Canada is not like China or Iran in this regard, but living so close to the US and being exposed to marketing for all the wonderful US-only Internet services makes us Canadians kinda envious. Access permission aside, Canadian mobile Internet options are VERY expensive compared to the US. So what are we to do here in the Monopolistic CorpoSocialist Republic of Canadian Consumer Misery... What I came up for myself is a hacked NookColor android tablet with unlimited mobile internet connecting through a us proxy which gives me access to anything US-only. This is how: a) get an unlimited internet account with Wind - current promo ~$30/mo b) get a mobile hot-spot on wind-tab about ~$0 seriously checkout wind-tab it's an awesome concept. you pay nothing while you're with wind and the longer you stay the more they take off your tab - so now you have this little thing that will provide you with unlimited broadband everywhere you take it. c) then setup an EC2 account with Amazon b) bring up a micro instance in the us-east-1a zone (Virginia - close to Toronto) use AMI-06ad526f, (that's a ubuntu 11.04 image which worked perfectly for me) c) install OpenVPN d) configure OpenVPN on your Android device e) signup for Netflix and Pandora and anything else that's US only (I know Netflix is in Canada, but their Canadian offering is pretty lame) The hard part is the OpenVPN config with Android It requires certs and keys created on the OpenVPN server and packaged up as a single PKCS12 file that your android device can import. The server side setup of OpenVPN is straight forward: 1. get the instance up and running and open tcp 1194 and tcp 22 to it from 0.0.0.0/0 (This should be easy to google out. i'm not getting into the EC2 stuff, just the zone and ami hints above) 2. ssh to it and run these commands in order: sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get install -y openvpn
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A POSTROUTING -s 10.4.0.1/2 -o eth0 -j MASQUERADE sudo mkdir /etc/openvpn/easy-rsa/ sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ sudo chown -R $USER /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/
source vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/ cd /etc/openvpn/easy-rsa/
source vars
./pkitool myandroid openssl pkcs12 -export -in /etc/openvpn/easy-rsa/keys/myandroid.crt -inkey /etc/openvpn/easy-rsa/keys/myandroid.key -certfile /etc/openvpn/easy-rsa/keys/ca.crt -name myandroidcerts -out myandroidcerts.p12 UPDATE: (I think the above asks to create a password for the file. Make sure you create one, don't just hit enter. I couldn't import it on the android without the password being set) sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz 3. edit the /etc/openvpn/server.conf file to make sure the following lines are correct, if not change them to this and leave everything else alone. port 1194 proto tcp dev tun ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key server 10.4.0.0 255.255.255.0
4. IMPORTANT: restart the openvpn server, and make sure it doesn't come back with a fail. If it does start EVERYTHING over. sudo /etc/init.d/openvpn restart 5. Transfer the /etc/openvpn/easy-rsa/keys/myandroidcerts.p12 file to the root of your android's SDcard 6. On the android go to settings > Location & security > Install from SD card The p12 file in the root of the SD card will be recognized as importable and you will be prompted for the password to it. Follow the prompts to finish the cert import. 7. On the android go to settings > Wireless & networks > VPN settings > Add VPN > Add OpenVPN VPN VPN name - can be anything Set VPN server - must be the public IP of your EC2 OpenVPN server User authentication - must NOT be checked Set CA certificate - set to the cert you imported in step 6. Set user certificate - also set to the cert you imported in step 6. DNS search domains - just leave it blank 8. tap the menu button and select Advanced Server port = 1194 Protocol to use = tcp Device to use = tun LZO compression = checked/yes/true/green/set Redirect gateway = checked/yes/true/green/set Remote Sets Address = checked/yes/true/green/set Cipher algorithm = default Size of cipher = default Extra arguments = don't type anything here 9. tap the back button 10. tap the menu button and select Save 11. tap your new connection entry and wait approx 10-20 seconds for the connection to establish 12. test by going to whatismyip.com, it should return your EC2 server's IP. So now whatever you do on your android while connected to the VPN server, actually looks like it's done in the US. The caveat is that Amazon's IP's are sometimes flagged as suspicious or get blocked for using anonymous proxy tools (hulu) The cost of running this amazon server goes like this: If you're gonna run this instance on a demand basis, meaning that you'll start it up whenever you need it and shut it down when you don't, then you'll be paying something like this: assumptions: zone is us-east-1a, type is micro, os is linux, 4hrs of uptime per day, and lets say you download 15 GB in the month, that's a lot of streaming for a mobile device. 124hrs of micro = $2.48 8GB of EBS space = $0.80 (not related to server usage because the server takes that much space even when it's stopped.) 15GB xfer down = $2.10 (1st GB is free, then it's $0.15/GB) 3GB xfer up = $0.30 ($0.10/GB - 3 GB should be enough upload bandwidth for 15GB down) That's more or less $6/mo to be a part-time US netizen Let's say you leave the server up full time. You now should take advantage of the reserved instance, which lowers costs a bit and allows you to use it whenever. You pay $58 for a year and then your server costs $5.20 per full month of uptime + monthly bandwidth usage That doesn't sound like an advantage but full uptime otherwise costs $14.88/month. That's $178.56 /year vs $120.00/year. So you save the equivalent of what you prepay. Obviously the bandwidth used is the question, I think 15GB is a lot if you stream netflix or pandora, but If you regularly download 720p movies you will hit 200GB. But then you don't want to pretend to be in the US - they have the RIAA. You can use the OpenVPN service for home browsing too. Just install Viscosity as the OpenVPN client and use the ca.crt, myandroid.crt and myandroid.key files instead of the p12 package. You should create a new set for the desktop and use those instead: cd /etc/openvpn/easy-rsa/
source vars
./pkitool mydesktop So that's it. My first post on this incarnation of my site. Feel free to ask questions. |
|
|
|
Blog >
The Canadian Iron Curtainposted Jun 14, 2011 7:01 AM by Thomas Fiema [ updated Jun 14, 2011 9:16 PM ] |