Psiphon: Part II — Setting Up Psiphon
Posted by Nu on 25 Jan 2007 at 6:59 pm | ?>
(Opens in New Window)
You need Psiphon if you surf away from home, or have friends that need to, as I wrote about in Part I. In Part II, We’ll cover some of the annoying pitfalls and things I didn’t fully understand in downloading, installing, configuring and operating Psiphon as a personal secure proxy and censor circumvention tool.
Downloading. you can download Psiphon here. While I like the software, I found the documentation and support to be a bit lacking. The “Download Now” is in the upper right portion of the page or here, and it looks just like the rest of the page until you mouse-over it.
Installing. Installing Psiphon is simple . Click. Click. Click. done. (No need for an extraneous image).
Basic Configuration. Now that you’ve installed Psiphon, you need to configure it.
Psiphon proxy
Start the program, and Choosing your “Name” is straightforward. Here’s the dialog box you get the first time you start Psiphon.
You will be able to change this later under setup. This name will become part of the address name you use, though there’s no actual directory.
Main interface. Once you hit OK, you get the main interface at right. The link you see at the top is the address you and your friends would use to surf securely. Note that its an IP address, not a name. If you have DSL or Cable as your service providers, your address will eventually change. I’ll show you how convert that address to a name that won’t change here (That’s not a link yet, I hope to write it in a bit).
Setup. Start your configuration by pressing the “Setup” button, as shown at right.Go ahead and hit “Get my IP”, but in my experience, it will be correct. Make sure “Update external IP on startup” is checked.
I suggest you use Port 443, because that will look exactly like any other SSL site, and raise fewer questions in the event that someone is monitoring you.
NOTE: I don’t believe that “Test” is a foolproof end-to-end test of the system. It only checks to see if some other program or service is using that port. If you have to troubleshoot, look at firewall issues below, even if this test is successful.
SSL Certificate. I’ve not gotten the SSL correct correct, possibly because I use port forwarding from my router to PC or possibly because I use domain aliasing/forwarding to make it easy to remember my home PC’s location (e.g. router.Nubility.net” class=”linkification-ext” href=”https://router.nubility.net/”>https://router.Nubility.net instead of an IP address).
Choose your Name for this account. This really acts as another level of security. In this example I choose the word “Freedom”, which appears to be a directory, but is in reality just a keyword which is required for login.
In order to log in you need the address (shown in the main window as the IP address — a bunch of numbers), the “directory Name” (there’s no actual directory, its just another thing you need to know to get in), and the port (https is port 443, so the :443 in the address is redundant).
a user. Adding a user is very easy. Click “Add”, and fill in the dialog box at the right.
Opening a hole in your firewalls for Psiphon. This is probably the hardest part of the whole setup, and its not usually too hard. however, it depends a lot on your particular configuration. You should have both a software firewall (e.g. Windows XP Firewall, or BlackIce) and a hardware firewall/router (e.g. your linksys or D-Link router, with built-in firewall capability).
Hardware Firewall. Your hardware firewall can remap ports from internal to external for extra security. For now, just open port 443 in and out on your firewall, so that Psiphon can communicate with the outside world. I suggest once you have things working properly, you remap the port so that you are not using 443 in Psiphon once you have things otherwise all setup. (we’ll do the software firewall in a moment). Setting up your hardware firewall is local area network-specific, but you need to have incoming connections to port 443 to be sent to the PC that Psiphon is running on. The simplest thing to do is to leave it as port 433 when you send it to the PC.
Starting the Psiphon Service. Now that you are back at the main interface, you are ready to start the service. Press the “Start” button.
Software Firewall:
Under windows XP the warning looks like this; Click If you are using another firewall, it needs to be configured to allow the port on your computer in/out.
Additional Configuration. There are a couple of more self-explanitory things you should do in “Setup”. Go to “Preferences”, and check all three boxes (check for updates, start phiphon on start-up, and allow phiphonites to view images). Also, go to SSL Certificate, and fill it in if you’d like.Yous can now test your Psiphon setup by going to the address shown near the top of figure 1.
In part III I’ll cover how to run and customize Psiphon.
Also, If you haven’t read “Why You Need Psiphon“, you might wish to do so.