You are on page 1of 186

100+ Free Tools For You To Access Blocked Sites Young, Yang

Creative Commons - BY -- 2012

Dedication

This book is dedicated to my dear mother, who doesnt care about internet freedom, but only her children and grandchildren, so that I have time to write. This book is also dedicated to my dear motherland China, where there is GFW which blocks internet freedom, so that I have to write something about how to unblock blocked sites.

Acknowledgements

Among all those free anti-censorship tools mentioned in this book, none is created by myself, and I just test and share them and tell people how to use them. So, thanks to the authors who develop and share those free VPN, SSH, Proxy and/or any other anti-censorship tools.

Table of Contents Preface


My Internet Freedom Declaration

Chapter One
Free Online Proxies

Chapter Two
Free Proxy Softwares Part One: Ultrasurf Part Two: Freegate Part Three: Tor Part Four: GAppProxy Part Five: Goagent Part Six: Hyk-proxy Part Seven: Snova Part Seven Section One: The Easiest Ways To Use Snova Part Seven Section Two: How To Use Snova On GAE Part Seven Section Three: How To Use Snova On Cloud Foundry Part Seven Section Four: How To Use Snova On Heroku Part Seven Section Five: How To Use Snova On OpenShift Part Seven Section Six: How To Use Snova On Jelastic Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings

Chapter Three
Free VPN Services Part One: Free PPTP VPN Services Part Two: Free VPN Softwares Part Three: How To Build A VPN Part Three Section One: How To Build A PPTP VPN Part Three Section Two: How To Build A L2TP VPN Part Three Section Three: How To Build An OpenVPN Part Four: How To Set Up VPN

Chapter Four
Free SSH Services Part One: Free SSH Tunnels Part Two: How To Create A SSH Tunnel Part Three: How To Connect To SSH Tunnel

Chapter Five
The Differences Among Proxy, SSH And VPN

Chapter Six
How To Access Blocked Sites With Google Reader

Chapter Seven
How To Access Blocked Sites With The Hosts File

Chapter Eight
How To Access Blocked Sites Via gogoCLIENT

2 2 4 4 10 10 11 15 20 25 35 43 52 57 60 67 75 81 89 96 99 99 100 108 114 116 120 127 133 135 135 136 141 144 147 147 150 150 153 153 157

Chapter Nine
How To Check If A Site Is Blocked Part One: Check If A Site Is Blocked With Anti-censorship Tools Part Two: Check If A Site Is Blocked By Pinging It Part Three: Top 10 Websites For You To Check If A Site Is Blocked Part Four: Check If A Site Is Blocked In China With WebSitePulse

Chapter Ten
Appendix Part One: Top 10 Websites Blocked in China Part Two: Countries That Block Facebook

Subsequent
This Book Is Free

157 164 164 165 166 167 173 175 175 176 181 182 182

Preface
My Internet Freedom Declaration

Preface
My Internet Freedom Declaration
While there is no definition, someone declares five basic principles of Internet Freedom, which are Expression, Access, Openness, Innovation and Privacy. As a man living in China, I totally agree with those 5 principles and know how import internet freedom will be, since you might go to jail by a message you posted online, fail to visit Facebook, Twitter, YouTube and many other websites, get your website shut down because of one criticized post, and even find out that your private chat history were released to the police without any court document, so on and so forth.

Sounds horrible, right? But which were all happened in the Chinese internet world. Since 2007, I have fought against the GFW (great firewall) the biggest part of Internet Censorship in China, by testing free anti-censorship tools as many as possible and sharing them on my blogs, both Free Nuts and Jing Pin (in Chinese). Up till now, I have tested and introduced over 100 free anti-censorship tools, including VPN, Proxy, SSH and more, among which, some may be not available any more when you are reading this book, but luckily, there will be always some new tools, and I will keep an eye on them.

Preface
My Internet Freedom Declaration

Image Credit: http://www.flickr.com/photos/talkradionews/4294790603/

Chapter One
Free Online Proxies

Chapter One
Free Online Proxies
The main advantage of online proxy websites (or web proxies) is that you don't need to install anything nor to make any configuration, just to look out those pop-up ads. If you can bear those ads, and want to get access to Facebook, Twitter, YouTube and/or any other websites that blocked in your area, or just want to be anonymous, then you can check out the following top 100 free online proxies:

1. Aniscartujo.com The Aniscartujo web proxy is workable for both computers and mobile phones. 2. Anonproxy.eu With Anonproxy.eu, you can encode URL/page and allow cookies.

Chapter One
Free Online Proxies

3. Btunnel.com The Btunnel.com web proxy is available for you to delete cookies, to remove scripts, and to hide referrers, but there will be a boring pop-up ad on the homepage. 4. Daveproxy.co.uk A UK web proxy which supports JavaScript well. 5. Dtunnel.com Nearly same as Btunnel.com. 6. Free-web-proxy.de This web proxy allows you to watch YouTube videos as well as to download them in MP4 files. 7. Fproxy.nl Nearly same as Anonproxy.eu. 8. Goodproxy.eu Goodproxy.eu is powered by Glype, but not available for you to visit the YouTube website. 9. Hidemyass.com The Hide My Ass web proxy is available for you to enable SSL security, to disable flash & Javascript, or to select encrypted URL obfuscation. 10. Kproxy.com Https protocol is supported and downloads are allowed by Kproxy.com. 11. Megaproxy.com/freesurf The Magaproxy free version is free of pop-up ads. 12. Peacefire.org/circumventor On the website, you will get one URL of a web proxy, if which is blocked, you can subscribe to its lists for more.

Chapter One
Free Online Proxies

13. Polysolve.com Nearly same as Btunnel.com. 14. Proxyweb.com.es The input box is between 2 large ad banners. 15. Safeforwork.net With SafeForWork.net, you can remove cookies/scripts, hide referrers and show entry form. 16. Shieldproxy.com This web proxy is very simple with just an address box in its homepage. 17. Smscut.com/onlinesonic Online Sonic will translate the languages of the target websites into French. 18. Surfagain.com Surfagain.com is available for you to watch YouTube videos. 19. Surfinweb.tk Surfinweb.tk is available for you to watch YouTube videos, too. 20. TryCatchMe.com The effect of TryCatchMe is nearly same as Daveproxy. 21. Vtunnel.com Nearly same as Btunnel.com. 22-41 Aproxy.org (20) The Aproxy.org website offers tens of links to different free online proxies, among which, the following 20 are the workable and best during my test: Dxyh.com

Chapter One
Free Online Proxies

Fubian.com Isityet.net Lovetogetby.com Ninjacloak.com Proxy-free.org Proxy4surf.info Proxypolice.com Proxyhasty.com Renewmyip.com Resellerzone.us Surfnewip.com Super-affiliate.in Theninjacloak.com Topbits.us Unblock-internet.ws Vvwa.com Vectroproxy.com Web4surf.com Web4proxy.org 42-60. Centurian.org (19) The Centurian.org website offers about 100 proxies, among which, the following 19 are the best and workable during my test: 0010site.info 00011site.info 7us.info Free-pro.info Iweb20.info Justbrowse.info Longbuluo.info Luispro.com Microxy.com Myservus.info Mywebproxy.net newsurf.info Proxy2free.net School-proxy.us Stripcomprox.info Unblockwebsite.org Usaproxies.com

Chapter One
Free Online Proxies

Vectrotunnel.com Xeronet-proxy.com 61-100. Proxymeup.com (40) There are over 50 workable web proxy tools on the proxymeup.com website, and the following 40 are the best up till now: 007007007.eu 123proxy.eu 2fastproxy.tk Aaaproxy.eu Awesomeproxy.eu Bypassme.in Crochetheart.com Devilproxy.eu Hideproxy.eu Homeproxy.com Healthycheapeating.com Iwebproxy.net Iunblock.in Myproxy2day.info Manghun.com Mydoggieneeds.com My-proxy.olympe.in Newenergytomorrow.info Newtattooonline.com Olympicproxy.net Ondrej.me Proxy000.eu Proxy007.eu Proxy-fre.com Proxytools.info Proxme.net Proxy4you.eu Proxyforfree.eu Proxy-ss.olympe.in Proxymonkey.org Proxy-best.com Rockvideo.cz Securewebproxy.net Spem.at

Chapter One
Free Online Proxies

Unblocker4u.com Usawebproxy.net Ultimateformalwear.com Websurf.in Workproxy.net Yellowproxy.net To use any of the above 100 free online proxies, you can enter the URL of a blocked site in the input box, and press the Enter key or click on the "Go" button, then you can unblock and visit the site. Among the above 100 free online proxies, some of them may be blocked in your area (such as China) when you read this e-book, but luckily, some of them will be still workable, too.

Chapter Two
Free Proxy Softwares

Chapter Two
Free Proxy Softwares
Although both are proxies, desktop softwares are different from online websites. While online proxies are full of ads, there are less or even no ads for proxy desktop softwares; while you can use online proxies directly, you need to download and install their clients before you can use those proxy softwares. If the websites of those proxy softwares are blocked in your area (such as China), it is a good idea for you to use free online proxies to visit them. Among those free proxy softwares, the following 7 are the best: 1. Ultrasurf; 2. Freegate; 3. Tor; 4. GappProxy; 5. Goagent; 6. Hyk-proxy; 7. Snova.

Chapter Two
Part One: Ultrasurf

Part One: Ultrasurf


As one of the best proxy softwares, Ultrasurf is very easy to use without any installation. The following will show you how to use it in 3 steps: 1. Download Ultrasurf

Open the Ultrasurf.us site, and click on the "FREE DOWNLOAD" button on the right top, then you can download the Ultrasurf client as a ZIP file. In case the Ultrasurf.us site is blocked in your area (such as China), you can use some other proxies, SSH tunnels or VPN services to unblock it. 2. Run Ultrasurf

10

Chapter Two
Part One: Ultrasurf

After download, extract the ZIP file, then you can get an EXE file, open which, you can run Ultrasurf directly. In case you come across with a Windows Security Alert, such as what you can see from the following image:

11

Chapter Two
Part One: Ultrasurf

Just click on the "Allow access" button, then you can see an IE new tab of Wujie, which is the Chinese version of Ultrasurf, and you can unblock any blocked sites right away. 3. Set browser network proxy On IE, you can use the Ultrasurf proxy service directly after connection, but on Chrome, Firefox, Safari or any other browser, you also need to set the network proxy to "127.0.0.1 : 9666". Take Firefox for example, you can find the proxy settings page via the following path: Preference > Advanced > Network > Settings

Then select "Manual proxy configuration" to enter "127.0.0.1" & "9666" on the HTTP Proxy column, check the "Use this proxy server for all protocols" box, and click the "OK" button to save the change, as what you can see from the following image:

12

Chapter Two
Part One: Ultrasurf

Instead to set the network proxy settings manually as mentioned above, you can also check out SwitchySharp and FoxyProxy to set them automatically. After that, you can bypass internet censorship, encrypt online communications, and hide your IP on non-IE browsers, too.

13

Chapter Two
Part Two: Freegate

Part Two: Freegate


Like Ultrasurf, Freegate is also a very popular and easy-to-use proxy service. The following will show you how to use Freegate in 3 steps:

I. Download Freegate

Open the Dynaweb site and download the Freegate client software, whether in exe or zip format. In case the Dynaweb site is blocked in your area (such as China), you can use some other proxies, SSH tunnels or VPN services to unblock it first.

II. Run Freegate


If you downloaded the exe file, just open it, and if you downloaded the zip file, extract it and run the exe file. When the connection is successful, you can use the Freegate proxy service right away, as what you can see from the following image:

14

Chapter Two
Part Two: Freegate

But before you can see the control panel in the above image, you may come across the following 2 pop-up windows: 1. Freegate Proxy Control

15

Chapter Two
Part Two: Freegate

As default, the domains of ".cn", ".baidu", ".qq" and some other suffixes will be connected directly, even though you remove them or select "Choose All websites go through Freegate proxy", which means you can't visit the sites of those domains with Freegate anyway. So, you can neglect this window and just click the "OK" button to close it. 2. Windows Security Alert In case you come across with a Windows Security Alert, such as what you can see from the following image:

16

Chapter Two
Part Two: Freegate

Just click on the "Allow access" button, then you can see the proxy's Chinese site Dongtaiwang on your IE browser.

III. Set browser network proxy

17

Chapter Two
Part Two: Freegate

Same as Ultrasurf, On IE, you can use the Freegate proxy service directly after connection, but on Chrome, Firefox, Safari or any other browser, you also need to set the network proxy to "127.0.0.1 : 8580". The above instructions are for Windows only, in fact, Freegate is also available on Mac and Linux computer operating systems, and you can refer to the FAQ page for the usages. And besides computers, Freegate also supports Android, Java and WM mobile phones, but only in Chinese.

18

Chapter Two
Part Three: Tor

Part Three: Tor


As one of the most popular proxy softwares, Tor can be used on Windows, Mac, Linux/BSD/Unix, Android and Nokia Maemo/N900 systems, with multiple languages supported. The following will show you how to use its basic and most popular 2 versions Tor Browser Bundle and Vidalia Bundle on Windows and Mac. 1. Download Tor

On the Download page, you can choose to download the right version according to your computer systems. For Tor Browser Bundle, you can and only can use its own browser (based on Firefox) to use its proxy service; and for Vidalia Bundle, you can use your Firefox, Chrome, Safari or some other browsers by setting their network proxies. By the way, you can choose the Tor browser output language before downloading Tor Browser Bundle. 2. Run Tor

19

Chapter Two
Part Three: Tor

No matter which version you downloaded, you can extract or install the package and run the Tor service directly. For Tor Browser Bundle, you can run the "Start Tor Browser" (for Windows) or "TorBrowser" (for Mac) file, and for Vidalia Bundle, you can run the "Vidalia" file. If the onion icon turns green, then the Tor proxy is working. 3. Add bridges

20

Chapter Two
Part Three: Tor

If the onion icon doesn't turn green, then the current Tor network is blocked, and the easiest way to solve the problem is to open the Vidalia's "Network" settings page, to select "My ISP blocks connections to the Tor network", and to add some bridges. So, how to get bridges for Tor? The following are 2 ways for your choice: 3.1 Via web Visit the Bridges page, and enter the verification code, then you can get 2 bridges. 3.2 Via email You can send an email with "get bridges" subject to "bridges@torproject.org" via your Gmail, soon you will get three newest bridges.

21

Chapter Two
Part Three: Tor

By the way, there used to be a "Find Bridges Now" button for to you get bridges directly, as mentioned before, but which is gone now. 4. Set browser network proxy

For Tor Browser Bundle, you can unblock the blocked site with its own browser directly, and for Vidalia Bundle, you need to change the SOCKS proxy to "127.0.0.1 : 9050". Take Firefox for example, you can find the proxy settings page via the following path: Preference > Advanced > Network > Settings

22

Chapter Two
Part Three: Tor

And select "Manual proxy configuration" to enter "127.0.0.1" & "9050" on the SOCKS column. By the way, you'd better select SOCKS v4, since SOCKS v5 may be not workable. Between Tor Browser Bundle and Vidalia Bundle, the first one is easier and more safe, but you can only use its own browser.

23

Chapter Two
Part Four: GAppProxy

Part Four: GAppProxy


GAppProxy hasn't been updated since the 2.0.0 version in 2010, and doesn't support https well. But as a GAE proxy, it is still available for you to surf anonymously and get access to the blocked sites. For how to install and use GAppProxy, you can check out the following 7 steps:

1. To create a GAE application

Log in your Google App Engine account and create an available application ID, such as "freenutsdotorg" used for this post.

2. Generate a new application-specific password

24

Chapter Two
Part Four: GAppProxy

On the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications and sites", and generate a new application-specific password. But you can skip this step if you do not use 2-step verification for your Gmail account.

3. Download GAppProxy

On the GAppProxy Downloads page, you can download the packages according to your operating systems.

3.1 Download the Windows packages


To run GAppProxy on Windows, you need to download the following 2 packages: uploader-2.0.0-win.zip localproxy-2.0.0-win.zip

25

Chapter Two
Part Four: GAppProxy

After download, you can extract them and get the following 2 folders: uploader-2.0.0-win localproxy-2.0.0-win

3.2 Download the Mac/Linux packages


And to run GAppProxy on Mac/Linux, you need to download the following 2 packages instead: fetchserver-2.0.0.zip localproxy-2.0.0.tar.gz Extract the packages, then you can get the following 2 folders: fetchserver-2.0.0 localproxy-2.0.0

4. Edit the app.yaml file

On Windows, you can find the app.yaml file in the "fetchserver" directory of the "uploader-2.0.0-win" folder; and on Mac/Linux, you can find the app.yaml file in the "fetchserver-2.0.0" folder. After that, open the app.yaml file, and change the "your_application_name" to your GAE app ID created in

26

Chapter Two
Part Four: GAppProxy

step 1.

5. Upload the GAppProxy server


5.1 How to upload the GAppProxy server on Windows

Open the "uploader-2.0.0-win" folder, double-click the "uploader.exe" file, and enter your App ID, Gmail address and password, then you are done.

5.2 How to upload the GAppProxy server on Mac/Linux

27

Chapter Two
Part Four: GAppProxy

To upload the GAppProxy server on Mac/Linux, we need a third-party tool. 5.2.1 Download Google App Engine SDK for Python Download Google App Engine SDK for Python of Mac or Linux version, and install it. 5.2.2 Add new application Run GoogleAppEngineLauncher, click "New Application" in the "File" option on the top menu bar, enter your GAE app ID as "Application Name", and assign a folder as "Application Directory", or just use the default one it offers. 5.2.3 Move the server files Copy "app.yaml" and "fetch.py" files in the "fetchserver" folder and paste them into the "Application Diretory" folder. 5.2.4 Upload the server Back to GoogleAppEngineLauncher, click on the "Deploy" button, enter your Gmail address and password, then you can upload the GAppProxy server to GAE.

28

Chapter Two
Part Four: GAppProxy

5.3 Test the GAppProxy server


Open your browser, and enter the following URL: http://APP_ID.appspot.com/fetch.py

Remember to replace "APP_ID" with your own GAE app ID, and if you can see the following result:

Then the GAppProxy server is uploaded successfully, if not, you can try to change "http" to "https", or to run an anti-censorship tool (such as proxy, ssh or VPN), and try again, if still not, then you need to upload the server again.

6. Run the GAppProxy client


When the server is uploaded successfully, you can run the GAppProxy on your computer.

6.1 How to run the GAppProxy client on Windows


For Windows, there is an executive application, clicking on which, you can run the GAppProxy, but you need to edit the "proxy.conf" file first. 6.1.1 Edit the proxy.conf file Open the "proxy.conf" file in the "localproxy-2.0.0-win" folder, edit the last line by changing "your-fetch-server" to your GAE app ID, and deleting the "#" mark, as what you can see from the following image:

29

Chapter Two
Part Four: GAppProxy

After that, save the file. 6.1.2 Run the GAppProxy client You can double-click the "proxy.exe" file in the same folder to run the GAppProxy client.

6.2 How to run the GAppProxy client on Mac/Linux


On Mac/Linux, you can use the Terminal application to run the GAppProxy client, but you also need to edit the "proxy.conf" file first. 6.2.1 Edit the proxy.conf file Same as what you do on Windows, but the "proxy.conf" file is located in the "localproxy-2.0.0" folder. 6.2.2 Run the GAppProxy client

30

Chapter Two
Part Four: GAppProxy

Open the Terminal application, and enter the following command line: python xxx/localproxy-2.0.0/proxy.py

Remember to replace "xxx" with the full path to the "localproxy-2.0.0" directory, or you can just drag the "proxy.py" file and drop it behind "python".

7. Edit the browser proxies

31

Chapter Two
Part Four: GAppProxy

When the GAppProxy client is running, you can edit the browser network settings and change the proxy address to "127.0.0.1: 8000", as what you need to do with any proxy service. By the way, since GAppProxy only supports HTTP with 80 port and HTTPS with 443 port, you can leave the SOCKS and FTP proxies empty.

Note:
Take the "freenutsdotorg" app ID for example, if you can't open the site of the following URL on your browser: http://freenutsdotorg.appspot.com/

32

Chapter Two
Part Four: GAppProxy

But you can do that after changing "http" to "https", then you need to make the same change for the "fetch_server" link in the last line of the "proxy.conf" file, such as the following: fetch-server = https://freenutsdotorg.appspot.com/fetch.py

And if you still fail to open the site after changing "http" to "https", then your app ID is blocked and you won't be able to use the GAppProxy service, in that case, you can create a new GAE app and try again.

33

Chapter Two
Part Five: Goagent

Part Five: Goagent


Like GAppProxy, Goagent is also a GAE proxy. And for how to use Goagent, you can refer to its official site in Chinese, or you can check out the following 7 steps for an easier reference in English:

1. Create GAE applications

Goagent supports multiple app IDs, so that you can creat one or more new GAE applications, or use the old ones, but the "Storage Scheme" of each must be "High Replication".

2. Generate new application-specific password

34

Chapter Two
Part Five: Goagent

On the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications and sites", and generate a new application-specific password, which will be used when uploading the Goagent server to your GAE in step 4. But you can skip this step if you do not use 2-step verification for your Gmail account.

3. Download the Goagent packapge

Download the Goagent package (a zip file) via the link on the top of its homepage, as what you can see from the above image. After that, extract the zip file, and you will get a "local" folder as well as a "server" folder.

4. Upload the Goagent server


Open the "server" folder, and upload the Goagent server to your GAE in the following ways:

35

Chapter Two
Part Five: Goagent

4.1 How to upload the Goagent server on Windows

On Windows, open the "uploader.bat" file, enter your GAE app ID created in step 1, your Gmail address and the application-specific password, then you can start to upload. And to use more than one app ID, you can separate them with the "|" mark. 4.2 How to upload the Goagent server on Mac

36

Chapter Two
Part Five: Goagent

On mac, open the Terminal application, and enter the following command line: cd the-path-to-the-server-folder

Such as the following: cd /Users/air/Downloads/goagent-goagent-80e5f01\ 3/server

You can also just drag the "server" folder and drop it behind the "cd" command. After that, enter the following command line: python uploader.zip

Then, you can enter your App IDs, Gmail address and the application-specific password to upload the server. By the way, do not bypass the first command line and use the "python the-path-to-uploader.zip" command directly, which may be not workable.

5. Change the proxy.ini file

37

Chapter Two
Part Five: Goagent

When the upload is finished, open the "proxy.ini" file in the "local" folder, and change the "appid" value from "goagent" to your real GAE application IDs. By the way, you can also change the "profile" value from "google_cn" to "google_hk" for a better security with https mode.

6. Run the Goagent client


After saving the "proxy.ini" file, you can start to run Goagent. 6.1 How to run the Goagent client on Windows

38

Chapter Two
Part Five: Goagent

On Windows, you can just double-click on the "Goagent.exe" file in the "local" folder and run the proxy service. 6.2 How to run the Goagent client on Mac

On Mac, you can open the Terminal application and enter the following command line: python the-parth-to-proxy.py

39

Chapter Two
Part Five: Goagent

This time, you can drag the "proxy.py" file from the "local" folder and drop it behind the "python" command.

7. Edit the browser proxies

When the Goagent client is running, you can edit the browser network settings and change the proxy address to "127.0.0.1: 8087", as what you need to do with any proxy service. After that, you can start to use Goagent to browse the internet anonymously and unblock the blocked sites in your area. But, same as GAppProxy and Hyk-proxy, the Goagent proxy doesn't support https well, even though that you can double-click the "CA.crt" file in the "local" folder to install or import the certification, which will only

40

Chapter Two
Part Five: Goagent

work on Safari, but not Chrome or Firefox during my test for Twitter and Facebook. By the way, besides Windows and Mac systems mentioned above, Goagent is also available for Linux, as well as Android, iOS, webOS, OpenWRT and Maemo operating systems.

41

Chapter Two
Part Six: Hyk-proxy

Part Six: Hyk-proxy


Same as GAppProxy, the Hyk-proxy GAE service won't be updated any more, but it is still workable. For how to install and use Hyk-proxy on Windows and Mac/Linux systems, you can check out the following 8 steps for complete instructions:

1. Create a GAE application

Sign in your GAE account and create an application ID which is available.

2. Generate a new application-specific password

42

Chapter Two
Part Six: Hyk-proxy

On the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications and sites", and generate a new application-specific password. But you can skip this step if you do not use 2-step verification for your Gmail account.

3. Download Java and Google App Engine SDK for Java

If you haven't gotten these two softwares on hand as mentioned before, you can download Java on its official website, and download Google App Engine SDK for Java from Google Code. By the way, on Mac, you only need to download and extract the Google App Engine SDK for Java package, since Java is pre-installed.

4. Download the Hyk-proxy packages

43

Chapter Two
Part Six: Hyk-proxy

Among the 4 packages on the Hyk-proxy Downloads webpage, you can just download "hyk-proxy-0.9.4.1.zip" and "hyk-proxy-gae-server-0.9.4.1.zip". By the way, on Windows, you can also download "hyk-proxy-install_0.9.4.1.exe" instead of "hyk-proxy-0.9.4.1.zip"; and you need to download the "hyk-proxy-android-0.9.4beta.apk" package if you want to use Hyk-proxy on your Android. After that, extract the zip files you download.

5. Deploy task
To deploy task means to upload the Hyk-proxy server to your GAE application. On Windows, you can run the "install.bat" file in the "hyk-proxy-gae-server-0.9.4.1" folder; and on Mac/Linux, you can open the Terminal application and enter the following command line: sh /the-path-to/install.sh

Or you can just drag the "install.sh" file from the "hyk-proxy-gae-server-0.9.4.1" folder and drop it behind the "sh" command. After that, you can see an "AppEngine AppCfg GUI Wrapper" window, such as the following:

44

Chapter Two
Part Six: Hyk-proxy

In the window, you can define the location of the "Google App Engine SDK for Java" folder, enter your GAE app ID, select the "hyk-proxy-gae-server-0.9.4.1" folder as AppLocation, enter your Gmail address and password, then you can click the "Deploy" button to upload the Hyk-proxy server to your GAE. P.S. By the way, if you fail to deploy the task for the following error: Bad configuration: appengine-web.xml does not contain a <threadsafe> element.

45

Chapter Two
Part Six: Hyk-proxy

Then you need to enter the following line into the "appengine-web.xml" file: <threadsafe>true</threadsafe>

Such as what you can see from the following image:

6. Add GAE application ID to Hyk-proxy client


On Windows, you can double-click the "startgui.bat" file in the "bin" folder, or run "Start hyk-proxy (GUI)" if you have installed "hyk-proxy-install_0.9.4.1.exe"; and on Mac/Linux, you can open the Terminal application and enter the following command line: sh /the-path-to/startgui.sh

46

Chapter Two
Part Six: Hyk-proxy

Or you can just drag the "startgui.sh" file from the "hyk-proxy-0.9.4.1" folder and drop it behind the "sh" command. After that, you can open the Hyk-proxy client window, click on the "Config" button of "GAE 0.9.4.1" in the "Plugins" tab, and click the "New" button to add your APP ID, such as what you can see from the following image:

And you can add more than one App ID, after that, click the "Apply" button.

7. Start Hyk-proxy

47

Chapter Two
Part Six: Hyk-proxy

When the App IDs are added, you can click the "Start" button to connect to the Hyk-proxy service.

8. Edit the browser proxies


When the Hyk-proxy fetch service is working, configure your browsers http proxy to below address: 127.0.0.1: 48100

Such as what you can see from the following image:

48

Chapter Two
Part Six: Hyk-proxy

The above screenshot is for Firefox, and for other browsers, the http proxy settings may be a little different. That's all, and you can surf the internet anonymously and get access to the blocked sites.

Bonus:
Hyk-proxy will not work when your GAE application ID is blocked, in that case, you can connect Hyk-proxy with XMPP.

49

Chapter Two
Part Six: Hyk-proxy

To do so, you can open the "Connection" tab of the GAE plugin "Config" window, select "XMPP" as the connection mode and add your XMPP account (such as GTalk). Besides, you can also connect Hyk-proxy with HTTPS mode or HTTP proxy, but XMPP is the fastest and best.

50

Chapter Two
Part Seven: Snova

Part Seven: Snova


Among GAppProxy, Goagent, Hyk-proxy and Snova these 4 popular GAE proxies, Snova is the best, since it supports HTTPS well. Besides, it is also available for you to use in the following 6 different ways. 1. To use Snova directly

As default, Snova can automatically connect to some random GAE apps shared by others, so that you can just download the Snova client and run it. 2. To use Snova on your own GAE app

51

Chapter Two
Part Seven: Snova

Instead to use others' apps, you can also create your own ones, and upload the Snova server to them to run the proxy service. Again, none of the above 2 ways are available for you to visit HTTPS links, and to do so, you need install the C4 plugins on any of the following 4 PaaS platforms: 3. To use Snova on Cloud Foundry

52

Chapter Two
Part Seven: Snova

Cloud Foundry is available for you to run the Snova c4 plugin in an instance with 4-core CPU, 2 G disk, and 512M memory, no bandwidth limit. 4. To use Snova on Heroku

53

Chapter Two
Part Seven: Snova

The network bandwidth limit of Heroku is 2TB/month. 5. To use Snova on OpenShift

OpenShift is available for you to create up to 3 apps, and each of which will run in an instance of 1GB disk and 512MB memory. 6. To use Snova on Jelastic

54

Chapter Two
Part Seven: Snova

With Jelastic, you can choose to build your C4 plugin on Servint, Dogado, Rusonyx or some other hosted service provider, and deploy the c4 plugin on its website directly without entering any command lines. For the C4 plugins, you need to use the "snova-c4-heroku-server-xxx.zip" file on Heroku, and use the "snova-c4-server-xxx.zip" file on the other 3 PaaS platforms. By the way, besides to use Snova on GAE, Cloud Foundry, Heroku, OpenShift or Jelastic separately, you can also use on one, more or even all of them together, as well as to use multiple apps on each of them.

55

Chapter Two
Part Seven Section One: The Easiest Ways To Use Snova

Part Seven Section One: The Easiest Ways To Use Snova


Whether Hyk-proxy, Goagent, Snova or any other GAE proxy, you need to deploy their servers to your GAE apps before you can use them as mentioned before. But it may be even hard for someone to create an account on GAE, and which is not available in Iran at all. In that case, you can use Hyk-proxy and Snova according to the following ways directly with the default GAE apps shared by others:

1. The easiest ways to use Hyk-proxy

On the Hyk-proxy Downloads page, you can download "hyk-proxy-0.9.4.1.zip" or "hyk-proxy-install_0.9.4.1.exe" (for Windows only), and extract or install to use the proxy service on Windows and/or Mac. 1.1 On Windows On Windows, you can double-click the "startgui.bat" file in the "bin" directory of the extracted folder "hyk-proxy-0.9.4.1", or run "Start hyk-proxy (GUI)" if you have installed "hyk-proxy-install_0.9.4.1.exe". 1.2 On Mac On Mac, you can open the Terminal application and enter the following command line:

56

Chapter Two
Part Seven Section One: The Easiest Ways To Use Snova

sh /the-path-to/startgui.sh

Or you can just drag the "startgui.sh" file from the "hyk-proxy-0.9.4.1" and drop it behind the "sh" command. Whichever way you are using, you can open the Hyk-proxy client, click on the "Start" button, and run the proxy service.

2. The easiest ways to use Snova

Which will be nearly same as what you do with Hyk-proxy. On the Snova Downloads webpage, you can just download and extract "snova-xxx.zip" to use the proxy service on Windows and/or Mac. 2.1 On Windows On Windows, you can double-click the "startgui.bat" file in the "bin" directory of the "snova-xxx" folder. 2.2 On Mac

57

Chapter Two
Part Seven Section One: The Easiest Ways To Use Snova

On Mac, you can open the Terminal application and enter the following command line: sh /the-path-to/startgui.sh

Or you can just drag the "startgui.sh" file from the "snova-xxx" folder and drop it behind the "sh" command. Whichever way you are using, you can open the Snova client, click on the "Start" button, and run the proxy service. By the way, the above direct ways are not available for GAppProxy or Goagent, since the GAppProxy's default GAE app "fetchserver1" is over its serving quota, and Goagent does not offer a default GAE app at all.

58

Chapter Two
Part Seven Section Two: How To Use Snova On GAE

Part Seven Section Two: How To Use Snova On GAE


As mentioned before, the Hyk-proxy GAE service won't be updated any more, since the developer stops to work on a new project Snova. Similar to Hyk-proxy, Snova is also a web proxy based on GAE, but it works for HTTPS very well, when running on CloudFoundry, Heroku, OpenShift and some other PaaS (Platform as a service) platforms. The following will show you how to install and use Snova on GAE, which are nearly same as what you do with Hyk-proxy.

1. Create a GAE application

Sign in your GAE account and create an application ID which is available.

2. Generate a new application-specific password

59

Chapter Two
Part Seven Section Two: How To Use Snova On GAE

On the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications and sites", and generate a new application-specific password. But you can skip this step if you do not use 2-step verification for your Gmail account.

3. Download Java and Google App Engine SDK for Java

If you haven't gotten these two softwares on hand as mentioned before, you can download Java on its official website, and download Google App Engine SDK for Java from Google Code. By the way, on Mac, you only need to download and extract the Google App Engine SDK for Java package, since Java is pre-installed. What is more, besides Java, Snova also supports the Go language, so that you can download Go and Google App Engine SDK for Go instead.

60

Chapter Two
Part Seven Section Two: How To Use Snova On GAE

4. Download the Snova packages

Among the 7 packages on the Snova Downloads webpage, you can just download "snova-xxx.zip" and "snova-gae-jserver-xx.zip" for Java. After that, extract the zip files you download.

5. Deploy task
Like Hyk-proxy, on Windows, you can run the "install.bat" file in the "snova-gae-jserver-xx" folder; and on Mac/Linux, you can open the Terminal application and enter the following command line: sh /the-path-to/install.sh

Or you can just drag the "install.sh" file from the "snova-gae-jserver-xx" folder and drop it behind the "sh" command. After that, you can see an "AppEngine AppCfg GUI Wrapper" window, such as the following:

61

Chapter Two
Part Seven Section Two: How To Use Snova On GAE

In the window, you can define the location of the "Google App Engine SDK for Java" folder, enter your GAE app ID, select the "snova-gae-jserver-xx" folder as AppLocation, enter your Gmail address and password, then you can click the "Deploy" button to upload the Snova server to your GAE.

6. Add GAE application ID to the Snova client


On Windows, you can double-click the "startgui.bat" file in the "bin" folder; and on Mac/Linux, you can open the Terminal application and enter the following command line: sh /the-path-to/startgui.sh

62

Chapter Two
Part Seven Section Two: How To Use Snova On GAE

Or you can just drag the "startgui.sh" file from the "snova-xxx" folder and drop it behind the "sh" command. After that, you can open the snova client window, click on the "Config" button of "GAE xxx" in the "Plugins" tab, and click the "New" button to add your APP ID, such as what you can see from the following image:

And you can add more than one App ID, after that, click the "Apply" button.

7. Start Snova

63

Chapter Two
Part Seven Section Two: How To Use Snova On GAE

When the App IDs are added, you can click the "Start" button to connect to the Snova server.

8. Edit the browser proxies


Like Hyk-proxy, when the Snova service is running, you also need to configure your browsers http proxy to below address: 127.0.0.1: 48100

Such as what you can see from the following image:

64

Chapter Two
Part Seven Section Two: How To Use Snova On GAE

The above screenshot is for Firefox, and for other browsers, the http proxy settings may be a little different. That's all, and you can surf the internet anonymously and get access to the blocked sites. But same as Hyk-proxy, Snova running on GAE still does NOT work for HTTPS links, until you run it on CloudFoundry, Heroku, OpenShift and/or some other PaaS platforms, which will be introduced later, stay tuned.

65

Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry

Part Seven Section Three: How To Use Snova On Cloud Foundry


As mentioned before, Snova still does NOT work for HTTPS, until you run it on Cloud Foundry, Heroku, OpenShift and/or some other PaaS platforms. So, the following will show you how to install and use Snova on Cloud Foundry with 7 easy steps:

1. Create a Cloud Foundry account

On the Cloud Foundry signup page, enter your email address to request a invite, which will be sent to your Inbox with login username and password soon.

2. Install vmc

66

Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry

Vmc is the command-line interface based on Ruby and RubyGems for you to configure your applications and deploying them to Cloud Foundry. For Windows, Ubuntu, Debian or some other systems, you can check out the official instructions, the following will show you how to install vmc on Mac. Open the Terminal application, enter the following command line: sudo gem install vmc

And enter your Mac password if necessary, then you can install vmc. By the way, the installation will take a few minutes and you won't see anything until the gem is installed.

3. Download snova-c4-server-xxx.war

67

Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry

On the Snova Downloads webpage, download the "snova-c4-server-xxx.war" file and put it into a new empty folder, such as "snova-c4-server" used for the following step.

4. Deploy Snova c4 server to Cloud Foundry

68

Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry

Open the Terminal application, enter the following command line: cd /the-parth-to/snova-c4-server

You can also just drag the "snova-c4-server" folder and drop it behind the "cd" command. After that, you can start to configure and deploy the Snova c4 server to Cloud Foundry by entering the following command lines one by one: vmc target api.cloudfoundry.com vmc login (To enter your Cloud Foundry username and password) vmc push free-nuts (To replace free-nuts with any name you like for the Cloud Foundry app) Would you like to deploy from the current directory? [Yn]: (To enter y)

69

Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry

Detected a Java Web Application, is this correct? [Yn]: (To enter y) Application Deployed URL [free-nuts.cloudfoundry.com]: (To press the RETURN key) Memory reservation (128M, 256M, 512M, 1G, 2G) [512M]: (To press the RETURN key) How many instances? [1]: (To press the RETURN key) Create services to bind to 'free-nuts'? [yN]: ( To enter n) Would you like to save this configuration? [yN]: (To enter y) If all the results are OK, you can visit the page of the following link: free-nuts.cloudfoundry.com

And if you can see something like the following: Welcome to snova-c4 server xxx!

Then you have successfully deployed the Snova server to Cloud Foundry.

5. Configure the Snova c4 client

70

Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry

Find and open the "c4-client.conf" file via the following path: .../snova-xxx/plugins/c4/conf/c4-client.conf

And uncomment the "WorkerNode [1]" line by changing "xyz" to your Cloud Foundry app name.

6. Configure snova.conf

71

Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry

Find and open the "snova.conf" file via the following path: .../snova-xxx/conf/snova.conf

And change the "ProxyService" value from "GAE" to "C4".

7. Start Snova

72

Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry

After that, you can start Snova, and if you can see the following message: Start plugin:C4 Success

Then you can visit the HTTPS links normally.

73

Chapter Two
Part Seven Section Four: How To Use Snova On Heroku

Part Seven Section Four: How To Use Snova On Heroku


In the last post, we have learned how to install and use Snova on Cloud Foundry, this post will show you how to do that on Heroku. Since Heroku is also a PaaS platform, the steps will like what you do on Cloud Foundry, as what you can see from the following:

1. Create a Heroku account

On this Heroku page, enter your email address and sign up an account.

2. Install Heroku Toolbelt

74

Chapter Two
Part Seven Section Four: How To Use Snova On Heroku

After signup, you can receive an email, click the long confirmation link inside, download the Heroku Toolbelt app and install it on your computer.

3. Download snova-c4-heroku-server-xxx.zip

On the Snova Downloads webpage, download the "snova-c4-heroku-server-xxx.zip" file and extract it.

4. Deploy Snova c4 server to Heroku

75

Chapter Two
Part Seven Section Four: How To Use Snova On Heroku

Open the Terminal application, enter the following command line: cd /the-parth-to/snova-c4-heroku-server-xxx

You can also just drag the "snova-c4-heroku-server-xxx" folder and drop it behind the "cd" command. After that, you can start to configure and deploy the Snova c4 server to Heroku by entering the following command lines one by one: heroku login (To enter your Heroku account email and password) git init git add . git commit -m "init" heroku create --stack cedar git push heroku master At the end of the results, you can find a random URL like the following: http://obscure-tundra-1542.herokuapp.com/

76

Chapter Two
Part Seven Section Four: How To Use Snova On Heroku

Visit the page of the URL, and if you can see something like the following: Welcome to snova-c4 server xxx!

Then you have successfully deployed the Snova server to Heroku.

5. Configure the Snova c4 client

Find and open the "c4-client.conf" file via the following path: .../snova-xxx/plugins/c4/conf/c4-client.conf

And uncomment the first "WorkerNode [0]" line by changing "xyz" to what you get in Step 4 (such as "obscure-tundra-1542").

77

Chapter Two
Part Seven Section Four: How To Use Snova On Heroku

6. Configure snova.conf

Find and open the "snova.conf" file via the following path: .../snova-xxx/conf/snova.conf

And change the "ProxyService" value from "GAE" to "C4".

7. Start Snova

78

Chapter Two
Part Seven Section Four: How To Use Snova On Heroku

After that, you can start Snova, and if you can see the following message: Start plugin:C4 Success

Then you can visit the HTTPS links normally.

79

Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift

Part Seven Section Five: How To Use Snova On OpenShift


To install and use Snova, you can check out this post for GAE, this one for Cloud Foundry and this one for Heroku. The following will show you how to install and use Snova on OpenShift, another PaaS platform like the above 3 mentioned.

1. Create an OpenShift account

On the signup page of OpenShift, you can enter your email address, password and the CAPTCHA code to create an account.

2. Download snova-c4-server-xxx.war

80

Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift

On the Snova Downloads webpage, download the "snova-c4-server-xxx.war" file and put it into a new empty folder, such as "openshift" used for the following steps.

3. Install rhc

On Mac, you can install rhc with the following command line: sudo gem install rhc

On Windows and Linux, you can check out the official page for the instructions.

81

Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift

4. Deploy Snova c4 server to OpenShift

On the Terminal application, you can enter the openshift folder with the command line: cd /the-parth-to/openshift

Or you can just drag the "openshift" folder and drop it behind the "cd" command. After that, you can start to configure and deploy the Snova c4 server to OpenShift by entering the following command lines one by one: Command line 1: rhc domain create -n freenutsdot -l xxx@gmail.com -p 123456

(To create a sub domain "freenutsdot.rhcloud.com" for your OpenShift account. Remember to change "freenutsdot" to any name you like, to change "xxx@gmail.com" to your registered email address and to change "123456" to your OpenShift password. ) Command line 2:

82

Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift

rhc app create -a fn -t jbossas-7 -p 123456

(To create an app, which name will be used before the domain created above. Remember to change "fn" to any name you like, and to change "123456" to your OpenShift password, then you can get a folder with the same name of the app (such as "fn") in your current directory (such as "openshift"). Command line 3: cd fn

(To conduct commands in the app folder created above.) Command line 4: mv ../snova-c4-server-xxx.war deployments/ROOT.war

(To move the "snova-c4-server-xxx.war" file into the "deployments" directory of the "fn" folder and rename it to "ROOT.war".) Command line 5: git rm -r src pom.xml

(To delete the src folder and the pom.xml file.) Command line 6: git init

83

Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift

(To reinitialize the app.) Command line 7: git add .

(To add the ROOT.war mode.) Command line 8: git commit -a -m "haha"

(To confirm and see the changes, you can replace "haha" with any message you like.) Command line 9: git push

(To upload the ROOT.war file to your OpenShift app.) If no error appears, you can visit the page of the following URL: http://fn-freenutsdot.rhcloud.com/

Remember to replace "fn-freenutsdot" with your app name and sub domain. And if you can see something like the following: Welcom to snova-c4 server xxx!

84

Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift

(Welcom is a typo, which should be Welcome.) Then you have successfully deployed the Snova server to OpenShift.

5. Configure the Snova c4 client

Supposing that you have installed Snova on GAE as mentioned before, then you can find and open the "c4-client.conf" file via the following path: .../snova-xxx/plugins/c4/conf/c4-client.conf

85

Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift

And enter your OpenShift app domain (such as "fn-freenutsdot.rhcloud.com") at the end line of "WorkerNode [0]". By the way, Snova supports multiple c4 plugins together, so that you can also add the domains of your Cloud Foundry and/or Heroku apps in the same "c4-client.conf" file, just make sure the numbers behind "WorkerNode" are different from each other.

6. Configure snova.conf

Find and open the "snova.conf" file via the following path: .../snova-xxx/conf/snova.conf

And change the "ProxyService" value from "GAE" to "C4". By the way, you can skip this step if you have ever done this before.

7. Start Snova

86

Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift

After that, you can start Snova, and if you can see the following message: Start plugin:C4 Success

Then you can visit the HTTPS links normally, as what you can do with the Cloud Foundry or Heroku plugins.

87

Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic

Part Seven Section Six: How To Use Snova On Jelastic


As mentioned before, you can run the Snova proxy on Cloud Foundry, Heroku, OpenShift and Jelastic PaaS platforms, with the C4 plugins. Among these 4 PaaS platforms, Jelastic is the easiest way to install the C4 plugin, since you do NOT need to use any command lines, as what you can see from the following detailed steps:

1. Download snova-c4-server-xxx.war

On the Snova Downloads webpage, download the "snova-c4-server-xxx.war" file, and you can skip this step if which you have done before.

2. Create a Jelastic account

88

Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic

On the Jelastic homepage, enter your email address to sign up an account, which login username and password will be emailed to you soon.

3. Create your Jelastic app domain

89

Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic

After login, you can see an "Environment topology" window, on which, you can enter an "Environment name" (such as "freenuts"), which will generate you one Jelastic app domain (such as "freenuts.jelastic.servint.net"), and then click the "Create" button.

4. Upload snova-c4-server-xxx.war

Click the "Upload" button, and browse to upload the "snova-c4-server-xxx.war" file you downloaded. By the way, you can enter anything into the "Comment" box if you like.

5. Deploy Snova c4 server to Jelastic

90

Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic

Moving the cursor over the name of the uploaded "snova-c4-server-xxx.war" file, you can see a yellow icon, clicking on which, you can see the Environment name, clicking on which, you can see a pop-up window, and clicking on its "Deploy" button directly without changing anything, then you can deploy the C4 plugin to Jelastic.

6. Configure the Snova c4 client

91

Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic

Supposing that you have installed Snova on GAE as mentioned before, then you can find and open the "c4-client.conf" file via the following path: .../snova-xxx/plugins/c4/conf/c4-client.conf

And enter your Jelastic app domain (such as "freenuts.jelastic.servint.net") at the end line of "WorkerNode [0]". By the way, Snova supports multiple c4 plugins together, so that you can also add the domains of your Cloud Foundry, Heroku, and/or OpenShift apps in the same "c4-client.conf" file, just make sure the numbers behind "WorkerNode" are different from each other.

92

Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic

7. Configure snova.conf

Find and open the "snova.conf" file via the following path: .../snova-xxx/conf/snova.conf

And change the "ProxyService" value from "GAE" to "C4". By the way, you can skip this step if you have ever done this before.

8. Start Snova

93

Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic

After that, you can start Snova, and if you can see the following message: Start plugin:C4 Success

Then you can visit the HTTPS links normally, as what you can do with the Cloud Foundry, Heroku and/or OpenShift plugins.

94

Chapter Two
Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings

Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings
Whether Freegate, Tor, Snova or any other proxy clients or SSH tunnels, you need to change the network proxy settings before you can use them to unblock those blocked sites. Although their proxy addresses are same (127.0.0.1), their ports are usually different, for example, Freegate is 8580, Tor is 9050, Snova is 48100, etc., instead to change the port value manually every time when transferring one proxy to another, you can use the following 2 free extensions to do that automatically.

1. SwitchySharp

SwitchySharp (or Proxy SwitchySharp) is a Chrome extension. After installation, you can see a new tab of SwitchySharp Options, on which, you can enter a proxy's name as the Profile Name, and set the Manual Configuration. For FreeGate, GappProxy, Goagent, Hyk-proxy, Snova or UltraSurf, you can enter 127.0.0.1 together with its port in the HTTP Proxy column and check the "Use the same proxy server for all protocols" box; for Tor or SSH, you can just enter 127.0.0.1 together with port 9050 or 7070 in the SOCKS Hosts (SOCKS v4) column.

95

Chapter Two
Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings

After that, click the "Save" button, then, you can click on the SwitchySharp icon in the Toolbar, and select the Profile Name to use the proxy service. Bonus: To find an alternative Chrome extension, you can check out Proxy Switchy, which is nearly same as SwitchySharp, but not so popular.

2. FoxyProxy Standard

FoxyProxy Standard is a Firefox extension. After installation, you can see the extension icon in both Navigation Toolbar and Add-on Bar, click on which, you can start to add proxy configuration by clicking on the "Add New Proxy" button in the settings window. For FreeGate, GappProxy, Goagent, Hyk-proxy, Snova or UltraSurf, you can enter 127.0.0.1 together with its port in the Host or IP Address column of the Proxy Details tab. And for Tor or SSH tunnel, you also need to check the "SOCKS proxy?" box as well as the "SOCKS v4/4a" box. For better experience, you can enter the proxy service's name as Proxy Name in the General tab if you like. After that, click the "OK" button, then you will see a new pop-up with the following message:

96

Chapter Two
Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings

You didn't enter and enable any whitelisted (inclusive) URL patterns. This means the proxy won't be used unless FoxyProxy is set to "Use Proxy tor for all URLs". Continue anyway?

Just click on the "OK" button, then you can select the proxy name from the "Select Mode" column in the top of the settings window and use its proxy service. Bonus: AutoProxy is also a free Firefox add-on like FoxyProxy Standard. By the way, whichever extension you are using, you can add some rules to or not to visit some sites via proxy if you like, and then FoxyProxy Standard won't ask you if to "Continue anyway?" any more.

97

Chapter Three
Free VPN Services

Chapter Three
Free VPN Services

While proxy can be taken as a carrier, who helps delivery your message to another person, VPN (Virtual Private Network) will be like the person's office staff, who also helps you delivery your message to that person. While proxy only works for the application you assign to, and basically the browsers only, VPN will works for your entire device, whether browsers, email clients, app stores or any other application that connects to the internet. While you need to set the browser HTTP proxy addresses to use a proxy service, you don't need to do that with VPN services. So, generally speaking, VPN is safer than Proxy. Image Credit: http://en.wikipedia.org/wiki/Virtual_private_network

98

Chapter Three
Part One: Free PPTP VPN Services

Part One: Free PPTP VPN Services


As one of the methods to implement VPN, PPTP (Point-to-Point Tunneling Protocol) is very easy to build and use. But hosting is expensive, so that there are not so many free PPTP VPN services, among which, the following 10 are the best up till now: 1. SecurityKISS

On any download page of the SecurityKISS website, you can enter your email address and get 2 PPTP/L2TP VPN accounts in your Inbox, one is from USA, the other is from UK. Besides, you can also sign in your SecurityKISS account with the username and password received to get

99

Chapter Three
Part One: Free PPTP VPN Services

more VPN servers from USA, UK, France and/or some other countries. And besides PPTP/L2TP, SecurityKISS also offers free OpenVPN services for Windows, Mac/Linux systems. By the way, no matter which or how many VPN services you are using, the free traffic data is up to 300 MB per day. 2. Super Free VPN

Open the Super Free VPN website, you can see the account, which server and username are fixed, while password will be changed in up to 8 hours. By the way, in case the "superfreevpn.com" domain is blocked in your area (such as China), you can change it to the following IP address: 69.60.121.29

3. JustFreeVPN

100

Chapter Three
Part One: Free PPTP VPN Services

Open the JustFreeVPN website, you can see 3 free PPTP VPN accounts, one is from USA, one is from UK, and one is from CA. For different accounts, their servers are different, usernames are all "justfreevpn", and passwords will be changed in uncertain times. 4. UFreeVPN

101

Chapter Three
Part One: Free PPTP VPN Services

The UFreeVPN website offers one USA, one UK and one CA free PPTP VPN services, which servers are different, but usernames and passwords are fixed, so that you do not need to change passwords often. 5. NewFreeVPN

102

Chapter Three
Part One: Free PPTP VPN Services

On 3 different pages of the NewFreeVPN website, you can find out 3 different free PPTP VPN accounts, one is from US, one is from UK, and one is from Canada, the servers of them are different, but the username (free) and password (1234) are same. 6. Tsunagarumon

Tsunagarumon is a Japanese free PPTP VPN. On the Entry page, enter your email address, check to agree the service terms, click on the red button, double-check your email address, and click on the next red button, then you can get an email from Tsunagarumon. Clicking on the link in the email, you can receive your free PPTP VPN account soon. 7. FreeCanadaVPN

103

Chapter Three
Part One: Free PPTP VPN Services

FreeCanadaVPN is a Canada PPTP VPN, which server is "freecanadavpn.com", username is "free", and password will be changed and displayed on the right top of the page irregularly. 8. BestUKVPN

As the name, BestUKVPN is a UK PPTP VPN, which server is "bestukvpn.com", username is "free" and

104

Chapter Three
Part One: Free PPTP VPN Services

password will be updated irregularly. 9. Zace Book

As a Romania free PPTP VPN, Zace Book's server is "vpn.zacebook.com", username is "VPN", and password will be updated every one or two days. 10. VPN Book

105

Chapter Three
Part One: Free PPTP VPN Services

VPN Book is also a Romania VPN, which PPTP server is "pptp.vpnbook.com", username is "pptp", and password will be changed every one or two days. Besides PPTP, VPN Book also offers free OpenVPN services. Among the above 10 free PPTP VPN services, SecurityKISS is the best, but only with 300 MB traffic per day. Bonus: Like Super Free VPN mentioned before, if the server host name of any other free PPTP VPN is blocked in your area, you can ping and change it to the server's IP address.

106

Chapter Three
Part Two: Free VPN Softwares

Part Two: Free VPN Softwares


Different from PPTP VPN Services, desktop VPN softwares require downloading and installation. Most VPN softwares are not free, but luckily, you can check out the following best 6 free ones:

1. SecurityKiss

The VPN software SecurityKiss works for Windows only, but brings you 300MB of data transfer per day for free. No registration is required, you can just download and install the SecurityKiss software, then run and connect it. If the connection fails, you can try to select another VPN server.

2. ProXPN

107

Chapter Three
Part Two: Free VPN Softwares

The VPN software ProXPN is workable for Windows and Mac computers. Create a ProXPN account, download, install and run the software, then you can connect the VPN service with your username and password, but there will be a ProXPN landing page before you can visit the site you intend to.

3. Private Tunnel

108

Chapter Three
Part Two: Free VPN Softwares

Private Tunnel is a OpenVPN service, workable on Windows and Mac. You can create an account, download the OpenVPN Connect package, choose to connect the San Jose, CA (US), London (UK) or Zurich (CH) server, then you can use the Private Tunnel service, but only 100 MB free traffic.

4. Hotspot Shield

109

Chapter Three
Part Two: Free VPN Softwares

With English, French, Chinese and some other languages support, Hotspot Shield offers a free VPN solution with unlimited bandwidth for Windows and Mac. Just download and install the software, then you can run and connect the VPN service, but there will be ads on the top of the webpages you visit.

5. ExpatShield

110

Chapter Three
Part Two: Free VPN Softwares

Like Hotspot Shield, ExpatShield is also a free VPN software offers unlimited bandwidth with ads and supports multiple languages. But ExpatShield is only workable for Windows computer system.

6. Cloak VPN

111

Chapter Three
Part Two: Free VPN Softwares

Cloak VPN supports Mac, iPhone and iPad. After registration, download the right Cloak VPN clients according to your device operating systems, then you can connect and use the VPN service directly. By the way, you can use the Cloak VPN services on both of your OS and iOS devices with up to 1G traffic and 2 hours EVERY month as a free user. Among the above 6 free VPN softwares, I prefer to use SecurityKiss and ProXPN, how about you? Which ones are your favorite?

112

Chapter Three
Part Three: How To Build A VPN

Part Three: How To Build A VPN


Want to build your own VPN instead to use others', whether free or not? If you've already had a VPS, cloud computing or dedicated server, and the Terminal application of Mac, or the Putty tool for Windows, you can start to build VPN services, whether PPTP, L2TP or OpenVPN types.

The following will show you how to build a PPTP, L2TP and OpenVPN on a VPS based on the Mac Terminal application in 3 separate posts. First of all, run your Terminal, and enter the following command: ssh root@xxx.xxx.xxx.xxx Just replace "xxx.xxx.xxx.xxx" with your VPS' IP, such as "178.18.17.212". Then you will see the following message: Are you sure you want to continue connecting (yes/no)? Enter "yes" and press the "Return" key, then, enter your password and press the "Return" key. P.S.: If you've rebuilt your VPS, you may meet the following error: Host key verification failed. In that case, enter the following command at first:

113

Chapter Three
Part Three: How To Build A VPN

ssh-keygen -R xxx.xxx.xxx.xxx Remember to replace "xxx.xxx.xxx.xxx" with your VPS' IP address. After that, you can start to build your own VPN.

114

Chapter Three
Part Three Section One: How To Build A PPTP VPN

Part Three Section One: How To Build A PPTP VPN

After connecting to your server via SSH, you can build your own PPTP VPN with the following 8 steps: 1. Install PPTPD Install the PPTPD package with the following command: apt-get install pptpd

2. Edit the VPN interface IP addresses Open the pptpd.conf file with the following code: nano /etc/pptpd.conf

Press the Enter key, find and uncomment the following 2 lines:

115

Chapter Three
Part Three Section One: How To Build A PPTP VPN

#localip 192.168.0.1 #remoteip 192.168.0.234-238,192.168.0.245

3. Edit DNS addresses Enter the following command: nano /etc/ppp/pptpd-options

Find the following codes: #ms-dns 10.0.0.1 #ms-dns 10.0.0.2

And change them to the following ones: ms-dns 8.8.8.8 ms-dns 8.8.4.4

4. Add VPN accounts Enter the following command: nano /etc/ppp/chap-secrets

Press the Return key and enter the following information:

116

Chapter Three
Part Three Section One: How To Build A PPTP VPN

username pptpd password *

For example: freenuts pptpd 123456 *

5. Forward IPv4 Enter the following command: nano /etc/sysctl.conf

Press the Return key, find and uncomment the following line: #net.ipv4.ip_forward=1

6. Apply the forward Your forward change won't be active immediately, and you need to apply it with the following commend: sysctl -p

If everything is correct, then you can see the following result: net.ipv4.ip_forward = 1

117

Chapter Three
Part Three Section One: How To Build A PPTP VPN

7. Allow the routing Copy and paste the following command: iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

Press the Return key to run the command. 8. Restart PPTPD Copy and paste the following command: /etc/init.d/pptpd restart

Press the Return key, then you can use your PPTP VPN with the username and password you've set before.

118

Chapter Three
Part Three Section Two: How To Build A L2TP VPN

Part Three Section Two: How To Build A L2TP VPN

To build an L2TP/IPSec VPN, you can follow the following 6 steps: 1. Install OpenSwan Enter the following command lines one by one: aptitude install build-essential

aptitude install libgmp3-dev gawk flex bison

wget http://www.openswan.org/download/openswan-2.6.35.tar.gz

tar xzvf openswan-2.6.35.tar.gz

119

Chapter Three
Part Three Section Two: How To Build A L2TP VPN

cd openswan-2.6.35

make programs

make install

Remember to press the "Return" key when entering any one of the above lines. By the way, 2.6.35 is the latest version during my test, and you can check the OpenSwan website to see if there is a new version later, if yes, you can use it instead. 2. Edit IPSec Firstly, open the ipsec.conf file with the following command: vi /etc/ipsec.conf

Delete all the existing contents, and paste the following ones: version 2.0 config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0 /12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off protostack=netkey conn %default

120

Chapter Three
Part Three Section Two: How To Build A L2TP VPN

forceencaps=yes conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=YOUR.VPS.IP.ADDRESS leftprotoport=17/1701 right=%any rightprotoport=17/%any

Remember to change YOUR.VPS.IP.ADDRESS to your VPS IP address, such as 178.18.17.30 for this tutorial. Secondly, open the ipsec.secrets file with the following code: vi /etc/ipsec.secrets

And insert the following content: YOUR.VPS.IP.ADDRESS %any: PSK "YourSharedSecret"

For example: 178.18.17.30 %any: PSK "123456abcdef"

121

Chapter Three
Part Three Section Two: How To Build A L2TP VPN

Thirdly, enter the following command lines one by one: for each in /proc/sys/net/ipv4/conf/* do echo 0 > $each/accept_redirects echo 0 > $each/send_redirects done

Remember to press the "Return" key after every command line. Fourthly, restart IPSEC with the following command: service ipsec restart

3. Install L2TP Go back to the root directory, and install the L2TP package with the following command line: aptitude install xl2tpd

After installation, open the conf file with the following code: vi /etc/xl2tpd/xl2tpd.conf

Delete all the existing content and paste the following one: [global]

122

Chapter Three
Part Three Section Two: How To Build A L2TP VPN

; listen-addr = 192.168.1.98 [lns default] ip range = 10.1.1.2-10.1.1.255 local ip = 10.1.1.1 require chap = yes refuse pap = yes require authentication = yes name = LinuxVPNserver ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes

4. Set up xl2tpd Enter the following command: vi /etc/ppp/options.xl2tpd

Then insert the following codes: require-mschap-v2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 asyncmap 0 auth crtscts lock hide-password modem debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4

123

Chapter Three
Part Three Section Two: How To Build A L2TP VPN

After that, open the chap-secrets file: vi /etc/ppp/chap-secrets

And insert the following content: username l2tpd password *

For example: freenuts l2tpd 123456 *

Then, restart L2TP: service xl2tpd restart

5. IP forward Enter the following command: vi /etc/sysctl.conf

Press the "Return" key, find the line of "#net.ipv4.ip_forward=1" and uncomment it. After that, enter the following command:

124

Chapter Three
Part Three Section Two: How To Build A L2TP VPN

sysctl -p

Press the "Return" key, then you will only see "net.ipv4.ip_forward=1" as the result if everything is right. After that, enter the following command: iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE

6. For reboot Now, you can connect your L2TP/IPSec VPN, but if you reboot your VPS, your forwarding settings will be gone, to avoid this, you can enter the following command: vi /etc/rc.local

Press the "Return" key and paste the following contents before the "exit 0" line: for each in /proc/sys/net/ipv4/conf/* do echo 0 > $each/accept_redirects echo 0 > $each/send_redirects done iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE /etc/init.d/ipsec restart

Save it, then you are done.

125

Chapter Three
Part Three Section Three: How To Build An OpenVPN

Part Three Section Three: How To Build An OpenVPN

It is also easy to build an OpenVPN with the following 9 steps: 1. Install OpenVPN Enter the following command to install OpenVPN: apt-get install openvpn

2. Move easy-rsa into the correct place Enter the following command: cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn

126

Chapter Three
Part Three Section Three: How To Build An OpenVPN

Press the "Return" key, then you can move the easy-rsa folder to the OpenVPN directory. 3. Generate keys Enter the following commands one by one: cd /etc/openvpn/easy-rsa/2.0 . ./vars ./clean-all ./build-ca ./build-key-server server ./build-key client ./build-dh

Remember to press the "Return" key at each line, and answer "yes" to all "yes/no" questions: 4. Apply iptables rules Enter the following command: vi /etc/sysctl.conf

Press the "Return" key, find the line of "#net.ipv4.ip_forward=1" and uncomment it. After that, enter the following code: sysctl -p

127

Chapter Three
Part Three Section Three: How To Build An OpenVPN

Then you will see the following message as a result: net.ipv4.ip_forward=1

Then create iptables rules with the following command: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 178.18.17.142

Remember to replace "178.18.17.142" with the actual IP address of your server. 5. Create the VPS OpenVPN configuration file Enter the following command: # vi /etc/openvpn/server.conf

And paste the following contents: port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" client-to-client duplicate-cn keepalive 10 120

128

Chapter Three
Part Three Section Three: How To Build An OpenVPN

comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log verb 3

6. Start OpenVPN You can start OpenVPN with the following command: # /etc/init.d/openvpn start

7. Create the PC OpenVPN configuration file Enter the following command: vi /etc/openvpn/easy-rsa/2.0/keys/client.conf

And insert the following contents: client dev tun proto udp remote 178.18.17.142 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt

129

Chapter Three
Part Three Section Three: How To Build An OpenVPN

key client.key comp-lzo verb 3 redirect-gateway script-security 2

Remember to replace "178.18.17.142" with your own VPS' IP address. 8. For reboot In order to redo the above iptables settings when you reboot your VPS, you can enter the following command: vi /etc/rc.local

And insert the following contents above the line of "exit 0" : iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 178.18.17.142 openvpn /etc/openvpn/server.conf

Remember to replace "178.18.17.142" with the actual IP address of your VPS. 9. Download some things to your PC You need to download the following 4 files to your local PC: client.conf ca.crt client.crt client.key To do so, you can use Fetch (for Mac), WinSCP (for Windows) or some other SFTP software.

130

Chapter Three
Part Three Section Three: How To Build An OpenVPN

When it is finished, go to the root of your user name, and move the 4 download files to your local OpenVPN configurations folder, then your own OpenVPN is ready.

131

Chapter Three
Part Four: How To Set Up VPN

Part Four: How To Set Up VPN


When getting a VPN service, whether free or not, how to use it on your computers, table computers or smart phones? For those desktop VPN software (such as SecurityKISS), you just need to install and run them according to their instructions, and for those VPN services without installation (such as PPTP), you can check out the Setup Instruction Pages of StrongVPN, which will show you how to set up PPTP, L2TP and OpenVPN Accounts on computers (including Windows, Mac OS, Linux, etc.), table computers (such as iPad), mobile phones (including iPhone, Android, WebOS, etc.) and nearly all the popular devices and systems, with videos or screenshots. The following are 3 key steps you should know during the setup process:

I. To find out the types of your VPN service


Make sure that if your VPN service is PPTP, L2TP/IPSec or OpenVPN.

II. To get the information which you need to set up VPN


When you get a PPTP or L2TP VPN service, you will need the following information to set it up: 1. The server address: host name (such as us6.macrovpn.com) or IP address (such as 74.86.150.154),

132

Chapter Three
Part Four: How To Set Up VPN

2. Your username, 3. Your password, 4. Your Shared Secret (for L2TP only). By the way, when the host name is blocked in your area, you can try to replace it with the IP address. And when you get an OpenVPN, you can run it with or without username and password after download.

III. The key step to set up VPN


The most difficult step for VPN setup is to find out where to add your PPTP/L2TP VPN account information. For example, to set up PPTP VPN in Windows XP, you need to find the "Virtual Private Network connection" option according to the following path: Network Connections -> New Connection Wizard -> Connect to the network at my workplace -> Virtual Private Network connection

On the option page, enter your host name or IP address, and then you can connect the VPN with your username and password. For the step-by-step tutorials of how to set up VPN in your computer and mobile phone, you can check out the links of StrongVPN as mentioned in the beginning of this post.

133

Chapter Four
Free SSH Services

Chapter Four
Free SSH Services
In my opinion, SSH (Secure Shell) is a proxy server indeed, but safer. While proxy can be taken as a carrier who helps delivery your message to another person, SSH will be like to put the message in a locked box before passing it to the carrier, and only you have to key. Although it is easy to build a SSH tunnel, which will cost some money, since you need a VPS, cloud computing or dedicated server to do that, like what you need to build a VPN.

134

Chapter Four
Part One: Free SSH Tunnels

Part One: Free SSH Tunnels


Since it is expensive to build a SSH tunnel, there are not so many free ones. But luckily, you can find the following best 5 for reference anyway:

1. Alidage

On the Alidage homepage, you can enter your email address, and press the Enter key, the you can get your free SSH tunnel account via email. The password will be changed every one hour, then you will need to enter your email address again to get the new one. 2. Onlybird

135

Chapter Four
Part One: Free SSH Tunnels

The Onlybird website offers 2 different free SSH tunnel accounts, which you can see directly by clicking on the above link. By the way, the password will be changed every 4 hours, and the server port is 9999, instead of the default 22. 3. BlueSSH

136

Chapter Four
Part One: Free SSH Tunnels

BlueSSH offers one free SSH tunnel account, which you can see on the free account page. The server port is 80 or 443, and the password will be changed every half an hour. 4. Usassh

137

Chapter Four
Part One: Free SSH Tunnels

Usassh offers 2 free SSH severs, but the one with 22 port was not available now. And the other one with port 80 or 443 will update its password every o'clock. While the above 4 websites are all Chinese, the following one is English: 5. Tor VPN

138

Chapter Four
Part One: Free SSH Tunnels

On the Tor VPN website, you can sign up the Trial account and get a free SSH tunnel for one month, with up to 1 GB traffic. By the way, besides SSH, you can also have a free OpenVPN account. Among the above 4 free SSH tunnels, Tor VPN is blocked in China, but the other 4 are not, have fun!

139

Chapter Four
Part Two: How To Create A SSH Tunnel

Part Two: How To Create A SSH Tunnel


For most of the free SSH tunnels, their passwords will be reset every half an hour, 2 hours, 4 hours or some other time, which will be boring anyway. To avoid the issue, you can buy a paid SSH tunnel, or create your own one, which will be very easy if you've already has a VPS, cloud computing or dedicated server. The following will show you how to use your VPS to create a SSH tunnel:

Supposing that you've had a VPS, which IP is 94.249.184.93, then you can open your Terminal application and enter the following command line: ssh -N -D 7070 root@94.249.184.93

Remember to replace "94.249.184.93" with the IP address of your own VPS, and press the "Return" key, then enter your VPS account password, if nothing appear as a result, your SSH tunnel will be built successfully. By the way, if you have created a VPN in your VPS, you can still use your VPS as a SSH tunnel. But the above way is only available for you to use the SSH tunnel yourself, unless you want to share your whole VPS account with others. And to share a SSH tunnel account only with others, you can create a new and limited user instead of "root" by referring to the following 4 steps: 1. Log in your VPS root Open a Terminal window, and enter the following command: SSH root@94.249.184.93

140

Chapter Four
Part Two: How To Create A SSH Tunnel

Remember to replace "94.249.184.93" with your own VPS IP. 2. Create a group Enter the following command: groupadd internetfreedom

You can replace "internetfreedom" with any name you like. 3. Create a limited user useradd -d /home/freenutsdotcom -m -g internetfreedom -s /bin/false freenutsdotcom

The above command will create a new SSH user "freenutsdotcom" in the "internetfreedom" group, and who can't log in your VPS. 4. Create a password for the new user Enter the following command: passwd freenutsdotcom

You can enter any password (such as "123456") for the new user. Now, you can share the username and password with your friends, who can then use your VPS SSH with the following command: ssh -N -D 7070 freenutsdotcom@94.249.184.93

141

Chapter Four
Part Two: How To Create A SSH Tunnel

Remember to replace "freenutsdotcom" with the new user, and "94.249.184.93" with your own VPS IP.

142

Chapter Four
Part Three: How To Connect To SSH Tunnel

Part Three: How To Connect To SSH Tunnel


When getting a free SSH tunnel, how to connect to it? For Windows, you can install the "Tunnelier" software, and for Mac OS X, you can use "SSH Tunnel Manager", and of course, there will be some other softwares for you to do that. No matter which software you are using, you possibly will need to enter the following 4 elements of your SSH tunnel account: Server: such as "s4.alidage.org" Username: such as "guest" Password: such as "guest29080212737358" Port: such as "22" as default. The above example values are all for one of the Alidage.org SSH tunnel accounts, as what you can see from the following screenshot of SSH Tunnel Manager:

By the way, when using SSH Tunnel Manager, you will need to "Enable SOCKS4 proxy" and set the port as "7070". Besides to use those softwares mentioned before, you can also open Terminal and connect to your SSH

143

Chapter Four
Part Three: How To Connect To SSH Tunnel

tunnel with the following one command line: SSH -N -D 7070 guest@s4.alidage.org

For Windows, you can install the "Putty" software to run the above command, and for Mac OS X, you can open the Terminal application and enter the above commend directly. And if you are not using Alidage's SSH tunnel, remember to replace "s4.alidage.org" with your SSH server, and replace "guest" with its username. And if the SSH tunnel is still available, then you can enter the password and connect to it successfully, as what you can see from the following image:

The above command line is for the default port 22, if your SSH server's port is 80 or something else, then you will need to add "-p 'port'" in the command line, such as: SSH -N -p 80 -D 7070 guest@s4.alidage.org

When the connection is successful, you can open your browser and set the SOCKS Proxy Sever IP address to 127.0.0.1 with port 7070. For Chrome browser, you can find the settings page via the following path: Preference > Show advanced settings > Network > Change Proxy Settings

144

Chapter Four
Part Three: How To Connect To SSH Tunnel

Such as what you can see from the following image:

The above configuration will be also workable for Safari, and for Firefox, the configuration will be nearly the same, and you can find the proxy settings page via the following path: Preference > Advanced > Network > Settings

145

Chapter Five
The Differences Among Proxy, SSH And VPN

Chapter Five
The Differences Among Proxy, SSH And VPN
Although there are over one hundred of anti-censorship tools, most of which are Proxy, SSH and VPN. So, what are the differences among Proxy, SSH and VPN? Which one is the most safe? Let's take information transmission as a package, and comparing them with the following 3 metaphors: 1. Proxy

Proxy (or Proxy Server) can be taken as a carrier who helps delivery your package to another person. 2. SSH

146

Chapter Five
The Differences Among Proxy, SSH And VPN

As an encrypted tunnel, SSH?Secure Shell) can't bypass the internet censorship (such as GFW in China) itself, but only when integrating with Proxy servers. So, SSH here will be like to put the package into a locked box before passing it to the carrier, and only you have to key. 3. VPN

Image Credit: http://en.wikipedia.org/wiki/Virtual_private_network

147

Chapter Five
The Differences Among Proxy, SSH And VPN

While both Proxy and SSH can be taken as carriers, who help delivery your package to another person, VPN (Virtual Private Network) will be like the person's office staff, who also helps you delivery your package to that person. Supposed that your colleague is more reliable than the carrier, and all of them are built in a same server, VPN is safer than SSH, and SSH is safer than Proxy. While Proxy and SSH only work for the application you assign to, and basically the browsers only, VPN will work for your entire device, whether browsers, email clients, app stores or any other applications connected to the internet. And you need to set the browser HTTP proxy addresses to use a Proxy or SSH service, but you don't need to do that with VPN services.

148

Chapter Six
How To Access Blocked Sites With Google Reader

Chapter Six
How To Access Blocked Sites With Google Reader
As you may know that Google Reader is available for you to subscribe to the RSS feeds of websites, but do you know that it is also a good way for you to bypass the internet censorship and access blocked sites? The following will show you how to get access to a blocked site with Google Reader in 2 steps: 1. Subscribe to the RSS feed If the blocked site offers a RSS feed, you can subscribe to it directly with Google Reader:

And if not, you can visit the Page2RSS website, enter the URL of the site to generate its RSS feed:

149

Chapter Six
How To Access Blocked Sites With Google Reader

After that, copy the URL of the RSS feed and subscribe to it in your Google Reader. 2. Enable the secure browsing For the RSS feed of a blocked site, you may fail to read it on Google Reader as default, such as what you can see from the following image:

To solve the problem, you can just add "https://" at the beginning of the URL, such as what you can see from the following image:

150

Chapter Six
How To Access Blocked Sites With Google Reader

Cool, right? By the way, Google Reader is only available for you to read the RSS feed of a blocked site, and if you want to leave a comment, to post a tweet, to share on Facebook or to do some other interactions, you can check out VPN, Proxy, SSH or some other free anti-censorship tools.

151

Chapter Seven
How To Access Blocked Sites With The Hosts File

Chapter Seven
How To Access Blocked Sites With The Hosts File
To unblocked a blocked site (such as Facebook), you can check out VPN, SSH, Proxy and some other free anti-censorship tools as mentioned before. In fact, you can even unblocked blocked sites without any third-party tools, but just by changing the hosts file on your own computer. The following will show you how to change the Hosts file and unblocked the Facebook site in 3 steps: Step 1. Find the IP addresses

For Facebook, Twitter, YouTube and some other big sites, each of them usually has more than one IP address, so, how to find out all the IP addresses of a site?

152

Chapter Seven
How To Access Blocked Sites With The Hosts File

You can visit the CacheCheck page of OpenDNS, enter the domain of the site (such as facebook.com), and click on the "Check this domain" button, then you can see the site's IP addresses from all over the world. Step 2. Find one unblocked IP

Among all the IP addresses of the site, some of them may be blocked in your area, while the others are not, so how to figure them out? The most easy way is to ping them on your computers. For Windows, you can open the Command Prompt (cmd.exe), and for Mac OS, you can open the Terminal application, then enter the following command: ping 66.220.152.16

The above "66.220.152.16" is one of Facebook's IP addresses, remember to change it to the one you are going to ping. If there is a "timeout" error in the result, then the IP address is blocked in your area, if not, then you are lucky to add it to the hosts file. Step 3. Edit the hosts file

153

Chapter Seven
How To Access Blocked Sites With The Hosts File

The hosts file is something like a DNS system, so we can locate the blocked site's domains to its unblocked IP addresses and then bypass the internet censorship. For Windows, you can find the hosts file in the following address: C:\WINDOWS\system32\drivers\etc

And for Mac OS, you can find and open the hosts file by entering the following command on the Terminal application: sudo vi /private/etc/hosts

When the hosts file is opened, you can add the blocked site's unblocked IP addresses with domains in the end of the file. Take Facebook for example, you can enter the following 2 lines: 66.220.152.16 facebook.com 66.220.152.16 www.facebook.com

154

Chapter Seven
How To Access Blocked Sites With The Hosts File

Besides, you can also add more sub-domains (such as developers.facebook.com) with their unblocked IP addresses if any. After that, save the hosts file, then you can visit the Facebook site directly without any anti-censorship tools, but, you need to use "HTTPS" instead of "HTTP" in the URL, which means that you need to visit the facebook via the following URL: https://facebook.com

or https://www.facebook.com

A piece of cake, right? But, if all the IP addresses of a site are blocked in your area (for example, all the Twitter IP addresses are blocked in China), you can't unblocked it by changing the hosts file.

155

Chapter Eight
How To Access Blocked Sites Via gogoCLIENT

Chapter Eight
How To Access Blocked Sites Via gogoCLIENT
IPv4 will be out of use soon, so we have IPv6 now, and which are used by Facebook, Google, Twitter and some other famous websites blocked in China. If your broadband supports IPv6 access, then you can visit those IPv6 sites directly, if not, you can do that indirectly with some third-party tools, such as gogoCLIENT. The following will show you how to access blocked sites via gogoCLIENT:

1. Register a gogo6 account

On the gogoCLIENT page, click on the "Sign Up" button, enter your email address or connect with Facebook, Google, Twitter or some other social network and create a gogo6 account.

2. Download gogoCLIENT

156

Chapter Eight
How To Access Blocked Sites Via gogoCLIENT

After registration, log in and open the gogoCLIENT page mentioned above again, then you can down the gogoCLIENT clients. Up till now, gogoCLIENT supports 32 bit and 64 bit Windows systems with both Basic Version and Home Access Version (= basic version + home access). Besides, gogoCLIENT also supports Linux/Unix/MacOS/BSD systems with source code, which need to be installed via the MAKE command, and you can check out the Guide (PDF) file for more details. The following will show you how to use the basic version on Windows.

3. Connect gogoCLIENT

157

Chapter Eight
How To Access Blocked Sites Via gogoCLIENT

After installation, run the gogoCLIENT Utility client, and click on the "Connect" button, if the connection is successful, then you can get access to the blocked sites with IPv6 addresses via any of the following 3 ways: 3.1 Via suffix

158

Chapter Eight
How To Access Blocked Sites Via gogoCLIENT

In the end of the domain of any IPv6 supported site, add the following suffix: .sixxs.org

Take Twitter for example, you can visit its website via the following URL: http://twitter.com.sixxs.org

3.2 Via PAC

159

Chapter Eight
How To Access Blocked Sites Via gogoCLIENT

Ago, you could open the network connection settings page, select the "Automatic proxy configuration URL" option, and enter the following URL: http://gfw-proxy.co.cc/proxy.pac

Then you were able to access the blocked sites with IPv6 supported. But now, the above PAC (Proxy auto-config) file is not workable any more, and I haven't found any alternatives yet. 3.3 Via Hosts

160

Chapter Eight
How To Access Blocked Sites Via gogoCLIENT

As mentioned before, you can unblock those blocked sites by adding their IPv4 addresses into the hosts file, now with gogoCLIENT, you can also add their IPv6 addresses. On Windows, you can find the hosts file in the following address: C:\WINDOWS\system32\drivers\etc

On Max OS X, you can find and open the hosts file by entering the following command line on the Terminal application: sudo vi /private/etc/hosts

After that, visit this ipv6-hosts (Chinese) page, copy the IPv6 addresses as well as their domains of Google, YouTube, Twitter and/or some other sites listed, and paste them into the hosts file, then you can unblocked those sites. For those blocked sites which are not listed, you can find if they have any IPv6 addresses via the IPv6 Test

161

Chapter Eight
How To Access Blocked Sites Via gogoCLIENT

web app.

162

Chapter Nine
How To Check If A Site Is Blocked

Chapter Nine
How To Check If A Site Is Blocked
When you can visit site A, but not site B on a same browser with a same device at a same time, then site B must be down or blocked in your area. So, how to tell if a site is blocked or not? You can check out the following 3 ways: 1. To visit it with anti-censorship tools, 2. To ping it with command lines, 3. To test it with third-party apps. And to check out if a site is blocked in China, you can use the WebSitePulse service, which will tell you if a site is blocked in Shanghai, Beijing, Guangzhou or Hong Kong.

163

Chapter Nine
Part One: Check If A Site Is Blocked With Anti-censorship Tools

Part One: Check If A Site Is Blocked With Anti-censorship Tools

Enter the URL of the site you want to test into the address bar of your Chrome, IE, Firefox or any other browser, If you can open it with VPN, SSH, Proxy or any other anti-censorship tools, but can't without any of them, then the site must be blocked in your area. And if not, then the site must be down.

164

Chapter Nine
Part Two: Check If A Site Is Blocked By Pinging It

Part Two: Check If A Site Is Blocked By Pinging It

For Windows, you can open the Command Prompt (cmd.exe), and for Mac OS, you can open the Terminal application, then enter the following command: ping twitter.com

Remember to change the above "twitter.com" to the site you are going to ping. If there are all "timeout" errors in the result, then the site is blocked in your area or its server is down, so how to figure it out? You can run a VPN and ping the site again, if there are no or few errors, the site is blocked, and if there are still all "timeout" errors, then the site is down.

165

Chapter Nine
Part Three: Top 10 Websites For You To Check If A Site Is Blocked

Part Three: Top 10 Websites For You To Check If A Site Is Blocked


Besides to visit with anti-censorship tools and to ping it, you can also check out if a site is blocked or not with some third-party web apps directly. Among which, the following 10 are the best to tell you if a site is blocked or down:

1. Just Ping

The Just Ping website will ping the domain you enter from 50 locations around the world, unless there is no "Okey" in the result, your site is blocked in that location where the result is "Packets lost (100%)". But the results are different every time I checked, so that you'd better check more than one time.

2. Watch Mouse

166

Chapter Nine
Part Three: Top 10 Websites For You To Check If A Site Is Blocked

Watch Mouse can ping your site from 30 stations worldwide, and tell you if the site is down or blocked in the same way as Just Ping does.

3. HostTracker

167

Chapter Nine
Part Three: Top 10 Websites For You To Check If A Site Is Blocked

The HostTracker website is down now, but during yesterday's test, it can check any site you enter from tens of different locations around the world. While the above 3 websites will show you from where they check your site, the following 7 won't, but their results are also correct during my test:

4. Down For Everyone Or Just Me

On the Down For Everyone Or Just Me website, enter any domain you want to check, then you can see if the domain's site is down for everyone or just you.

5. IsUp.Me

168

Chapter Nine
Part Three: Top 10 Websites For You To Check If A Site Is Blocked

IsUp.Me is another version of Down For Everyone Or Just Me, everything are same, except the domain.

6. Down Or Not

Enter a site's domain, press the Return key, then Down Or Not will show you if the site is down or not. And you can also pick up a site listed to check if it is down or blocked.

7. Down Or Is It Just Me

169

Chapter Nine
Part Three: Top 10 Websites For You To Check If A Site Is Blocked

On the Down Or Is It Just Me website, you can see if a site is really down or not by entering its domain.

8. Checksite.Us

Enter the domain of the site you want to check, then Checksite.Us will show you if they can access the site.

9. Up Or Down

170

Chapter Nine
Part Three: Top 10 Websites For You To Check If A Site Is Blocked

The design of the Up Or Down website is simple, you enter a site, then it will show you if it is up or down.

10. DOJ.me

As the name, DOJ.me (short for Down Or Just Me) will show you if the site you want to check is down or not. If a site is up according to the above 10 websites, but you can't visit it, then the site is blocked in your area.

171

Chapter Nine
Part Four: Check If A Site Is Blocked In China With WebSitePulse

Part Four: Check If A Site Is Blocked In China With WebSitePulse


The previous 3 ways mentioned are certainly available for you to check if a site is blocked in China or not. Besides, you can also check out the WebSitePulse website, which offers a test tool Website Test behind the Great Firewall of China for you to check if your site is blocked in Shanghai, Beijing, Guangzhou or Hong Kong.

With the test tool, you can enter your site's domain, choose one of the supported Chinese locations as mentioned before, select Seattle (USA), Munich (Germany) or Brisbane (Australia) as a foreign test location, and click the "Perform Test" button, then you can get the result page, such as what you can see from the following screenshot:

172

Chapter Nine
Part Four: Check If A Site Is Blocked In China With WebSitePulse

On the result page, if there is a red "Failed" message on the left and a green "OK" on the right, then your site is blocked in the Chinese location you choose; and if there is no red message, then your site is not blocked in that location.

173

Chapter Ten
Appendix

Chapter Ten
Appendix
Whether Proxy, SSH, VPN or any other free tools mentioned in this book, their natures are to connect to the internet indirectly, anonymously and safely. But when there is internet censorship (especially GFW in China) , connection is the first considerate factor rather than security, just like what a poet said, Liberty, love! These two I need. For my love I will sacrifice life, for liberty I will sacrifice my love. What is more, the connection is still indirect, anonymous and safe when anti-censorship.

174

Chapter Ten
Part One: Top 10 Websites Blocked in China

Part One: Top 10 Websites Blocked in China


God knows how many sites are blocked in China, whether those big ones like Facebook, or those small ones like Jingpin, any site can be blocked here, for no written reasons. Listed below are 10 most popular websites blocked in China:

1. Facebook

2. Twitter

175

Chapter Ten
Part One: Top 10 Websites Blocked in China

3. YouTube

4. Blogger

5. Technorati

176

Chapter Ten
Part One: Top 10 Websites Blocked in China

6. Dailymotion

7. Picasa

177

Chapter Ten
Part One: Top 10 Websites Blocked in China

8. Plurk

9. Hellotxt

178

Chapter Ten
Part One: Top 10 Websites Blocked in China

10. Dropbox

What do you feel like when seeing the above 10 images? I feel mad and unhappy, since there is something that prevents me to access the most popular websites in the world, and I have no idea why those websites are blocked, since our governments never say why they blocked them.

179

Chapter Ten
Part Two: Countries That Block Facebook

Part Two: Countries That Block Facebook


Does your country or area block Facebook, Twitter, YouTube and/or any other public websites as China? You can figure it out by following the tips mentioned in Chapter Eight, and according to Wikipedia, there are 6 countries that block Facebook: 1. Bangladesh 2. China 3. Iran 4. Pakistan 5. Uzbekistan 6. Vietnam Besides the above 6 countries, Syria is also mentioned, but according to Hillary Clinton's speech at George Washington University on February 15, 2011, Syria just unblocked Facebook a few days ago, so Wikipedia is a little out the date. As a user in China, it's painful to play with Facebook since you have to use some VPN services or other anti-censorship tools to get access to the website, which will take much more time than usual. Even though, I keep login with Facebook often if not everyday, since the internet freedom is so amazing, the friends are so kind. Hope the countries that block Facebook will be less and less until zero in the near future, such as 2012, the best time I think.

180

Subsequent
This Book Is Free

Subsequent
This Book Is Free
Most contents of this book are from my FreeNuts.com blog, which focus on interesting and free web apps. As all those anti-censorship tools mentioned in this book, this book is and will be always free, you can read it on this blog or download it on the FreeNuts.com site.

181
Powered by TCPDF (www.tcpdf.org)