VPN suggestions
 

I have a VPN question. I am currently travelling through China and I just want to be able to use twitter via Mauka. Twitter along with facebook, blogger and youtube are blocked. Here's my question:

What is a good VPN service(preferably free) so I can browse the internet sites that are blocked. And which client is easiest to set up. Openvpn, vpnc...?
I got a vpn working on my laptop but I want to use my NIT while on the go.

Note: Some VPNs are blocked also. When setting up my laptop, I went through 3 VPNs before I found one that was not blocked. So as many suggestions as possible please.

Re: VPN suggestions
 

How about using TOR ?

Re: VPN suggestions
 

Blocked. Can't even see their website

Re: VPN suggestions
 

Hmmm,

http://www.linux-magazine.com/Online...ers-censorship

HTH

Thorsten

Re: VPN suggestions
 

What I did when travelling there was to have an ssh server at home, and then I set up a simple SSH tunnel from my computer in China: ssh -C -L8080:localhost:8118 my-computer-at-home

That computer would run an ssh server and a Privoxy proxy (at port 8118). With the above I just set the browser to use http://localhost:8080 as proxy.

Worked fine, I could go to any site.

Re: VPN suggestions
 

Here is a website you can check many VPN services .
http://myvpnreviews.com/

Yes , there're many VPNs service has been blocked , so free VPN service is not easy to find nowadays . The question is what kind of VPN are you using now ( openVPN , PPTP or ipsec etc ) . Got a free SwissVPN account (PPTP ) for testing for couple of days and it worked out without problem on my E90 . I am using cisco ipsec VPN on NIT now .

Re: VPN suggestions
 

I'd pick my options in this way:

-1) Post all the intended tweets to myself over SMTPS and post them later.
0) Be aware you are planning to do something the local authorities do not like; possibly a crime. It might get you in trouble, so take into account suspicious activity might raise eyebrows and/or investigation. Including posting about this here. It may also lower your chances of being allowed to return to China again, or if you decide to make your next stay less pleasant. All these circumventions are easy to detect and/or block. Just saying.

Now, your options...

1) You can use SSHd to run VPN over. Google for 'SSH VPN howto'.
a) Run it on default port.
b) Run it on non-default port (e.g. 143 TCP).
2) Configure OpenVPN (after SSHd easiest VPN to set up)
a) Run it on default port.
b) Run it on non-default port (e.g. port 53 UDP).
3) Use a legal protocol to tunnel trafic over. E.g. TCP/IP over ICMP, TCP/IP over DNS, TCP over HTTP, and so on. This will be slowest. Optionally, you can encrypt this traffic, but doing so may be in your disadvantage when caught.
4) Hamachi is also a very easy VPN to set up, but its probably blocked.

I'm using 2b over 3G, but I'm pretty sure my 3G provider does not see me as their favourite customer ;)

Re: VPN suggestions
 

Well, I've gotten much further, but still at a dead end. First let me say, that I cannot set up a VPN through my home PC because I am not at it. Whenever I am at home again I will definitely set it up.

I installed OpenVPN and am trying to find a VPN that I can figure out to use with it. I am not experienced in this obviously. I configured UltraVPN but I don't know if I did it wrong or can't connect because it is blocked already.
I tried Ivacy, but I am pretty sure I have that configured wrong since it works on my Linux box okay.
I also tried alonweb which had its own .tar files which I put in, but I think it needs something else. It connects and even turns green, but I still can't go to the restricted sights and most importantly Twitter via Mauku doesn't work.
I think my best shot at doing this is with Ivacy, but I really need the pre-made files for OpenVPN to set it up and I can't find them on the web. I need the
.config
.cert
.ca
for Ivacy if anyone has them.

I like Ivacy because they have a $.74 per GB price. Seeing how I would only use it for Twitter, it is perfect for me. Thanks for all your help.

Re: VPN suggestions
 

Ivacy seems to be using pptp so you cannot use Openvpn client for it.

Ultravpn is using Openvpn but apparently there is currently some problems using it from China http://www.ultravpn.fr/forum/index.php?&topic=246.0

Re: VPN suggestions
 

Ooooooh,,,thanks. What vpn client should I use with Ivacy? I saw that there was Vpnc, What Maemo app. can run a pptp. Sorry for being such a newbie.

And yes I saw that there was an issue with Ultravpn right now. An administrator gave an attachment file with a temporary fix but the whole thing is over my head.

I am sorry for the need to do this but I will be here for 9 more months and want to get it up and running soon.

Re: VPN suggestions
 

Maybe the thread about PPTP VPN helps. Also see PPTP security concerns.

Re: VPN suggestions
 

Now wait a minute...I was just looking at the Ivacy website and they have a page on configuring OpenVPN on Win XP.
http://ivacy.com/en/doc/user/setup/winxp_openvpn
Doesn't that mean it should work for OpenVPN on Maemo?

Re: VPN suggestions
 

Thanks this helps a lot. I'll see what I can learn before asking for help.

Re: VPN suggestions
 

Yes, it should. Ivacy supports PPTP, IPsec, and OpenVPN. They have howtos for various operating systems, too.

Re: VPN suggestions
 

Seeing how I am an extreme newbie to VPNs and their settings...I was wondering if someone could kindly help me maybe point me in the right direction.
I have Openvpn installed and am using the the front end applet to configure everything. I put these config files(from Ivacy) into the required firelds but I think I'm doing something wrong. When testing it, this error message comes up.

Fri Oct 16 13:56:14 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Fri Oct 16 13:56:14 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Oct 16 13:56:14 2009 Cannot load certificate file ivacy-keys/ivacy-client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Fri Oct 16 13:56:14 2009 Exiting

Any ideas what I'm doing wrong?

Re: VPN suggestions
 

Cannot load certificate file ivacy-keys/ivacy-client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002

is the .crt in the right folder?

Re: VPN suggestions
 

Maybe.
Here is what I got:
Openvpn applet asks for...

Configuration file:
Key file:
Cert File:
Ca file:
Secret File:
PKCS12 file:

What I get from the Ivacy website is:

Ivacy-client.ovpn
Ivacy-ca.crt
Ivacy-client.crt
Ivacy-client.key
Ivacy-tls.key

Maybe I'm putting some of the files in the wrong fields. This is what I'm assuming.

Configuration file: Ivacy-client.ovpn
Key file: Ivacy-client.key
Cert File: Ivacy-client.crt
Ca file: Ivacy-ca.crt
Secret File: ? don't know maybe Ivacy-tls.key
PKCS12 file: ?

Sorry if there is some obvious stupidity going on here. Can show me what I did wrong?

Re: VPN suggestions
 

Sorry didn't notice the openvpn support

Try to modify Ivacy-client.ovpn so that all files are in same directory.

Modify .ovpn, place all file in the same directory and then try to import them. Make sure that all files are imported, put ivacy-tls.key for example to PKCS12 field (or secret field, doesn't matter), because I don't think that applet has autodetection support for that.

Re: VPN suggestions
 

Okay I modified .ovpn and when importing it put them all in except for ivacy-tls.key. So I put it in the PKCS12 field manually. When running a test now is says something different.

Fri Oct 16 23:24:40 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Fri Oct 16 23:24:40 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Oct 16 23:24:40 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Fri Oct 16 23:24:40 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Fri Oct 16 23:24:40 2009 Cannot open file key file 'ivacy-tls.key': No such file or directory (errno=2)
Fri Oct 16 23:24:40 2009 Exiting

So what is my next step? And I just want to say thank you for all this help.

Re: VPN suggestions
 

it seems that ivacy-tls.key wasn't imported. Apparently there is still problems in openvpn-applet (I am the author).

Easiest is to copy the file manually. Install rootsh, open X terminal, type sudo gainroot, copy with cp ivacy-tls.key /etc/openvpn

Re: VPN suggestions
 

For future reference: Really good SSH tunneling howto on Undeadly.org (OpenBSD Journal). I know, TS picked OpenVPN and almost has it running, just found it of good quality that its worth to share. Maybe sth for wiki, or wiki entry for VPN solutions in general.

Re: VPN suggestions
 

Okay sorry it took so long to get this step done. I got the file moved into the right directory. I don't get an error when I test....the light turns green when I start the client. The only problem is nothing has changed on the internet. Some sights are still blocked and Mauku still cannot connect with Twitter. I can't go to it through the browser either. I am missing something? An obvious step? Do I need to change something else?
Again thank you for all your help.

Here is the current log when I run a test:
"Sun Oct 18 01:23:08 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Sun Oct 18 01:23:08 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Oct 18 01:23:08 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Sun Oct 18 01:23:08 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Sun Oct 18 01:23:08 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Sun Oct 18 01:23:08 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Sun Oct 18 01:23:08 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:08 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:08 2009 LZO compression initialized
Sun Oct 18 01:23:08 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Oct 18 01:23:08 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses, choosing one by random
Sun Oct 18 01:23:08 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 18 01:23:08 2009 Local Options hash (VER=V4): '504e774e'
Sun Oct 18 01:23:08 2009 Expected Remote Options hash (VER=V4): '14168603'
Sun Oct 18 01:23:08 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Sun Oct 18 01:23:08 2009 UDPv4 link local: [undef]
Sun Oct 18 01:23:08 2009 UDPv4 link remote: 85.249.223.27:1194
Sun Oct 18 01:23:13 2009 TLS: Initial packet from 85.249.223.27:1194, sid=a20c53ca dcb26178
Sun Oct 18 01:23:13 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 18 01:23:25 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Sun Oct 18 01:23:26 2009 VERIFY OK: nsCertType=SERVER
Sun Oct 18 01:23:26 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 18 01:23:38 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Oct 18 01:23:38 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.27:1194
Sun Oct 18 01:23:39 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 18 01:23:41 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.106 255.255.255.0'
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route-related options modified
Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 18 01:23:41 2009 ROUTE default_gateway=192.168.15.1
Sun Oct 18 01:23:41 2009 TUN/TAP device tun0 opened
Sun Oct 18 01:23:41 2009 TUN/TAP TX queue length set to 100
Sun Oct 18 01:23:41 2009 /sbin/ifconfig tun0 1.2.124.106 netmask 255.255.255.0 mtu 1500 broadcast 1.2.124.255
Sun Oct 18 01:23:41 2009 /sbin/route add -net 85.249.223.27 netmask 255.255.255.255 gw 192.168.15.1
Sun Oct 18 01:23:42 2009 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.124.1
Sun Oct 18 01:23:42 2009 Initialization Sequence Completed"

Hope that helps.

Re: VPN suggestions
 

Post the openvpn log.

Re: VPN suggestions
 

I put it above

is it something on my NIT that I needed to do?

Re: VPN suggestions
 

Hmm, I don't see redirect-gateway being pushed. If you want to have all traffic routed over the VPN you're gonna need the option --redirect-gateway def1 although the VPN may sent this by default, it usually doesn't. So try to execute OpenVPN with --redirect-gateway def1

Re: VPN suggestions
 

not to have you do all the work for me, but what would that code look like in the terminal?

Re: VPN suggestions
 

I got to go to bed...It's like 2am here. Thanks for every ones help. I'll be up in 5 hours with a coffee in my hand going right to this thread. I am so close to getting this going I can taste it.

Re: VPN suggestions
 

Its ok. I could help better if had N8x0/N900 device cause maybe the applet allows this.

The command would look like something like this:

sudo openvpn --config /etc/openvpn/config/Ivacy-client.ovpn --redirect-gateway def1

Two notes:

1) Might instead execute rootsh and ditch sudo
2) I don't know where your config file resides

After this authentication, going to http://ip.help.me.uk will say probably 85.249.223.27 (your VPN endpoint). If it does, it works. If not, I suggest running a tracepath.

PS: Instead of using --redirect-gateway you can also set up routing manually!!

Re: VPN suggestions
 

Do that or add "redirect-gateway def1" to your .ovpn file (remember to reimport it)

Re: VPN suggestions
 

Ah yes, follow this advice, and use OpenVPN applet... convenient :)

Re: VPN suggestions
 

YESSSSS!!!! Thank yoooouuuuu!!!!!!! we are on! I am set. Thank you for being so patient with me. I seriously love this site. Everybody is so helpful...even for noobs like me.

Re: VPN suggestions
 

Okay, Openvpn stopped working. I tethered to my cell phone while out and about (which uses a GPRS). I tried using my vpn through it and it wouldn't work. In fact when I got to a wifi spot it wouldn't work there either. It hasn't worked all afternoon. Did I break it? Do I have to redo all the vpn setting? I will try reloading all the settings.
For the future, in theory is it supposed be able to work through GPRS?

Re: VPN suggestions
 

After trying so many different things, it seems as though the VPN is sort of working. I am not sure what is going on. So When I login to my vpn Jaiku works but Twitter fails to load(both are block normally) via Mauku. But I can't go to Twitter's website either via Tear. So it is kind of working because I can go to Jaiku.
Here is my current configuration:

client
dev tun
proto udp
remote openvpn.ivacy.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ivacy-keys/ivacy-ca.crt
cert ivacy-keys/ivacy-client.crt
key ivacy-keys/ivacy-client.key
tls-auth ivacy-keys/ivacy-tls.key 1
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
redirect-gateway
script-security 3
reneg-sec 0
redirect-gateway def1

ca ivacy-ca.crt
cert ivacy-client.crt
key ivacy-client.key
tls-auth ivacy-tls.ke

Let me know if I did something wrong of could have done better.
And here is my current test log:

Mon Oct 19 08:41:46 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Mon Oct 19 08:41:46 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Oct 19 08:41:46 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Mon Oct 19 08:41:46 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Mon Oct 19 08:41:46 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Mon Oct 19 08:41:46 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Mon Oct 19 08:41:46 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:46 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:46 2009 LZO compression initialized
Mon Oct 19 08:41:46 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Oct 19 08:41:46 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Oct 19 08:41:46 2009 Local Options hash (VER=V4): '504e774e'
Mon Oct 19 08:41:46 2009 Expected Remote Options hash (VER=V4): '14168603'
Mon Oct 19 08:41:46 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Mon Oct 19 08:41:46 2009 UDPv4 link local: [undef]
Mon Oct 19 08:41:46 2009 UDPv4 link remote: 85.249.223.27:1194
Mon Oct 19 08:41:47 2009 TLS: Initial packet from 85.249.223.27:1194, sid=6eefe230 458ca1eb
Mon Oct 19 08:41:47 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Oct 19 08:41:50 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Mon Oct 19 08:41:50 2009 VERIFY OK: nsCertType=SERVER
Mon Oct 19 08:41:50 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Mon Oct 19 08:41:57 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 08:41:57 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:57 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 08:41:57 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 08:41:57 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Oct 19 08:41:57 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.27:1194
Mon Oct 19 08:41:59 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Mon Oct 19 08:41:59 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.110 255.255.255.0'
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: route options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: route-related options modified
Mon Oct 19 08:41:59 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 19 08:41:59 2009 ROUTE default_gateway=192.168.15.1
Mon Oct 19 08:41:59 2009 TUN/TAP device tun0 opened
Mon Oct 19 08:41:59 2009 TUN/TAP TX queue length set to 100
Mon Oct 19 08:41:59 2009 /sbin/ifconfig tun0 1.2.124.110 netmask 255.255.255.0 mtu 1500 broadcast 1.2.124.255
Mon Oct 19 08:41:59 2009 /sbin/route add -net 85.249.223.27 netmask 255.255.255.255 gw 192.168.15.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.124.1
Mon Oct 19 08:41:59 2009 Initialization Sequence Completed

Re: VPN suggestions
 

I see some double entries. I've made them fat. Comment entries you do not wish to use out by putting a # before them, or simply remove the entries you do not wish to use. Remove the first redirect-gateway so def1 stays. Don't know about your ca/cert/key/tls-auth entries. The last tls-auth entry is incomplete. Perhaps your paste is incomplete though.

Can you post your /etc/resolv.conf after OpenVPN client is running and got the DNS servers pushed? It seems only 1 DNS server is pushed by the OpenVPN server. In any case, I'd remove any Chinese DNS servers, but without OpenVPN client running you may have to readd them.

After OpenVPN client runs, can you try to ping (may require root access) www.twitter.com and see if it resolves, and you get replies?

One problem with OpenVPN may be that it quickly gets a timeout and goes poof. This doesn't combine well with GPRS. Maybe don't abuse the connection with too much bandwidth, and use a caching HTTP proxy which serves low quality JPEG. Also keep in mind your N8x0 is using cryptography _and_ a browser. It eats resources.

Sidenote: Using range 1.0.0.0/8 for private networking is currently not allowed. I don't understand why they do that... oh well.

Re: VPN suggestions
 

thanks for your help allnameswereout,
okay I took out the repeats on the config and still same issue Jaiku but no twitter.
How do I remove chinese DNS ...I have Openvpn running? Then what? also how do I ping twitter? Don't I need their IP address to send a ping? Will a domain name work?

And yes, the incomplete line was my copy job.

Re: VPN suggestions
 

Instructions are incomplete see post below!!!

After changes you must re-import your OpenVPN client config again with the OpenVPN applet.

To remove Chinese DNS servers one normally edits /etc/resolv.conf and put # before all nameserver entries _except_ the ones pushed by OpenVPN server. According to your log that is 1.254.2.2 and 1.254.2.3

However because Maemo uses resolvconf together with dnsmasq you should make sure OpenVPN client works together with resolvconf because else resolvconf overwrites /etc/resolv.conf the whole time! To work together with resolvconf make sure OpenVPN client is shutdown and then add in your OpenVPN client config the following:

And, again you must re-import your OpenVPN client config again with the OpenVPN applet.

To test DNS, fire up OpenVPN client then
$ host -v -t a www.twitter.com

On bottom it should say

Received ? bytes from 1.254.2.2#53 in ? ms where ? are variable numbers, what matters is the IP address listed. It should be either 1.254.2.2 or 1.254.2.3

To ping

$ rootsh
# ping www.twitter.com

Ping command resolves www.twitter.com to an IP address. That is, assuming the DNS servers work and allow you to resolve it. If Twitter is blocked by Great Firewall of China, you can assume the DNS servers block resolving domains from Twitter as well. Also, the DNS requests are tunneled and therefore come from your VPN endpoint, not from within China. For one, this looks suspicious and leaves trace. Second, some ISPs only allow DNS access from clients within their network.

Re: VPN suggestions
 

So I copied resolv.conf and moved it so I can open it and just see (since I don't know how to open it within XTerm), and all it says is "nameserver 127.0.0.1". It doesn't list a bunch of different ones. Should I change it to list 1.254.2.2 and 1.254.2.3?

Re: VPN suggestions
 

No, because it will be overwritten by resolvconf the whole time. It lists 127.0.0.1 because you're running dnsmasq.

This is why you must use /sbin/resolvconf which is utilized by the script /etc/openvpn/update-resolv-conf

In your OpenVPN client config add

and script-security value from whatever it is to

Don't worry, this is because you're going to execute external script.

If you don't have update-resolv-conf then here is a copy of mine

Save it to /etc/openvpn/update-resolv-conf
And to make it executable by root # chmod 755 /etc/openvpn/update-resolv-conf

Really sucks I don't have a N8x0 to test... :o

..but it works for me. My /etc/resolv.conf becomes

Re: VPN suggestions
 

okay I did everything you said to do. I hope I didn't do it wrong. Here is the log when I test it.

Mon Oct 19 12:58:59 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009
Enter Auth Username:Enter Auth Password:Mon Oct 19 12:58:59 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Oct 19 12:59:00 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Mon Oct 19 12:59:00 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Mon Oct 19 12:59:00 2009 WARNING: file 'ivacy-tls.key' is group or others accessible
Mon Oct 19 12:59:00 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Mon Oct 19 12:59:00 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:00 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:00 2009 LZO compression initialized
Mon Oct 19 12:59:00 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Oct 19 12:59:00 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses, choosing one by random
Mon Oct 19 12:59:00 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Oct 19 12:59:00 2009 Local Options hash (VER=V4): '504e774e'
Mon Oct 19 12:59:00 2009 Expected Remote Options hash (VER=V4): '14168603'
Mon Oct 19 12:59:00 2009 Socket Buffers: R=[105472->131072] S=[105472->131072]
Mon Oct 19 12:59:00 2009 UDPv4 link local: [undef]
Mon Oct 19 12:59:00 2009 UDPv4 link remote: 85.249.223.29:1194
Mon Oct 19 12:59:03 2009 TLS: Initial packet from 85.249.223.29:1194, sid=ec891e77 4c37fc96
Mon Oct 19 12:59:03 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Oct 19 12:59:04 2009 Replay-window backtrack occurred [1]
Mon Oct 19 12:59:07 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Mon Oct 19 12:59:07 2009 VERIFY OK: nsCertType=SERVER
Mon Oct 19 12:59:07 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Mon Oct 19 12:59:14 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 12:59:14 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:14 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 19 12:59:14 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 19 12:59:14 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Oct 19 12:59:14 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.29:1194
Mon Oct 19 12:59:15 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Mon Oct 19 12:59:16 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.116.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.116.122 255.255.252.0'
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: route options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: route-related options modified
Mon Oct 19 12:59:16 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 19 12:59:16 2009 ROUTE default_gateway=192.168.15.1
Mon Oct 19 12:59:16 2009 TUN/TAP device tun0 opened
Mon Oct 19 12:59:16 2009 TUN/TAP TX queue length set to 100
Mon Oct 19 12:59:16 2009 /sbin/ifconfig tun0 1.2.116.122 netmask 255.255.252.0 mtu 1500 broadcast 1.2.119.255
Mon Oct 19 12:59:16 2009 /etc/openvpn/update-resolv-conf tun0 1500 1542 1.2.116.122 255.255.252.0 init
Mon Oct 19 12:59:16 2009 script failed: could not execute external program
Mon Oct 19 12:59:16 2009 Exiting

Re: VPN suggestions
 

I ran a ping to twitter , doesn't it look like it is working?

~ $ host -v-t a www.twitter.com

Query about www.twitter.com for record types A

Trying www.twitter.com ...

Query done, 1 answer, status: no error

The following answer is not authoritative:

www.twitter.com 12866 IN A 211.94.66.147

Authority information:

twitter.com 31211 IN NS ns4.p26.dynect.net

twitter.com 31211 IN NS ns1.p26.dynect.net

twitter.com 31211 IN NS ns2.p26.dynect.net

twitter.com 31211 IN NS ns3.p26.dynect.net

Additional information:

ns1.p26.dynect.net 71098 IN A 208.78.70.26

ns2.p26.dynect.net 71098 IN A 204.13.250.26

ns3.p26.dynect.net 71098 IN A 208.78.71.26
"
ns4.p26.dynect.net 71098 IN A 204.13.251.26

~ $


But I can't get it to load in Mauku, or go to it in my browser.