Using Freedome with any OpenVPN client

How to use Freedome VPN without the official client on Android, Windows, Linux, FreeBSD, anything basically you can run OpenVPN on.

Preparation

Prerequisites you must download and install:

  1. Have Windows and the official client
  2. Download Wireshark and install it
  3. Download RawCap and install it
  4. Save the code below into openvpn.c and compile it for Windows ("MinGW" worked for me) and make sure to change the path to something you like

First steps

  1. Run Freedome, log in with your account
  2. Start RawCap with RawCap.exe 127.0.0.1 capture.pcap
  3. Reconnect and disconnect from the VPN
  4. Stop RawCap - capture.pcap file will now contain the password for your user's key, store it somewhere safe [![password screenshot]]
  5. Copy the openvpn.c file you compiled as openvpn.exe to C:Program Files (x86)F-SecureFreedomeFreedome1x64` and `C:Program Files (x86)F-SecureFreedomeFreedome1`, you might also want to back up previous `openvpn.exe
  6. Reconnect and disconnect from the VPN
  7. The folder specified in openvpn.c now contains the openvpn configuration file
  8. Get the keys in C:ProgramDataF-SecureFreedomekeys

Creating the configuration file

  1. You have to remove STX characters from the captured output
  2. Find the second </connection> tag and delete everything after it
  3. Remove empty lines before </ca>
  4. Remove all lines that start with management
  5. Remove block-outside-dns
  6. Replace cert [path] with where your client.crt is
  7. Place your password in a file of your choosing and add the line askpass [your file's name] to have it autologin to the VPN (You might also want to chmod 600 the file

Summary

In your OpenVPN folder you should have an openvpn configuration file, your client.crt and your password in a file.

Make sure the remote address (freedome-fi-gw.freedome-vpn.net) and the port (2745) is what you want to use, you can also see that in the TCP stream. If you don't want to use the Finnish gateway then feel free to sniff out other gateways, I suspect changing the two-letter code is enough...

openvpn.c

Take this code and put it inside the main function

char ch;
FILE * fp = fopen("openvpn.cfg", "w");

while(read(STDIN_FILENO, &ch, 1) > 0) {
    fwrite(ch, 1, sizeof(ch), fp);
}

fclose(fp);

Example configuration

If you have your private key, password, the CA cert already and the gateway you wish then you can replace values here .. code-block:

<ca>PLACE THE CA CERT HERE!!!!!!</ca>
<key>PLACE YOUR KEY HERE!!!!!!!</key>
cert client.crt
askpass client.pass
verb 4
client
dev tun
suppress-timestamps
preresolve
route-delay 0 12
push-peer-info
setenv UV_CLP peerid:2
replay-window 512 15
tcp-queue-limit 128
nobind
float
resolv-retry 20
server-poll-timeout 10
persist-key
mute-replay-warnings
ns-cert-type server
comp-lzo
cipher AES-256-CBC
auth SHA256
route-nopull
pull-filter ignore redirect-gateway
<connection>
fragment 1400
remote PLACE THE GATEWAY DOMAIN NAME HERE PORT udp
proto udp
explicit-exit-notify 1
</connection>
<connection>
remote PLACE THE SECOND GATEWAY DOMAIN NAME HERE AND SECOND PORT tcp
proto tcp-client
</connection>