VPN Installation and Configuration Guide
Configuration Files (OVPN)
The file naming conventions is based on the following:
Those with prefix IPv4 meant the connection will secure only IPv4 traffic. Click here if you want to know more about IPv4 and IPv6
- Traffic Method:
There are THREE type of traffic methods supported by BolehVPN
- FullyRouted – All traffic to the Internet will be going thru the OpenVPN tunnel
- Proxied – Only Application or Software that supports proxy setup will direct its Internet traffic thru the VPN tunnel
- SurfingStreaming – This is the same as FullyRouted except that you cannot use this for peer-to-peer (P2P) download using bittorrent or similar P2P applications. SurfingStreaming is traffic is heavily-filtered to provide smooth browsing accessing contents that are geo-locked to the host nation only. This will be useful if you want to access iTunes USA stores or streaming Youtube USA only contents.
This is the Location or the exit gateway of the server.
There is two standard protocols in the Internet traffic, a TCP and UDP. If there is no mentioned of protocol, then the Internet traffic will be using UDP as it is a much faster protocol for VPN in most cases and a TCP protocol is viable when your ISP blocks UDP traffic.
- IP Type
BolehVPN provides users the option to either shared an IP address or have one Dynamic Dedicated IP address assigned to you after a connection is made. A shared IP Address is the default and as such there will be no mentioned of this in the file naming while those with Dedicated-IP mentioned, a temporarily IP address is assigned to you during the connection period.
If, for examples, in the Choose file drop box during the import of Configure AsusWRT OpenVPN Clients, you wanted to have all your Internet traffic goes thru the VPN tunnel with an exit gateway located in the United Kingdom, then you will select either IPv4-FullyRouted-UK or IPv4-FullyRouted-UK-TCP.
For best performance, always select the non-TCP suffixes as the default and change to TCP if you can’t get a good performance in speed.
Server locations: Canada, Germany, Netherlands, Switzerland, UK
All these configurations are in a proxied setup which means you will need to set up your software before using the VPN. Any software that is not configured will go through your regular unprotected internet connection. Proceed to Step 4 to learn how to configure your software when you are ready.
- Does not affect other latency sensitive applications like MSN/surfing/gaming therefore you can do all your other tasks without feeling any slowdown. VPNs in general add latency to your connection.
- Works well for most purposes and well seeded torrents
- If properly configured, an interruption of your connection to our VPN servers will not leave you exposed.
- You will not be fully connectable and will appear as firewalled. This is inevitable as it uses a proxy. This might reduce your ability to connect to peers and is relevant when the seeder/peer ratio is bad or there are very few people on the torrent. This also gives you LowID with Emule
- Requires the program you wish to pass through the VPN to have SOCKS Proxy support and be configured appropriately.
- Some programs due to faulty programming do not use the VPN proxy exclusively and may still use your regular connection for certain connections. Therefore this is not suitable for those who wants complete privacy.
- Slightly higher overhead due to usage of a SOCKS proxy.
b. Fully Routed
Server locations: Canada, France, Germany, Luxembourg, Netherlands, Singapore, Sweden, Switzerland, UK
‘Fully Routed’ is different where all your data is automatically routed to the VPN. This means everything including surfing, internet messengers (Skype) and any other software that requires an internet connection will have go through the VPN.
You do not need to configure your programs to use the VPN if you use this.
- Offers a high degree of privacy/security for your internet enabled applications
- Painless setup since once you are connected to the VPN; you need not configure anything else
- May work better with poorly seeded trackers
- Increases latency/lag on all other applications that means surfing, Skype and everything else that uses the internet will have a longer response time due to the additional route your internet connection has to take.
Server locations: United States, United Kingdom, Malaysia, Italy, Japan
The Surfing/Streaming servers CANNOT be used for P2P but is especially good for streaming US-only content such as Hulu, Pandora, Veoh and such.
Note that there are SurfingStreaming-TCP options that are intended only for people with firewalls that do not allow UDP connections. Please stick with the non-TCP servers if possible as they are faster and more stable unless absolutely necessary.
Specifying a proxy is unnecessary. It works similarly as the ‘Fully Routed’ configurations where you could just connect and start surfing!
However certain internet-enabled programs might not work while this setting is applied.
Server location: Canada, France, Germany, Italy, Singapore, Japan, United States, United Kingdom
In order to bypass the strict internet firewall in countries such as China and Iran, we have prepared the Cloak configurations, an improvement over our older Cloak-Routed configurations.
Please take note that the Cloak configuration also has suffixes that determine the type of connection it will make, which corresponds to the other 3 configurations mentioned above.
For Cloak-Proxy, proxy settings must be configured and this can be viewed in Step 4.
e. TCP Servers
Server location: Canada, France, Germany, Italy, Singapore, United States, United Kingdom
The TCP servers suffixes in some of our configuration allow you to bypass corporate/campus firewalls. This should be only used if you are unable to connect to our servers due to a firewall. This works on the majority of the firewalls but there are still setups out there that can block it. You can also use this if you suffer from a poor internet connection with packet loss. Please note that the TCP protocol will not be as fast as the other UDP servers.
These servers work as Proxied, FullyRouted, SurfingStreaming, xCloakRouted, or xCloakProxy servers based on the name, meaning you would need to configure your software to use proxies in order to divert the traffic through the VPN only if you use the Proxied TCP servers. You can see this is done in the next step.
Server location: Canada, Netherlands, Singapore
BolehGeo allows you to access sites that are restricted to US address without the use of a VPN. In other words, the lag and overhead inherent from using a VPN are eliminated, thus faster streaming speeds can be observed. This also means that you won’t be getting the privacy and security benefits that would otherwise be present with the use of a VPN.
Please take note that this feature is strictly for making your computer appear from the US on geo-specific media sites.
We have tested this list of streaming services and found that they work well with this new feature.
3. Hulu Plus
Do let us know if there are any geo-restricted sites for the US that you would like to see added to this list and how this works out for you! Remember to clear your cookies before trying out the sites!
Configuration of Applications (Only for proxied configurations)
If you are using any ‘Proxied’ server, you would need to configure your programs to go through the VPN (unless you don’t want them to).
Fully Routed and Surfing/Streaming configurations do not require these additional steps as all your data will be redirected through the VPN automatically once you are connected.
Click on a button below to view the program’s configuration.
We highly recommend qBittorrent for Windows users and Vuze for Macs. Vuze is the only Mac torrent client with full Socks proxy support which is required for our proxied configurations (PublicTracker/PrivateTracker).
If your program is not listed here, do not fret! As long as your program supports Socks Proxies, you only need to enter the following details in the relevant fields:
- Hostname: 10.10.10.1
- Port: 1080
- Type of Proxy: Socks 5
- No authentication
For other browsers and download managers, you will need to configure the HTTP proxy. You can also opt for SOCKS proxy if needed.
- Hostname: 10.10.10.1
- Port: 808
- Type of Proxy: HTTP
- No authentication
You can also always drop by our Support Forums to ask for help in configuring a particular program.
To have additional privacy at the cost of speed, you can combine BolehVPN with TOR.
Please note that it is not recommended to P2P over TOR.
There are two ways each with their respective pros/cons:
Using BolehVPN over TOR
Download and launch TOR browser bundle. Open BolehVPN client and go to Proxy Settings and enter in the following parameters:
- Proxy type: Socks
- Server: 127.0.0.1
- Port: 9150
Connect to BolehVPN with one of the FullyRouted-TCP/xCloakRouted-TCP connection options. We are currently looking at expanding our server options that support TCP. Please note that TCP is slower than UDP. TOR does NOT support UDP at the moment.
- Additional privacy layer (our VPN server will not see your real IP address but the IP of the TOR exit node)
- Option to connect to web sites under TOR protection, even to those sites which refuse TOR connections
- Usage of TOR even by the programs which don’t support it
- Access to TOR from all the applications transparently: no need to configure each application, one by one
- Avoidance of any traffic discrimination from TOR exit nodes (packets are still encrypted when they pass through TOR exit node)
- Major security layer in the event you pass through a compromised/malicious TOR exit node (packets are still encrypted when they pass through the TOR exit node)
- Poor performance
Using TOR over BolehVPN
This setup is not as beneficial as the above but it is useful if you wish to hide TOR traffic from your ISP provider. If you wish to connect over TOR over BolehVPN:
- Connect to a Fully-Routed BolehVPN server
- Launch Tor
All the applications configured to connect over TOR will connect over TOR over BolehVPN. All the applications not configured for TOR will simply connect over the VPN.
- Our servers can see your real IP address.
- Our servers can not see your traffic content, real origin and real destinations.
- The TOR entry-node will not see your real IP address, it will see the exit-IP address of the VPN server you’re connected to.
- Your are not protected against malicious TOR exit nodes if you send/receive unencrypted traffic to/from the final host you connect to.
Troubleshooting and Getting Help
If you do need help, there are a few steps you need to do to get you full support access.
We do this to verify the identity of our customers and protect their privacy.