Vous êtes sur la page 1sur 84

Page1of84

YourFreedom
UserGuide
AStepByStepIntroductionandReferenceGuidetoYourFreedom
https://www.yourfreedom.net/

Page2of84

Alltrademarksusedinthisguidearetrademarksoftheirrespectiveownersandonlyused
forreference.
Themostcurrentversionofthisguideisavailablefromourwebpage,
https://www.yourfreedom.net/,intheDocumentationsection.Pleasecheckifthereisa
latercopyavailableifyouencounterproblemsoryoucannotfindneededinformationinthis
copy.
ThisguideisCopyright20062013byresolutionReichertNetworkSolutionsGmbH,
Zweibrcken,Germany.Allrightsreserved.Youarewelcometocopyanddistributethis
guideinbothelectronicandpaperformaslongasyoudistributeitasawholeandnotin
parts,youdonotmodifyitinanyway,andthereferencetotheoriginallocationiskeptintact.
Pleaseadviseallrecipientsthatdistributedcopiesmaynotbethelatestversionofthe
document,andthattheycanalwaysdownloadthelatestversionfromourwebsite.

Page3of84

Introduction
WhatisYourFreedom?
Whatisitnot?
WhatcanIuseitfor?
Howdoesitwork?
Isitsecure?Isitanonymous?Doesitcompromisemysecurity?CanIcatcha
virus?
Whatdoesitcost?
IsYourFreedomSpywareorAdWare?
Howmanyserversdoyouhave?Aretheyallthesame?
GettingStarted
Registrationprocess
Gettingandinstallingtheclientsoftware
Connectingforthefirsttime
OnaPC
OnanAndroiddevice
Configureapplications
Automatically
Manually
ManualConfiguration
TheYourFreedomconfigurationdialog
Startingandstoppingtheconnection
Eachusermayonlyloginonce
Choosingtherightserver
Serverlocation
Protocols
CGIrelays

Page4of84
Connectingapplicationsandgames
Introduction
Usingsocksifiers
Windows
LinuxandotherUnixderivates
MacOSX
OpenVPNsupport
Introduction
Prerequisites
Configurationtasks
Configureyourapplications
Troubleshooting
UsingYourFreedomwithoutclientapp
PPTP
Generalinformation
IsPPTPsafe?
HowtoconfigurePPTP?
Whatifitdoesntwork?
SharingthePPTPconnection
DNSservers
MorethanonepredefinedPPTPconnection?
Accounttypes:Timebasedupgradesandvouchers
FreeFreedom(usagefreeofcharge)
Upgradesandvouchers
Vouchers
Testdrives
AdvancedTopics
PortForwards

Page5of84
Localportforwards
SIPforwards
Serverportforwards
ConnectionSharing
Relaying
UsingOpenVPNandICStoconnectotherPCs,Playstations,XBox,etc.
WilltetheringonAndroidworkwithYourFreedom?
IPv6
FinetuningCGImode
Appendices
AppendixA
Troubleshooting
Whydoesmyapp/gamenotwork?#
Performingaspeedtest#
Creatingadumpfile
Desktop
Android
Usingapacketsniffer#
Updatingtheclient
Countryinformation
Countryspecificplans
Serveravailabilitybycountry
Tweaks
TheYourFreedomclientconfigurationfile#
Where'smyhomedirectory?
Configurationoptions

Page6of84

Page7of84

Introduction
WhatisYourFreedom?
IsyourInternetaccesssomehowrestricted?Aresomewebpagesnotaccessibletoyou,or
areyouunabletorunapplicationsbecauseofsuchrestrictions?Areyouinaplacewhere
thereisInternetconnectivityviaapublichotspotbutyoudonthavealogintoit?ThenYour
Freedomisforyou.AlthoughthetechniquesusedbyYourFreedomtobreakthroughsuch
restrictionsarefairlycomplicated,itisnotdifficulttouse.
YourFreedomisaConnectivityServicethatallowsyoutoovercomeconnectivity
restrictionsimposeduponyoubyyournetworkadministrators,yourprovideroryour
country.Italsoprovidesacertainlevelofanonymization,andithidesfromyour
administratorsandothernosypeopleclosetoyouwhatyouaredoingontheInternet.
YourFreedomworksbyturningyourlocalPCintoawebproxyandaSOCKSproxythat
canbeusedbyyourapplications(webbrowser,games,whatever).Insteadofconnecting
directly,applicationscansendconnectionrequeststotheseproxyserversprovidedbythe
clientpartoftheYourFreedomsoftwarerunningonyourPC,andtheclientpartwillthen
forwardtheserequeststotheserverpartrunningonourconnectivityserversthrougha
connectionprotocolthatisstillavailabletoyouandthroughwhichtheclientpartcan
reachtheserverpart.Thereisalsoatransparentmodethatdoesnotrequireany
applicationconfiguration,andonAndroidphonesandotherdevicesYourFreedomwill
simplyworkwithoutanyadditionalconfiguration.
YourFreedomtunnelsthroughfirewalls,webproxies,FTPproxies,DNSserversandthe
like.Soundscomplicated?Wellitis,butthegoodnewsisyoudonthavetoworryaboutit,
thatsourjob.:)

Whatisitnot?
YourFreedomisnotaprivateVPNsoftware.Itdoesnotprovideaconnectiontoaprivate
networkbuttotheInternet.SomecallthisaVPNsoftwarebutitisreallyaconnectivity
solution.
YourFreedomisnotafirewallsolution,itismeanttobreakthroughfirewalls,nottobe
one.ItdoesnotmakeyourPCanysafer.Butthatslikelynotyourconcernbecause
someoneisprobablyprotectingyoutoowellanyway.
YourFreedomisnotaperfectanonymizer.Theservicedoesprovideacertainlevelof
anonymizationbyhidingyourIPaddress.Instead,theconnectionrequestappearstocome
(infactitdoescome)fromoneofourconnectivityserverIPaddresses.Butitcannotprotect
youfromyourownmistakesorflawsinapplicationsandprotocols.Youareanonymous
unlessyoumakemistakes.

Page8of84
YourFreedomisnotinanywayenhancingyourconnection.Itdoesnotprovidedata
compression1 ,anditcannotspeedyourconnectionupinanywayinfact,there'sacertain
amountofoverheadwhichisdependentontheconnectivityprotocolused,sothingswill
probablyrunslower,notfaster2 .

WhatcanIuseitfor?
YourFreedomcanbeusedtoovercome:

Protocolrestrictions.
Ifyoucannotusecertainapplicationsorservicesbecausetheseapplicationscannotconnect
totheInternetintheusualway,YourFreedommaybeabletohelpyou.Forexample,ifyour
favoriteonlinegamedoesnotworkinyourplacebecausesomeonedecidedthatyoushouldnt
playit,thentryYourFreedom.Gamesknowntoworkwellinclude:WorldofWarcraft,EVE
Online,Counterstrikeandmanyothers.
YoumaynotuseP2Pprotocolsbecausesomeonethinksitisillegal3 ?
MostP2PclientsworknicelywithYourFreedom,andyoucanevengetaserverport,which
givesyouahighid.
Censorship.
Youmaynotvisitcertainwebpages?TryYourFreedom.ItturnsyourlocalPCintoan
unrestrictedwebproxythatprovidesaccesstoallwebpagesthataregenerallyaccessible,or
connectsittransparentlytotheInternet
Timerestrictions.
WehaveheardfromusersthattheyuseYourFreedomtoavoidtimerestrictions.Inmost
cases,existingconnectionsarenotdisruptedbysuchrestrictions,andthereforealltheyneed
todoistostarttheYourFreedomclientbeforetherestrictionisinplace,andkeepitopen.
Theconnectionbetweentheclientandtheserverpartispersistent(thisdependsonthe
connectionprotocol,however).
Accessrestrictions.
IfthereisInternetconnectivity(throughahotspotorasimilarfacility)butyouneedaloginthat
youdonthave,welllikelybeabletogetyoufullyconnected.

Howdoesitwork?
YouneedtoruntheclientpartoftheYourFreedomsoftwareonyourlocalPC.Itiswrittenin
JavaandshouldnormallyrunonnearlyeveryPCwithouttheneedforadministratorrights.
WealsoprovideinstallerversionsthatdonotrequireJavatobeinstalled,butyoumayneed
administratorrightstoinstallthese.
OnAndroid,justinstallourYourFreedomapp,andlaunchit.
Theclientsoftwarethenconnectstooneofourserversthroughaconnectionprotocolthat
isstillavailabletoyou.InmostcasesthiswillprobablybeanHTTPconnectionthrougha
webproxythatyoumayuse,oranHTTPSorFTPconnection.Inmanyplaces,UDPor
1

Thisisnotentirelytrue.IfyouconnectthroughPPTPoruseOpenVPNmode,yourdatais
compressed.
2
Therearecases,however,whereYourFreedomisabletoactuallyenhanceyourconnectionfora
particularpurpose,forexamplebydisguisingyourtrafficastrafficthatisputintoabetterserviceclass
byyourprovider,orbyovercomingroutingissues.
3
Theprotocolisofcoursenotillegalanditisthereforesillytoblockitweknowbestbecausewehad
toblockitonsomeserversaswellbutitremainsopenonmost.Youractionsmaybeillegalthough
YourFreedomcantdoanythingaboutthis,itremainsyourresponsibility.

Page9of84
ICMPECHOmaybeusedaswell.NearlyeveryoneeverywherecanuseDNSmode.
Havealookatthepicturebelow.TheboxontheleftisyourPC.Letssaytherestrictive
firewallwontletyouaccesshotmail.comandyouwanttoreadyourprivateemailfromyour
workplacefireuptheYourFreedomclientandletitconnecttooneofourservers,configure
yourwebbrowsertouseitasaproxy,andyourwebbrowserwillbeabletoconnectto
hotmail.combyconnectingtotheYourFreedomclient,whichwillforwardtherequeststo
oneofourservers,whichwillthenforwardtherequesttothehotmail.comserver.The
repliesfromthehotmail.comserverwilltakethesameroutebackwards.

ThisisonlyaverysimplescenariobutitillustratesthattheYourFreedomclientapplication
andtheYourFreedomserveractasintermediatehopsforyourapplicationconnections.

Isitsecure?Isitanonymous?Doesitcompromise
mysecurity?CanIcatchavirus?
ConnectingtotheInternetthroughYourFreedomisgenerallylessdangerousthan
connectingthroughadialuporDSLconnection.Aslongasyoudonotexplicitlyconfigurea
serverportforward,noonecanconnecttoyourPCorphonethoughYourFreedom.But
sinceyoumaydownloaddatafromtheInternetthatmaythenbeexecutedonyourPC
(intentionallyorunintentionallybecauseofapplicationbugs)thereisacertainamountofrisk
itisthesameasifyouwereconnectingthroughanyothermeanstotheInternetand
downloaddatafromthere.Howeveritispossiblethatyourcompanyorwhateveruses
sophisticatedprotectionmechanisms(e.g.viruscheckingfordownloadsfromserverson
theInternet)thatwedonotprovideinthiscaseitisindeedlesssecure.Butplease

Page10of84
considerthatitislesssecurebecauseitallowsyoutodothingsthatyouwouldotherwise
notbeabletodothemostsecureprotectionfromthedangersoftheInternetisanAirGap
Firewall,i.e.:pulltheplug.Youllbesafebutalsolonely.
IthasbeensaidbeforethatYourFreedomisnotafullblownanonymizationservice.Itwill
howeverhideyourIPaddress,unlessyourapplicationcommunicatesitinband.Web
serveradminswillnotbeabletoseewheretheaccesscomesfrominitiallytheywill
insteadseeoneofourIPaddresses.Butwedonottakeanyfurtheranonymization
measures:wedonotremovetrackingcookies,nordowewashtherequestheadersthat
yourwebbrowsersends.
Forthoselookingforprivacy,theclientoffersahighlevelofencryptionusingtheAES
encryptionstandard,public/privatekeys,andstrongsessionkeys.Detailscanbefoundon
ourwebpageonhttps://www.yourfreedom.net/?id=encryption(youneedtobeloggedin).
Unlessyouexplicitlydisableencryption,youllbesafefromspyingeyes.
Withregardstoviruses:wedonothaveanyvirusprotectionmechanismsbuiltintothe
serviceandthereforedonotprovideanyvirusprotection4 .Pleaseinstallantivirussoftware
onyourPCorphoneyoushoulddothatanyway.

Whatdoesitcost?
Afundamentalserviceisprovidedforfree.Itisrestrictedinbandwidthandthenumberof
simultaneousstreams5 ,andthereisatimelimitofonehourfortheconnectionbetweenthe
clientandtheservers(butyoumayreconnectimmediately).Dailyusagetimeislimitedto
twohour,andweeklyusagetimeislimitedto5hours.Someofourserversarenotavailable
forFreeFreedomusers.Ifthisisgoodenoughforyou,youarewelcometostickwithit.
Weprovideupgradesthatremoveallusagetimerestrictions,expandorremovethe
bandwidthrestriction,andthatallowformoresimultaneousstreams,andthereareserver
portsthatyoucanusetoallowinboundconnectionstoyourPCoranotherPCinyour
networkifyoulike.Theupgradesareavailableasonemonth,threemonths,sixmonthsor
twelvemonthsupgrades,andcomeinthreedifferentlevelsthatwecallBasicFreedom,
EnhancedFreedom,andTotalFreedom.Asanalternativetotimebasedupgradesthereare
voucherscarnets.VoucherscanbeusedtotemporarilyupgradeyourYourFreedom
accountwithouthavingtopayforafullmonthandnotusepartsofit.Detailscanbefoundin
Accounttypes:Timebasedupgradesandvouchers.

IsYourFreedomSpywareorAdWare?
No!RestassuredthattheYourFreedomclientapplicationdoesnotcontainanycodetospy
onyouortocauseanyannoyances(otherthantherestrictionsoftheFreeFreedomservice,
4

Actuallythisisnotentirelyaccurate.OutboundemailsentthroughYourFreedomisscannedfor
viruses.WedothistoavoidblacklistingofourIPaddresses,whichwouldmakeitimpossibleforour
userstosendemailthroughYourFreedom.Itdoesnotprotectyouitprotectsothers(andus)from
you.
5
InPPTPmode,OpenVPNmodeandonAndroid,thenumberofconcurrentstreamsisnotlimited.

Page11of84
whichareofcoursetheretoconvinceyouofthebenefitsofbuyinganupgrade).Theonly
reasonwhywedontpublishthesourcecodeisbecausemuchofthecodeisalsousedin
theserver,andwedontwanttoexposeit.Wedontwanttohelpthosedevelopingblocking
applianceseither.
Wedoourbesttoprotectyourprivacybynotstoringanymoredetailsonourserversthan
technicallyorlegallyrequiredandpermitted.Infact,theconnectivityserversthemselves
donotkeepanylogsthatcouldbeofinteresttoanyonebutthedevelopersandoperators
(theyonlycontainthingslikeserverloadandexceptionaloccurrencesinserveroperation)
alllogscontaininguserdetailsareinsteadkeptonaserverinGermany.Howeverwewill
cooperatewithlegalauthoritiesinGermanytotheextentrequiredtoprotectusfromhaving
totakeresponsibilityforyouractions.Thismeansthatwemayunveilyouraccountand
paymentdetailsaswellasthesourceIPaddressusedtoconnecttoourserversifweare
forcedtodoso(andabletodeterminewhoisresponsibleforsomeaction).
WedonotlogwhatyouaccessontheInternetGermantelecommunicationslawsdo
notevenpermitthis.Wedologthefactthatyouhaveusedourservice,fromwhereyou
haveloggedintoourservice(ifweknowitatall!WithDNSmode,weusuallydont),the
lowest16bitsofIPaddressesyouhaveconnectedto(butnotthefulladdress,onlythelast
twonumbers!)andstatisticaldataaboutyourusageneededforaccountingandquality
assurance.Thisinformationistypicallyheldonfileforonlyafewdaysandnolongerthan4
weeks.Wedonotusethisinformationinanyotherwayexceptforstatistical,debuggingand
accountingpurposesandforcombatingviolationsofourterms,unlessrequiredbylegal
authoritiesinGermany.Wewillneverprovideanydetailstoprivatepartiesoroppressive
regimes.
Thereisacontrolconsoleontheserversthattheoreticallyallowsustoseewhatourusers
arecurrentlydoing.Weonlyusethisfortroubleshooting,andalldatathereistransientand
notstoredanywhere.Themomentyoulogoffitsallgone.Trustuswehavebetterwaysto
passourtimethanpeepingonyou.
Youmightsaybutothersclaimtheydontlogatall!Well,theyareeithernaveorlying.Our
competitorsneedtoprotectthemselvesagainstabusetoo,andtheycanonlydothatifthey
havedata.Wehavedecidedtobehonestwithyou.

Howmanyserversdoyouhave?Aretheyallthe
same?
Thispointissubjecttochangefrequently.Atthetimeofwritingwehave23serversonline,
in9differentcountries.Allwillbeabletosupportbasicwebsurfingorchattingbutsomewill
refuseP2Pconnections(particularlytheoneslocatedintheUnitedStates)tocomplywith
providerpolicies.Somecanhandlemoretrafficthanothers.Havealookatthelivestatistics
pageathttps://www.yourfreedom.net/?id=serversserversthatarenotinthep2pserver
grouparenotwellsuitedforP2Papplications,serversthatarenotinthevolumegroupare
notsuitableforlargefiletransfers,andsoonyoullgetthedrift.
Everyonemayuseallserversinthefreegroup,theothersarereservedtopaying
customers.Someserversmaynotbeavailabletousersconnectingfromcertaincountries,

Page12of84
oronlyavailabletousersconnectingfromsomecountries.TheYourFreedomclientwilltell
youaboutsuchrestrictionswhenyouconnect(authenticationnotvalidforyourcountryof
residence).Ifthishappenstoyou,pleaseuseanotherserver.Weonlydothiswhenwe
needtodefendourselves,i.e.notatallifwecanavoidit.
Lookattheserverloadtoo.Thehigherthenumber,themoreloadedtheserver.Loads
below40000areconsideredlow,loadsabove125000areconsideredhigh,andveryhigh
numbersindicateyoulllikelyonlygetadegradedservice.Weuseatrafficlightschemeto
quicklyindicatetheserverstate.Agreenlightindicatesthattheserverisfineandcan
acceptyourconnection.Ayellowlightwouldindicatethattheserverisupandrunningbut
currentlyratherbusy,alreadyslightlyoverloadedorotherwiseintrouble(connectivity
problemsareapossiblereason)andprobablywontbeabletoprovidethebestserviceto
youyouarestillwelcometouseit,andtheservicemaystillbeprettygood.Aredlight
indicatesthattheserverisdownorotherwiseunabletoserveyou.

Page13of84

GettingStarted
Registrationprocess
Yourfirststepinusingourserviceistoregisteronourwebsite6 .Youneedtovisit
https://www.yourfreedom.net/andcreateanaccountthere.Thereisalinkunderneaththe
loginandpasswordformfieldsintheredpartofthepagebanner.
Ontheregistrationpage,chooseausername(preferablyonethatisnotlikelyalreadyused)
andprovideapassword.Pleasemakeitlongenoughthisisforyourprotection,notours.
BothusernameandpasswordmaycontainuppercaseandlowercaseASCIIletters,digits,
dashes,andunderscores(spacesarepermittedinthepasswordtoo)othercharacters
mayworkaswell(particularlyinthepassword)butitisnotagoodideatotry.Theonlyother
requiredfieldisyouremailaddress.Everythingelseisnotmandatorypleasedonotfillin
rubbishifyoudonotwanttoprovidetheinformation,leavethesefieldsemptyinstead.You
canalwayscomebacklaterandprovideinformation(forexample,ifyouneedaqualified
invoice).
Onceyouhavefilledeverythingin,clickontheCreateaccountbutton.Youwillbeaskedto
confirmyourdetailsbyclickingonCreateaccountnow.Ifthereisaproblemwithyour
data,redmessageswillappeartellingyouwhatiswrongjustcorrectyourinputandtry
again.
Withinafewminutesyoushouldreceiveanemailcontaininganactivationlink.Ifyouremail
addressisprotectedbyantispammeasures,pleaseensurethatemailsentfromthe
yourfreedom.netdomain(i.e.endingin@yourfreedom.net)ispermittedbeforeyouclick
ontheCreateaccountnowlink.Activateyouraccountbyclickingonthelinkintheemail
(orcut&pasteitintoyourbrowser).Youcanalsosimplyreplytotheemail,quotingitinits
entirety,inyouremailreader.Ifyouhaventreceivedtheemailorifthelinkdoesntworkfor
whateverreason,pleasesendanemailtooursupportstaff,theycancreateoractivatethe
accountforyouifyouwritetosupport@yourfreedom.net,tellingthemtheusernameyou
havechosen,butnotyourpassword.
Whatifyoucannotregisteronourwebsitebecauseitsblocked?Well,itsahenandegg
problemthen.Eitheryouasksomeoneelsetocreateanaccountforyou(ordoitfrom
somewhereelse)andmodifyitlater,orobtaintheclientsoftwarefromanothersourcethan
ourserver,andusetheusernameunregisteredandthepasswordunregisteredinit.This
accountwillonlyprovideFreeFreedomaccess,however.Alternatively,ifyouareableto
sendanemailtoourcustomersupport,askthemtocreateanaccountforyou.Justwriteto
support@yourfreedom.nettellingthemaboutyourproblem,suggestausername(please
limityourselftoASCIIlettersandnumbers,dashesandunderscores)andapassword.If
youwanttoreceivetheYFclientbyemailjustwriteablankemailtoget@yourfreedom.net
6

Itisrecommendedthatyouuseapersonalaccount,butifyouonlymakeuseofourFreeFreedom
offeryoudonotneedapersonalaccount.Justuseusernameunregisteredandpassword
unregisteredintheclientapplication.TheAndroidappdoesthisbydefault.

Page14of84
youllbegivenfurtherinstructionsonhowtoproceed.Ifalltheoddsareagainstyouandyou
cantgettheclientsoftwarefromanywhereelsewellmailyouaCDaswell.

Gettingandinstallingtheclientsoftware
Onceyouvecreatedanaccountyoumayuseittologinonourwebpage7 .Login(tocheck
thatyouraccountisactive),thenclickonDownloads(youdonthavetobeloggedinto
download).ThereareseveralwaystoruntheYourFreedomclient,andconsequentlythere
ismorethanoneoptionfordownload:

WindowsInstaller
WindowsuserswhoalreadyhaveasuitableJavaRuntimeEnvironment 8installedontheir
systemandwhohaveenoughrightstoinstallsoftwareshouldbeabletousethisversion.The
downloadisabout2megabytesinsize.Ifyouareunabletodownloadfilesendingin.exe,try
tocopythelinklocationandpasteitintheURLfieldofanewbrowserwindow,thenchange
the.exeto.txt.RenamethedownloadedfileonyourPCto.exewhendone.
WindowsFullInstaller
ThisversioncomesbundledwithaJREofitsownsotherearenoprerequisites.Every
Windowsusershouldbeabletousethisone,providedthatyoumayinstallsoftwareonyour
PC.Thedownloadisratherfat,about14megabytes.Again,thisisan.exefile,trychanging
theendingto.txtifthisisaproblem.Abenefitofthisversionisthatitiscompiledtonative
codeandwillconsumefewerresources.

BothWindowsinstallerversionsareinstalledbyrunningthe.exefile.Justfollowthe
instructionsintheinstallerandyoushouldbedoneinaminute.(Ifyouareupdatingfroman
earlierversionwerecommendtouninstallthepreviousversionfirstyoursettingswillbe
kept.Ifyouchangeinstallertype,youmustuninstalltheoldversionfirst.)Oncetheclient
softwareisinstalled,proceedtoConnectingforthefirsttime.
IfyouarenotrunningWindowsorifyoucannotinstallsoftwareonyourPC,yourbest
choiceistheJavaarchiveversion.DownloadtheZIPfileandextractthecontentsintoa
foldertowhichyoumaywrite.Thiscouldalsobeamemorystick,oraCDROM,bytheway.
ThenruntheJavainterpreterwiththefreedom.jarfile.WithWindowsitisusuallysufficient
ifyoudoubleclickontheJARfile,butyoumaywanttoopenacmdwindowinstead,cd
tothedirectoryandrunjavawjarfreedom.jarinstead.OnUNIXboxesyoudnormallyuse
javajarfreedom.jarorkaffejarfreedom.jarorsomethingsimilarUNIXusersnormally
know.
Generally,theJavaarchiveversionoftheYourFreedomclientshouldrunonevery
computerthathasasuitableJREandenoughmemory.Welovetohearfromyouifyouve
managedtorunitonanexoticpieceofhardware(orinanunusualplace)!Wealsooffera
MacOSXinstallerversion.EventhoughMacOSXeditionsoftenshipwithapreinstalled
JRE,thereareversionslikeLeopardthatshipwithJRE5whichisnolongersupportedso
youmayneedtoinstallJRE6or7manually.AdditionalhintsforMacOSXandother
7

Logginginisoptional,ofcoursemostcontentisavailabletoeveryonewithoutalogin.Thespecial
unregisteredaccountcannotbeusedonthewebsite.
8
TheJavaRuntimeEnvironmentisrequiredtobecomplianttoJava6ornewer.Ifindoubt,visit
http://java.oracle.com/,clickonJavaSEintheTopDownloadssectionontherighthandsideofthe
screen,thendownloadtheJREoraJDK(whichcontainstheJRE)andinstallitonyourPC.
Oracleprovidesthesedownloadsforfree,butpleasehavealookattheirlicenseterms.

Page15of84
operatingsystemscanbefoundinthedocumentationsectiononourwebsite.

TheYFclientonlyrunswithJava6,notJava5.MacOSXdoesnotshipwithJava6
butyoucangetitfromhttp://developer.apple.com/java/download/(download"Javafor
MacOSX10.xUpdate(whatever)").Onceyou'veinstalledit,Java5maystillbe
activatedbydefault.Theinstallerweprovideshouldbeabletoautomaticallyensure
therightversionistakenifthatdoesn'tworktrytochangethedefault:OpenFinder,
gotoApplications,Utilities,Java,run"JavaPreferences".Move"JavaSE6"tothetop
forapplications.

AndroidAPK

TheYourFreedomappwillonlyrunonAndroid4.0andabovedevices.OlderAndroid
versionsarenotsupported,nomatterifthephoneisnewornot.Wecannotsupportolder
versionsbecausetheyarelackingthenecessaryVPNAPI.Ifyouareunsure,openthe
settings,goallthewaydowntoAboutphoneandcheckAndroidversioninthere.Ifits
1.x,2.xor3.xthenYourFreedomwillnotworkonyourphone.Checkwithyour
manufacturerifthereisafirmwareupdateandcomplainifnot.Wesuggestthatyoualso
checkonhttp://www.cyanogenmod.org/theymighthaveanaftermarketfirmwareforyour
phone.
TherearenootherrequirementscontrarytootherVPNapplicationsyourphonedoesnot
havetoberooted.
Wesuggestthatyouconfigureyourdevicetoallowinstallationofapplicationsfrom
externalsourcesthiswillallowyoutodownloadandinstalltheappfromourwebsiteand
receiveupdates.Openthesettings,gototheSecuritysection,findtheDevice
AdministrationsectionandtickUnknownsources.Itdoesnotjeopardizeyourphone,it
onlyjeopardizesGooglesbusinessmodel.NowdownloadtheYourFreedomAPKfileor
obtainitthroughemail(writetoget@yourfreedom.netandputthewordAndroidinthesubject
line).Clickonit,andinstallit.
Alternatively,searchforYourFreedominGooglePlayifyoucanuseit.Playhasthe
additionalbenefitthatyoucanconfiugurefullyautomatedupdates.

Page16of84

Connectingforthefirsttime
OnaPC
WhenyoustarttheYourFreedomclientapplicationforthefirsttime,youllbeaskedforyour
preferredlanguage9 .Clickabutton(youcanalwayschangethesettinglater).

AfteryouchoosethelanguageofyourpreferenceaWizardwillshowup.Itissafenotto
useitandenterallrequiredinformationmanually,butifyouareunsure,giveitatryfirst.
Manualconfigurationmayberequiredindifficultconnectionscenariospleasereferto
ManualConfiguration.
Nowletsassumethatyouareusingthewizard.ItwillfirstpresentaWelcomepage:

Notalltextshavebeentranslatedtoalllanguages.Youmayencountersomepartsthatappearinthe
defaultlanguage,whichisEnglish(US),anditisquitepossiblethatyouencounterbadtranslations.
Pleaseletusknow!
Wehavetakengreatefforttoensurerighttoleftlanguagesareproperlyformattedpleasebearwithus
ifthisisnotalwaysthecasenoneofusisabletoreadanyoftheselanguagessowedontnotice.
(Andletusknow!)

Page17of84
DoasyouaretoldandclickontheNextbutton.Youllseethispage:

IfyourInternetconnectionisthroughawebproxy,enterthedetailshere.Ifyouareunsure,
trytoclickNextfornow.

YoullfindaWindowaskingyoutoselectwhichprotocolswillbeusedtoconnecttoYF
servers.SelectedprotocolswillaffectthewaytheWizardchecksreachabilityofservers.
Someconnectionmodesmaynotbeavailabletoyou,dependingontheplatformand
whetherornotyouarerunningtheYourFreedomclientasadministrator(thisisa
prerequisiteforECHOmode).
Ifyouareunsure,leavethedefaultselection.ClickNext:

Page18of84
Ifallyougetisanemptylistofavailableserverslikethis:

youmightneedtofigureoutaboutyourwebproxy(orconfigureeverythingmanually,e.g.if
youwanttouseanFTPproxy!).
Ifyougetthishowever,

thenyouvefilledintheproxydetailsproperlybutyouneedtoauthenticateontheproxy.
ClickonNext

Page19of84

andfillinsuitablelogincredentials.InmanycasesthiswillbeyourWindowsDomainlogin
(dontforgettofillinthedomainaswell!).Justtryuntilitworks,youcanclickNexttotry.
Ifyouseethispage:

itmeansthatyouhavenotprovidedaworkingproxyconfiguration.ClickonBackand
modifythehostname/IPaddressand/ortheportsetting.Manyproxieslistenonport80,
8080or3128,tonamethemostpopularports.Checkyourwebbrowsersconfigurationit
shouldbeabletotellyou.
Ohbytheway,ifyoufindthatthewizardhastheproxydetailsalreadyfilledin,thenitsnot
magicitjustfoundtheminyourPCsregistryandprobablyhasmadelifeeasierforyou.
Letsassumeyouvebeenabletomakeitwork.(Ifnot,pleaseaskaknowledgeperson
aroundyouhowyoucanusethewebproxy,orclickCancelandtryamanual
configuration).Itworkedifyouseesomethinglikethis:

Page20of84

ItisimportantthatyouseeayesoranumberinanyofthecolumnsHTTP,HTTPS,FTP
orUDP.Ayesmeansthattheclienthasbeenabletousethisprotocoltoconnecttothe
serverusingthedefaultportsettings,anumberwouldmeanthatithasbeenabletoconnect
butonadifferentport,andanomeansthattheprotocolcouldnotbeusedtoconnectto
thisserver.Theresultsaresortedbypreference(anumberbetween0and10)itindicates
howwelltheserverfitsyourrequirements(ifyouvesetany).Chooseaserver,andthen
clickonNext.

Onthispage,enteryourYourFreedomusernameandpassword.ClickonNext.

Page21of84

Itseemsyouredonenow!ClickonSaveandExit.ThemainwindowoftheYourFreedom
clientshouldnowlooklikethis:

Notethattheclientjustdoesntknowanythingabouttheserverandyouraccountsprofile
beforeyouveconnectedtotheserver,thatswhysomeofthevaluesseemtobesomewhat
odd(includingthebandwidthitsnotunlimitedunlessyouveboughtapackage).Clickon
Startconnectionandyoushouldseesomethinglikethisafterafewseconds:

Page22of84

Notethatallthedetailsarenowfilledin,andthebandwidthreads64.0k.Thatskilobits,
aboutthespeedofanISDNconnectionorabitfasterthanwithahighspeedmodem.Click
onAccountProfilenow.

Page23of84

Thispanelcontainsyouraccountdetails.Withoutapackage,youmaynotuseanyspecial
servers(justthedefaultones),yourbandwidthislimited,yourmaximumnumberof
simultaneousstreamsisratherlowandyourserverconnectionwillbeterminatedafter60
minutes(butyoumayreconnectwhenithappens).Noserverportsareassignedtoyouso
noneofthemareforwardedtoyou.Butatleast,therearenoaccessrestrictionsyoumay
accesseverythingontheInternet10.
IfyouareusingtheHTTPprotocoltoconnectandyourconnectiondoesnotfullywork,try
thePOSTortheCGIconnectionmodelinstead(seeManualConfiguration).
OK,timetoconfigureyourapplications.PleaserefertoConfigureapplicationstolearnhow
todothis.OnceyouvesetupatleastawebbrowsertouseYourFreedomthemain
objectiveshouldbereached:youshouldbeabletoaccessthewebfreely!

IftheversionoftheYFclientyoureusingtoconnectistoooutdatedyoumayseeamessage
sayingthe*client[is]tooold*.ThismeansyoumustupdatetothelatestYFclientversionas
yoursisnotsupportedanymore.Thepreferredmethodwouldbetodownloadthemostrecent
one,uninstalltheoldversionandinstallthenewone.

10

Infacttherearesomerestrictionsbutyoucantseethem.Theyareonlytheretoprotectourservers
andwontgetinyourway.Promise!

Page24of84

OnanAndroiddevice
Findtheiconshownontheright,andlaunchtheYourFreedomstatusapplication
bytappingonit.Youllseeawelcomebannersimilartotheoneshownontheright,
brieflyexplainingthemostimportantthings.Youmustscrollthroughit(andwhile
youareatitanyway,maywesuggestthatyoureaditaswell)andclickeitherOK
orUsewizard.PleaseclickUsewizard.(Ifyouhappentohave
clickedOKinstead,clicktheSettingsbuttoninthetoprightcorner,
chooseExit,andstartoveragain.)Theappwillnowguideyouthrough
theinitialstepsofthesetup.Whenyouaredonewithfillinginrequested
information,clicktherightarrowtojumptothenextstep.Youcan
alwaysgobackusingtheleftarrow.Iftheconfigurationiscompleteand
youarehappywithit,clickonthetickmark.
Youlllikelynothavetoconfigureaproxyserver.Ifyouneedto,typein
itsaddressorDNSnameanditsport,andifitisaSOCKSproxy
changetheproxytype.Theappwilltrytofindoutwhetherornotyou
needauthenticationcredentialsifyouneedthem,itwillaskyoufor
them.
Wehavesomeusefultweaksforsomecountriesand/ornetworks.Ifyoursisamong
them,makethecorrectchoiceonthenextpage.Mostlikelyyoullnotneedthis,andifyou
doyoucanalwayscomebacklater.

Thenextpageprovidesalistofconnectionmodelsavailableandletsyouselectwhichones
totry.WesuggestthatyoutickHTTPS,HTTPandDNS.Generally,themoreticksyou
make,thelongeritwilltake,butyourchancesoffindingawaytoconnectwillalsoimprove.
Ifyouarehappywithpartialresults,usetheinputfieldsonthebottomtostopsearchingafter
agivennumberofattemptshavebeenmade,oragivennumberofconnectionoptionshas
beenfound.Clicktherightarrowtostartsearchingforconnectionoptionsnow.Oncethe
searchiscompleted,youllseealistofYourFreedomservers.Thetablecanbescrolled

Page25of84
verticallyandhorizontally.Itisorderedbypreference,anumberbetween0and10
calculatedbasedonyourconfiguredserverpreferences(youhaventdonethatyet)andthe
likelyserverperformance.Someofthefoundserverswillhaveacoinsymboltheseservers
areonlyavailabletopayingcustomers,whileothersareavailabletoeveryone.Tapononeof
therecordstohighlightit,andthentapontherightarrow.

Onthelastscreen,enteryourusernameandpassword(ifyouhaveonealready).Youmay
usethepreconfiguredunregisteredwithpasswordunregisteredifyoudonothaveyour
ownaccountwithusyet.Youonlyneedapersonalaccountifyouintendtomakeuseofour
BasicFreedom,EnhancedFreedomorTotalFreedomoffers.

Whenallisdone,clickonthetickmark.
OnAndroid,youdonothavetoconfigureanyapplicationsjustskipthenextsection.

Page26of84

Configureapplications
ThissectiononlyappliestoPCs,notAndroiddevices.

Automatically
Pleasenote:Werecommendmanualconfiguration.Thisfeatureisonlyprovidedforyour
convenienceandyoushouldprobablynotuseit.
WindowsuserscansimplyclickontheApplicationstabandseesomethinglikethis:

ThisisalistofapplicationswhoseconfigurationscanbemodifiedautomaticallybyYour
Freedom.Theonesthatareinstalledonyoursystemhaveworkingcheckboxes,theother
onesaregrayedout.TicktheonesyouwishtousewithYourFreedom,andthenclickOK.
Youllseesomethinglikethis:

Hopeitsallsuccessful!ThenclickOK.Torestorethepreviousconfigurationofyour
applications,chooseRestore,andthenticktheonesyouwouldliketorestore,andclick
OK.NotethatapplicationsthatyouveconfiguredtouseYourFreedomwillonlywork

Page27of84
properlyiftheYourFreedomconnectiontotheserverisupandrunning.Also,dontforgetto
restoreallyoursettingsbeforedeinstallingtheYourFreedomclient!
Tomanuallyconfigureyourapplications,havealookatthePortstabfirst:

NotetheSOCKS4/5andWebProxycheckmarksthistellsyouthatyourlocalPCis
nowactingasaSOCKS4/5proxyonport1080andasaWebProxyonport8080.To
changethesevalues,unticktheservice,thenmodifytheport,thenreactivate(thiscanbe
doneontheflywhileyouareconnected!).Everythingbelowisprettysophisticatedstuffand
certainlynotaimedatfirsttimeusers,andwillbecoveredinAdvancedTopics.
IfforsomereasonyoucannotconfigureyourapplicationsfromwithintheYourFreedom
client,youneedtomanuallyconfigurethemtousewebproxylocalhostonport8080or
SOCKSproxylocalhostonport1080(ifyouvegotthechoice,useSOCKSversion
5).Pleaserefertotheapplicationsdocumentationtolearnhowtodothis(orasksomeone
whoknowswevegotsomeexamplesintheFAQ/Docusectionofourwebpage
https://www.yourfreedom.net/?id=faqaswell).
OpenVPNsupportisnotenabledbydefaultpleaseseeOpenVPNsupport.

Manually
Ofcoursewecannotprovidedetailedconfigurationguidesforallapplicationsthatcanbe
usedwithYourFreedom.Therearebasicallyonly4wayshowapplicationsaremadeto
workviaYourFreedom:
1. Byconfiguringthemtouseawebproxy.Applicationsthatofferyoutoaccessthe

Page28of84
InternetthroughawebproxyneedtobesetuptouseyourlocalPC(thehostnameis
localhost,theIPaddressis127.0.0.1)onport8080asthewebproxyand
everythingshouldbefine.
2. ByconfiguringthemtouseaSOCKS4/5proxy.Applicationsthatofferyoutoaccess
theInternetthroughaSOCKSproxyneedtobesetuptouseyourlocalPC(again,
thehostnameislocalhostandtheIPaddressis127.0.0.1)onport1080as
SOCKSproxy.Thisispreferableoverthewebproxyconfiguration(ifyouvegotthe
choice)butbothwillnormallydo.UseSOCKS5ifyoucan.Ifitdoesntwork(some
applicationshavebuggySOCKSimplementations)trySOCKS4.
3. Byusingasocksifyingapplicationtorunyourapplicationfrom.Manyapplications
arenotdesignedwithyournetworkingproblemsinmindanddonotoffertorunusing
aweborSOCKSproxy.ManyofthemworkwellwithYourFreedomifyourunthem
frominsideasocksifier.ThatsanapplicationthatfoistsamodifiedWinsockDLL
totheapplicationwhichredirectsallnetworkrequeststoaSOCKSproxy,inthis
casetotheYourFreedomclient.ExamplesforsuchapplicationsonWindowsare:
SocksCap(32bitonly!),ProxyCapandFreeCap.TheyarecoveredinUsing
socksifiers.Usingasocksifiermightalsobeanoptionifyoucannotconfigure
yourapplication,e.g.becauseyoudonthaveadministrativerights.Itstricky
howevertooverrideexistingproxyconfigurationsthisway.
4. Byusingoutboundandinboundportforwards.Ifyourapplicationonlyneedsto
accessoneparticularserverviaatopconnectiononaparticularport,itsprobably
mostconvenientifyoucreateamirrorimageofthisportonyourPC,andaccess
yourlocalPConthemirrorportinstead.Similarly,youcancreateamirrorimageof
aportonyourPConourserversandmakeitaccessibletoothersontheInternet11
.ThisiscoveredinsectionPortForwards.

11

Youraccountprofileneedstopermitthis.Currently,onlyownersofTotalFreedompackagescan
redirectserverportstotheirlocalPC.

Page29of84
SettingupMozillaFirefox
Allwebbrowserssupporttheuseofwebproxies,andoption1)shouldbejustfine.
ClickonTools,Options.ChoosetheAdvancedpanel.ThenclickontheNetworktab.
Theconfigurationwindowsshouldnowlooklikethis:

Page30of84
NowclickonSettings

Fillinthevaluesasshown(makinganoteoftheoriginalvaluessoyoucanreverttoyou
previousconfigurationwhenyouarenotusingYourFreedom),thenclickOKinboth
windows.FirefoxnowusestheYourFreedomconnection.
SettingupInternetExplorer
Likeallbrowsers,IEsupportsproxiesdirectly.Whatsmore,IEsproxyconfigurationis
actuallysharedbymanyotherapplicationsaswell.
SelectTools,InternetOptions.ThenclickontheConnectionstab.Youllseesomething
likethis:

Page31of84

IfyouareusingaLANconnection,clickonLANSettings,otherwisechoosetheconnection
youusetoconnecttotheInternetandclickonSettings.Awindowsimilartothisonewill
open:

Page32of84

TickthecheckboxesforUseaproxyserverandforbypassproxyserverforlocal
addresses.ThenclickonAdvanced.Anotherwindowwillopen:

Fillinthevaluesasshown.ThenclickOKinallthewindows.InternetExplorernowuses
theYourFreedomconnection(andconsequentlyonlyworkswhentheconnectionisup).
Werecommendyoumakeanoteoftheoriginalsettingsthatallowsyoutorevertthem

Page33of84
whenyouarenotusingYourFreedom.

ManualConfiguration
MostoptionscanbeconfiguredusingtheConfiguredialogavailablefromtheStatustab,
butafewareonlyavailableviatheconfigurationfile.Werecommendthatyouavoid
messingwiththeconfigurationfileunlessyouareadvisedbyusorthinkyouknowwhatyou
aredoing.

TheYourFreedomconfigurationdialog
GototheStatustaboftheYourFreedomclient,thenclickConfigure.Adialogwindow
likethisshouldopenup:

OntheServerConnectiontab,configuretheYourFreedomservernameorIPaddress
(severalnamesorIPscanbeseparatedbysemicolonbutnoadditionalspaces!).Select
theconnectionprotocolfromthepulldownmenu,andthedefaultportshouldautomatically
appear(changeifnecessary).Orusethewizardtoseeyourserverconnectionoptionsand
lettheclientchoosethebestway(butconfiguretheproxysettingsfirstifyouneedtousea
proxy!).
Also,selecttheconnectionoptionsaswell.FormostpeoplethedefaultsshouldbeOKyou
mightwanttotickAvoidusingDNSaswellifyouonlywanttotryknownIPaddressesfor
theYFserversandnotaskyourlocalDNSserver.Itisnotadvisableyouenablethe
Automaticallyswitchserveroption,anditwilllikelynotbeavailableanymoreinnew

Page34of84
releases.
IfyouclickontheAccounttab,youllseethis:

FillinyourYourFreedomusernameandpassword,andchooseadifferentlanguageifyou
like.Manytextsandmessagesareavailableinotherlanguagesanditmaybeeasierifyou
changethesetting.Notethatyouhavetorestarttheclienttomakethechangeeffective
whenyouarealldone.

Page35of84

Theresalotyoucanconfigurehere.Youmightwanttousethewizardtoconfigureaweb
proxybutyoudonthaveto,theresnotmuchdifferencebuttheclientwillcheckifyour
settingsappeartobecorrect.Ifyouknowthedetails,justfillthemin.Youllprobablyneedto
configuretheaddress(hostnameorIPaddress)andtheport.Ifyouneedtoauthenticateon
thewebproxy,fillinusernameandpasswordaswell,andifitsanNTLMauthenticated
proxyaddthewindowsdomainnameaswell.(Inthiscase,username,passwordand
domainareprobablythesamevaluesthatyouusetologintoyourPC!)
IfyouintendtousetheFTPconnectionmethodandyoucannotdirectlyFTPtoserverson
theInternet,theremaybeanFTPproxyonyournetwork.(Dontbothertoconfigure
anythingifyoucanusetheftpcommandlinetool!)Theportwilllikelybe21,butyoullneed
thehostnameortheIPaddressaswellasksomeonewhoknows,therearelegitimate
needstouseFTPoutsidewebbrowsers.
ThemostcommonconnectionscenariosarealsocoveredbytheWizardavailablethrough
thebuttononthebottomitsthesamethatisrunwhenyoustarttheclientforthefirsttime
anditsdescribedindetailinConnectingforthefirsttime.
Whenyouaredone,clickonSaveandExittosaveyourchanges,oronCanceltoabort
them.
Somuchforsettinguptheconnection.YoushouldnowbeabletostartitupfromtheStatus
panel.Theconnectionindicator(thedoor)shouldopen,aquestionmarkshouldappear
whileclientandservernegotiate,anddisappearafterafewseconds.Ifitdoesntdisappear,
yourconnectionsettingsdontwork.HavealookattheMessagespanel.Ifyoucantget
theconnectiontowork,checkoutAppendixAtoseehowyoucanhelpustohelpyou.

Page36of84
Onceyouareconnected,checkoutyourconnectionprofilebyclickingontheAccount
Profiletab.Itshouldlooksomewhatsimilartothis:

Mostthingsinhereshouldbefairlyselfexplanatory,exceptmaybeforservergroupsand
remoteportforwards.
Servergroupswillindicatethegroupsofserverstowhichyoumayconnect.Multiple
permittedgroupsareseparatedbycomma.Everyonewillhavethedefaultservergroupon
theirprofile,meaningthatyoumayconnecttoeveryYourFreedomserverinthedefault
group(atthetimeofwriting,allserversareinthisgroup,butthismaychange).Some
accountshaveadditionalservergroupsintheirprofile,dependingonboughtpackages.All
willnotshowupincustomerprofiles.
Ifyourprofilehasanyserverportsassigned,theywillshowupintheremoteports
forwardedline.ThenumberstheremeanthattheseportsontheYourFreedomserverwill
beforwardedtoyourPCwhenyouareconnected,andyoumayusethemintheserver
portforwardsconfiguration(seebelow).

Page37of84

Alloptionsinherecanbechangedwhiletheconnectionisactiveandwillhaveimmediate
effect.IfyouwishtomodifythelocalportsonwhichyourPCbecomesaweborSOCKS
proxy,unchecktheservicefirst,thenchangetheportnumber,andticktheboxagain.Ifyou
wouldlikeyourPCtoacceptrequestsfromotherPCsonthelocalnetworkandforward
themthroughyourYourFreedomconnection,ticktheRelayforothersbox.Notethatthis
willonlyhaveaneffectifyourprofilepermitsit(checktheRelayingpermittedlineinthe
AccountProfilepanelasshownabove).

Startingandstoppingtheconnection
Eachusermayonlyloginonce
Thatsright.EachusercanonlyloginfromonePCatthesametime.Ifyoutrytologin
usingthesameuseraccountfromanotherPCoranotherinstanceoftheclient,the
previoussessionwillbeterminated.Thismeansthatyouwillalwaysbeabletologin,butso
willeveryoneelsewhoknowsyourdetailsandheorshewillkickyouoff.Theserverstalk
toeachother,itdoesnthelptojustusedifferentservers.

Choosingtherightserver
Serverlocation
TheYFservershouldideallybeclosetotheYFclientorclosetotheserversyouintendto
usethroughYF.Justthinkaboutitasatriangle:thecornersareyourPC,theserviceonthe
Internet,andtheYFserverontop.Themorethetrianglelookslikeastraightlinebetween
youandtheservice(i.e.theflatteritis),thebetter.
Letmegiveyouanexample.IfyouarelocatedintheUSandtheserviceyouareusing(lets

Page38of84
sayyouareplayinganonlinegame)isalsoUSbased,aserverinEuropewillprobablybea
badchoice.Thelawsofphysicsmakeitimpossibleforinformationtotravelfasterthanthe
speedoflight12 andputting20.000kilometersofadditionalwiresorfibersandadozenof
routersbetweenyouandtheservicewillincreaselatency.
ItisidealtouseaYFserverthatisclosetoyourself.Why?Becauseyoudnormallyuse
morethanoneserverontheInternetandyoucannotfindaYFserverthatistopologically
closetoallofthem,butyoumaybeabletofindonethatisclosetoyou.Ontheotherhand,
forapplicationsthatdontcaretoomuchaboutlatency(likelargefiletransfers)theservers
locationisnotimportant.Trythedifferentserverstoseewhichoneisgoodforyou.
TheYFclientwilltellyouwheretheserverislocatedwhenyouareconnected(andalsoin
theconnectionwizard).UnfortunatelywedonthavemanyserversoutsideEurope,simply
because
a. Theyareunaffordableunmeteredhighbandwidthdedicatedserversarevastly
expensiveinmostplacesoutsideEurope.
b. theprovidersaretoorestrictiveinwhatyoumaydowiththeserversandwhatnot
wearesickandtiredofendlessandfruitlessdiscussionswithUSbasedproviders
andexplainingtheirdroidstaffwhatwedoandwhatwedontdo,andwhyitsnot
illegal,andwhyitsrubbishthattheserversIPappearedinsomerobotemail.
Ifyouknowaboutgoodproviderswewouldliketohearfromyou!Butpleaseconsiderthat
anaverageYourFreedomservergeneratesbetween1and8terabytesoftrafficpermonth
andneedsatleast2GBofRAMandadecentmulticoreCPU.Anditshouldcomewith
DebianLinux.Ifitslessthan100USdollarspermonth,thatwouldbegreat.

Protocols
Notallourserverspermit13 allprotocols.Someproviders(yougotittheyaremostlyUS
based)placeprotocolrestrictionsonusandarehavingkittenseverytimetheybelievethat
theyhavespottedsomething,andwhatsevenworse,theywontlistentoanyarguments.
Soifwewantserversthere(andwedo,toprovideagood,responsiveservicetothoseof
youwhoneedit!)weneedtorestrictsomeprotocolsonthem.
Ifyourapplicationdoesntworkasyouwouldexpect,havealookatthemessagewindowof
theYFclient.Areyouseeingmessagesaboutadeniedprotocol?Itmeansthatyoullhave
touseadifferentserver.
Generallyspeaking,useaserverinEuropewheneveryoucanifyouareworriedabout
protocolrestrictions.
Thereisonerestrictionthatappliestoallservers:SMTPtoremoteserversisnotpermitted.
Instead,allSMTPconnectionsareredirectedtooneofourserverswheresubmittedemailis
checkedforvirusesandSPAMcontentbeforeitispassedon.Thisisonlyimportantifyour
mailapplicationmustconnecttoaspecificmailrelaynormallyitwontbeaproblem(butit
meansthatyoulllikelyhavetodisabletransportlevelencryption).Also,wehaveextensive
protectionmechanismsagainstspammingbuiltintotheserversyouwontbeableto
rapidfiredeliveremailsviaYourFreedom.Anormaluserwontnoticeatallbutfor
12

Iknowthismaybenotentirelycorrect,butitisfortheInternet.
AllserversallowallconnectionmodelsthisisnotabouthowyouconnectwiththeYourFreedom
clienttotheYourFreedomserver,butwhatyoudothroughtheconnection.
13

Page39of84
spammersitsapaininthebackside,andmeanttobeone.

CGIrelays
TheCGIconnectionmethodadheressomuchtothestandardsthatitdoesnotonlyfool
proxies,italsoenablesustoputanintermediateCGIscriptinbetween.Yes,thatsright,
thereisasimplePHPscriptthatpeoplecanputonanywebserverstheycontrol,thatcanin
turnprovideaYourFreedomconnectiontothosewhodonthaveaccessanymoretoanyof
ourservers.OurideaisthatitsfairlysimpletoblockallourIPaddressesastheypopup
becausewecannothavenewoneseveryday,butitwontbepossibletodosomething
aboutthousandsofnewURLseverydaythathaventgotanythingincommon.
ItisquiteobviouswhypeoplewouldliketousesuchaCGIrelaybecausetheyhaveto.
Thereisnootherreasonbecauseobviously,thismethodisnotasfastandinteractiveas
theotherconnectionmethods.Butwhenyouredesperateandnootherwayofconnecting
isleft,itsbetterthannothing.Butwhywouldpeopleputthescriptontheirwebservers
whenalltheygetforitisalotofadditionaltraffic?
Thatssimple.Thereisarewardingscheme.Everytimeyouusetheirrelayserver,theyll
getbonuspointsthattheycanusetowardspurchasesonourwebsite.Ifyouare
consideringprovidingarelay,checkouthttps://www.yourfreedom.net/?id=cgirelaysfordetails.
Butbeawarethatsucharelaycouldeasilycreatehundredsofgigabytesoftrafficper
month,andthatyourproviderprobablydoesntlikeitifyourunitonavirtualserver.
SohowdoyouusesuchaCGIrelay?YouneedtoknowtheURL.Iputitindoublequotes
becauseyoudontneedafullfledgedURLyouneedtheservernameandtheURI.For
example,ifthescriptcouldbeaccessedinawebbrowserusingtheURL
http://some.server.somewhere/some/path/script.php,theCGIrelaywouldbecalled
some.server.somewhere/some/path/script.phpinYourFreedom.Simplyuseitasthe
servername,chooseCGIastheconnectionmodel,anddefinitelydisableautomaticserver
switching.

Page40of84

Andhowdoyouknowaboutthese?Well,thatsanothermatterentirely.Wewontpublish
anylistsandwewouldaskthatyoudoneither.Why?Becausewedontwanttheseliststo
simplygetimportedintoURLblacklists.ButtheYFclientfindstherelays.No,wewontsay
how,figureitout.:)
IfyouwouldliketosetupsuchaCGIrelay,youcandownloadthescriptat
https://www.yourfreedom.net/emsdist/enduring_freedom.phpRENAME.Havealookatthefirst
linesyouneedtochoosewhichserveryouwouldliketorelaytoandputtheserversname
in.Saveitunderaninconspicuousname(usetherightending).Thentestitplease(use
yourwebbrowseryoushouldseealongtextpagewithloadsofgarbagedontworry,
thatsfine).Ifitworks,registeritonourwebpage(https://www.yourfreedom.net/?id=cgirelays,
loginfirsttoensureyougetthecredit!).Ourscriptswilltestitautomaticallyandifitworks
theywilladdittothedatabaseandmakesurethatclientscanfindit(ittakesawhilethough
dontexpectclientstouseitimmediately).
Btw.youarewelcometosetupCGIrelaysforyourownpersonaluseonlyaswell,youdont
havetoregisterthem.Feelfreetotellothersaboutit,andpublishtheURLifyoulike.Justif
youdecidetoregisterit,dontpublishit.Ifyouhavebefore,simplychangethenameorthe
pathorsetupacopy.Dothatfrequently,ithelps!Removeveryoldcopiesfromtimeto
time,theygetunregisteredonourwebpageautomaticallysinceourserverschecktheir
existencefromtimetotime(butyoucandosoaswell).

Page41of84

Connectingapplicationsandgames
Pleasenote:Thiswholechapterisonlyapplicabletothedesktopversion,nottheAndroid
application.OnAndroid,youdonotneedtoconfigureanythingtomakeyourother
applicationsworkwithYourFreedom.

Introduction
Apartfrombrowsers,therearemanyapplicationsthatcanbenefitfromYourFreedomand
connecttotheInternet.Fromterminalclients,chatandinstantmessengers(likeGTalk,
PandionorYahooMessenger),P2Ptechnologies(likeBitTorrent),togamescanbe
configuredtoconnectviayourfreedom.
Thischaptercoverssomeconceptsnecessarytomakeyourparticularapplicationwork.

FormorespecifictechniqueslikelocalandserverportforwardsseePortForwards

Usingsocksifiers
IfyourparticularapplicationdoesnotsupporttheuseofweborSOCKSproxies,itstill
doesntmeanthatitcannotrunwithYourFreedom.SincetheYourFreedomclientisafull
blownSOCKSserver,allyouneedistosocksifyyourapplication.Thereareseveralways
todothis,allofthembasicallyuseafeaturecalleddynamiclinklibrarypreloading.Since
peoplehatereinventingthewheeltheycameupwithcodelibrariesthatgetdynamically
linkedtotheapplicationatexecutiontime.Likeeveryotheroperatingsystem,Windows,
Linux,MacOSetc.shipwithsuchlibraries,andoneparticularofthemoffersnetworking
functions.Thefirsttimesuchafunctionisreferredtobytheapplication,thelibrary
automaticallygetsloadedbutonlyifithasntbeenloadedwithintheapplicationscontext
already!Thetrickistomakesurethatthelibraryhasalreadybeenloadedbeforethe
applicationstartsbutahackedversionofitthatknowswhattodowithaSOCKSserver.

Windows
Therearemanysocksificationtoolsonthemarketherearesomeexamples:
WideCap
WideCapisafreesocksifierthatintegrateswiththesystemnetworkstackanddoesnotrely
onpreloadingalibrarylikesomeothersocksifiers.Itworkswithmanygamesand
applicationsthatcannotbeusedwithsocksifierslikeSocksCapandFreeCap.Weknowit
workswellwithSteampoweredgames.Finditonhttp://www.widecap.ru/eng/.
SocksCap
Thisisanoldbutpopularsocksifierfreefornoncommercialhomeuse(andnotavailable
anymorecommercially).Youmustgoogleforsc32r240.exeifyouwanttodownloadit.
FreeCap

Page42of84
FreeCapis,asthenamesuggests,freewareandisavailablefordownloadfromthe
project'shomepageathttp://www.freecap.ru/eng/.Thereisalsoadditionaldocumentation
therebutitsusewithYourFreedomissimpleenough.Welikethisbestbecauseit'sfree
andeasytouse,andit'sgoodenoughformany(butnotall)applications.
ProxyCap
Acommercialproduct.Havealookathttp://proxylabs.netwu.com/.
Proxifier
Proxifierisalsoaverycleverpieceofsoftware.Testingfor31daysisfree,alicensecosts
USD40.Plusit'salsoavailableforMacOSX.CheckitoutontheProxifierhomepageat
http://www.proxifier.com/.
HummingbirdSocks

TheOpenTextExceedconnectivitysuitecontainsasocksifieraswell.Itcanbefound
onhttp://connectivity.opentext.com/.

LinuxandotherUnixderivates
Dante
DanteisthedefactostandardintheUnix/Linuxworld.It'sfree.Downloadavailablefrom
http://www.inet.no/dante/.ManyLinuxdistributionscontainadanteclientpackage.Once
installed,youwouldnormallyhavetoconfigure/etc/dante.conftoredirecttraffic
appropriatelytoyourlocalSOCKSserver,andthenusethesocksifyscripttorun
applications.
Tsocks
TsocksisanotherUnix/Linuxworldsocksificationtool,alsofree.Itcanbefoundon
Sourceforge.ThereisaMacOSXversionaswell.

MacOSX
Proxifier
ProxifierisalsoavailableforMacOSX.
Tsocks
Checkouthttp://forums.macosxhints.com/archive/index.php/t55338.htmlforhintsabout
tsocksforMacOSX.

OpenVPNsupport
Introduction
ThereisanotherwaytomakeyourapplicationsconnecttotheInternetthroughYour
Freedomwithouttheneedtoconfiguretheminanyway!Thisisprettywelltestedandsofar
hasproventobealmostbulletproofversusitssocksifiercousins.Intheoryeveryapplication
thatworksbehindaDSLorcablerouteralsoshouldworkwellthoughOpenVPNmode.

Page43of84

Prerequisites
TheOpenVPNwayunfortunatelyhasafewprerequisitesthatyouneedtomeetforittowork
onyourPC:
Administrativerights
Theresnowayaroundit:youneedtobeabletoinstallOpenVPNanduseit,soyouneed
administrativerights(onUNIXlikesystems:youneedtobeabletoinstalltheOpenVPN
binarysetuidrootinyourpath).OntypicalcompanyPCswithdomainloginyouwonthave
administrativerights.
WithVista,youalsoneedtoexplicitlyruntheYourFreedomclientwithadministrative
privileges(rightclick,"Runasadministrator").Alternatively,rightclickonthelinkinthestart
menu,choose"Properties",clickontheCompatibility"tab,thentickthe"runas
administrator"checkboxthiswillfixitonceandforall,aslongasyoualwaysusethislink
toruntheYFclient.
OpenVPNneedstobeinstalled
OpenVPNisFreewareandOpenSource(butpleaseconsiderdonating).Ifyouhavethe
abilitytoinstallsoftwareonyourPC,gotohttp://openvpn.net/download.htmlanddownload
OpenVPN.Itneedstobeatleast2.1_rc20,newestreleaseshoulddo.ForWindowsthereis
aninstaller,othersneedtocompileOpenVPNfromsourceormaybeitshipswithyour
OSsdistribution?Inanyway,ifyouopenacommandshellandtypeopenvpnyoushould
seehundredsoflinesofinstructionsifnot,itsnotproperlyinstalled.OpenVPNneedsto
installatunnelinterfaceonyourPConWindowsitscalledTAPWIN32,onLinuxthis
wouldbetun0.
ForusersofWindowsVista,Windows7andaboveitsrecommendedtoconfigurethe
openvpn.exeexecutabletorununderadministrativeprivileges.Goto"C:\Program
Files\OpenVPN\bin\",rightclickontheopenvpnexecutable,selectProperties,
Compatibility,andmarktheRunasAdministratorcheckbox.Thiswillensurethe
openvpnprocessgetslaunchedwiththenecessaryprivileges.
BeforemakinguseofOpenVPNpleasemakesureyourcomputerisproperly
protectedandnotinfectedbysomevirus/wormoraTrojan.Ensurethatitisnotpart
ofabotnet.Ifyoudon'tourserversmighthavetoclosedownyouraccountto
protectoursystems.IfyoudonothaveapropersecuritysuiteinstalledonyourPC
pleaseopenInternetExplorernowandvisitthiswebpageforafreecheck(itisa
MicrosofttoolandwillthereforeonlyworkinInternetExplorer):
http://onecare.live.com/site/enUS/default.htm
Westronglyadvisethatyourepeatthisfromtimetotime.Itisforyourown
protection!Ifyouhaven'tgototherprotectionconsiderinstallingfreeprotection
softwarelikeMicrosoftSecurityEssentials,AviraAntiviroravast.

YoudontneedaYourFreedompackage,FreeFreedomwillsuffice
Thatsright.OurOpenVPNsupportisnotonlyavailabletopayingusers.Althoughrunning
anOpenVPNtunnelendpointusesconsiderablymoreresourcesthanjustforwarding

Page44of84
connectionswedecidedtoofferittoeveryoneforfree.Althoughweknowthatitwouldntbe
muchfunwith64k.

Configurationtasks
Knowyournetworkingenvironment
IfyouarebehindafirewallandneedtobeabletoreachserversthathaveInternetIP
addressesbutarenotreachablefromtheInternet,youneedtoaddrouteexclusionlinesto
yourconfigfile(seeAppendix:YFclientconfigurationfile).
99%ofalluserswonthavetoconfigureexcludes.AllnonInternetIPaddressesare
automaticallyexcludedanyway(thiscovers10.0.0.0/8,172.16.0.0/12,
192.168.0.0/16).NetworksthatarealreadyroutedonyourPCareexcludedaswell.
Forallothers,addanopenvpn_excludelineperIPornetworkasdescribedinAppendix
C,e.g.
openvpn_exclude1.2.3.4
openvpn_exclude2.3.0.0255.255.0.0
NotethatYourFreedomiscleverenoughtoautomaticallyexcludeallIPaddressesthatit
needstobeabletoreachinordertomaintaintheconnectiontotheYourFreedomserver.
TicktheOpenVPNbox
GotothePortspanelandticktheOpenVPNcheckbox.Leavetheportnumberasitis,
unlesstherearereasonswhyyouneedtouseadifferentport.
StarttheYourFreedomconnection
Theconnectionsetupshouldlooklikeusual,butapproximately10secondsafterthedoor
opens,itshouldopenabitmore.Themessagelogshouldtellyouaswellwhenithappens.
HavealookatyourPCsroutingtable(inWindows,runcmd,thentyperouteprintUnix
userstypenetstatrnorrouten)youshouldseeawholebunchofroutesthereall
goingtosome169.254.xxx.yyyaddress.TheseroutescoverthewholeInternetaddress
spaceminustheexclusionsmentionedabove.WecannotreplaceyourPCsdefaultroute
thatwouldverylikelycutyouofffromyourlocalnetworkandmaketheYourFreedomserver
unreachable.
Relayforothers?
Yes,youcanandyoumay.ButunlessyourPCmasqueradestheotherPCstheyneedto
runtheirownOpenVPNsession.Whenyoustarttheconnection,theYourFreedomclient
createssomeconfigfilesinyourhomedirectory(pleaseseeAppendixCforlocation
details)allstartingwithclientorservercopythemtotheirPCsintosomedirectory,edit
client.ovpnandreplace127.0.0.1withyourPCsinternalIPaddress,thenrightclickonthe
client.ovpnfileandchoosethesecondoption(StartOpenVPNwiththisconfigfile).Of
coursetheyneedtoinstallOpenVPNfirst!

Page45of84
ForamoregeneraltechniquetoshareyourYourFreedomconnectionwithmiscellaneous
equipmentlikeXBox,PlaystationsorotherPCsseeUsingOpenVPNandICStoconnectother
PCs,Playstations,XBox.

WhatabouttheWindowsfirewall?
Feelfreetouseit,butdontcomplainifitbreaksthings.Seriously,thereisnoreasonwhy
youwouldneedit,onlyoutboundconnectionsworkonthetunnelinterface.Howeverifyou
suspectyourapplicationstosecretlyopenconnections,thenyes,useit!Ifsomething
doesntwork,trywithout.

Configureyourapplications
Nowthatsthepartyoulllikemost:youdonthaveto!Noneedtoconfigureaproxy,noneed
forsocksifiers.Justmakesureyourapplicationsarenotusinganyproxyandthatshouldbe
it.
NotehoweverthatsinceyourPCisnotconnectablefromtheInternetthroughtheOpenVPN
tunnel,applicationswhorelyonthiswontwork.Ifthemanufacturerswebpagesays
somethingaboutportsthathavetobeopenedinboundinyourfirewall,itlikelywontwork.
ItispossibletocombineOpenVPNtunnelingwithserverportforwards,however.See
Serverportforwardsfordetails.

Troubleshooting
TheOpenVPNtunnelisnotcomingupproperly
Havealookatthemessagelog,itmaytellyouwhy.Ifitdoesnt,createadumpfileandmail
ittous(seeServerportforwards)orcheckitoutyourself.
CheckifthereisstillanotherOpenVPNprocessrunningwhentheYourFreedom
connectionisshutdown.HitCtrlAltDel,sortthetasksbyname,andlookforopenvpn.
TerminateitbeforeyourestarttheYourFreedomconnection.ThiscanhappeniftheYour
FreedomclientisterminatedabnormallybeforeithasachanceofshuttingdownOpenVPN.
TheOpenVPNtunnelopens,butthentheYourFreedomconnectionfails
ThetunnelroutessomehowcutoffyourconnectiontotheYourFreedomserver.Please
generateadumpfileforustheYourFreedomclientshouldbecleverenoughtoavoidthis
butseeminglyisnt.
Whatarethese169.254.xxx.yyyaddresses?
ThatsaclassBnetworkreservedforadhocnetworkingonabroadcastmediumlike
Ethernet.EverystationjustrollsadiceforanIPaddressanddoessomecheckingwhether
itsalreadyinuse.Ifnot,itusesit.
Nooneusesthisnetworkforanything,onlyWindowsdoesintheabsenceofaDHCP
serverorastaticconfiguration.ThenetworkisnotroutedontheInternetandnooneusesit
privately,thatswhywechoseit.Itsveryunlikelythatitcausesanyaddressingconflict
anywhere.

Page46of84
TheotherendofyourOpenVPNtunnelisalways169.254.0.1or169.254.128.1ifyouwant
tocheckwhatpacketdelayisaddedbyYourFreedom,justpingthisIPaddress!
YourPCwillgetanoddaddressfroma/30subnetwithinthisrangeanditwillroute
everythingtotheevencounterpartaddressinthissubnet.

Page47of84

UsingYourFreedomwithoutclient
app
PPTP
Generalinformation
ThenormalwaytouseourserviceisthroughtheYourFreedomclientsoftware.Itwilllet
youdothingsthatyounormallycannotdowithVPNsoftware.Buttherearetimes(and
places)whereyouonlyneedtoensureyougetconnectedwithoutsomeonespyingonyou,
oryouonlyneedtoappeartobeelsewhereandnotwhereyoureallyare.Ifthissoundslike
you,readon.
TheYourFreedomconnectivityserversarenowabletoacceptPPTPVPNconnectionstoo.
PPTPisaVPNtunnelprotocoldevelopedbyMicrosoftandsomemorecompaniesnot
renownedfordesigninggoodprotocolsinfact,PPTPisprettymuchbrokenbydesignin
manyaspects.However,itdoeshaveoneadvantage:nearlyeveryPC,nearlyevery
smartphonespeaksPPTPwithoutanyadditionalsoftware.Contrarytowelldesigned
protocolslikeOpenVPN,PPTPusesacombinationofTCPforthecontrolconnectionand
GREencapsulatedPPPframesforthedatatransport.Thatbyitselfisnottoobad.Butif
youconsiderthatyouneedtouseMSCHAPv2andMPPE128forauthenticationand
encryptionifyouwantatleastsomebitofprotection,andthateachofthesetwoareagain
completelybrokenbydesign,thisiswherethemessstarts.Butyoudon'thavetoworry
aboutthedirtydetails,wehavedonethatforyou.
Nevertheless,it's"the"standardanditisverywidespread,plusitisrelativelysecurewhen
usedproperly.Anditgetsthejobdone.
WhenwouldyouwanttousePPTP?Herearesomeexamples:

Whenconnectedtoapublicwirelesshotspotwithoutencryption,usingPPTPwill
ensurethatnoonecanseewhatyouaredoing.
IfyouliveincountryAandyouwouldliketomakeitlooktosomeInternetservicelike
youactuallyliveincountryB(greatifyouwanttowatchTVbroadcastsnotavailable
foryourcountry!).
Ifyouareinacensoringenvironmentbutthecensoringisonlyverysubtlesome
thingsjustdon'tworkanditalwayslooksliketechnicalfaults.
Ifyourprovideristhrottlingaserviceyou'dliketouse,usingPPTPmightmake
thingsworkproperly(forexample:YouTubeisslowinsomeplacesbecausethe
localproviderwantsittobeslow).
Ofcourse,theYFclientwillhelpyouinallthesesituationsaswell.ASwissarmyknifewill
letyouturnscrewstoo,butascrewdrivermightbethebettertoolattimes,eventhoughyou
cannotcutanythingwithit.Shouldthescrewdriverturnoutnottobepowerfulenough,you
canalwaysresorttoyourtrustedSwissarmyknife.

Page48of84
Theservicelevelyoureceive(FreeFreedom,BasicFreedom,EnhancedFreedom,
TotalFreedom)isthesameaswiththeYFclientapplication.Voucherscanbesentthrough
ourwebpage.YoumayuseyouraccountwithboththeclientandPPTP,butnotbothatthe
sametime.YoulluseasharedIPaddressjustaswiththeYFclient.

IsPPTPsafe?
TheYFclientusesstrongerencryptionandprotectsyourprivacybetterthanPPTP.Still,
PPTPisaboutasstrongasusingHTTPStoaccesswebservers.ItusesRC4witha128
bitmasterkeyandgeneratessessionkeyseverysooften.Notexactlystateoftheart,butit
willprobablydo.Itsbiggestweaknessisthatitreliesonasufficientlystrongpassword.
YoumighthavereadaboutattacksagainstMSCHAPv2.Thisisnotexactlynews.
MSCHAPv2andMPPEbothrelyonthesecrecyofanMD4hashofyourpassword.If
someoneisabletoobtainthisMD4hash,hecannotonlyimpersonateyoubutalsodecrypt
recordeddata.ThebigproblemhereisthatMicrosofthasnot"salted"thehash,andthis
meansthatprecomputeddictionariescanbeusedforbruteforceattacksonrecorded
MSCHAPv2authenticationpackets.Ouradviceis:useaverystrongpassword.Ifyoudo,
PPTPusingMSCHAPv2andMPPEisrelativelysecure.

HowtoconfigurePPTP?
WellexplainherehowtodoitonWindows7.Youllsurelyfindinformationabouthowtodo
itonyoursystemifyougoogleforitthereisnothingparticularaboutourPPTPservice.
First,clicktheWindowsbuttoninthedownleftcornerofthescreenandchose"Control
Panel".Itwilllooklikethis:

NowchooseNetworkandInternet:

Page49of84

Clickon"NetworkandSharingCenter".Inthenetworkandsharingcenterpanel,clickon
"Setupanewconnectionornetwork",thelinklookslikethis:

Choose"Connecttoaworkplace",evenifthatsoundssilly(andyouareprobablytryingto
escapeone),thenclicktheNextbutton:

Nowchoose"UsemyInternetconnection(VPN)",becausethat'swhatwearetryingtodo,

Page50of84
setupanewconnectionthroughyourexistingInternetconnection:

Inthenextstep,youareaskedtoenteranInternetaddresstoconnectto.FillinthePPTP
serverofyourchoice.IfyouknowtheIPaddressortheserver'snameyoumayusethis,but
wesuggestyouusethegenericbycountrynamesweprovide.Inthisexample,wewanta
USbasedserverbutitcouldbe"de"forGermanyor"uk"fortheUnitedKingdomaswell.
YoumayofcourseuseemsXX.yourfreedom.deaswiththeYFclientapplicationaswell,
oranIPaddress.The"Destinationname"iswhatyouwanttocallit,ithasnotechnical
meaning.
Tick"Don'tconnectnow"weneedtochangesomeparametersbeforetheconnectionis
finallysetup.Whendone,clickNext.

Page51of84

Inthenextstep,youareaskedtoprovideyourusernameandpassword.ThisistheYour
Freedomusernameandpassword,asyouwoulduseittologontoourwebpageorasyou
woulduseitintheYourFreedomclientsoftware.Ifyouwant,tick"showcharacters"(itwill
maketypingcrypticpasswordseasierandissafeaslongasnooneisglancingoveryour
shoulder)and"rememberpassword"(safeifthisisyourcomputerandaccesstoitis
restricted).Donotputinadomain.Whendone,click"Create".

Windowswillnowtellyouthattheconnectionisreadytouse,butitisn't.That'swhyyou

Page52of84
shouldclicktheClosebuttonnow.

Inthe"NetworkandSharingCenter"whichshouldstillbeonyourscreen(ifnot,clickthe
Windowsbutton,"ControlPanel","NetworkandSharingCenter"tobringitup),clickon
"Changeadaptersettings"onthelefthandside:

Page53of84
Thiswillshowyournetworkadapters,bothphysicalandvirtual.Thenewlycreated"WAN
Miniport"adaptershouldbeamongthem(itwillclaimitisanIKEv2typeadapter,andthat's
whyweneedtomodifyit).Rightclickonitandchoose"Properties":

Clickonthe"Security"tab,thenchangethedefaultsettings.ThetypeoftheVPNneedsto
besetto"PPTP",andyoushouldsetdataencryptiontomaximumstrengthencryption
(thoughourserverwillnegotiatethatanyway).Removethetickfrom"ChallengeHandshake
AuthenticationProtocol"andleavethetickon"MicrosoftCHAPVersion2"weneedtouse
MSCHAPv2insteadofstandardCHAPbecausethisisaprerequisiteforMPPEdata
encryption.Thewholetabshouldnowlooklikethis:

Page54of84

Nowclickonthe"Networking"tabanduntickeverythingexceptIPv4(itwillmaketheVPN
connectionless"noisy",conservebandwidthandslightlyspeeduptheconnectionsetup).
YoucannotuseIPv6atthistimebecauseourserversdonotsupportityet:

Page55of84

Whendone,click"OK".
Nowyouarereadytogo.Thereareseveralwaystobringuptheconnection.Whatworks
foreveryoneisthis:clicktheWindowsbutton,then"ControlPanel","NetworkandSharing
Center","Connecttoanetwork".(Ifthereisanetworkingiconinyourtaskbaryoumay
simplyclickonitinstead.)Thisbringsupyourlistofavailableconnections:

Page56of84

Clickontheoneyouwant,thenclick"connect":

Putinyourpasswordifyouhaven'tsaveditduringthesetupprocess,thenclick"connect",
andoffyougo!Therewillbeseveralstatusmessagespoppingup,andoncetheyaregone
youshouldbeconnected.Youcanverifythisinyourconnectionlist(seeabove)itwillnow
tellyouthatyouareconnectedviatheYourFreedomconnection.Todisconnect,clickon

Page57of84
theconnectionintheconnectionlistandchoose"disconnect"simpleasthat.
Atonepoint,apopupwindowwillaskyoutoseta"networklocation"forthenew
connection.Werecommendthatyouchoose"publicnetwork"toavoidunnecessary
securityrisks:

Whatifitdoesntwork?
Areyoureceivingthismessageduringtheconnectionsetup?

Itmeansthatourserverhasdeniedyourlogin,eitherbecauseusernameand/orpassword

Page58of84
werenotcorrect,oryouraccounthasbeendisabled,oryouare(asaFreeFreedomuser)
overtheaccount'stimebudget,orthereisaproblemwithourserver.Unfortunatelywe
cannottellyouwhichoneoftheseisthereason.Iftheproblempersistsandyouaresure
yourusernameandpasswordarecorrect,trytologintoourwebpageandseeifyour
accounthasbeendisabled.Ifnot,checkwhetheryouareoverthetimebudget
(FreeFreedomusersonlyjustlogin,thenclickon"Account").Enablingloggingwon'thelp
youatall.
Ifyouhappentoseethisduringtheconnection:

itmostlikelymeansthatourserverhaskickedyouout.YourFreeFreedomaccountmight
beoverthetimebudget,oryouraccountgotdisabled.Trytoreconnect.Ifthatworks,itwas
mostlikelysometechnicalproblem(atimeoutorwhatever).Ifproblemspersist,notedown
theexacttimeandcontactsupportaboutit.

SharingthePPTPconnection
YoucanuseWindows'Internetconnectionsharingfunctionality.You'llfinditinthe
propertiesofthevirtualnetworkadapter(seeabove).Pleasenotethatyoucannotshare
yourconnectionwithothercomputersthatareonthesamenetworkthatyouusetorunthe
PPTPtunnelover.Anexamplewouldbesomeoneinacomputerlabconnectedthrough
EthernetyoucannotsharetheconnectionwithotherPCsonthesameEthernet.Inorder
tosharetheconnection,theothercomputers(PlayStations,whatever)needtobe
connectedtoanEthernetinterfacethatyoudonotuseforanythingelsesoputina
secondEthernetcardifyourcomputerdoesnothaveasecondEthernetinterface.Itisnota
goodideatousethesamephysicalinfrastructure,i.e.thesameEthernetswitch,sinceICS
runsitsownDHCPserviceandwillconfusetheupstreamconnection.

DNSservers
Unlessyouexplicitlyconfiguresomethingelse,thePPTPconnectionwillnegotiatetheuse
ofGooglesDNSservers.Googlewillnotknowwhoyouare,theyonlyseeourserversIP
address.

MorethanonepredefinedPPTPconnection?
Youmayconfigureasmanyconnectionsasyouwant,butitisnotrecommendabletobring
upmorethanoneatatime.Forexample,youcoulddefinedifferentconnectionsfordifferent
countries.Justfollowtheprocedureabovetosetupmoreconnections.Toremovethem

Page59of84
again,opentheadapterpanelanddeletetheadapter(thisiswhereyoucanrenamea
connection,too).
Ifyouareaskingwhetheryouandyourfriendcanusethesameaccountatthesametime,
theanswerisno.YourFreedomaccountsgenerallyonlyworkforonepersonatatime.Ifa
secondconnectionisestablished,thepreviousconnectionisterminated.Ifyouareatthe
sameplace,youcansharetheconnectionasexplainedabove,though.

Page60of84

Accounttypes:Timebasedupgrades
andvouchers
FreeFreedom(usagefreeofcharge)
Weofferaverybasicserviceforfree.ItisgoodenoughtomakeyourselffamiliarwithYourFreedom
andtestwhetherornotyourapplicationwillworkwithYourFreedom.Itmightbeallyouneed,inwhich
caseyouarewelcometouseitasmuchasyoulike.
ThereareseveralrestrictionsintheFreeFreedomprofile.Firstofallthebandwidthislowandthe
numberofconcurrentstreamsislowaswell(butenoughforchatting,websurfing,etc.).Thenthereisa
connectiontimelimityoucanonlybeconnected5hoursinaweekinterval,andonly2hoursinany
24hoursinterval,alsoafteronehouryoursessionisdisconnected,butyoumayconnectagain
immediately.

Afterthedailyorweeklyusagelimitisreached,userswon'tbeabletoconnectagain.You
willseeamessagetellingyouaboutthis,indicatingtheapproximatetimeatwhichyouwill
beabletoconnectagain.

Upgradesandvouchers
Ifyouwouldliketohavemorebandwidth,moreconcurrentstreams,orotheradditionalfeatures,oryou
wouldsimplyliketosupportoureffortstoprovideunrestrictedInternetaccesstoeveryone,consider
buyinganupgrade.Thetablebelowdetailsallavailabletimebasedupgrades,theirfeatures,andtheir
prices(inEuros).

Free

Basic

Enhanced

Total

64
Kbit/s

256 Kbit/s

4 Mbit/s

unlimited

Concurrent Streams

15

50

100

200

Web Proxy

Socks Proxy

OpenVPN mode

PPTP mode

SOCKS5 mode

Link encryption

HTTP connection

HTTPS connection

CGI connection

Bandwidth

Page61of84
FTP connection

UDP connection

DNS connection

ECHO connection

Relaying permitted

6 hours

unlimited

unlimited

unlimited

(5)

1 month package

Free

4.00

10.00

19.99

3 month package

Free

10.00

28.00

57.99

6 month package

Free

17.00

50.00

109.99

12 month package

Free

30.00

95.00

199.99

Connection time
Server Ports

Tobuyupgrades,pleasevisitourwebpageathttps://www.yourfreedom.net/,loginwithyour
account,thenclickontheAccounttab.Thereisacurrencycalculatoraswellifyoudlike
toconvertthepriceinEurostoyourlocalcurrencyoratleastoneknowntoyou.Foryour
orientation,1roughlycorrespondsto1.30US$(atthetimeofwriting).
OnAndroid,justvisittheinappshop.Itwillletyoupurchaseaccountupgradesthesamewayasyou
canpurchaseapps.

Whenyoubuyanupgrade,youraccountprofileusuallygetsupdatedwithinminutes(youll
receiveanemailwhenithappensandyoullnoticeifyouareconnected).Howeversome
paymentmethodstakelongerthanotherstocomplete.PleasevisitourPricespageon
https://www.yourfreedom.net/tolearnaboutdetails(loginfirsttoseeeverything).Newly
boughtpackagesareinstantlyactivatedotherpackagesthathavenotexpiredyetget
suspended.HoweveryoumayusethearrowbuttonsonthePricespagetomoveyour
packagesaroundanytimeanddecidewhichofyourpackagesiscurrentlyactiveandwhich
aresuspended14 .
PleaseconsiderbuyingapackageifyouuseYourFreedomregularly,evenif
FreeFreedomisenoughforyou.Serversdontgrowontreesandsupportstaffand
developersliketheoccasionalpaycheckaswell.

Vouchers
Vouchercodesaresequencesofcharactersthatyoucanfillintoaformeitherinthe
websiteordirectlyintotheYourFreedomclienttocreatepackages.Youreceiveavoucher
codefromusaspartofapromotionorasacompensationforserviceproblems,orasan
expressionofourgratitudeforsomethingyouhelpeduswith.Youcanalsobuyvouchers
fromusinseveraldenominationsasvouchercarnets.Ourvouchersarevalidforoneyear
14

Yes,thiscanbeusedtoprotectamoreexpensivepackagefromexpiring.

Page62of84
fromthedayofpurchase.
OurvouchercarnetscanbeusedtotemporarilyupgradeyourYourFreedomaccountwitha
packagewithouthavingtopayforafullmonthandnotusepartsofit.Alsovouchercarnets
aretransferrable(i.e.notlinkedtoanaccount)andcanbeusedseparatelyatanytime.
VouchercodescanbeaddedtothevoucherpanelintheYFclient.Simplytypeinthecode
(casedoesnotmatter)andclickAdd.Youcanimportwholevouchercarnetsinonegoif
youusethelabelweveemailedyouinsteadofindividualvouchercodes.15
Ifyoudonthave
ourconfirmationemailathand,justlogintoourwebsiteandvisittheACCOUNTsection.It
issafetoaddvouchersorwholecarnetsonseveralinstallationsofYFandevenwith
differentaccounts,butyoumayuseeachvouchercodeonlyonce.Clickupdateto
automaticallycheckwhichcodeshavebeenusedinthemeantime,andcleanupto
removeallusedcodesfromthelist.
Touseaparticularvouchercode,highlightitthenclicksendsel..OnAndroid,ifyou
highlightacategoryofcodes,thefirstunusedvouchercodeinthiscategorywillbesent.
If,forwhateverreason,youcannotusevouchercodesdirectlyfromwithintheYour
Freedomapplication,youcansendthemthroughthewebsiteinstead.
PleaseseetheVoucherFAQonourwebsiteforfurtherdetails.

Testdrives
Ifyouareconsideringbuyingapackagebutarenotsurewhetheritwillbewhatyouexpect,
howaboutatestdrive?Logintoourwebpageathttps://www.yourfreedom.net/on
Prices,andclickontheTryBeforeYouBuylinkontheleft.Everyoneiswelcometotry,
butnoticethatweonlyallowtestdrivesforaccountsthathavenotjustbeencreatedand
thathaventtestedextensivelyalready.Also,werefusetestdrivesforaccountsthathave
beeninvolvedinpaymentreversalsbefore.However,oursupportstaffcanhelpyouout
shouldyouneedadditionaltestingjustsendanemailtosupport@yourfreedom.net.
Duringatestdriveyoullreceiveallthebenefitsoftheselectedpackage,andwhatsmore,
youmayevenswitchfromonepackagetypetoanothertotestthemall.SimplyvisittheTry
BeforeYouBuypageagaintomodifyorendyourtestdrive.
Aswithboughtpackages,itmaytakeafewminutesforupdatestopropagatetoallservers,
andyoumayhavetorestartyourconnectionoreventheYourFreedomclienttoseethe
difference.
Withthelatestclientversions,youcanactivatetestdrivesfromtheAccountProfilepanel
(desktop)orthebuiltinappshop(Android).YouneedtobeconnectedtoanYFserverto
initiatetests.

15

OnAndroid,ifyoupurchasevouchercarnetsfromthebuiltinshoptheywillgetaddedautomatically.

Page63of84

AdvancedTopics
PortForwards
PleasenotethatthischapteronlyappliestothedesktopversionofYourFreedom,notthe
Androidapp.

Localportforwards
OnepossibilitytoallowanapplicationtoconnecttoaserviceontheInternetviaYour
FreedomistomirroraportontheInternet.Justimaginetheresaserverouttherewitha
certainIPaddressanditslisteningtoSSHconnections.YouwouldliketoSSHtotheserver
butyourSSHclientdoesnotsupportSOCKS.Inthiscaseyouwouldsimplyconfigurea
localportforwardsimilartothisone:

NowinsteadofconnectingviaSSHtosome.host.somewhereonport22,yousimply
instructyourSSHclienttoconnecttolocalhostonport2222.YourFreedomwillputthe
connectionthroughforyou.NotehoweverthatiftheremotehostisunreachabletheSSH
clientwillstillseeaworkingconnection,butitwilltimeoutquickly.
Thisisjustoneofmanyexampleshowyoucanusethisfeature.Generallyspeaking,ifyour
applicationneedstoonlyconnecttoaparticularhostonaparticularport,localportforwards
aretherightchoice.

SIPforwards
Yes,thatstrue!YoucanuseSIPphoneswithYourFreedomaswell!Wehaveseen
reportsthataudioonlyworkedinonedirection.Oncewecanfindthetimewellcontinueto
workonit.Notehoweverthatthisisstillinearlybetaphaseanditmaynotworkproperlyin
anycase,OpenVPNmodewilllikelywork.
Ifyoudliketogiveitatry,hereiswhatyouneedtodo.AssumeyouareusingaSIPserver
calledsip.sipgate.deonport5060,thewellknownportforSIP.IfyouconfigureaSIPport
forwardlikesthisone

Page64of84

itwillturnyourlocalPCintoamirrorimageoftheSIPserver.Soinsteadofconfiguring
sip.sipgate.deinyourSIPphone,configurelocalhost.DisableSTUNifyoucan,its
meaninglessinthiscontext(butwillonlymakethingsslower).
SIPforwardingisacomplextasknotonlydoestheYFclienthavetoforwardallrequests,it
alsohastosetupUDPforwardsdynamicallyforallaudioand(thatsright!)videostreams.
WehaventtestedthiswithmanydifferentSIPprovidersandphones,soitslikelythatmany
ofthemdontworkyet.Weliketohearfromyou!
SIPforwardingwillonlyworkwithUDP,notTCP.Nearlyallclientsandserversuse
UDP.Also,notethatusingaSIPphoneconsumesacertainamountofbandwidth
(dependingontheCodecsyouareusing)theFreeFreedomprofilewilllikelynotbefast
enoughtosupportSIPforwarding(thevoicewillbreakup).

Serverportforwards
WouldyouliketomakeyourPCreachablefromtheInternet?Thenserverportforwardsare
foryou.CheckouttheAccountProfilepanelafterconnectingifyouseeremoteports
forwardedthereyoucanusethisfeature.(Youcanconfigureitaswellifnoportsare
forwardedtoyou,butitwontdoathing.)Forwardedserverportsareabletohandleboth
TCPandUDPtraffic.
Itisimportanttounderstandthatyoucanonlyforwardserverportsthatareassignedtoyou
(i.e.appearinthelistofremoteportsforwarded).Soletsassumeyouhaveports
assigned.Addforwardslikethis:

Itisnotabsolutelynecessarytousethesamenumbersforremoteportandlocalport,
butwehavefoundthatmanyapplicationsaretoosillytoannounceanotherporttothe
networkthantheyactuallylistenon.Forexample,BitTorrentclientsusuallycanannounce
differentexternalIPaddressesandports,but99%ofalltrackerswillsimplyignorethis.So
usethesameportonbothends(byconfiguringyourapplicationaccordingly)anditwillall
workbysheermagic.

Page65of84
Also,wecannotassignportsthatyourequest,forthesimplereasonthateveryone
wants6881andsuch.Pleasedontask,youcanonlyusetheportsthathavebeen
automaticallyassignedtoyourprofile.
Typicalusages:

GettingRemoteAccesstoyourPC,e.g.rdesktop,VNC,SSH
GettingHighIDineMule
SpeedingupofBitTorrentdownloads.

CurrentlyServerPortForwardsareonlyincludedintheTotalFreedomupgrade

ConnectionSharing
Relaying
Ifyourprofilesupportsrelayingandyouhaveturnedonthe"relayforothers"option,other
peopleinyourlocalnetworkwillbeabletoconfiguretheirbrowsersandapplicationstouse
yourcomputerasaproxyserverjustthesamewayasyoudo.Alltheyhavetodoisspecify
yourcomputerIPnumberand8080(orwhateverportyouhaveunderwebproxy)or1080
(sockproxy)intheirapplicationswhereaproxyserver:portisrequired.
Typicaluseisforroommatesinadormorcolleaguesinthesameoffice.

UsingOpenVPNandICStoconnectotherPCs,Playstations,
XBox,etc.
IfyouwouldliketoconnectotherPCs,PlayStations,VoIPphones,whatevertotheInternet
throughtheYourFreedomconnection,allyouneedisasecondnetworkinterfaceinstalled
inyourPC.Makesureitisn'tusedforanythingelse.Youneedtoconnectyourother
PCs/PlayStation/etc.tothisnetworkinterface,eitherdirectly(crossovercable)orviaasmall
switch/hub.Donotusethesameswitch/hubasforyourotherEthernetinterface(unlessit
providesVLANs)!AnotherthingthatyouneedtoensureisthatyourotherEthernetinterface
doesnotusethe192.168.0.0/24networkifitdoes,reconfigureyourDSL/cablerouterto
useadifferentnetwork.
OpenStart>ControlPanel>NetworkConnections.FindtheunusedLANinterface(it's
probablycalled"LocalAreaConnection2"butdon'trelyonit)youneedtheexactname.
ThenfindtheTAP32interfaceofOpenVPN.Rightclickonitandchoose"Properties".Click
onthe"Advanced"tab.Tickthe"Allowothernetworkuserstoconnectthroughthis
computersInternetconnection"boxandchoosethenetworkinterfaceinthedropdown
menubelowthatconnectstoyourotherPCsorPlayStation.Click"OK"andclosethe
NetworkConnectionswindow.

Page66of84
That'sityourotherPCs/PlaystationsshouldnowbeabletoconnecttotheInternetthrough
YourFreedom'sOpenVPNconnectionwhenitsup.

WilltetheringonAndroidworkwithYourFreedom?
Theshortbutunsatisfactoryis:no,unfortunatelynot.
Thereareseveralreasonsforit.Firstofall,theAndroidVPNAPIdoesnotprovideameans
tosetupaddresstranslationontunnelinterfaces.Thesecondreasonisthattetheringwill
notprovideadefaultgatewaytoyourPCwhenaVPNconnectionisactive.Wearesure
Googleconsiderstheseshortcomingsasecurityfeature.
YoucanofcourseinstallthePCversionofYourFreedomonyourPCandrunthisversion
insteadtheAndroidapp,whileusingyourphonesconnectivitytogetconnected.

IPv6
TheYFclientcanuseIPv6toconnecttoYFservers.IPv6addressescanbereached
throughtheSOCKS5andlocalportforwardfacility,butnotviaOpenVPNmodeorweb
proxy.PleasenotehoweverthatnotallofourserverssupportIPv6.
IfyouarehavingproblemsconnectingtoYFservers(orevenfindthem),itisagoodideato
tryandenableIPv6onyourPC(ifitisnotalreadyenabled).Also,enableallkindsof
tunnelingmechanisms,youneverknowoneofthemmightworkwhereyouare.:)
OnWindowsVistaandWindows7,bothIPv6andTeredotunnelingareenabledbydefault
butunlessyourPChasaglobalIPaddresstunnelmechanismswon'tworkoutofthebox.
Tomakeitwork,clickon"Start",thentype"cmd"butdonothitEnter.Waituntilthe
"cmd.exe"applicationappearsinthesearchlist,thenrightclickonit,choose"Runas
administratorandconfirmthedialog.Intheblackcmdwindow,type
netshinterfaceipv6showteredo

If"status"is"offline"trythiscommand:
netshinterfaceipv6setteredoenterpriseclient

Waitabitthencheckthestateagain:
netshinterfaceipv6showteredo

Itshouldtellyouthat"status"is"qualified"or"dormant".Whendonetype"exit".
WithWindowsXPSP1/SP2,Teredoisshippedaswellbutnotinstalledbydefault.Youcan
easilysortthatthoughbyopeningacmdwindow(clickStart,thenclickRunandtypecmd)
andtypingnetshinterfaceipv6install",thenproceedasabove(orjusttype"netshinterface
ipv6setteredoenterpriseclient").
YoumightwanttouseadifferentTeredogatewaythanthedefaultifyesappendittothe
"setstateenterpriseclient"command.IfyourPCisnotbehindaNATrouteryoucanuse
"setstateclient"instead.
UnlesssomeonefiltersTeredothisshouldgiveyourPCfullIPv6connectivity.TheYFclient

Page67of84
willautomaticallynoticeandtryIPv6.

FinetuningCGImode
Generally,CGIconnectionmodeistheslowestofallpossibleconnectionmodes.Thisis
duetothewayitworksitneedstoaccumulatedatabeforeitsendsitofftotheotherside.
Butyoucanadjustafewknobsandtrytomakeitfaster.
First,locatethe"ems.cfg"configfile(seeAppendixC).Thisfilecanbeeditedwithanytext
editor,forexampleNotepad.EnsuretheYFclientisNOTrunningwhenyoueditthefileor
yourchangesmaybelost.Itisdifficulttobreakthisfilesodon'thesitatetotry...
TherearefourvaluesthatcontrolthetimingofCGIconnectionsandyoucanchangeanyof
them.Wednotrecommendchanginganyoftheselimitsexceptperhaps
"cgi_uplink_maxdelay".Herearetheparameterswiththeirdefaultvaluesandtheirmeaning:

cgi_uplink_maxdelay.Defaultsto500milliseconds.TheYFclientwillaccumulatedatafor
atmostthistimeuntilitinitiatesanewuplinkconnectionnomatterhowmuchdatahas
beenaccumulated.Youmightwanttosetthistoalowervalue,maybe200milliseconds.
cgi_uplink_urgentdelay.Defaultsto20milliseconds.TheYFclientwillusethisvalue
insteadofthepreviousvaluewhenithasframestodeliverthatareconsideredurgent,for
exampleacknowledgements.
cgi_uplink_threshold.Defaultsto3.Ifthismanyframes(YFdataunits)aretobedelivered,
anewuplinkconnectionwillbemaderightaway.Settingthisto1willeffectivelydisable
dataaccumulationandmakeyourconnectionmuchmoreresponsive,butitwillalso
createmuchmoreoverhead.Ifyoudon'tcareabouthowmanyconnectionsaremade
andhowmuchoverheaditgenerates,setthisto1anddon'tworryabouttherest.
cgi_uplink_mindelay.Defaultsto1millisecond.Thisistheminimumamountoftime
betweentwouplinkconnections.Youshouldnotsetitto0andmostpeopleshouldnot
havetoincreaseit,butifyournetworkconnectiondropsconnectionattemptsthatappear
inbursts,trysettingittoahighervalue!
cgi_downlink_connect_timeout
Allthesevaluesnormallydonotappearintheconfigfileandarenotconfigurablethroughthe
frontend.Justaddlinestothefile(itdoesnotmatterwhere)thatcontainthenameofthe
value,aspace,andthenumericvaluetowhichyouwouldliketosetit(nounit).
Optimumperformanceisprobablyachievedbysettingcgi_uplink_thresholdto1and
cgi_uplink_mindelaytomaybe20.Tryit,youcantbreakanything,ifitdoesn'tworkjust
removethelinesagain.

Page68of84

Appendices
AppendixA
Troubleshooting
TheYourFreedomclientcomeswithbuiltintroubleshootingfacilities.Thereisthemessage
logthatyoucanaccessfromtheMessagestab(youmaysaveittoafileaswell)butthis
willonlyhelpyouineverydaysituations.Formoredetailedtroubleshootingyouneedtorun
YourFreedomindumpmode,andyoumighthavetouseapacketsnifferaswell.

Whydoesmyapp/gamenotwork?16
Thereisofcoursenoofftheshelfanswertothisquestion.Butthefirstthingyoushouldlook
atisthestreamspaneloftheYourFreedomclient.Doestheapplicationcreatestreams
therewhenyouuseitbeforeitcomplainsthatitcannotconnect?Ifno,thenitislikelynot
properlyconfigured.Seeifyouvegottheproxysettingsintheapplicationrightifitsrunning
onthesamePCastheYourFreedomclient,uselocalhostor127.0.0.1astheproxy
hostaddress,and1080(SOCKS)or8080(web/http/https)astheproxyport.Ifitsrunning
onanotherPC,besureyouhaverelayingenabled(Portspanel)anditspermittedbyyour
profile17 (AccountProfilepanel),andyouveusedtheYourFreedomPCslocalLANaddress
astheproxyhostaddress.
ThencheckthemessagepanelintheYourFreedomclientdoyouseeblockedprotocol
messagesthere?YouneedtouseanotherYourFreedomserverthen,theoneyouare
usingrightnowisnotsupportingaprotocolthatyouneed.
Pleasehavealookatouronlinedocumentationifyouarehavingtrouble.Weknowitsnot
perfectandtheintroductionpageisanoutrightshamebuthavealookanyway,thereis
moreintherethanyoumightthink.https://www.yourfreedom.net/4/
Anotherplanmightbetohavealookattheuserforums.Maybesomeoneelsehadthe
sameproblembefore?Theforumscanbefoundathttps://www.yourfreedom.net/2/.

Performingaspeedtest18
AspeedtestisaveryexpresswaytoknowhowmuchtrafficperunitoftimeyourYour
Freedomconnectioncanhandle.Forthisyouneedtogenerateenoughapplicationtrafficto
saturatethelinkbetweentheYourFreedomclientandtheYourFreedomserverinboth
directions.Soeitherrunanapplicationofwhichyouknowthatitwillusethefullbandwidth,
oruseYourFreedomsbuiltintrafficgenerator.Inordertouseit,starttheclientandcreate
alocalportforwardfromsomeport(e.g.1234)toavirtualhostcalledspeedtest"onport0.
Thenopenacommandshell(inWindows,clickon"Start",choose"Run",thentypecmd").
Inthisshell,typetelnetlocalhost1234"(orwhateverportyou'veused)thespeedtestwill
16

NoapplicabletoAndroidapp
Atthetimeofwriting,relayingispermittedtoallusers.
18
NotavailableonAndroid
17

Page69of84
thenrunforoneminute,atthehighestspeedpossible.Notethatduringthespeedtest,all
speedrestrictionsstillapply.Youwon'tgetahigherbandwidthreadingthanyourprofileor
slidersettingspermit,butyoushouldseethebandwidthgouptoyourslidersettingsif
youdon't,somethingelseislimitingyourspeed.Itcouldbe(andlikelyis)thespeedofyour
Internetconnection.TryadjustingtheuplinkspeedtotheactualspeedofyourInternet
connection(e.g.manyDSLconnectionsonlyallow256Kbit/sor384Kbit/sinuplink
directionadjustthesliderslightlybelowthisvalue),thismightimproveyourthroughputin
theoppositedirection.Pleasenote:Thistrafficgeneratorfeatureismeanttobeusedfor
troubleshootingpleasedonotuseitfrequently.Thebestreasontorunaspeedtestisthat
we'veaskedyouto!
Forbesttestresults,youneedtorunmultiplespeedtestsinparallel.Anindividualstream
willlikelynotbeabletosaturateafastconnection.

Creatingadumpfile
Desktop
DependingonhowyoustartYourFreedom,therearedifferentwayshowtostartitindump
mode.TheWindowsinstallerversioncanberunindumpmodefromtheStartmenuifyou
arerunningtheclientfromthecommandline,usetheoptiondump[=outputfile]toactivate
thedumpmode.IfitisrunusingtheStartmenuorifthe"outputfile"isleftomitted,thedump
filewillbeproducedonyourdesktopexceptforUnixlikesystems,inwhichcasetheywillbe
storedinyourhomedirectory.Notethatthereisadropinperformancewhenyouactivate
thismode,andthedumpfilemaygrowprettybigovertime.
Normally,theclientdoesnotdumpanyactualpacketdataifthatsneededwellprovidea
modifiedclientonrequestthatdoes.
Donthesitatetohavealookatthefile,someofitprobablymakessensetoyou,someofit
willonlymakesensetothedevelopers.Ifyoumailusabigdump,pleasecompressit!Putit
inaZIPor7zorwhateverarchivefile,butpleaseavoidanyproprietaryfeatures(e.g.WinZIP
10sAESencryptionmode).
Ifyouarehavingconnectionproblems,ithelpsifyouruntheWizardindumpmodeaswell.
Android
OpentheconfigurationmenuthenclickGeneralSettings.Ticktheenabledumpmode
checkbox,ItisrecommendedthatyoualsotickcompressusingGZIPitwillspareyouthe
additionalstepofcompressingthedumpfilebycompressingitonthefly.Donottick
extensiveunlesswehaveaskedyouto(oryouarereallycurious).Yourdumpfilewill
appearontheSDcardinadirectorycalledYourFreedomDumps.Youllprobablyneedan
applikeESFileExplorer(highlyrecommended!)toemailittous,oraccessitby
connectingyourphoneortablettoyourPC.

Usingapacketsniffer19
Thisisbaremetaldebuggingandnotforthefainthearted.Theremaybesituationswhere
oursupportstaffasksyouifyoucanuseapacketsniffertotroubleshootconnectionor
19

HardlyapplicabletoAndroidIguess:(

Page70of84
applicationproblems.Ifyoucan,werecommendusingWireshark(availablefrom
www.wireshark.orgorwww.ethereal.orgEtherealisthehistoricalnameofWireshark).In
mostcasesyoushouldrunWiresharkonthesamePCastheYFclient,andyoushould
eithercaptureontheinterfacethatconnectstheYFclienttotheYFserveroronthe
interfacethatconnectsotherPCstotheYFclientPC,dependingonthenatureofyour
problem.Letthecapturerun,thenrecreatetheproblem,thenstopthecapture.Savethe
capturetoafileandmailittous(again,welikeitifyoucompressit).

Updatingtheclient
Itishighlyrecommendedthatyouupdateyourinstallationfromtimetotimetoensureyouve
gotthelatestbugfixesandfeatures.
UpdatingtheYFclientinstallationisveryeasyonWindowsandonAndroid:justusethe
builtinupdatefunctionalityandfollowtheindividualsteps.If,forwhateverreason,youneed
toupdatemanually,followthissimpleprocedure(Windowsonothersystemsthe
procedureissimilardownload,uninstall,install):
1. Checkonhttps://www.yourfreedom.net/index.php?id=downloadsfornewversions,
comparetheversionnumbertotheonedisplayedonthe"About"screenoftheYFclient.
2. Ifthereisanewerversionavailable,considerdownloadingit.Wesuggestyoualways
keepthedownloadedfilesofpreviousinstallationsuntilyouaresurethatthenew
versionisworkingproperlyforyousoyoucanreverttoit.Previousversionsarealso
availablefromourwebsiteincaseyouneedtorollback.
3. Onceyou'vedownloadedthenewversion,disconnect,thenexittheYFclient.
4. UninstallthecurrentversionthroughStartProgramsYourFreedomUninstallor
throughthecontrolpanelofWindows.Whileitissafetoinstallnewversionsover
previousversionsifyouensurethatyoualwaysusethesameinstallertype,wedonot
recommendit.YoursettingswillnotbelostbyuninstallingtheYFclient.
5. Installthenewversionbyrunningthedownloadedfileandfollowingthestepsonthe
screen.
Ifyoufindthatthenewversionfailstodosomethingproperlythatthepreviousversiondid,
pleaseletusknow(includebothversionnumbersifpossible,andtelluswhichinstalleryou
areusing,NSIthesmalloneorJETthelargeone).Tellustooifitfixesaprevious
problem.(Noneedtotellusyouarenowabletogetconnectedagainwhenyouweren'table
previouslywellnoticeitstatistically.:)

Page71of84

Thereleaseversionsoftheclientaregeneratedasfollows:
YYYYMMDDSerial

YYYY=Year
MM=Month
DD=Day
Serial=CountinguponthatDay.

Example:2004050702,2ndVersiononthe7thofMay2004.

OnAndroid,updatesareautomaticallyprovidedthroughGooglePlay(andwerecommend
thatyouenableautomaticupdatinginGooglePlay).Ifyouprefertouseourownbuiltin
updatingfunctionality,finditinthesettingsmenu.

Countryinformation
Countryspecificplans
YourFreedomhasspecialplanscreatedforthoseconnectingfromcertaincountriesin
whichaccesstotheInternetishighlyrestricted.Weomitthelistofthosecountrieshere.
Moreinformationcanbefoundonourwebsite.
Inthosecountries,theFreeFreedomaccounttypebehavesdifferent.Dependingonthe
countryyoureconnectingfrom,theFreeFreedomcanexhibitvariationsintheusagelimits.
Asageneralruleusagelimitsareeasedallowingforanuninterruptedconnectiontime.Also
theusual64kbpsbandwidthcangoupto512kbpsinsomecases.Theybecomeactive
oncetheuserconnectsfromtheaffectedcountry.Theusualoutcomeistheuserscanstay
connectedforaslongastheywantwithoutlimitationfromourside.
Pleasenotethatitissometimestechnicallyimpossibletodeterminewhetherornota
connectioniscomingfromacountrythatisonourlist,particularlyifyouuseDNS
connectionmode.

Serveravailabilitybycountry
Someofourserversmaynotbeavailabletousersfromallplacesatalltimes.Wemayset
upsuchlimitationstopreventserversthatarestrategicallypositionedtothoseinneedfrom
beingoverloadedbythosewhoshouldreallyuseotherservers.
Anotherreasonmightbeselfdefense,likeprotectingaserverfrombeingabusedby

Page72of84
spammers.MostoftheSPAMwehavetofightcomesfromonlyahandfulofcountrieswe
mightattimesberequiredbyourproviderstoclosethefloodgates.
Thereareserversforeveryoneneverthelessandconnectionisalwayspossibletothem,no
matterwhatcountryyouarein.Justtrytheserversonthelist.

Afewserversmaydenyconnectionfromcertaincountriesasameasureof
protectionagainstabuse.Whenausergetsdenieditsconnectionattemptbecause
ofapolicyappliedtothecountrytheyaretryingtoconnectfrom,theYFclientwill
produceanerrorsayingAUTHENTICATIONNOTVALIDFORYOURCOUNTRY
OFRESIDENCE.Tryingadifferentserverisrecommended.

Tweaks
TweaksarebasicallysetsofrulesandhardcodedbehaviorintheYFclienttomake
connectionspossibleinsomespecificnetworkconditions.Mostpeopledontneedthese
andcansafelyleavethemdisabledsoifyouareabletoconnect,donotenabletweaks.
Theirnamesareveryexplicit.Theyhavebeenaddedafterwehavelearnedhowtomake
theYFclientconnectincertainconditions(normallyverywellrepresentedincertain
countries)whennormaltechniquesdontseemtowork.Ifyou'vegotacleverwayto
configuretheYFclienttoconnecttoitsserversinsomeunusualnetworkingsituation,
pleasetellusaboutit.

Page73of84

TheYourFreedomclientconfigurationfile20
Theconfigurationfileisstoredinyour"homedirectory"andit'scalledems.cfgon
WindowsandOSXand".ems.cfg"onUnixplatforms(yes,twodots).
Ifyouwanttocopythefileoreditit,besurethattheYourFreedomclientisnotrunning!The
fileisplaintextandyoumayedititwithyourfavoritetexteditor(forexample,picoorvion
Unixsystems,ornotepadinWindows).

Where'smyhomedirectory?
WithUnixlikesystemsyouprobablyknowbecauseyouarethereallthetime.Inmostcases
thereisadirectorycalled"/homecontainingasubdirectoryforeachuser,byhisorher
usernameyoushouldfindyourhomedirectory"there.Theconfigfileems.cfgor
".ems.cfg"isinthere,youjustmightnotseeitbecauseit'sa"hidden"fileinUnix
terminology,startingwithadot.Trytoappend"a"tothe"ls"command.
WithWindowsVistaandWindows7,openanExplorerandgoto"C:\Users".Inthere,there
isadirectoryforeachuserthedirectorynameisusuallyequivalenttoyourloginname.This
directoryisyour"homedirectory",or"%HOMEPATH%"inWindowsenvironmentterms.In
thereyoushouldfindadirectorycalledAppData(ifyoudont,disablehidingofsystemfiles
asexplainedon
http://www.techrepublic.com/blog/windowonwindows/quicktiprevealhiddensystemfilesinwindowse
xplorer/2467),thenLocal,thenYourFreedom,andtheconfigfile"ems.cfg"isinthere.

InolderversionsofWindowsthehomepathislocatedinC:\DocumentsandSettings(or
equivalentinyourlanguage)again,theresadirectoryforeachusershomedirectory.
AruleofthumbtofindyourhomedirectorywouldbeexecutingcmdfromtheRun
window.

Youllfindyourselfinfrontofablackterminalwithablinkingcursor.Thetextattheleftisthe
pathforyourhomedirectory.
C:\Users\myusername>_

Configurationoptions
20

ThereisnoconfigfileonAndroid.

Page74of84
Note!Someoftheoptionsbelowaremarkedashidden,whichmeansthattheyarenot
accessiblethoughtheConfigurationwindowbutonlythroughatexteditor.Theseoptions
areforthosewhoknowexactlywhattheyaredoing(oratleastthinktheydo).Please
consultoursupportstafffirstifyouareunsure.
Alloptionsarecasesensitive,besuretouselowercase!Thereareoptionsthatcanonly
appearonceintheconfigfile(type:single),otherscanappearmorethanonce(type:multi).
Optionsthattakeonlyasinglevaluewilltreateverythingaftertheleadingwhitespaceaspart
ofthevalue,includingwhitespace,sowatchoutanddontputwhitespaceattheendofthe
lineifyoudontwantto.Youmayusecommentsaswell(theystartwitha#inthefirst
column)buttheywillbegonenexttimetheclientsavestheconfig.
Nowherecomesthealphabeticallistenjoy!

Option

Description

Type

Arguments

aes

Enableordisablestrong
(AES)encryption

boolean
optional

true(default)or
false

autoscroll_messages

Scrollmessagewindow
automaticallywhennew
messagesappear

boolean
optional

trueorfalse(default)

avoid_dns

UsetheserversIPaddress,not
thehostname(ifknown)

boolean
optional

trueorfalse(default)

bandwidth_unit

Displayunitforbandwidths

integer
optional

"bit/s"(default)or
"Bytes/s"(EXACTLY!)

barf

Crashreports

multiple
base64
fyi

Containsbase64
encodedcrashreports
notyetsenttous.
Thesereportsdonot
containanypersonal
data.

bw_downlink

Desireddownlink(serverto
client)bandwidthinbitsper
second(slidersetting)

integer
optional

Bitspersecond.0means
unlimited.

bw_uplink

Desireduplink(clientto
server)bandwidthinbitsper
second(slidersetting)

integer
optional

Bitspersecond.0means
unlimited.

cgi_downlink_connec Downlinkconnectiontimeout integer


t_timeout
inCGImode,inmilliseconds hidden

Defaultsto
connect_timeout

cgi_downlink_reconn Downlinkreconnectiondelay integer


ect_delay
inCGImode,inmilliseconds hidden

Default500ms

cgi_uplink_maxdelay

Afterthistime,thequeue
isflushednomatterhow

Maximumdelaybeforequeued

integer

Page75of84
framestriggeraconnection

hidden

muchdataistobesent(if
any).Defaultto500ms

Minimumdelaybeforeanew
connectionistriggered

integer
hidden

Theminimumdelay
betweentwoqueue
flushes
(POSTs).Defaultto1ms.

cgi_uplink_threshold Numberofqueuedframes
thatcausemindelaytobe
usedinsteadofmaydelay

single
hidden

0todisable,orany
(low)number.Defaults
to3

cgi_uplink_urgentdelay

Maximumdelayforurgentdata.

integer
hidden

Themaximumdelayif
urgentdataisinthe
queue(e.g.smallframe
belongingtoastreamthat
hasnotsentdatafora
whileinteractivity!).
Defaultsto20ms.

connect_on_startup

Fireupconnectionwhenclient
isstarted

boolean
optional

trueorfalse(default)

connect_timeout

Generalconnectiontimeout, integer
inmilliseconds
hidden

Defaultsto10000ms.

debuglevel

TurnondebuggingontheJava
console(notthemessage
panel!)

Thelower,themore
verbose.Defaultis999.It
probablydoesntdomuch
anymorethesedays.

dns_domain

DomaintouseinDNSmode string
optional

cgi_uplink_mindelay

integer
hidden

Youshouldnot
manuallyconfigurethis
option,usetheconfig
panelinstead.

dns_max_tx_interval Maximumdelaybetween
integer
sendingtwoqueriesinDNS optional
mode,inmilliseconds

Default1000ms.

dns_min_tx_interval

Default:1/500of
dns_max_tx_interval.

Minimumdelaybetween
integer
sendingtwoqueriesinDNS optional
mode,inmilliseconds

dns_no_direct_conne Avoiddirectlysending
boolean
ction
queriestotheYFserverin optional
DNSmode,forcetheuseof
aconfigurednameserver

trueorfalse
(default)

dns_rep_interval

5times
dns_max_tx_interval

Repeatunrepliedqueriesin integer
DNSmodeafterthismany optional
milliseconds

dns_tx_adaption_fact AdaptionspeedinDNS

float

Between1.1and5.0,

Page76of84
or

mode

optional

default1.5.Higher
valuesaremore
aggressive.

dont_show_popups

Avoidpoppingupnotification
windowsonthescreen

boolean
optional

trueorfalse(default).

echo_max_tx_interval Maximumintervalbetween integer


twoICMPECHOrequestsin optional
ECHOmode

Default1000ms

echo_min_tx_interval Minimumintervalbetween
integer
twoICMPECHOrequestsin optional
ECHOmode

Default1/200of
echo_max_tx_interval

echo_tx_adaption_fac AdaptionspeedinECHO
tor
mode

float
optional

Between1.1and5.0,
default1.5.Higher
valuesaremore
aggressive

echo_max_payload_s Maximumpayloadsizein
ize
ECHOmode

integer
optional

Default1464(the
maximumvalue)

encryption

Turnonconnectionencryption

boolean
optional

trueorfalse(default).
Notethatthewizardturns
thisonforyou.You
shouldonlyturn
encryptionofffor
debugging!

file_extip

WriteserversexternalIPtoa
filewhenconnecting

string
optional

Thisallowsyoutousethe
serversexternalIPin
scripts

flatten_bursts

Slowdownframe
boolean
transmissioninbursty
optional
periodstoobtainasmoother
trafficpattern

trueorfalse
(default).Setifyou
noticeconnection
hangsonbursts.

follow_server_recommen Allowtheclienttofollowthe
dations
serversrecommendationsto
useanotherserver

boolean
optional

trueorfalse(default).
DEPRECATED.

fool_pix

Tryahackthatcanfoolold
PixOSversionsintobypassing
WebSense

boolean
hidden

trueorfalse(default).
Onlyturnonifyouknow
thatyourconnectionis
passingthroughanold
PIXfirewallusing
WebSenseandyou
cannotconnectitmay
workwiththissetto
true.

found_servers

Base64encodedrecordsof multiple

Dontmesswithit

Page77of84
serversfoundinlastserver
search

base64
optional

unlessyouknowwhat
youaredoing.

ftp_mode

Dataconnectionsetupstyle string
touseinFTPmode.
optional

both(default),
normalorpassive.
normalwillcausethe
YFservertoinitiatethe
dataconnection(thisis
whatFTPnormally
does),bothwilluse
whateverworks

ftpproxy

UseanontransparentFTP
proxywiththeFTPconnection
protocol

string
optional

PutintheFTPproxys
hostnameorIPaddress.
Removeifyoudontneed
one(verylikely).

ftpproxyport

UseanontransparentFTP
proxywiththeFTPconnection
protocol

integer
optional

PutintheFTPproxys
controlport(normally21).
Removeifyoudontneed
anFTPproxy(very
likely)..

header

Additionalheaderswhen
sendingrequeststotheweb
proxy

multiple
string
optional

Ifyouneedadditional
headersorwishto
overridethingslike
UserAgent,doithere.
Forexample:headers
UserAgent:
NoneOfYourBusiness1.0

hide_tray_icon

OnWindows,donotdisplay boolean
atrayicon
optional

trueorfalse
(default)

http_flush

CloseandreopentheHTTP
uplinkconnectionatintervals

Timeinmilliseconds.If
youneedthis,usethe
CGIconnectionprotocol
instead.Thisisoutdated.

http_postfix

InHTTPmode,appendthis string
aftera?totheURL
hidden

Canbeusedtocraft
specialURLs

https_ssl

WrapconnectioninHTTPS boolean
modeinSSL(TLS).
optional

Helpswithpickyfilters
thatperformprotocol
detection

idle_kill

Killconnectionwhenidleforthis
manymilliseconds

integer
optional

Thisisobsoleteand
doesntworkasexpected
anymore,dontuseit.

initial_post_size

WhendoingaHTTPPOST,use
thisinitialsize

integer
hidden

Defaultis10000000or10
Megabytes.Theclient
decreasesthisbyafactor
0.8untilthewebproxy

integer
optional

Page78of84
acceptsitorthevalue
fallsbelow
minimum_post_size.If
youknowyourproxys
limitsputitinhere,it
savesconnectiontime.

keepalive_interval

Sendakeepaliveframe
integer
everythismanymilliseconds optional

Defaultis20000ms.
Connectionfault
detectionis2.5times.

level_messages

Onlyshowmessagesabovethis integer
levelinMessagespanel
optional

0isdebug,7is
emergency.Defaultis1
informational.

locale

Yourpreferredlocalelanguage string
(ISO2letters,lowercase,
optional
optionallyfollowedbyan
underscoreandanISO2letters
countrycodeinuppercase)

Defaultstoen.Onlya
fewlanguagesare
supported,seethe
Configurationdialog.

location_x

CoordinatesoftheYour
Freedomwindowonthescreen

integer
optional

0istopleftcorner,higher
valuesarefurtherright

location_y

CoordinatesoftheYour
Freedomwindowonthescreen

integer
optional

0istopleftcorner,higher
valuesarefurtherdown

minimum_post_size

MinimumHTTPPOSTsize

integer
hidden

Defaultis20000or
20Kilobytes.Onlylowerif
youknowthatyourproxy
willrefusePOSTsabove
20kandyoureallyhaveto.

min_buffersize

Minimumbuffersizefor
streams.

integer
optional

Defaultsto1500.Tryto
increasethisifyou
wanttoachieve
individualstream
bandwidthsofmore
thanseveralmegabits
persecond.Maximum
is8192.

openvpn

OpenVPNport

integer
optional

Defaultis1194,only
changeifyouneedthis
portforsomethingelse.

openvpn_exclude

IPsandnetworkstobeexcluded multiple
fromroutingthroughthe
string
OpenVPNtunnel
optional

openvpn_nat_interfac Listofinterfacesthatyou

multiple

ForeveryIPornetwork
(IPaddress,anoptional
spaceandnetmask)that
shouldnotberouted
throughtheOpenVPN
tunnel,addalinetothe
config.

Usefulonlyon

Page79of84
e

wanttoreroutetothe
string
OpenVPNconnectionusing optional
NetworkAddressTranslation

Windows.Letsyou
connectyourPlay
StationorXBoxor
otherPCstoasecond
LANinterfaceanduse
theYFOpenVPN
connection.

openvpn_option

AdditionalOpenVPNoptions multiple
string
hidden

Passtheseadditional
optionsasiftheywere
linesintheOpenVPN
configfile.

openvpn_path

Configurefullpathof
OpenVPNexecutable

string
optional

Usethisifthe
OpenVPNexecutable
isnotinyour
executablepath

openvpn_tap_sleep

Settapsleepoptionin
OpenVPNtothisvalue

integer
optional

Defaultis2seconds.
Relevantonlyon
Windows.

openvpn_route_delay Setroutedelayoptionin
OpenVPNtothisvalue

integer
hidden

Defaultis2seconds
(secondparameteris
always30).Relevant
onlyonWindows.

openvpn_route_meth ConfigureOpenVPNroute
od
method

string
hidden

Defaultisexe.See
OpenVPN
documentationfor
moreoptions.Relevant
onlyonWindows.

openvpn_ip_method

ConfigureOpenVPN
ipwin32method

string
hidden

Defaultisdynamic.
SeeOpenVPN
documentationfor
moreoptions.Relevant
onlyonWindows.

openvpn_tmp

Temporarydirectorytobe
usedforOpenVPNconfig
filesandcertificates

string
hidden

Defaultisyourhome
folder,ora
subdirectorybelowit.
Configureanabsolute
pathhere.

openvpn_udp

MakeOpenVPNtunnel
boolean
throughUDPforwarding
optional
insteadofTCPforwardingin
YF

UseUDPinsteadof
TCPforwardingforthe
OpenVPNtunnel
connectioniftrue.

password

YourYourFreedompassword

yourYourFreedom

string

Page80of84
required

password,oran
obfuscatedformofit

portaccept

Forwardsaserverporttoalocal multiple
port
string
optional

serverport
localhost
localport

portforward

Forwardsalocalporttoa
remoteport

localport
remotehost
remoteport

multiple
string
optional

post_avg_uplink_dur POSTmodeaverageuplink integer


duration,inmilliseconds
optional

InPOSTmode,how
longshoundanuplink
transfertakeon
average(in
milliseconds)?
Influencesthe
maximumPOST
length.Defaultis500
ms.

post_err_holdoff

POSTmodeerrorholdoff
time,inmilliseconds

integer
optional

InPOSTmode,wait
thismanymilliseconds
inanerrorcondition
beforetryingagain.

post_max_connectio Maximumnumberof
ns
concurrentconnectionsin
POSTmode.

integer
optional

Somepeoplemight
havetolowerthisto
one.Itissafetouse
biggernumbersbutat
somepointitwillonly
increaseoverhead.
Default(2)isgoodfor
mostpeople.

post_min_holdoff

Timetowaitbeforenew
connectionismade.
(milliseconds)

integer
optional

Defaultsto5000.

post_min_post_size

MinimumsizeofaPOST
request.

integer
optional

Neverlowerthe
maximumPOSTsize
belowthislimit.Itcould
starvetheuplinkpath.
(Default:3000)

post_min_queue

Miminumqueuesizeforfast integer
transmissioninPOSTmode. optional

Numberofqueued
framesthattriggera
newconnectionafter
onlyminimumholdoff
time(default:3)

post_typ_holdoff

TypicalholdofftimeinPOST integer
mode,inmilliseconds
optional

Waitthislongformore
framesbefore

Page81of84
triggeringaconnection
(default:500ms)
protocol

Theconnectionprotocoltouse

string
required

Oneof:http,https,
cgi,post,ftp,udp,
dns,echo.

proxy

Theproxyport

integer
optional

MakeyourPCaweb
proxybysupplyingthe
portnumber.Setto0or
removetoturnoff.Default
is8080.

proxyauth

Forceaparticular
authenticationmethodon
webproxy.

string
optional

Oneofanyorenone
(default),basicor
none,NTLMornone,
Digestornone.
Defaultistouse
whateverisofferedby
theproxyandprefer
moresecuremethods
overlesssecure
methods.

proxydomain

Yourdomainforwebproxy
authentication,ifneeded(NTLM
proxiesonly)

string
optional

AWindowsdomainname,
ifyouneedoneto
authenticateonyourweb
proxy.

proxyhost

ThewebproxyhostnameorIP
throughwhichtotunnelwhen
usinghttp,httpsorcgi

string
optional

AhostnameorIP
address.Leaveemptyor
removeifyoudontneed
touseaproxy.

proxypass

Yourpasswordtoauthenticate
onthewebproxy

string
optional

Apassword,if
authenticationisneeded.

proxyport

Thewebproxysport.

integer
optional

Aportnumber.Setto0or
removeifyoudontneed
touseawebproxy.

proxytype

Usenonstandardproxytype string
forTCPbasedconnection
optional
modes(HTTPS,HTTP,
POST,CGI)

WhenusingTCP
basedconnection
modesandaweb
proxyisconfigured,
assumeitisofthis
type.Canbe
HTTP/HTTPS
(default),SOCKSv4
orSOCKSv5.

proxyuser

Yourusernametoauthenticate
onthewebproxy

Ausername,if
authenticationisneeded.

string
optional

Page82of84
rcport

remotecontrolport

integer
hidden

UseaparticularTCP
portforsingularization
(i.e.ensuringthatYFis
runningonlyonce).
Defaultis62799,
boundto
127.253.19.87.

reconnect_after_shut Ifservershutsdown,tryto boolean


down
reconnectautomaticallyafter optional
awhile

true(default)or
false

reconnect_delay

Ifareconnectisrequired,
waitthismanymilliseconds
beforeanattempt

Defaultis5000
milliseconds.

redirect_dns

Dontresolvehostnameslocally boolean
whenusingSOCKS
optional

trueorfalse(default).
Usethisifyourlocal
nameservercannot
resolveInternetnames(or
youdontwantitto)

rekey

Changeencryptionkey
frequently

boolean
optional

trueorfalse(default).
Thewizardwillsetthisto
true,andtheres
normallynoreasonwhy
youwouldwanttosetitto
falseunlessyoususpect
thattheresabuginour
keynegotiationcodeand
youloseconnection.We
highlyrecommendthat
yousetthisvalueto
true.

relay

AllowotherstoshareyourYF
session

boolean
optional

Settotrueorfalse(or
remove).Notethatthis
onlyworksifyourprofile
permitsitaswell.

rtt_interval

Measureroundtriptime
integer
everythismanymilliseconds optional

integer
optional

0toturnoff(i.e.only
measureonceafter10
seconds)

server_connection_pr Settunnelprotocol
integer
otocol
preference(influencesDNS optional
nameresolutiononly)

0:whateverworks
4:IPv4only
6:IPv6only
46:preferIPv4
64:preferIPv6

server_criterion

nameofcriterion
numberbetween0
(refused)and10

Definecriteriabywhichto
automaticallyselectservers

multiple
string

Page83of84

sipforward

MirroraremoteSIPgateway

optional

(required),defaultis5
(dontcare)

multiple
string
optional

localport
SIPgatewayaddr
SIPgatewayport

sip_fixup_audiostrea FixdestinationIPaddressin boolean


m
UDPstreamforSIPaudio
optional

TrythisifSIP
audiostreamsare
unidirectionalonly

socks

TheSOCKSport

integer
optional

MakeyourPCaSOCKS
proxybysupplyingthe
portnumber.Removeor
setto0toturnSOCKS
off.

sslproto

Ifhttps_sslisconfigured,
defineSSL/TLSprotocol
versiontouse

string
optional

any(default),SSLv2
orTLSv1

start_minimized

Startinsystemtray(Windows
only)

single
optional

trueorfalse(the
default)

stopafter_found

Whensearchingforservers, integer
stopsearchafterthismany optional
servershavebeenfound.

0totryuntilnomore
potentialwaysare
known

stopafter_tried

Whensearchingforservers, integer
stopafterthismanyattempts optional
havebeenmade.

0totryuntilnomore
potentialwaysare
known

tunnelhost

TheYourFreedomservertouse string
required

Ahostname,anIP
address,multipleIP
addressesseparatedby
semicolon,oraCGIrelay
URL.InDNSmode,DNS
servers(separatedby
comma)canbeappended
withsemicolontoahost
name(notanIP).In
HTTP/POSTmode,can
containahostnameand
anURI.

tunnelport

TheYourFreedomserverport

integer
required

Aportnumber

tweaks

Usethistweakset

string
optional

Nameoftweaksetting
(useconfigwindow,
dontsetmanually),or
removefornone

udp_newsrcportevery UseanewUDPsourceport integer


(UDP/DNSmode)everythis

Valuemaybeaslow
as1butthiswillimpact

Page84of84
manypackets

optional

performance.Usewith
care.Defaultis0(no
change)

udp_newsrcporttime

UseanewUDPsourceport integer
(UDP/DNSmode)everythis optional
manymilliseconds

Portchangesifthis
manymilliseconds
havepassedsincethe
lastchange.Defaultis
0(dontchangebased
ontime)

udp_srcport

UseaparticularUDPsource integer
port(UDP/DNSmode)
optional

0orremovetousean
ephemeralport

use_http11

UseHTTP/1.1insteadof
HTTP/1.0inrequests

boolean
optional

Ifyourproxyisacting
stupid,tryifthisfixesthe
problem.Caneitherbe
trueorfalse(default)

useragent

Sendthisuseragent
headerinrequests

string
optional

Usedtofakea
particularbrowser.

YourYFusername

stringrequired

YourYour
Freedom
username

vm_code

Vouchercodeinformation

multiple
string
optional

Informationabout
knownvouchercodes

vpn

UsenewstyleVPNmode

boolean
hidden

Experimental,notyet
effective

webproxy

Portfornewstylewebproxy integer
implementation
hidden

Experimental:use
newstylewebproxy
implementationforyour
applications