After years of running my own VPN servers, I finally decided to save costs. After examining some VPN providers, I went with Hide My Ass (HMA). This is a short review of how I got everything working on Debian Squeeze.
HMA provides both openvpn as well as pptp servers. I went with openvpn servers as they are more secure than pptp servers.
Note: Go with openvpn rather than pptp, as pptp can be very easily blocked. In fact many oppressive regimes do. Openvpn with TCP connects over port 443 and traffic is indistinguishable from normal HTTPS traffic, making it very difficult to block.
Account setup with HMA was instant. Registered and paid and got the account details in the email. Rating: Excellent.
The configuration files on this page are enabled for TCP connectivity. TCP works but connection speed is slower than UDP. I emailed support asking for UDP configuration. Support replied in a day and sent me the UDP configuration files, which work fine. Rating: Very Good. Support is not instant, but they do answer to the point, in a day. This is acceptable to me.
Note: There are cases where TCP is the only option that works, as some administrators block UDP connectivity. Try and see which one works for you.
Speed and Stability
Servers are very stable. Connections are fast. I have been connected to a VPN server for about 10 hrs at a stretch today and there has not been any disconnection. I am on a 4 Mbps plan [4 Mbps down with about 1 Mbps up] with my ISP. Testing from London/Amsterdam/Frankfurt gives me an average 3.6 Mbps down with 626 Kbps up. Quite good.
All videos from Youtube/Godtube/Vimeo play smoothly.
Setting up on Debian Squeeze
Perform the following steps in order to get your connection working. All steps are to be performed as root.
First, install openvpn [apt-get install openvpn.]
Extract the zip file [either downloaded from here (for TCP) or the one that support sent by email for UDP, into
/etc/openvpn/. I created a new folder called HMA and put them inside that folder. In my case, the path to the configuration files is
The configuration files are setup to ask for the username and password of your HMA account each time you connect. I wanted my connection automated – connect at boot automatically. To do this:
Create a file say password.txt [call it anything you want] in the same folder as your configuration files. Enter the username on the first line and the password on the second line. Save the file and exit.
Note: Take care to ensure that there is nothing else in the password file.
Open the configuration file you want to use, and change the following line:
Substitute the correct path and filename of the password file as necessary.
Disable the openvpn service from running automatically by executing the command:
update-rc.d -f openvpn remove
/etc/rc.local and add the following line before the exit statement.
Substitute the correct configuration file for
Save and exit the file.
rc.local runs at boot time by executing the command:
update-rc.d -f rc.local defaults
/etc/rc.local should normally run at boot time. Since we have added openvpn to it, the connection should automatically be started.
As I said earlier, connections are very stable. In the event of a disconnection, openvpn should automatically re-connect.
Just in case, openvpn does not reconnect, here is a script that you can add to your cron job to make it connect again.
Save the following script as
vpn_restart.sh [I have saved it in
#uncomment the line for debug_out you want to use
#use /dev/stdout only when not calling from cron
if [ "$debug_out" = "/dev/stdout" ]
tun_up=`/sbin/ifconfig -a | grep tun0 | cut -d ' ' -f1`
if [[ $tun_up == "tun0" ]]
echo "Connection ok" > /dev/null
echo "Connection lost" | logger $logopts
Substitute the relevant file and path for
Make the script executable by running
chmod +x vpn_restart.sh
All this script does is to check if interface tun0 (the vpn interface) is up. If not, it calls openvpn to reconnect.
crontab -e and add it as follows:
0-59/10 * * * * /usr/bin/vpn_restart.sh
The 10 indicates that the script runs every 10 minutes. Change it to whatever you desire.
To start openvpn without restarting the system:
Open a terminal and run:
You should be connected. Enjoy fast, safe, encrypted connections.
Since HMA allows server switching, I have set up openvpn to automatically connect to a random fast server at boot and also if it reconnects after disconnection (through the CRON JOB as indicated above).
Here is how to do this:
Edit the desired configuration files you want to use, to pass the username and password automatically to the server, as indicated above.
Copy the edited files to a separate directory (say
/etc/openvpn/FINAL). Rename the files as CONN0.ovpn, CONN1.ovpn etc.
Save the following shell script as
random_connection.sh in that directory.
t1=$((`cat /dev/urandom|od -N1 -An -i` % 4))
The second line uses urandom to generate a random number between 0 and 4 in my example. Change the 4 to the number of files you have named as CONN in that directory.
/etc/rc.local and change the openvpn line to:
Similarly change the openvpn line in
Restart your system and enjoy.
Written by Michael R.M. David