You are on page 1of 58

Y ur F

You Fre
eed
dom
m
Use
er Guide
A Step
p By Step In
ntroduction and Refere
ence Guide to Your Freeedom
w.your-free
http://www edom.net/

Version 2.1
Releasse Date: 201
11-01-17
All trademarks used in this guide are trademarks of their respective owners and only used
for reference.
The most current version of this guide is available from our web page,
http://www.your- freedom.net/, in the Documentation section. Please check if there is a later
copy available if you encounter problems or you cannot find needed information in this copy.
This guide is © Copyright 2006-2011 by resolution Reichert Network Solutions GmbH,
Zweibrücken, Germany. All rights reserved. You are welcome to copy and distribute this
guide in both electronic and paper form as long as you distribute it as a whole and not in
parts, you do not modify it in any way, and the reference to the original location is kept intact.
Please advise all recipients that distributed copies may not be the latest version of the
document, and that they can always download the latest version from our web site.
1 INTRODUCTION........................................................................................................................................ 5 
1.1 WHAT IS YOUR FREEDOM? .................................................................................................................... 5 
1.2 WHAT IS IT NOT?.................................................................................................................................... 5 
1.3 WHAT CAN I USE IT FOR?........................................................................................................................ 5 
1.4 HOW DOES IT WORK? ............................................................................................................................. 6 
1.5 IS IT SECURE? IS IT ANONYMOUS? DOES IT COMPROMISE MY SECURITY? CAN I CATCH A VIRUS? ............... 7 
1.6 WHAT DOES IT COST? ............................................................................................................................ 8 
1.7 IS YOUR FREEDOM “SPYWARE” OR “ADWARE”? ...................................................................................... 8 
1.8 HOW MANY SERVERS DO YOU HAVE? ARE THEY ALL THE SAME? ............................................................... 9 
2 GETTING STARTED ............................................................................................................................... 10 
2.1 REGISTRATION PROCESS ..................................................................................................................... 10 
2.2 GETTING AND INSTALLING THE CLIENT SOFTWARE.................................................................................. 10 
2.2.1 Users from countries with Internet censorship ........................................................................... 11 
2.3 CONNECTING FOR THE FIRST TIME ........................................................................................................ 12 
2.4 CONFIGURE APPLICATIONS ................................................................................................................... 19 
2.4.1 Automatically .............................................................................................................................. 19 
2.4.2 Manually ..................................................................................................................................... 21 
Setting up Mozilla Firefox ................................................................................................................................ 23 
Setting up Internet Explorer ............................................................................................................................ 24 
2.5 MANUAL CONFIGURATION .................................................................................................................... 27 
2.5.1 The Your Freedom configuration dialog..................................................................................... 27 
2.6 STARTING AND STOPPING THE CONNECTION .......................................................................................... 30 
2.6.1 Each user may only log in once ................................................................................................. 30 
2.7 CHOOSING THE RIGHT SERVER ............................................................................................................. 31 
2.7.1 Server location ........................................................................................................................... 31 
2.7.2 Protocols .................................................................................................................................... 31 
2.7.3 CGI relays .................................................................................................................................. 32 
3 CONNECTING APPLICATIONS AND GAMES ...................................................................................... 34 
3.1 INTRODUCTION .................................................................................................................................... 34 
3.2 USING “SOCKSIFIERS” .......................................................................................................................... 34 
3.2.1 Windows ..................................................................................................................................... 34 
WideCap ......................................................................................................................................................... 34 
SocksCap........................................................................................................................................................ 34 
FreeCap .......................................................................................................................................................... 34 
ProxyCap ........................................................................................................................................................ 35 
Proxifier ........................................................................................................................................................... 35 
HummingbirdSocks ......................................................................................................................................... 35 
3.2.2 Linux and other Unix derivates .................................................................................................. 35 
Dante .............................................................................................................................................................. 35 
Tsocks............................................................................................................................................................. 35 
3.2.3 Mac OS X ................................................................................................................................... 35 
Proxifier ........................................................................................................................................................... 35 
Tsocks............................................................................................................................................................. 35 
3.3 OPENVPN SUPPORT............................................................................................................................ 35 
3.3.1 Introduction ................................................................................................................................ 35 
3.3.2 Prerequisites .............................................................................................................................. 35 
Administrative rights ........................................................................................................................................ 35 
OpenVPN needs to be installed ...................................................................................................................... 36 
You don’t need a Your Freedom package, FreeFreedom will suffice ..............................................................36 
3.3.3 Configuration tasks .................................................................................................................... 36 
Know your networking environment ................................................................................................................ 36 
Tick the OpenVPN box.................................................................................................................................... 37 
Start the Your Freedom connection ................................................................................................................ 37 
Relay for others? ............................................................................................................................................. 37 
What about the Windows firewall? .................................................................................................................. 37 
3.3.4 Configure your applications ....................................................................................................... 37 
3.3.5 Troubleshooting ......................................................................................................................... 38 
The OpenVPN tunnel is not coming up properly ............................................................................................. 38 
The OpenVPN tunnel opens, but then the Your Freedom connection fails ..................................................... 38 
What are these 169.254.xxx.yyy addresses?.................................................................................................. 38 

4 PLANS: PACKAGES AND VOUCHERS ................................................................................................ 38 


4.1 FREEFREEDOM (USAGE FREE OF CHARGE)............................................................................................ 38 
4.2 PACKAGES AND VOUCHERS.................................................................................................................. 40 
4.2.1 Vouchers .................................................................................................................................... 41 
4.3 TEST DRIVES ....................................................................................................................................... 41 
5 ADVANCED TOPICS .............................................................................................................................. 42 
5.1 PORT FORWARDS ................................................................................................................................ 42 
5.1.1 Local port forwards..................................................................................................................... 42 
5.1.2 SIP forwards ............................................................................................................................... 42 
5.1.3 Server port forwards................................................................................................................... 43 
5.2 CONNECTION SHARING ........................................................................................................................ 44 
5.2.1 Relaying ..................................................................................................................................... 44 
5.2.2 USING OPENVPN and ICS to connect other PCs, Playstations, XBox, etc. ............................ 44 
5.3 IPV6 ................................................................................................................................................... 44 
5.4 FINE TUNING CGI MODE ....................................................................................................................... 45 
APPENDIX A.  TROUBLESHOOTING .................................................................................................... 47 
Why does my app/game not work? ..................................................................................................... 47 
Performing a speed test ...................................................................................................................... 47 
Creating a “dump” file .......................................................................................................................... 48 
Using a packet sniffer.......................................................................................................................... 48 
Updating the client .............................................................................................................................. 48 
APPENDIX B.  COUNTRY INFORMATION ............................................................................................ 49 
Country specific plans ......................................................................................................................... 49 
Server availability by country .............................................................................................................. 49 
Tweaks ................................................................................................................................................ 50 
APPENDIX C.  THE YOUR FREEDOM CLIENT CONFIGURATION FILE ............................................ 51 
Where's my home directory? .............................................................................................................. 51 
CONFIGURATION OPTIONS .......................................................................................................................... 51 
Yo ur Freedom
m User Guid
de
Page
e 5 of 58

1 Intro
oduction
n
1.1 Wh
hat is You
ur Freedo
om?
Is your Internet acccess someh how restrictted? Are some web pag ges not acccessible to you,
y or
are you u unable to run
r applicattions becau use of such restrictions? Then Youur Freedom is for
you. Altthough the techniques
t used by Yo our Freedom
m to break through
t succh restrictions are
fairly co
omplicated, it is not diffficult to use .
Your Frreedom is a Connectiv vity Service
e that allow
ws you to overcome connnectivity
restrictions imposeed upon you u by your ne
etwork adm ministrators, your providder or your country.
c
It also p
provides a certain
c level of anonymmization, annd it hides from your aadministrato ors and
other no osy people close to you what you u are doingg on the Inteernet.
It workss by turning your local PC into a w web proxy and
a a SOCK KS proxy thhat can be used by
your ap pplications (web browse er, games, wwhatever). Instead of connecting
c directly,
applicattions can se end connec ction requessts to these “proxy servvers” providded by the client
c
part of tthe Your Frreedom softtware runnin ng on your PC, and the e client partt will then fo
orward
these re equests to thet server part p running g on our connnectivity se
ervers throuugh a conne ection
protoco ol that is stiill available to you and through wh hich the clie
ent part can reach the server
s
part. It ttunnels thrrough firewa alls, web pro
oxies, FTP proxies and d the like. S
Sounds
compliccated? Well it is, but the e good new ws is you do
on’t have to worry abouut it, that’s our
o job.
:-)

1.2 Wh
hat is it not?
n
Your Frreedom is not
n a VPN software.
s Itt does not provide
p a connection too a private network
n
but to th
he Internet.
Your Frreedom is not
n a firewa all solution
n, it is meant to break th hrough firew
walls, not to
o be
one. It d
does not ma ake your PCC any saferr. But that’s likely not yo
our concernn because
someon ne is probab
bly protectin
ng you too w
well anyway y.
Your Frreedom is not
n a perfec ct anonymiizer. The se ervice does provide a ccertain level of
anonym mization by hiding your IP addresss. Instead, th
he connectiion request appears to o come
(in fact it does com
me) from one
e of our con
nnectivity se dresses. Buut it cannot protect
erver IP add
you fromm your own n mistakes or
o flaws in a
applications and protoc cols.
Your Frreedom is not
n in any way
w enhanc cing your connection
c n. It does noot provide data
d
compreession and it cannot speed it up in any way; inn fact, there
e is a certainn amount of
overheaad which is dependent on the con nnectivity protocol used d, so things will probabbly run
slower, not faster.

1.3 Wh
hat can I use it forr?
Your Frreedom can o overcome :
n be used to
 Protocol re estrictions
s.
If you cann
not use certaain applicattions or serv vices becau use these appplications cannot
connect to the Internet in the usu al way, You ur Freedom may be abble to help you.
y For
example, iff your favorite online gaame does not n work in your
y place bbecause soomeone
decided thaat you shouuldn’t play it , then try Yoour Freedomm. Games kknown to work
w well
include: Woorld of Warccraft, EVE OOnline, Cou unterstrike and
a many otthers.
Yo ur Freedom
m User Guid
de
Page
e 6 of 58
1
You may not use P2P protocols b because someone thinks it is illegaal ? Most
P2Pclients work nicelyy with Your Freedom, and
a you can n even get a server port,
which givess you a “hig
gh id”.
 Blacklists..
You may not visit certa
ain web pag ges? Try Yoour Freedom m. It turns yyour local PC into
an unrestriccted web prroxy that prrovides acce
ess to all we
eb pages thhat are gene erally
accessible..
 Time restrrictions.
We have heard from users
u that thhey use You ur Freedomm to avoid tim
me restrictio
ons. In
most casess, existing connections
c s are not dis
srupted by such
s restricttions, and
therefore all they needd to do is to start the Yo
our Freedom client beffore the res striction
is in place, and keep itt open. Thee connection n between the
t client annd the serveer part
is persisten
nt (this depe
ends on the e connection n protocol, however).
h

1.4 Ho
ow does it
i work?
You neeed to run thhe client parrt of the You
ur Freedomm software on your locaal PC. It is written
w in
Java annd should normally run on nearly e every PC without
w the need
n for admministrator rights.
r
We alsoo provide innstaller versions that doo not require Java to be installed, but you maay need
adminisstrator rightss to install these.
The clieent software e then connects to one e of our serv
vers through h a connecttion protoco ol that is
ailable to you. In most cases
still ava c this w
will probablyy be an HTT TP connectiion through a web
proxy thhat you mayy use, or ann “HTTPS” o or FTP conn nection. In many
m placees, UDP may be
used ass well. In mo ost cases all
a you’ll nee ed to providee is the add dress of a wweb or an FT TP
proxy (a and probably authentic cation credeentials); the client will ta
ake it from tthere and fiind a
way to cconnect if one
o exists.
Have a look at the picture belo ow. The bo x on the lefft is your PC
C. Let’s say the restrictive
firewall won’t let yo
ou access hotmail.com
h m and you want
w to read your privatte email from
m your
workpla ent and let itt connect to one of ourr servers, co
ace; fire up the Your Frreedom clie onfigure
your weeb browser to use it as a proxy, annd your web b browser will
w be able tto connect to t
hotmail.com by connecting to the Your F reedom clie ent, which will
w forward the requestts to
one of oour servers, which will then forwarrd the requeest to the hootmail.com server. The e replies
from theehotmail.co om server will
w take the same route e backwards s.

1
The prootocol is of co
ourse not ille
egal and it is therefore silly to block it; we know beest because we had
to block it on some servers
s as we ell but it rem ains open on
n most. Yourr actions mayy be illegal th
hough –
Your Freeedom can’t do anything about this, itt remains your responsib bility.
Yo ur Freedom
m User Guid
de
Page
e 7 of 58

This is o
only a very simple scenario but it illustrates that the You
ur Freedom client application
and thee Your Freeddom serverr act as inte rmediate ho ops for yourr applicationn connectio
ons.

1.5 Is it secure? Is it ano


onymous
s? Does it compro
omise my
y security? Can
h a virus?
I catch ?
Conneccting to the Internet thro ough Your Freedom is s generally less dangerrous than
connecting through h a dial-up connection.
c . As long ass you do nott explicitly cconfigure a server
port forw
ward, no-on ne can conn nect to yourr PC though h Your Freedom. But s ince you ma ay
downloa ad data from m the Intern net that mayy then be ex xecuted on your PC(in tentionally or o
unintentionally beccause of application bu ugs) there iss a certain amount
a of riisk; it is the same
as if you
u were connecting thro ough any otther means to the Interrnet and dow wnload data a from
there. H
However it iss possible thatt your co
ompany or whatever
w us
ses sophisti cated prote ection
mechan nisms (e.g. virus check king for dowwnloads from m servers on the Internnet) that we do not
providee; in this casse it is indeeed less secuure. But ple
ease consider that it is less secure e
because it allows youy to do th hings that yoou would ottherwise nott be able too do – the most m
secure protection from
f the dangers of thee Internet is
s an Air Gapp Firewall™ ™, i.e.: pull thhe plug.
You’ll b
be safe but also
a lonely.
It has b
been said be efore that Your
Y Freedoom is not a full-blown
f anonymizatioon service. It will
howeve er hide yourr IP address s, unless yo
our applicatiion commun nicates it “inn-band”. We
eb
server aadmins will not be ablee to see whe ere the acceess comes from initiallyy; they will instead
see one e of our IP addresses.
a But we do nnot take any y further an
nonymizatioon measures s: we do
not rem
move trackin ng cookies, nor do we ““wash” the request
r heaaders that yyour web bro owser
sends.
Yo ur Freedom
m User Guid
de
Page
e 8 of 58
For thosse looking for
f privacy, the client o
offers a leve
el of encrypttion comparrable to wire
eless
LAN’sWWEP-128. We W cannot reeally use sttrong encryp ption on a highly-scale
h ed service lik
ke this
as doing so would load the CPPUs of the sservers too much. How wever if youu have encryyption
and re-keying enab e except ce rtain agenc
bled no-one cies will have the determmination to see
what yoou are doingg.
With reggards to virruses: we do
o not have aany virus prrotection mechanisms built into th he
service and therefo ore do not provide
p ection2.Pleas
anyy virus prote se install annti-virus sofftware
on yourr PC.

1.6 Wh
hat does it cost?
A fundaamental serrvice is prov
vided for fre e. It is restrricted in ban
ndwidth andd the numbe
er of
simultaneous streaams, and there is a timme limit for th he connection betweenn the client and the
serverss (but you may
m reconne ect immedia ately).
We provide upgrad de package es that reducce or removve the band
dwidth restriiction and thhat
allow fo
or more simultaneous streams,
s annd there are server portts that you ccan use to allow
a
inboundd connections to your PC P or anoth her PC in yo
our network
k. The packaages are av vailable
as one month, thre ee months, six months or twelve months
m upgrrades, and come in thrree
nt levels that we call Ba
differen asicFreedom m, Enhance edFreedom,, and TotalF Freedom. As A an
alternattive to whole
e packages s there are vvouchers caarnets. Vouchers can bbe used to
tempora arily upgrad
de your You ur Freedom account with a packag ge without hhaving to paay for a
full mon
nth and not use parts ofo it. Details can be found in chapter 4 of this guide.

1.7 Is Your Freedom “Spyware” or “AdW


Ware”?
No! Resst assured that
t the You
ur Freedomm client does s not contain any codee to spy on you
y or
to cause any anno oyances (oth e restrictions of the Fre
her than the eeFreedom service, wh hich are
of coursse there to convince
c yo
ou of the be
enefits of bu
uying a pack kage). The only reasonn why
we don’t publish thhe source co
ode is becaause much of o the code is also useed in the serrver,
and we don’t want to expose it. Also, we don’t want to unneces ssarily help those developing
blockingg appliancees.
We do o our best to protect you g any more details on oour servers than
ur privacy byy not storing
technicaally or legallly required – and permmitted. In fac
ct, the serve
ers themsellves do not keep
any logs that could d be of interrest to anyo
one but the developers
d and operattors; all logs
s
containing user de etails are insstead kept oon a server in Germany y. Howeverr we will coo operate
gal authoritie
with leg es to the exxtent require
ed to protecct us from having to takke responsibility for
your acctions. This means thatt we may un nveil your account and payment d etails as we ell as
the source IP addrress used to o connect too our serverrs if we are forced to doo so (and able
a to
determiine who is responsible
r for some aaction).
We do not log wha at you acces ss on the Innternet; Gerrman telecommunicatioons laws do o not
even pe ermit this. We
W do log th he fact that you have used our serrvice, from wwhere you have
h
logged in to our se ervice, the lo
owest 16 bitt of IP addresses you have
h conneected to (but not the
full address!) and statistical
s daata about yo our usage needed
n for accounting and quality
y
assuran nce. This information is s typically h
held on file for
f only a fe
ew days andd no longer than 4

2
Actuallyy this is not entirely
e accurate. Outbou und mail sentt through Your Freedom is scanned for f
viruses. We do this to t avoid blaccklisting of ou ses, which would make itt impossible for
ur IP address f our
users to send email through You ur Freedom. IIt does not protect you; itt protects othhers (and us)) from
you.
Yo ur Freedom
m User Guid
de
Page
e 9 of 58
weeks. We do not use this infformation in
n any other way
w except for statisticcal, debugging and
accounting purposses and for combating
c vviolations of our terms,, unless reqquired by leg
gal
authoritties.
Also, th
here is a conntrol console on the se
ervers that theoreticallyy allows us tto see whatt our
users aare currentlyy doing. We
e only use th
his for troub
bleshooting, and all datta there is trransient
and nott stored anyywhere. The e moment yyou log off itt’s all gone. And believve us; we ha
ave
better w
ways to pass our time than
t peepinng on you.

1.8 Ho
ow many servers do
d you ha
ave? Are they all the
t same?
?
This pooint is subjecct to changee with relatiive frequenc cy. At the time of writinng we have 31
serverss online, in 9 different countries.
c Alll will be able to support basic webb surfing or
chattingg but some will refuse P2P
P connecctions (nam mely the one es located inn the United d
States). Some can n handle mo ore traffic th an others. Have
H k at the live statistics page at
a look
http://wwww.yourfree edom.net/142/; serverss that are not in the“p2 2p” server g roup are no ot
suitablee for P2P appplications, servers tha at are not inn the “volumme” group arre not suitab ble for
large file transfers,, and so on – you’ll gett the drift.
Everyon ne may use e all servers
s in the “defa
fault” group;; right now, all servers are in this group,
g
but this may chang ge. Some se ervers are nnot available to users connecting
c ffrom certain
n
countriees, or only available
a to users conn necting from
m some countries. The Your Freed dom
client w
will tell you about
a such restrictions
r when you connect
c (“au
uthenticatioon not valid for your
countryy of residencce”). If this happens
h to you, please e use anoth her server.
Also loook at the se T higher tthe number, the more loaded the sserver. Loads
erver load. The
below 4 40000 are considered
c low, loads aabove 125000 are cons sidered highh. We use a traffic
light schheme to quickly indicatte the serve er state. A “green” lightt indicates tthat the serv
ver is
fine andd can accep pt your conn nection. A “yyellow” light would indiicate that thhe server is up and
running g but currently rather buusy or alreaady slightly overloaded or otherwisse in trouble e
(connecctivity probleems are a possible
p rea
ason) and probably
p won’t be able to provide thet best
service to you – yo ou are still welcome
w to use it, and the service may still bee pretty goood. A
ght indicatess that the se
“red” lig erver is dowwn or otherwwise unablee to serve yoou.
Yo ur Freedom
m User Guid
de
Page 10 of 58

2 Gettting Starrted
2.1 Re
egistration process
Your firrst step in ussing our service is to re
egister on our
o web sitee. You needd to
visithttp
p://www.you ur-freedom.n net/ and cre count there. There is a link underneath
eate an acc
the login and password form fields
f in the red part of the bannerr.
On the registration
n page, choo ose a usern name (prefe erably one that is not likkely already y used)
and proovide a passsword. Plea ase make it long enoug gh; this is for your proteection, not ours
o
(the passsword quaality has influ
uence on th he encryptioon quality). Both usernaame and pa assword
may contain upperrcase and lo owercase A ASCII letters
s, digits, dasshes, and uunderscores s
(spacess in the password are possible
p too
o); other chaaracters ma ay work as w well but it is
s not a
good idea to try. The only othe er required field is your email address. Everyything else is i not
mandattory; pleasee do not fill in rubbish iff you do nott want to proovide the innformation, leave
them emmpty.
Once yoou have fille
ed everythin on the “Create account” button. Y
ng in, click o You will be asked
a to
confirm your details by clicking on “Creatte account now”.
n If therre is a probblem with yo
our data,
red messsages will appear telliing you wha at is wrong; just correct your inputt and try aga ain.
Within a few minuttes you should receive an email co ontaining an n activationn link. If your email
addresss is protecte ed by anti-sspam measu ures, please e ensure that email sennt from the “your-
freedom m.net” doma ain (i.e. end
ding in “@yo our-freedom m.net”) is pe ermitted befofore you clicck on
the “Cre eate accoun nt now” link. Activate yyour accoun nt by clickingg on the linkk in the ema ail (or
cut & pa aste it into your
y browse er). You cann also simply reply to the email, quuoting it in its
entiretyy. If you havven’t receiveed the emaiil or if the lin
nk doesn’t work
w for whaatever reason,
please send an em mail to our support
s stafff, they can create
c or ac
ctivate the aaccount for you if
you sen nd them an email to support@you ur-freedom.n net, telling them
t the ussername.
What if you cannott access our web page e because itt’s blocked? ? Well, it’s a hen and egg
problemm then. Either ask someone else tto create an n account foor you (or doo it from
somewh here else) and
a modify it later, or oobtain the cllient software from anoother source e than
our servver, and use e the username “unreg gistered” annd the passwword “unreggistered” in it. This
account will only provide acce ess to our wweb page, however. Altternatively, if you are ablea to
send an n email to our
o custome er support, aask them to create an account
a for you. Just write
w to
supportt@your-free edom.net te elling them aabout your problem,
p su
uggest a useername (ple ease
limit you
urself to ASSCII letters and
a numberrs, dashes and underscores) and a password d. If you
want to receive the e YF client byb email jusst write a bla
ank email to
o get@yourr-freedom.n net;
e given further instructions on how
you’ll be w to proceed. If all the odds are aggainst you anda you
can’t geet the client software frrom anywhe ere else we’’ll mail you a CD as weell.

2.2 Ge
etting and
d installin
ng the clie
ent softw
ware
Once yo ou’ve create og in on our web pagee. Log in (to check
ed an account you ma y use it to lo
that youur account is active), th
hen click on
n “Download y you don’t hhave to be logged
ds” (actually
in to do
ownload). Th here are several ways to run the Your
Y Freedoom client, aand consequuently
there iss more than one downlo oad option:
Yo ur Freedom
m User Guid
de
Page 11 of 58
 Windows Installer
I
Windows users
u who already have e a suitable Java Runtiime Environnment3 insta alled on
their systemm and who have enoug ware shouldd be able to use
gh rights to install softw
this versionn. The downnload is abo out 2 megab byte in size. If you are unable to
download files
f ending in .exe, try to copy thee link locatio
on and pastte it in the URL
U
field of a ne
ew browserr window, th hen change the .exe to .txt.
 Windows FullF Installe er
This version comes bu undled with a JRE of its s own so th here are no prerequisite es.
Every Wind dows user should
s be a ble to use this one, pro ovided that you may install
software on n your PC. The
T downlo oad is rather fat, about 14 megabyytes. Again, this is
an .exe file, try changing the endiing to .txt if this is a pro
oblem. A beenefit of this
s
version is that it is com
mpiled to na
ative code and
a will prob bably consuume fewer
resources.
Both WWindows insttaller versioons are insta alled by run
nning the .exxe file. Just follow the
d you shoulld be done in a minute. (If you aree updating from an
instructions in the installer and
earlier vversion we recommend d to un-instaall the previious version
n first; your settings will be
kept.) O
Once the clieent softwaree is installe d, proceed to chapter 2.3.

If you a
are not running Window ws or if you cannot install software e on your PC C, your best choice
is the Java archive version. Download
D th
he ZIP file and
a extract the contentts into a fold der to
which yyou may write. This cou uld also be a memory stick,
s or a CDROM,
C byy the way. Then
T run
the Java interpreteer with the “ffreedom.jarr” file. With Windows
W it is usually ssufficient if you
y
double--click on the
e JAR file, but
b you mayy want to op pen a “cmd” window insstead, “cd” to the
directorry and run “jjavaw –jar freedom.jar
f r” instead. On
O Unix box xes you’d noormally use e “java -
jar freed
dom.jar” or “kaffe -jar freedom.jar”
f ” or someth hing similar; Unix userss normally know.k
We also o offer a Ma
ac OSX installer versio on. Even th
hough Mac OSXO editionns often ship with a
pre-insttalled JRE, there are ve
ersions likee Leopard th h JRE 5 wh ich is no lon
hat ship with nger
supportted so you may
m need to o install JREE 6 manuallly. Additional hints for Mac OSX canc be
found in
n the docum mentation seection on ou ur website.

The YF client
c only runns with Java
a 6, not Java 5. Leopard doesd not shipp with Java 6 but you can n


get it from
m http://deve
eloper.apple. com/java/download/ (dow wnload "Javaa for Mac OS S X 10.5
Update (w whatever)"). Once you've e installed it, Java 5 is stiill activated bby default. Th he installer we
w
provide should
s be able to automaatically ensurre the right version
v is takken; if that do
oesn't work trry
to change e the defaultt: Open Finde
er, go to App plications, Uttilities, Java, run "Java Prreferences".
Move "Ja ava SE 6" to the top for a
applications.

ally, the Java


Genera a archive ve
ersion of the
e Your Free
edom client should runn on every
computter that has a suitable JRE
J – and eenough memory. We lo ove to hearr from you iff you’ve
manageed to run it on
o an exoticc piece of h
hardware (o
or in an unus
sual place)!!

2.2.1 Users from countries


c with
w Intern et censors ship
Your Frreedom is in
n partnership with Sesa awe, an inteernational project
p dediccated to educate
and brin
ng people frrom all coun
ntries techn
niques to cirrcumvent ceensorship.
3
The Ja ava Runtime Environment is required to be compliant to Java 1.6 or newerr. If in doubt, visit
m/, click on “Java SE” in tthe “Top Dow
http://javva.oracle.com wnloads” sec ction on the rright hand side of the
screen, then download the “JRE”” or a “JDK” (which conta E”) and installl it on your PC.
ains the “JRE P
Oracle p provides thesse downloads for free, buut please havve a look at their license tterms.
Yo ur Freedom
m User Guid
de
Page 12 of 58
We havve created ana account “sesawe” (p password “s sesawe”) with some sppecial
charactteristics and
d have made it availablle exclusive
ely to those people in ccountries the e
Sesawe e alliance co
onsiders ap
pply more ce ensorship on
o their citiz
zen’s activitiies in the In
nternet
than oth
hers.

There iss also a speecially pre-cconfigured S


SESAWE version of the Windowss Installer, th he
Window ws Full Instaaller or the Mac
M OS X A Application. It can be either
e downlloaded fromm
http://ww
ww.your-freeedom.net/s sesawe/ or by sending an email to o get@yourr-freedom.net and
just addding the keyyword "sesa awe" to the subject line
e (the instructions you rreceive will tell
you).

Both the Sesawe acc count and the e preconfigurred Sesawe Your Freedoom client will only work

 from countries suppoorted by the S


Sesawe proje
country the YF client will produce
YOUR COUNTRY OF F RESIDENC
ect. If you try
e a message saying “AUT
CE”
y to use this aaccount from
THENTICATIION NOT VA
m another
ALID FOR

2.3 Co
onnecting
g for the first
f time
When yyou start the
e Your Freeedom client application for the firstt time, you’lll be asked for
f your
preferre
ed languagee. Click a bu
utton (you ccan always change the setting lateer).

After yo
ou choose the language of your prreference a “Wizard” will
w show up . It is safe notn to
use it and enter all required in
nformation m e unsure, giive it a try first.
manually, but if you are
Manual configuration may be required in difficult connnection scenarios; pleease refer to o
chapterr 2.5 on pag
ge 27 for de etails.
Now lett’s assume that you are
e using the wizard. It will
w first pres
sent a Welcoome page:

Do as yyou are told and click on


o the “Nextt” button. Yo
ou’ll see this page:
Yo ur Freedom
m User Guid
de
Page 13 of 58

If your IInternet con


nnection is through
t aw
web proxy, enter
e the de
etails here. IIf you are unsure,
try to click “Next” fo
or now.

You’ll find a Windoow asking yoou to selectt which prottocols will be


b used to cconnect to YF
Y
serverss. Selected protocols
p will
w affect the e way the Wizard
W checks reachabiility of serve
ers. If
you aree unsure, leaave the defa
ault selectio
on. Click “Next”:
Yo ur Freedom
m User Guid
de
Page 14 of 58
u get is an empty
If all you e list of
o available servers like
e this:

you neeed to figure out about your


y web prroxy (or con
nfigure every
ything manuually, e.g. iff you
want to use an FTP P proxy!).
If you get this howe
ever,

then yoou’ve filled in


n the proxy details prop
perly but yo
ou need to authenticate
a e on the pro
oxy.
Click onn “Next”…
Yo ur Freedom
m User Guid
de
Page 15 of 58

and fill in suitable login credenntials. In ma


any cases this will be youry Window ws Domain login
(don’t foorget to fill in the doma
ain as well!) . Just try un
ntil it works, you can cliick “Next” to
o try.
If you see this page:

it means that you have


h not pro
ovided a woorking proxy y configurattion. Click oon “Back” an
nd
modify the hostnam me/IP addreess and/or tthe port settting. Many proxies “listten” on portt 80,
8080 orr 3128, to name the mo ost popular ports. Chec ck your webb browser’ss configuration; it
should be able to tell
t you.
Oh by the way, if you d has the proxy details already filleed in, then it’s not
y find thatt the wizard
magic – it just foun
nd them in your
y PC’s re
egistry and probably haas made lifee easier for you.
Let’s asssume you’vve been able to make it work. (If not,
n please ask a know wledge perso
on
around you how yo ou can use the web pro
oxy, or click
k “Cancel” and
a try a maanual
configuration). It worked
w if you
u see some
ething like th
his:
Yo ur Freedom
m User Guid
de
Page 16 of 58

It is imp
portant that you see a “yes”
“ or a n umber in an
ny of the co
olumns HTT TP, HTTPS, FTP or
UDP. A “yes” means that the client has b been able too use this prrotocol to coonnect to th
he
server uusing the de efault port settings,
s annumber wou uld mean that it has beeen able to connect
c
but on a different port,
p and a “no”
“ means that the prootocol couldd not be useed to conne ect to
this serrver. The ressults are soorted by preeference (a number bettween 0 andd 10); it indicates
how we ell the serve
er fits your re
equirementts (if you’ve set any). Choose
C a seerver, and th
hen
click onn “Next”.

On this page, ente


er your Yourr Freedom u
username and
a password. Click onn “Next”.
Yo ur Freedom
m User Guid
de
Page 17 of 58

It seems you’re do
one now! Cliick on “Save
e and Exit”.. The main window
w of tthe Your Fre
eedom
hould now look like this
client sh s:

Note that the clientt just doesn


n’t know anyything abouut the serverr and your aaccount’s profile
before yyou’ve connnected to thhe server, th
hat’s why so
ome of the values
v seem m to be som
mewhat
odd (inccluding the bandwidth – it’s not un ess you’ve bought a paackage). Click on
nlimited unle
“Start connection” and you should see so omething lik
ke this after a few secoonds:
Yo ur Freedom
m User Guid
de
Page 18 of 58

Note that all the de


etails are no
ow filled in, and the ban ndwidth reaads “64.0k”. That’s kilobits,
about th
he speed off an ISDN connection
c o
or a bit faste
er than with
h a high-speeed modem m. Click
on “Acccount Profile
e” now.
Yo ur Freedom
m User Guid
de
Page 19 of 58
anel contains your acco
This pa ount details.. Without a package, you may nott use any sp pecial
serverss (just the de
efault ones)), your banddwidth is lim
mited, your maximum
m nnumber of
simultaneous strea ams is ratheer low and yyour server connection will be termminated afteer 60
minutess (but you may
m reconne ect when it happens). No N server ports
p are asssigned to you so
none off them are forwarded
f to
o you. But aat least, there are no access restriictions; you may
access everything on the Internet4.
If you a
are using the
e HTTP pro
otocol to con
nnect and your
y connec
ction does nnot fully worrk, try
the POS ST or the CGI
C connecttion model i nstead (see onfigurationn in chapter 2.5 on
e manual co
page 27 7).
OK, tim
me to configuure your applications. PPlease refer to chapterr 2.4 on pagge 19 to lea
arn how
to do th
his. Once yoou’ve set up
p at least a w
web browse er to use Yo
our Freedom m the main
objectivve should be
e reached: you should be able to access the web freely!!


If the verrsion of the YF
Y client you’’re using to connect
c is too
o outdated yyou may see a message
saying thhe *client [is] too old*. Thiis means youu must updatte to the lateest YF client version
v as
n supported anymore. T
yours is not The preferre
ed method wo ould be to doownload the most recent
one, unin nstall the old version and install the new one.

2.4 Co
onfigure applicatio
a ons
2.4.1 Automaticallly
Please note: We re
ecommend manual con
nfiguration. This featurre is only prrovided for your
y
convenience.
ws users can simply click on the “A
Window Applications s somethiing like this:
s” tab and see

4
In fact tthere are somme restriction
ns but you ca
an’t see them
m. They are only
o there too protect our servers
and won n’t get in your way. Promise!
Yo ur Freedom
m User Guid
de
Page 20
2 of 58
This is a list of app
plications whhose configgurations ca
an be modifiied automattically by Yoour
Freedom. The one es that are in
nstalled on your system
m have worrking checkbboxes, the other
o
ones arre grayed out. Tick the ones you w wish to use with Your-F
Freedom, annd then clic ck “OK”.
You’ll see something like this::

Hope it’’s all successsful! Then click “OK”. To restore the previouus configuraation of your
applicattions, choosse “Restoree”, and thenn tick the ones you wou uld like to reestore, and click
“OK”. N
Note that applications th hat you’ve cconfigured to
t use Yourr Freedom w will only worrk
properlyy if the Your Freedom connection to the serv ver is up and
d running. A Also, don’t forget
f to
restore all your setttings before
e de-installiing the Your Freedom client!
Yo ur Freedom
m User Guid
de
Page 21
2 of 58
nually config
To man gure your ap
pplications, have a look at the Porrts tab first:

Note the “SOCKS 4/5” and “W Web Proxy” checkmark ks; this tells you that yoour local PCC is now
acting aas a SOCKS S4/5 proxy on port 108
80 and as a Web Proxy y on port 80080. To change
these values, unticck the servic
ce, then mo
odify the porrt, then re-a
activate (thiss can be do
one on-
the-fly w
while you arre connecte
ed!). Everyth
hing below is pretty sophisticated stuff and ce ertainly
not aimed at first time users, and
a will be ccovered in chapter 5.
ome reason you cannott configure your applications from within the Y
If for so Your Freedom
client, yyou need to manually configure
c th em to use web
w proxy “localhost” oon port “808 80” or
SOCKS S proxy “localhost” on port
p “1080” (if you’ve got the choic ce, use SOC CKS version
5).Pleasse refer to the
t applicattion’s docummentation too learn how to do this ((or ask som
meone
who kno ows – we’ve
e got some examples in the FAQ//Docu sectio on of our weeb
pagehtttp://www.yo our-freedomm.net/ as weell).
OpenVP
PN support is not enab
bled by defa
ault – please see chaptter 3.3 on ppage 35.

2.4.2 M
Manually
Of courrse we cann
not provide detailed co nfiguration guides for all
a applicatioons that can
n be
used with Your Fre
eedom. The ere are basi cally only 4 ways how application s are made e to
work via
a Your Free
edom:
1) By configurring them too use a web b proxy. App hat offer youu to access the
plications th
Internet thrrough a webb proxy nee ed to be setu
up to use yoour local PCC (the hostnname is
“localhost”,, the IP address is “127
7.0.0.1”) on port 8080 as
a the web proxy and
everything should be fine.
f
2) By configurring them too use a SOC CKS4/5prox xy. Applicattions that offfer you to access
a
the Internet through a SOCKS pro oxy need to
o be set up to use yourr local PC(a again,
the hostnam me is “localhost” and th
he IP addre
ess is“127.0 0.0.1”) on poort1080 as SOCKS
S
proxy. Thiss is preferab
ble over the web proxy configuratio on (if you’vee got the ch
hoice)
but both will normally do.
d Use SO OCKS5 if yoou can. If it doesn’t
d worrk (some
applications have buggy SOCKS implementa ations) trySSOCKS4.
Yo ur Freedom
m User Guid
de
Page 22
2 of 58
3) By using a “socksifying g” applicatioon to run yo
our application from. M Many applica ations
are not dessigned with your netwo orking proble ems in mind d and do noot offer to ru
un using
a web or SOCKS prox xy. Many of them work well with Your Freedo m if you run n them
from inside
e a “socksifie an application that foists a modifieed Winsock DLL to
er”. That’s a
the application which redirects
r alll network re
equests to a SOCKS prroxy, in this s case to
the Your Frreedom clie ent. Example es for such application ns on Windoows are:
SocksCap, ProxyCap and FreeCa ap. They arre covered in chapter 33.2 on page e 34.
Using a “soocksifier” miight also be
e an option if you canno ot configuree your application,
e.g. becausse you don’’t have adm ministrative rights.
r It’s trricky howevver to override
existing pro
oxy configurrations this way.
4) By using ouutbound and inbound p port forward
ds. If your application oonly needs to t
access one e particular server via a
atop connecction on a particular
p poort, it’s probably
most conve enient if you
u create a m
mirror imagee of this porrt on your P C, and acce ess
your local PC
P on the mirror
m port in
nstead. Sim
milarly, you can
c create a mirror ima age of a
port on youur PC on our servers an nd make it accessible
a to others onn the Internet5.This
is covered in chapter 5.1
5 on page e 42.

5
Your acccount profile
e needs to pe ermit this. Cu
urrently, only
y owners of TotalFreedom
T m packages can
redirect server ports to their local PC.
Yo ur Freedom
m User Guid
de
Page 23
2 of 58
g up Mozilla
Setting a Firefox
All web browsers support
s the use of web
b proxies, an
nd option 1)) should be just fine.
Click on
n “Tools”, “O
Options”. Ch Advanced” panel. Then click on thhe “Network
hoose the “A k” tab.
The connfiguration windows
w sh
hould now lo
ook like this
s:
Yo ur Freedom
m User Guid
de
Page 24
2 of 58
Now click on “Settiings”

Fill in th
he values ass shown (m
making a notte of the original values
s so you caan revert to you
y
previous configura y are not using Yourr Freedom), then click O
ation when you OK in both
window ws. Firefox now
n uses the Your Free
edom connection.

Setting
g up Interne
et Explorerr
Like all browsers, IE
I supports
s proxies dirrectly. Whatt’s more, IE’s proxy connfiguration is
actuallyy shared by many other applicatio ns as well.
ons”. Then cclick on the “Connections” tab. Yoou’ll see som
Select ““Tools”, “Intternet Optio mething
like thiss:
Yo ur Freedom
m User Guid
de
Page 25
2 of 58

are using a LAN


If you a L connec ction, click o
on “LAN Seettings”, otherwise chooose the con nnection
you usee to connect to the Inte
ernet and cliick on “Setttings”. A win
ndow similaar to this one
e will
open:
Yo ur Freedom
m User Guid
de
Page 26
2 of 58

e checkboxe
Tick the es for “Use a proxy serrver” and fo
or “bypass proxy
p serverr for local
addressses”. Then click
c on “Ad
dvanced”. A
Another wind dow will ope
en:

Fill in th
he values ass shown. Th
hen click “O
OK” in all the
e windows. Internet Exxplorer now uses
the You ur Freedom connection n (and conseequently on nly works when the connnection is up).
Yo ur Freedom
m User Guid
de
Page 27
2 of 58
We recoommend yo ou make a note
n of the o
original setttings that allows you too revert them
m when
you are
e not using Your
Y Freedo
om.

2.5 Ma
anual Con
nfiguratio
on
Most opptions can be
b configure ed using thee “Configure e” dialog av
vailable from
m the Status
s tab,
but a fe
ew are only available viia the config
guration file
e. We advise e that you aavoid messiing with
the configuration file unless yo
ou are advissed by us oro think you know whatt you are do oing. 

he Your Frreedom con


2.5.1 Th nfiguration
n dialog
Go to th he “Status” tab of the Your
Y Freedo hen click “Configure”. A dialog win
om client, th ndow
like thiss should ope
en up:

On the “Server Connection” ta ab, configurre the Your Freedom server namee or IP address
(severaal names or IPs can be separated by semicolon – but no o additional spaces!). Select
S
the connection pro otocol from the
t pull-dowwn menu, and the default port shoould automa atically
appear (change if necessary). Or use the e wizard to see your seerver conneection option
ns and
let the cclient choosse the best way
w (but co onfigure the proxy settings first!).
Also, seelect the connection op ptions as we st people the last threee should be ticked,
ell. For mos
and you u might wannt to tick “Av
void using D
DNS” as we ell if you only want to tryry known IP
addressses for the YF
Y servers and not askk your locall DNS serve er. At this timme it is not
necessa arily advisa
able you ena able the “Au
utomatically
y select best server” opption, unless s you
know thhat you can use all the servers. W We are workiing to impro ove this, andd in fact mu uch of it
is already impleme ented. Stay tuned.
The “Sttart minimized” option is only availlable under Windows. When
W checcked, the client will
only appear in the system trayy when starrted. You might want too configure “Automatica ally
connect on startupp” as well an
nd maybe u use the “Auttostart” men
nu of Windoows. Just a
suggestion.
If you click on the “Account”
“ ta
ab, you’ll se
ee this:
Yo ur Freedom
m User Guid
de
Page 28
2 of 58

Fill in yo
our Your Frreedom use ername and password, and choose a differennt language if you
like. Ma any texts an
nd message es are availa
able in otheer languages and it mayy be easier if you
change e the setting. Note that you have to
o restart the
e client to make
m the chaange effective
when yo ou are all done.

There’ss a lot you can


c configurre here. You u might wan nt to use the e wizard to configure a web
proxy bbut you don’t have to, th here’s not m
much differe
ence but the e client will ccheck if you
ur
settingss appear to be correct. If you know w the details em in. You’ ll probably need to
s, just fill the
configure the addre ess (host na
ame or IP a nd the port. If you need to authentiicate on
address) an
the web b proxy, fill in
i username e and passw word as weell, and if it’ss an NTLM aauthenticated
proxy aadd the wind dows domain name as well. (In thiis case, use ername, passsword and d
domain are probab bly the samee values tha
at you use to
t log in to youry PC!)
ntend to use
If you in e the FTP connection
c m
method and d you cannoot directly FT
TP to serveers on
the Inte
ernet, there may be an “FTP proxyy” on your network.
n (Do
on’t bother tto configure
e
Yo ur Freedom
m User Guid
de
Page 29
2 of 58
anything if you can
n use the “fttp” comman nd line tool!)) The port will
w likely be 21, but youu’ll need
the hosstname or th
he IP addres ss as well – ask someo one who kn nows, there are legitima
ate
needs tto use FTP outside web browsers .
The mo ost common n connection n scenarioss are also co
overed by th
he Wizard aavailable through
the buttton on the bottom
b – it’s
s the same tthat is run when
w you sttart the cliennt for the firrst time
and it’s described in detail in chapter
c 2.3 on page 12 2.
When yyou are done, click on “Save
“ and E
Exit” to save
e your chan
nges, or on “Cancel” to
o abort
them.
So mucch for setting
g up the connection. Y You should now
n e to start it uup from the Status
be able
panel. T
The connecction indicator (the doo r) should op pen, a quesstion mark sshould appe ear
while client and se
erver negotiaate, and dissappear afteer a few secconds. If it ddoesn’t disa
appear,
your co
onnection se ettings don’tt work. Havve a look at the “Messaages” panel.. If you can’’t get
the connection to work,
w check
k out chapte er Appendixx A to see how you cann help us to help
you.
Once yo ou are conn nected, cheeck out yourr connectionn profile by clicking on the “Account
Profile” tab. It shou
uld look som
mewhat simmilar to this:

Most things in here


e should be
e fairly self-e
explanatory
y, except ma
aybe for “seerver groups
s” and
“remote
e port forwa
ards”.
“Serverr groups” will indicate thhe groups o
of servers to o which youu may conneect. Multiplee
permitteed groups are
a separate ed by comm ma. Everyon ne will have the “defaullt” server grroup on
their pro
ofile, meaniing that youu may conne ect to everyy Your Freedom serverr in the “deffault”
group (aat the time of writing, all
a servers aare in this grroup, but this may channge).Some
accounts have add ditional servver groups i n their profiile, dependiing on bougght packagees. “All”
will not show up in customer profiles.
p
Yo ur Freedom
m User Guid
de
Page 30
3 of 58
If your p
profile has any
a server ports
p assign
ned, they will
w show up in the “rem ote ports
forwardded” line. Th
he numbers s there mea n that these
e ports on th
he Your Freeedom servver will
be forw
warded to yo our PC when you are cconnected, anda you ma ay use them
m in the “server port
forwardds” configuraation (see below).
b

All optio
ons in here can be cha anged while the connec ction is activ
ve and will hhave immed diate
effect. If you wish to
t modify thhe local portts on which your PC be ecomes a w web or SOC CKS
proxy, uuncheck the e service firs
st, then chaange the po ort number, and tick thee box again. If you
would liike your PC C to accept requests
r fro
om other PC Cs on the loocal networkk and forwa ard them
throughh your Your Freedom connection,
c tick the “Re ers” box. Noote that this will
elay for othe
only have an effect if your pro ofile permitss it (check th
he “Relaying g permitted ” line in the
“Accoun nt Profile” panel
p as shoown above)).

2.6 Sta
arting and stoppin
ng the co
onnection
n
2.6.1 Ea
ach user may
m only lo
og in once
That’s rright. Each user can on nly log in fro
om one PC at the same e time. If yoou try to log in
using th
he same user account from anothe er PC or an
nother instance of the cclient, the previous
sessionn will be term
minated. Th his means th hat you will always be able to log in, but so will
w
everyonne else who o knows you ur details –aand he or shhe will kick you off. Thee servers ta alk to
each otther, it doessn’t help to just use diffferent serve
ers.

 We know w that the FTP connection


connectioon and re-op
your sesssion has bee
n code conta ains a bug that can be trigggered if you
pen it immediiately thereafter. You'll be
en terminated
d start it again6.
client and
u close the
e told that it’ss a duplicate
e login and th
d. Just wait a few minutes before recoonnecting, or close the
hat

6
If it wass easy to fix this,
t we would have done
e it already.
Yo ur Freedom
m User Guid
de
Page 31
3 of 58

2.7 Ch
hoosing the
t right server
s
2.7.1 Se
erver locattion
The YFF server sho ould ideally be close to the YF client or close to the serveers you inte end to
use thro
ough YF. Ju ust think about it as a ttriangle: the e corners are your PC, the service on the
Internett, and the YF
Y server on n top. The m more the tria angle looks like a straigght line betw
ween
you andd the service (i.e. the flatter it is), tthe better.
Let me give you an n example. If you are lo
ocated in th
he US and the service yyou are using (let’s
say youu are playing g an online game) is a lso US based, a server in Europee will probab bly be a
bad chooice. The la aws of physiics make it impossible for information to traveel faster tha
an the
speed oof light7 andd putting 20.000 kilomeeters of additional wires
s or fibres bbetween youu and
the servvice will increase latency.
It is ideaal to use a YF
Y server that is close e to yourselff. Why? Bec cause you’dd normally useu
more th han one serrver on the Internet
I andd you canno ot find a YF server thatt is topologically
close to o all of them
m, but you may
m be able to find one e that is clos
se to you. OOn the otherr hand,
for appllications thaat don’t caree too much about laten ncy (like larg
ge file transsfers) the se
erver’s
location n is seconda ary. Try the different seervers to se
ee which one is good foor you.
The YFF client will tell you whe
ere the serve
er is located
d when you
u are conneccted (and also
a in
the connection wizzard). Unforrtunately wee don’t havee many serv
vers outsidee Europe, siimply
because
a) They are unaffordable
e – unmetere
red high-ban
ndwidth ded
dicated servvers are vas
stly
expensive in most plac
ces outside
e Europe.
b) the provideers are too restrictive
r in
n what you may
m do with h the serverrs and whatt not –
we are sickk and tired of
o endless a and fruitless ns with US bbased providers
s discussion
and explain ning their drroid staff whhat we do and
a what we e don’t do, aand why it’s
s not
illegal, and why it’s rub
bbish that th he server’s IP appeare ed in a mediiasentry emmail.
If you know about good provid ders we wouuld like to hear
h from yo
ou! But pleaase conside er that
an averrage Your Freedom
F server genera
ates betwee en 2 and 8 terabytes off traffic per month
and nee eds at leastt 1 GB of RA
AM and a ddecent CPU. And it sho ould come wwith Debian Linux.

2.7.2 Protocols
our servers permit8 all protocols. S
Not all o Some providers (you got it – they are US
based)p place protoccol restrictio
ons on us a
and are haviing kittens every
e time tthey believe
e that
they haave spotted something, and what’ss even wors se, they won n’t listen to any argume ents. So
if we waant servers there (and we do, to p ood, responsive servicee to those of
provide a go o you
who need it!) we need to restrrict some prrotocols on them.
If your a
application doesn’t worrk as you w
would expec
ct, have a look at the m
message win ndow of
the YF client. Are you
y seeing messages about a den nied protocool? It meanss that you’lll have
to use a different server.
s
Generaally speaking g, use a serrver in Euro
ope whenev worried about
ver you can if you are w
protoco
ol restrictions.

7
I know this is not entirely correc
ct, but it is fo
or the Interne
et.
8
All servvers allow all connection models; this is not about how you connect with thhe Your Free
edom
client to the Your Freeedom serve er, but what yyou do through the conne
ection.
Yo ur Freedom
m User Guid
de
Page 32
3 of 58
There iss one restricction that applies to alll servers: SMTP to rem mote serverss is not perm mitted.
Instead, all SMTP connections are redire ected to one e of our serv
vers where submitted emaile is
checked d for viruses and SPAM M content bbefore it is passed
p on. This
T is onlyy important ifi your
mail application mu ust connectt to a speciffic mail relayy – normally
y it won’t bee a problem m. Also,
we have e extensivee protection mechanism ms against spamming
s built
b into thee servers – you
won’t be e able to ra
apid-fire deliver emails via Your Frreedom. A normal
n userr won’t notic
ce at all
but for sspammers it’s a pain in n the backs ide.

2.7.3 CGI relays


The CG GI connectioon method adheres
a so much to the e standardss that it doees not only fool
f
proxies, it also ena
ables us to put
p an interrmediate CG GI script in- between. Y Yes, that’s right,
r
there iss a simple PHP
P script th
hat people ccan put on any web se ervers they ccontrol, that can in
turn proovide a Your Freedom connection to those who don’t have access aanymore to any of
our servvers. Our id
dea is that itt’s fairly sim
mple to block
k all our IP addresses
a aas they pop
p up
because we canno ot have new w ones everyy day, but itt won’t be possible
p to ddo somethinng
about th housands of
o new URLs s every dayy that haven n’t got anyth
hing in comm mon.
It is quitte obvious whyw people e would like to use such h a “CGI relay” – becauuse they ha ave to.
There iss no other reason
r beca ause obviou usly, this me
ethod is nott as fast andd interactive
e as the
other co onnection methods.
m Bu ut when you u’re despera ate and no other
o way oof connectin ng is left,
it’s betteer than noth hing. But wh hy would pe eople put thhe script on their web sservers whe en all
they ge et for it is a lot of additio
onal traffic?
We havve thought ofo setting up ng scheme that allows people to eearn bonus points
p a rewardin
that the
ey can then trade in forr packages, but we hav ven’t implem mented it yeet. We soon will
when w we get the fe
eeling that our
o users w would actually like it and d provide reelays. So tell us!
But be aaware that such a relay could eassily create hundreds
h of gigabytes oof traffic per
month, and that yo doesn’t like it if you run it on a virtuual server.
our providerr probably d
So how w do you use e such a CG ou need to know the “U
GI relay? Yo URL”. I put iit in double quotes
because you don’tt need a full-fledged UR RL – you ne ver name annd the URI.. For
eed the serv
example, if the scrript could be
e accessed in a web brrowser using the URL
ome.server..somewhere
http://so e/some/pat h/script.php
p,the CGI re
elay would bbe called
some.server.some ewhere/som me/path/scrip
pt.php in Yo
our Freedomm. Simply uuse it as thee server
name, cchoose CGI as the con nnection moodel, and disable autom
matic serverr selection.
Yo ur Freedom
m User Guid
de
Page 33
3 of 58

And how w do you knnow about these?


t Welll, that’s ano
other matterr entirely. W
We won’t publish
any listss and we would ask tha at you do n either. Why y? Because we don’t w want these liists to
simply g get imported into URL blacklists. B But the YF client will so
oon learn hoow to find the
relays. No, we won n’t say how,, figure it ou
ut. :-)
If you w
would like to o set up suc ch a CGI rel ay, you can n download the script aathttp://www w.your-
freedom m.net/ems-d dist/enduring_freedom..php-RENA AME . Have a look at thhe first lines – you
need to o choose wh hich server you would llike to relay y to and put the server’ss name in. Save it
under a an inconspiccuous name e (use the r ight ending if you havee to). Then ttest it please (use
your we eb browser– – you should see a lon g text page e with loads of garbagee – don’t worry,
that’s fine). If it works, register it on our w web page (hhttp://www.yyour-freedomm.net/156/)).Our
scripts wwill test it automatically y and if it woorks they will
w add it to the databasse and mak ke sure
that clie
ents can find d it (it takes
s a while tho ough, don’t expect clien
nts using it immediately).
Btw. yo
ou are welco ome to set up u CGI rela ys for your own person nal use onlyy as well, yo
ou don’t
have to
o register theem. Feel fre ee to tell othhers about it,
i and publiish the URLL if you like.. Just if
you deccide to regisster it, don’tt publish it. If you have before, sim
mply changee the name or the
path or set up a coopy. Do thatt frequently,, it helps! Remove
R very
y old copiess from time to time,
et unregisterred on our web
they ge w page a automatically
y (but you can
c do so aas well).
Yo ur Freedom
m User Guid
de
Page 34
3 of 58

3 Con
nnecting applicattions and
d games
s
3.1 Inttroduction
Apart frrom browseers, there are many appplications thhat can benefit from Yoour Freedomm and
connect to the Inte a instant messengerrs (like GTalk,
ernet. From terminal cli ents, chat and
Pandion n or Yahoo Messengerr), P2Ptech nologies (lik ke BitTorren
nt), to gamees can be
configured to connnect via your-freedom.
This chapter coverrs some con
ncepts nece
essary to make your pa
articular appplication wo
ork.

 For more
e specific techniques like local and se
on page 42
erver port forw
wards see chhapter 5.1 Port Forwardss

3.2 Us
sing “soc
cksifiers”
If your p
particular appplication does not sup pport the usse of web orr SOCKS p roxies, it stiill
doesn’t mean that it cannot ru un with You r Freedom. Since the Your Y Freedoom client is
s a full-
blown SSOCKS servver, all you need is to ““socksify” youry application. There are several ways
to do th
his, all of the
em basicallyy use a featture called dynamic
d link library preeloading. Siince
people hate re-inve enting the wheel
w they ccame up with code librraries that gget dynamic cally
o the appliccation at exe
linked to ecution time e. Like everry other opeerating systeem, Window ws,
Linux, MMacOS etc. ship with such
s librarie
es, and one particular of o them offeers networking
functionns. The firstt time such a function iss referred to
o by the application, thhe library
automa atically gets loaded – but only if it hhasn’t beenn loaded within the appplication’s co ontext
alreadyy! The trick is to make sure
s that thee library has already been loaded before the
applicattion starts – but a hackked version of it. One that knows what w to do wwith a SOCKS
server.

3.2.1 W
Windows
There a
are many so
ocksification
n tools on th
he market; here
h are some exampl es:

WideCa
ap
WideCa ap is a free socksifier that integrattes with the system nettwork stackk and does not
n rely
on pre- loading a liibrary like some
s other ssocksifiers. It works with many gaames and
applicattions that ca
annot be us sed with soccksifiers like
e SocksCap p and FreeCCap. We know it
works wwell with Steeam powere ed games.

SocksC
Cap
This is a popular socksifier fre
ee for non-ccommercial home use. You must ggoogle for itt if you
want to download it.

FreeCa
ap
FreeCaap is, as the
e name sugggests, freew
ware and is available foor downloadd from the project's
p
home p cap.ru/eng/.. There is also addition
page athttp:///www.freec nal documenntation therre but its
use with
h Your Freeedom is sim
mple enough h. We like th
his best beccause it's freee and easy
y to
use, and it's good enough for many (but not all) appplications.
Yo ur Freedom
m User Guid
de
Page 35
3 of 58
Cap
ProxyC
A comm
mercial prod
duct. Have a look at htttp://proxylab
bs.netwu.co
om/.

Proxifie
er
Proxifie
er is also a very
v clever piece of sofftware. Testing for 31 days
d is freee, a license costs
USD 40 0. Plus it's also
a ble for Mac OS X. Check it out on the Proxifieer home pag
availab ge.

HummiingbirdSoc
cks
The Hummingbird suite contains a sockssifier as well. It can be found
f on thhe Humming
gbird
web site
e.

3.2.2 Liinux and other Unix derivates


d

Dante
Dante iss the de-faccto standard
d in the Unixx/Linux worrld. It's free.. Download available frrom
http://ww
ww.inet.no//dante/. Many Linux disstributions contain
c a “d
dante-client”” package. Once
O
installed
d, you would normally have to con nfigure /etc//dante.conf to redirect traffic
approprriately to yo
our local SO
OCKS serve er, and then use the “so ocksify” scriipt to run
applicattions.

Tsocks
s
Tsocks is another Unix/Linux world sockssification tool, also free
e. It can be found on
Sourcefforge. Therre is a Mac OS X versiion as well.

3.2.3 M
Mac OS X

Proxifieer
er is also available for MacOSX.
Proxifie M

Tsocks
s
Check o out http://forums.macosxhints.com
m/archive/in 55338.html ffor hints ab
ndex.php/t-5 bout
tsocks ffor MacOSX X.

3.3 Op
penVPN support
s
3.3.1 In
ntroduction
n
There iss another way
w to make e your appliccations connnect to the Internet thrrough Your
Freedom without th he need to configure thhem in any way! This is s pretty welll tested and
d so far
has pro
oven to be almost
a bulle
et proof verssus its socksifier cousin
ns. In theoryy every appplication
that works behind a DSL or ca able router also shouldd work well though
t OpeenVPN mod de.

3.3.2 Prerequisite
es
The OppenVPN wayy unfortunately has a ffew prerequ
uisites that you
y need too meet for it to work
on yourr PC:

Adminiistrative rig
ghts
There’ss no way aro ound it: you
u need to bee able to ins
stall OpenVPN and usee it, so you need
adminisstrative rights (on Unix like system
ms: you need to be able e to install thhe OpenVP
PN
binary ssetuid root in your path
h). On typica
al company y PCs with domain
d loginn you won’tt have
adminisstrative rights.
Yo ur Freedom
m User Guid
de
Page 36
3 of 58
With Vissta, you alsso need to explicitly
e runn the Your Freedom
F client with ad ministrativee
privilege
es (right-clicck, "Run as
s administra ator").Alternatively, righ
ht-click on thhe link in the start
menu, cchoose "Pro operties", cllick on the ““Compatibility" tab, then tick the "rrun as
adminisstrator" checckbox -- thiss will fix it o
once and forr all, as longg as you alw ways use th his link
to run th
he YF client.

OpenV
VPN needs to be insta
alled
OpenVP PN is Freew ware and Open Source e (but please consider donating). IIf you have the
ability to
o install sofftware on yoour PC, go tto http://ope envpn.net/download.httml and dow wnload
OpenVP PN. It needs to be at le east2.1_rc2 20, newest release
r should do. For Windows there is
an instaaller, otherss need to coompile Open nVPN from source – orr maybe it sships with yo our
OS’s distribution? In any way,, if you open n a command shell and d type open nvpn you should
see hun ndreds of linnes of instru
uctions; if noot, it’s not properly
p insttalled. OpennVPN needds to
install a tunnel inteerface on yo our PC; on W Windows it’s called TAP- WIN32,, on Linux this
would b be tun0.
For useers of Windo ows Vista, Windows
W 7 and above it’s recomm mended to cconfigure the e
openvppn.exe executable to ru un under ad ministrative
e privileges. Go to "C:\P
Program
Files\OpenVPN\bin n\", right clic
ck on the op
penvpn exe ecutable, se
elect “Propeerties”,
“Compa atibility”, and
d mark the “Run as Ad dministrator” checkbox. This will ennsure the openvpn
o
processs gets launcched with th he necessarry privileges
s.

Befoore making use


u of OpenV VPN please make
m sure yo our computeer is properly
prottected and no ot infected byy some viruss/worm or a Trojan.
T Ensuure that it is not
n
partt of a bot net. If you don't our servers might have to t close dow wn your accou unt
to protect our syystems. If you u do not havee a proper se ecurity suite installed on your
PC please open Internet Exp plorer now an w page forr a free check (it
nd visit this web
is a Microsoft toool and will th erefore only work in Internet Explorerr):
http://onecare.liv
ve.com/site/e en-US/default.htm
We strongly adv vise that you repeat this from time to time.
t It is for your own
prottection! If you
u haven't gott other protec
ction conside
er installing frfree protectio
on
softwware like Miccrosoft Secu rity Essentia
als, Avira Antivir or avast.

You do
on’t need a Your Freedom packa
age, FreeFrreedom willl suffice
That’s rright. Our OpenVPN
O su
upport is no ot only availa
able to payiing users. A
Although run nning
an OpeenVPN tunnel endpoint uses consiiderably mo ore resourcees than justt forwardingg
connections; we de ecided to offfer it to eve
eryone for frree. Althoug
gh we know w that it wou
uldn’t be
much fu un with 64k.

3.3.3 Configuratio
on tasks

Know y
your netwo
orking enviironment
If you a
are behind a firewall and need to bbe able to reeach serverrs that havee Internet IP
P
addressses but are not reachable from the e Internet, you
y need to o add route eexclusion lines to
your coonfig file (see Appendix
x: YF client cconfiguratio
on file).
Yo ur Freedom
m User Guid
de
Page 37
3 of 58
99% of all users won’t have to
o configure excludes. All
A non-Interrnet IP addrresses are
automaatically exclu
uded anywaay (this cove
ers 10.0.0.0
0/8, 172.16..0.0/12,
192.1688.0.0/16).Neetworks tha
at are alread
dy routed on
n your PC are
a excludedd as well.
For all o
others, add an openvp de line per IP or network as descriribed in App
pn_exclud pendix
C, e.g.
openvpn_
_exclude 1.2.3.4
1
openvpn_
_exclude 2.3.0.0 2
255.255.0
0.0
Note that Your Freeedom is cleever enough h to automa atically exclu
ude all IP aaddresses th
hat it
needs tto be able to
o reach in order
o to maiintain the co
onnection too the Your F Freedom seerver.

Tick the OpenVPN


N box
Go to th
he Ports panel and tick
k the OpenVVPN checkb box. Leave the port num
mber as it is
s,
unless tthere are re
easons whyy you need tto use a diffferent port.

Start th
he Your Fre
eedom con
nnection
The con nnection seet-up shouldd look like ussual, but ap
pproximately
y 10 secondds after the
e door
opens, it should op pen a bit mo ore. The m message log should tell you as weell when it
happen ns. Have a loook at yourr PC’s routinng table (in Windows, run
r “cmd”, tthen type “rooute
print”; U
Unix users type “netstat –rn” or “ro ou should see a whole bunch of ro
oute –n”); yo outes
there alll going to some
s 169.2554.xxx.yyy a address. Thhese routes
s cover the wwhole Internet
addresss space min nus the exclusions men ntioned aboove. We cannnot replacee your PC’s
s default
route; thhat would very
v likely cu
ut you off fro
om your loccal network and make tthe Your Frreedom
server uunreachable e.

Relay ffor others?


?
Yes, yo ou can and you
y may. But unless yo our PC mas squerades the
t other PC Cs they nee ed to
run theiir own Open nVPN sessiion. When yyou start the e connection, the Yourr Freedom client
c
createss some conffig files in yo our home d irectory (pleease see Ap ppendix C ffor location details)
all starting with “client” or “serrver”; copy tthem to their PCs into some directtory, edit
“client.o
ovpn” and re eplace 127..0.0.1 with yyour PC’s in nternal IP address, theen right-clickk on the
“client.o
ovpn” file annd choose the second option (Start OpenVPN N with this cconfig file). Of
course they need to t install OppenVPN firsst!

 For a mo
ore general te
echnique to sshare your Your
Y
equipment like XBox,, Playstationss or other PC
Freedomm connectionn with miscellaneous
Cs see chaptter 5.2.2 on ppage 44.

What a
about the Windows
W firrewall?
Feel fre
ee to use it, but don’t co ngs. Serio
omplain if itt breaks thin ously, there is no reasoon why
you wou uld need it, only outbound connecctions work on the tunn nel interfacee. However if you
suspectt your appliccations to secretly
s opeen connectio ons, then ye
es, use it! Iff something doesn’t
work, trry without.

3.3.4 Configure yo
our applica
ations
Now tha at’s the partt you’ll like most: you d
don’t have to! No need to configurre a proxy, no
n need
for sockksifiers. Jusst make sure e your appl ications are
e not using any
a proxy aand that shoould be
it.
Yo ur Freedom
m User Guid
de
Page 38
3 of 58
Note hoowever that since your PC is not cconnectable e from the In
nternet throough the Op penVPN
tunnel, applicationss who rely on he manufacturer’s webb page says
o this won ’t work. If th
something about ports
p that ha
ave to be op
pened inbou und in your firewall, it liikely won’t work.
w
It is posssible to com
mbine Open nVPN tunne
eling with se
erver port fo
orwards, hoowever. See
e
chapterr 5.1.3 on pa age 43 for details.
d

3.3.5 Trroubleshoo
oting

The Op
penVPN tun
nnel is not coming up
p properly
Have a look at the message loog, it may teell you why. If it doesn’t, create a dump file and mail
er Appendix
it to us (see chapte x A: “creatin
ng a dump file”)
f – or ch
heck it out yyourself.
Check iif there is sttill another OpenVPN
O p
process runnning when the Your Frreedom con nnection
is shut d
down. Hit Ctrl-Alt-Del,
C sort the tassks by namee, and look for “openvppn”. Termina
ate it
before yyou restart the Your Frreedom con nnection. Th
his can happ
pen if the Y
Your Freedoom client
is terminated abno ormally befo ore it has a cchance of shutting
s dow
wn OpenVP PN.

The Op
penVPN tun
nnel opens
s, but then the Your Freedom
F co
onnection ffails
The tun
nnel routes somehow
s cut
c off your cconnection to the Yourr Freedom sserver. Plea
ase
generatte a dump file
f for us; th
he Your Fre
eedom cliennt should be clever enoough to avoiid this
but see
emingly isn’tt.

What a
are these 16
69.254.xxx..yyy addre
esses?
That’s a class B ne etwork rese erved for ad--hoc networking on a broadcast
b m
medium like
Etherne et. Every sta
ation just ro
olls a dice fo
or an IP add
dress and does some cchecking wh
hether
it’s alrea
ady in use. If not, it use
es it.
No-one e uses this network
n for anything, o nly Window ws does in thhe absencee of a DHCPP server
or a sta
atic configurration. The network
n is n
not routed ono the Intern
net and no--one uses it
privately, that’s wh
hy we chose s any addresssing conflict
e it. It’s veryy unlikely that it causes
anywhe ere.
her end of your OpenVPN tunnel iss always 16
The oth 69.254.0.1; if you wantt to check what
w
packet delay is add
ded by Your Freedom, just ping th
his IP addre
ess!
Your PCC will get an
n odd addre
ess from a //30 subnet within
w this range and itt will route
everything to the even
e counte
erpart addre
ess in this su
ubnet.

4 Plan
ns: Pack
kages and vouche
ers
4.1 Fre
eeFreedo
om (usage
e free of charge)
We offe
er a very ba
asic service for free. It i s good eno
ough to mak ke yourself ffamiliar with
h Your
Freedom and test whether or not your ap pplication will
w work with h Your Freeedom. It mig ght be
nough for yo
good en ou, in which
h case you are welcom me to use it as much ass you like.
There a
are several restrictions in the Free
eFreedom profile.
p First of all the baandwidth is very
low (about the sam
me as our co ompetitors wwhen paid )
 and the number of cconcurrent streams
Yo ur Freedom
m User Guid
de
Page 39
3 of 58
is low a
as well (but enough for chatting, w
web surfing, etc.).Then there is a cconnection time
t
limit –yo
ou can onlyy be conneccted 15hourrs in a week
k interval, an
nd only 6hoours in24 hoours
interval, also after one hour yo
our session
n is disconnected, but you
y may connnect again n
immediately.
After the daily or weekly
w usage limit gets reached, users
u won't be able to cconnect aga ain. A
messag ge telling yo
ou so will be
e produced specifying approximate
a ely the timee to wait beffore
being aable to connect again.
Yo ur Freedom
m User Guid
de
Page 40
4 of 58

4.2 Pa
ackages and
a Vouc
chers
If you w
would like to
o have moree bandwidth h, more concurrent stre eams, or othher addition nal
featuress, or you wo
ould simply like to suppport our effo
orts to proviide unrestriccted Interne
et
access to everyone e, consider buying a pa ackage. The table belo ow details aall available
packages, their feaatures, and their pricess.

Fre
ee Basic Enhan
nced To
otal

Bandw
width 64 Kb
bit/s 256 Kbit/s 4 Mb
bit/s unliimited

Concurrent Stream
ms 10
0 50 100 2
200

Web Proxy
P    
Socks Proxy    
Link encryption    
HTTP connection
c    
HTTPS
S connection    
CGI co
onnection    
FTP co
onnection    
UDP co
onnection    
Relaying permitted
d    
Conne
ection time 6 hou
urs unlimitted unlim
mited unliimited

Serverr Ports     (5)


1 mon
nth package Fre e € 4.0
00 € 10.00 €1
19.99

3 mon
nth package Fre e € 10.0
00 € 28.00 €5
57.99

6 mon
nth package Fre e € 17.0
00 € 50.00 € 10
09.99

12 mo
onth package
e Fre e € 30.0
00 € 95.00 € 19
99.99

To buy packages, please visitt our web pa age at www w.your-freed


dom.net, logg in with youur
account, then clickk on the “Acccount” tab. There is a currency caalculator as well if you’d like to
convertt the price in
n Euros to your
y local cu
urrency or at
a least one known to yyou. For you ur
orientattion, 1 € rou
ughly corres
sponds to 1 .25 US$ (att the time off writing).
When yyou buy a pa ackage, you ur account profile usua ally gets upd
dated withinn minutes (yyou’ll
receive an email when
w it happ
pens). Howe ever some payment
p methods takee longer thaan
others tto complete
e. Please vis sit our “Pricces” page on
n http://wwww.your-freeddom.net/ to learn
about d
details (log in first to see everythin g). Newly bought
b packkages are innstantly activated;
Yo ur Freedom
m User Guid
de
Page 41
4 of 58
other paackages thaat have not expired yett get suspen
nded. Howeever you maay use the arrow
a
buttonss on the “Prices” page to
t move you ur packagess around an
nytime and decide whicch of
your paackages is currently
c acttive and wh spended9.
hich are sus

 Please co
onsider buying a package
FreeFreeddom is enoug
e if you use Your
gh for you. S
Y Freedom m regularly, eeven if
Servers don’tt grow on tree
developerrs like the occasional payy-check as well.
w
es and suppoort staff and

4.2.1 Vo
ouchers
Vouche er codes are e sequences of characcters that yo
ou can fill intto a form ei ther in the website
w
or direcctly into the Your Freed
dom client too create packages. You receive a voucher co ode
from uss as part of a promotion n or as a co
ompensation n for servicee problems,, or as an
expresssion of our gratitude
g for something Y can alsoo buy vouchers
g you helped us with. You
from uss in several denominations as vou cher carnetts. Our vouc chers are vaalid for one year
from the e day of purchase.
Our vouucher carneets can be used
u to tem porarily upg
grade your Your
Y Freed om account with a
package without ha aving to pay y for a full m
month and not
n use partts of it. Alsoo voucher ca
arnets
are tran
nsferrable (i.e. not linke
ed to an acccount) and can
c be cash hed in sepaarately at an
ny time.

4.3 Te
est drives
s
If you a
are considerring buying a package but are not sure wheth her it will bee what you expect,
e
how about a test drive? Log in n to our web b page at www.your-fre
w eedom.net, click on “Prices”,
and clicck on the “T
Try Before You
Y Buy” lin k on the lefft. Everyone e is welcomee to try, butt notice
that we only allow test drives for accountts that have e been creatted at least 3 days ago o and
that havven’t tested extensively
y already. A Also, we reffuse test driv
ves for accoounts that have
h
been involved in pa ayment reversals befo re. Howeve er, our support staff cann help you out
o
should you need additional
a testing; just ssend an email to suppo ort@your-freeedom.net.
During a test drive you’ll receiive all the b
benefits of th
he selected package, aand what’s more,
you maay even swittch from one e package ttype to another to test them all. Siimply visit the “Try
Before Y
You Buy” page
p again to
t modify orr end your testt drive.
As with bought pacckages, it may
m take a ffew minutes s for updates to propaggate to all se
ervers,
and youu may have
e to restart your
y connecction or even the Your Freedom cllient to see the
differen
nce.

9
Yes, thiis can be use
ed to protectt a more expe
ensive packa
age from exp
piring.
Yo ur Freedom
m User Guid
de
Page 42
4 of 58

5 Adv
vanced Topics
T
5.1 Po
ort Forwards
5.1.1 Lo
ocal port fo
orwards
One po ossibility to allow
a an application to connect to a service on the Internnet via Yourr
Freedom is to “mirrror” a port on net. Just im
o the Intern magine there
e’s a serverr out there with
w a
certain IP address and it’s listening to SS SH connectiions. You would
w like too SSH to the
e server
but your SSH clien nt does not support
s SOOCKS. In this case you would simpply configure a
ort forward similar
local po s to this one:

Now insstead of con nnecting viaa SSH to “so ome.host.somewhere” on port 22 , you simply y
instruct your SSH client
c to con
nnect to “loccalhost” on port 2222. Your Freeddom will putt the
connection through h for you. Note
N howeve er that if the e remote host is unreacchable the SSH
S
client w
will still see a working coonnection, b but it will tim
me out quickly.
This is jjust one of many exammples how yyou can use e. Generallyy speaking, if your
e this feature
applicattion needs tot only conn
nect to a pa
articular hos
st on a particular port, llocal port fo
orwards
are the right choice e.

5.1.2 SIP forwards


s
Yes, thaat’s true! Yo
ou can use SIP phoness with Your Freedom as a well! We have seen reports
that auddio only worked in one direction. O Once we caan find the tiime we’ll coontinue to work
w on
it. Note however th hat this is sttill in early b
beta phase and it may not work prroperly; in any
case, OOpenVPN modem will like
ely work.
e it a try, herre is what yyou need to do. Assume you are uusing a SIP server
If you’d like to give
called “sip.sipgate..de” on portt 5060, the w well-known port for SIP
P. If you connfigure a SIIP port
forwardd likes this one
o …

… it will turn your local PC into a mirror im


mage of thee SIP server. So insteaad of configuring
gate.de” in your SIP ph
“sip.sipg hone, config gure “localh
host”. Disable STUN if yyou can, it’s
s
meaningless in thiss context (bbut will only make thinggs slower).
Yo ur Freedom
m User Guid
de
Page 43
4 of 58
warding is a complex ta
SIP forw ask; not onlly does the YF client have to forw
ward all requ uests, it
also has to set up UDP forwards dynamiccally for all audio and (that’s
( right!!) video streeams.
We havven’t tested this with many differen nt SIP proviiders and ph
hones, so itt’s likely tha
at many
of them
m don’t workk yet. We lik
ke to hear frrom you!

SIP forwa arding will on


nly work with
h UDP, not TCP. Nearly alla clients andd servers use UDP. Also,

 note thatt using a SIP phone conssumes a certain amount of


Codecs you
y are using g); the FreeF
Freedom profile will likely
o bandwidthh (depending on the
y not be fast eenough to su
upport SIP
forwardin
ng (the voice will break up p).

5.1.3 Se
erver port forwards
Would yyou like to make
m your PC
P reachab ble from the
e Internet? Then
T serverr port forwards are
for you.. Check outt the “Accou panel after connecting; if you see “remote po
unt Profile” p orts
forwardded” there you can use this feature e. (You can configure it as well if nno ports are
e
forwardded to you, but
b it won’t do a thing.)) Forwarded d server porrts are ablee to handle both
b
TCP an nd UDP trafffic.
It is imp
portant to unnderstand that you can ard server ports that are
n only forwa re assigned to you
(i.e. apppear in the list of “remo
ote ports forrwarded”). So
S let’s assume you haave ports asssigned.
Add forwrwards like this:
t

It is not absolutely necessary to use the ssame numb bers for “rem
mote port” aand “local po ort”, but
we have e found thaat many app plications arre too silly to
o announce e another poort to “the network”
than the ey actually listen on. Fo
or example , BitTorrentt clients usu ually can annnounce diffferent
externa al IP addresses and ports, but 99 % of all trac ckers will sim
mply ignoree this. So usse the
same p port on both ends (by co onfiguring yyour applica ation accorddingly) and it will all wo
ork by
sheer m magic.
Also, we cannot asssign ports that you req
quest, for th
he simple re
eason that eeveryone
wants68881 and such. Please don’t ask, yyou can only y use the ports that haave been
automaatically assig
gned to you
ur profile.
Typical usages:
 Getting Remote Acces
ss to your P
PC, e.g. rdesktop, VNC
C, SSH
 Getting Hig
gh ID in eMu
ule
 Speeding up
u of BitTorrent downlo
oads.

 Currentlyy Server Portt Forwards a


are only included in the TO
OTAL Packaage
Yo ur Freedom
m User Guid
de
Page 44
4 of 58

5.2 Co
onnection
n Sharing
g
5.2.1 Relaying
If your p
profile supp
ports relayin
ng and you h have turned
d on the "relay for otheers" option, other
o
people in your locaal network will
w be able to configure wsers and appplications to use
e their brow
your coomputer as a proxy serv ver just the same way as you do. All they havve to do is specify
s
your coomputer IP number
n and
d 8080(or w whatever porrt you have under webb proxy) or
1080(so ock proxy) in their appllications wh
here a proxy
y server: po
ort is requireed.
Typical use is for roommates
r in a dorm o
or colleague
es in the sam
me office.

5.2.2 USING OPENVPN and ICS to con


nnect otherr PCs, Play
ystations, X
XBox, etc.
If you w
would like to
o connect otther PCs, P PlayStations s, VoIP phon nes, whatevver to the Innternet
throughh the Your Freedom
F connection, a
all you need is a second d network innterface in your
y
PC. Ma ake sure it issn't used for anything e
else. You ne eed to conn nect your otther
PCs/Pla ayStation/ettc. to this ne
etwork interrface, eitherr directly (crrossover caable) or via a small
switch/hhub. Do nott use the sa ame switch/ hub as for your
y other Ethernet
E inteerface! Anoother
thing that you need d to ensure is that yourr other Etheernet interfaace does noot use
the192..168.0.0/24 network -- if it does, reeconfigure your
y DSL/ca able router to use a diffferent
networkk.
Open S Start -> Control Panel -> Network CConnection ns. Find the unused LA AN interface (it's
probablly called "Lo
ocal Area Connection
C 2"but don't rely on it) --- you need tthe name. Then
2 T
find the
e TAP32 inteerface of OppenVPN. R Right-click on
n it and chooose "Propeerties". Click
k on the
"Advancced" tab. Tiick the "Allo
ow other nettwork userss to connectt through thhis computeer’s
Internett connection
n" box and choose the network intterface in th he drop-dowwn menu be elow
that connnects to yo
our other PCCs or PlayS
Station. Click "OK" and close the N Network
Connecctions windo ow.
That's itt; your othe
er PCs/Plays
stations sho
ould now bee able to connect to thee Internet th
hrough
Your Frreedom's OpenVPN co onnection wwhen it’s up.

5.3 IPV
V6
The YFF client can use IPv6 to connect to o YF servers s. IPv6 addrresses can be reached
d
h the SOCK
through KS5 and loca al port forwaard facility, but not via OpenVPN mode or we eb
proxy. P
Please notee however th of our servers supportIP
hat not all o Pv6.
If you a
are having problems
p co
onnecting to o YF serverss (or even find them), i t is a good idea to
try and enable IPv66 on your PC
P (if it is no
ot already enabled).
e Alsso, enable aall kinds of
ng mechanisms, you ne
tunnelin ever know --- one of theem might work
w where yyou are. :-)
On Winndows Vista a and Windo ows 7, both IPv6 and Teredo
T tunneling are ennabled by default
d
but unle
ess your PCC has a globbal IP addre ess tunnel mechanisms
m s won't worrk out of thee box.
To makke it work, click on "Sta
art", then typ
pe "cmd" bu ut do not hit Enter. Waiit until the
"cmd.exxe" applicattion appearss in the seaarch list, the
en right-click
k on it, chooose "Run ass
adminisstrator” and confirm the
e dialog. In the black cm md window, type
netsh interface
e ipv6 sho
ow teredo

If "statu
us" is "offline
e" try this co
ommand:
netsh interface
e ipv6 set
t teredo e
enterprise
eclient
Yo ur Freedom
m User Guid
de
Page 45
4 of 58
Wait a b
bit then che
eck the state
e again:
netsh interface
e ipv6 sho
ow teredo

It should tell you th


hat "status" is "qualified
d" or "dorma
ant". When done type ""exit".
With Windows XP SP1/SP2, Teredo T is shhipped as well
w but not installed byy default. Yo ou can
easily ssort that though by opening a cmd d window (cllick Start, th
hen click Ruun and type cmd)
and typping “netsh interfaceipv v6 install", th
hen proceed
d as above (or just typee "netsh intterface
ipv6 sett teredo entterpriseclien
nt").
You mig ght want to use a differrent Teredo
o gateway thhan the default; if yes aappend it to
o the
"set sta
ate enterprisseclient" com
mmand. If yyour PC is not
n behind a NAT routeer you can use u "set
state client" instead.
Unless someone fiilters Teredo this shou ld give yourr PC full IPv
v6 connectivvity. The YF
F client
will auto
omatically notice
n and try IPv6.

5.4 Fin
ne tuning
g CGI mod
de
Genera ally, CGI con
nnection mo ode is the sslowest of all possible connection
c modes. This is due
to the w
way it workss; it needs to
o accumula ate data befo ore it sends
s it off to thee other side
e. But
you cann adjust a fe
ew knobs an nd try to maake it fasterr.
First, lo
ocate the ".e ems.cfg" config file. Thiis file can be
b edited witth any text eeditor, for example
e
Notepad. Ensure the YF client is NOT ru nning when n you edit th
he file or youur changess may be
lost. It iss difficult to
o break this file so don'tt hesitate to
o try...
There a
are four valu
ues that con ming of CGI connections and you ccan change any of
ntrol the tim
them. W
We’d not reccommend changing
c an
ny of these limits
l excep
pt perhaps
"cgi_up
plink_maxde elay". Here are the para ault values aand their meaning:
ameters witth their defa
 cgi_uplink_maxd delay. Defau ults to 500m
millisecondss. The YF client will acccumulate da
ata for
at mo
ost this time
e until it initia
ates a new uplink conn nection no matter
m how much data has
been accumulate ed. You mig ue, maybe 2200 milliseconds.
ght want to set this to a lower valu
 cgi_uplink_urgenntdelay. Deffaults to 20 milliseconds. The YF client
c will usse this value
e
instea evious value when it h as frames to
ad of the pre t deliver that are conssidered urge ent, for
exammple acknow wledgements.
 cgi_uplink_threshold. Defauults to 3. If t his many frames (YF data
d units) aare to be de elivered,
a new nnection will be made rright away. Setting this
w uplink con s to 1 will efffectively dis
sable
data a
accumulatioon and mak ke your conn nection muc ch more ressponsive, buut it will also o create
muchh more overrhead. If you
u don't care e about howw many conn nections aree made and d how
muchh overhead it generatess, set this too 1 and don n't worry abo
out the rest..
 cgi_uplink_minde elay. Defau ults to 1 mill isecond. Th
his is the minimum amoount of time e
betweeen two uplink connecttions. You sshould not set s it to 0 annd most peoople should not
have to increase e it, but if yoour network connection n drops connnection atteempts that appear
a
in burrsts, try settting it to a higher
h value
e!
 cgi_downlink_co
onnect_time
eout
All thesse values no
ormally do not
n appear iin the config g file and arre not configgurable thro
ough
the fronnt end. Just add lines to
o the file (it does not matter
m wheree) that contaain the namme of the
value, a space, and the nume eric value to o which you would like tot set it (noo unit).
Yo ur Freedom
m User Guid
de
Page 46
4 of 58
Optimum performa ance is prob
bably achievved by setting cgi_uplin
nk_thresholld to 1 and
cgi_uplink_mindela e 20. Try it, you can’t break
ay to maybe b anything, if it doeesn't work ju
ust
removee the lines again.
a
Yo ur Freedom
m User Guid
de
Page 47
7 of 58

App
pendices
Ap
ppendix A.
A Troub
bleshootting
The Your Freedom m client commes with bui lt-in trouble
eshooting facilities. Theere is the message
log thatt you can acccess from the Messagges tab (you u may save it to a file aas well) but this will
only help you in evveryday situ
uations. For more detaiiled troubles shooting yoou need to run Your
Freedom in “dump p” mode, and d you mightt have to us se a packet sniffer as w well.

Why do
oes my app
p/game nott work?
There iss of course no off-the-sshelf answe er to this question. But the first thinng you shou uld look
at is the
e streams panel
p of the Your Freed dom client. Does the ap pplication crreate stream ms
there wwhen you usse it before iti complainss that it cannot connect? If no, theen it is likely
y not
properlyy configuredd. See if you’ve got thee proxy setttings in the application right –if it’s
running g on the sam
me PC as th he Your Fre eedom client, use “localhost” or “1227.0.0.1” as s the
proxy host addresss, and 1080 0 (SOCKS) or 8080 (we eb/http/https) as the prroxy port. If it’s
running g on another PC, be sure you have e relaying enabled
e (Ports panel) aand it’s permmitted
*
by yourr profile (Acccount Profiile panel), a
and you’ve used
u the Yoour Freedom m PC’s loca al LAN
addresss as the prooxy host add dress.
Then ch heck the meessage pannel in the Yo
our Freedomm client – do
o you see bblocked prottocol
messag ges there? You
Y need to o use anothher Your Fre
eedom serv ver then, thee one you are using
right no
ow is not supporting a protocol
p tha
at you need.
Please have a lookk at our onliine docume entation if yo
ou are havin
ng trouble. We know itt’s not
perfect and the intrroduction pa
age is an o utright sham e a look anyyway, there is more
me but have
e than you might
in there m think. http://www..your-freedoom.net/4/
Anotherr plan might be to have
e a look at tthe user forums. Maybe someonee else had th
he same
problem
m before? The
T forums canc be foun nd at http://w
www.your-frreedom.nett/2/.

Perform
ming a spe
eed test
A speed d test is a very
v express s way to kno ow how mu uch traffic pe
er unit of timme your You ur
Freedom connectio on can hand dle. For thiss you need to generate e enough appplication trraffic to
saturate e the link beetween the Your Freed a the Your Freedom server -- in both
dom client and
directions. So eithe er run an ap pplication off which you know that it will use thhe full bandwidth,
or use Y Your Freedo om’s built-in
n traffic gen
nerator. In order
o to use it, start thee client and create
a local port forward d from some e port (e.g. 1234) to a virtual host called “speeed test" on n port 0.
Then op pen a comm mand shell (in( Windowss, click on "Start",
" chooose "Run", tthen type “c cmd").
In this sshell, type “ttelnet localh
host 1234" (or whateve er port you'vve used) -- tthe speed testt will
then run n for one minute, at the e highest sp peed possibble. Note that during thhe speed tes st, all
speed rrestrictions still apply. You
Y won't g get a higher bandwidth reading thaan your proffile or
slider seettings permmit, but you should see e the bandw width go up to your slideer settings - - if you
don't, soomething else is limitin ng your spe eed. It could be (and lik
kely is) the sspeed of your
Internett connection n. Try adjussting the up link speed tot the actua al speed of yyour Interne et
connection (e.g. many
m DSL co onnections only allow 256Kbit/s
2 or 384 Kbit/ss in uplink direction;
adjust the slider sliightly below w this value)), this mightt improve yoour throughhput in the opposite
o
*
At the ttime of writin
ng, relaying is
s permitted to
o all users.
Yo ur Freedom
m User Guid
de
Page 48
8 of 58
direction. Please note:
n This tra
affic genera
ator feature is meant to
o be used foor troublesh
hooting;
please do not use it frequentlyy. The best reason to run
r a speed d test is thatt we've aske
ed you
to!

Creatin
ng a “dump
p” file
Depend ding on how w you start Your
Y Freedoom, there are different ways how tto start it in dump
mode. TThe Window ws installer version cann be run in dump
d mode e from the SStart menu; if you
are running the clie ent from the
e command d line, use th
he option–- -dump[=ou utputfile] to
activate
e the dump mode. If it is run using g the Start menu
m he "outputfilee" is left om
or if th mitted,
the dummp file will be
b produced d in your de sktop excep pt for Unix like systemss, in which case
they willl be stored in your homme directoryy. Note thatt there is a drop
d formance when you
in perfo
activate
e this mode, and the du ump file maay grow prettty big over time.
Normally, the clien
nt does not dump
d any a
actual packe
et data; if th
hat’s neededd we’ll prov
vide a
modified client on request that does.
Don’t he esitate to ha
ave a look at
a the file, ssome of it prrobably makes sense tto you, som me of it
will onlyy make sense to the de evelopers. I f you mail us
u a big dummp, please compress it! Put it
in a ZIP
P or 7z or whatever arc chive file, buut please av oprietary feaatures (e.g. WinZIP
void any pro
10’s AEES encryptio on mode).
If you a
are having connection
c problems,
p itt helps if you run the Wizard
W in dum
mp mode as
a well.

Using a packet sn
niffer
This is bare metal debugging and not forr the faint-he earted. There may be ssituations where
w
our sup pport staff assks you if you can use a packet sniffer to trou ubleshoot cconnection or
o
applicattion problem ms. If you ca an, we recoommend using Wiresha ark (availabble from
www.wiireshark.org g or www.etthereal.org – Ethereal is the historrical name oof Wiresharrk). In
most ca ases you sh hould run Wireshark
W on
n the same PC as the YF Y client, annd you shou uld
either ccapture on the interface e that conneects the YF client to thee YF serverr or on the
interfacce that conn nects other PCs
P to the Y YF client PC C, dependinng on the naature of you
ur
problem m. Let the ca apture run, then re-creeate the problem, then stop the caapture. Save e the
capture e to a file an
nd mail it to us (again, w
we like it if you
y compre ess it).

ng the client
Updatin
The YF F client doess not have an
a automatiic updating facility; you u need to uppdate it man
nually
from tim
me to time. This
T way yoou will receiive the latesst bug fixes and featurees. Keeping
g your
YF cliennt installatio
on up to datte is crucial in staying connected,
c especially wwhen you need
n to
rely on YF’s ability to get you connected.
We sugggest that yo e your installation (Win dows -- on other
ou follow this procedurre to update
systemss the procedure is similar -- down load, uninsttall, install):
1. Che
eck on https
s://www.yoour-freedomm.net/indexx.php?id=d downloadss for new ve ersions,
com
mpare the ve
ersion number to the o
one displaye
ed on the "A
About" screeen of the YF
F client.
2. If th
here is a new
wer versionn available, consider do ownloading it. We sugggest you alw ways
kee ep the downnloaded files
s of previou s installatio
ons until youu are sure thhat the new
w
verssion is workking properly for you so
o you can re evert to it.
3. Oncce you've do
ownloaded the new ve
ersion, disco
onnect, then
n exit the YF
F client.
4. Uninstall the cu
urrent version through Start - Prog
grams - You ur Freedom m - Uninstall or
thro
ough the control panel of Windowss. While it is
s safe to ins
stall new veersions overr
Yo ur Freedom
m User Guid
de
Page 49
9 of 58
prevvious versio
ons if you ensure that yyou always use the sam me installerr type, we do not
ommend it. Your settings will not b
reco be lost by uninstalling
u the
t YF cliennt.
5. Insttall the new version by running the
e downloaded file and following
f thhe steps on the
screeen.
If you find that the new version fails to do o somethingg properly th
hat the prevvious versio on did,
please let us know w (include bo oth version numbers if possible, and tell us w which installer you
are usinng, NSI -- th
he small one u too if it fixxes a previous
e -- or JET -- the large one). Tell us
problemm. (No need d to tell us you
y are now w able to gett connected
d again wheen you were en't able
previously -- we’ll notice
n it statistically. :-))

The relea
ase versions of the clientt are generatted as follows:
YYYYMM
MDD-Serial

YYYY = Year
Y

 MM = Mo
onth
DD = Day
Serial = Counting
C up on that Day..

Example: 20040507-02, 2nd Verssion on the 7th


7 of May 20
004.

Ap
ppendix B.
B Country inforrmation
Countrry specific plans
Your Frreedom hass special pla ans created
d for those connecting
c from
f certainn countries in which
access to the Interrnet restricte
ed. We omi t the list of those
t counttries here. MMore inform
mation
can be found in ouur website.
In thosee countries, the FreeFrreedom pacckage behav ves differennt. Dependinng on the country
you’re cconnecting from, the FreeFreedom m can exhibbit variations
s in the usaage limits. As
A a
generall rule usagee limits are eased
e allowwing for an uninterrupte
u ed connectioon time. Alsso the
usual 64kbps band dwidth can gog up to 51 2kbps in so ome cases. They becom me active once
o the
user coonnects fromm the affecteed country. The usual outcome is the users ccan stay connected
for as lo
ong as theyy want withoout limitation
n from our side.
s
Anotherr kind of country speciffic plan is co t Sesawe partnershipp. For more
overed by the e
informa
ation read chhapter 2.2.1
1 on page 1 11.

Server availability
y by country
Saving the usage of o some straategically p
positioned servers for th
hose in reallly need of them
t is
a reasoon, as for exxample, the case of somme Asian and South American
A seervers, to whhich
people connecting from nearb by countriess should havve priority over
o perhapps someone e in
Africa.
Yo ur Freedom
m User Guid
de
Page 50
0 of 58
The othher reason would
w be, preserving th
he server from being abused by s pammers. MostM of
the SPAAM we have e to combatt comes fro m the same e country; experience hhas taught us
u that
there’s no need to allow newly y registered
d users to connect and abuse fromm them and expose
this wayy our relatio
onship our providers.
p
There a ne neverthe less, so con
are servers for everyon nnection is always posssible throug gh
them, n no matter whhat country you are in. For up to date
d informa
ation visit ouur website or
o write
to the ssupport stafff.

A few servers may de eny connecti on from certtain countries s as a measuure of protecction against


abuse. When
W a user gets denied its connectio on attempt be ecause of a ppolicy applie
ed to the
country they are trying to connectt from, the YF client will produce
p an eerror saying
“AUTHEN NTICATION NOT VALID FOR YOUR R COUNTRY Y OF RESIDE ENCE”. Tryin ng a differentt
server is recommended.

Tweaks
s
This is a feature ad
dded in vers
sion 201002 204-01. It consists
c bas
sically of a sset of rules and
hard cooded behaviior in the YF
F client to m
make conne ections poss
sible in somme specific network
n
conditio
ons. Most peeople don’t need these e and can safely leave it disabled;; in fact if yo
ou are
able to connect, doo not enable
e tweaks.
Their naames are veery explicit. They havee been adde ed after we learn how tto make the e YF
client co
onnect in ce
ertain kind of
o conditionns (normallyy very well representedd in certain
countriees) when noormal technniques don’tt seem to work.
w If you'v
ve got a clevver way to
configure the YF client to connect to its sservers in so
ome unusua al networkinng situation, please
tell us a
about it.
Yo ur Freedom
m User Guid
de
Page 51
1 of 58
Ap
ppendix C.
C The Your
Y Free
edom client conffiguration
n file
The connfiguration file
f is stored
d in your "ho
ome directo
ory" and it's called ".em
ms.cfg"(yes, two
dots).
If you wwant to copyy the file or edit it, be s ure that the
e Your Freedom client iis not running! The
file is pllaintext and
d you may edit
e it with yo our favorite text editor (for examplle, pico or vi
v on
Unix syystems, or notepad
n in Windows).
W

Where''s my home
e directory
y?
With Un nix like systems you prrobably know w because you are the ere all the ti me. In mos st cases
there iss a directoryy called "/ho
ome” contain
ning a subddirectory forr each user,, by his or her
h
usernam me -- you should find your
y “home directory" there. The config
c file ".eems.cfg" is in
there, yyou just might not see it because i t's a "hidden" file in Un
nix terminoloogy, starting g with a
dot. Tryy to append "-a" to the "ls" comma and.
With Windows Vistta and Wind dows 7, ope orer and go to "C:\Userrs". In there, there
en an Explo
is a dire
ectory for ea
ach user; thhe directory name is us
sually equivalent to youur login nam
me. This
directorry is your "h
home directo ory", or "%H
HOMEPATH H%" in Wind dows enviroonment term ms, and
the config file ".em
ms.cfg" is in there.
In olderr versions of
o Windows the home p path is locatted in “C:\Documents aand Settingss” (or
equivaleent in your language), again, there
e’s a directo
ory for eachh user’s hom
me directory
y.
of thumb to find your ho
A rule o ome directo
ory would be
e executing “cmd” from
m the “Run”
windoww.

You’ll find yourselff in front of a black term


minal with a blinking cursor. The teext at the left is the
path forr your homee directory.

C:\Use
ers\myuse
ername>_

Config
guration options
Note! S
Some of the options below are marrked as “hid dden”, which means th at they are not
accessiible though the “Config guration” winndow but on
nly through a text editoor. These op
ptions
are for tthose who know
k exactly what theyy are doing (or at leastt think they do). Please
e
consult our supporrt staff first if you are un
nsure.
All optio
ons are casse sensitive,, be sure to use lowerc case! There are optionss that can only
o
appear once in the e config file (type: singl e), others can
c appear more than oonce (type: multi).
Optionss that take only
o a singlee value will treat everytthing after the
t leading whitespace e as part
Yo ur Freedom
m User Guid
de
Page 52
2 of 58
of the vvalue, includ
ding whitesppace, so wa
atch out and
d don’t put whitespace
w at the end of the
line if yo
ou don’t waant to. You may
m use co mments as well (they start
s with a # in the firs
st
column) but they will
w be gone next time t he client sa
aves the connfig.
ere comes the alphabetical list… e
Now he enjoy!

Option
n Descrip
ption Typee Arg
guments

autoscroll_messag
ges Scroll m
message winndow singlee “tru
ue” or “false”(default)
automattically when
n new optio nal
messag es appear

avoid_
_dns Use the server’s IPP address, not
n singlee “tru
ue” or “false”(default)
the hostt name (if kn
nown) optio nal

bw_dow
wnlink Desired downlink (s server to client) singlee Bits
s per second.
bandwiddth in bits pe
er second optio nal 0means “unlimmited”.

bw_uplink Desired uplink (clie


ent to singlee Bits
s per second.
bandwidth in
server)b n bits per optio nal 0means “unlimmited”.
second

connecct_on_startu
up Fire up cconnection when clientt is singlee “tru
ue” or “false”(default)
started optio nal

debuglevel Turn on debugging on the Java singlee Thee lower, thee more
console (not the me
essage pan
nel!) hiddeen verbose. Defau ult
is“9
999”. It prob
bably
doeesn’t do much
anyymore these e days.

dont_sshow_popup
ps Avoid po
opping up notification
n singlee “tru
ue” or “false”
windowss on the scrreen optio nal (deefault).

encryp
ption Turn on connection
n encryption
n singlee “tru
ue” or “false”
optio nal (deefault). Note e that the
wizzard turns th his on for
youu. You shou uld only
turnn it off for de
ebugging!

file_exttip Write se
erver’s exterrnal IP to a file singlee This allows you to use
when coonnecting optio nal the server’s exxternal IP
in scripts
s

follow_
_server_recommendatio Allow th e client to follow the singlee “tru
ue” or “false”
ns server’s recommen ndations to use
u optio nal (deefault). Leavve this off
another server for now unlesss you
donn’t care whicch server
typee you are using.
Yo ur Freedom
m User Guid
de
Page 53
3 of 58
fool_pixx Try a ha
ack that cann fool old Pix
xOS singlee “tru
ue” or “false”
versionss into bypas
ssing hiddeen (deefault). Only turn on if
WebSen nse youu know that your
connnection is passing
p
throough an oldd PIX
firewall using
We ebSense and you
cannnot connecct; it may
worrk with this set to
“tru
ue”.

ftpproxxy Use a noon-transparrent FTP proxy singlee Putt in the FTP


P proxy’s
with the FTP conneection protocol optio nal hos
st name or IPI
add
dress. Remo ove if you
don
n’t need one e.

ftpproxxyport Use a noon-transparrent FTP proxy singlee Putt in the FTP


P proxy’s
with the FTP conneection protocol optio nal con
ntrol port
(no
ormally21). Remove
R if
you
u don’t needd an FTP
pro
oxy.

headerrs Addition
nal headers when send
ding multi If yo
ou need additional
requestss to the web
b proxy optio nal hea aders or wissh to
oveerride thingss like
“Usser-Agent”, do it here.
Forr example:“h headers
Use er-
Age ent:NoneOffYourBusi
nes ss1.0”

http_flu
ush Close annd re-open the HTTP singlee Tim
me in millise
econds. If
uplink co
onnection at
a intervals optio nal youu need this, use the
CGGI connectioon protocol
insttead. This iss
outdated.

idle_killl Kill conn


nection wheen idle for th
his singlee This is obsolette and
many m milliseconds optio nal doe
esn’t work as
a
exp
pected anym more,
don
n’t use it.
Yo ur Freedom
m User Guid
de
Page 54
4 of 58
post_size
initial_p When do oing a HTTP POST, us
se singlee Deffault is 1000 00000or
this initia
al size hiddeen 10 Megabytes. The
ent decrease
clie es this by
a fa
actor 0.8 un ntil the
web b proxy acccepts it or
the value falls below
minnimum_postt_size. If
youu know yourr proxy’s
limiits put it in here,
h it
savves connecttion time.

level_m
messages Only sho ow messag
ges above th
his singlee 0 is
s “debug”, 7 is
level in M
Messages panel
p optio nal “em
mergency”. Default
D is
1 “informationaal”.

langua
age Your preeferred lang
guage (ISO singlee Deffaults to “en
n”. Only a
2letters, lowercase) optio nal few
w languagess are
sup
pported, see e the
Connfiguration dialog.
d

location_x Coordin ates of the Your Freed


dom singlee 0 is
s top left corrner,
window on the scre een optio nal higher values area
furtther right

location_y Coordin ates of the Your Freed


dom singlee 0 is
s top left corrner,
window on the scre een optio nal higher values area
furtther down

minimu
um_post_sizze Minimum
m HTTP PO
OST size singlee Deffault is 2000 00 or
hiddeen 20K Kilobytes. Only
O lower
if yo
ou know tha at your
prooxy will refusse POSTs
abo ove 20kand you
really have to.

openvp
pn OpenVP
PN port singlee Deffault is 1194
4, only
optio nal ange if you need this
cha
porrt for someth
hing else.

openvp
pn_exclude IPs and networks too be excluded multi Forr every IP or network
from rou
uting throug
gh the hiddeen (IP address, a space,
OpenVP PN tunnel andd a net massk) that
shoould not be routed
thro
ough the Op penVPN
tunnel, add a line to the
connfig.

passwo
ord Your Yo
our Freedom
m password singlee Onee: your You
ur
requiired Fre
eedom passsword
Yo ur Freedom
m User Guid
de
Page 55
5 of 58
portacccept Forward
ds a server port to a loc
cal multi serrver port
port optio nal locaal host
locaal port

portforw
ward Forward
ds a local po
ort to a remote multi loca
al port
port optio nal rem
mote host
rem
mote port

protoco
ol The con
nnection pro
otocol to use
e singlee Onee of: “http”, “https”,
requiired “cgi”, “ftp”, “udp”. There
e more but they are
are
exp
perimental and a they
don
n’t work.

proxy The proxxy port singlee Make your PC C a web


optio nal pro
oxy by suppllying the
porrt number. Set
S to 0or
rem
move to turnn off.

proxydomain Your do main for we eb proxy singlee A Windows


W do
omain
authentiication, if ne
eeded (NTL
LM optio nal namme, if you need one
proxies only) to authenticate
a e on your
webb proxy.

proxyhost The web b proxy hos stname or IP


P singlee A host
h name oro IP
through which to tu unnel when optio nal adddress. Leave empty
http”, “https” or “cgi”
using “h or remove
r if yo
ou don’t
neeed to use a proxy.

proxyp
port The web
b proxy’s po
ort. singlee A port
p numberr. Set to0
optio nal or remove
r if yo
ou don’t
neeed to use a web
pro
oxy.

proxyp
pass Your pa ssword to authenticate
a e on singlee A password,
p iff
the web proxy optio nal authentication is
nee
eded.

proxyuser Your use


ername to authenticate
a e on singlee A username,
u iff
the web proxy optio nal authentication is
nee
eded.

redirecct_dns Don’t re solve host names


n loca
ally singlee “tru
ue” or “false”
when ussing SOCKS S optio nal (deefault). Use this if
youur local namme server
cannnot resolvee Internet
nammes (or you u don’t
wan nt it to)
Yo ur Freedom
m User Guid
de
Page 56
6 of 58
rekey Change encryption key frequently singlee “tru
ue” or “false”
optio nal (deefault). The wizard
w
will set this to “true”,

andd there’s no ormally no
reason why yo ou would
wan nt to set it to
o “false”
unleess you susspect that
there’s a bug in our key
neggotiation cod de and
youu lose conne ection.

relay Allow otthers to use


e your Your booleean Sett to “true” orr “false”
Freedomm session asa well optio nal (or remove). Note
N that
this
s only workss if your
pro
ofile permits it as well.

server_
_criterion Define ccriteria by which
w to multi namme of criterion
automattically selecct servers optio nal nummber betwe een 0
(reffused) and 10
(req
quired), deffault is 5
(do
on’t care)

sipforw
ward Mirror a remote SIP
P gateway multi loca
al port
optio nal SIP
P gateway addr
a
SIP
P gateway port
p

socks The SOC


CKS port singlee Make your PC Ca
optio nal SOCKS proxy by
suppplying the port
p
nummber. Remo ove or set
to 0 to turn SO
OCKS off.

start_m
minimized Start in ssystem tray
y (Windows singlee “tru
ue” or “false” (the
only) optio nal deffault)

tunnelh
host The You
ur Freedom server to use
u singlee A host
h name, ana IP
requiired adddress, multiple IP
adddresses sepparated by
semmicolon, or a CGI
rela
ay URL

tunnelp
port The You
ur Freedom server portt singlee A port
p numberr
requiired

use_htttp11 Use HTT


TP/1.1 insteead of singlee If yo
our proxy iss acting
HTTP/1 .0 in reques
sts hiddeen stupid, try if this fixes
the problem. CanC either
be “true” or “faalse”
(deefault)
Yo ur Freedom
m User Guid
de
Page 57
7 of 58
ame
userna Your Yo
our Freedom
m username
e singlee Onee: your You
ur
requiired eedom username
Fre

elay†
cgi_uplink_maxde Maximu m delay before flush uplink singlee Afteer this time,, the
queue hiddeen queeue is flushe ed no
matter how mu uch data
is to
o be sent (iff any).
Deffault to 500ms

cgi_uplink_mindellay† Numberr of frames that


t triggers
sa singlee Thee minimum delay
flush hiddeen between two queue
q
flus
shes
(POOSTs). Defa
ault
to1ms.

cgi_uplink_urgentdelay† Maximu m delay forr urgent data


a. singlee Thee maximum delay if
hiddeen urgent data is in the
queeue (e.g. sm mall frame
beloonging to a stream
that has not se ent data
for a while - --
eractivity! --)).
inte
Deffaults to 20m ms.

old†
cgi_uplink_thresho Numberr of frames that
t triggers
sa singlee Thee number off frames
flush. hiddeen in the queue thhat cause
the mindelay to o be used
insttead of the maxdelay
(0 to
t disable), i.e.: if this
many frames area
outstanding, flush
quicckly. Defaults to 3††

post_m
min_holdoff Time to wait before
e new singlee Deffaults to 500
00.
connecttion is made
e. (milliseconds)

post_m
max_connecctions: Maximu m number of
o concurrent singlee Somme people might
m
connecttions. havve to lower this
t to
onee. It is safe to
t use
biggger numberrs but at
somme point it will
w only
incrrease overh head.
Deffault (2) is good
g for
most people.


All these
e values only apply
a to the CGI
C uplink code e. If there is a keepalive frame in the queeue, mindelay is used --
i.e. valuees below maxddelay/mindelay y should not b
be used --
Yo ur Freedom
m User Guid
de
Page 58
8 of 58
min_post_sizze
post_m Minimum
m size of a POST request. singlee Nevver lower th
he
maximum POS ST size
belo
ow this limitt. It could
starve the uplink path.
efault: 3000)
(De
The cgi_? options were speciffically adde
ed to help us
sers to twea ak the cgi reelay mechanism.
For exaample, if ma
assive and frequent
f PO
OSTs were undesirable
u e users coulld set
maxdelay=3000, mindelay=10
m 000, urgentddelay=500 and thresho old=0. POS STs will be fe
ewer
ger and the impact on throughput a
but larg and interacttivity won’t be discreet .