Using the VPN service from Hide My Ass on GNU \ Linux Slackware 13.0

Hi habraedi.
I decided to describe the configuration of the VPN service from Hide My Ass ( HMA ) on a router with GNU \ Linux Slackware 13.0 OS.


Please do not rush slippers, after all the first publication. Complaints about the missing commas are accepted with gratitude.

So let's get started.
Task: selectively send traffic of users of the local office network to some sites in the tunnel.
There is a machine with Slackware 13.0 that distributes the Internet in a small office.
It has two network cards:
Eth0 - “looks” to the local office network (192.168.1.1/24)
Eth1 - “looks” on the Internet and has a white ip.
')
The following requirements are specified in the README for HMA configs:
Requirements:

openvpn 2.1+
curl
Root access

If you need to update OpenVPN. And curl
I had:
ls -al /var/log/packages/|grep openvpn
-rw-r--r-- 1 root root 7205 2010-02-23 10:51 openvpn-2.1.1-i486-2gds
ls -al /var/log/packages/|grep curl
-rw-r--r-- 1 root root 7269 2010-02-23 10:59 curl-7.19.6-i486-1

When connecting, the HMA VPN service changes the Default Getway, so we will need to make some changes to the client config to connect to the HMA servers.
For desktop users, the service works as follows:
In the console, go to the folder with the unzipped HMA VPN configs.
To select a server for connection, do the following:
./hma-start -l
USA, Arizona (Phoenix)
USA, California (Los Angeles)
USA, California (Orange County)
USA, California (San Diego)
USA, Florida
USA, Georgia
USA, Illinois, Chicago
USA, New Jersey
USA, New York
USA, Oregon (Portland)
USA, Pennsylvania
USA, Texas (2)
USA, Texas (Dallas)
USA, Virginia
USA, Washington (Seattle)
USA, Washington DC
Canada, Quebec
Canada, Quebec 2
United Kingdom, Cheltenham
United Kingdom, Cheltenham (#2)
United Kingdom, London
United Kingdom, Maidenhead
United Kingdom, Manchester
Netherlands, Amsterdam
Germany, Bavaria (Nuremberg)
Germany, Hessen (Frankfurt)
Ireland, Dublin
Sweden, Vasternorrlands Lan
Estonia (Tallinn)
Russia (Moscow)

And then use the kosand:
hma-start "Country name"

This approach does not suit us, because we need to manually enter the login \ password and the “Country name”, and the default getway changes, which makes it impossible to access the router from the Internet.

We add such options to the config for connection:
# hma.pwd,
auth-user-pass ./hma.pwd

# default getway
route-nopull
# vkontakte.ru
# HMA VPN. .
route 93.186.0.0 255.255.0.0

# random
remote-random

#Ireland_Dublin
remote 212.78.230.30 443

# Amsterdamm
remote 195.242.152.162 443

# Frankfurt , Germany
# remote 78.159.102.209 443

# UK,London
#remote 77.92.92.161 443

#UK,Manchester
#remote 89.238.165.132 443

# Germany, Bavaria (Nuremberg)
remote 78.46.46.106 443

# Sweden, Vasternorrlands Lan
#remote 95.143.192.60 443

# Estonia (Tallinn)
remote 80.79.113.114 443

# United Kingdom, Maidenhead
remote 213.229.83.26 443

We needed servers in Europe.
I got a list of ip to connect in this way:
In the browser entered the address , where COUNTRY is the "Country name" of the output
“Hma-start -l”.
Be careful. Servers may change over time. Check them out on the HMA website.

To control the start / stop / restart daemon openvpn used a script from GNU \ Linux Debian.

Unforgettable to add to the firewall:
$IPTABLES -t nat -A POSTROUTING -o tun1 -j MASQUERADE

Add to /etc/rc.d/rc.local:
modprobe tun
if [ -x /etc/rc.d/rc.openvpn-hma ]; then
/etc/rc.d/rc.openvpn-hma start client
fi
We have the following picture:

mtr vkontakte.ru
Host Loss% Snt Last Avg Best Wrst StDev
1. 212.78.230.215 0.0% 11 199.4 174.6 131.2 211.2 28.2
2. 212.78.230.2 0.0% 11 171.2 179.2 117.4 274.6 44.2
3. 212.78.224.1 0.0% 11 146.6 167.5 126.8 206.8 22.5
4. ae0-111-xcr1.duc.cw.net 0.0% 11 210.9 181.2 137.1 210.9 22.9
5. xe-5-0-0-xcr1.lsw.cw.net 0.0% 11 152.2 180.5 143.2 217.8 22.8
6. rostele-gw.lsw.cw.net 0.0% 11 202.3 176.9 121.9 249.9 39.7
7. so-1-0-0.spbr-rgr2.sz.ip.rostelecom.ru0.0% 10 251.5 218.5 183.9 258.2 25.9
8. ???
9. srv249-226.vkontakte.ru 0.0% 10 199.2 204.1 170.2 268.2 33.6
10. ???
11. srv5-226.vkontakte.ru 0.0% 10 156.2 189.4 156.2 241.3 30.5


Thanks for attention.
I hope this material will be useful to you.

PS Please do not consider this material as advertising. Just use this service.