Requirements and preparation
Make sure you have the following components installed:
- sudo with root access (or direct root access)
- any text editor like vi, nano, etc.
First change into the /etc/openvpn/ directory
and get the Perfect Privacy TCP configuration with the following line. You will need to change USERNAME and PASSWORD to your Perfect Privacy login credentials.
sudo wget -v --post-data "username=USERNAME&password=PASSWORD&uri=/member/download/?file=linux_tcp.zip" -O linux_tcp.zip "https://www.perfect-privacy.com/member/"
Unpack the file with the following command:
sudo unzip -j linux_tcp.zip
To create a configuration file for the stunnel connection, copy any server configuration. In this howto we are using the file Basel.ovpn. We are using vim to edit the file, but any text editor like nano works as well.
sudo cp Basel.ovpn Basel-stun.ovpn sudo vim Basel-stun.ovpn
Remove all lines starting with remote. You will then need to add two lines. The first one tells the VPN to connect to the local stunnel proxy:
remote 127.0.0.1 LOCAL_PORT
LOCAL_PORT can be any port that is not in use on your system. For this howto we are using port 995.
Last thing to add in the configuration is the route to the VPN IP address:
route SECOND_SERVER_IP 255.255.255.255 net_gateway
To tunnel through stunnel, you will need to use the second IP of the VPN server. You can find the IPs on the server page in the member area.
For Basel, the second IP is 220.127.116.11 so we enter this IP in the configuration file.
After you have added the two lines, you can save the file and exit the editor.
To configure stunnel, create the file /etc/stunnel/stunnel.conf and insert the following lines:
[openvpn] client = yes accept = 127.0.0.1:LOCAL_PORT connect = SECOND_SERVER_IP:TUNNEL_PORT
The LOCAL_PORT must be the same that you used in the OpenVPN configuration file, in our case this was 995.
Use the second IP of the VPN server in the connect line, the same one you used in the OpenVPN configuration.
As TUNNEL_PORT you can choose between the following ports: 22, 53, 443, 8085, 9009 and 36315. Generally, 443 (SSL) should work fine for all purposes but port 53 may help to get internet access from hotspots where you normally need to register on a public website first.
Save the file and start stunnel by typing sudo stunnel. It will then be running in the background, you can check with ps aux | grep stunnel.
Now you can start the OpenVPN connection by typing
sudo openvpn --config Basel-stun.ovpn
After you entered your Perfect Privacy user name and password, the connection should be established successfully. The last line should read “Initialization Sequence Completed”.
You can also save your user name and password in a text file so that you don’t have to type it in each time to connect. You can find instructions for this in our OpenVPN howto.
You can verify whether everything is working correctly by calling our Check-IP page with either of the following commands:
curl https://checkip.perfect-privacy.com/csv wget -q -O - https://checkip.perfect-privacy.com/csv