How many ways have you used to unblocked the internet censorship and get access to Facebook, Twitter, YouTube or some other sites blocked in your country or area?
I have used a ton, such as Proxy, SSH, VPN and many other anti-censorship tools, since which may be blocked, too, the more you have, the safer you will be.
This book will show you over 100 free anti-censorship tools (including VPN, SSH, Proxy and even more) as well as how to use them to get access to those blocked sites in your area.
1. 100+ Free Tools For You To Access Blocked Sites
Young, Yang
Creative Commons - BY -- 2012
2. Dedication
This book is dedicated to my dear mother, who doesn’t care about internet
freedom, but only her children and grandchildren, so that I have time to
write.
This book is also dedicated to my dear motherland — China, where there is
GFW which blocks internet freedom, so that I have to write something about
how to unblock blocked sites.
3. Acknowledgements
Among all those free anti-censorship tools mentioned in this book, none is
created by myself, and I just test and share them and tell people how to use
them.
So, thanks to the authors who develop and share those free VPN, SSH, Proxy
and/or any other anti-censorship tools.
4. Table of Contents
Preface 2
My Internet Freedom Declaration 2
Chapter One 4
Free Online Proxies 4
Chapter Two 10
Free Proxy Softwares 10
Part One: Ultrasurf 11
Part Two: Freegate 15
Part Three: Tor 20
Part Four: GAppProxy 25
Part Five: Goagent 35
Part Six: Hyk-proxy 43
Part Seven: Snova 52
Part Seven Section One: The Easiest Ways To Use Snova 57
Part Seven Section Two: How To Use Snova On GAE 60
Part Seven Section Three: How To Use Snova On Cloud Foundry 67
Part Seven Section Four: How To Use Snova On Heroku 75
Part Seven Section Five: How To Use Snova On OpenShift 81
Part Seven Section Six: How To Use Snova On Jelastic 89
Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings 96
Chapter Three 99
Free VPN Services 99
Part One: Free PPTP VPN Services 100
Part Two: Free VPN Softwares 108
Part Three: How To Build A VPN 114
Part Three Section One: How To Build A PPTP VPN 116
Part Three Section Two: How To Build A L2TP VPN 120
Part Three Section Three: How To Build An OpenVPN 127
Part Four: How To Set Up VPN 133
Chapter Four 135
Free SSH Services 135
Part One: Free SSH Tunnels 136
Part Two: How To Create A SSH Tunnel 141
Part Three: How To Connect To SSH Tunnel 144
Chapter Five 147
The Differences Among Proxy, SSH And VPN 147
Chapter Six 150
How To Access Blocked Sites With Google Reader 150
Chapter Seven 153
How To Access Blocked Sites With The Hosts File 153
Chapter Eight 157
How To Access Blocked Sites Via gogoCLIENT
5. 157
Chapter Nine 164
How To Check If A Site Is Blocked 164
Part One: Check If A Site Is Blocked With Anti-censorship Tools 165
Part Two: Check If A Site Is Blocked By Pinging It 166
Part Three: Top 10 Websites For You To Check If A Site Is Blocked 167
Part Four: Check If A Site Is Blocked In China With WebSitePulse 173
Chapter Ten 175
Appendix 175
Part One: Top 10 Websites Blocked in China 176
Part Two: Countries That Block Facebook 181
Subsequent 182
This Book Is Free 182
6. Preface
My Internet Freedom Declaration
Preface
My Internet Freedom Declaration
While there is no definition, someone declares five basic principles of Internet Freedom, which are
Expression, Access, Openness, Innovation and Privacy.
As a man living in China, I totally agree with those 5 principles and know how import internet freedom will
be, since you might go to jail by a message you posted online, fail to visit Facebook, Twitter, YouTube and
many other websites, get your website shut down because of one criticized post, and even find out that your
private chat history were released to the police without any court document, so on and so forth.
Sounds horrible, right? But which were all happened in the Chinese internet world.
Since 2007, I have fought against the GFW (great firewall) — the biggest part of Internet Censorship in China,
by testing free anti-censorship tools as many as possible and sharing them on my blogs, both Free Nuts and
Jing Pin (in Chinese).
Up till now, I have tested and introduced over 100 free anti-censorship tools, including VPN, Proxy, SSH and
more, among which, some may be not available any more when you are reading this book, but luckily, there
will be always some new tools, and I will keep an eye on them.
1
7. Preface
My Internet Freedom Declaration
Image Credit: http://www.flickr.com/photos/talkradionews/4294790603/
2
8. Chapter One
Free Online Proxies
Chapter One
Free Online Proxies
The main advantage of online proxy websites (or web proxies) is that you don't need to install anything nor
to make any configuration, just to look out those pop-up ads.
If you can bear those ads, and want to get access to Facebook, Twitter, YouTube and/or any other websites
that blocked in your area, or just want to be anonymous, then you can check out the following top 100 free
online proxies:
1. Aniscartujo.com
The Aniscartujo web proxy is workable for both computers and mobile phones.
2. Anonproxy.eu
With Anonproxy.eu, you can encode URL/page and allow cookies.
3
9. Chapter One
Free Online Proxies
3. Btunnel.com
The Btunnel.com web proxy is available for you to delete cookies, to remove scripts, and to hide referrers,
but there will be a boring pop-up ad on the homepage.
4. Daveproxy.co.uk
A UK web proxy which supports JavaScript well.
5. Dtunnel.com
Nearly same as Btunnel.com.
6. Free-web-proxy.de
This web proxy allows you to watch YouTube videos as well as to download them in MP4 files.
7. Fproxy.nl
Nearly same as Anonproxy.eu.
8. Goodproxy.eu
Goodproxy.eu is powered by Glype, but not available for you to visit the YouTube website.
9. Hidemyass.com
The Hide My Ass web proxy is available for you to enable SSL security, to disable flash & Javascript, or to
select encrypted URL obfuscation.
10. Kproxy.com
Https protocol is supported and downloads are allowed by Kproxy.com.
11. Megaproxy.com/freesurf
The Magaproxy free version is free of pop-up ads.
12. Peacefire.org/circumventor
On the website, you will get one URL of a web proxy, if which is blocked, you can subscribe to its lists for
more.
4
10. Chapter One
Free Online Proxies
13. Polysolve.com
Nearly same as Btunnel.com.
14. Proxyweb.com.es
The input box is between 2 large ad banners.
15. Safeforwork.net
With SafeForWork.net, you can remove cookies/scripts, hide referrers and show entry form.
16. Shieldproxy.com
This web proxy is very simple with just an address box in its homepage.
17. Smscut.com/onlinesonic
Online Sonic will translate the languages of the target websites into French.
18. Surfagain.com
Surfagain.com is available for you to watch YouTube videos.
19. Surfinweb.tk
Surfinweb.tk is available for you to watch YouTube videos, too.
20. TryCatchMe.com
The effect of TryCatchMe is nearly same as Daveproxy.
21. Vtunnel.com
Nearly same as Btunnel.com.
22-41 Aproxy.org (20)
The Aproxy.org website offers tens of links to different free online proxies, among which, the following 20
are the workable and best during my test:
Dxyh.com
5
11. Chapter One
Free Online Proxies
Fubian.com
Isityet.net
Lovetogetby.com
Ninjacloak.com
Proxy-free.org
Proxy4surf.info
Proxypolice.com
Proxyhasty.com
Renewmyip.com
Resellerzone.us
Surfnewip.com
Super-affiliate.in
Theninjacloak.com
Topbits.us
Unblock-internet.ws
Vvwa.com
Vectroproxy.com
Web4surf.com
Web4proxy.org
42-60. Centurian.org (19)
The Centurian.org website offers about 100 proxies, among which, the following 19 are the best and
workable during my test:
0010site.info
00011site.info
7us.info
Free-pro.info
Iweb20.info
Justbrowse.info
Longbuluo.info
Luispro.com
Microxy.com
Myservus.info
Mywebproxy.net
newsurf.info
Proxy2free.net
School-proxy.us
Stripcomprox.info
Unblockwebsite.org
Usaproxies.com
6
12. Chapter One
Free Online Proxies
Vectrotunnel.com
Xeronet-proxy.com
61-100. Proxymeup.com (40)
There are over 50 workable web proxy tools on the proxymeup.com website, and the following 40 are the
best up till now:
007007007.eu
123proxy.eu
2fastproxy.tk
Aaaproxy.eu
Awesomeproxy.eu
Bypassme.in
Crochetheart.com
Devilproxy.eu
Hideproxy.eu
Homeproxy.com
Healthycheapeating.com
Iwebproxy.net
Iunblock.in
Myproxy2day.info
Manghun.com
Mydoggieneeds.com
My-proxy.olympe.in
Newenergytomorrow.info
Newtattooonline.com
Olympicproxy.net
Ondrej.me
Proxy000.eu
Proxy007.eu
Proxy-fre.com
Proxytools.info
Proxme.net
Proxy4you.eu
Proxyforfree.eu
Proxy-ss.olympe.in
Proxymonkey.org
Proxy-best.com
Rockvideo.cz
Securewebproxy.net
Spem.at
7
13. Chapter One
Free Online Proxies
Unblocker4u.com
Usawebproxy.net
Ultimateformalwear.com
Websurf.in
Workproxy.net
Yellowproxy.net
To use any of the above 100 free online proxies, you can enter the URL of a blocked site in the input box,
and press the Enter key or click on the "Go" button, then you can unblock and visit the site.
Among the above 100 free online proxies, some of them may be blocked in your area (such as China) when
you read this e-book, but luckily, some of them will be still workable, too.
8
14. Chapter Two
Free Proxy Softwares
Chapter Two
Free Proxy Softwares
Although both are proxies, desktop softwares are different from online websites.
While online proxies are full of ads, there are less or even no ads for proxy desktop softwares; while you can
use online proxies directly, you need to download and install their clients before you can use those proxy
softwares.
If the websites of those proxy softwares are blocked in your area (such as China), it is a good idea for you to
use free online proxies to visit them.
Among those free proxy softwares, the following 7 are the best:
1. Ultrasurf;
2. Freegate;
3. Tor;
4. GappProxy;
5. Goagent;
6. Hyk-proxy;
7. Snova.
9
15. Chapter Two
Part One: Ultrasurf
Part One: Ultrasurf
As one of the best proxy softwares, Ultrasurf is very easy to use without any installation.
The following will show you how to use it in 3 steps:
1. Download Ultrasurf
Open the Ultrasurf.us site, and click on the "FREE DOWNLOAD" button on the right top, then you can
download the Ultrasurf client as a ZIP file.
In case the Ultrasurf.us site is blocked in your area (such as China), you can use some other proxies, SSH
tunnels or VPN services to unblock it.
2. Run Ultrasurf
10
16. Chapter Two
Part One: Ultrasurf
After download, extract the ZIP file, then you can get an EXE file, open which, you can run Ultrasurf
directly.
In case you come across with a Windows Security Alert, such as what you can see from the following image:
11
17. Chapter Two
Part One: Ultrasurf
Just click on the "Allow access" button, then you can see an IE new tab of Wujie, which is the Chinese
version of Ultrasurf, and you can unblock any blocked sites right away.
3. Set browser network proxy
On IE, you can use the Ultrasurf proxy service directly after connection, but on Chrome, Firefox, Safari or
any other browser, you also need to set the network proxy to "127.0.0.1 : 9666".
Take Firefox for example, you can find the proxy settings page via the following path:
Preference –> Advanced –> Network –> Settings
Then select "Manual proxy configuration" to enter "127.0.0.1" & "9666" on the HTTP Proxy column, check
the "Use this proxy server for all protocols" box, and click the "OK" button to save the change, as what you
can see from the following image:
12
18. Chapter Two
Part One: Ultrasurf
Instead to set the network proxy settings manually as mentioned above, you can also check out SwitchySharp
and FoxyProxy to set them automatically.
After that, you can bypass internet censorship, encrypt online communications, and hide your IP on non-IE
browsers, too.
13
19. Chapter Two
Part Two: Freegate
Part Two: Freegate
Like Ultrasurf, Freegate is also a very popular and easy-to-use proxy service.
The following will show you how to use Freegate in 3 steps:
I. Download Freegate
Open the Dynaweb site and download the Freegate client software, whether in exe or zip format.
In case the Dynaweb site is blocked in your area (such as China), you can use some other proxies, SSH
tunnels or VPN services to unblock it first.
II. Run Freegate
If you downloaded the exe file, just open it, and if you downloaded the zip file, extract it and run the exe file.
When the connection is successful, you can use the Freegate proxy service right away, as what you can see
from the following image:
14
20. Chapter Two
Part Two: Freegate
But before you can see the control panel in the above image, you may come across the following 2 pop-up
windows:
1. Freegate Proxy Control
15
21. Chapter Two
Part Two: Freegate
As default, the domains of ".cn", ".baidu", ".qq" and some other suffixes will be connected directly, even
though you remove them or select "Choose All websites go through Freegate proxy", which means you can't
visit the sites of those domains with Freegate anyway.
So, you can neglect this window and just click the "OK" button to close it.
2. Windows Security Alert
In case you come across with a Windows Security Alert, such as what you can see from the following image:
16
22. Chapter Two
Part Two: Freegate
Just click on the "Allow access" button, then you can see the proxy's Chinese site Dongtaiwang on your IE
browser.
III. Set browser network proxy
17
23. Chapter Two
Part Two: Freegate
Same as Ultrasurf, On IE, you can use the Freegate proxy service directly after connection, but on Chrome,
Firefox, Safari or any other browser, you also need to set the network proxy to "127.0.0.1 : 8580".
The above instructions are for Windows only, in fact, Freegate is also available on Mac and Linux computer
operating systems, and you can refer to the FAQ page for the usages.
And besides computers, Freegate also supports Android, Java and WM mobile phones, but only in Chinese.
18
24. Chapter Two
Part Three: Tor
Part Three: Tor
As one of the most popular proxy softwares, Tor can be used on Windows, Mac, Linux/BSD/Unix, Android
and Nokia Maemo/N900 systems, with multiple languages supported.
The following will show you how to use its basic and most popular 2 versions — Tor Browser Bundle and
Vidalia Bundle on Windows and Mac.
1. Download Tor
On the Download page, you can choose to download the right version according to your computer systems.
For Tor Browser Bundle, you can and only can use its own browser (based on Firefox) to use its proxy
service; and for Vidalia Bundle, you can use your Firefox, Chrome, Safari or some other browsers by setting
their network proxies.
By the way, you can choose the Tor browser output language before downloading Tor Browser Bundle.
2. Run Tor
19
25. Chapter Two
Part Three: Tor
No matter which version you downloaded, you can extract or install the package and run the Tor service
directly.
For Tor Browser Bundle, you can run the "Start Tor Browser" (for Windows) or "TorBrowser" (for Mac)
file, and for Vidalia Bundle, you can run the "Vidalia" file.
If the onion icon turns green, then the Tor proxy is working.
3. Add bridges
20
26. Chapter Two
Part Three: Tor
If the onion icon doesn't turn green, then the current Tor network is blocked, and the easiest way to solve the
problem is to open the Vidalia's "Network" settings page, to select "My ISP blocks connections to the Tor
network", and to add some bridges.
So, how to get bridges for Tor? The following are 2 ways for your choice:
3.1 Via web
Visit the Bridges page, and enter the verification code, then you can get 2 bridges.
3.2 Via email
You can send an email with "get bridges" subject to "bridges@torproject.org" via your Gmail, soon you will
get three newest bridges.
21
27. Chapter Two
Part Three: Tor
By the way, there used to be a "Find Bridges Now" button for to you get bridges directly, as mentioned
before, but which is gone now.
4. Set browser network proxy
For Tor Browser Bundle, you can unblock the blocked site with its own browser directly, and for Vidalia
Bundle, you need to change the SOCKS proxy to "127.0.0.1 : 9050".
Take Firefox for example, you can find the proxy settings page via the following path:
Preference –> Advanced –> Network –> Settings
22
28. Chapter Two
Part Three: Tor
And select "Manual proxy configuration" to enter "127.0.0.1" & "9050" on the SOCKS column. By the way,
you'd better select SOCKS v4, since SOCKS v5 may be not workable.
Between Tor Browser Bundle and Vidalia Bundle, the first one is easier and more safe, but you can only use
its own browser.
23
29. Chapter Two
Part Four: GAppProxy
Part Four: GAppProxy
GAppProxy hasn't been updated since the 2.0.0 version in 2010, and doesn't support https well.
But as a GAE proxy, it is still available for you to surf anonymously and get access to the blocked sites.
For how to install and use GAppProxy, you can check out the following 7 steps:
1. To create a GAE application
Log in your Google App Engine account and create an available application ID, such as "freenutsdotorg"
used for this post.
2. Generate a new application-specific password
24
30. Chapter Two
Part Four: GAppProxy
On the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications and
sites", and generate a new application-specific password.
But you can skip this step if you do not use 2-step verification for your Gmail account.
3. Download GAppProxy
On the GAppProxy Downloads page, you can download the packages according to your operating systems.
3.1 Download the Windows packages
To run GAppProxy on Windows, you need to download the following 2 packages:
uploader-2.0.0-win.zip
localproxy-2.0.0-win.zip
25
31. Chapter Two
Part Four: GAppProxy
After download, you can extract them and get the following 2 folders:
uploader-2.0.0-win
localproxy-2.0.0-win
3.2 Download the Mac/Linux packages
And to run GAppProxy on Mac/Linux, you need to download the following 2 packages instead:
fetchserver-2.0.0.zip
localproxy-2.0.0.tar.gz
Extract the packages, then you can get the following 2 folders:
fetchserver-2.0.0
localproxy-2.0.0
4. Edit the app.yaml file
On Windows, you can find the app.yaml file in the "fetchserver" directory of the "uploader-2.0.0-win" folder;
and on Mac/Linux, you can find the app.yaml file in the "fetchserver-2.0.0" folder.
After that, open the app.yaml file, and change the "your_application_name" to your GAE app ID created in
26
32. Chapter Two
Part Four: GAppProxy
step 1.
5. Upload the GAppProxy server
5.1 How to upload the GAppProxy server on Windows
Open the "uploader-2.0.0-win" folder, double-click the "uploader.exe" file, and enter your App ID, Gmail
address and password, then you are done.
5.2 How to upload the GAppProxy server on Mac/Linux
27
33. Chapter Two
Part Four: GAppProxy
To upload the GAppProxy server on Mac/Linux, we need a third-party tool.
5.2.1 Download Google App Engine SDK for Python
Download Google App Engine SDK for Python of Mac or Linux version, and install it.
5.2.2 Add new application
Run GoogleAppEngineLauncher, click "New Application" in the "File" option on the top menu bar, enter
your GAE app ID as "Application Name", and assign a folder as "Application Directory", or just use the
default one it offers.
5.2.3 Move the server files
Copy "app.yaml" and "fetch.py" files in the "fetchserver" folder and paste them into the "Application
Diretory" folder.
5.2.4 Upload the server
Back to GoogleAppEngineLauncher, click on the "Deploy" button, enter your Gmail address and password,
then you can upload the GAppProxy server to GAE.
28
34. Chapter Two
Part Four: GAppProxy
5.3 Test the GAppProxy server
Open your browser, and enter the following URL:
http://APP_ID.appspot.com/fetch.py
Remember to replace "APP_ID" with your own GAE app ID, and if you can see the following result:
Then the GAppProxy server is uploaded successfully, if not, you can try to change "http" to "https", or to run
an anti-censorship tool (such as proxy, ssh or VPN), and try again, if still not, then you need to upload the
server again.
6. Run the GAppProxy client
When the server is uploaded successfully, you can run the GAppProxy on your computer.
6.1 How to run the GAppProxy client on Windows
For Windows, there is an executive application, clicking on which, you can run the GAppProxy, but you
need to edit the "proxy.conf" file first.
6.1.1 Edit the proxy.conf file
Open the "proxy.conf" file in the "localproxy-2.0.0-win" folder, edit the last line by changing
"your-fetch-server" to your GAE app ID, and deleting the "#" mark, as what you can see from the following
image:
29
35. Chapter Two
Part Four: GAppProxy
After that, save the file.
6.1.2 Run the GAppProxy client
You can double-click the "proxy.exe" file in the same folder to run the GAppProxy client.
6.2 How to run the GAppProxy client on Mac/Linux
On Mac/Linux, you can use the Terminal application to run the GAppProxy client, but you also need to edit
the "proxy.conf" file first.
6.2.1 Edit the proxy.conf file
Same as what you do on Windows, but the "proxy.conf" file is located in the "localproxy-2.0.0" folder.
6.2.2 Run the GAppProxy client
30
36. Chapter Two
Part Four: GAppProxy
Open the Terminal application, and enter the following command line:
python xxx/localproxy-2.0.0/proxy.py
Remember to replace "xxx" with the full path to the "localproxy-2.0.0" directory, or you can just drag the
"proxy.py" file and drop it behind "python".
7. Edit the browser proxies
31
37. Chapter Two
Part Four: GAppProxy
When the GAppProxy client is running, you can edit the browser network settings and change the proxy
address to "127.0.0.1: 8000", as what you need to do with any proxy service.
By the way, since GAppProxy only supports HTTP with 80 port and HTTPS with 443 port, you can leave the
SOCKS and FTP proxies empty.
Note:
Take the "freenutsdotorg" app ID for example, if you can't open the site of the following URL on your
browser:
http://freenutsdotorg.appspot.com/
32
38. Chapter Two
Part Four: GAppProxy
But you can do that after changing "http" to "https", then you need to make the same change for the
"fetch_server" link in the last line of the "proxy.conf" file, such as the following:
fetch-server = https://freenutsdotorg.appspot.com/fetch.py
And if you still fail to open the site after changing "http" to "https", then your app ID is blocked and you
won't be able to use the GAppProxy service, in that case, you can create a new GAE app and try again.
33
39. Chapter Two
Part Five: Goagent
Part Five: Goagent
Like GAppProxy, Goagent is also a GAE proxy.
And for how to use Goagent, you can refer to its official site in Chinese, or you can check out the following 7
steps for an easier reference in English:
1. Create GAE applications
Goagent supports multiple app IDs, so that you can creat one or more new GAE applications, or use the old
ones, but the "Storage Scheme" of each must be "High Replication".
2. Generate new application-specific password
34
40. Chapter Two
Part Five: Goagent
On the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications and
sites", and generate a new application-specific password, which will be used when uploading the Goagent
server to your GAE in step 4.
But you can skip this step if you do not use 2-step verification for your Gmail account.
3. Download the Goagent packapge
Download the Goagent package (a zip file) via the link on the top of its homepage, as what you can see from
the above image.
After that, extract the zip file, and you will get a "local" folder as well as a "server" folder.
4. Upload the Goagent server
Open the "server" folder, and upload the Goagent server to your GAE in the following ways:
35
41. Chapter Two
Part Five: Goagent
4.1 How to upload the Goagent server on Windows
On Windows, open the "uploader.bat" file, enter your GAE app ID created in step 1, your Gmail address and
the application-specific password, then you can start to upload.
And to use more than one app ID, you can separate them with the "|" mark.
4.2 How to upload the Goagent server on Mac
36
42. Chapter Two
Part Five: Goagent
On mac, open the Terminal application, and enter the following command line:
cd the-path-to-the-server-folder
Such as the following:
cd /Users/air/Downloads/goagent-goagent-80e5f01 3/server
You can also just drag the "server" folder and drop it behind the "cd" command.
After that, enter the following command line:
python uploader.zip
Then, you can enter your App IDs, Gmail address and the application-specific password to upload the server.
By the way, do not bypass the first command line and use the "python the-path-to-uploader.zip" command
directly, which may be not workable.
5. Change the proxy.ini file
37
43. Chapter Two
Part Five: Goagent
When the upload is finished, open the "proxy.ini" file in the "local" folder, and change the "appid" value
from "goagent" to your real GAE application IDs.
By the way, you can also change the "profile" value from "google_cn" to "google_hk" for a better security
with https mode.
6. Run the Goagent client
After saving the "proxy.ini" file, you can start to run Goagent.
6.1 How to run the Goagent client on Windows
38
44. Chapter Two
Part Five: Goagent
On Windows, you can just double-click on the "Goagent.exe" file in the "local" folder and run the proxy
service.
6.2 How to run the Goagent client on Mac
On Mac, you can open the Terminal application and enter the following command line:
python the-parth-to-proxy.py
39
45. Chapter Two
Part Five: Goagent
This time, you can drag the "proxy.py" file from the "local" folder and drop it behind the "python" command.
7. Edit the browser proxies
When the Goagent client is running, you can edit the browser network settings and change the proxy address
to "127.0.0.1: 8087", as what you need to do with any proxy service.
After that, you can start to use Goagent to browse the internet anonymously and unblock the blocked sites in
your area.
But, same as GAppProxy and Hyk-proxy, the Goagent proxy doesn't support https well, even though that you
can double-click the "CA.crt" file in the "local" folder to install or import the certification, which will only
40
46. Chapter Two
Part Five: Goagent
work on Safari, but not Chrome or Firefox during my test for Twitter and Facebook.
By the way, besides Windows and Mac systems mentioned above, Goagent is also available for Linux, as
well as Android, iOS, webOS, OpenWRT and Maemo operating systems.
41
47. Chapter Two
Part Six: Hyk-proxy
Part Six: Hyk-proxy
Same as GAppProxy, the Hyk-proxy GAE service won't be updated any more, but it is still workable.
For how to install and use Hyk-proxy on Windows and Mac/Linux systems, you can check out the following
8 steps for complete instructions:
1. Create a GAE application
Sign in your GAE account and create an application ID which is available.
2. Generate a new application-specific password
42
48. Chapter Two
Part Six: Hyk-proxy
On the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications and
sites", and generate a new application-specific password.
But you can skip this step if you do not use 2-step verification for your Gmail account.
3. Download Java and Google App Engine SDK for Java
If you haven't gotten these two softwares on hand as mentioned before, you can download Java on its official
website, and download Google App Engine SDK for Java from Google Code.
By the way, on Mac, you only need to download and extract the Google App Engine SDK for Java package,
since Java is pre-installed.
4. Download the Hyk-proxy packages
43
49. Chapter Two
Part Six: Hyk-proxy
Among the 4 packages on the Hyk-proxy Downloads webpage, you can just download
"hyk-proxy-0.9.4.1.zip" and "hyk-proxy-gae-server-0.9.4.1.zip".
By the way, on Windows, you can also download "hyk-proxy-install_0.9.4.1.exe" instead of
"hyk-proxy-0.9.4.1.zip"; and you need to download the "hyk-proxy-android-0.9.4beta.apk" package if you
want to use Hyk-proxy on your Android.
After that, extract the zip files you download.
5. Deploy task
To deploy task means to upload the Hyk-proxy server to your GAE application.
On Windows, you can run the "install.bat" file in the "hyk-proxy-gae-server-0.9.4.1" folder; and on
Mac/Linux, you can open the Terminal application and enter the following command line:
sh /the-path-to/install.sh
Or you can just drag the "install.sh" file from the "hyk-proxy-gae-server-0.9.4.1" folder and drop it behind
the "sh" command.
After that, you can see an "AppEngine AppCfg GUI Wrapper" window, such as the following:
44
50. Chapter Two
Part Six: Hyk-proxy
In the window, you can define the location of the "Google App Engine SDK for Java" folder, enter your
GAE app ID, select the "hyk-proxy-gae-server-0.9.4.1" folder as AppLocation, enter your Gmail address and
password, then you can click the "Deploy" button to upload the Hyk-proxy server to your GAE.
P.S.
By the way, if you fail to deploy the task for the following error:
Bad configuration: appengine-web.xml does not contain a <threadsafe> element.
45
51. Chapter Two
Part Six: Hyk-proxy
Then you need to enter the following line into the "appengine-web.xml" file:
<threadsafe>true</threadsafe>
Such as what you can see from the following image:
6. Add GAE application ID to Hyk-proxy client
On Windows, you can double-click the "startgui.bat" file in the "bin" folder, or run "Start hyk-proxy (GUI)"
if you have installed "hyk-proxy-install_0.9.4.1.exe"; and on Mac/Linux, you can open the Terminal
application and enter the following command line:
sh /the-path-to/startgui.sh
46
52. Chapter Two
Part Six: Hyk-proxy
Or you can just drag the "startgui.sh" file from the "hyk-proxy-0.9.4.1" folder and drop it behind the "sh"
command.
After that, you can open the Hyk-proxy client window, click on the "Config" button of "GAE 0.9.4.1" in the
"Plugins" tab, and click the "New" button to add your APP ID, such as what you can see from the following
image:
And you can add more than one App ID, after that, click the "Apply" button.
7. Start Hyk-proxy
47
53. Chapter Two
Part Six: Hyk-proxy
When the App IDs are added, you can click the "Start" button to connect to the Hyk-proxy service.
8. Edit the browser proxies
When the Hyk-proxy fetch service is working, configure your browsers http proxy to below address:
127.0.0.1: 48100
Such as what you can see from the following image:
48
54. Chapter Two
Part Six: Hyk-proxy
The above screenshot is for Firefox, and for other browsers, the http proxy settings may be a little different.
That's all, and you can surf the internet anonymously and get access to the blocked sites.
Bonus:
Hyk-proxy will not work when your GAE application ID is blocked, in that case, you can connect Hyk-proxy
with XMPP.
49
55. Chapter Two
Part Six: Hyk-proxy
To do so, you can open the "Connection" tab of the GAE plugin "Config" window, select "XMPP" as the
connection mode and add your XMPP account (such as GTalk).
Besides, you can also connect Hyk-proxy with HTTPS mode or HTTP proxy, but XMPP is the fastest and
best.
50
56. Chapter Two
Part Seven: Snova
Part Seven: Snova
Among GAppProxy, Goagent, Hyk-proxy and Snova these 4 popular GAE proxies, Snova is the best, since it
supports HTTPS well.
Besides, it is also available for you to use in the following 6 different ways.
1. To use Snova directly
As default, Snova can automatically connect to some random GAE apps shared by others, so that you can
just download the Snova client and run it.
2. To use Snova on your own GAE app
51
57. Chapter Two
Part Seven: Snova
Instead to use others' apps, you can also create your own ones, and upload the Snova server to them to run
the proxy service.
Again, none of the above 2 ways are available for you to visit HTTPS links, and to do so, you need install the
C4 plugins on any of the following 4 PaaS platforms:
3. To use Snova on Cloud Foundry
52
58. Chapter Two
Part Seven: Snova
Cloud Foundry is available for you to run the Snova c4 plugin in an instance with 4-core CPU, 2 G disk, and
512M memory, no bandwidth limit.
4. To use Snova on Heroku
53
59. Chapter Two
Part Seven: Snova
The network bandwidth limit of Heroku is 2TB/month.
5. To use Snova on OpenShift
OpenShift is available for you to create up to 3 apps, and each of which will run in an instance of 1GB disk
and 512MB memory.
6. To use Snova on Jelastic
54
60. Chapter Two
Part Seven: Snova
With Jelastic, you can choose to build your C4 plugin on Servint, Dogado, Rusonyx or some other hosted
service provider, and deploy the c4 plugin on its website directly without entering any command lines.
For the C4 plugins, you need to use the "snova-c4-heroku-server-xxx.zip" file on Heroku, and use the
"snova-c4-server-xxx.zip" file on the other 3 PaaS platforms.
By the way, besides to use Snova on GAE, Cloud Foundry, Heroku, OpenShift or Jelastic separately, you can
also use on one, more or even all of them together, as well as to use multiple apps on each of them.
55
61. Chapter Two
Part Seven Section One: The Easiest Ways To Use Snova
Part Seven Section One: The Easiest Ways To Use Snova
Whether Hyk-proxy, Goagent, Snova or any other GAE proxy, you need to deploy their servers to your GAE
apps before you can use them as mentioned before.
But it may be even hard for someone to create an account on GAE, and which is not available in Iran at all.
In that case, you can use Hyk-proxy and Snova according to the following ways directly with the default
GAE apps shared by others:
1. The easiest ways to use Hyk-proxy
On the Hyk-proxy Downloads page, you can download "hyk-proxy-0.9.4.1.zip" or
"hyk-proxy-install_0.9.4.1.exe" (for Windows only), and extract or install to use the proxy service on
Windows and/or Mac.
1.1 On Windows
On Windows, you can double-click the "startgui.bat" file in the "bin" directory of the extracted folder
"hyk-proxy-0.9.4.1", or run "Start hyk-proxy (GUI)" if you have installed "hyk-proxy-install_0.9.4.1.exe".
1.2 On Mac
On Mac, you can open the Terminal application and enter the following command line:
56
62. Chapter Two
Part Seven Section One: The Easiest Ways To Use Snova
sh /the-path-to/startgui.sh
Or you can just drag the "startgui.sh" file from the "hyk-proxy-0.9.4.1" and drop it behind the "sh" command.
Whichever way you are using, you can open the Hyk-proxy client, click on the "Start" button, and run the
proxy service.
2. The easiest ways to use Snova
Which will be nearly same as what you do with Hyk-proxy.
On the Snova Downloads webpage, you can just download and extract "snova-xxx.zip" to use the proxy
service on Windows and/or Mac.
2.1 On Windows
On Windows, you can double-click the "startgui.bat" file in the "bin" directory of the "snova-xxx" folder.
2.2 On Mac
57
63. Chapter Two
Part Seven Section One: The Easiest Ways To Use Snova
On Mac, you can open the Terminal application and enter the following command line:
sh /the-path-to/startgui.sh
Or you can just drag the "startgui.sh" file from the "snova-xxx" folder and drop it behind the "sh" command.
Whichever way you are using, you can open the Snova client, click on the "Start" button, and run the proxy
service.
By the way, the above direct ways are not available for GAppProxy or Goagent, since the GAppProxy's
default GAE app "fetchserver1" is over its serving quota, and Goagent does not offer a default GAE app at
all.
58
64. Chapter Two
Part Seven Section Two: How To Use Snova On GAE
Part Seven Section Two: How To Use Snova On GAE
As mentioned before, the Hyk-proxy GAE service won't be updated any more, since the developer stops to
work on a new project — Snova.
Similar to Hyk-proxy, Snova is also a web proxy based on GAE, but it works for HTTPS very well, when
running on CloudFoundry, Heroku, OpenShift and some other PaaS (Platform as a service) platforms.
The following will show you how to install and use Snova on GAE, which are nearly same as what you do
with Hyk-proxy.
1. Create a GAE application
Sign in your GAE account and create an application ID which is available.
2. Generate a new application-specific password
59
65. Chapter Two
Part Seven Section Two: How To Use Snova On GAE
On the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications and
sites", and generate a new application-specific password.
But you can skip this step if you do not use 2-step verification for your Gmail account.
3. Download Java and Google App Engine SDK for Java
If you haven't gotten these two softwares on hand as mentioned before, you can download Java on its official
website, and download Google App Engine SDK for Java from Google Code.
By the way, on Mac, you only need to download and extract the Google App Engine SDK for Java package,
since Java is pre-installed.
What is more, besides Java, Snova also supports the Go language, so that you can download Go and Google
App Engine SDK for Go instead.
60
66. Chapter Two
Part Seven Section Two: How To Use Snova On GAE
4. Download the Snova packages
Among the 7 packages on the Snova Downloads webpage, you can just download "snova-xxx.zip" and
"snova-gae-jserver-xx.zip" for Java.
After that, extract the zip files you download.
5. Deploy task
Like Hyk-proxy, on Windows, you can run the "install.bat" file in the "snova-gae-jserver-xx" folder; and on
Mac/Linux, you can open the Terminal application and enter the following command line:
sh /the-path-to/install.sh
Or you can just drag the "install.sh" file from the "snova-gae-jserver-xx" folder and drop it behind the "sh"
command.
After that, you can see an "AppEngine AppCfg GUI Wrapper" window, such as the following:
61
67. Chapter Two
Part Seven Section Two: How To Use Snova On GAE
In the window, you can define the location of the "Google App Engine SDK for Java" folder, enter your
GAE app ID, select the "snova-gae-jserver-xx" folder as AppLocation, enter your Gmail address and
password, then you can click the "Deploy" button to upload the Snova server to your GAE.
6. Add GAE application ID to the Snova client
On Windows, you can double-click the "startgui.bat" file in the "bin" folder; and on Mac/Linux, you can
open the Terminal application and enter the following command line:
sh /the-path-to/startgui.sh
62
68. Chapter Two
Part Seven Section Two: How To Use Snova On GAE
Or you can just drag the "startgui.sh" file from the "snova-xxx" folder and drop it behind the "sh" command.
After that, you can open the snova client window, click on the "Config" button of "GAE xxx" in the
"Plugins" tab, and click the "New" button to add your APP ID, such as what you can see from the following
image:
And you can add more than one App ID, after that, click the "Apply" button.
7. Start Snova
63
69. Chapter Two
Part Seven Section Two: How To Use Snova On GAE
When the App IDs are added, you can click the "Start" button to connect to the Snova server.
8. Edit the browser proxies
Like Hyk-proxy, when the Snova service is running, you also need to configure your browsers http proxy to
below address:
127.0.0.1: 48100
Such as what you can see from the following image:
64
70. Chapter Two
Part Seven Section Two: How To Use Snova On GAE
The above screenshot is for Firefox, and for other browsers, the http proxy settings may be a little different.
That's all, and you can surf the internet anonymously and get access to the blocked sites.
But same as Hyk-proxy, Snova running on GAE still does NOT work for HTTPS links, until you run it on
CloudFoundry, Heroku, OpenShift and/or some other PaaS platforms, which will be introduced later, stay
tuned.
65
71. Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry
Part Seven Section Three: How To Use Snova On Cloud Foundry
As mentioned before, Snova still does NOT work for HTTPS, until you run it on Cloud Foundry, Heroku,
OpenShift and/or some other PaaS platforms.
So, the following will show you how to install and use Snova on Cloud Foundry with 7 easy steps:
1. Create a Cloud Foundry account
On the Cloud Foundry signup page, enter your email address to request a invite, which will be sent to your
Inbox with login username and password soon.
2. Install vmc
66
72. Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry
Vmc is the command-line interface based on Ruby and RubyGems for you to configure your applications and
deploying them to Cloud Foundry.
For Windows, Ubuntu, Debian or some other systems, you can check out the official instructions, the
following will show you how to install vmc on Mac.
Open the Terminal application, enter the following command line:
sudo gem install vmc
And enter your Mac password if necessary, then you can install vmc.
By the way, the installation will take a few minutes and you won't see anything until the gem is installed.
3. Download snova-c4-server-xxx.war
67
73. Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry
On the Snova Downloads webpage, download the "snova-c4-server-xxx.war" file and put it into a new empty
folder, such as "snova-c4-server" used for the following step.
4. Deploy Snova c4 server to Cloud Foundry
68
74. Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry
Open the Terminal application, enter the following command line:
cd /the-parth-to/snova-c4-server
You can also just drag the "snova-c4-server" folder and drop it behind the "cd" command.
After that, you can start to configure and deploy the Snova c4 server to Cloud Foundry by entering the
following command lines one by one:
vmc target api.cloudfoundry.com
vmc login (To enter your Cloud Foundry username and password)
vmc push free-nuts (To replace free-nuts with any name you like for the Cloud Foundry app)
Would you like to deploy from the current directory? [Yn]: (To enter y)
69
75. Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry
Detected a Java Web Application, is this correct? [Yn]: (To enter y)
Application Deployed URL [free-nuts.cloudfoundry.com]: (To press the RETURN key)
Memory reservation (128M, 256M, 512M, 1G, 2G) [512M]: (To press the RETURN key)
How many instances? [1]: (To press the RETURN key)
Create services to bind to 'free-nuts'? [yN]: ( To enter n)
Would you like to save this configuration? [yN]: (To enter y)
If all the results are OK, you can visit the page of the following link:
free-nuts.cloudfoundry.com
And if you can see something like the following:
Welcome to snova-c4 server xxx!
Then you have successfully deployed the Snova server to Cloud Foundry.
5. Configure the Snova c4 client
70
76. Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry
Find and open the "c4-client.conf" file via the following path:
.../snova-xxx/plugins/c4/conf/c4-client.conf
And uncomment the "WorkerNode [1]" line by changing "xyz" to your Cloud Foundry app name.
6. Configure snova.conf
71
77. Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry
Find and open the "snova.conf" file via the following path:
.../snova-xxx/conf/snova.conf
And change the "ProxyService" value from "GAE" to "C4".
7. Start Snova
72
78. Chapter Two
Part Seven Section Three: How To Use Snova On Cloud Foundry
After that, you can start Snova, and if you can see the following message:
Start plugin:C4 … Success
Then you can visit the HTTPS links normally.
73
79. Chapter Two
Part Seven Section Four: How To Use Snova On Heroku
Part Seven Section Four: How To Use Snova On Heroku
In the last post, we have learned how to install and use Snova on Cloud Foundry, this post will show you
how to do that on Heroku.
Since Heroku is also a PaaS platform, the steps will like what you do on Cloud Foundry, as what you can see
from the following:
1. Create a Heroku account
On this Heroku page, enter your email address and sign up an account.
2. Install Heroku Toolbelt
74
80. Chapter Two
Part Seven Section Four: How To Use Snova On Heroku
After signup, you can receive an email, click the long confirmation link inside, download the Heroku
Toolbelt app and install it on your computer.
3. Download snova-c4-heroku-server-xxx.zip
On the Snova Downloads webpage, download the "snova-c4-heroku-server-xxx.zip" file and extract it.
4. Deploy Snova c4 server to Heroku
75
81. Chapter Two
Part Seven Section Four: How To Use Snova On Heroku
Open the Terminal application, enter the following command line:
cd /the-parth-to/snova-c4-heroku-server-xxx
You can also just drag the "snova-c4-heroku-server-xxx" folder and drop it behind the "cd" command.
After that, you can start to configure and deploy the Snova c4 server to Heroku by entering the following
command lines one by one:
heroku login (To enter your Heroku account email and password)
git init
git add .
git commit -m "init"
heroku create --stack cedar
git push heroku master
At the end of the results, you can find a random URL like the following:
http://obscure-tundra-1542.herokuapp.com/
76
82. Chapter Two
Part Seven Section Four: How To Use Snova On Heroku
Visit the page of the URL, and if you can see something like the following:
Welcome to snova-c4 server xxx!
Then you have successfully deployed the Snova server to Heroku.
5. Configure the Snova c4 client
Find and open the "c4-client.conf" file via the following path:
.../snova-xxx/plugins/c4/conf/c4-client.conf
And uncomment the first "WorkerNode [0]" line by changing "xyz" to what you get in Step 4 (such as
"obscure-tundra-1542").
77
83. Chapter Two
Part Seven Section Four: How To Use Snova On Heroku
6. Configure snova.conf
Find and open the "snova.conf" file via the following path:
.../snova-xxx/conf/snova.conf
And change the "ProxyService" value from "GAE" to "C4".
7. Start Snova
78
84. Chapter Two
Part Seven Section Four: How To Use Snova On Heroku
After that, you can start Snova, and if you can see the following message:
Start plugin:C4 … Success
Then you can visit the HTTPS links normally.
79
85. Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift
Part Seven Section Five: How To Use Snova On OpenShift
To install and use Snova, you can check out this post for GAE, this one for Cloud Foundry and this one for
Heroku.
The following will show you how to install and use Snova on OpenShift, another PaaS platform like the
above 3 mentioned.
1. Create an OpenShift account
On the signup page of OpenShift, you can enter your email address, password and the CAPTCHA code to
create an account.
2. Download snova-c4-server-xxx.war
80
86. Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift
On the Snova Downloads webpage, download the "snova-c4-server-xxx.war" file and put it into a new empty
folder, such as "openshift" used for the following steps.
3. Install rhc
On Mac, you can install rhc with the following command line:
sudo gem install rhc
On Windows and Linux, you can check out the official page for the instructions.
81
87. Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift
4. Deploy Snova c4 server to OpenShift
On the Terminal application, you can enter the openshift folder with the command line:
cd /the-parth-to/openshift
Or you can just drag the "openshift" folder and drop it behind the "cd" command.
After that, you can start to configure and deploy the Snova c4 server to OpenShift by entering the following
command lines one by one:
Command line 1:
rhc domain create -n freenutsdot -l xxx@gmail.com -p 123456
(To create a sub domain "freenutsdot.rhcloud.com" for your OpenShift account. Remember to change
"freenutsdot" to any name you like, to change "xxx@gmail.com" to your registered email address and to
change "123456" to your OpenShift password. )
Command line 2:
82
88. Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift
rhc app create -a fn -t jbossas-7 -p 123456
(To create an app, which name will be used before the domain created above. Remember to change "fn" to
any name you like, and to change "123456" to your OpenShift password, then you can get a folder with the
same name of the app (such as "fn") in your current directory (such as "openshift").
Command line 3:
cd fn
(To conduct commands in the app folder created above.)
Command line 4:
mv ../snova-c4-server-xxx.war deployments/ROOT.war
(To move the "snova-c4-server-xxx.war" file into the "deployments" directory of the "fn" folder and rename
it to "ROOT.war".)
Command line 5:
git rm -r src pom.xml
(To delete the src folder and the pom.xml file.)
Command line 6:
git init
83
89. Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift
(To reinitialize the app.)
Command line 7:
git add .
(To add the ROOT.war mode.)
Command line 8:
git commit -a -m "haha"
(To confirm and see the changes, you can replace "haha" with any message you like.)
Command line 9:
git push
(To upload the ROOT.war file to your OpenShift app.)
If no error appears, you can visit the page of the following URL:
http://fn-freenutsdot.rhcloud.com/
Remember to replace "fn-freenutsdot" with your app name and sub domain.
And if you can see something like the following:
Welcom to snova-c4 server xxx!
84
90. Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift
(Welcom is a typo, which should be Welcome.)
Then you have successfully deployed the Snova server to OpenShift.
5. Configure the Snova c4 client
Supposing that you have installed Snova on GAE as mentioned before, then you can find and open the
"c4-client.conf" file via the following path:
.../snova-xxx/plugins/c4/conf/c4-client.conf
85
91. Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift
And enter your OpenShift app domain (such as "fn-freenutsdot.rhcloud.com") at the end line of
"WorkerNode [0]".
By the way, Snova supports multiple c4 plugins together, so that you can also add the domains of your Cloud
Foundry and/or Heroku apps in the same "c4-client.conf" file, just make sure the numbers behind
"WorkerNode" are different from each other.
6. Configure snova.conf
Find and open the "snova.conf" file via the following path:
.../snova-xxx/conf/snova.conf
And change the "ProxyService" value from "GAE" to "C4".
By the way, you can skip this step if you have ever done this before.
7. Start Snova
86
92. Chapter Two
Part Seven Section Five: How To Use Snova On OpenShift
After that, you can start Snova, and if you can see the following message:
Start plugin:C4 … Success
Then you can visit the HTTPS links normally, as what you can do with the Cloud Foundry or Heroku
plugins.
87
93. Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic
Part Seven Section Six: How To Use Snova On Jelastic
As mentioned before, you can run the Snova proxy on Cloud Foundry, Heroku, OpenShift and Jelastic PaaS
platforms, with the C4 plugins.
Among these 4 PaaS platforms, Jelastic is the easiest way to install the C4 plugin, since you do NOT need to
use any command lines, as what you can see from the following detailed steps:
1. Download snova-c4-server-xxx.war
On the Snova Downloads webpage, download the "snova-c4-server-xxx.war" file, and you can skip this step
if which you have done before.
2. Create a Jelastic account
88
94. Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic
On the Jelastic homepage, enter your email address to sign up an account, which login username and
password will be emailed to you soon.
3. Create your Jelastic app domain
89
95. Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic
After login, you can see an "Environment topology" window, on which, you can enter an "Environment
name" (such as "freenuts"), which will generate you one Jelastic app domain (such as
"freenuts.jelastic.servint.net"), and then click the "Create" button.
4. Upload snova-c4-server-xxx.war
Click the "Upload" button, and browse to upload the "snova-c4-server-xxx.war" file you downloaded.
By the way, you can enter anything into the "Comment" box if you like.
5. Deploy Snova c4 server to Jelastic
90
96. Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic
Moving the cursor over the name of the uploaded "snova-c4-server-xxx.war" file, you can see a yellow icon,
clicking on which, you can see the Environment name, clicking on which, you can see a pop-up window, and
clicking on its "Deploy" button directly without changing anything, then you can deploy the C4 plugin to
Jelastic.
6. Configure the Snova c4 client
91
97. Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic
Supposing that you have installed Snova on GAE as mentioned before, then you can find and open the
"c4-client.conf" file via the following path:
.../snova-xxx/plugins/c4/conf/c4-client.conf
And enter your Jelastic app domain (such as "freenuts.jelastic.servint.net") at the end line of "WorkerNode
[0]".
By the way, Snova supports multiple c4 plugins together, so that you can also add the domains of your Cloud
Foundry, Heroku, and/or OpenShift apps in the same "c4-client.conf" file, just make sure the numbers behind
"WorkerNode" are different from each other.
92
98. Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic
7. Configure snova.conf
Find and open the "snova.conf" file via the following path:
.../snova-xxx/conf/snova.conf
And change the "ProxyService" value from "GAE" to "C4".
By the way, you can skip this step if you have ever done this before.
8. Start Snova
93
99. Chapter Two
Part Seven Section Six: How To Use Snova On Jelastic
After that, you can start Snova, and if you can see the following message:
Start plugin:C4 … Success
Then you can visit the HTTPS links normally, as what you can do with the Cloud Foundry, Heroku and/or
OpenShift plugins.
94
100. Chapter Two
Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings
Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings
Whether Freegate, Tor, Snova or any other proxy clients or SSH tunnels, you need to change the network
proxy settings before you can use them to unblock those blocked sites.
Although their proxy addresses are same (127.0.0.1), their ports are usually different, for example, Freegate
is 8580, Tor is 9050, Snova is 48100, etc., instead to change the port value manually every time when
transferring one proxy to another, you can use the following 2 free extensions to do that automatically.
1. SwitchySharp
SwitchySharp (or Proxy SwitchySharp) is a Chrome extension.
After installation, you can see a new tab of SwitchySharp Options, on which, you can enter a proxy's name as
the Profile Name, and set the Manual Configuration.
For FreeGate, GappProxy, Goagent, Hyk-proxy, Snova or UltraSurf, you can enter 127.0.0.1 together with its
port in the HTTP Proxy column and check the "Use the same proxy server for all protocols" box; for Tor or
SSH, you can just enter 127.0.0.1 together with port 9050 or 7070 in the SOCKS Hosts (SOCKS v4) column.
95
101. Chapter Two
Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings
After that, click the "Save" button, then, you can click on the SwitchySharp icon in the Toolbar, and select
the Profile Name to use the proxy service.
Bonus:
To find an alternative Chrome extension, you can check out Proxy Switchy, which is nearly same as
SwitchySharp, but not so popular.
2. FoxyProxy Standard
FoxyProxy Standard is a Firefox extension.
After installation, you can see the extension icon in both Navigation Toolbar and Add-on Bar, click on
which, you can start to add proxy configuration by clicking on the "Add New Proxy" button in the settings
window.
For FreeGate, GappProxy, Goagent, Hyk-proxy, Snova or UltraSurf, you can enter 127.0.0.1 together with its
port in the Host or IP Address column of the Proxy Details tab.
And for Tor or SSH tunnel, you also need to check the "SOCKS proxy?" box as well as the "SOCKS v4/4a"
box.
For better experience, you can enter the proxy service's name as Proxy Name in the General tab if you like.
After that, click the "OK" button, then you will see a new pop-up with the following message:
96
102. Chapter Two
Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings
You didn't enter and enable any whitelisted (inclusive) URL patterns. This means the proxy won't be
used unless FoxyProxy is set to "Use Proxy tor for all URLs". Continue anyway?
Just click on the "OK" button, then you can select the proxy name from the "Select Mode" column in the top
of the settings window and use its proxy service.
Bonus:
AutoProxy is also a free Firefox add-on like FoxyProxy Standard.
By the way, whichever extension you are using, you can add some rules to or not to visit some sites via proxy
if you like, and then FoxyProxy Standard won't ask you if to "Continue anyway?" any more.
97
103. Chapter Three
Free VPN Services
Chapter Three
Free VPN Services
While proxy can be taken as a carrier, who helps delivery your message to another person, VPN (Virtual
Private Network) will be like the person's office staff, who also helps you delivery your message to that
person.
While proxy only works for the application you assign to, and basically the browsers only, VPN will works
for your entire device, whether browsers, email clients, app stores or any other application that connects to
the internet.
While you need to set the browser HTTP proxy addresses to use a proxy service, you don't need to do that
with VPN services.
So, generally speaking, VPN is safer than Proxy.
Image Credit: http://en.wikipedia.org/wiki/Virtual_private_network
98
104. Chapter Three
Part One: Free PPTP VPN Services
Part One: Free PPTP VPN Services
As one of the methods to implement VPN, PPTP (Point-to-Point Tunneling Protocol) is very easy to build
and use.
But hosting is expensive, so that there are not so many free PPTP VPN services, among which, the following
10 are the best up till now:
1. SecurityKISS
On any download page of the SecurityKISS website, you can enter your email address and get 2 PPTP/L2TP
VPN accounts in your Inbox, one is from USA, the other is from UK.
Besides, you can also sign in your SecurityKISS account with the username and password received to get
99
105. Chapter Three
Part One: Free PPTP VPN Services
more VPN servers from USA, UK, France and/or some other countries.
And besides PPTP/L2TP, SecurityKISS also offers free OpenVPN services for Windows, Mac/Linux
systems.
By the way, no matter which or how many VPN services you are using, the free traffic data is up to 300 MB
per day.
2. Super Free VPN
Open the Super Free VPN website, you can see the account, which server and username are fixed, while
password will be changed in up to 8 hours.
By the way, in case the "superfreevpn.com" domain is blocked in your area (such as China), you can change
it to the following IP address:
69.60.121.29
3. JustFreeVPN
100
106. Chapter Three
Part One: Free PPTP VPN Services
Open the JustFreeVPN website, you can see 3 free PPTP VPN accounts, one is from USA, one is from UK,
and one is from CA.
For different accounts, their servers are different, usernames are all "justfreevpn", and passwords will be
changed in uncertain times.
4. UFreeVPN
101
107. Chapter Three
Part One: Free PPTP VPN Services
The UFreeVPN website offers one USA, one UK and one CA free PPTP VPN services, which servers are
different, but usernames and passwords are fixed, so that you do not need to change passwords often.
5. NewFreeVPN
102
108. Chapter Three
Part One: Free PPTP VPN Services
On 3 different pages of the NewFreeVPN website, you can find out 3 different free PPTP VPN accounts, one
is from US, one is from UK, and one is from Canada, the servers of them are different, but the username
(free) and password (1234) are same.
6. Tsunagarumon
Tsunagarumon is a Japanese free PPTP VPN.
On the Entry page, enter your email address, check to agree the service terms, click on the red button,
double-check your email address, and click on the next red button, then you can get an email from
Tsunagarumon.
Clicking on the link in the email, you can receive your free PPTP VPN account soon.
7. FreeCanadaVPN
103
109. Chapter Three
Part One: Free PPTP VPN Services
FreeCanadaVPN is a Canada PPTP VPN, which server is "freecanadavpn.com", username is "free", and
password will be changed and displayed on the right top of the page irregularly.
8. BestUKVPN
As the name, BestUKVPN is a UK PPTP VPN, which server is "bestukvpn.com", username is "free" and
104
110. Chapter Three
Part One: Free PPTP VPN Services
password will be updated irregularly.
9. Zace Book
As a Romania free PPTP VPN, Zace Book's server is "vpn.zacebook.com", username is "VPN", and
password will be updated every one or two days.
10. VPN Book
105
111. Chapter Three
Part One: Free PPTP VPN Services
VPN Book is also a Romania VPN, which PPTP server is "pptp.vpnbook.com", username is "pptp", and
password will be changed every one or two days.
Besides PPTP, VPN Book also offers free OpenVPN services.
Among the above 10 free PPTP VPN services, SecurityKISS is the best, but only with 300 MB traffic per
day.
Bonus:
Like Super Free VPN mentioned before, if the server host name of any other free PPTP VPN is blocked in
your area, you can ping and change it to the server's IP address.
106
112. Chapter Three
Part Two: Free VPN Softwares
Part Two: Free VPN Softwares
Different from PPTP VPN Services, desktop VPN softwares require downloading and installation.
Most VPN softwares are not free, but luckily, you can check out the following best 6 free ones:
1. SecurityKiss
The VPN software SecurityKiss works for Windows only, but brings you 300MB of data transfer per day for
free.
No registration is required, you can just download and install the SecurityKiss software, then run and connect
it. If the connection fails, you can try to select another VPN server.
2. ProXPN
107
113. Chapter Three
Part Two: Free VPN Softwares
The VPN software ProXPN is workable for Windows and Mac computers.
Create a ProXPN account, download, install and run the software, then you can connect the VPN service
with your username and password, but there will be a ProXPN landing page before you can visit the site you
intend to.
3. Private Tunnel
108
114. Chapter Three
Part Two: Free VPN Softwares
Private Tunnel is a OpenVPN service, workable on Windows and Mac.
You can create an account, download the OpenVPN Connect package, choose to connect the San Jose, CA
(US), London (UK) or Zurich (CH) server, then you can use the Private Tunnel service, but only 100 MB
free traffic.
4. Hotspot Shield
109
115. Chapter Three
Part Two: Free VPN Softwares
With English, French, Chinese and some other languages support, Hotspot Shield offers a free VPN solution
with unlimited bandwidth for Windows and Mac.
Just download and install the software, then you can run and connect the VPN service, but there will be ads
on the top of the webpages you visit.
5. ExpatShield
110
116. Chapter Three
Part Two: Free VPN Softwares
Like Hotspot Shield, ExpatShield is also a free VPN software offers unlimited bandwidth with ads and
supports multiple languages.
But ExpatShield is only workable for Windows computer system.
6. Cloak VPN
111
117. Chapter Three
Part Two: Free VPN Softwares
Cloak VPN supports Mac, iPhone and iPad.
After registration, download the right Cloak VPN clients according to your device operating systems, then
you can connect and use the VPN service directly.
By the way, you can use the Cloak VPN services on both of your OS and iOS devices with up to 1G traffic
and 2 hours EVERY month as a free user.
Among the above 6 free VPN softwares, I prefer to use SecurityKiss and ProXPN, how about you? Which
ones are your favorite?
112
118. Chapter Three
Part Three: How To Build A VPN
Part Three: How To Build A VPN
Want to build your own VPN instead to use others', whether free or not?
If you've already had a VPS, cloud computing or dedicated server, and the Terminal application of Mac, or
the Putty tool for Windows, you can start to build VPN services, whether PPTP, L2TP or OpenVPN types.
The following will show you how to build a PPTP, L2TP and OpenVPN on a VPS based on the Mac
Terminal application in 3 separate posts.
First of all, run your Terminal, and enter the following command:
ssh root@xxx.xxx.xxx.xxx
Just replace "xxx.xxx.xxx.xxx" with your VPS' IP, such as "178.18.17.212".
Then you will see the following message:
Are you sure you want to continue connecting (yes/no)?
Enter "yes" and press the "Return" key, then, enter your password and press the "Return" key.
P.S.:
If you've rebuilt your VPS, you may meet the following error:
Host key verification failed.
In that case, enter the following command at first:
113
119. Chapter Three
Part Three: How To Build A VPN
ssh-keygen -R xxx.xxx.xxx.xxx
Remember to replace "xxx.xxx.xxx.xxx" with your VPS' IP address.
After that, you can start to build your own VPN.
114
120. Chapter Three
Part Three Section One: How To Build A PPTP VPN
Part Three Section One: How To Build A PPTP VPN
After connecting to your server via SSH, you can build your own PPTP VPN with the following 8 steps:
1. Install PPTPD
Install the PPTPD package with the following command:
apt-get install pptpd
2. Edit the VPN interface IP addresses
Open the pptpd.conf file with the following code:
nano /etc/pptpd.conf
Press the Enter key, find and uncomment the following 2 lines:
115
121. Chapter Three
Part Three Section One: How To Build A PPTP VPN
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
3. Edit DNS addresses
Enter the following command:
nano /etc/ppp/pptpd-options
Find the following codes:
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
And change them to the following ones:
ms-dns 8.8.8.8
ms-dns 8.8.4.4
4. Add VPN accounts
Enter the following command:
nano /etc/ppp/chap-secrets
Press the Return key and enter the following information:
116
122. Chapter Three
Part Three Section One: How To Build A PPTP VPN
username pptpd password *
For example:
freenuts pptpd 123456 *
5. Forward IPv4
Enter the following command:
nano /etc/sysctl.conf
Press the Return key, find and uncomment the following line:
#net.ipv4.ip_forward=1
6. Apply the forward
Your forward change won't be active immediately, and you need to apply it with the following commend:
sysctl -p
If everything is correct, then you can see the following result:
net.ipv4.ip_forward = 1
117
123. Chapter Three
Part Three Section One: How To Build A PPTP VPN
7. Allow the routing
Copy and paste the following command:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
Press the Return key to run the command.
8. Restart PPTPD
Copy and paste the following command:
/etc/init.d/pptpd restart
Press the Return key, then you can use your PPTP VPN with the username and password you've set before.
118
124. Chapter Three
Part Three Section Two: How To Build A L2TP VPN
Part Three Section Two: How To Build A L2TP VPN
To build an L2TP/IPSec VPN, you can follow the following 6 steps:
1. Install OpenSwan
Enter the following command lines one by one:
aptitude install build-essential
aptitude install libgmp3-dev gawk flex bison
wget http://www.openswan.org/download/openswan-2.6.35.tar.gz
tar xzvf openswan-2.6.35.tar.gz
119
125. Chapter Three
Part Three Section Two: How To Build A L2TP VPN
cd openswan-2.6.35
make programs
make install
Remember to press the "Return" key when entering any one of the above lines.
By the way, 2.6.35 is the latest version during my test, and you can check the OpenSwan website to see if
there is a new version later, if yes, you can use it instead.
2. Edit IPSec
Firstly, open the ipsec.conf file with the following command:
vi /etc/ipsec.conf
Delete all the existing contents, and paste the following ones:
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0
/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
oe=off
protostack=netkey
conn %default
120
126. Chapter Three
Part Three Section Two: How To Build A L2TP VPN
forceencaps=yes
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=YOUR.VPS.IP.ADDRESS
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
Remember to change YOUR.VPS.IP.ADDRESS to your VPS IP address, such as 178.18.17.30 for this
tutorial.
Secondly, open the ipsec.secrets file with the following code:
vi /etc/ipsec.secrets
And insert the following content:
YOUR.VPS.IP.ADDRESS %any: PSK "YourSharedSecret"
For example:
178.18.17.30 %any: PSK "123456abcdef"
121
127. Chapter Three
Part Three Section Two: How To Build A L2TP VPN
Thirdly, enter the following command lines one by one:
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
Remember to press the "Return" key after every command line.
Fourthly, restart IPSEC with the following command:
service ipsec restart
3. Install L2TP
Go back to the root directory, and install the L2TP package with the following command line:
aptitude install xl2tpd
After installation, open the conf file with the following code:
vi /etc/xl2tpd/xl2tpd.conf
Delete all the existing content and paste the following one:
[global]
122
128. Chapter Three
Part Three Section Two: How To Build A L2TP VPN
; listen-addr = 192.168.1.98
[lns default]
ip range = 10.1.1.2-10.1.1.255
local ip = 10.1.1.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
4. Set up xl2tpd
Enter the following command:
vi /etc/ppp/options.xl2tpd
Then insert the following codes:
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
123
129. Chapter Three
Part Three Section Two: How To Build A L2TP VPN
After that, open the chap-secrets file:
vi /etc/ppp/chap-secrets
And insert the following content:
username l2tpd password *
For example:
freenuts l2tpd 123456 *
Then, restart L2TP:
service xl2tpd restart
5. IP forward
Enter the following command:
vi /etc/sysctl.conf
Press the "Return" key, find the line of "#net.ipv4.ip_forward=1" and uncomment it.
After that, enter the following command:
124
130. Chapter Three
Part Three Section Two: How To Build A L2TP VPN
sysctl -p
Press the "Return" key, then you will only see "net.ipv4.ip_forward=1" as the result if everything is right.
After that, enter the following command:
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
6. For reboot
Now, you can connect your L2TP/IPSec VPN, but if you reboot your VPS, your forwarding settings will be
gone, to avoid this, you can enter the following command:
vi /etc/rc.local
Press the "Return" key and paste the following contents before the "exit 0" line:
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
/etc/init.d/ipsec restart
Save it, then you are done.
125
131. Chapter Three
Part Three Section Three: How To Build An OpenVPN
Part Three Section Three: How To Build An OpenVPN
It is also easy to build an OpenVPN with the following 9 steps:
1. Install OpenVPN
Enter the following command to install OpenVPN:
apt-get install openvpn
2. Move easy-rsa into the correct place
Enter the following command:
cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn
126
132. Chapter Three
Part Three Section Three: How To Build An OpenVPN
Press the "Return" key, then you can move the easy-rsa folder to the OpenVPN directory.
3. Generate keys
Enter the following commands one by one:
cd /etc/openvpn/easy-rsa/2.0
. ./vars
./clean-all
./build-ca
./build-key-server server
./build-key client
./build-dh
Remember to press the "Return" key at each line, and answer "yes" to all "yes/no" questions:
4. Apply iptables rules
Enter the following command:
vi /etc/sysctl.conf
Press the "Return" key, find the line of "#net.ipv4.ip_forward=1" and uncomment it.
After that, enter the following code:
sysctl -p
127
133. Chapter Three
Part Three Section Three: How To Build An OpenVPN
Then you will see the following message as a result:
net.ipv4.ip_forward=1
Then create iptables rules with the following command:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 178.18.17.142
Remember to replace "178.18.17.142" with the actual IP address of your server.
5. Create the VPS OpenVPN configuration file
Enter the following command:
# vi /etc/openvpn/server.conf
And paste the following contents:
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
duplicate-cn
keepalive 10 120
128
134. Chapter Three
Part Three Section Three: How To Build An OpenVPN
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
6. Start OpenVPN
You can start OpenVPN with the following command:
# /etc/init.d/openvpn start
7. Create the PC OpenVPN configuration file
Enter the following command:
vi /etc/openvpn/easy-rsa/2.0/keys/client.conf
And insert the following contents:
client
dev tun
proto udp
remote 178.18.17.142 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
129