the fast, reliable localhost tunneling solution


OpenVPN Over PageKite

2014-07-11, 17:10

It’s easy to establish an OpenVPN connection via PageKite. Integration with PageKite is simple, assuming a working OpenVPN setup. I used an Ubuntu “trusty” server, with OpenVPN version 2.3.2. I assume a kite name of “vpn.KITENAME.pagekite.me”. Substitute your own name for KITENAME.

Contents:


Install the VPN server

Start with a simple OpenVPN setup by following the OpenVPN HowTo.

This HowTo gives clues on accessing PageKite, in the section Connecting to an OpenVPN server via an HTTP proxy.

Three files need to be changed to get this to work: the OpenVPN server.conf, a new PageKite config file, and the client’s ovpn.

I set up the server and client exactly as described in the HowTo, using default port of 1194 and udp protocol. After verifying that I could actually connect to my LAN via the new vpn, I made some simple changes to route the vpn over PageKite.

Configure the VPN server

The server change is very easy: in your server.conf file, change “proto udp” to “proto tcp”. That’s it! Restart the OpenVPN daemon.

Configure the VPN client

The client.ovpn needs just a few other changes. As with the server config, change “proto udp” to “proto tcp”. These changes force OpenVPN to use tcp protocol instead of udp. All references to udp in your server and client config files should be removed or commented-out.

Additionally, add the following two lines to your client.ovpn file:

remote vpn.KITENAME.pagekite.me 1194
http-proxy vpn.KITENAME.pagekite.me 443

Configure PageKite

I use a “dot” kitename as my understanding is PageKite will add TLS support to “-“ kitenames, but not “dot” kitenames. As the vpn connection will already have all the TLS support I need, I opted to go for a simple “sub.foo.pagekite.me” name.

Since I am using the Debian package to manage my kites, I add a config for my PageKite daemon. In /etc/pagekite.d/ I create a new config file: 80_vpn.rc. If you’d like, simply copy the 80_sshd.rc file, and ensure this is the only config line:

service_on = raw/1194:vpn.KITENAME.pagekite.me : localhost:1194 : @kitesecret

That’s it! Restart the PageKite daemon.

Assuming you could connect before making these changes, you should now be able to connect to OpenVPN via your kite. I have successfully connected using Tunnelblick 3.4beta28 and 3.4beta30 on Mac OS Mavericks, OpenVPN Windows Client 2.3.4, as well as the “OpenVPN Connect” app on android 4.4.2.

Summary

Make these three changes to your config files and bounce pagekite and openvpn daemons:

server.conf

;proto udp
proto tcp

client.ovpn

;proto udp
proto tcp
remote vpn.KITENAME.pagekite.me 1194
http-proxy vpn.KITENAME.pagekite.me 443

pagekite config

cd /etc/pagekite.d
sudo cp 80_sshd.rc.sample 80_vpn.rc
vi /etc/pagekite.d/80_vpn.rc

service_on = raw/1194:vpn.KITENAME.pagekite.me : localhost:1194 : @kitesecret

That's it!

Comments

  1. ConcernedCitizen said on 2014-07-16, 19:17
    Thanks, this worked like a charm -- exactly what I was looking for.
    Permalink
  2. DsL said on 2015-09-20, 15:56
    Please could you provide pagekite config for windows?
    Permalink
  3. DsL said on 2015-09-20, 16:15
    I found out it is the same. I was starting pagekite with paramters that ignored pagekite.cfg.
    Permalink
  4. Saint said on 2016-07-02, 13:44
    This didn't work in raspberry pi for some reason,

    /var/log/pagekite/pagekite.log says:

    on_port=1194; proto=raw; domain=vpn.xxxxxx.pagekite.me; is=BE; remote_ip=xxxxxx; socket_error=[Errno 111] Connection refused; id=s1

    Client is android, I've tried different clients in android and setting the proxy directly within openVPN connect as well. No results.

    ssh works over exact same setup, openvpn works over local network with exact same setup. Any ideas/pointers?
    Permalink
  5. saint said on 2016-07-02, 19:43
    I got it - very stupid but I had uncommented

    # Which local IP address should OpenVPN
    # listen on? (optional)
    ;local 192.168.xx.xx

    for some reason, re-commented it and worked!!
    Permalink
  6. Deep Web said on 2016-07-10, 13:28
    I use HMA regularly but recently changed and now using PureVPN. Their speed is quite amazing as a VPN. they also provide a lot of functions. they have good support that replies in a timely fashion.
    Permalink

Leave a comment

( (Please leave these blank: )

We use Gravatar for commenter's photos. Get your own, it's free!

Wiki

Links