PogoPlug, OpenVPN and ArchLinux

In my continuing adventures with the PogoPlug V4, I decided to get OpenVPN working. The install was easy enough, but getting the configuration correct turned into a literal project—it has it’s own GitHub repository.

My VPN provider of choice is TunnelBear1. I started with them about a year ago because of their free service. The free accounts get 500 MB of data transfer per month. That’s not a lot, but it’s enough to get me out of a data emergency. Like the time I had to log into my bank from a supermarket’s free WiFi. They also have a promotion where sending a tweet from the app will add 1 GB of data to your account. That’s enough to get me through a usual month.

As I’ve been building out the PogoPlug these last few days, I started looking at VPN providers in general. The service plans among the varied providers are quite similar. I checked back with TunnelBear to see about their Linux support. I’ve been impressed with their Mac and iOS apps which are easy to use and are updated regularly. They provide a bare-metal2 OpenVPN service for Linux users. A paid “Giant” or “Grizzly” account is also needed for OpenVPN access. Since I already had their apps installed, it was a simple choice to try out their unlimited service for a month.

The configuration files are provided, but there is no support other than a short list of steps on their blog. The steps are correct and succinct—for a Linux desktop environment. Getting them working on a headless server is another story altogether.

The first pet peeve was that the provided configuration files have excessively long file names. For instance:

TunnelBear United Kingdom.ovpn

Also notice that there are spaces in the file name. These files were packaged by someone that didn’t have to type them on the command line. But wait, there’s more! The OpenVPN systemd unit file that launches the openvpn service expects the files to end in .conf.

To get things working I manually renamed the files and put them in the /etc/openvpn directory. This worked, and I could connect. Having the files loose in the openvpn root could lead to confusion if I wanted to add other VPN certificates/configuration files in the future. To prevent naming conflicts I decided to keep them all together in /etc/openvpn/tunnelbear.d/. This promptly broke the systemd unit file that launched OpenVPN.

I rewrote the unit file just for TunnelBear, and everything worked again. But it was missing an easy way to choose an exit point. Since ruby was installed3 on the PogoPlug, I decided to write a menu-based country chooser. The scope of this project had crept from “get OpenVPN working” to “I need to package all this up.” What had started as an idea for a blog post turned into TunnelBear-Helper and a blog post. I don’t think keeping the files for something like this on the blog is the best way to share it. Making a repository for it felt right.

I’ve also got the Pogo imitating an Apple server and hosting my Time Machine backups. More on that later, as verifying the instructions is taking longer than I thought.

Future Pogo hack posts I have planned:

  • Apple file server, with Time Machine backups.
  • Adding WiFi to the Pogo to make a hotspot.
  • Making the hotspot also block ads.

  1. I like that they’re up-front about their policies. They don’t allow P2P/bittorrent traffic over the VPN. They had to choose between logging traffic or blocking bittorrent. By blocking bittorrent, they don’t have to log traffic. It also keeps the data hogs away.
  2. Yes I did totally misuse this phrase. But I also find it oddly appropriate.
  3. It was required by VIM for some reason. Otherwise it was only a pacman -S ruby away.