Using Freedome with any OpenVPN client

How to use Freedome VPN without the official client on Android, Windows, Linux, FreeBSD, anything basically you can run OpenVPN on.

Prerequisites you must download and install:

  1. Have Windows and the official client
  2. Download Wireshark and install it
  3. Download RawCap and install it
  4. Download openvpn.c and compile it for Windows ("MinGW" worked for me) and make sure to change the path to something you like

First steps:

  1. Run Freedome, log in with your account
  2. Start RawCap with RawCap.exe 127.0.0.1 capture.pcap
  3. Reconnect and disconnect from the VPN
  4. Stop RawCap - capture.pcap file will now contain the password for your user's key, store it somewhere safe [![password screenshot]]
  5. Copy the openvpn.c file you compiled as openvpn.exe to C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\x64\ and C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\, you might also want to back up previous openvpn.exe
  6. Reconnect and disconnect from the VPN
  7. The folder specified in openvpn.c now contains the openvpn configuration file
  8. Get the keys in C:\ProgramData\F-Secure\Freedome\keys

Cleaning up openvpn configuration file:

  1. You have to remove STX characters from the captured output
  2. Find the second </connection> tag and delete everything after it
  3. Remove empty lines before </ca>
  4. Remove all lines that start with management
  5. Remove block-outside-dns
  6. Replace cert [path] with where your client.crt is
  7. Place your password in a file of your choosing and add the line askpass [your file's name] to have it autologin to the VPN (You might also want to chmod 600 the file

Summary:

In your OpenVPN folder you should have an openvpn configuration file, your client.crt and your password in a file.

Make sure the remote address (freedome-fi-gw.freedome-vpn.net) and the port (2745) is what you want to use, you can also see that in the TCP stream. If you don't want to use the Finnish gateway then feel free to sniff out other gateways, I suspect changing the two-letter code is enough...