100+ Free Tools For You To Access Blocked Sites
Upcoming SlideShare
Loading in...5
×
 

100+ Free Tools For You To Access Blocked Sites

on

  • 18,862 views

How many ways have you used to unblocked the internet censorship and get access to Facebook, Twitter, YouTube or some other sites blocked in your country or area? ...

How many ways have you used to unblocked the internet censorship and get access to Facebook, Twitter, YouTube or some other sites blocked in your country or area?

I have used a ton, such as Proxy, SSH, VPN and many other anti-censorship tools, since which may be blocked, too, the more you have, the safer you will be.

This book will show you over 100 free anti-censorship tools (including VPN, SSH, Proxy and even more) as well as how to use them to get access to those blocked sites in your area.

Statistics

Views

Total Views
18,862
Views on SlideShare
7,012
Embed Views
11,850

Actions

Likes
1
Downloads
175
Comments
1

24 Embeds 11,850

http://freenuts.com 9846
http://freenuts.net 1021
http://jingpin.org 692
http://www.freenuts.net 73
http://www.chariweb.com 60
http://freenuts.hostingsiteforfree.com 56
http://feeds.feedburner.com 51
http://translate.googleusercontent.com 24
http://131.253.14.66 5
http://webcache.googleusercontent.com 4
http://yourhandphone.blogspot.com 3
http://freenuts.org 2
https://youtubeproxy.org 2
http://freenuts.com.sixxs.org 1
http://yourhandphone.blogspot.nl 1
http://technology.feedfury.com 1
http://www.bonweb.fr 1
http://www.photostudiogt.com&_=1378920993217 HTTP 1
http://www.photostudiogt.com&_=1378920571622 HTTP 1
http://plus.url.google.com 1
http://xianguo.com 1
http://localhost 1
http://50.87.189.173 1
http://www.google.co.uk 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial LicenseCC Attribution-NonCommercial License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • thankyou
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

100+ Free Tools For You To Access Blocked Sites 100+ Free Tools For You To Access Blocked Sites Document Transcript

  • 100+ Free Tools For You To Access Blocked Sites Young, Yang Creative Commons - BY -- 2012
  • DedicationThis book is dedicated to my dear mother, who doesn’t care about internetfreedom, but only her children and grandchildren, so that I have time towrite.This book is also dedicated to my dear motherland — China, where there isGFW which blocks internet freedom, so that I have to write something abouthow to unblock blocked sites.
  • AcknowledgementsAmong all those free anti-censorship tools mentioned in this book, none iscreated by myself, and I just test and share them and tell people how to usethem.So, thanks to the authors who develop and share those free VPN, SSH, Proxyand/or any other anti-censorship tools.
  • Table of ContentsPreface 2 My Internet Freedom Declaration 2Chapter One 4 Free Online Proxies 4Chapter Two 10 Free Proxy Softwares 10 Part One: Ultrasurf 11 Part Two: Freegate 15 Part Three: Tor 20 Part Four: GAppProxy 25 Part Five: Goagent 35 Part Six: Hyk-proxy 43 Part Seven: Snova 52 Part Seven Section One: The Easiest Ways To Use Snova 57 Part Seven Section Two: How To Use Snova On GAE 60 Part Seven Section Three: How To Use Snova On Cloud Foundry 67 Part Seven Section Four: How To Use Snova On Heroku 75 Part Seven Section Five: How To Use Snova On OpenShift 81 Part Seven Section Six: How To Use Snova On Jelastic 89 Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings 96Chapter Three 99 Free VPN Services 99 Part One: Free PPTP VPN Services 100 Part Two: Free VPN Softwares 108 Part Three: How To Build A VPN 114 Part Three Section One: How To Build A PPTP VPN 116 Part Three Section Two: How To Build A L2TP VPN 120 Part Three Section Three: How To Build An OpenVPN 127 Part Four: How To Set Up VPN 133Chapter Four 135 Free SSH Services 135 Part One: Free SSH Tunnels 136 Part Two: How To Create A SSH Tunnel 141 Part Three: How To Connect To SSH Tunnel 144Chapter Five 147 The Differences Among Proxy, SSH And VPN 147Chapter Six 150 How To Access Blocked Sites With Google Reader 150Chapter Seven 153 How To Access Blocked Sites With The Hosts File 153Chapter Eight 157 How To Access Blocked Sites Via gogoCLIENT
  • 157Chapter Nine 164 How To Check If A Site Is Blocked 164 Part One: Check If A Site Is Blocked With Anti-censorship Tools 165 Part Two: Check If A Site Is Blocked By Pinging It 166 Part Three: Top 10 Websites For You To Check If A Site Is Blocked 167 Part Four: Check If A Site Is Blocked In China With WebSitePulse 173Chapter Ten 175 Appendix 175 Part One: Top 10 Websites Blocked in China 176 Part Two: Countries That Block Facebook 181Subsequent 182 This Book Is Free 182
  • Preface My Internet Freedom Declaration Preface My Internet Freedom DeclarationWhile there is no definition, someone declares five basic principles of Internet Freedom, which areExpression, Access, Openness, Innovation and Privacy.As a man living in China, I totally agree with those 5 principles and know how import internet freedom willbe, since you might go to jail by a message you posted online, fail to visit Facebook, Twitter, YouTube andmany other websites, get your website shut down because of one criticized post, and even find out that yourprivate chat history were released to the police without any court document, so on and so forth.Sounds horrible, right? But which were all happened in the Chinese internet world.Since 2007, I have fought against the GFW (great firewall) — the biggest part of Internet Censorship in China,by testing free anti-censorship tools as many as possible and sharing them on my blogs, both Free Nuts andJing Pin (in Chinese).Up till now, I have tested and introduced over 100 free anti-censorship tools, including VPN, Proxy, SSH andmore, among which, some may be not available any more when you are reading this book, but luckily, therewill be always some new tools, and I will keep an eye on them. 1
  • Preface My Internet Freedom DeclarationImage Credit: http://www.flickr.com/photos/talkradionews/4294790603/ 2
  • Chapter One Free Online Proxies Chapter One Free Online ProxiesThe main advantage of online proxy websites (or web proxies) is that you dont need to install anything norto make any configuration, just to look out those pop-up ads.If you can bear those ads, and want to get access to Facebook, Twitter, YouTube and/or any other websitesthat blocked in your area, or just want to be anonymous, then you can check out the following top 100 freeonline proxies:1. Aniscartujo.comThe Aniscartujo web proxy is workable for both computers and mobile phones.2. Anonproxy.euWith Anonproxy.eu, you can encode URL/page and allow cookies. 3
  • Chapter One Free Online Proxies3. Btunnel.comThe Btunnel.com web proxy is available for you to delete cookies, to remove scripts, and to hide referrers,but there will be a boring pop-up ad on the homepage.4. Daveproxy.co.ukA UK web proxy which supports JavaScript well.5. Dtunnel.comNearly same as Btunnel.com.6. Free-web-proxy.deThis web proxy allows you to watch YouTube videos as well as to download them in MP4 files.7. Fproxy.nlNearly same as Anonproxy.eu.8. Goodproxy.euGoodproxy.eu is powered by Glype, but not available for you to visit the YouTube website.9. Hidemyass.comThe Hide My Ass web proxy is available for you to enable SSL security, to disable flash & Javascript, or toselect encrypted URL obfuscation.10. Kproxy.comHttps protocol is supported and downloads are allowed by Kproxy.com.11. Megaproxy.com/freesurfThe Magaproxy free version is free of pop-up ads.12. Peacefire.org/circumventorOn the website, you will get one URL of a web proxy, if which is blocked, you can subscribe to its lists formore. 4
  • Chapter One Free Online Proxies13. Polysolve.comNearly same as Btunnel.com.14. Proxyweb.com.esThe input box is between 2 large ad banners.15. Safeforwork.netWith SafeForWork.net, you can remove cookies/scripts, hide referrers and show entry form.16. Shieldproxy.comThis web proxy is very simple with just an address box in its homepage.17. Smscut.com/onlinesonicOnline Sonic will translate the languages of the target websites into French.18. Surfagain.comSurfagain.com is available for you to watch YouTube videos.19. Surfinweb.tkSurfinweb.tk is available for you to watch YouTube videos, too.20. TryCatchMe.comThe effect of TryCatchMe is nearly same as Daveproxy.21. Vtunnel.comNearly same as Btunnel.com.22-41 Aproxy.org (20)The Aproxy.org website offers tens of links to different free online proxies, among which, the following 20are the workable and best during my test: Dxyh.com 5
  • Chapter One Free Online Proxies Fubian.com Isityet.net Lovetogetby.com Ninjacloak.com Proxy-free.org Proxy4surf.info Proxypolice.com Proxyhasty.com Renewmyip.com Resellerzone.us Surfnewip.com Super-affiliate.in Theninjacloak.com Topbits.us Unblock-internet.ws Vvwa.com Vectroproxy.com Web4surf.com Web4proxy.org42-60. Centurian.org (19)The Centurian.org website offers about 100 proxies, among which, the following 19 are the best andworkable during my test: 0010site.info 00011site.info 7us.info Free-pro.info Iweb20.info Justbrowse.info Longbuluo.info Luispro.com Microxy.com Myservus.info Mywebproxy.net newsurf.info Proxy2free.net School-proxy.us Stripcomprox.info Unblockwebsite.org Usaproxies.com 6
  • Chapter One Free Online Proxies Vectrotunnel.com Xeronet-proxy.com61-100. Proxymeup.com (40)There are over 50 workable web proxy tools on the proxymeup.com website, and the following 40 are thebest up till now: 007007007.eu 123proxy.eu 2fastproxy.tk Aaaproxy.eu Awesomeproxy.eu Bypassme.in Crochetheart.com Devilproxy.eu Hideproxy.eu Homeproxy.com Healthycheapeating.com Iwebproxy.net Iunblock.in Myproxy2day.info Manghun.com Mydoggieneeds.com My-proxy.olympe.in Newenergytomorrow.info Newtattooonline.com Olympicproxy.net Ondrej.me Proxy000.eu Proxy007.eu Proxy-fre.com Proxytools.info Proxme.net Proxy4you.eu Proxyforfree.eu Proxy-ss.olympe.in Proxymonkey.org Proxy-best.com Rockvideo.cz Securewebproxy.net Spem.at 7
  • Chapter One Free Online Proxies Unblocker4u.com Usawebproxy.net Ultimateformalwear.com Websurf.in Workproxy.net Yellowproxy.netTo use any of the above 100 free online proxies, you can enter the URL of a blocked site in the input box,and press the Enter key or click on the "Go" button, then you can unblock and visit the site.Among the above 100 free online proxies, some of them may be blocked in your area (such as China) whenyou read this e-book, but luckily, some of them will be still workable, too. 8
  • Chapter Two Free Proxy Softwares Chapter Two Free Proxy SoftwaresAlthough both are proxies, desktop softwares are different from online websites.While online proxies are full of ads, there are less or even no ads for proxy desktop softwares; while you canuse online proxies directly, you need to download and install their clients before you can use those proxysoftwares.If the websites of those proxy softwares are blocked in your area (such as China), it is a good idea for you touse free online proxies to visit them.Among those free proxy softwares, the following 7 are the best:1. Ultrasurf;2. Freegate;3. Tor;4. GappProxy;5. Goagent;6. Hyk-proxy;7. Snova. 9
  • Chapter Two Part One: Ultrasurf Part One: UltrasurfAs one of the best proxy softwares, Ultrasurf is very easy to use without any installation.The following will show you how to use it in 3 steps:1. Download UltrasurfOpen the Ultrasurf.us site, and click on the "FREE DOWNLOAD" button on the right top, then you candownload the Ultrasurf client as a ZIP file.In case the Ultrasurf.us site is blocked in your area (such as China), you can use some other proxies, SSHtunnels or VPN services to unblock it.2. Run Ultrasurf 10
  • Chapter Two Part One: UltrasurfAfter download, extract the ZIP file, then you can get an EXE file, open which, you can run Ultrasurfdirectly.In case you come across with a Windows Security Alert, such as what you can see from the following image: 11
  • Chapter Two Part One: UltrasurfJust click on the "Allow access" button, then you can see an IE new tab of Wujie, which is the Chineseversion of Ultrasurf, and you can unblock any blocked sites right away.3. Set browser network proxyOn IE, you can use the Ultrasurf proxy service directly after connection, but on Chrome, Firefox, Safari orany other browser, you also need to set the network proxy to "127.0.0.1 : 9666".Take Firefox for example, you can find the proxy settings page via the following path: Preference –> Advanced –> Network –> SettingsThen select "Manual proxy configuration" to enter "127.0.0.1" & "9666" on the HTTP Proxy column, checkthe "Use this proxy server for all protocols" box, and click the "OK" button to save the change, as what youcan see from the following image: 12
  • Chapter Two Part One: UltrasurfInstead to set the network proxy settings manually as mentioned above, you can also check out SwitchySharpand FoxyProxy to set them automatically.After that, you can bypass internet censorship, encrypt online communications, and hide your IP on non-IEbrowsers, too. 13
  • Chapter Two Part Two: Freegate Part Two: FreegateLike Ultrasurf, Freegate is also a very popular and easy-to-use proxy service.The following will show you how to use Freegate in 3 steps:I. Download FreegateOpen the Dynaweb site and download the Freegate client software, whether in exe or zip format.In case the Dynaweb site is blocked in your area (such as China), you can use some other proxies, SSHtunnels or VPN services to unblock it first.II. Run FreegateIf you downloaded the exe file, just open it, and if you downloaded the zip file, extract it and run the exe file.When the connection is successful, you can use the Freegate proxy service right away, as what you can seefrom the following image: 14
  • Chapter Two Part Two: FreegateBut before you can see the control panel in the above image, you may come across the following 2 pop-upwindows:1. Freegate Proxy Control 15
  • Chapter Two Part Two: FreegateAs default, the domains of ".cn", ".baidu", ".qq" and some other suffixes will be connected directly, eventhough you remove them or select "Choose All websites go through Freegate proxy", which means you cantvisit the sites of those domains with Freegate anyway.So, you can neglect this window and just click the "OK" button to close it.2. Windows Security AlertIn case you come across with a Windows Security Alert, such as what you can see from the following image: 16
  • Chapter Two Part Two: FreegateJust click on the "Allow access" button, then you can see the proxys Chinese site Dongtaiwang on your IEbrowser.III. Set browser network proxy 17
  • Chapter Two Part Two: FreegateSame as Ultrasurf, On IE, you can use the Freegate proxy service directly after connection, but on Chrome,Firefox, Safari or any other browser, you also need to set the network proxy to "127.0.0.1 : 8580".The above instructions are for Windows only, in fact, Freegate is also available on Mac and Linux computeroperating systems, and you can refer to the FAQ page for the usages.And besides computers, Freegate also supports Android, Java and WM mobile phones, but only in Chinese. 18
  • Chapter Two Part Three: Tor Part Three: TorAs one of the most popular proxy softwares, Tor can be used on Windows, Mac, Linux/BSD/Unix, Androidand Nokia Maemo/N900 systems, with multiple languages supported.The following will show you how to use its basic and most popular 2 versions — Tor Browser Bundle andVidalia Bundle on Windows and Mac.1. Download TorOn the Download page, you can choose to download the right version according to your computer systems.For Tor Browser Bundle, you can and only can use its own browser (based on Firefox) to use its proxyservice; and for Vidalia Bundle, you can use your Firefox, Chrome, Safari or some other browsers by settingtheir network proxies.By the way, you can choose the Tor browser output language before downloading Tor Browser Bundle.2. Run Tor 19
  • Chapter Two Part Three: TorNo matter which version you downloaded, you can extract or install the package and run the Tor servicedirectly.For Tor Browser Bundle, you can run the "Start Tor Browser" (for Windows) or "TorBrowser" (for Mac)file, and for Vidalia Bundle, you can run the "Vidalia" file.If the onion icon turns green, then the Tor proxy is working.3. Add bridges 20
  • Chapter Two Part Three: TorIf the onion icon doesnt turn green, then the current Tor network is blocked, and the easiest way to solve theproblem is to open the Vidalias "Network" settings page, to select "My ISP blocks connections to the Tornetwork", and to add some bridges.So, how to get bridges for Tor? The following are 2 ways for your choice:3.1 Via webVisit the Bridges page, and enter the verification code, then you can get 2 bridges.3.2 Via emailYou can send an email with "get bridges" subject to "bridges@torproject.org" via your Gmail, soon you willget three newest bridges. 21
  • Chapter Two Part Three: TorBy the way, there used to be a "Find Bridges Now" button for to you get bridges directly, as mentionedbefore, but which is gone now.4. Set browser network proxyFor Tor Browser Bundle, you can unblock the blocked site with its own browser directly, and for VidaliaBundle, you need to change the SOCKS proxy to "127.0.0.1 : 9050".Take Firefox for example, you can find the proxy settings page via the following path: Preference –> Advanced –> Network –> Settings 22
  • Chapter Two Part Three: TorAnd select "Manual proxy configuration" to enter "127.0.0.1" & "9050" on the SOCKS column. By the way,youd better select SOCKS v4, since SOCKS v5 may be not workable.Between Tor Browser Bundle and Vidalia Bundle, the first one is easier and more safe, but you can only useits own browser. 23
  • Chapter Two Part Four: GAppProxy Part Four: GAppProxyGAppProxy hasnt been updated since the 2.0.0 version in 2010, and doesnt support https well.But as a GAE proxy, it is still available for you to surf anonymously and get access to the blocked sites.For how to install and use GAppProxy, you can check out the following 7 steps:1. To create a GAE applicationLog in your Google App Engine account and create an available application ID, such as "freenutsdotorg"used for this post.2. Generate a new application-specific password 24
  • Chapter Two Part Four: GAppProxyOn the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications andsites", and generate a new application-specific password.But you can skip this step if you do not use 2-step verification for your Gmail account.3. Download GAppProxyOn the GAppProxy Downloads page, you can download the packages according to your operating systems.3.1 Download the Windows packagesTo run GAppProxy on Windows, you need to download the following 2 packages: uploader-2.0.0-win.zip localproxy-2.0.0-win.zip 25
  • Chapter Two Part Four: GAppProxyAfter download, you can extract them and get the following 2 folders: uploader-2.0.0-win localproxy-2.0.0-win3.2 Download the Mac/Linux packagesAnd to run GAppProxy on Mac/Linux, you need to download the following 2 packages instead: fetchserver-2.0.0.zip localproxy-2.0.0.tar.gzExtract the packages, then you can get the following 2 folders: fetchserver-2.0.0 localproxy-2.0.04. Edit the app.yaml fileOn Windows, you can find the app.yaml file in the "fetchserver" directory of the "uploader-2.0.0-win" folder;and on Mac/Linux, you can find the app.yaml file in the "fetchserver-2.0.0" folder.After that, open the app.yaml file, and change the "your_application_name" to your GAE app ID created in 26
  • Chapter Two Part Four: GAppProxystep 1.5. Upload the GAppProxy server5.1 How to upload the GAppProxy server on WindowsOpen the "uploader-2.0.0-win" folder, double-click the "uploader.exe" file, and enter your App ID, Gmailaddress and password, then you are done.5.2 How to upload the GAppProxy server on Mac/Linux 27
  • Chapter Two Part Four: GAppProxyTo upload the GAppProxy server on Mac/Linux, we need a third-party tool.5.2.1 Download Google App Engine SDK for PythonDownload Google App Engine SDK for Python of Mac or Linux version, and install it.5.2.2 Add new applicationRun GoogleAppEngineLauncher, click "New Application" in the "File" option on the top menu bar, enteryour GAE app ID as "Application Name", and assign a folder as "Application Directory", or just use thedefault one it offers.5.2.3 Move the server filesCopy "app.yaml" and "fetch.py" files in the "fetchserver" folder and paste them into the "ApplicationDiretory" folder.5.2.4 Upload the serverBack to GoogleAppEngineLauncher, click on the "Deploy" button, enter your Gmail address and password,then you can upload the GAppProxy server to GAE. 28
  • Chapter Two Part Four: GAppProxy5.3 Test the GAppProxy serverOpen your browser, and enter the following URL: http://APP_ID.appspot.com/fetch.pyRemember to replace "APP_ID" with your own GAE app ID, and if you can see the following result:Then the GAppProxy server is uploaded successfully, if not, you can try to change "http" to "https", or to runan anti-censorship tool (such as proxy, ssh or VPN), and try again, if still not, then you need to upload theserver again.6. Run the GAppProxy clientWhen the server is uploaded successfully, you can run the GAppProxy on your computer.6.1 How to run the GAppProxy client on WindowsFor Windows, there is an executive application, clicking on which, you can run the GAppProxy, but youneed to edit the "proxy.conf" file first.6.1.1 Edit the proxy.conf fileOpen the "proxy.conf" file in the "localproxy-2.0.0-win" folder, edit the last line by changing"your-fetch-server" to your GAE app ID, and deleting the "#" mark, as what you can see from the followingimage: 29
  • Chapter Two Part Four: GAppProxyAfter that, save the file.6.1.2 Run the GAppProxy clientYou can double-click the "proxy.exe" file in the same folder to run the GAppProxy client.6.2 How to run the GAppProxy client on Mac/LinuxOn Mac/Linux, you can use the Terminal application to run the GAppProxy client, but you also need to editthe "proxy.conf" file first.6.2.1 Edit the proxy.conf fileSame as what you do on Windows, but the "proxy.conf" file is located in the "localproxy-2.0.0" folder.6.2.2 Run the GAppProxy client 30
  • Chapter Two Part Four: GAppProxyOpen the Terminal application, and enter the following command line: python xxx/localproxy-2.0.0/proxy.pyRemember to replace "xxx" with the full path to the "localproxy-2.0.0" directory, or you can just drag the"proxy.py" file and drop it behind "python".7. Edit the browser proxies 31
  • Chapter Two Part Four: GAppProxyWhen the GAppProxy client is running, you can edit the browser network settings and change the proxyaddress to "127.0.0.1: 8000", as what you need to do with any proxy service.By the way, since GAppProxy only supports HTTP with 80 port and HTTPS with 443 port, you can leave theSOCKS and FTP proxies empty.Note:Take the "freenutsdotorg" app ID for example, if you cant open the site of the following URL on yourbrowser: http://freenutsdotorg.appspot.com/ 32
  • Chapter Two Part Four: GAppProxyBut you can do that after changing "http" to "https", then you need to make the same change for the"fetch_server" link in the last line of the "proxy.conf" file, such as the following: fetch-server = https://freenutsdotorg.appspot.com/fetch.pyAnd if you still fail to open the site after changing "http" to "https", then your app ID is blocked and youwont be able to use the GAppProxy service, in that case, you can create a new GAE app and try again. 33
  • Chapter Two Part Five: Goagent Part Five: GoagentLike GAppProxy, Goagent is also a GAE proxy.And for how to use Goagent, you can refer to its official site in Chinese, or you can check out the following 7steps for an easier reference in English:1. Create GAE applicationsGoagent supports multiple app IDs, so that you can creat one or more new GAE applications, or use the oldones, but the "Storage Scheme" of each must be "High Replication".2. Generate new application-specific password 34
  • Chapter Two Part Five: GoagentOn the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications andsites", and generate a new application-specific password, which will be used when uploading the Goagentserver to your GAE in step 4.But you can skip this step if you do not use 2-step verification for your Gmail account.3. Download the Goagent packapgeDownload the Goagent package (a zip file) via the link on the top of its homepage, as what you can see fromthe above image.After that, extract the zip file, and you will get a "local" folder as well as a "server" folder.4. Upload the Goagent serverOpen the "server" folder, and upload the Goagent server to your GAE in the following ways: 35
  • Chapter Two Part Five: Goagent4.1 How to upload the Goagent server on WindowsOn Windows, open the "uploader.bat" file, enter your GAE app ID created in step 1, your Gmail address andthe application-specific password, then you can start to upload.And to use more than one app ID, you can separate them with the "|" mark.4.2 How to upload the Goagent server on Mac 36
  • Chapter Two Part Five: GoagentOn mac, open the Terminal application, and enter the following command line: cd the-path-to-the-server-folderSuch as the following: cd /Users/air/Downloads/goagent-goagent-80e5f01 3/serverYou can also just drag the "server" folder and drop it behind the "cd" command.After that, enter the following command line: python uploader.zipThen, you can enter your App IDs, Gmail address and the application-specific password to upload the server.By the way, do not bypass the first command line and use the "python the-path-to-uploader.zip" commanddirectly, which may be not workable.5. Change the proxy.ini file 37
  • Chapter Two Part Five: GoagentWhen the upload is finished, open the "proxy.ini" file in the "local" folder, and change the "appid" valuefrom "goagent" to your real GAE application IDs.By the way, you can also change the "profile" value from "google_cn" to "google_hk" for a better securitywith https mode.6. Run the Goagent clientAfter saving the "proxy.ini" file, you can start to run Goagent.6.1 How to run the Goagent client on Windows 38
  • Chapter Two Part Five: GoagentOn Windows, you can just double-click on the "Goagent.exe" file in the "local" folder and run the proxyservice.6.2 How to run the Goagent client on MacOn Mac, you can open the Terminal application and enter the following command line: python the-parth-to-proxy.py 39
  • Chapter Two Part Five: GoagentThis time, you can drag the "proxy.py" file from the "local" folder and drop it behind the "python" command.7. Edit the browser proxiesWhen the Goagent client is running, you can edit the browser network settings and change the proxy addressto "127.0.0.1: 8087", as what you need to do with any proxy service.After that, you can start to use Goagent to browse the internet anonymously and unblock the blocked sites inyour area.But, same as GAppProxy and Hyk-proxy, the Goagent proxy doesnt support https well, even though that youcan double-click the "CA.crt" file in the "local" folder to install or import the certification, which will only 40
  • Chapter Two Part Five: Goagentwork on Safari, but not Chrome or Firefox during my test for Twitter and Facebook.By the way, besides Windows and Mac systems mentioned above, Goagent is also available for Linux, aswell as Android, iOS, webOS, OpenWRT and Maemo operating systems. 41
  • Chapter Two Part Six: Hyk-proxy Part Six: Hyk-proxySame as GAppProxy, the Hyk-proxy GAE service wont be updated any more, but it is still workable.For how to install and use Hyk-proxy on Windows and Mac/Linux systems, you can check out the following8 steps for complete instructions:1. Create a GAE applicationSign in your GAE account and create an application ID which is available.2. Generate a new application-specific password 42
  • Chapter Two Part Six: Hyk-proxyOn the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications andsites", and generate a new application-specific password.But you can skip this step if you do not use 2-step verification for your Gmail account.3. Download Java and Google App Engine SDK for JavaIf you havent gotten these two softwares on hand as mentioned before, you can download Java on its officialwebsite, and download Google App Engine SDK for Java from Google Code.By the way, on Mac, you only need to download and extract the Google App Engine SDK for Java package,since Java is pre-installed.4. Download the Hyk-proxy packages 43
  • Chapter Two Part Six: Hyk-proxyAmong the 4 packages on the Hyk-proxy Downloads webpage, you can just download"hyk-proxy-0.9.4.1.zip" and "hyk-proxy-gae-server-0.9.4.1.zip".By the way, on Windows, you can also download "hyk-proxy-install_0.9.4.1.exe" instead of"hyk-proxy-0.9.4.1.zip"; and you need to download the "hyk-proxy-android-0.9.4beta.apk" package if youwant to use Hyk-proxy on your Android.After that, extract the zip files you download.5. Deploy taskTo deploy task means to upload the Hyk-proxy server to your GAE application.On Windows, you can run the "install.bat" file in the "hyk-proxy-gae-server-0.9.4.1" folder; and onMac/Linux, you can open the Terminal application and enter the following command line: sh /the-path-to/install.shOr you can just drag the "install.sh" file from the "hyk-proxy-gae-server-0.9.4.1" folder and drop it behindthe "sh" command.After that, you can see an "AppEngine AppCfg GUI Wrapper" window, such as the following: 44
  • Chapter Two Part Six: Hyk-proxyIn the window, you can define the location of the "Google App Engine SDK for Java" folder, enter yourGAE app ID, select the "hyk-proxy-gae-server-0.9.4.1" folder as AppLocation, enter your Gmail address andpassword, then you can click the "Deploy" button to upload the Hyk-proxy server to your GAE.P.S.By the way, if you fail to deploy the task for the following error: Bad configuration: appengine-web.xml does not contain a <threadsafe> element. 45
  • Chapter Two Part Six: Hyk-proxyThen you need to enter the following line into the "appengine-web.xml" file: <threadsafe>true</threadsafe>Such as what you can see from the following image:6. Add GAE application ID to Hyk-proxy clientOn Windows, you can double-click the "startgui.bat" file in the "bin" folder, or run "Start hyk-proxy (GUI)"if you have installed "hyk-proxy-install_0.9.4.1.exe"; and on Mac/Linux, you can open the Terminalapplication and enter the following command line: sh /the-path-to/startgui.sh 46
  • Chapter Two Part Six: Hyk-proxyOr you can just drag the "startgui.sh" file from the "hyk-proxy-0.9.4.1" folder and drop it behind the "sh"command.After that, you can open the Hyk-proxy client window, click on the "Config" button of "GAE 0.9.4.1" in the"Plugins" tab, and click the "New" button to add your APP ID, such as what you can see from the followingimage:And you can add more than one App ID, after that, click the "Apply" button.7. Start Hyk-proxy 47
  • Chapter Two Part Six: Hyk-proxyWhen the App IDs are added, you can click the "Start" button to connect to the Hyk-proxy service.8. Edit the browser proxiesWhen the Hyk-proxy fetch service is working, configure your browsers http proxy to below address: 127.0.0.1: 48100Such as what you can see from the following image: 48
  • Chapter Two Part Six: Hyk-proxyThe above screenshot is for Firefox, and for other browsers, the http proxy settings may be a little different.Thats all, and you can surf the internet anonymously and get access to the blocked sites.Bonus:Hyk-proxy will not work when your GAE application ID is blocked, in that case, you can connect Hyk-proxywith XMPP. 49
  • Chapter Two Part Six: Hyk-proxyTo do so, you can open the "Connection" tab of the GAE plugin "Config" window, select "XMPP" as theconnection mode and add your XMPP account (such as GTalk).Besides, you can also connect Hyk-proxy with HTTPS mode or HTTP proxy, but XMPP is the fastest andbest. 50
  • Chapter Two Part Seven: Snova Part Seven: SnovaAmong GAppProxy, Goagent, Hyk-proxy and Snova these 4 popular GAE proxies, Snova is the best, since itsupports HTTPS well.Besides, it is also available for you to use in the following 6 different ways.1. To use Snova directlyAs default, Snova can automatically connect to some random GAE apps shared by others, so that you canjust download the Snova client and run it.2. To use Snova on your own GAE app 51
  • Chapter Two Part Seven: SnovaInstead to use others apps, you can also create your own ones, and upload the Snova server to them to runthe proxy service.Again, none of the above 2 ways are available for you to visit HTTPS links, and to do so, you need install theC4 plugins on any of the following 4 PaaS platforms:3. To use Snova on Cloud Foundry 52
  • Chapter Two Part Seven: SnovaCloud Foundry is available for you to run the Snova c4 plugin in an instance with 4-core CPU, 2 G disk, and512M memory, no bandwidth limit.4. To use Snova on Heroku 53
  • Chapter Two Part Seven: SnovaThe network bandwidth limit of Heroku is 2TB/month.5. To use Snova on OpenShiftOpenShift is available for you to create up to 3 apps, and each of which will run in an instance of 1GB diskand 512MB memory.6. To use Snova on Jelastic 54
  • Chapter Two Part Seven: SnovaWith Jelastic, you can choose to build your C4 plugin on Servint, Dogado, Rusonyx or some other hostedservice provider, and deploy the c4 plugin on its website directly without entering any command lines.For the C4 plugins, you need to use the "snova-c4-heroku-server-xxx.zip" file on Heroku, and use the"snova-c4-server-xxx.zip" file on the other 3 PaaS platforms.By the way, besides to use Snova on GAE, Cloud Foundry, Heroku, OpenShift or Jelastic separately, you canalso use on one, more or even all of them together, as well as to use multiple apps on each of them. 55
  • Chapter Two Part Seven Section One: The Easiest Ways To Use Snova Part Seven Section One: The Easiest Ways To Use SnovaWhether Hyk-proxy, Goagent, Snova or any other GAE proxy, you need to deploy their servers to your GAEapps before you can use them as mentioned before.But it may be even hard for someone to create an account on GAE, and which is not available in Iran at all.In that case, you can use Hyk-proxy and Snova according to the following ways directly with the defaultGAE apps shared by others:1. The easiest ways to use Hyk-proxyOn the Hyk-proxy Downloads page, you can download "hyk-proxy-0.9.4.1.zip" or"hyk-proxy-install_0.9.4.1.exe" (for Windows only), and extract or install to use the proxy service onWindows and/or Mac.1.1 On WindowsOn Windows, you can double-click the "startgui.bat" file in the "bin" directory of the extracted folder"hyk-proxy-0.9.4.1", or run "Start hyk-proxy (GUI)" if you have installed "hyk-proxy-install_0.9.4.1.exe".1.2 On MacOn Mac, you can open the Terminal application and enter the following command line: 56
  • Chapter Two Part Seven Section One: The Easiest Ways To Use Snova sh /the-path-to/startgui.shOr you can just drag the "startgui.sh" file from the "hyk-proxy-0.9.4.1" and drop it behind the "sh" command.Whichever way you are using, you can open the Hyk-proxy client, click on the "Start" button, and run theproxy service.2. The easiest ways to use SnovaWhich will be nearly same as what you do with Hyk-proxy.On the Snova Downloads webpage, you can just download and extract "snova-xxx.zip" to use the proxyservice on Windows and/or Mac.2.1 On WindowsOn Windows, you can double-click the "startgui.bat" file in the "bin" directory of the "snova-xxx" folder.2.2 On Mac 57
  • Chapter Two Part Seven Section One: The Easiest Ways To Use SnovaOn Mac, you can open the Terminal application and enter the following command line: sh /the-path-to/startgui.shOr you can just drag the "startgui.sh" file from the "snova-xxx" folder and drop it behind the "sh" command.Whichever way you are using, you can open the Snova client, click on the "Start" button, and run the proxyservice.By the way, the above direct ways are not available for GAppProxy or Goagent, since the GAppProxysdefault GAE app "fetchserver1" is over its serving quota, and Goagent does not offer a default GAE app atall. 58
  • Chapter Two Part Seven Section Two: How To Use Snova On GAE Part Seven Section Two: How To Use Snova On GAEAs mentioned before, the Hyk-proxy GAE service wont be updated any more, since the developer stops towork on a new project — Snova.Similar to Hyk-proxy, Snova is also a web proxy based on GAE, but it works for HTTPS very well, whenrunning on CloudFoundry, Heroku, OpenShift and some other PaaS (Platform as a service) platforms.The following will show you how to install and use Snova on GAE, which are nearly same as what you dowith Hyk-proxy.1. Create a GAE applicationSign in your GAE account and create an application ID which is available.2. Generate a new application-specific password 59
  • Chapter Two Part Seven Section Two: How To Use Snova On GAEOn the "Security" page of your "Google Accounts", click the "Edit" button of "Authorizing applications andsites", and generate a new application-specific password.But you can skip this step if you do not use 2-step verification for your Gmail account.3. Download Java and Google App Engine SDK for JavaIf you havent gotten these two softwares on hand as mentioned before, you can download Java on its officialwebsite, and download Google App Engine SDK for Java from Google Code.By the way, on Mac, you only need to download and extract the Google App Engine SDK for Java package,since Java is pre-installed.What is more, besides Java, Snova also supports the Go language, so that you can download Go and GoogleApp Engine SDK for Go instead. 60
  • Chapter Two Part Seven Section Two: How To Use Snova On GAE4. Download the Snova packagesAmong the 7 packages on the Snova Downloads webpage, you can just download "snova-xxx.zip" and"snova-gae-jserver-xx.zip" for Java.After that, extract the zip files you download.5. Deploy taskLike Hyk-proxy, on Windows, you can run the "install.bat" file in the "snova-gae-jserver-xx" folder; and onMac/Linux, you can open the Terminal application and enter the following command line: sh /the-path-to/install.shOr you can just drag the "install.sh" file from the "snova-gae-jserver-xx" folder and drop it behind the "sh"command.After that, you can see an "AppEngine AppCfg GUI Wrapper" window, such as the following: 61
  • Chapter Two Part Seven Section Two: How To Use Snova On GAEIn the window, you can define the location of the "Google App Engine SDK for Java" folder, enter yourGAE app ID, select the "snova-gae-jserver-xx" folder as AppLocation, enter your Gmail address andpassword, then you can click the "Deploy" button to upload the Snova server to your GAE.6. Add GAE application ID to the Snova clientOn Windows, you can double-click the "startgui.bat" file in the "bin" folder; and on Mac/Linux, you canopen the Terminal application and enter the following command line: sh /the-path-to/startgui.sh 62
  • Chapter Two Part Seven Section Two: How To Use Snova On GAEOr you can just drag the "startgui.sh" file from the "snova-xxx" folder and drop it behind the "sh" command.After that, you can open the snova client window, click on the "Config" button of "GAE xxx" in the"Plugins" tab, and click the "New" button to add your APP ID, such as what you can see from the followingimage:And you can add more than one App ID, after that, click the "Apply" button.7. Start Snova 63
  • Chapter Two Part Seven Section Two: How To Use Snova On GAEWhen the App IDs are added, you can click the "Start" button to connect to the Snova server.8. Edit the browser proxiesLike Hyk-proxy, when the Snova service is running, you also need to configure your browsers http proxy tobelow address: 127.0.0.1: 48100Such as what you can see from the following image: 64
  • Chapter Two Part Seven Section Two: How To Use Snova On GAEThe above screenshot is for Firefox, and for other browsers, the http proxy settings may be a little different.Thats all, and you can surf the internet anonymously and get access to the blocked sites.But same as Hyk-proxy, Snova running on GAE still does NOT work for HTTPS links, until you run it onCloudFoundry, Heroku, OpenShift and/or some other PaaS platforms, which will be introduced later, staytuned. 65
  • Chapter Two Part Seven Section Three: How To Use Snova On Cloud Foundry Part Seven Section Three: How To Use Snova On Cloud FoundryAs mentioned before, Snova still does NOT work for HTTPS, until you run it on Cloud Foundry, Heroku,OpenShift and/or some other PaaS platforms.So, the following will show you how to install and use Snova on Cloud Foundry with 7 easy steps:1. Create a Cloud Foundry accountOn the Cloud Foundry signup page, enter your email address to request a invite, which will be sent to yourInbox with login username and password soon.2. Install vmc 66
  • Chapter Two Part Seven Section Three: How To Use Snova On Cloud FoundryVmc is the command-line interface based on Ruby and RubyGems for you to configure your applications anddeploying them to Cloud Foundry.For Windows, Ubuntu, Debian or some other systems, you can check out the official instructions, thefollowing will show you how to install vmc on Mac.Open the Terminal application, enter the following command line: sudo gem install vmcAnd enter your Mac password if necessary, then you can install vmc.By the way, the installation will take a few minutes and you wont see anything until the gem is installed.3. Download snova-c4-server-xxx.war 67
  • Chapter Two Part Seven Section Three: How To Use Snova On Cloud FoundryOn the Snova Downloads webpage, download the "snova-c4-server-xxx.war" file and put it into a new emptyfolder, such as "snova-c4-server" used for the following step.4. Deploy Snova c4 server to Cloud Foundry 68
  • Chapter Two Part Seven Section Three: How To Use Snova On Cloud FoundryOpen the Terminal application, enter the following command line: cd /the-parth-to/snova-c4-serverYou can also just drag the "snova-c4-server" folder and drop it behind the "cd" command.After that, you can start to configure and deploy the Snova c4 server to Cloud Foundry by entering thefollowing command lines one by one: vmc target api.cloudfoundry.com vmc login (To enter your Cloud Foundry username and password) vmc push free-nuts (To replace free-nuts with any name you like for the Cloud Foundry app) Would you like to deploy from the current directory? [Yn]: (To enter y) 69
  • Chapter Two Part Seven Section Three: How To Use Snova On Cloud Foundry Detected a Java Web Application, is this correct? [Yn]: (To enter y) Application Deployed URL [free-nuts.cloudfoundry.com]: (To press the RETURN key) Memory reservation (128M, 256M, 512M, 1G, 2G) [512M]: (To press the RETURN key) How many instances? [1]: (To press the RETURN key) Create services to bind to free-nuts? [yN]: ( To enter n) Would you like to save this configuration? [yN]: (To enter y)If all the results are OK, you can visit the page of the following link: free-nuts.cloudfoundry.comAnd if you can see something like the following: Welcome to snova-c4 server xxx!Then you have successfully deployed the Snova server to Cloud Foundry.5. Configure the Snova c4 client 70
  • Chapter Two Part Seven Section Three: How To Use Snova On Cloud FoundryFind and open the "c4-client.conf" file via the following path: .../snova-xxx/plugins/c4/conf/c4-client.confAnd uncomment the "WorkerNode [1]" line by changing "xyz" to your Cloud Foundry app name.6. Configure snova.conf 71
  • Chapter Two Part Seven Section Three: How To Use Snova On Cloud FoundryFind and open the "snova.conf" file via the following path: .../snova-xxx/conf/snova.confAnd change the "ProxyService" value from "GAE" to "C4".7. Start Snova 72
  • Chapter Two Part Seven Section Three: How To Use Snova On Cloud FoundryAfter that, you can start Snova, and if you can see the following message: Start plugin:C4 … SuccessThen you can visit the HTTPS links normally. 73
  • Chapter Two Part Seven Section Four: How To Use Snova On Heroku Part Seven Section Four: How To Use Snova On HerokuIn the last post, we have learned how to install and use Snova on Cloud Foundry, this post will show youhow to do that on Heroku.Since Heroku is also a PaaS platform, the steps will like what you do on Cloud Foundry, as what you can seefrom the following:1. Create a Heroku accountOn this Heroku page, enter your email address and sign up an account.2. Install Heroku Toolbelt 74
  • Chapter Two Part Seven Section Four: How To Use Snova On HerokuAfter signup, you can receive an email, click the long confirmation link inside, download the HerokuToolbelt app and install it on your computer.3. Download snova-c4-heroku-server-xxx.zipOn the Snova Downloads webpage, download the "snova-c4-heroku-server-xxx.zip" file and extract it.4. Deploy Snova c4 server to Heroku 75
  • Chapter Two Part Seven Section Four: How To Use Snova On HerokuOpen the Terminal application, enter the following command line: cd /the-parth-to/snova-c4-heroku-server-xxxYou can also just drag the "snova-c4-heroku-server-xxx" folder and drop it behind the "cd" command.After that, you can start to configure and deploy the Snova c4 server to Heroku by entering the followingcommand lines one by one: heroku login (To enter your Heroku account email and password) git init git add . git commit -m "init" heroku create --stack cedar git push heroku masterAt the end of the results, you can find a random URL like the following: http://obscure-tundra-1542.herokuapp.com/ 76
  • Chapter Two Part Seven Section Four: How To Use Snova On HerokuVisit the page of the URL, and if you can see something like the following: Welcome to snova-c4 server xxx!Then you have successfully deployed the Snova server to Heroku.5. Configure the Snova c4 clientFind and open the "c4-client.conf" file via the following path: .../snova-xxx/plugins/c4/conf/c4-client.confAnd uncomment the first "WorkerNode [0]" line by changing "xyz" to what you get in Step 4 (such as"obscure-tundra-1542"). 77
  • Chapter Two Part Seven Section Four: How To Use Snova On Heroku6. Configure snova.confFind and open the "snova.conf" file via the following path: .../snova-xxx/conf/snova.confAnd change the "ProxyService" value from "GAE" to "C4".7. Start Snova 78
  • Chapter Two Part Seven Section Four: How To Use Snova On HerokuAfter that, you can start Snova, and if you can see the following message: Start plugin:C4 … SuccessThen you can visit the HTTPS links normally. 79
  • Chapter Two Part Seven Section Five: How To Use Snova On OpenShift Part Seven Section Five: How To Use Snova On OpenShiftTo install and use Snova, you can check out this post for GAE, this one for Cloud Foundry and this one forHeroku.The following will show you how to install and use Snova on OpenShift, another PaaS platform like theabove 3 mentioned.1. Create an OpenShift accountOn the signup page of OpenShift, you can enter your email address, password and the CAPTCHA code tocreate an account.2. Download snova-c4-server-xxx.war 80
  • Chapter Two Part Seven Section Five: How To Use Snova On OpenShiftOn the Snova Downloads webpage, download the "snova-c4-server-xxx.war" file and put it into a new emptyfolder, such as "openshift" used for the following steps.3. Install rhcOn Mac, you can install rhc with the following command line: sudo gem install rhcOn Windows and Linux, you can check out the official page for the instructions. 81
  • Chapter Two Part Seven Section Five: How To Use Snova On OpenShift4. Deploy Snova c4 server to OpenShiftOn the Terminal application, you can enter the openshift folder with the command line: cd /the-parth-to/openshiftOr you can just drag the "openshift" folder and drop it behind the "cd" command.After that, you can start to configure and deploy the Snova c4 server to OpenShift by entering the followingcommand lines one by one:Command line 1: rhc domain create -n freenutsdot -l xxx@gmail.com -p 123456(To create a sub domain "freenutsdot.rhcloud.com" for your OpenShift account. Remember to change"freenutsdot" to any name you like, to change "xxx@gmail.com" to your registered email address and tochange "123456" to your OpenShift password. )Command line 2: 82
  • Chapter Two Part Seven Section Five: How To Use Snova On OpenShift rhc app create -a fn -t jbossas-7 -p 123456(To create an app, which name will be used before the domain created above. Remember to change "fn" toany name you like, and to change "123456" to your OpenShift password, then you can get a folder with thesame name of the app (such as "fn") in your current directory (such as "openshift").Command line 3: cd fn(To conduct commands in the app folder created above.)Command line 4: mv ../snova-c4-server-xxx.war deployments/ROOT.war(To move the "snova-c4-server-xxx.war" file into the "deployments" directory of the "fn" folder and renameit to "ROOT.war".)Command line 5: git rm -r src pom.xml(To delete the src folder and the pom.xml file.)Command line 6: git init 83
  • Chapter Two Part Seven Section Five: How To Use Snova On OpenShift(To reinitialize the app.)Command line 7: git add .(To add the ROOT.war mode.)Command line 8: git commit -a -m "haha"(To confirm and see the changes, you can replace "haha" with any message you like.)Command line 9: git push(To upload the ROOT.war file to your OpenShift app.)If no error appears, you can visit the page of the following URL: http://fn-freenutsdot.rhcloud.com/Remember to replace "fn-freenutsdot" with your app name and sub domain.And if you can see something like the following: Welcom to snova-c4 server xxx! 84
  • Chapter Two Part Seven Section Five: How To Use Snova On OpenShift(Welcom is a typo, which should be Welcome.)Then you have successfully deployed the Snova server to OpenShift.5. Configure the Snova c4 clientSupposing that you have installed Snova on GAE as mentioned before, then you can find and open the"c4-client.conf" file via the following path: .../snova-xxx/plugins/c4/conf/c4-client.conf 85
  • Chapter Two Part Seven Section Five: How To Use Snova On OpenShiftAnd enter your OpenShift app domain (such as "fn-freenutsdot.rhcloud.com") at the end line of"WorkerNode [0]".By the way, Snova supports multiple c4 plugins together, so that you can also add the domains of your CloudFoundry and/or Heroku apps in the same "c4-client.conf" file, just make sure the numbers behind"WorkerNode" are different from each other.6. Configure snova.confFind and open the "snova.conf" file via the following path: .../snova-xxx/conf/snova.confAnd change the "ProxyService" value from "GAE" to "C4".By the way, you can skip this step if you have ever done this before.7. Start Snova 86
  • Chapter Two Part Seven Section Five: How To Use Snova On OpenShiftAfter that, you can start Snova, and if you can see the following message: Start plugin:C4 … SuccessThen you can visit the HTTPS links normally, as what you can do with the Cloud Foundry or Herokuplugins. 87
  • Chapter Two Part Seven Section Six: How To Use Snova On Jelastic Part Seven Section Six: How To Use Snova On JelasticAs mentioned before, you can run the Snova proxy on Cloud Foundry, Heroku, OpenShift and Jelastic PaaSplatforms, with the C4 plugins.Among these 4 PaaS platforms, Jelastic is the easiest way to install the C4 plugin, since you do NOT need touse any command lines, as what you can see from the following detailed steps:1. Download snova-c4-server-xxx.warOn the Snova Downloads webpage, download the "snova-c4-server-xxx.war" file, and you can skip this stepif which you have done before.2. Create a Jelastic account 88
  • Chapter Two Part Seven Section Six: How To Use Snova On JelasticOn the Jelastic homepage, enter your email address to sign up an account, which login username andpassword will be emailed to you soon.3. Create your Jelastic app domain 89
  • Chapter Two Part Seven Section Six: How To Use Snova On JelasticAfter login, you can see an "Environment topology" window, on which, you can enter an "Environmentname" (such as "freenuts"), which will generate you one Jelastic app domain (such as"freenuts.jelastic.servint.net"), and then click the "Create" button.4. Upload snova-c4-server-xxx.warClick the "Upload" button, and browse to upload the "snova-c4-server-xxx.war" file you downloaded.By the way, you can enter anything into the "Comment" box if you like.5. Deploy Snova c4 server to Jelastic 90
  • Chapter Two Part Seven Section Six: How To Use Snova On JelasticMoving the cursor over the name of the uploaded "snova-c4-server-xxx.war" file, you can see a yellow icon,clicking on which, you can see the Environment name, clicking on which, you can see a pop-up window, andclicking on its "Deploy" button directly without changing anything, then you can deploy the C4 plugin toJelastic.6. Configure the Snova c4 client 91
  • Chapter Two Part Seven Section Six: How To Use Snova On JelasticSupposing that you have installed Snova on GAE as mentioned before, then you can find and open the"c4-client.conf" file via the following path: .../snova-xxx/plugins/c4/conf/c4-client.confAnd enter your Jelastic app domain (such as "freenuts.jelastic.servint.net") at the end line of "WorkerNode[0]".By the way, Snova supports multiple c4 plugins together, so that you can also add the domains of your CloudFoundry, Heroku, and/or OpenShift apps in the same "c4-client.conf" file, just make sure the numbers behind"WorkerNode" are different from each other. 92
  • Chapter Two Part Seven Section Six: How To Use Snova On Jelastic7. Configure snova.confFind and open the "snova.conf" file via the following path: .../snova-xxx/conf/snova.confAnd change the "ProxyService" value from "GAE" to "C4".By the way, you can skip this step if you have ever done this before.8. Start Snova 93
  • Chapter Two Part Seven Section Six: How To Use Snova On JelasticAfter that, you can start Snova, and if you can see the following message: Start plugin:C4 … SuccessThen you can visit the HTTPS links normally, as what you can do with the Cloud Foundry, Heroku and/orOpenShift plugins. 94
  • Chapter Two Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings Part Eight: Best 2 Extensions For You To Manage Network Proxy SettingsWhether Freegate, Tor, Snova or any other proxy clients or SSH tunnels, you need to change the networkproxy settings before you can use them to unblock those blocked sites.Although their proxy addresses are same (127.0.0.1), their ports are usually different, for example, Freegateis 8580, Tor is 9050, Snova is 48100, etc., instead to change the port value manually every time whentransferring one proxy to another, you can use the following 2 free extensions to do that automatically.1. SwitchySharpSwitchySharp (or Proxy SwitchySharp) is a Chrome extension.After installation, you can see a new tab of SwitchySharp Options, on which, you can enter a proxys name asthe Profile Name, and set the Manual Configuration.For FreeGate, GappProxy, Goagent, Hyk-proxy, Snova or UltraSurf, you can enter 127.0.0.1 together with itsport in the HTTP Proxy column and check the "Use the same proxy server for all protocols" box; for Tor orSSH, you can just enter 127.0.0.1 together with port 9050 or 7070 in the SOCKS Hosts (SOCKS v4) column. 95
  • Chapter Two Part Eight: Best 2 Extensions For You To Manage Network Proxy SettingsAfter that, click the "Save" button, then, you can click on the SwitchySharp icon in the Toolbar, and selectthe Profile Name to use the proxy service.Bonus:To find an alternative Chrome extension, you can check out Proxy Switchy, which is nearly same asSwitchySharp, but not so popular.2. FoxyProxy StandardFoxyProxy Standard is a Firefox extension.After installation, you can see the extension icon in both Navigation Toolbar and Add-on Bar, click onwhich, you can start to add proxy configuration by clicking on the "Add New Proxy" button in the settingswindow.For FreeGate, GappProxy, Goagent, Hyk-proxy, Snova or UltraSurf, you can enter 127.0.0.1 together with itsport in the Host or IP Address column of the Proxy Details tab.And for Tor or SSH tunnel, you also need to check the "SOCKS proxy?" box as well as the "SOCKS v4/4a"box.For better experience, you can enter the proxy services name as Proxy Name in the General tab if you like.After that, click the "OK" button, then you will see a new pop-up with the following message: 96
  • Chapter Two Part Eight: Best 2 Extensions For You To Manage Network Proxy Settings You didnt enter and enable any whitelisted (inclusive) URL patterns. This means the proxy wont be used unless FoxyProxy is set to "Use Proxy tor for all URLs". Continue anyway?Just click on the "OK" button, then you can select the proxy name from the "Select Mode" column in the topof the settings window and use its proxy service.Bonus:AutoProxy is also a free Firefox add-on like FoxyProxy Standard.By the way, whichever extension you are using, you can add some rules to or not to visit some sites via proxyif you like, and then FoxyProxy Standard wont ask you if to "Continue anyway?" any more. 97
  • Chapter Three Free VPN Services Chapter Three Free VPN ServicesWhile proxy can be taken as a carrier, who helps delivery your message to another person, VPN (VirtualPrivate Network) will be like the persons office staff, who also helps you delivery your message to thatperson.While proxy only works for the application you assign to, and basically the browsers only, VPN will worksfor your entire device, whether browsers, email clients, app stores or any other application that connects tothe internet.While you need to set the browser HTTP proxy addresses to use a proxy service, you dont need to do thatwith VPN services.So, generally speaking, VPN is safer than Proxy.Image Credit: http://en.wikipedia.org/wiki/Virtual_private_network 98
  • Chapter Three Part One: Free PPTP VPN Services Part One: Free PPTP VPN ServicesAs one of the methods to implement VPN, PPTP (Point-to-Point Tunneling Protocol) is very easy to buildand use.But hosting is expensive, so that there are not so many free PPTP VPN services, among which, the following10 are the best up till now:1. SecurityKISSOn any download page of the SecurityKISS website, you can enter your email address and get 2 PPTP/L2TPVPN accounts in your Inbox, one is from USA, the other is from UK.Besides, you can also sign in your SecurityKISS account with the username and password received to get 99
  • Chapter Three Part One: Free PPTP VPN Servicesmore VPN servers from USA, UK, France and/or some other countries.And besides PPTP/L2TP, SecurityKISS also offers free OpenVPN services for Windows, Mac/Linuxsystems.By the way, no matter which or how many VPN services you are using, the free traffic data is up to 300 MBper day.2. Super Free VPNOpen the Super Free VPN website, you can see the account, which server and username are fixed, whilepassword will be changed in up to 8 hours.By the way, in case the "superfreevpn.com" domain is blocked in your area (such as China), you can changeit to the following IP address: 69.60.121.293. JustFreeVPN 100
  • Chapter Three Part One: Free PPTP VPN ServicesOpen the JustFreeVPN website, you can see 3 free PPTP VPN accounts, one is from USA, one is from UK,and one is from CA.For different accounts, their servers are different, usernames are all "justfreevpn", and passwords will bechanged in uncertain times.4. UFreeVPN 101
  • Chapter Three Part One: Free PPTP VPN ServicesThe UFreeVPN website offers one USA, one UK and one CA free PPTP VPN services, which servers aredifferent, but usernames and passwords are fixed, so that you do not need to change passwords often.5. NewFreeVPN 102
  • Chapter Three Part One: Free PPTP VPN ServicesOn 3 different pages of the NewFreeVPN website, you can find out 3 different free PPTP VPN accounts, oneis from US, one is from UK, and one is from Canada, the servers of them are different, but the username(free) and password (1234) are same.6. TsunagarumonTsunagarumon is a Japanese free PPTP VPN.On the Entry page, enter your email address, check to agree the service terms, click on the red button,double-check your email address, and click on the next red button, then you can get an email fromTsunagarumon.Clicking on the link in the email, you can receive your free PPTP VPN account soon.7. FreeCanadaVPN 103
  • Chapter Three Part One: Free PPTP VPN ServicesFreeCanadaVPN is a Canada PPTP VPN, which server is "freecanadavpn.com", username is "free", andpassword will be changed and displayed on the right top of the page irregularly.8. BestUKVPNAs the name, BestUKVPN is a UK PPTP VPN, which server is "bestukvpn.com", username is "free" and 104
  • Chapter Three Part One: Free PPTP VPN Servicespassword will be updated irregularly.9. Zace BookAs a Romania free PPTP VPN, Zace Books server is "vpn.zacebook.com", username is "VPN", andpassword will be updated every one or two days.10. VPN Book 105
  • Chapter Three Part One: Free PPTP VPN ServicesVPN Book is also a Romania VPN, which PPTP server is "pptp.vpnbook.com", username is "pptp", andpassword will be changed every one or two days.Besides PPTP, VPN Book also offers free OpenVPN services.Among the above 10 free PPTP VPN services, SecurityKISS is the best, but only with 300 MB traffic perday.Bonus:Like Super Free VPN mentioned before, if the server host name of any other free PPTP VPN is blocked inyour area, you can ping and change it to the servers IP address. 106
  • Chapter Three Part Two: Free VPN Softwares Part Two: Free VPN SoftwaresDifferent from PPTP VPN Services, desktop VPN softwares require downloading and installation.Most VPN softwares are not free, but luckily, you can check out the following best 6 free ones:1. SecurityKissThe VPN software SecurityKiss works for Windows only, but brings you 300MB of data transfer per day forfree.No registration is required, you can just download and install the SecurityKiss software, then run and connectit. If the connection fails, you can try to select another VPN server.2. ProXPN 107
  • Chapter Three Part Two: Free VPN SoftwaresThe VPN software ProXPN is workable for Windows and Mac computers.Create a ProXPN account, download, install and run the software, then you can connect the VPN servicewith your username and password, but there will be a ProXPN landing page before you can visit the site youintend to.3. Private Tunnel 108
  • Chapter Three Part Two: Free VPN SoftwaresPrivate Tunnel is a OpenVPN service, workable on Windows and Mac.You can create an account, download the OpenVPN Connect package, choose to connect the San Jose, CA(US), London (UK) or Zurich (CH) server, then you can use the Private Tunnel service, but only 100 MBfree traffic.4. Hotspot Shield 109
  • Chapter Three Part Two: Free VPN SoftwaresWith English, French, Chinese and some other languages support, Hotspot Shield offers a free VPN solutionwith unlimited bandwidth for Windows and Mac.Just download and install the software, then you can run and connect the VPN service, but there will be adson the top of the webpages you visit.5. ExpatShield 110
  • Chapter Three Part Two: Free VPN SoftwaresLike Hotspot Shield, ExpatShield is also a free VPN software offers unlimited bandwidth with ads andsupports multiple languages.But ExpatShield is only workable for Windows computer system.6. Cloak VPN 111
  • Chapter Three Part Two: Free VPN SoftwaresCloak VPN supports Mac, iPhone and iPad.After registration, download the right Cloak VPN clients according to your device operating systems, thenyou can connect and use the VPN service directly.By the way, you can use the Cloak VPN services on both of your OS and iOS devices with up to 1G trafficand 2 hours EVERY month as a free user.Among the above 6 free VPN softwares, I prefer to use SecurityKiss and ProXPN, how about you? Whichones are your favorite? 112
  • Chapter Three Part Three: How To Build A VPN Part Three: How To Build A VPNWant to build your own VPN instead to use others, whether free or not?If youve already had a VPS, cloud computing or dedicated server, and the Terminal application of Mac, orthe Putty tool for Windows, you can start to build VPN services, whether PPTP, L2TP or OpenVPN types.The following will show you how to build a PPTP, L2TP and OpenVPN on a VPS based on the MacTerminal application in 3 separate posts.First of all, run your Terminal, and enter the following command:ssh root@xxx.xxx.xxx.xxxJust replace "xxx.xxx.xxx.xxx" with your VPS IP, such as "178.18.17.212".Then you will see the following message:Are you sure you want to continue connecting (yes/no)?Enter "yes" and press the "Return" key, then, enter your password and press the "Return" key.P.S.:If youve rebuilt your VPS, you may meet the following error:Host key verification failed.In that case, enter the following command at first: 113
  • Chapter Three Part Three: How To Build A VPNssh-keygen -R xxx.xxx.xxx.xxxRemember to replace "xxx.xxx.xxx.xxx" with your VPS IP address.After that, you can start to build your own VPN. 114
  • Chapter Three Part Three Section One: How To Build A PPTP VPN Part Three Section One: How To Build A PPTP VPNAfter connecting to your server via SSH, you can build your own PPTP VPN with the following 8 steps:1. Install PPTPDInstall the PPTPD package with the following command: apt-get install pptpd2. Edit the VPN interface IP addressesOpen the pptpd.conf file with the following code: nano /etc/pptpd.confPress the Enter key, find and uncomment the following 2 lines: 115
  • Chapter Three Part Three Section One: How To Build A PPTP VPN #localip 192.168.0.1 #remoteip 192.168.0.234-238,192.168.0.2453. Edit DNS addressesEnter the following command: nano /etc/ppp/pptpd-optionsFind the following codes: #ms-dns 10.0.0.1 #ms-dns 10.0.0.2And change them to the following ones: ms-dns 8.8.8.8 ms-dns 8.8.4.44. Add VPN accountsEnter the following command: nano /etc/ppp/chap-secretsPress the Return key and enter the following information: 116
  • Chapter Three Part Three Section One: How To Build A PPTP VPN username pptpd password *For example: freenuts pptpd 123456 *5. Forward IPv4Enter the following command: nano /etc/sysctl.confPress the Return key, find and uncomment the following line: #net.ipv4.ip_forward=16. Apply the forwardYour forward change wont be active immediately, and you need to apply it with the following commend: sysctl -pIf everything is correct, then you can see the following result: net.ipv4.ip_forward = 1 117
  • Chapter Three Part Three Section One: How To Build A PPTP VPN7. Allow the routingCopy and paste the following command: iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADEPress the Return key to run the command.8. Restart PPTPDCopy and paste the following command: /etc/init.d/pptpd restartPress the Return key, then you can use your PPTP VPN with the username and password youve set before. 118
  • Chapter Three Part Three Section Two: How To Build A L2TP VPN Part Three Section Two: How To Build A L2TP VPNTo build an L2TP/IPSec VPN, you can follow the following 6 steps:1. Install OpenSwanEnter the following command lines one by one: aptitude install build-essential aptitude install libgmp3-dev gawk flex bison wget http://www.openswan.org/download/openswan-2.6.35.tar.gz tar xzvf openswan-2.6.35.tar.gz 119
  • Chapter Three Part Three Section Two: How To Build A L2TP VPN cd openswan-2.6.35 make programs make installRemember to press the "Return" key when entering any one of the above lines.By the way, 2.6.35 is the latest version during my test, and you can check the OpenSwan website to see ifthere is a new version later, if yes, you can use it instead.2. Edit IPSecFirstly, open the ipsec.conf file with the following command: vi /etc/ipsec.confDelete all the existing contents, and paste the following ones: version 2.0 config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0 /12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off protostack=netkey conn %default 120
  • Chapter Three Part Three Section Two: How To Build A L2TP VPN forceencaps=yes conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=YOUR.VPS.IP.ADDRESS leftprotoport=17/1701 right=%any rightprotoport=17/%anyRemember to change YOUR.VPS.IP.ADDRESS to your VPS IP address, such as 178.18.17.30 for thistutorial.Secondly, open the ipsec.secrets file with the following code: vi /etc/ipsec.secretsAnd insert the following content: YOUR.VPS.IP.ADDRESS %any: PSK "YourSharedSecret"For example: 178.18.17.30 %any: PSK "123456abcdef" 121
  • Chapter Three Part Three Section Two: How To Build A L2TP VPNThirdly, enter the following command lines one by one: for each in /proc/sys/net/ipv4/conf/* do echo 0 > $each/accept_redirects echo 0 > $each/send_redirects doneRemember to press the "Return" key after every command line.Fourthly, restart IPSEC with the following command: service ipsec restart3. Install L2TPGo back to the root directory, and install the L2TP package with the following command line: aptitude install xl2tpdAfter installation, open the conf file with the following code: vi /etc/xl2tpd/xl2tpd.confDelete all the existing content and paste the following one: [global] 122
  • Chapter Three Part Three Section Two: How To Build A L2TP VPN ; listen-addr = 192.168.1.98 [lns default] ip range = 10.1.1.2-10.1.1.255 local ip = 10.1.1.1 require chap = yes refuse pap = yes require authentication = yes name = LinuxVPNserver ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes4. Set up xl2tpdEnter the following command: vi /etc/ppp/options.xl2tpdThen insert the following codes: require-mschap-v2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 asyncmap 0 auth crtscts lock hide-password modem debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4 123
  • Chapter Three Part Three Section Two: How To Build A L2TP VPNAfter that, open the chap-secrets file: vi /etc/ppp/chap-secretsAnd insert the following content: username l2tpd password *For example: freenuts l2tpd 123456 *Then, restart L2TP: service xl2tpd restart5. IP forwardEnter the following command: vi /etc/sysctl.confPress the "Return" key, find the line of "#net.ipv4.ip_forward=1" and uncomment it.After that, enter the following command: 124
  • Chapter Three Part Three Section Two: How To Build A L2TP VPN sysctl -pPress the "Return" key, then you will only see "net.ipv4.ip_forward=1" as the result if everything is right.After that, enter the following command: iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE6. For rebootNow, you can connect your L2TP/IPSec VPN, but if you reboot your VPS, your forwarding settings will begone, to avoid this, you can enter the following command: vi /etc/rc.localPress the "Return" key and paste the following contents before the "exit 0" line: for each in /proc/sys/net/ipv4/conf/* do echo 0 > $each/accept_redirects echo 0 > $each/send_redirects done iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE /etc/init.d/ipsec restartSave it, then you are done. 125
  • Chapter Three Part Three Section Three: How To Build An OpenVPN Part Three Section Three: How To Build An OpenVPNIt is also easy to build an OpenVPN with the following 9 steps:1. Install OpenVPNEnter the following command to install OpenVPN: apt-get install openvpn2. Move easy-rsa into the correct placeEnter the following command: cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn 126
  • Chapter Three Part Three Section Three: How To Build An OpenVPNPress the "Return" key, then you can move the easy-rsa folder to the OpenVPN directory.3. Generate keysEnter the following commands one by one: cd /etc/openvpn/easy-rsa/2.0 . ./vars ./clean-all ./build-ca ./build-key-server server ./build-key client ./build-dhRemember to press the "Return" key at each line, and answer "yes" to all "yes/no" questions:4. Apply iptables rulesEnter the following command: vi /etc/sysctl.confPress the "Return" key, find the line of "#net.ipv4.ip_forward=1" and uncomment it.After that, enter the following code: sysctl -p 127
  • Chapter Three Part Three Section Three: How To Build An OpenVPNThen you will see the following message as a result: net.ipv4.ip_forward=1Then create iptables rules with the following command: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 178.18.17.142Remember to replace "178.18.17.142" with the actual IP address of your server.5. Create the VPS OpenVPN configuration fileEnter the following command: # vi /etc/openvpn/server.confAnd paste the following contents: port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" client-to-client duplicate-cn keepalive 10 120 128
  • Chapter Three Part Three Section Three: How To Build An OpenVPN comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log verb 36. Start OpenVPNYou can start OpenVPN with the following command: # /etc/init.d/openvpn start7. Create the PC OpenVPN configuration fileEnter the following command: vi /etc/openvpn/easy-rsa/2.0/keys/client.confAnd insert the following contents: client dev tun proto udp remote 178.18.17.142 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt 129
  • Chapter Three Part Three Section Three: How To Build An OpenVPN key client.key comp-lzo verb 3 redirect-gateway script-security 2Remember to replace "178.18.17.142" with your own VPS IP address.8. For rebootIn order to redo the above iptables settings when you reboot your VPS, you can enter the followingcommand: vi /etc/rc.localAnd insert the following contents above the line of "exit 0" : iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 178.18.17.142 openvpn /etc/openvpn/server.confRemember to replace "178.18.17.142" with the actual IP address of your VPS.9. Download some things to your PCYou need to download the following 4 files to your local PC: client.conf ca.crt client.crt client.keyTo do so, you can use Fetch (for Mac), WinSCP (for Windows) or some other SFTP software. 130
  • Chapter Three Part Three Section Three: How To Build An OpenVPNWhen it is finished, go to the root of your user name, and move the 4 download files to your local OpenVPNconfigurations folder, then your own OpenVPN is ready. 131
  • Chapter Three Part Four: How To Set Up VPN Part Four: How To Set Up VPNWhen getting a VPN service, whether free or not, how to use it on your computers, table computers or smartphones?For those desktop VPN software (such as SecurityKISS), you just need to install and run them according totheir instructions, and for those VPN services without installation (such as PPTP), you can check out theSetup Instruction Pages of StrongVPN, which will show you how to set up PPTP, L2TP and OpenVPNAccounts on computers (including Windows, Mac OS, Linux, etc.), table computers (such as iPad), mobilephones (including iPhone, Android, WebOS, etc.) and nearly all the popular devices and systems, withvideos or screenshots.The following are 3 key steps you should know during the setup process:I. To find out the types of your VPN serviceMake sure that if your VPN service is PPTP, L2TP/IPSec or OpenVPN.II. To get the information which you need to set up VPNWhen you get a PPTP or L2TP VPN service, you will need the following information to set it up:1. The server address: host name (such as us6.macrovpn.com) or IP address (such as 74.86.150.154), 132
  • Chapter Three Part Four: How To Set Up VPN2. Your username,3. Your password,4. Your Shared Secret (for L2TP only).By the way, when the host name is blocked in your area, you can try to replace it with the IP address.And when you get an OpenVPN, you can run it with or without username and password after download.III. The key step to set up VPNThe most difficult step for VPN setup is to find out where to add your PPTP/L2TP VPN account information.For example, to set up PPTP VPN in Windows XP, you need to find the "Virtual Private Networkconnection" option according to the following path: Network Connections -> New Connection Wizard -> Connect to the network at my workplace -> Virtual Private Network connectionOn the option page, enter your host name or IP address, and then you can connect the VPN with yourusername and password.For the step-by-step tutorials of how to set up VPN in your computer and mobile phone, you can check outthe links of StrongVPN as mentioned in the beginning of this post. 133
  • Chapter Four Free SSH Services Chapter Four Free SSH ServicesIn my opinion, SSH (Secure Shell) is a proxy server indeed, but safer.While proxy can be taken as a carrier who helps delivery your message to another person, SSH will be like toput the message in a locked box before passing it to the carrier, and only you have to key.Although it is easy to build a SSH tunnel, which will cost some money, since you need a VPS, cloudcomputing or dedicated server to do that, like what you need to build a VPN. 134
  • Chapter Four Part One: Free SSH Tunnels Part One: Free SSH TunnelsSince it is expensive to build a SSH tunnel, there are not so many free ones.But luckily, you can find the following best 5 for reference anyway:1. AlidageOn the Alidage homepage, you can enter your email address, and press the Enter key, the you can get yourfree SSH tunnel account via email.The password will be changed every one hour, then you will need to enter your email address again to get thenew one.2. Onlybird 135
  • Chapter Four Part One: Free SSH TunnelsThe Onlybird website offers 2 different free SSH tunnel accounts, which you can see directly by clicking onthe above link.By the way, the password will be changed every 4 hours, and the server port is 9999, instead of the default22.3. BlueSSH 136
  • Chapter Four Part One: Free SSH TunnelsBlueSSH offers one free SSH tunnel account, which you can see on the free account page.The server port is 80 or 443, and the password will be changed every half an hour.4. Usassh 137
  • Chapter Four Part One: Free SSH TunnelsUsassh offers 2 free SSH severs, but the one with 22 port was not available now.And the other one with port 80 or 443 will update its password every oclock.While the above 4 websites are all Chinese, the following one is English:5. Tor VPN 138
  • Chapter Four Part One: Free SSH TunnelsOn the Tor VPN website, you can sign up the Trial account and get a free SSH tunnel for one month, with upto 1 GB traffic.By the way, besides SSH, you can also have a free OpenVPN account.Among the above 4 free SSH tunnels, Tor VPN is blocked in China, but the other 4 are not, have fun! 139
  • Chapter Four Part Two: How To Create A SSH Tunnel Part Two: How To Create A SSH TunnelFor most of the free SSH tunnels, their passwords will be reset every half an hour, 2 hours, 4 hours or someother time, which will be boring anyway.To avoid the issue, you can buy a paid SSH tunnel, or create your own one, which will be very easy if youvealready has a VPS, cloud computing or dedicated server.The following will show you how to use your VPS to create a SSH tunnel:Supposing that youve had a VPS, which IP is 94.249.184.93, then you can open your Terminal applicationand enter the following command line: ssh -N -D 7070 root@94.249.184.93Remember to replace "94.249.184.93" with the IP address of your own VPS, and press the "Return" key, thenenter your VPS account password, if nothing appear as a result, your SSH tunnel will be built successfully.By the way, if you have created a VPN in your VPS, you can still use your VPS as a SSH tunnel.But the above way is only available for you to use the SSH tunnel yourself, unless you want to share yourwhole VPS account with others. And to share a SSH tunnel account only with others, you can create a newand limited user instead of "root" by referring to the following 4 steps:1. Log in your VPS rootOpen a Terminal window, and enter the following command: SSH root@94.249.184.93 140
  • Chapter Four Part Two: How To Create A SSH TunnelRemember to replace "94.249.184.93" with your own VPS IP.2. Create a groupEnter the following command: groupadd internetfreedomYou can replace "internetfreedom" with any name you like.3. Create a limited user useradd -d /home/freenutsdotcom -m -g internetfreedom -s /bin/false freenutsdotcomThe above command will create a new SSH user "freenutsdotcom" in the "internetfreedom" group, and whocant log in your VPS.4. Create a password for the new userEnter the following command: passwd freenutsdotcomYou can enter any password (such as "123456") for the new user.Now, you can share the username and password with your friends, who can then use your VPS SSH with thefollowing command: ssh -N -D 7070 freenutsdotcom@94.249.184.93 141
  • Chapter Four Part Two: How To Create A SSH TunnelRemember to replace "freenutsdotcom" with the new user, and "94.249.184.93" with your own VPS IP. 142
  • Chapter Four Part Three: How To Connect To SSH Tunnel Part Three: How To Connect To SSH TunnelWhen getting a free SSH tunnel, how to connect to it?For Windows, you can install the "Tunnelier" software, and for Mac OS X, you can use "SSH TunnelManager", and of course, there will be some other softwares for you to do that.No matter which software you are using, you possibly will need to enter the following 4 elements of yourSSH tunnel account: Server: such as "s4.alidage.org" Username: such as "guest" Password: such as "guest29080212737358" Port: such as "22" as default.The above example values are all for one of the Alidage.org SSH tunnel accounts, as what you can see fromthe following screenshot of SSH Tunnel Manager:By the way, when using SSH Tunnel Manager, you will need to "Enable SOCKS4 proxy" and set the port as"7070".Besides to use those softwares mentioned before, you can also open Terminal and connect to your SSH 143
  • Chapter Four Part Three: How To Connect To SSH Tunneltunnel with the following one command line: SSH -N -D 7070 guest@s4.alidage.orgFor Windows, you can install the "Putty" software to run the above command, and for Mac OS X, you canopen the Terminal application and enter the above commend directly.And if you are not using Alidages SSH tunnel, remember to replace "s4.alidage.org" with your SSH server,and replace "guest" with its username.And if the SSH tunnel is still available, then you can enter the password and connect to it successfully, aswhat you can see from the following image:The above command line is for the default port 22, if your SSH servers port is 80 or something else, thenyou will need to add "-p port" in the command line, such as: SSH -N -p 80 -D 7070 guest@s4.alidage.orgWhen the connection is successful, you can open your browser and set the SOCKS Proxy Sever IP address to127.0.0.1 with port 7070.For Chrome browser, you can find the settings page via the following path: Preference –> Show advanced settings –> Network –> Change Proxy Settings 144
  • Chapter Four Part Three: How To Connect To SSH TunnelSuch as what you can see from the following image:The above configuration will be also workable for Safari, and for Firefox, the configuration will be nearly thesame, and you can find the proxy settings page via the following path: Preference –> Advanced –> Network –> Settings 145
  • Chapter Five The Differences Among Proxy, SSH And VPN Chapter Five The Differences Among Proxy, SSH And VPNAlthough there are over one hundred of anti-censorship tools, most of which are Proxy, SSH and VPN.So, what are the differences among Proxy, SSH and VPN? Which one is the most safe?Lets take information transmission as a package, and comparing them with the following 3 metaphors:1. ProxyProxy (or Proxy Server) can be taken as a carrier who helps delivery your package to another person.2. SSH 146
  • Chapter Five The Differences Among Proxy, SSH And VPNAs an encrypted tunnel, SSH?Secure Shell) cant bypass the internet censorship (such as GFW in China)itself, but only when integrating with Proxy servers.So, SSH here will be like to put the package into a locked box before passing it to the carrier, and only youhave to key.3. VPNImage Credit: http://en.wikipedia.org/wiki/Virtual_private_network 147
  • Chapter Five The Differences Among Proxy, SSH And VPNWhile both Proxy and SSH can be taken as carriers, who help delivery your package to another person, VPN(Virtual Private Network) will be like the persons office staff, who also helps you delivery your package tothat person.Supposed that your colleague is more reliable than the carrier, and all of them are built in a same server, VPNis safer than SSH, and SSH is safer than Proxy.While Proxy and SSH only work for the application you assign to, and basically the browsers only, VPN willwork for your entire device, whether browsers, email clients, app stores or any other applications connectedto the internet.And you need to set the browser HTTP proxy addresses to use a Proxy or SSH service, but you dont need todo that with VPN services. 148
  • Chapter Six How To Access Blocked Sites With Google Reader Chapter Six How To Access Blocked Sites With Google ReaderAs you may know that Google Reader is available for you to subscribe to the RSS feeds of websites, but doyou know that it is also a good way for you to bypass the internet censorship and access blocked sites?The following will show you how to get access to a blocked site with Google Reader in 2 steps:1. Subscribe to the RSS feedIf the blocked site offers a RSS feed, you can subscribe to it directly with Google Reader:And if not, you can visit the Page2RSS website, enter the URL of the site to generate its RSS feed: 149
  • Chapter Six How To Access Blocked Sites With Google ReaderAfter that, copy the URL of the RSS feed and subscribe to it in your Google Reader.2. Enable the secure browsingFor the RSS feed of a blocked site, you may fail to read it on Google Reader as default, such as what you cansee from the following image:To solve the problem, you can just add "https://" at the beginning of the URL, such as what you can see fromthe following image: 150
  • Chapter Six How To Access Blocked Sites With Google ReaderCool, right?By the way, Google Reader is only available for you to read the RSS feed of a blocked site, and if you wantto leave a comment, to post a tweet, to share on Facebook or to do some other interactions, you can check outVPN, Proxy, SSH or some other free anti-censorship tools. 151
  • Chapter Seven How To Access Blocked Sites With The Hosts File Chapter Seven How To Access Blocked Sites With The Hosts FileTo unblocked a blocked site (such as Facebook), you can check out VPN, SSH, Proxy and some other freeanti-censorship tools as mentioned before.In fact, you can even unblocked blocked sites without any third-party tools, but just by changing the hostsfile on your own computer.The following will show you how to change the Hosts file and unblocked the Facebook site in 3 steps:Step 1. Find the IP addressesFor Facebook, Twitter, YouTube and some other big sites, each of them usually has more than one IPaddress, so, how to find out all the IP addresses of a site? 152
  • Chapter Seven How To Access Blocked Sites With The Hosts FileYou can visit the CacheCheck page of OpenDNS, enter the domain of the site (such as facebook.com), andclick on the "Check this domain" button, then you can see the sites IP addresses from all over the world.Step 2. Find one unblocked IPAmong all the IP addresses of the site, some of them may be blocked in your area, while the others are not,so how to figure them out?The most easy way is to ping them on your computers. For Windows, you can open the Command Prompt(cmd.exe), and for Mac OS, you can open the Terminal application, then enter the following command: ping 66.220.152.16The above "66.220.152.16" is one of Facebooks IP addresses, remember to change it to the one you aregoing to ping.If there is a "timeout" error in the result, then the IP address is blocked in your area, if not, then you are luckyto add it to the hosts file.Step 3. Edit the hosts file 153
  • Chapter Seven How To Access Blocked Sites With The Hosts FileThe hosts file is something like a DNS system, so we can locate the blocked sites domains to its unblockedIP addresses and then bypass the internet censorship.For Windows, you can find the hosts file in the following address: C:WINDOWSsystem32driversetcAnd for Mac OS, you can find and open the hosts file by entering the following command on the Terminalapplication: sudo vi /private/etc/hostsWhen the hosts file is opened, you can add the blocked sites unblocked IP addresses with domains in the endof the file. Take Facebook for example, you can enter the following 2 lines: 66.220.152.16 facebook.com 66.220.152.16 www.facebook.com 154
  • Chapter Seven How To Access Blocked Sites With The Hosts FileBesides, you can also add more sub-domains (such as developers.facebook.com) with their unblocked IPaddresses if any.After that, save the hosts file, then you can visit the Facebook site directly without any anti-censorship tools,but, you need to use "HTTPS" instead of "HTTP" in the URL, which means that you need to visit thefacebook via the following URL: https://facebook.comor https://www.facebook.comA piece of cake, right?But, if all the IP addresses of a site are blocked in your area (for example, all the Twitter IP addresses areblocked in China), you cant unblocked it by changing the hosts file. 155
  • Chapter Eight How To Access Blocked Sites Via gogoCLIENT Chapter Eight How To Access Blocked Sites Via gogoCLIENTIPv4 will be out of use soon, so we have IPv6 now, and which are used by Facebook, Google, Twitter andsome other famous websites blocked in China.If your broadband supports IPv6 access, then you can visit those IPv6 sites directly, if not, you can do thatindirectly with some third-party tools, such as gogoCLIENT.The following will show you how to access blocked sites via gogoCLIENT:1. Register a gogo6 accountOn the gogoCLIENT page, click on the "Sign Up" button, enter your email address or connect withFacebook, Google, Twitter or some other social network and create a gogo6 account.2. Download gogoCLIENT 156
  • Chapter Eight How To Access Blocked Sites Via gogoCLIENTAfter registration, log in and open the gogoCLIENT page mentioned above again, then you can down thegogoCLIENT clients.Up till now, gogoCLIENT supports 32 bit and 64 bit Windows systems with both Basic Version and HomeAccess Version (= basic version + home access).Besides, gogoCLIENT also supports Linux/Unix/MacOS/BSD systems with source code, which need to beinstalled via the MAKE command, and you can check out the Guide (PDF) file for more details. Thefollowing will show you how to use the basic version on Windows.3. Connect gogoCLIENT 157
  • Chapter Eight How To Access Blocked Sites Via gogoCLIENTAfter installation, run the gogoCLIENT Utility client, and click on the "Connect" button, if the connection issuccessful, then you can get access to the blocked sites with IPv6 addresses via any of the following 3 ways:3.1 Via suffix 158
  • Chapter Eight How To Access Blocked Sites Via gogoCLIENTIn the end of the domain of any IPv6 supported site, add the following suffix: .sixxs.orgTake Twitter for example, you can visit its website via the following URL: http://twitter.com.sixxs.org3.2 Via PAC 159
  • Chapter Eight How To Access Blocked Sites Via gogoCLIENTAgo, you could open the network connection settings page, select the "Automatic proxy configuration URL"option, and enter the following URL: http://gfw-proxy.co.cc/proxy.pacThen you were able to access the blocked sites with IPv6 supported.But now, the above PAC (Proxy auto-config) file is not workable any more, and I havent found anyalternatives yet.3.3 Via Hosts 160
  • Chapter Eight How To Access Blocked Sites Via gogoCLIENTAs mentioned before, you can unblock those blocked sites by adding their IPv4 addresses into the hosts file,now with gogoCLIENT, you can also add their IPv6 addresses.On Windows, you can find the hosts file in the following address: C:WINDOWSsystem32driversetcOn Max OS X, you can find and open the hosts file by entering the following command line on the Terminalapplication: sudo vi /private/etc/hostsAfter that, visit this ipv6-hosts (Chinese) page, copy the IPv6 addresses as well as their domains of Google,YouTube, Twitter and/or some other sites listed, and paste them into the hosts file, then you can unblockedthose sites.For those blocked sites which are not listed, you can find if they have any IPv6 addresses via the IPv6 Test 161
  • Chapter Eight How To Access Blocked Sites Via gogoCLIENTweb app. 162
  • Chapter Nine How To Check If A Site Is Blocked Chapter Nine How To Check If A Site Is BlockedWhen you can visit site A, but not site B on a same browser with a same device at a same time, then site Bmust be down or blocked in your area.So, how to tell if a site is blocked or not? You can check out the following 3 ways:1. To visit it with anti-censorship tools,2. To ping it with command lines,3. To test it with third-party apps.And to check out if a site is blocked in China, you can use the WebSitePulse service, which will tell you if asite is blocked in Shanghai, Beijing, Guangzhou or Hong Kong. 163
  • Chapter Nine Part One: Check If A Site Is Blocked With Anti-censorship Tools Part One: Check If A Site Is Blocked With Anti-censorship ToolsEnter the URL of the site you want to test into the address bar of your Chrome, IE, Firefox or any otherbrowser, If you can open it with VPN, SSH, Proxy or any other anti-censorship tools, but cant without any ofthem, then the site must be blocked in your area.And if not, then the site must be down. 164
  • Chapter Nine Part Two: Check If A Site Is Blocked By Pinging It Part Two: Check If A Site Is Blocked By Pinging ItFor Windows, you can open the Command Prompt (cmd.exe), and for Mac OS, you can open theTerminal application, then enter the following command: ping twitter.comRemember to change the above "twitter.com" to the site you are going to ping.If there are all "timeout" errors in the result, then the site is blocked in your area or its server is down, so howto figure it out?You can run a VPN and ping the site again, if there are no or few errors, the site is blocked, and if there arestill all "timeout" errors, then the site is down. 165
  • Chapter Nine Part Three: Top 10 Websites For You To Check If A Site Is Blocked Part Three: Top 10 Websites For You To Check If A Site Is BlockedBesides to visit with anti-censorship tools and to ping it, you can also check out if a site is blocked or notwith some third-party web apps directly.Among which, the following 10 are the best to tell you if a site is blocked or down:1. Just PingThe Just Ping website will ping the domain you enter from 50 locations around the world, unless there is no"Okey" in the result, your site is blocked in that location where the result is "Packets lost (100%)".But the results are different every time I checked, so that youd better check more than one time.2. Watch Mouse 166
  • Chapter Nine Part Three: Top 10 Websites For You To Check If A Site Is BlockedWatch Mouse can ping your site from 30 stations worldwide, and tell you if the site is down or blocked in thesame way as Just Ping does.3. HostTracker 167
  • Chapter Nine Part Three: Top 10 Websites For You To Check If A Site Is BlockedThe HostTracker website is down now, but during yesterdays test, it can check any site you enter from tensof different locations around the world.While the above 3 websites will show you from where they check your site, the following 7 wont, but theirresults are also correct during my test:4. Down For Everyone Or Just MeOn the Down For Everyone Or Just Me website, enter any domain you want to check, then you can see if thedomains site is down for everyone or just you.5. IsUp.Me 168
  • Chapter Nine Part Three: Top 10 Websites For You To Check If A Site Is BlockedIsUp.Me is another version of Down For Everyone Or Just Me, everything are same, except the domain.6. Down Or NotEnter a sites domain, press the Return key, then Down Or Not will show you if the site is down or not. Andyou can also pick up a site listed to check if it is down or blocked.7. Down Or Is It Just Me 169
  • Chapter Nine Part Three: Top 10 Websites For You To Check If A Site Is BlockedOn the Down Or Is It Just Me website, you can see if a site is really down or not by entering its domain.8. Checksite.UsEnter the domain of the site you want to check, then Checksite.Us will show you if they can access the site.9. Up Or Down 170
  • Chapter Nine Part Three: Top 10 Websites For You To Check If A Site Is BlockedThe design of the Up Or Down website is simple, you enter a site, then it will show you if it is up or down.10. DOJ.meAs the name, DOJ.me (short for Down Or Just Me) will show you if the site you want to check is down ornot.If a site is up according to the above 10 websites, but you cant visit it, then the site is blocked in your area. 171
  • Chapter Nine Part Four: Check If A Site Is Blocked In China With WebSitePulse Part Four: Check If A Site Is Blocked In China With WebSitePulseThe previous 3 ways mentioned are certainly available for you to check if a site is blocked in China or not.Besides, you can also check out the WebSitePulse website, which offers a test tool — Website Test behindthe Great Firewall of China — for you to check if your site is blocked in Shanghai, Beijing, Guangzhou orHong Kong.With the test tool, you can enter your sites domain, choose one of the supported Chinese locations asmentioned before, select Seattle (USA), Munich (Germany) or Brisbane (Australia) as a foreign test location,and click the "Perform Test" button, then you can get the result page, such as what you can see from thefollowing screenshot: 172
  • Chapter Nine Part Four: Check If A Site Is Blocked In China With WebSitePulseOn the result page, if there is a red "Failed" message on the left and a green "OK" on the right, then your siteis blocked in the Chinese location you choose; and if there is no red message, then your site is not blocked inthat location. 173
  • Chapter Ten Appendix Chapter Ten AppendixWhether Proxy, SSH, VPN or any other free tools mentioned in this book, their natures are to connect to theinternet indirectly, anonymously and safely.But when there is internet censorship (especially GFW in China) , connection is the first considerate factorrather than security, just like what a poet said, Liberty, love! These two I need. For my love I will sacrificelife, for liberty I will sacrifice my love.What is more, the connection is still indirect, anonymous and safe when anti-censorship. 174
  • Chapter Ten Part One: Top 10 Websites Blocked in China Part One: Top 10 Websites Blocked in ChinaGod knows how many sites are blocked in China, whether those big ones like Facebook, or those small oneslike Jingpin, any site can be blocked here, for no written reasons.Listed below are 10 most popular websites blocked in China:1. Facebook2. Twitter 175
  • Chapter Ten Part One: Top 10 Websites Blocked in China3. YouTube4. Blogger5. Technorati 176
  • Chapter Ten Part One: Top 10 Websites Blocked in China6. Dailymotion7. Picasa 177
  • Chapter Ten Part One: Top 10 Websites Blocked in China8. Plurk9. Hellotxt 178
  • Chapter Ten Part One: Top 10 Websites Blocked in China10. DropboxWhat do you feel like when seeing the above 10 images? I feel mad and unhappy, since there is somethingthat prevents me to access the most popular websites in the world, and I have no idea why those websites areblocked, since our governments never say why they blocked them. 179
  • Chapter Ten Part Two: Countries That Block Facebook Part Two: Countries That Block FacebookDoes your country or area block Facebook, Twitter, YouTube and/or any other public websites as China?You can figure it out by following the tips mentioned in Chapter Eight, and according to Wikipedia, there are6 countries that block Facebook:1. Bangladesh2. China3. Iran4. Pakistan5. Uzbekistan6. VietnamBesides the above 6 countries, Syria is also mentioned, but according to Hillary Clintons speech atGeorge Washington University on February 15, 2011, Syria just unblocked Facebook a few days ago, soWikipedia is a little out the date.As a user in China, its painful to play with Facebook since you have to use some VPN services orother anti-censorship tools to get access to the website, which will take much more time than usual. Eventhough, I keep login with Facebook often if not everyday, since the internet freedom is so amazing, thefriends are so kind.Hope the countries that block Facebook will be less and less until zero in the near future, such as 2012, thebest time I think. 180
  • Subsequent This Book Is Free Subsequent This Book Is Free Most contents of this book are from my FreeNuts.com blog, which focus on interesting and free web apps. As all those anti-censorship tools mentioned in this book, this book is and will be always free, you can read it on this blog or download it on the FreeNuts.com site. 181Powered by TCPDF (www.tcpdf.org)