# VPN for China



## happy-yoga (Jan 18, 2021)

I live in China. I use this VPN https://vpn.ac/ . My question is how to get this VPN to work on FreeBSD? I am currently using BSD 12.2 with GhostBSD. In the past when using Fedora I used a Wireguard configuration file that I just imported into the network manager and it worked. How does this work for FreeBSD?

I got this reply from support at the VPN provider...



> It isn't supported.
> However, OpenVPN connections are standard so you can find guides online and use them accordingly.
> If you connect from terminal, the .ovpn server profiles you need are hosted at https://vpn.ac/ovpn/



So how do I set up the .ovpn server profiles on FreeBSD?


----------



## wolffnx (Jan 18, 2021)

Hi, just install openvpn and use one configuration file
(I suppose AES-256-TCP.zip)
and download the .crt filed in the same folder

then when start openvpn you pass the config file as a argument
and done


----------



## SirDice (Jan 18, 2021)

Save the configuration as /usr/local/etc/openvpn/openvpn.conf and enable it in rc.conf: `sysrc openvpn_enable="YES"`. Then it'll be automatically started when you boot the system.


----------



## happy-yoga (Jan 18, 2021)

I got another reply from the VPN provider. They said...


> given that you are in China you should use a supported OS. OpenVPN obfuscation is available with our client app only. Upcoming updates will include additional obfuscation type. It doesn't work with the vanilla openvpn so there is no way you would use that on FreeBSD.



Thus, I need to consider my options. This was a great VPN provider that works well from China. I wonder if I can set up my own VPN server using Linode or some other provider. It might cost the same as my current VPN provider. If I set up my own VPN server could I use something better than OpenVPN?


----------



## a6h (Jan 19, 2021)

1. I'm pretty sure you can't run an OS-specific VPN-client in FreeBSD, using Winehq, or Linux compatibly layer. But there's an option:
Run a lightweight supported (client) OS, e.g. Windows 7, or Arch Linux inside a VM, e.g. VirtualBox, and use your VPN inside that VM.

2. Another option is Cisco's AnyConnect SSL VPN: security/openconnect

3. The third one: Run the VPN client in another computer (Windows machine), then net/rdesktop from FreeBSD to that Windows (running VPN client)
You can do the same to Linux machine, but I'm not sure what's the best method to make a remote connection to Linux. rdesktop works with Windows.

4. If you're worry about consequence of your log files on the third party VPN server machine, you have to do more research on companies. Some of them claim they don't keep logs. Who knows!
Personally, I prefer Polish (Poland) providers and companies. After that, Dutch (Netherlands) companies/providers are my favourites. It is just my personal preference, and I do not imply anything!


----------



## happy-yoga (Jan 22, 2021)

I can use the browser add-on for VPN.ac. This works fine. But this is only a VPN for my browser, not my entire system. I can probably live with that, but it would be ideal to turn on the VPN for the entire system.


----------



## sko (Jan 22, 2021)

If you aren't strictly bound to that VPN provider, just use a small VPS (e.g. vultr for 2.50$/month) and use it as an VPN endpoint e.g. with security/tinc, which is very fast & easy to configure and is known to be very good at piercing through firewalls.
I used 2 of such VPS endpoints (in Canada and Singapore) for over a year to circumvent the constant routing problems my previous ISP had for non-EU locations.


----------



## happy-yoga (Jan 22, 2021)

I can try that. I read that China is good at blocking self hosted VPNs. It might be a good thing to use as an alternative.


sko said:


> If you aren't strictly bound to that VPN provider, just use a small VPS (e.g. vultr for 2.50$/month) and use it as an VPN endpoint e.g. with security/tinc, which is very fast & easy to configure and is known to be very good at piercing through firewalls.
> I used 2 of such VPS endpoints (in Canada and Singapore) for over a year to circumvent the constant routing problems my previous ISP had for non-EU locations.


----------

