints about tsocks for MacOSX 3 3 OpenVPN support 3 3 1 Introduction There is another way to make your applications connect to the Internet through Your Freedom without the need to configure them in any way This is pretty well tested and so far has proven to be almost bullet proof versus its socksifier cousins In theory every application that works behind a DSL or cable router also should work well though OpenVPN mode Version 3 0 Release Date 2013 06 26 BENS YOUR DOO d 3 4 ane SSES Ge dg Your Freedom User Guide Page 43 of 86 3 3 2 Prerequisites The OpenVPN way unfortunately has a few prerequisites that you need to meet for it to work on your PC Administrative rights There s no way around it you need to be able to install OpenVPN and use it so you need administrative rights on UNIX like systems you need to be able to i
40. al my default connection Current None Set default Local Area Network LAN settings LAN Settings do not apply to dial up connections Choose Settings above for dial up settings If you are using a LAN connection click on LAN Settings otherwise choose the connection you use to connect to the Internet and click on Settings A window similar to this one will open Version 3 0 Release Date 2013 06 26 YOUR FREEDOM E DPENSIYOUR DOOR Page 33 of 86 Automatic configuration Automatic configuration may override manual settings To ensure the use of manual settings disable automatic configuration Automatically detect settings E Use automatic configuration script f Address Proxy server lee a proxy server for your LAN These settings will not apply to dial up or VPN connections Tick the checkboxes for Use a proxy server and for bypass proxy server for local addresses Then click on Advanced Another window will open Proxy address to use localhost localhost localhost localhost Use the same proxy server for all protocols Exceptions Do not use proxy server for addresses beginning with m e Use semicolons to separate entries Fill in the values as shown Then click OK in all the windows Internet Explorer now uses the Your Freedom connection and consequently only works when the connection is up Version
41. as well 5 2 1 Vouchers Voucher codes are sequences of characters that you can fill into a form either in the website or directly into the Your Freedom client to create packages You receive a voucher code from us as part of a promotion or as a compensation for service problems or as an expression of our gratitude for something you helped us with You can also buy vouchers from us in several denominations as voucher carnets Our vouchers are valid for one year from the day of purchase Our voucher carnets can be used to temporarily upgrade your Your Freedom account with a package without having to pay for a full month and not use parts of it Also voucher carnets are transferrable i e not linked to an account and can be used separately at any time Voucher codes can be added to the voucher panel in the YF client Simply type in the code case does not matter and click Add You can import whole voucher carnets in one go if you use the label we ve emailed you instead of individual voucher codes If you don t have our confirmation email at hand just log in to our web site and visit the ACCOUNT section It is safe to add vouchers or whole carnets on several installations of YF and even with different accounts but you may use each voucher code only once Click update to automatically check which codes have been used in the meantime and clean up to remove all used codes from the list Ves this can be used to pr
42. assword If someone is able to obtain this MD4 hash he cannot only impersonate you but also decrypt recorded data The big problem here is that Microsoft has not salted the hash and this means that pre computed dictionaries can be used for brute force attacks on recorded MSCHAPv2 authentication packets Our advice is use a very strong password If you do PPTP using MSCHAPv2 and MPPE is relatively secure 4 1 3 How to configure PPTP We ll explain here how to do it on Windows 7 You ll surely find information about how to do it on your system if you google for it there is nothing particular about our PPTP service First click the Windows button in the down left corner of the screen and chose Control Panel It will look like this ke gt EJ gt Control Panel gt Adjust your computer s settings View by Category System and Security S User Accounts and Family Safety Review your computer s status Ki Add or remove user accounts Back up your computer Find and fix problems a Set up parental controls for any user Appearance and Personalization Change the theme Change desktop background Network and Internet View network status and tasks Choose homegroup and sharing options Adjust screen resolution Add a device Change display language Ease of Access Let Windows suggest settings Optimize visual display Programs Uninstall a program Hardware and Sound Clock Language and Region View devices and print
43. at it will use the full bandwidth or use Your Freedom s built in traffic generator In order to use it start the client and create a local port forward from some port e g 1234 to a virtual host called speed test on port 0 Then open a command shell in Windows click on Start choose Run then type cmd In this shell type telnet localhost 1234 or whatever port you ve used the speed test will then run for one minute at the highest speed possible Note that during the speed test all speed restrictions still apply You won t get a higher bandwidth reading than your profile or slider settings permit but you should see the bandwidth go up to your slider settings if you don t something else is limiting your speed It could be and likely is the speed of your No applicable to Android app t At the time of writing relaying is permitted to all users Not available on Android Version 3 0 Release Date 2013 06 26 Internet connection Try adjusting the uplink speed to the actual speed of your Internet connection e g many DSL connections only allow 256Kbit s or 384 Kbit s in uplink direction adjust the slider slightly below this value this might improve your throughput in the opposite direction Please note This traffic generator feature is meant to be used for troubleshooting please do not use it frequently The best reason to run a speed test is that we ve asked you to For best test results you nee
44. ault Only turn on bypassing WebSense if you know that your connection is passing through an old PIX firewall using WebSense and you cannot connect it may work with this set to true found_servers Base64 encoded records of multiple Don t mess with it servers found in last server base64 unless you know what search optional you are doing ftp_mode Data connection set up style string both default to use in FTP mode optional normal or passive normal will cause the YF server to initiate the data connection this is what FTP normally does both will use whatever works ftpproxy Use a non transparent FTP string Put in the FTP proxy s proxy with the FTP optional host name or IP connection protocol address Remove if you don t need one very likely ftpproxyport Use a non transparent FTP integer Put in the FTP proxy s proxy with the FTP optional control port normally connection protocol Version 3 0 Release Date 2013 06 26 21 Remove if you don t need an FTP proxy very likely header Additional headers when multiple If you need additional sending requests to the web string headers or wish to proxy optional override things like User Agent do it here For example headers User Agent NoneOfY ourBusiness 1 0 hide_tray_icon On Windows do not display boolean true or false a tray icon optional default http_flush Close and
45. cast medium like Ethernet Every station just rolls a dice for an IP address and does some checking whether it s already in use If not it uses it No one uses this network for anything only Windows does in the absence of a DHCP server or a static configuration The network is not routed on the Internet and no one uses it Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 46 of 86 privately that s why we chose it It s very unlikely that it causes any addressing conflict anywhere The other end of your OpenVPN tunnel is always 169 254 0 1 or 169 254 128 1 if you want to check what packet delay is added by Your Freedom just ping this IP address Your PC will get an odd address from a 30 subnet within this range and it will route everything to the even counterpart address in this subnet Version 3 0 Release Date 2013 06 26 Page 47 of 86 4 Using Your Freedom without client app 4 1 PPTP 4 1 1 General information The normal way to use our service is through the Your Freedom client software It will let you do things that you normally cannot do with VPN software But there are times and places where you only need to ensure you get connected without someone spying on you or you only need to appear to be elsewhere and not where you really are If this sounds like you read on The Your Freedom connectivity servers are now able to accept PPTP VPN connections too PPTP is a VPN tunnel protocol d
46. d to run multiple speed tests in parallel An individual stream will likely not be able to saturate a fast connection Creating a dump file Desktop Depending on how you start Your Freedom there are different ways how to start it in dump mode The Windows installer version can be run in dump mode from the Start menu if you are running the client from the command line use the option dump output file to activate the dump mode If it is run using the Start menu or if the outputfile is left omitted the dump file will be produced on your desktop except for Unix like systems in which case they will be stored in your home directory Note that there is a drop in performance when you activate this mode and the dump file may grow pretty big over time Normally the client does not dump any actual packet data if that s needed well provide a modified client on request that does Don t hesitate to have a look at the file some of it probably makes sense to you some of it will only make sense to the developers If you mail us a big dump please compress it Put it in a ZIP or 7z or whatever archive file but please avoid any proprietary features e g WinZIP 10 s AES encryption mode If you are having connection problems it helps if you run the Wizard in dump mode as well Android Open the configuration menu then click General Settings Tick the enable dump mode checkbox It is recommended that you also tick compre
47. difficult connection scenarios please refer to chapter 2 5 on page 34 for details Now let s assume that you are using the wizard It will first present a Welcome page Welcome This wizard will guide you through the basic configuration We will gather information whether or not you need to use a proxy server and whether or not you need a username and a password on this proxy server Then we will find a Freedom server in your vicinity that you can use and set up your account details Click on the Next button to continue Proxy Server At first we need to figure out if you are using a web proxy to view WWW pages This information can be obtained from the web browser s configuration Internet Explorer Extras Internet Options Choose the Connections tab If you are using the LAN connection click on the Settings button on the bottom right otherwise choose your dialup connection and click on the Settings button next to it Find the Proxy Server dialog box and click on the Advanced button A window will pop up showing your current proxy settings e Mozilla Tools Options Advanced tab Network sub tab Connection panel click on Settings If you are not using a web proxy or if you can t figure out how to use it leave the fields empty Proxy Address Port Try to auto detect We have taken great effort to ensure right to left languages are properly formatted
48. e got the proxy settings in the application right if it s running on the same PC as the Your Freedom client use localhost or 127 0 0 1 as the proxy host address and 1080 SOCKS or 8080 web http https as the proxy port If it s running on another PC be sure you have relaying enabled Ports panel and it s permitted by your profile Account Profile panel and you ve used the Your Freedom PC s local LAN address as the proxy host address Then check the message panel in the Your Freedom client do you see blocked protocol messages there You need to use another Your Freedom server then the one you are using right now is not supporting a protocol that you need Please have a look at our online documentation if you are having trouble We know it s not perfect and the introduction page is an outright shame but have a look anyway there is more in there than you might think https www your freedom net 4 Another plan might be to have a look at the user forums Maybe someone else had the same problem before The forums can be found at hittps www your freedom net 2 Performing a speed test A speed test is a very express way to know how much traffic per unit of time your Your Freedom connection can handle For this you need to generate enough application traffic to saturate the link between the Your Freedom client and the Your Freedom server in both directions So either run an application of which you know th
49. e service to those of you who need it we need to restrict some protocols on them If your application doesn t work as you would expect have a look at the message window of the YF client Are you seeing messages about a denied protocol It means that you ll have to use a different server 12 know this may be not entirely correct but it is for the Internet 3All servers allow all connection models this is not about how you connect with the Your Freedom client to the Your Freedom server but what you do through the connection Version 3 0 Release Date 2013 06 26 Page 39 of 86 Generally speaking use a server in Europe whenever you can if you are worried about protocol restrictions There is one restriction that applies to all servers SMTP to remote servers is not permitted Instead all SMTP connections are redirected to one of our servers where submitted email is checked for viruses and SPAM content before it is passed on This is only important if your mail application must connect to a specific mail relay normally it won t be a problem but it means that you ll likely have to disable transport level encryption Also we have extensive protection mechanisms against spamming built into the servers you won t be able to rapid fire deliver emails via Your Freedom A normal user won t notice at all but for soammers it s a pain in the backside and meant to be one 2 7 3 CGI relays The CGI connection method
50. eason why you would want to set it to false unless you suspect that there s a bug in our key negotiation code and you lose connection We highly recommend that you set this value to true relay Allow others to share your YF session boolean optional Set to true or false or remove Note that this only works if your profile permits it as well rtt_interval Measure round trip time every this many milliseconds integer optional 0 to turn off i e only measure once after 10 seconds server_connection_pr otocol Set tunnel protocol preference influences DNS name resolution only integer optional 0 whatever works 4 IPv4 only 6 IPv6 only 46 prefer IPv4 64 prefer IPv6 server_criterion Define criteria by which to automatically select servers multiple string optional name of criterion number between 0 refused and 10 required default is 5 don t care sipforward Mirror a remote SIP gateway multiple string optional local port SIP gateway addr SIP gateway port sip_fixup_audiostrea m Fix destination IP address in UDP stream for SIP audio Version 3 0 boolean optional Release Date 2013 06 26 Try this if SIP audiostreams are unidirectional only Your Freedom User Guide age 88 of 86 socks The SOCKS port integer Make your PC a optional SOCKS proxy by supplying the port number Remove or set
51. econd LAN interface and use the YF OpenVPN connection openvpn_ option Additional OpenVPN options multiple Pass these additional string options as if they were hidden lines in the OpenVPN config file openvpn_path Configure full path of string Use this if the OpenVPN executable optional OpenVPN executable is not in your executable path openvpn_tap_sleep Set tap sleep option in integer Default is 2 seconds OpenVPN to this value optional Relevant only on Windows openvpn_route_delay Set route delay option in integer Default is 2 seconds OpenVPN to this value hidden second parameter is always 30 Relevant only on Windows openvpn_route_meth Configure OpenVPN route string Default is exe See od method hidden OpenVPN documentation for more options Relevant only on Windows openvpn_ip_ method Configure OpenVPN ip string Default is dynamic win32 method hidden See OpenVPN documentation for more options Relevant only on Windows openvpn_tmp Temporary directory to be string Default is your home used for OpenVPN config hidden folder or a sub files and certificates Version 3 0 Release Date 2013 06 26 directory below it Configure an absolute path here openvpn_udp Make OpenVPN tunnel boolean Use UDP instead of through UDP forwarding optional TCP forwarding for the instead of TCP forwarding in OpenVPN tunnel YF connection if true password Your
52. ending if you continue to receive emor messages you can enable logging for analysis e E Enable logging For logging options see diagnostics Logging options can also be accessed by clicking the Remote Access Preferences menu item under the Advanced menu of the Network Connection Folder E EI it most likely means that our server has kicked you out Your FreeFreedom account might be over the time budget or your account got disabled Try to reconnect If that works it was most likely some technical problem a timeout or whatever If problems persist note down the exact time and contact support about it Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 61 of 86 4 1 5 Sharing the PPTP connection You can use Windows Internet connection sharing functionality You ll find it in the properties of the virtual network adapter see above Please note that you cannot share your connection with other computers that are on the same network that you use to run the PPTP tunnel over An example would be someone in a computer lab connected through Ethernet you cannot share the connection with other PCs on the same Ethernet In order to share the connection the other computers Play Stations whatever need to be connected to an Ethernet interface that you do not use for anything else so put in a second Ethernet card if your computer does not have a second Ethernet interface It is not a good idea to u
53. ers L Change keyboards or other input methods Now choose Network and Internet Version 3 0 Release Date 2013 06 26 OPENSSNOUIR DOOR 1d THE WORLD OUR FREEDOM Ze E Ki JEE gt Control Panel Network and Internet gt X Search Control Panel p Control Panel Home E Netw el Sbuste See EA P View network status and ta a EE AO SEC View network Network and Sharing Center Network and Internet Check network status change Parvan ana Sound ad HomeGrou network settings and set preferences Choose homed for sharing files and printers Programs Internet Options User Accounts and Family ZC Change yourhomepage Manage browser add ons Safety Appearance and Personalization Delete browsing history and cookies Clock Language and Region Ease of Access Click on Network and Sharing Center In the network and sharing center panel click on Set up a new connection or network the link looks like this W Set up a new connection or network Set up a wireless broadband dial up ad hoc or VPN connection or set up a router or access point Choose Connect to a workplace even if that sounds silly and you are probably trying to escape one then click the Next button Version 3 0 Release Date 2013 06 26 HYOUR FREEDO _ TOUR DOOR TG MHE WORLD Your Freedom User Guide Page 50 of 86 Choose a connection option Connect to the Internet Set up a wireless broadband or
54. ersion numbers if possible and tell us which installer you are using NSI the small one or JET the large one Tell us too if it fixes a previous problem No need to tell us you are now able to get connected again when you weren t able previously we ll notice it statistically The release versions of the client are generated as follows YYYYMMDD Serial YYYY Year MM Month DD Day Serial Counting up on that Day Example 20040507 02 2nd Version on the 7th of May 2004 Version 3 0 Release Date 2013 06 26 On Android updates are automatically provided through Google Play and we recommend that you enable automatic updating in Google Play If you prefer to use our own built in updating functionality find it in the settings menu Appendix B Country information Country specific plans Your Freedom has special plans created for those connecting from certain countries in which access to the Internet is highly restricted We omit the list of those countries here More information can be found on our website In those countries the FreeFreedom account type behaves different Depending on the country vou re connecting from the FreeFreedom can exhibit variations in the usage limits As a general rule usage limits are eased allowing for an uninterrupted connection time Also the usual 64kbps bandwidth can go up to 512kbps in some cases They become active once the user connects from the affected co
55. eveloped by Microsoft and some more companies not renowned for designing good protocols in fact PPTP is pretty much broken by design in many aspects However it does have one advantage nearly every PC nearly every smartphone speaks PPTP without any additional software Contrary to well designed protocols like OpenVPN PPTP uses a combination of TCP for the control connection and GRE encapsulated PPP frames for the data transport That by itself is not too bad But if you consider that you need to use MSCHAPv2 and MPPE 128 for authentication and encryption if you want at least some bit of protection and that each of these two are again completely broken by design this is where the mess starts But you don t have to worry about the dirty details we have done that for you Nevertheless it s the standard and it is very widespread plus it is relatively secure when used properly And it gets the job done When would you want to use PPTP Here are some examples e When connected to a public wireless hot spot without encryption using PPTP will ensure that no one can see what you are doing e f you live in country A and you would like to make it look to some Internet service like you actually live in country B great if you want to watch TV broadcasts not available for your country e If you are in a censoring environment but the censoring is only very subtle some things just don t work and it always looks like technical faults e f you
56. false windows on the screen optional default echo_max_tx_interval Maximum interval between integer Default 1000 ms two ICMP ECHO requests in optional ECHO mode echo_min_tx_interval Minimum interval between integer Default 1 200 of two ICMP ECHO requests in optional echo_max_tx_interval ECHO mode echo_tx_adaption_fa Adaption speed in ECHO float Between 1 1 and 5 0 ctor mode optional default 1 5 Higher values are more aggressive echo_max_payload_s Maximum payload size in integer Default 1464 the ize ECHO mode optional maximum value encryption Turn on connection boolean true or false encryption optional default Note that the wizard turns this on for you You should only turn encryption off for debugging Version 3 0 Release Date 2013 06 26 Page 80 of 86 file_extip Write server s external IP to string This allows you to use a file when connecting optional the server s external IP in scripts flatten_bursts Slow down frame boolean true or false transmission in bursty optional default Set if you periods to obtain a smoother notice connection traffic pattern hangs on bursts follow_server_recom Allow the client to follow the boolean true or false mendations server s recommendations to optional default use another server DEPRECATED fool_pix Try a hack that can foolold boolean true or false PixOS versions into hidden def
57. g to a stream that has not sent data for a while interactivity Defaults to 20ms connect_on_startup Fire up connection when boolean true or false default client is started optional connect_timeout General connection timeout integer Defaults to 10000 ms in milliseconds hidden Turn on debugging on the integer The lower the more Java console not the hidden verbose Default message panel is 999 It probably doesn t do much anymore these days Domain to use in DNS mode string You should not optional manually configure this option use the config panel instead Your Freedom User Guide Page 9 of 86 dns_max_tx_interval Maximum delay between integer Default 1000 ms sending two queries in DNS optional mode in milliseconds dns_min_tx_interval Minimum delay between integer Default 1 500 of sending two queries in DNS optional dns_max_tx_interval mode in milliseconds dns_no_direct_conne Avoid directly sending boolean true or false ction queries tothe YF serverin optional default DNS mode force the use of a configured nameserver dns_rep_interval Repeat unreplied queries in integer 5 times DNS mode after this many optional dns_max_tx_interval milliseconds dns_tx_adaption_fact Adaption speed in DNS float Between 1 1 and 5 0 or mode optional default 1 5 Higher values are more aggressive dont_show_popups Avoid popping up notification boolean true or
58. gh a web proxy need to be setup to use your local PC the hostname is localhost the IP address is 127 0 0 1 on port 8080 as the web proxy and everything should be fine 2 By configuring them to use a SOCKS4 5 proxy Applications that offer you to access the Internet through a SOCKS proxy need to be set up to use your local PC again the hostname is localhost and the IP address is 127 0 0 1 on port 1080 as SOCKS proxy This is preferable over the web proxy configuration if you ve got the Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 29 of 86 choice but both will normally do Use SOCKSS if you can If it doesn t work some applications have buggy SOCKS implementations trySOCKS4 By using a socksifying application to run your application from Many applications are not designed with your networking problems in mind and do not offer to run using a web or SOCKS proxy Many of them work well with Your Freedom if you run them from inside a socksifier That s an application that foists a modified Winsock DLL to the application which redirects all network requests to a SOCKS proxy in this case to the Your Freedom client Examples for such applications on Windows are SocksCap 32bit only ProxyCap and FreeCap They are covered in chapter 3 2 on page 41 Using a socksifier might also be an option if you cannot configure your application e g because you dont have
59. group are not suitable for large file transfers and so on you ll get the drift Everyone may use all servers in the free group the others are reserved to paying customers Some servers may not be available to users connecting from certain countries or only available to users connecting from some countries The Your Freedom client will tell you about such restrictions when you connect authentication not valid for your country of residence If this happens to you please use another server We only do this when we need to defend ourselves i e not at all if we can avoid it Look at the server load too The higher the number the more loaded the server Loads below 40000 are considered low loads above 125000 are considered high and very high numbers indicate you ll likely only get a degraded service We use a traffic light scheme to quickly indicate the server state A green light indicates that the server is fine and can accept your connection A yellow light would indicate that the server is up and running but currently rather busy already slightly overloaded or otherwise in trouble connectivity Version 3 0 Release Date 2013 06 26 a He Your Freedom User Guide Page 13 of 86 problems are a possible reason and probably won t be able to provide the best service to you you are still welcome to use it and the service may still be pretty good A red light indicates that the server is down or otherwi
60. have to forward all requests it also has to set up UDP forwards dynamically for all audio and that s right video streams We haven t tested this with many different SIP providers and phones so it s likely that many of them don t work yet We like to hear from you SIP forwarding will only work with UDP not TCP Nearly all clients and servers use UDP Also note that using a SIP phone consumes a certain amount of bandwidth depending on the Codecs you are using the FreeFreedom profile will likely not be fast enough to support SIP forwarding the voice will break up 6 1 3 Server port forwards Would you like to make your PC reachable from the Internet Then server port forwards are for you Check out the Account Profile panel after connecting if you see remote ports forwarded there you can use this feature You can configure it as well if no ports are forwarded to you but it won t do a thing Forwarded server ports are able to handle both TCP and UDP traffic It is important to understand that you can only forward server ports that are assigned to you i e appear in the list of remote ports forwarded So let s assume you have ports assigned Add forwards like this Remote Port i Local Host Local Port Accept Cancel It is not absolutely necessary to use the same numbers for remote port and local port but we have found that many applications are too silly to a
61. he Your Freedom client application and the Your Freedom server act as intermediate hops for your application connections 1 5 Is it secure Is it anonymous Does it compromise my security Can catch a virus Connecting to the Internet through Your Freedom is generally less dangerous than connecting through a dial up or DSL connection As long as you do not explicitly configure a server port forward no one can connect to your PC or phone though Your Freedom But since you may download data from the Internet that may then be executed on your PC intentionally or unintentionally because of application bugs there is a certain amount of risk it is the same as if you were connecting through any other means to the Internet and download data from there However it is possible that your company or whatever uses sophisticated protection mechanisms e g virus checking for downloads from servers on the Internet that we do not provide in this case it is indeed less secure But please consider that it is less secure because it allows you to do things that you would otherwise not be able to do the most secure protection from the dangers of the Internet is an Air Gap Firewall i e pull the plug You ll be safe but also lonely Version 3 0 Release Date 2013 06 26 Page 11 of 86 It has been said before that Your Freedom is not a full blown anonymization service It will however hide your IP address unless your application communicates it
62. iers Just make sure your applications are not using any proxy and that should be it Note however that since your PC is not connectable from the Internet through the OpenVPN tunnel applications who rely on this won t work If the manufacturer s web page says something about ports that have to be opened inbound in your firewall it likely won t work It is possible to combine OpenVPN tunneling with server port forwards however See chapter 6 1 3 on page 67 for details 3 3 5 Troubleshooting The OpenVPN tunnel is not coming up properly Have a look at the message log it may tell you why If it doesn t create a dump file and mail it to us See chapter Appendix A creating a dump file or check it out yourself Check if there is still another OpenVPN process running when the Your Freedom connection is shut down Hit Ctrl Alt Del sort the tasks by name and look for openvpn Terminate it before you restart the Your Freedom connection This can happen if the Your Freedom client is terminated abnormally before it has a chance of shutting down OpenVPN The OpenVPN tunnel opens but then the Your Freedom connection fails The tunnel routes somehow cut off your connection to the Your Freedom server Please generate a dump file for us the Your Freedom client should be clever enough to avoid this but seemingly isn t What are these 169 254 xxx yyy addresses That s a class B network reserved for ad hoc networking on a broad
63. is what you want to call it it has no technical meaning Tick Don t connect now we need to change some parameters before the connection is finally set up When done click Next Version 3 0 Release Date 2013 06 26 gt Pae ve uf OTe Your Freedom User Guide Page 52 of 86 Type the Internet address to connect to Your network administrator can give you this address Internet address us pptp your freedom net Destination name Your Freedom us Use a smart card H E Allow other people to use this connection This option allows anyone with access to this computer to use this connection In the next step you are asked to provide your user name and password This is the Your Freedom user name and password as you would use it to log on to our web page or as you would use it in the Your Freedom client software If you want tick show characters it will make typing cryptic passwords easier and is safe as long as no one is glancing over your shoulder and remember password safe if this is your computer and access to it is restricted Do not put in a domain When done click Create Version 3 0 Release Date 2013 06 26 Wyour FRE ore Your Freedom User Guide Page 53 of 86 Type your user name and password User name example Password mypassword Show characters Remember this password Domain optional Windows will now tell you that the connection is ready to use but it i
64. istrator and confirm the dialog In the black cmd window type netsh interface ipv6 show teredo If status is offline try this command netsh interface ipv6 set teredo enterpriseclient Wait a bit then check the state again netsh interface ipv6 show teredo It should tell you that status is qualified or dormant When done type exit With Windows XP SP1 SP2 Teredo is shipped as well but not installed by default You can easily sort that though by opening a cmd window click Start then click Run and type cmd and typing netsh interfaceipv6 install then proceed as above or just type netsh interface ipv6 set teredo enterpriseclient You might want to use a different Teredo gateway than the default if yes append it to the set state enterpriseclient command If your PC is not behind a NAT router you can use set state client instead Unless someone filters Teredo this should give your PC full IPv6 connectivity The YF client will automatically notice and try IPv6 6 4 Fine tuning CGI mode Generally CGI connection mode is the slowest of all possible connection modes This is due to the way it works it needs to accumulate data before it sends it off to the other side But you can adjust a few knobs and try to make it faster First locate the ems cfg config file see Appendix C This file can be edited with any text editor for example Notepad Ensure the YF client is NOT running when you edit the file or
65. ith the system network stack and does not rely on pre loading a library like some other socksifiers It works with many games and applications that cannot be used with socksifiers like SocksCap and FreeCap We know it works well with Steam powered games Find it on hitp www widecap ru eng SocksCap This is an old but popular socksifier free for non commercial home use and not available anymore commercially You must google for sc32r240 exe if you want to download it Version 3 0 Release Date 2013 06 26 Page 42 of 86 FreeCap FreeCap is as the name suggests freeware and is available for download from the project s home page at http www freecap ru eng There is also additional documentation there but its use with Your Freedom is simple enough We like this best because it s free and easy to use and it s good enough for many but not all applications ProxyCap A commercial product Have a look at http proxylabs netwu com Proxifier Proxifier is also a very clever piece of software Testing for 31 days is free a license costs USD 40 Plus it s also available for Mac OS X Check it out on the Proxifier home page at http www proxifier com HummingbirdSocks The OpenText Exceed connectivity suite contains a socksifier as well It can be found on http connectivity opentext com 3 2 2 Linux and other Unix derivates Dante Dante is the de facto standard in the Unix Linux world It s free Download av
66. k on the Start connection button in the Status panel To have your applications use the Freedom service configure them to use the following SOCKS 4 5 server or web proxy server SOCKS 4 5 localhost 1080 Web Proxy localhost 8080 There is much more that you can configure please check out the Configuration window and read the documentation to learn how you can add fixed port forwards and turn your PC into a mirror image of your POP3 IMAP SMTP mail server or even make your PC reachable from the Internet To save your new configuration now click the Save and Exit button below It seems you re done now Click on Save and Exit The main window of the Your Freedom client should now look like this Bien een eee e Status Streams Account Profile Ports Messages Vouchers Applications About Connection Freedom Server hitps ems04 your freedom de 443 External IP Address n a Server located in n a Open streams 0 Bytes sent Bytes received Send rate bytes sec Receive rate bytes sec Actions Restart connection Update Exit E Configure Start Connection Notifications Downlink bit s unlimited unlimited Note that the client just doesn t know anything about the server and your account e profile before you ve connected to the server that s why some of the values seem to be s
67. l running Name Address Found 38 ways to connect ems07 your freedom de 85 214 84 196 DE 10 Mf HTTPS Maiting for results ems03 your freedom de 81 169 154 29 DE ag ems28 your freedom de 94 126 17 227 CH 9 7 ems14 your freedom de 94 231 80 100 CH 9 7 HTTP ems06 your freedom de 81 169 178 188 DE 9 6 FTP ems01 your freedom de 66 90 73 46 US 9 6 ems24 your freedom de 94 126 16 7 CH 9 6 UDP ems30 your freedom de77 92 92 156 UK 9 5 ems15 your freedom de 91 194 91 38 DE 9 2 Try non HTTPS ports no proxy DNS ems11 your freedom de 80 74 137 161 CH 8 4 CGI relays ems18 your freedom de 81 169 156 135 DE 8 4 Stop after this many tried ems08 your freedom de 85 214 192 39 DE 8 4 ems19 your freedom de 83 170 105 241 UK 8 1 ems29 your freedom de 83 170 106 56 UK 7 9 Stop after this many found ems13 your freedom de 178 73 198 130 SE 7 8 A ems20 your freedom de 205 204 93 138 CA 74 ems02 your freedom de 193 164 133 72 DE 7 1 Qems16 your treedom de 76 73 88 90 US 5 7 k TAAA a Pandam SAA AeA TAN ANAL On the last screen enter your username and password if you have one already You may use the pre configured unregistered with password unregistered if you do not have your own account with us yet You only need a personal account if you intend to make use of our BasicFreedom EnhancedFreedom or TotalFreedom offers 46 YF Config Wiza lt gt X
68. lar UNIX users normally know Generally the Java archive version of the Your Freedom client should run on every computer that has a suitable JRE and enough memory We love to hear from you if you ve managed to run it on an exotic piece of hardware or in an unusual place We also offer a Mac OSX installer version Even though Mac OSX editions often ship with a pre installed JRE there are versions like Leopard that ship with JRE 5 which is no longer supported so you may need to install JRE 6 or 7 manually Additional hints for Mac OSX and other operating systems can be found in the documentation section on our website 7 Logging in is optional of course most content is available to everyone without a login The special unregistered account cannot be used on the web site The Java Runtime Environment is required to be compliant to Java 6 or newer If in doubt visit http java oracle com click on Java SE in the Top Downloads section on the right hand side of the screen then download the JRE or a JDK which contains the JRE and install it on your PC Oracle provides these downloads for free but please have a look at their license terms Version 3 0 Release Date 2013 06 26 wee a a OPENSSYOUR As WORLD Page 16 of 86 The YF client only runs with Java 6 not Java 5 Mac OSX does not ship with Java 6 but you can get it from http developer apple com java download download Jav
69. ms ems18 your freedom de 85 214 116 165 96 ems28 your freedom de 94 126 17 227 ems32 your freedom de 188 138 24 228 ems06 your freedom de 81 169 130 185 ems11 your freedom de 80 74 137 161 ems03 your freedom de 85 214 149 35 ems04 your freedom de 85 214 149 43 ems20 your freedom de 67 212 67 75 ems19 your freedom de 83 170 116 31 It is important that you see a yes or a number in any of the columns HTTP HTTPS FTP or UDP A yes means that the client has been able to use this protocol to connect to the server using the default port settings a number would mean that it has been able to connect but on a different port and a no means that the protocol could not be used to connect to this server The results are sorted by preference a number between 0 and 10 it indicates how well the server fits your requirements if you ve set any Choose a server and then click on Next Configure Freedom Account Piease fiil in your Freedom username and password in the form below Click the Next button when you are done To obtain a Freedom account go to http www your treedom net and register there On this page enter your Your Freedom username and password Click on Next Version 3 0 Release Date 2013 06 26 HM Congratulations All should be set up now and you are ready to free yourself from your chains To open the door to Freedom clic
70. nnect will also improve If you are happy with partial results use the input fields on the bottom to stop searching after a given number of attempts have been made or a given number of connection options has been found Click the right arrow to start searching for connection options now Once the Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 26 of 86 search is completed you ll see a list of Your Freedom servers The table can be scrolled vertically and horizontally It is ordered by preference a number between 0 and 10 calculated based on your configured server preferences you haven t done that yet and the likely server performance Some of the found servers will have a coin symbol these servers are only available to paying customers while others are available to everyone Tap on one of the records to highlight it and then tap on the right arrow YF Config Wiza lt gt v YF Config Wizard amp X YF Config Wizard amp vy Select protocols Looking for Freedom Servers Found Freedom Servers Choose the protocols you would like to try If you are will now try to locate Freedom servers near you Please IA search found the following servers Please highlight junsure try them all This is useful if you would like to Stand by one of them and click on the Next button avoid a protocol because you already know that it doesn t work po searches scheduled 16 stil
71. nnounce another port to the network than they actually listen on For example BitTorrent clients usually can announce different external IP addresses and ports but 99 of all trackers will simply ignore this So use the same port on both ends by configuring your application accordingly and it will all work by sheer magic Also we cannot assign ports that you request for the simple reason that everyone wants6881 and such Please don t ask you can only use the ports that have been automatically assigned to your profile Typical usages e Getting Remote Access to your PC e g rdesktop VNC SSH e Getting High ID in eMule e Speeding up of BitTorrent downloads Version 3 0 Release Date 2013 06 26 Page 68 of 86 Currently Server Port Forwards are only included in the TotalFreedom upgrade 6 2 Connection Sharing 6 2 1 Relaying If your profile supports relaying and you have turned on the relay for others option other people in your local network will be able to configure their browsers and applications to use your computer as a proxy server just the same way as you do All they have to do is specify your computer IP number and 8080 or whatever port you have under web proxy or 1080 sock proxy in their applications where a proxy server port is required Typical use is for roommates in a dorm or colleagues in the same office 6 2 2 Using OpenVPN and ICS to connect other PCs Playstations XBox etc
72. nstall the OpenVPN binary setuid root in your path On typical company PCs with domain login you won t have administrative rights With Vista you also need to explicitly run the Your Freedom client with administrative privileges right click Run as administrator Alternatively right click on the link in the start menu choose Properties click on the Compatibility tab then tick the run as administrator checkbox this will fix it once and for all as long as you always use this link to run the YF client OpenVPN needs to be installed OpenVPN is Freeware and Open Source but please consider donating If you have the ability to install software on your PC go to http openvpn net download html and download OpenVPN It needs to be at least2 1_rc20 newest release should do For Windows there is an installer others need to compile OpenVPN from source or maybe it ships with your OS s distribution In any way if you open a command shell and type openvpn you should see hundreds of lines of instructions if not it s not properly installed OpenVPN needs to install a tunnel interface on your PC on Windows it s called TAP WIN32 on Linux this would be tun0 For users of Windows Vista Windows 7 and above it s recommended to configure the openvpn exe executable to run under administrative privileges Go to C Program Files OpenVPN bin right click on the openvpn executable select Properties Compatibility
73. nstaller This version comes bundled with a JRE of its own so there are no prerequisites Every Windows user should be able to use this one provided that you may install software on your PC The download is rather fat about 14 megabytes Again this is an exe file try changing the ending to txt if this is a problem A benefit of this version is that it is compiled to native code and will consume fewer resources Both Windows installer versions are installed by running the exe file Just follow the instructions in the installer and you should be done in a minute If you are updating from an earlier version we recommend to un install the previous version first your settings will be kept If you change installer type you must uninstall the old version first Once the client software is installed proceed to chapter 2 3 If you are not running Windows or if you cannot install software on your PC your best choice is the Java archive version Download the ZIP file and extract the contents into a folder to which you may write This could also be a memory stick or a CDROM by the way Then run the Java interpreter with the freedom jar file With Windows it is usually sufficient if you double click on the JAR file but you may want to open a cmd window instead cd to the directory and run javaw jar freedom jar instead On UNIX boxes you d normally use java jar freedom jar or kaffe jar freedom jar or something simi
74. o you use such a CGI relay You need to know the URL put it in double quotes because you don t need a full fledged URL you need the server name and the URI For example if the script could be accessed in a web browser using the URL http some server somewhere some path script php the CGI relay would be called some server somewhere some path script php in Your Freedom Simply use it as the server name choose CGI as the connection model and definitely disable automatic server switching Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 40 of 86 CGI Relay Server Restrictive Firewa d Web browser Your Freedom Server Your Freedom client Internet Service And how do you know about these Well that s another matter entirely We won t publish any lists and we would ask that you do neither Why Because we don t want these lists to simply get imported into URL blacklists But the YF client finds the relays No we won t say how figure it out If you would like to set up such a CGI relay you can download the script at httos www your freedom net ems dist enduring freedom php RENAME Have a look at the first lines you need to choose which server you would like to relay to and put the server s name in Save it under an inconspicuous name use the right ending Then test it please use your web browser you should see a long text page with load
75. od and you cannot directly FTP to servers on the Internet there may be an FTP proxy on your network Don t bother to configure anything if you can use the ftp command line tool The port will likely be 21 but you ll need the hostname or the IP address as well ask someone who knows there are legitimate needs to use FTP outside web browsers The most common connection scenarios are also covered by the Wizard available through the button on the bottom it s the same that is run when you start the client for the first time and it s described in detail in chapter 2 3 on page 16 When you are done click on Save and Exit to save your changes or on Cancel to abort them So much for setting up the connection You should now be able to start it up from the Status panel The connection indicator the door should open a question mark should appear while client and server negotiate and disappear after a few seconds If it doesn t disappear your connection settings don t work Have a look at the Messages panel If you can t get the connection to work check out chapter Appendix A to see how you can help us to help you Once you are connected check out your connection profile by clicking on the Account Profile tab It should look somewhat similar to this Status Streams Account Profile Ports Messages Vouchers Applications About General Profile name _ TotalFreedom Expires
76. ogies like BitTorrent to games can be configured to connect via your freedom This chapter covers some concepts necessary to make your particular application work For more specific techniques like local and server port forwards see chapter 6 1 Port Forwards on page 66 3 2 Using socksifiers If your particular application does not support the use of web or SOCKS proxies it still doesn t mean that it cannot run with Your Freedom Since the Your Freedom client is a full blown SOCKS server all you need is to socksify your application There are several ways to do this all of them basically use a feature called dynamic link library preloading Since people hate re inventing the wheel they came up with code libraries that get dynamically linked to the application at execution time Like every other operating system Windows Linux MacOS etc ship with such libraries and one particular of them offers networking functions The first time such a function is referred to by the application the library automatically gets loaded but only if it hasn t been loaded within the application s context already The trick is to make sure that the library has already been loaded before the application starts but a hacked version of it that knows what to do with a SOCKS server 3 2 1 Windows There are many socksification tools on the market here are some examples WideCap WideCap is a free socksifier that integrates w
77. omewhat odd including the bandwidth it s not unlimited unless you ve bought a package Click on Start connection and you should see something like this after a few seconds Version 3 0 Release Date 2013 06 26 YOUR FREEDOM OPENSIYOUR DOOR Page 23 of 86 Connection Freedom Server hitps ems04 your freedom de 443 External IP Address 81 169 154 27 Server located in DE Germany Open streams Bytes sent Bytes received Send rate bytes sec Receive rate bytes sec Actions Notifications Downlink 0 0k bit s unlimited Note that all the details are now filled in and the bandwidth reads 64 0k That s kilobits about the speed of an ISDN connection or a bit faster than with a high speed modem Click on Account Profile now Version 3 0 Release Date 2013 06 26 Your Freedom User Guide General Profile name Status Streams Account Profile Ports Messages Vouchers Applications FreeFreedom Expires never Server groups default Maximum uplink bandwidth 65 536 bits sec Maximum downlink bandwidth 65 536 bits sec Maximum simultaneous streams 10 Remote fair queueing yes SOCKS4 5 BIND permitted yes Relaying permitted yes Maximum server port forwards 0 Maximum connection time 60 minutes Remote ports forwarded none Access restriction
78. onger than 4 weeks We do not use this information in any other way except for statistical debugging and accounting purposes and for combating violations of our terms unless required by legal authorities in Germany We will never provide any details to private parties or oppressive regimes There is a control console on the servers that theoretically allows us to see what our users are currently doing We only use this for troubleshooting and all data there is transient and not stored anywhere The moment you log off it s all gone Trust us we have better ways to pass our time than peeping on you You might say but others claim they dont log at all Well they are either naive or lying Our competitors need to protect themselves against abuse too and they can only do that if they have data We have decided to be honest with you 1 8 How many servers do you have Are they all the same This point is subject to change frequently At the time of writing we have 23 servers online in 9 different countries All will be able to support basic web surfing or chatting but some will refuse P2P connections particularly the ones located in the United States to comply with provider policies Some can handle more traffic than others Have a look at the live statistics page at https www your freedom net id servers servers that are not in the p2p server group are not well suited for P2P applications servers that are not in the volume
79. ore Configuration dialog and an ISO 2 letters country code in uppercase location_x Coordinates of the Your integer 0 is top left corner Freedom window on the optional higher values are screen further right location_y Coordinates of the Your integer 0 is top left corner Freedom window on the optional higher values are screen further down minimum_post_size Minimum HTTP POST size integer Default is 20000 or hidden 20Kilobytes Only lower if you know that your proxy will refuse POSTs above 20kand you really have to min_buffersize Minimum buffer size for integer Defaults to 1500 Try to streams optional increase this if you want to achieve individual stream bandwidths of more than several megabits per second Maximum is 8192 openvpn OpenVPN port integer Default is 1194 only optional change if you need this port for something else openvpn_exclude IPs and networks to be multiple For every IP or network excluded from routing string IP address an through the OpenVPN tunnel optional Version 3 0 Release Date 2013 06 26 optional space and net mask that should not be routed through the OpenVPN tunnel add a line to the config Your Freedom User Guide openvpn_nat_interfac List of interfaces that you multiple Useful only on e want to re route to the string Windows Lets you OpenVPN connection using optional connect your Play Network Address Translation Station or XBox or other PCs to a s
80. orwards Local Port f Remote SIP Proxy Remote Pon Add Server Port Forwards Remote Port Local Address Local Port Add Note the SOCKS 4 5 and Web Proxy checkmarks this tells you that your local PC is now acting as a SOCKS4 5 proxy on port 1080 and as a Web Proxy on port 8080 To change these values untick the service then modify the port then re activate this can be done on the fly while you are connected Everything below is pretty sophisticated stuff and certainly not aimed at first time users and will be covered in chapter 0 If for some reason you cannot configure your applications from within the Your Freedom client you need to manually configure them to use web proxy localhost on port 8080 or SOCKS proxy localhost on port 1080 if you ve got the choice use SOCKS version 5 Please refer to the application s documentation to learn how to do this or ask someone who knows we ve got some examples in the FAQ Docu section of our web page https www your freedom net id faq as well OpenVPN support is not enabled by default please see chapter 3 3 on page 42 2 4 2 Manually Of course we cannot provide detailed configuration guides for all applications that can be used with Your Freedom There are basically only 4 ways how applications are made to work via Your Freedom 1 By configuring them to use a web proxy Applications that offer you to access the Internet throu
81. ot There are several reasons for it First of all the Android VPN API does not provide a means to set up address translation on tunnel interfaces The second reason is that tethering will not provide a default gateway to your PC when a VPN connection is active We are sure Google considers these shortcomings a security feature You can of course install the PC version of Your Freedom on your PC and run this version instead the Android app while using your phone s connectivity to get connected Version 3 0 Release Date 2013 06 26 ee a L4 OPENSSYOUR Bb WORD ZS Page 69 of 86 6 3 IPv6 The YF client can use IPv6 to connect to YF servers IPv6 addresses can be reached through the SOCKS5 and local port forward facility but not via OpenVPN mode or web proxy Please note however that not all of our servers supportIPv6 If you are having problems connecting to YF servers or even find them it is a good idea to try and enable IPv6 on your PC if it is not already enabled Also enable all kinds of tunneling mechanisms you never know one of them might work where you are On Windows Vista and Windows 7 both IPv6 and Teredo tunneling are enabled by default but unless your PC has a global IP address tunnel mechanisms won t work out of the box To make it work click on Start then type cmd but do not hit Enter Wait until the cmd exe application appears in the search list then right click on it choose Run as admin
82. otect a more expensive package from expiring 15 On Android if you purchase voucher carnets from the built in shop they will get added automatically Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 65 of 86 To use a particular voucher code highlight it then click send sel On Android if you highlight a category of codes the first unused voucher code in this category will be sent If for whatever reason you cannot use voucher codes directly from within the Your Freedom application you can send them through the web site instead Please see the Voucher FAQ on our web site for further details 5 3 Test drives If you are considering buying a package but are not sure whether it will be what you expect how about a test drive Log in to our web page at hiips www your freedom net on Prices and click on the Try Before You Buy link on the left Everyone is welcome to try but notice that we only allow test drives for accounts that have not just been created and that haven t tested extensively already Also we refuse test drives for accounts that have been involved in payment reversals before However our support staff can help you out should you need additional testing just send an email to support your freedom net During a test drive you ll receive all the benefits of the selected package and what s more you may even switch from one package type to another to test them all Simply visi
83. ou want to receive the YF client by email just write a blank email to get your freedom net you ll be given further instructions on how to proceed If all the odds are against you and you can t get the client software from anywhere else we ll mail you a CD as well It is recommended that you use a personal account but if you only make use of our FreeFreedom offer you do not need a personal account Just use username unregistered and password unregistered in the client application The Android app does this by default Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 15 of 86 2 2 Getting and installing the client software Once you ve created an account you may use it to log in on our web page Log in to check that your account is active then click on Downloads you don t have to be logged in to download There are several ways to run the Your Freedom client and consequently there is more than one option for download e Windows Installer Windows users who already have a suitable Java Runtime Environment installed on their system and who have enough rights to install software should be able to use this version The download is about 2 megabytes in size If you are unable to download files ending in exe try to copy the link location and paste it in the URL field of a new browser window then change the exe to txt Rename the downloaded file on your PC to exe when done e Windows Full I
84. please bear with us if this is not always the case none of us is able to read any of these languages so we don t notice And let us know Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 18 of 86 If your Internet connection is through a web proxy enter the details here If you are unsure try to click Next for now Select protocols Choose the protocols you would like to try If you are unsure try them all This is useful if you would like to avoid a protocol because you already know that it doesn t work HTTPS Try non HTTPS ports no proxy HTTP FIP DNS ECHO RR RR C CGI retays _ Stop after this many tried C Stop after this many found cancer wn You ll find a Window asking you to select which protocols will be used to connect to YF servers Selected protocols will affect the way the Wizard checks reachability of servers Some connection modes may not be available to you depending on the platform and whether or not you are running the Your Freedom client as administrator this is a prerequisite for ECHO mode If you are unsure leave the default selection Click Next Version 3 0 Release Date 2013 06 26 YOUR FREEDO DPENSIYO D r Td MHE WORLD Your Freedom User Guide Page 19 of 86 Found Freedom Servers A search found the following servers Please hightight one of them and click on the Next button Name Address County
85. possible in some specific network conditions Most people don t need these and can safely leave them disabled so if you are able to connect do not enable tweaks Version 3 0 Release Date 2013 06 26 WYOUR FREEDOM S STAN A Your Freedom User Guide e age 5 of 86 Their names are very explicit They have been added after we have learned how to make the YF client connect in certain conditions normally very well represented in certain countries when normal techniques don t seem to work If you ve got a clever way to configure the YF client to connect to its servers in some unusual networking situation please tell us about it Version 3 0 Release Date 2013 06 26 DEENSOURDOOR VO ITEE WORLD Your Freedom User Guide age Appendix C The Your Freedom client configuration file The configuration file is stored in your home directory and it s called ems cfg on Windows and OSX and ems cfg on Unix platforms yes two dots If you want to copy the file or edit it be sure that the Your Freedom client is not running The file is plaintext and you may edit it with your favorite text editor for example pico or vi on Unix systems or notepad in Windows Where s my home directory With Unix like systems you probably know because you are there all the time In most cases there is a directory called home containing a subdirectory for each user by his or her username you should find your home directory
86. r games whatever Instead of connecting directly applications can send connection requests to these proxy servers provided by the client part of the Your Freedom software running on your PC and the client part will then forward these requests to the server part running on our connectivity servers through a connection protocol that is still available to you and through which the client part can reach the server part There is also a transparent mode that does not require any application configuration and on Android phones and other devices Your Freedom will simply work without any additional configuration Your Freedom tunnels through firewalls web proxies FTP proxies DNS servers and the like Sounds complicated Well it is but the good news is you don t have to worry about it that s our job 1 2 What is it not Your Freedom is not a private VPN software It does not provide a connection to a private network but to the Internet Some call this a VPN software but it is really a connectivity solution Your Freedom is not a firewall solution it is meant to break through firewalls not to be one It does not make your PC any safer But that s likely not your concern because someone is probably protecting you too well anyway Your Freedom is not a perfect anonymizer The service does provide a certain level of anonymization by hiding your IP address Instead the connection request appears to come in fact it does come from
87. r them We have some useful tweaks for some countries and or networks If yours is among them make the correct choice on the next page Most likely you ll not need this and if you do you can always come back later 46 46 d 8 YF Config Wizard gt vy YF Config Wiza lt gt v YF Config Wiza lt gt v Welcome Proxy Server Connection Tweaks his wizard will guide you through the basic Wi first we need to figure out if you are using a web proxy Would you like to try special connection tweaks Please onfiguration We will gather information whether or not to view WWW pages Most likely you do not need to check the available options if one of them appears ou need to use a proxy server and whether or not you configure anything here Suitable for you and you can t get a connection without need a username and a password on this proxy server try it out Most users can choose None Then we will find a Freedom server in your vicinity that H you are not using a web proxy or if you can t figure out you can use and set up your account details how to use it leave the fields empty Tweaks Click on the Next button to continue Proxy Address none 4 Ca Port Proxy Type HTTP HTTPS a The next page provides a list of connection models available and lets you select which ones to try We suggest that you tick HTTPS HTTP and DNS Generally the more ticks you make the longer it will take but your chances of finding a way to co
88. r provider is throttling a service you d like to use using PPTP might make things work properly for example YouTube is slow in some places because the local provider wants it to be slow Of course the YF client will help you in all these situations as well A Swiss army knife will let you turn screws too but a screwdriver might be the better tool at times even though you cannot cut anything with it Should the screwdriver turn out not to be powerful enough you can always resort to your trusted Swiss army knife The service level you receive FreeFreedom BasicFreedom EnhancedFreedom TotalFreedom is the same as with the YF client application Vouchers can be sent through our web page You may use your account with both the client and PPTP but not both at the same time You ll use a shared IP address just as with the YF client Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 48 of 86 4 1 2 Is PPTP safe The YF client uses stronger encryption and protects your privacy better than PPTP Still PPTP is about as strong as using HTTPS to access web servers It uses RC4 with a 128 bit master key and generates session keys every so often Not exactly state of the art but it will probably do Its biggest weakness is that it relies on a sufficiently strong password You might have read about attacks against MSCHAPv2 This is not exactly news MSCHAPv2 and MPPE both rely on the secrecy of an MD4 hash of your p
89. ricted web proxy that provides access to all web pages that are generally accessible or connects it transparently to the Internet e Time restrictions We have heard from users that they use Your Freedom to avoid time restrictions In most cases existing connections are not disrupted by such restrictions and therefore all they need to do is to start the Your Freedom client before the restriction is in place and keep it open The connection between the client and the server part is persistent this depends on the connection protocol however e Access restrictions If there is Internet connectivity through a hotspot or a similar facility but you need a login that you don t have we ll likely be able to get you fully connected 1 4 How does it work You need to run the client part of the Your Freedom software on your local PC It is written in Java and should normally run on nearly every PC without the need for administrator rights We also provide installer versions that do not require Java to be installed but you may need administrator rights to install these On Android just install our Your Freedom app and launch it The client software then connects to one of our servers through a connection protocol that is still available to you In most cases this will probably be an HTTP connection through a web proxy that you may use or an HTTPS or FTP connection In many places UDP or ICMP ECHO may be used as well Nearly everyone eve
90. rywhere can use DNS mode Have a look at the picture below The box on the left is your PC Let s say the restrictive firewall won let you access hotmail com and you want to read your private email from your workplace fire up the Your Freedom client and let it connect to one of our servers configure There are cases however where Your Freedom is able to actually enhance your connection for a particular purpose for example by disguising your traffic as traffic that is put into a better service class by your provider or by overcoming routing issues The protocol is of course not illegal and it is therefore silly to block it we know best because we had to block it on some servers as well but it remains open on most Your actions may be illegal though Your Freedom can t do anything about this it remains your responsibility Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 10 of 86 your web browser to use it as a proxy and your web browser will be able to connect to hotmail com by connecting to the Your Freedom client which will forward the requests to one of our servers which will then forward the request to the hotmail com server The replies from the hotmail com server will take the same route backwards Restrictive Firewall Internet Web browser Your Freedom Server Your Freedom client Web Server This is only a very simple scenario but it illustrates that t
91. s Rule permit any Address This panel contains your account details Without a package you may not use any special servers just the default ones your bandwidth is limited your maximum number of simultaneous streams is rather low and your server connection will be terminated after 60 minutes but you may reconnect when it happens No server ports are assigned to you so none of them are forwarded to you But at least there are no access restrictions you may access everything on the Internet If you are using the HTTP protocol to connect and your connection does not fully work try the POST or the CGI connection model instead see manual configuration in chapter 2 5 on page 34 OK time to configure your applications Please refer to chapter 2 4 on page 27 to learn how to do this Once you ve set up at least a web browser to use Your Freedom the main objective should be reached you should be able to access the web freely If the version of the YF client you re using to connect is too outdated you may see a message saying the client is too old This means you must update to the latest YF client version as yours is not supported anymore The preferred method would be to download the most recent one uninstall the old version and install the new one ln fact there are some restrictions but you can t see them They are only there to protect our servers and won t get in your way Promise
92. s of garbage don t worry that s fine If it works register it on our web page hitips www your freedom net id cgirelays log in first to ensure you get the credit Our scripts will test it automatically and if it works they will add it to the database and make sure that clients can find it it takes a while though don t expect clients to use it immediately Btw you are welcome to set up CGI relays for your own personal use only as well you don t have to register them Feel free to tell others about it and publish the URL if you like Just if you decide to register it don t publish it If you have before simply change the name or the path or set up a copy Do that frequently it helps Remove very old copies from time to time they get unregistered on our web page automatically since our servers check their existence from time to time but you can do so as well Version 3 0 Release Date 2013 06 26 Een Freedom User Guide Page 41 of 86 3 Connecting applications and games Please note This whole chapter is only applicable to the desktop version not the Android application On Android you do not need to configure anything to make your other applications work with Your Freedom 3 1 Introduction Apart from browsers there are many applications that can benefit from Your Freedom and connect to the Internet From terminal clients chat and instant messengers like GTalk Pandion or Yahoo Messenger P2P technol
93. se the same physical infrastructure i e the same Ethernet switch since ICS runs its own DHCP service and will confuse the upstream connection 4 1 6 DNS servers Unless you explicitly configure something else the PPTP connection will negotiate the use of Google s DNS servers Google will not know who you are they only see our server s IP address 4 1 7 More than one pre defined PPTP connection You may configure as many connections as you want but it is not recommendable to bring up more than one at a time For example you could define different connections for different countries Just follow the procedure above to set up more connections To remove them again open the adapter panel and delete the adapter this is where you can rename a connection too If you are asking whether you and your friend can use the same account at the same time the answer is no Your Freedom accounts generally only work for one person at a time If a second connection is established the previous connection is terminated If you are at the same place you can share the connection as explained above though Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 62 of 86 5 Account types Time based upgrades and vouchers 5 1 FreeFreedom usage free of charge We offer a very basic service for free It is good enough to make yourself familiar with Your Freedom and test whether or not your application will work with Your
94. se unable to serve you Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 14 of 86 2 Getting Started 2 1 Registration process Your first step in using our service is to register on our web site P You need to visit httos www your freedom net and create an account there There is a link underneath the login and password form fields in the red part of the page banner On the registration page choose a username preferably one that is not likely already used and provide a password Please make it long enough this is for your protection not ours Both username and password may contain uppercase and lowercase ASCII letters digits dashes and underscores spaces are permitted in the password too other characters may work as well particularly in the password but it is not a good idea to try The only other required field is your email address Everything else is not mandatory please do not fill in rubbish if you do not want to provide the information leave these fields empty instead You can always come back later and provide information for example if you need a qualified invoice Once you have filled everything in click on the Create account button You will be asked to confirm your details by clicking on Create account now If there is a problem with your data red messages will appear telling you what is wrong just correct your input and try again Within a few minutes you should receive
95. seneessnneteas 44 3 3 4 Configure your applcaions ccccccesececnceceeececeeeeeeaseceeaceceueeessaesseneeceeeeseaeseeaeeseeseesennsessssesaes 45 3 29 WOUDIOSHOOUNG E 45 Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 7 of 86 4 Using Your Freedom without Client app 47 4T Cat ceruen ae a a a nine tesdwistaasa ed A E 47 4 1 1 General information E 47 4 1 2 RE 48 4 153 FIOW 10 contig re PPTP Ponsiano aa aai aiaa ads acho badness 48 4 1 4 What if it doesn t work 59 4 1 5 Sharing the PPTP connechon nenn neen nenne 61 4 16 DNS SOIVGIS is ei EEN AEEA IAE A EEE ai EA ETER E E EE ET EEA 61 4 1 7 More than one pre defined PPTP connechon 61 5 Account types Time based upgrades and vouchers cccccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeess 62 5 1 FreeFreedom usage free of charge ENEE 62 5 2 Upgrades and Ke EE 63 e RE 64 S3 ES CS orgs ete cache peas a E 65 e VM 66 6 1 Port FOMW ANOS EE 66 6 1 1 LOCAl POr TOMWAIOS EE 66 6 SIP TOPWAIOS 3s sadon a eaa ai aa aae aa epee ened 66 6 1 3 Server POrt Torwar EE 67 6 2 Connection Sharing E 68 OZ le EE 68 6 2 2 Using OpenVPN and ICS to connect other PCs Playstations XBOX ef 68 6 2 3 Will tethering on Android work with Your Freedom 68 EE A E EEN 69 6 4 Fine tuning Eve 69 Appendix A Troubleshooting sisceineiicodsneeesetvraninaes bonsephunwnis usd cenabetabebieeianassacereiunacdianieabone 71 Why does my app game not work 71 Perlorming a speed
96. sion 3 0 Release Date 2013 06 26 5 a a d a Sod J emm P DH e DPENSSYOUR DOOR TI d E ai Page 64 of 86 To buy upgrades please visit our web page at hitos www your freedom net log in with your account then click on the Account tab There is a currency calculator as well if you d like to convert the price in Euros to your local currency or at least one known to you For your orientation 1 roughly corresponds to 1 30 US at the time of writing On Android just visit the in app shop It will let you purchase account upgrades the same way as you Can purchase apps When you buy an upgrade your account profile usually gets updated within minutes you ll receive an email when it happens and you ll notice if you are connected However some payment methods take longer than others to complete Please visit our Prices page on httos www your freedom net to learn about details log in first to see everything Newly bought packages are instantly activated other packages that have not expired yet get suspended However you may use the arrow buttons on the Prices page to move your packages around anytime and decide which of your packages is currently active and which are suspended Please consider buying a package if you use Your Freedom regularly even if FreeFreedom is enough for you Servers don t grow on trees and support staff and developers like the occasional pay check
97. sn t That s why you should click the Close button now Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 54 of 86 The connection is ready to use A gt Connect now In the Network and Sharing Center which should still be on your screen if not click the Windows button Control Panel Network and Sharing Center to bring it up click on Change adapter settings on the left hand side Version 3 0 Release Date 2013 06 26 YOUR FREEDOM S OPENSSYOUR DOOR ETH Control Panel Home e s e e View your basic network information and set up connections Change adapter settings a 7 2 d tod See full map Change advanced sharing Internet settings S This computer View your active networks Connect or disconnect Access type Internet z open Join d A Home network Pon NE e wielen g Connections 3 LAN Verbindung Change your networking settings di Setup a new connection or network Set up a wireless broadband dial up ad hoc or VPN connection or set up a router or access point Connect to a network Connect or reconnect to a wireless wired dial up or VPN network connection Choose homegroup and sharing options See also Access files and printers located on other network computers or change sharing settings HomeGroup l Troubleshoot problems EE Diagnose and repair network problems or get troubleshooting information Windows Firewall This will show your network
98. ss using GZIP it will spare you the additional step of compressing the dump file by compressing it on the fly Do not tick extensive unless we have asked you to or you are really curious Your dump file will appear on the SD card in a directory called Your Freedom Dumps You ll probably need an app like ES File Explorer highly recommended to email it to us or access it by connecting your phone or tablet to your PC Using a packet sniffer This is bare metal debugging and not for the faint hearted There may be situations where our support staff asks you if you can use a packet sniffer to troubleshoot connection or application problems If you can we recommend using Wireshark available from www wireshark org or www ethereal org Ethereal is the historical name of Wireshark In most cases you should run Wireshark on the same PC as the YF client and you should either capture on the interface that connects the YF client to the YF server or on the interface that connects other PCs to the YF client PC depending on the nature of your s Hardly applicable to Android guess Version 3 0 Release Date 2013 06 26 problem Let the capture run then re create the problem then stop the capture Save the capture to a file and mail it to us again we like it if you compress it Updating the client It is highly recommended that you update your installation from time to time to ensure you ve got the latest bug fi
99. sses but are not reachable from the Internet you need to add route exclusion lines to your config file see Appendix YF client configuration file 99 of all users won t have to configure excludes All non Internet IP addresses are automatically excluded anyway this covers 10 0 0 0 8 172 16 0 0 12 192 168 0 0 16 Networks that are already routed on your PC are excluded as well For all others add an openvpn_exclude line per IP or network as described in Appendix C e g openvpn_exclude 1 2 3 4 openvpn_exclude 2 3 0 0 255 255 0 0 Note that Your Freedom is clever enough to automatically exclude all IP addresses that it needs to be able to reach in order to maintain the connection to the Your Freedom server Tick the OpenVPN box Go to the Ports panel and tick the OpenVPN checkbox Leave the port number as it is unless there are reasons why you need to use a different port Start the Your Freedom connection The connection set up should look like usual but approximately 10 seconds after the door opens it should open a bit more The message log should tell you as well when it happens Have a look at your PC s routing table in Windows run cmd then type route print Unix users type netstat mm or route n you should see a whole bunch of routes there all going to some 169 254 xxx yyy address These routes cover the whole Internet address space minus the exclusions mentioned above We cannot replace yo
100. t the Try Before You Buy page again to modify or end your test drive As with bought packages it may take a few minutes for updates to propagate to all servers and you may have to restart your connection or even the Your Freedom client to see the difference With the latest client versions you can activate test drives from the Account Profile panel desktop or the built in app shop Android You need to be connected to an YF server to initiate tests Version 3 0 Release Date 2013 06 26 ae a Your Freedom User Guide Page 66 of 86 6 Advanced Topics 6 1 Port Forwards Please note that this chapter only applies to the desktop version of Your Freedom not the Android app 6 1 1 Local port forwards One possibility to allow an application to connect to a service on the Internet via Your Freedom is to mirror a port on the Internet Just imagine there s a server out there with a certain IP address and it s listening to SSH connections You would like to SSH to the server but your SSH client does not support SOCKS In this case you would simply configure a local port forward similar to this one Your Freedom Local Port Forward Local Port Remote Host Remote Port Accept ge Cancel Now instead of connecting via SSH to some host somewhere on port 22 you simply instruct your SSH client to connect to localhost on port 2222 Your Freedom will put
101. the connection through for you Note however that if the remote host is unreachable the SSH client will still see a working connection but it will time out quickly This is just one of many examples how you can use this feature Generally speaking if your application needs to only connect to a particular host on a particular port local port forwards are the right choice 6 1 2 SIP forwards Yes that s true You can use SIP phones with Your Freedom as well We have seen reports that audio only worked in one direction Once we can find the time we ll continue to work on it Note however that this is still in early beta phase and it may not work properly in any case OpenVPN mode will likely work If you d like to give it a try here is what you need to do Assume you are using a SIP server called sip sipgate de on port 5060 the well known port for SIP If you configure a SIP port forward likes this one Your Freedom SIP Forwar Local Port Remote SIP Proxy Remote Port 5060 Accept Cancel Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 67 of 86 H will turn your local PC into a mirror image of the SIP server So instead of configuring sip sipgate de in your SIP phone configure localhost Disable STUN if you can it s meaningless in this context but will only make things slower SIP forwarding is a complex task not only does the YF client
102. the server s location is not important Try the different servers to see which one is good for you The YF client will tell you where the server is located when you are connected and also in the connection wizard Unfortunately we don t have many servers outside Europe simply because a They are unaffordable unmetered high bandwidth dedicated servers are vastly expensive in most places outside Europe b the providers are too restrictive in what you may do with the servers and what not we are sick and tired of endless and fruitless discussions with US based providers and explaining their droid staff what we do and what we don t do and why it s not illegal and why it s rubbish that the server s IP appeared in some robot email If you Know about good providers we would like to hear from you But please consider that an average Your Freedom server generates between 1 and 8 terabytes of traffic per month and needs at least 2 GB of RAM and a decent multi core CPU And it should come with Debian Linux If it s less than 100 US dollars per month that would be great 2 7 2 Protocols Not all our servers permit all protocols Some providers you got it they are mostly US based place protocol restrictions on us and are having kittens every time they believe that they have spotted something and what s even worse they won t listen to any arguments So if we want servers there and we do to provide a good responsiv
103. there The config file ems cfg or ems cfg is in there you just might not see it because it s a hidden file in Unix terminology starting with a dot Try to append a to the Is command With Windows Vista and Windows 7 open an Explorer and go to C Users In there there is a directory for each user the directory name is usually equivalent to your login name This directory is your home directory or HOMEPATH in Windows environment terms In there you should find a directory called AppData if you don t disable hiding of system files as explained on http www techrepublic com blog window on windows quick tip reveal hidden system files in windows explorer 2467 then Local then Your Freedom and the config file ems cfg is in there In older versions of Windows the home path is located in C Documents and Settings or equivalent in your language again there s a directory for each user s home directory A rule of thumb to find your home directory would be executing cmd from the Run window Type the name of a program folder document or Internet resource and Windows will open it for you Cancel Browse You ll find yourself in front of a black terminal with a blinking cursor The text at the left is the path for your home directory c Users myusername gt _ There is no config file on Android Version 3 0 Release Date 2013 06 26
104. to 0 to turn SOCKS off sslproto If https_ssl is configured string any default SSLv2 define SSL TLS protocol optional or TLSv1 version to use start_minimized Start in system tray single true or false the Windows only optional default stopafter_found When searching for servers integer 0 to try until no more stop search after this many optional potential ways are servers have been found known stopafter_tried When searching for servers integer 0 to try until no more stop after this many attempts optional potential ways are have been made known tunnelhost The Your Freedom server to string A host name an IP use required address multiple IP addresses separated by semicolon or a CGI relay URL In DNS mode DNS servers separated by comma can be appended with semicolon to a host name not an IP In HTTP POST mode can contain a host name and an URI tunnelport The Your Freedom server integer A port number port required tweaks Use this tweak set string Name of tweak setting optional use config window don t set manually or remove for none udp _newsrcportevery Use anew UDP source port integer Value may be as low UDP DNS mode every this optional as 1 but this will impact many packets performance Use with care Default is 0 no change Version 3 0 Release Date 2013 06 26 Your Freedom User Guide udp _newsrcporttime
105. untry The usual outcome is the users can stay connected for as long as they want without limitation from our side Please note that it is sometimes technically impossible to determine whether or not a connection is coming from a country that is on our list particularly if you use DNS connection mode Server availability by country Some of our servers may not be available to users from all places at all times We may set up such limitations to prevent servers that are strategically positioned to those in need from being overloaded by those who should really use other servers Another reason might be self defense like protecting a server from being abused by spammers Most of the SPAM we have to fight comes from only a handful of countries we might at times be required by our providers to close the floodgates There are servers for everyone nevertheless and connection is always possible to them no matter what country you are in Just try the servers on the list A few servers may deny connection from certain countries as a measure of protection against abuse When a user gets denied its connection attempt because of a policy applied to the country they are trying to connect from the YF client will produce an error saying AUTHENTICATION NOT VALID FOR YOUR COUNTRY OF RESIDENCE Trying a different server is recommended Tweaks Tweaks are basically setsof rules and hard coded behavior in the YF client to make connections
106. ur PC s default route that would very likely cut you off from your local network and make the Your Freedom server unreachable Relay for others Yes you can and you may But unless your PC masquerades the other PCs they need to run their own OpenVPN session When you start the connection the Your Freedom client creates some config files in your home directory please see Appendix C for location details all starting with client or server copy them to their PCs into some directory edit client ovpn and replace 127 0 0 1 with your PC s internal IP address then right click on the client ovpn file and choose the second option Start OpenVPN with this config file Of course they need to install OpenVPN first Version 3 0 Release Date 2013 06 26 Page 45 of 86 For a more general technique to share your Your Freedom connection with miscellaneous equipment like XBox Playstations or other PCs see chapter 6 2 2 on page 68 What about the Windows firewall Feel free to use it but don t complain if it breaks things Seriously there is no reason why you would need it only outbound connections work on the tunnel interface However if you suspect your applications to secretly open connections then yes use it If something doesn t work try without 3 3 4 Configure your applications Now that s the part you ll like most you don t have to No need to configure a proxy no need for socksif
107. xes and features Updating the YF client installation is very easy on Windows and on Android just use the built in update functionality and follow the individual steps If for whatever reason you need to update manually follow this simple procedure Windows on other systems the procedure is similar download uninstall install 1 Check on https www your freedom net index php id downloads for new versions compare the version number to the one displayed on the About screen of the YF client 2 If there is a newer version available consider downloading it We suggest you always keep the downloaded files of previous installations until you are sure that the new version is working properly for you so you can revert to it Previous versions are also available from our web site in case you need to roll back 3 Once you ve downloaded the new version disconnect then exit the YF client Uninstall the current version through Start Programs Your Freedom Uninstall or through the control panel of Windows While it is safe to install new versions over previous versions if you ensure that you always use the same installer type we do not recommend it Your settings will not be lost by uninstalling the YF client 5 Install the new version by running the downloaded file and following the steps on the screen If you find that the new version fails to do something properly that the previous version did please let us know include both v
108. y speed up the connection set up You cannot use IPv6 at this time because our servers do not support it yet Version 3 0 Release Date 2013 06 26 Boup FREEDOM a cman Your Freedom User Guide Page 57 of 86 O gemet Protocol Version E TCP IPv6 Intemet Protocol Version 4 TCP IPv4 So Uninstall i Properties Description Allows your computer to access resources on a Microsoft network When done click OK Now you are ready to go There are several ways to bring up the connection What works for everyone is this click the Windows button then Control Panel Network and Sharing Center Connect to a network If there is a networking icon in your task bar you may simply click on it instead This brings up your list of available connections Version 3 0 Release Date 2013 06 26 YOUR FREEDOM ES DEENS GUTE D E WORLD Your Freedom User Guide Page 58 of 86 Currently connected to Ad Internet access Dial up and VPN Your Freedom US Open Network and Sharing Center Click on the one you want then click connect Password To change the saved password click here Domain 7 Save this user name and password for the following users Me only WW Anyone who uses this computer Version 3 0 Release Date 2013 06 26 HYOUR FREEDO ES DEEN Sr OUR Your Freedom User Guide Page 59 of 86 Put in your password if you haven t saved it during the
109. your changes may be lost It is difficult to break this file so don t hesitate to try There are four values that control the timing of CGI connections and you can change any of them We d not recommend changing any of these limits except perhaps cgi_uplink_maxdelay Here are the parameters with their default values and their meaning cgi_uplink_maxdelay Defaults to 500milliseconds The YF client will accumulate data for at most this time until it initiates a new uplink connection no matter how much data has been accumulated You might want to set this to a lower value maybe 200 milliseconds Version 3 0 Release Date 2013 06 26 Your Freedom User Guide Page 70 of 86 cgi_uplink_urgentdelay Defaults to 20milliseconds The YF client will use this value instead of the previous value when it has frames to deliver that are considered urgent for example acknowledgements cgi_uplink_threshold Defaults to 3 If this many frames YF data units are to be delivered a new uplink connection will be made right away Setting this to 1 will effectively disable data accumulation and make your connection much more responsive but it will also create much more overhead If you don t care about how many connections are made and how much overhead it generates set this to 1 and don t worry about the rest cgi_uplink_mindelay Defaults to 1 millisecond This is the minimum amount of time between two uplink connections You should not set it to
110. ytes s EXACTLY barf Crash reports multiple Contains base64 base64 encoded crash reports fyi not yet sent to us These reports do not contain any personal data bw_downlink Desired downlink server to integer Bits per second client bandwidth in bits per optional Omeans unlimited second slider setting bw_uplink Desired uplink client to integer Bits per second server bandwidth in bits per optional Omeans unlimited second slider setting cgi_downlink_connec Downlink connection timeout integer Defaults to t_timeout in CGI mode in milliseconds hidden connect_timeout Version 3 0 Release Date 2013 06 26 cgi_downlink_reconn Downlink reconnection delay integer Default 500 ms Release Date 2013 06 26 in CGI mode in milliseconds hidden cgi_uplink_maxdelay Maximum delay before integer After this time the queued frames trigger a hidden queue is flushed no matter how much data is to be sent if any Default to 500ms cgi_uplink_mindelay Minimum delay before a new integer The minimum delay connection is triggered hidden between two queue flushes POSTs Default to1ms cgi_uplink_threshold Number of queued frames single 0 to disable or any that cause mindelay to be hidden low number Defaults used instead of maydelay to 3t cgi_uplink_urgentdela Maximum delay for urgent integer The maximum delay if hidden urgent data is in the queue e g small frame belongin
Download Pdf Manuals
Related Search