How to use F-secure Freedome VPN in OpenBSD/Linux

09 Sep 2016 . category: Hacking .
#hacking #anonymity

I have been testing and using F-Secure Freedome VPN for a while and I was wondering that can I get it running on my OpenBSD virtual machine. I have done some research before about the security of the Freedome (as I normally do when I start to use new software), and I was aware that it is based OpenVPN.

• Following instructions are done with OS X and OpenBSD
• You need to have Freedome installed to some of your machine
• Yes. You need to have valid license
• Do not ask support from F-secure to this
• This might be against their Term and Conditions

How to get OpenVPN config out from the Freedome

When you launch Freedome and enable VPN, it will kick openvpn process up with “–config stdin” flag.

$ ps auxwww | grep -i openvpn
root              807   0.0  0.1  2453816   4416   ??  S    12:23AM   0:00.03 /Applications/Freedome.app/Contents/MacOS/openvpn --config stdin

Config will be sent to openvpn via stdin so we need to do small wrapper to get the config out.

To get the config, run the following in terminal.

$ cd /Applications/Freedome.app/Contents/MacOS
$ sudo mv openvpn openvpn.orig
$ echo -e '#!/bin/bash\ntee /tmp/freedome-config.log | /Applications/Freedome.app/Contents/MacOS/openvpn.orig "$@"' | sudo tee openvpn
$ sudo chmod a+rx openvpn

(Updated 2017-05-19, thanks for Ville Viinikka (viinikv@IRCnet) for pointing out bug)

(Updated 2017-09-10, Something has changed in OSX so now config will be written to /tmp/freedome-config.log and sodo tee is used for writing the warepper to disk)

• Start and Enable VPN from Freedome
• Note that most likely FREEDOME wont work with this wrapper
• Disable VPN from GUI
• You should have sample configuration in “/tmp/freedome-config.log”
• Note that config wont work directly and you might want to remove some of the configuration lines

 $ cd /Applications/Freedome.app/Contents/MacOS
 $ sudo mv openvpn.orig openvpn 

How to get password out from Freedome GUI

In the configuration file you should see something like:

management "/Users/youraccount/Library/Application Support/F-Secure/FSFreedome/VPNDomainSocket" unix

• You need to ask the password from the Freedome Unix Domain Socket
• Here is how you can do it:
• Enable VPN from Freedome GUI
• Use nc to connect Unix Domain Socket seen in config file
• Sometimes you need to ask it couple of times
• Do not forget to use > before PASSWORD question

  $ nc -U "$HOME/Library/Application Support/F-Secure/FSFreedome/VPNDomainSocket"
  >PASSWORD:Need Private Key password
  password "Private Key" ffffffffffffffffffffffffffffffffffffffffffffff
  

• You should see something different than my ffffff… password :)

Set up OpenVPN to your OpenBSD

1. Install openvpn
2. Copy freedome config to your OpenVPN machine
3. Copy password to file in OpenVPN machine
4. Fix permissions of the password file

You might want to change following sections from config file:

1. Change log file “log-append”
2. Comment (with #) route-up section
3. Comment route-pre-down
4. Comment all management sections
5. Add: “askpass absolut-path-to-your-password-file.pass”
6. Run openvpn: # openvpn --config your-freedome.conf
7. DONE

Feel free to contact me for more info or just to give feedback. e-mail: mikko.kenttala(ä)gmail.com IRC: turmio@IRCnet