FreePN is a set of open source (see FLOSS definition) privacy tools for an improved online user experience (and yes, there's even an ISO standard for that).
The FreePN network daemon (fpnd) is a P2P implementation of a distributed virtual private network (dVPN) that creates an anonymous "cloud" of peers where each peer is both a client node and an exit node. Peers are randomly connected on startup and reconnected to new (random) peers as needed.
The FreePN desktop user interface (freepn-gtk3-tray) currently supports GTK3-based XDG-compliant desktop environments, eg, Gnome, Unity, XFCE, and derivatives.
FreePN is not a full VPN solution (eg, openvpn or vpnc) and does not require setup of any pre-shared keys or certs. Traffic over FreePN network links is always encrypted, however, since each network link is independent, the traffic must be decrypted as it passes out of each peer host. When running in "peer" mode, each peer is assumed to be an untrusted host; when running in "adhoc" mode, the hosts can be assumed to be trusted hosts (as they belong to the user).
- we only route www (http and https) and dns (optional) traffic
- traffic routing supports IPv4 only (IPv6 is dropped unless configured not to)
- DNS privacy depends entirely on your DNS config
- the most common local-only DNS config is not routable out-of-the-box
- it takes you to make the changes to stop DNS privacy leaks
- DNS Privacy - DNS and your online privacy
- DNS Setup - Local DNS setup
- DNS Examples - Example configs for systemd, stubby, dnsmasq
- Quick Start - Quick install and setup instructions
- Release Notes - fpnd Software Version Description (latest release)
- Change Log - detailed change history
- Old README - previous (template-based) FOSS readme
Important
If you already installed one of the early 0.9.x or older releases, please upgrade to the latest release (as a bonus you will get an stunnel upgrade plus several lemony-fresh bug fixes). See issue #88 for more details.
We assume you're reading this because you want to take back some control over your online privacy, so the first thing you should do is read the short DNS Privacy doc and then evaluate your own DNS Setup and decide which secure DNS providers suit your needs. If you've already done that (or you're just super impatient ;) then proceed with the following to install the software.
Note
You will need one of the supported Linux distributions below with at least Python 3.6 in order to run this software. On Gentoo you should also have a 5.x kernel.
We test mainly on Gentoo, Ubuntu LTS (Bionic, Focal, Groovy) and Kali Linux. However, the default Python on Xenial lacks sufficient asyncio support, so will not work out-of-the-box.
Before you can install any FreePN packages, you'll need to add the required package repository or overlay.
For all Ubuntu series, make sure you have the gpg
and add-apt-repository
commands installed and then add the PPA:
$ sudo apt-get install -y software-properties-common $ sudo add-apt-repository -y -s ppa:nerdboy/embedded
Note that on kali you will need to edit the file created under
/etc/apt/sources.list.d
for the PPA and change the series name to
focal
, then run sudo apt-get update
again.
For Gentoo or derivatives based on Portage, first install the portage overlay.
Create a repos.conf file for the overlay and place the file in the
/etc/portage/repos.conf
directory. Run:
$ sudo nano /etc/portage/repos.conf/freepn-overlay.conf
and add the following content to the new file:
[freepn-overlay] # Various python ebuilds for FreePN # Maintainer: nerdboy <nerdboy@gentoo.org> location = /var/db/repos/freepn-overlay sync-type = git sync-uri = https://github.com/freepn/freepn-overlay.git priority = 50 auto-sync = yes
Adjust the path in the location
field as needed, then save and exit nano.
Run the following command to sync the repo:
$ sudo emaint sync --repo freepn-overlay
After following the pre-install setup, use the appropriate package manager to install the package for your distro:
- Gentoo -
sudo emerge freepn-gtk3-tray
- Ubuntu -
sudo apt-get install freepn-gtk3-indicator
Then add your local <username>
to the fpnd
group:
sudo usermod -aG fpnd <username>
Note
Replace <username>
with your actual login ID when you run
the above command, then log out and log back in again.
Check your group memberships with the id
command:
$ id uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),115(netdev),118(lxd),995(fpnd)
If you really don't want/need a desktop, you can still install the network component:
- Gentoo -
sudo emerge net-misc/fpnd
- Ubuntu -
sudo apt-get install python3-fpnd
Once installed, the above packages should update normally along with
any other updated system packages (both @world
and dependencies).
It's very important to keep all your system packages up to date, and
especially important when running an alpha release (eg, fpnd-0.9.x
)
since (software) interfaces may (and probably will) break between
releases. Both Gentoo and Ubuntu have ways to notify you when you have
updates waiting (or at least when your package tree is getting stale).
- Gentoo
- Use your preferred tools to keep the overlay synced and check for updates frequently; using the "live" ebuild is left as an exercise for the reader...
- Ubuntu
- Use the Software Updater GUI -- or --
- Use
apt|apt-get
from a terminal window.
When packages update on Ubuntu, you might see something like "The following
packages have been kept back:" followed by one or more package names. This
might happen with FreePN packages if new dependencies are added between
releases. If you see python3-fpnd
in the list of packages kept back,
you can try one of the following commands (instead of the typical
sudo apt-get upgrade
) to resolve dependencies. Start with the first
one:
sudo apt-get --with-new-pkgs upgrade
sudo apt upgrade
sudo apt-get install python3-fpnd
Although there is currently no user config file for the GUI component,
the fpnd
package installs the system settings file /etc/fpnd.ini
.
Most of the entries are there to provide a consistent set of defaults for
different runtime environments, but some are intended for the end-user
to adjust when appropriate.
DNS settings:
- route_dns: Default is
False
; only set toTrue
if you've configured your global (plain-text) DNS settings to use an external/public DNS server, eg Cloudflare (or you already have secure DNS in place) - private_dns_only: Default is
False
; only set toTrue
when you're already running a secure local DNS resolver, eg stubby
Misc settings:
- drop_ip6: Default is
True
; you can disable this if you need local IPv6 working, but you should have your own ipv6 firewall rules in place - default_iface: Default is
None
; you should only need this if you have multiple network interfaces with active routes, then you should set this to the interface name you want FreePN to use - debug: Default is
True
; set this toFalse
for slightly smaller log files
Select FreePN Tray Control from the Applications View or the Internet menu in your desktop of choice, eg, Gnome, Unity, XFCE, etc. You can also run it from an X terminal to get some debug output.
$ freepn-gtk3-indicator