From 0359de62c1901c447d27b8e45d9d859cf6aae26f Mon Sep 17 00:00:00 2001 From: Bob Mottram <bob@freedombone.net> Date: Wed, 27 Sep 2017 17:58:18 +0100 Subject: [PATCH] Mention TLS wrapper --- doc/EN/app_vpn.org | 2 ++ website/EN/app_vpn.html | 34 +++++++++++++++++++--------------- 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/doc/EN/app_vpn.org b/doc/EN/app_vpn.org index d25c3e0cf..0d9917992 100644 --- a/doc/EN/app_vpn.org +++ b/doc/EN/app_vpn.org @@ -24,6 +24,8 @@ A Virtual Private Network (VPN) allows you to move your internet traffic to a di Using a Tor browser is another way to get around censorship, but there might be occasions where you don't want to use a Tor browser or where Tor relays and bridges are blocked or where you want to run internet apps which aren't within a browser. +On Freedombone the VPN is wrapped within a TLS layer of encryption, making it difficult for any deep packet inspection systems to know whether you are using a VPN or not. Since there is lots of TLS traffic on the internet your connection looks like any other TLS connection to a server, and this may help to avoid being censored. It's probably not possible for your local ISP to block TLS traffic without immediately generating a lot of irate customers, and stopping any kind of commercial activity. + * Installation ssh into the system with: diff --git a/website/EN/app_vpn.html b/website/EN/app_vpn.html index 592838986..566214c00 100644 --- a/website/EN/app_vpn.html +++ b/website/EN/app_vpn.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> -<!-- 2017-09-27 Wed 17:43 --> +<!-- 2017-09-27 Wed 17:58 --> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>‎</title> @@ -262,9 +262,13 @@ A Virtual Private Network (VPN) allows you to move your internet traffic to a di Using a Tor browser is another way to get around censorship, but there might be occasions where you don't want to use a Tor browser or where Tor relays and bridges are blocked or where you want to run internet apps which aren't within a browser. </p> -<div id="outline-container-org74feb72" class="outline-2"> -<h2 id="org74feb72">Installation</h2> -<div class="outline-text-2" id="text-org74feb72"> +<p> +On Freedombone the VPN is wrapped within a TLS layer of encryption, making it difficult for any deep packet inspection systems to know whether you are using a VPN or not. Since there is lots of TLS traffic on the internet your connection looks like any other TLS connection to a server, and this may help to avoid being censored. It's probably not possible for your local ISP to block TLS traffic without immediately generating a lot of irate customers, and stopping any kind of commercial activity. +</p> + +<div id="outline-container-org778c839" class="outline-2"> +<h2 id="org778c839">Installation</h2> +<div class="outline-text-2" id="text-org778c839"> <p> ssh into the system with: </p> @@ -284,9 +288,9 @@ Only use ports 443 or 80 for VPN as an <i>absolute last resort</i>, since doing </div> </div> -<div id="outline-container-org1a94be0" class="outline-2"> -<h2 id="org1a94be0">Usage</h2> -<div class="outline-text-2" id="text-org1a94be0"> +<div id="outline-container-org2cfcc49" class="outline-2"> +<h2 id="org2cfcc49">Usage</h2> +<div class="outline-text-2" id="text-org2cfcc49"> <p> When the installation is complete you can download your VPN keys and configuration files onto your local machine. </p> @@ -331,9 +335,9 @@ You should see a series of messages with "<i>Initialization Sequence Completed</ </div> </div> -<div id="outline-container-orgf3e0fef" class="outline-2"> -<h2 id="orgf3e0fef">Changing port number</h2> -<div class="outline-text-2" id="text-orgf3e0fef"> +<div id="outline-container-orgc7282cd" class="outline-2"> +<h2 id="orgc7282cd">Changing port number</h2> +<div class="outline-text-2" id="text-orgc7282cd"> <p> Avoiding censorship can be a cat and mouse game, and so if the port you're using for VPN gets blocked then you may want to change it. </p> @@ -344,16 +348,16 @@ Avoiding censorship can be a cat and mouse game, and so if the port you're using </div> <p> -Select <b>Administrator controls</b> then <b>App Settings</b> then <b>vpn</b>. Choose <b>Change TLS port</b> and enter a new port value. You can then either manually change the port within your VPN configuration files, or download them again as described in the <a href="#org1a94be0">Usage</a> section above. +Select <b>Administrator controls</b> then <b>App Settings</b> then <b>vpn</b>. Choose <b>Change TLS port</b> and enter a new port value. You can then either manually change the port within your VPN configuration files, or download them again as described in the <a href="#org2cfcc49">Usage</a> section above. </p> </div> </div> -<div id="outline-container-org98985f3" class="outline-2"> -<h2 id="org98985f3">Generating new keys</h2> -<div class="outline-text-2" id="text-org98985f3"> +<div id="outline-container-orgbe4ddea" class="outline-2"> +<h2 id="orgbe4ddea">Generating new keys</h2> +<div class="outline-text-2" id="text-orgbe4ddea"> <p> -It's possible that your VPN keys might get lost or compromised on your local machine. If that happens you can generate new ones from the <b>Administrator controls</b> by going to <b>App Settings</b> then <b>vpn</b> then choosing <b>Regenerate keys for a user</b> and downloading the new keys as described in the <a href="#org1a94be0">Usage</a> section above. +It's possible that your VPN keys might get lost or compromised on your local machine. If that happens you can generate new ones from the <b>Administrator controls</b> by going to <b>App Settings</b> then <b>vpn</b> then choosing <b>Regenerate keys for a user</b> and downloading the new keys as described in the <a href="#org2cfcc49">Usage</a> section above. </p> </div> </div> -- GitLab