Your Freedom - HOMENEWSDOWNLOADSACCOUNTDOCS & FAQFORUMS

      User Guide
      Video tutorial
      Support
      FAQ
      Working Applications
      Install
      Using DNS mode
      Using ECHO mode
      Using PPTP
      Using SOCKS5
      IPv6/Teredo
      Browsers
      Instant Messaging
      Filesharing/Downloading
      Games
      Internet Mail
      Multimedia Apps
      Forex trading
      FTP Tools
      Proxy Helpers
      OpenVPN mode
         Windows
         Linux
         Mac OS X
      Mobile connections
      Connection sharing
      External Information
      Mirrors
      Country information
      Payment methods
      Account disabled
  

What is OpenVPN mode?

Normally you would configure your applications to use the Your Freedom client as web or SOCKS proxy. There are cases where this doesn't work, for example if the application does not support it. Often, "socksifiers" help in these cases but sometimes they fail as well.

Wouldn't it be a lot simpler if nothing had to be configured at all and everything simply worked? Well, that's what OpenVPN mode is all about! It transparently tunnels your application traffic through the Your Freedom client, without your applications knowing.

 

How do I use OpenVPN mode?

How you install and configure OpenVPN is highly dependent on the operating system you are using. Please choose from the links on the left hand side.

Users of other operating systems should nevertheless have a look at the Windows page as well, some things are described in more detail there.

 

What are "Excludes" for, and how do I use them?

Normally, all destinations on the Internet are reached by your PC through the "default route". It points to a router who knows how to reach them and takes care of everything. In OpenVPN mode, the Your Freedom server acts as a router for you, but OpenVPN mode uses a slightly different approach: instead of using a default route (it would be no good to just add a second one), Your Freedom creates a large set of routes that cover most (but not all) of the Internet address space and routes it through the tunnel to the Your Freedom server. Why don't we simply replace the default route? Because most likely this would disrupt your connection to Your Freedom! (And other local services as well.)

It is obvious that not all Internet addresses should be routed through the tunnel (you don't throw your company internal letters into an external service's postbox either, and that's what we do: we bypass your company's internal mail service, figuratively speaking, but only for external mail). Some ranges should be excluded, and they get excluded automatically. Among them are:

10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 224.0.0.0/4

(If you don't know what this notation means, read it up in the Wikipedia.)

Why do we need to exclude them? Because it's either "private address space" that is unreachable on the Internet (but maybe reachable for you, containing stuff in your company like file servers or printers), or address space reserved for different things that don't work through Your Freedom, like multicast or loopback addresses. Your PC may still need to reach these addresses, and if we do not provide special routes for them the traffic will flow through the default route, as before.

The Your Freedom client does a lot of guesswork and tries to exclude whatever is needed to maintain the Your Freedom connection, but sometimes it may need a little help from you. A good example are university campuses. They often use class B networks and subnet it into little networks assigned to Ethernets. The Your Freedom client will be able to figure out your local subnet but it doesn't know about your campus. It is therefore a very good idea to add your campus' network as an exclude in the YF configuration. Also, generally speaking, the more you exclude the better are your chances that everything else works well. The reason is that OpenVPN only supports 100 routes, and that's very little if you need to cover all of the Internet and leave some gaps in awkward places. If there are just too many routes the YF client reduces the complexity of the task by making small gaps larger, assuming that if you need to reach one address directly, it's likely that the ones next to it should be reached directly as well even though no-one has told it (you'll see it in the message log).

If your local network only uses private address space (IPs all start with 10, 172.16-31 or 192.168) then you don't need any excludes unless something is not working when you run OpenVPN mode and it works if you don't. If you are unsure, ask support@your-freedom.net.

 

 
   Acceptable Use