In Ukraine, providers are prohibited from routing traffic to prohibited sites, the list of which is determined by the National Security and Defense Council of Ukraine. However, there are no penalties for unblocking these sites by the end user. Sometimes you need to get information or work with some services, for example Yandex Connect. Using the Zaborona Help service, you can bypass the lock. Below is a small tutorial on how to do this.
- Download key and certificates in the /config/auth directory
curl -o /config/auth/zaborona-help.crt https://zaborona.help/zaborona-help.crt curl -o /config/auth/zaborona-help.key https://zaborona.help/zaborona-help.key curl -o /config/auth/zaborona-help-ca.crt https://zaborona.help/ca.crt
- Create a new openvpn interface in client mode (if the system already has an interface “vtun0”, enter another interface, for example “vtun1”)
set interfaces openvpn vtun0 mode client set interfaces openvpn vtun0 hash sha1 set interfaces openvpn vtun0 encryption aes128 set interfaces openvpn vtun0 remote-port 1194 set interfaces openvpn vtun0 remote-host vpn.zaborona.help set interfaces openvpn vtun0 openvpn-option "--nobind" set interfaces openvpn vtun0 openvpn-option "--tun-mtu 1500" set interfaces openvpn vtun0 openvpn-option "--mssfix 1450" set interfaces openvpn vtun0 openvpn-option "--sndbuf 524288" set interfaces openvpn vtun0 openvpn-option "--rcvbuf 524288" set interfaces openvpn vtun0 openvpn-option "--verb 3" set interfaces openvpn vtun0 tls cert-file /config/auth/zaborona-help.crt set interfaces openvpn vtun0 tls key-file /config/auth/zaborona-help.key set interfaces openvpn vtun0 tls ca-cert-file /config/auth/zaborona-help-ca.crt
- Create a NAT rule (if the system already has a NAT rule on the number “1”, enter another number, for example “10”)
set nat source rule 1 description --==ZABORONA==–
set nat source rule 1 outbound-interface vtun0
set nat source rule 1 translation address masquerade
- Activate the configuration and save it
commit
save