Como usar o Riseup VPN

• 1 A word of caution
• 2 Choose OpenVPN or PPTP
• 3 Choose a VPN Server
• 4 Setting up OpenVPN
• 4.1 In a nutshell
• 4.2 Detailed tutorials
• 5 Setting up PPTP
• 5.1 Generating a VPN secret
• 5.2 In a nutshell
• 5.3 Detailed tutorials
• 6 Tor and the Riseup VPN

A word of caution¶

Note! When you connect to the internet through the RiseupVPN you are bypassing any firewalls on your local network. Your computer will get its own IP address on the open internet. This is great, because that way your computer can communicate freely with others without getting blocked. However, bypassing the local firewall also means that your computer is more vulnerable to attack. Therefore, you should enable a firewall on your computer.

Choose OpenVPN or PPTP¶

There are two options for connecting to the Riseup VPN: OpenVPN or PPTP.

	OpenVPN	PPTP
Security	High: OpenVPN creates a very secure connection.	Medium: Although commonly used, PPTP is weaker than OpenVPN.
Speed	Fast: OpenVPN is speedy.	Slower: PPTP can be less efficient than OpenVPN.
Flexibility	Flexible: Many options allow you to get through firewalls.	Inflexible: Often blocked by ISPs and firewalls, sometimes unintentionally.
Usability	Difficult: The OpenVPN client can be buggy and frustrating.	Easy: Support for PPTP is already built into your operating system.

Choose a VPN Server¶

Choose one of these when specifying a “gateway” or “vpn server”:

[insert vpn-servers]

Setting up OpenVPN¶

OpenVPN is faster and more secure than PPTP. Also, some ISPs, corporate offices, or public Wifi networks will attempt to block access to a VPN. If you are on a network one of these networks, your best bet is probably OpenVPN: it is very difficult to block. However, be warned: OpenVPN is much more difficult to set up and get working correctly. We recommend that you try PPTP first.

In a nutshell¶

Although each client is different, there are five values that must be configured in your OpenVPN client:

• VPN Server: seattle.vpn.riseup.net or nyc.vpn.riseup.net
• Authentication method: password
• VPN username: your riseup.net login (ie if your account is joe_hill@riseup.net, just enter “joe_hill”)
• Password: either your riseup.net password or a VPN Secret.
• CA Certificate: RiseupCA.pem

Optional configuration options:

• Port: either 1194, 443, or 80. Port 1194 is the normal default for OpenVPN, but sometimes it might be blocked by the network you are on. You should not normally need to change this setting. If you do, ports 443 and 80 will likely not be blocked, since these are the ports for normal web traffic.
• Protocol: either UDP or TCP. UDP is faster, but TCP might be required to get around some network restrictions. UDP is the default, so you only need to fiddle with this if something is blocking your VPN access.
• Compression: I haven’t played with this, but it should work.
• MTU: might need to make this a smaller number. not sure..

Detailed tutorials¶

• Linux
• Android
• Mac
• Windows
• OpenVPN Troubleshooting

Setting up PPTP¶

PPTP is already built-in to your desktop computer and can be easier to set up. You do not need to download or install any special software. Although PPTP has several security vulnerabilities, it is probably more than adequate for most situations. If you have reason to believe that a determined attacker is specifically targeting your communication, such as a government or large corporation, you should definitely use OpenVPN and not PPTP.

Having said that, Riseup uses PPTP in the most secure way possible: we require very long VPN secrets and we accept only the more secure and up-to-date types of PPTP connections.

Generating a VPN secret¶

We cannot use normal riseup passwords for connecting via PPTP. Instead, you must visit user.riseup.net and generate a VPN Secret. You will use this VPN Secret in place of a password when configuring PPTP.

In a nutshell¶

• protocol: PPTP
• encryption: MPPE 128-bit (required)
• vpn server: choose one close to you
• username: your riseup.net login.
• password: a special VPN Secret.

Detailed tutorials¶

• Linux
• Android
• Mac
• Windows

Tor and the Riseup VPN¶

If you are thinking of running a Tor Exit node on the Riseup VPN, please read this. There is nothing wrong with running a Tor Exit node on top of the VPN, however it can cause a problem that we’d like to avoid.

Tor exit nodes are listed regularly in block lists. This is due to heavy abuse that happens over Tor, so there are lists that are automatically created for every Tor exit node that registers itself on the network. This wouldn’t be a big deal, except that the block lists block the entire network, not just the single IP that you are using. This causes problems for other services, such as sending mail.

Fortunately, there is a way around it, its just a matter of changing your Tor exit policy so that certain ports are not allowed. It seems as if these block lists only list Tor exit nodes that enable certain well-known ports that are used for abuse. According to one of the block list operators a tor exit node is added to the block list if it uses the default exit policy because there are a few ports in the default policy that are problematic, these ports are: 6660-6670, 6697, 7000-7005

This can easily be changed so you do not allow these ports through your Tor exit node by changing your torrc as follows:

ExitPolicy reject *:6660-6670 
ExitPolicy reject *:6697 
ExitPolicy reject *:7000-7005 

and then restarting your tor daemon.