Hotspot Shield with Ubuntu

Hotspot Shield is a free VPN service with a Microsoft Windows and MacOSX client. Recently, AnchorFree Inc released an iPhone VPN service too. Based on this service, it's possible to use Hotspot Shield with Ubuntu.

This might be of some interest for user who are not located in the USA. Since Hotspot Shield offers a US-based endpoint, you might want to use it for services currently unreachable due to geolocation measures.

The service uses L2TP (without IPSEC). Funny enough, this seems to be the worst supported protocol on Ubuntu, when it comes to easy configuration. Neither Network-Manager, nor KVpnc do support a simple setup.

If you're willing to use the terminal and a text editor, here's how you do it:

Before you configure your local computer, visit the Hotspot Shield for iPhone Website. Click on "Get Account ID" and save the information you're getting. In fact, you'll only need you username/password and the server IP. Don't forget to replace these credentials while editing the xl2tpd config as follows:

1) Install xl2tpd

sudo apt-get install xl2tpd

2) Edit /etc/xl2tpd/xl2tpd.conf and add

[lac hotspotshield]
lns = HotSpotShieldServerIP
require chap = yes
refuse pap = yes
require authentication = yes
; Name should be the same as the username in the PPP authentication!
name = YourHotSpotShieldUsername
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

3) Create /etc/ppp/options.l2tpd.client with the following content

ipcp-accept-local
ipcp-accept-remote
refuse-eap
noccp
noauth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
connect-delay 5000

4) Edit /etc/xl2tpd/l2tp-secrets, /etc/ppp/chap-secrets and /etc/ppp/pap-secrets, add

"YourHotSpotShieldUsername" HotSpotShieldServerIP "YourHotSpotShieldUsername"

5) Start the deamon

sudo /etc/init.d/xl2tpd start

6) Connect to HotSpot Shield

sudo su
echo "c hotspotshield" > /var/run/xl2tpd/l2tp-control
route add -net 0.0.0.0 dev ppp0

7) Disconnect from HotSpot Shield

sudo su
echo "c hotspotshield" > /var/run/xl2tpd/l2tp-control

If you're running AdBlock Plus, you might notice some empty space on top of every page you're visiting. That's the HotSpot Shield advertising bar, which shows random commercial to finance their service. So either disable Firefox to allow AnchorFree to continue the service, or add "http://box.anchorfree.net/*" to your rule set.

Comments

hello,i followed your guide

hello,i followed your guide and cannot create a ppp0 device.i notice that there is a "pppoptfile = /etc/ppp/options.l2tpd.client" in your config file is missing on my system,where can i find the options.l2tpd.client file?
thanks

My fault. I forgot to include

My fault. I forgot to include options.l2tpd.client. See updated posting.

well i think this vpn

well i think this vpn htts://www.ultravpn.fr has been around for a while and he’s completely free. As far as I know most people use it in the UAE where Skype is blocked. The speed is probably more than the average US broadband. I download at 700kb/s with this VPN.
I don’t really understand what trustworthy means? As long as Skype is unblocked and your computer is virus free for foreclosures, what else do you want? They cannot listen to your Skype conversations because Skype is encrypted. But even if they could, who cares?!

Don't you wish Ubuntu would

Don't you wish Ubuntu would include a GUI configuration tool for L2TP VPN? There is already one for PPTP but not for L2TP, which is the preferred technology.

Tristan

I do. It's even more funny

I do. It's even more funny with KVpnc, which offers L2TP over IPSEC, but not L2TP standalone.

Hi I've tried your how to but

Hi I've tried your how to but when i type route add -net 0.0.0.0 dev ppp0 i revice "SIOCADDRT: No such device"

What have i forgot?

Mechanius

Stop xl2tpd (sudo

Stop xl2tpd (sudo /etc/init.d/xl2tpd stop) and run the deamon (as root) on console (xl2tpd -D). Try to connect to Hotspot Shield and watch out for error messages.

I had the same error and read

I had the same error and read this
I still dont know what to do after stopping xl2tpd, could you please provide more explanation?

Hi, I am having the same

Hi, I am having the same problem here...
When I attempt to use the command to: route add -net 0.0.0.0 dev ppp0
I get SIOCADDRT: No such device
I tried stopping it and opening starting it again, but I get to the same problem every time... Can U help me?

thanks

Thank you! I see now some

Thank you!

I see now some errors:
...
xl2tpd[25917]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[25917]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[25917]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[25917]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[25917]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[25917]: Connecting to host 64.55.144.10, port 1701
xl2tpd[25917]: Connection established to 64.55.144.10, 1701. Local: 14540, Remote: 41535 (ref=0/0).
xl2tpd[25917]: Calling on tunnel 14540
xl2tpd[25917]: check_control: Received out of order control packet on tunnel 41535 (got 0, expected 1)
xl2tpd[25917]: handle_packet: bad control packet!
xl2tpd[25917]: check_control: Received out of order control packet on tunnel 41535 (got 0, expected 1)
xl2tpd[25917]: handle_packet: bad control packet!
xl2tpd[25917]: Call established with 64.55.144.10, Local: 63365, Remote: 40632, Serial: 1 (ref=0/0)
xl2tpd[25917]: start_pppd: I'm running:
xl2tpd[25917]: "/usr/sbin/pppd"
xl2tpd[25917]: "passive"
xl2tpd[25917]: "-detach"
xl2tpd[25917]: ":"
xl2tpd[25917]: "refuse-pap"
xl2tpd[25917]: "auth"
xl2tpd[25917]: "require-chap"
xl2tpd[25917]: "name"
xl2tpd[25917]: "removedpassword"
xl2tpd[25917]: "debug"
xl2tpd[25917]: "file"
xl2tpd[25917]: "/etc/ppp/options.l2tpd.client"
xl2tpd[25917]: "/dev/pts/3"
xl2tpd[25917]: Maximum retries exceeded for tunnel 14540. Closing.
xl2tpd[25917]: Trustingly terminating pppd: sending TERM signal to pid 26096
xl2tpd[25917]: pppd 26096 successfully terminated
xl2tpd[25917]: Connection 41535 closed to 64.55.144.10, port 1701 (Timeout)
xl2tpd[25917]: Unable to deliver closing message for tunnel 14540. Destroying anyway.

But I can't understand what I have to fix.

It seems you tried to often

It seems you tried to often and the server is refusing the connection. Try again later.

I followed all the steps, but

I followed all the steps, but I don't know what to do next. How do I use this with firefox?

If the tunnel is established,

If the tunnel is established, all traffic is directed through the tunnel. So just browse the web.

I have got similar problem to

I have got similar problem to Mechanius, and running the debug gives similar messaging.

was unsure if quotations were to be used around username and password in the files so tried with and without and still same problem.

ifconfig gives the following info:-
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.200.10.3 P-t-P:10.200.10.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1410 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:15274648 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3

sudo xl2tpd -D gives me

sudo xl2tpd -D

gives me this

xl2tpd[7573]: setsockopt recvref: Protocol not available
xl2tpd[7573]: L2TP kernel support not detected.
xl2tpd[7573]: xl2tpd version xl2tpd-1.2.0 started on COMPUTER PID:7573
xl2tpd[7573]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[7573]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[7573]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[7573]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[7573]: Listening on IP address 0.0.0.0, port 1701

Please complete your tutorial so everyone can make this work!

Yeah, I get the exact same

Yeah, I get the exact same messages. Please help.

i think this way for who

i think this way for who using usb dsl modem not for using network card - ethernet cards : )

I'm using plain ethernet.

I'm using plain ethernet.

but anyway it's very good

but anyway it's very good work : )

So this doesn't work with

So this doesn't work with ethernet card?

thanks so very much!!! never

thanks so very much!!! never would have been able to figure that out by myself

sorry, was happy too early.

sorry, was happy too early. doesn't work.

xl2tpd[30207]: setsockopt recvref: Protocol not available
xl2tpd[30207]: L2TP kernel support not detected.
xl2tpd[30207]: xl2tpd version xl2tpd-1.2.0 started on prpc073 PID:30207
xl2tpd[30207]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[30207]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[30207]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[30207]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[30207]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[30207]: Connecting to host 64.55.144.10, port 1701
xl2tpd[30207]: Connection established to 64.55.144.10, 1701. Local: 58002, Remote: 55920 (ref=0/0).
xl2tpd[30207]: Calling on tunnel 58002
xl2tpd[30207]: check_control: Received out of order control packet on tunnel 55920 (got 0, expected 1)
xl2tpd[30207]: handle_packet: bad control packet!
xl2tpd[30207]: check_control: Received out of order control packet on tunnel 55920 (got 0, expected 1)
xl2tpd[30207]: handle_packet: bad control packet!
xl2tpd[30207]: Call established with 64.55.144.10, Local: 12895, Remote: 46612, Serial: 1 (ref=0/0)
xl2tpd[30207]: start_pppd: I'm running:
xl2tpd[30207]: "/usr/sbin/pppd"
xl2tpd[30207]: "passive"
xl2tpd[30207]: "-detach"
xl2tpd[30207]: ":"
xl2tpd[30207]: "refuse-pap"
xl2tpd[30207]: "auth"
xl2tpd[30207]: "require-chap"
xl2tpd[30207]: "name"
xl2tpd[30207]: "yzoutm"
xl2tpd[30207]: "debug"
xl2tpd[30207]: "file"
xl2tpd[30207]: "/etc/ppp/options.l2tpd.client"
xl2tpd[30207]: "/dev/pts/2"

ubuntu 8.10

ifconfig gives me something

ifconfig gives me something crazy like that:

ppp0 Link encap:Point-to-Point Protocol
inet addr:10.200.10.15 P-t-P:10.200.10.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1410 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:2225860 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:42 (42.0 B) TX bytes:777044207 (777.0 MB)

it seams a lot of data got sent, but nothing comes back...

seems to be the same problem

seems to be the same problem as mechanimus and teech.

Maybe we should open some

Maybe we should open some ports and nat them on our home router?

Markus, Thank you for this

Markus,

Thank you for this guide, soon as I became aware that HotspotShield was available to iPhone, I started studding Linux VPN clients. Xl2tpd was already installed and I was struggling to configure it. It is really a shame that linux doesn't have any graphical tool to set L2TP without IPSEC VPNs up.

Like other readers I am facing problems, shown on xl2tpd -D output:

"xl2tpd[9612]: This binary does not support kernel L2TP.
xl2tpd[9612]: xl2tpd version xl2tpd-1.1.12 started on evristow PID:9612
xl2tpd[9612]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[9612]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[9612]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[9612]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[9612]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[9612]: No such tunnel 'hotstopshield'
xl2tpd[9612]: No such tunnel 'hotstopshield'
xl2tpd[9612]: Connecting to host 64.55.144.10, port 1701
xl2tpd[9612]: Connection established to 64.55.144.10, 1701. Local: 47971, Remote: 63379 (ref=0/0).
xl2tpd[9612]: Calling on tunnel 47971
xl2tpd[9612]: check_control: Received out of order control packet on tunnel 63379 (got 0, expected 1)
xl2tpd[9612]: handle_packet: bad control packet!
xl2tpd[9612]: check_control: Received out of order control packet on tunnel 63379 (got 0, expected 1)
xl2tpd[9612]: handle_packet: bad control packet!
xl2tpd[9612]: Call established with 64.55.144.10, Local: 8792, Remote: 40104, Serial: 1 (ref=0/0)
xl2tpd[9612]: start_pppd: I'm running:
xl2tpd[9612]: "/usr/sbin/pppd"
xl2tpd[9612]: "passive"
xl2tpd[9612]: "-detach"
xl2tpd[9612]: ":"
xl2tpd[9612]: "refuse-pap"
xl2tpd[9612]: "auth"
xl2tpd[9612]: "require-chap"
xl2tpd[9612]: "name"
xl2tpd[9612]: "4j558x"
xl2tpd[9612]: "debug"
xl2tpd[9612]: "file"
xl2tpd[9612]: "/etc/ppp/options.l2tpd.client"
xl2tpd[9612]: "/dev/pts/2"
xl2tpd[9612]: Maximum retries exceeded for tunnel 47971. Closing.
xl2tpd[9612]: Untrustingly terminating pppd: sending KILL signal to pid 10057
xl2tpd[9612]: pppd 10057 successfully terminated
xl2tpd[9612]: Connection 63379 closed to 64.55.144.10, port 1701 (Timeout)
xl2tpd[9612]: Unable to deliver closing message for tunnel 47971. Destroying anyway."

My suspicion lays upon the "handle_packet: bad control packet!", do you have any idea what can this means and how can it be solved?

The actual situation is no web traffic at all when the VPN is running.

Thanks again!

Regards,
Eduardo Ristow

Otherwise it could be a

Otherwise it could be a routing failure.

Markus, can you print your routing table and a traceroute to the endpoint and to a public site?

I don't think there are

I don't think there are quotation marks in the user name field in the config files. I'm getting strange responses from my system after connecting.

First I run xl2tpd -D, then in another terminal I connect to hotspotshield
I get this response:
xl2tpd[10794]: setsockopt recvref: Protocol not available
xl2tpd[10794]: L2TP kernel support not detected.
xl2tpd[10794]: xl2tpd version xl2tpd-1.2.0 started on kamix PID:10794
xl2tpd[10794]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[10794]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[10794]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[10794]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[10794]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[10794]: Connecting to host 64.55.144.10, port 1701
xl2tpd[10794]: Connection established to 64.55.144.10, 1701. Local: 5812, Remote: 42839 (ref=0/0).
xl2tpd[10794]: Calling on tunnel 5812
xl2tpd[10794]: Call established with 64.55.144.10, Local: 36452, Remote: 1249, Serial: 1 (ref=0/0)
xl2tpd[10794]: start_pppd: I'm running:
xl2tpd[10794]: "/usr/sbin/pppd"
xl2tpd[10794]: "passive"
xl2tpd[10794]: "-detach"
xl2tpd[10794]: ":"
xl2tpd[10794]: "refuse-pap"
xl2tpd[10794]: "auth"
xl2tpd[10794]: "require-chap"
xl2tpd[10794]: "name"
xl2tpd[10794]: "n69hmq"
xl2tpd[10794]: "debug"
xl2tpd[10794]: "file"
xl2tpd[10794]: "/etc/ppp/options.l2tpd.client"
xl2tpd[10794]: "/dev/pts/2"

When I create dev ppp0 and try to load a random site in firefox, there is a lot of data being sent but none being received. This is my response from ifconfig:

ppp0 Link encap:Point-to-Point Protocol
inet addr:10.200.10.6 P-t-P:10.200.10.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1410 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:1062087 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:42 (42.0 B) TX bytes:370779312 (370.7 MB)

That's 370.7MB sent.... hmm.
Something is really wrong here. I don't think we can manually route.. I read somewhere that using route add -net 0.0.0.0 dev ppp0 is a hack. Anyone have this up and running? I REALLY hate logging into windows to use HotSpotShield.

Thanks dude this is a great

Thanks dude this is a great Tutorial :)

I'v got this error after

I'v got this error after running xl2tpd -D :

xl2tpd[29609]: init_network: Unable to bind socket: Address already in use. Terminating.

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Syndicate content