Tag Archives: free

Free Credit Scores

It’s possible to get a free credit score from every major credit bureau by signing up for a few different free accounts. Sites that offer credit scores from each bureau are listed below. Also remember, you can get your free annual credit report from all three bureaus at annualcreditreport.com without signing up for credit monitoring or other services.

Please note: The links to the credit bureaus are for reference. They do not directly provide free credit scores.




Replacing Skype with Google Voice

I’ve been looking to move from Skype to Google Voice. To save cell phone minutes (yes I’m still on a family share plan), I try to use VoIP to make calls when I have access to reliable internet. Unfortunately I the Google Voice app for iOS doesn’t support VoIP, even though it has a dialpad. This is only a callback service that uses your normal cell phone minutes. This app looks like it is on it’s way out, as it hasn’t been updated since September 2013 and hasn’t been updated with an iOS 7 look and feel.

Fortunately, the Google Hangouts app has most of the features you’d expect from a calling/video chat app. It allows you to make VoIP calls to US phone numbers for free and lets you video chat with your other Google contacts. The downside is that you still need the Google Voice app to manage a few voice settings, view missed calls, and listen to voicemails.

Configuring proXPN on iOS

Update: January 10, 2016

With recent changes to proXPN’s setup this guide no longer works. Currently, the proXPN free server is on UDP ports 443, 80, and 8080. With the OpenVPN Connect iOS app, I can connect and authenticate with my free account; however, I cannot ping the route-gateway

Original Post

I’ve been hearing about proXPN on Security Now! and figured I’d give their free (OpenVPN) offering a try. Their free offering limits you to a single VPN server and either 300 kb/s or 600 kb/s of bandwidth (different pages give different restrictions). A VPN is important for protecting unencrypted cookies and other data sent over a coffee shop, hotel network, or other unsecured network.

First of all if you’ve been receiving Transport Error: Transport error on 'd1.proxpn.com': NETWORK_RECV_ERROR errors when trying to import a MacOS or Windows proxpn.ovpn file, simply change your remote server to ios-d2.proxpn.com. As far as I can tell, proXPN has a specific server for iOS OpenVPN clients and their other server disconnects iOS devices resulting in an infinite connect/retry loop.

If you have no idea what I just said, don’t worry, I have two step by step guides. The first is basic; however, it requires you to install an additional app on your phone. The second is advanced and requires editing of config files.

Basic Setup

Get started by going to proXPN and create your account. If you decide to pay for a account, I recommend using offercode SN20 which supports the Security Now! podcast and gives you 20% off.

On your iPhone or iPad, install the OpenVPN Connect and proXPN VPN apps.

proxpn-exportLaunch the proXPN VPN app. Enter the email address and password you used when setting up your account with proXPN. Tap “Not now…” when offered to upgrade to Premium. Tap “VPN Setup ->” and then tap “Import OpenVPN Profile”.

proxpn-openTap “Open in OpenVPN”.

proxpn-importWait for OpenVPN Connect to open (this takes a few seconds). Tap the green plus to import the configuration.

proxpn-credentialsEnter your username and password, move the ‘Save’ slider (if you don’t want to re-enter your password each time), and tap the slider under ‘Disconnected’.

proxpn-connectedYour traffic is now protected by a VPN. OpenVPN says ‘Connected’ and ‘VPN’ appears in the status bar next to the network signal strength. Tap the slider under ‘Connected’ to disconnect.

proxpn-ipYou can verify that your traffic is being sent through the VPN by opening your browser (Safari, Chrome, etc.) and going to www.whatismyip.com before and after connection to the VPN. whatismyip.com will report a different physical location and internet service provider (ISP).

Advanced Setup

Get started by going to proXPN and create your account. If you decide to pay for a account, I recommend using offercode SN20 which supports the Security Now! podcast and gives you 20% off.

On your iPhone, install the OpenVPN Connect app.

Download the Windows Installer or Mac Installer (the downloads start automatically when going to these pages). Install the proXPN desktop client. If you don’t wan to install the desktop client, I’ve heard it’s possible to extract the necessary config file from the source here; however, I haven’t tried this.

With the desktop clients, the config files can be found at:

  • (Windows) C:\Program Files (x86)\proXPN\config\
    • ProXPN.ovpn
    • ssl\ca.crt
    • ssl\client.crt
    • ssl\client.key
  • (MacOS after running proXPN) ~/Library/Application Support/proXPN/Configurations/
    • proxpn.ovpn
    • ssl/ca.crt
    • ssl/client.crt
    • ssl/client.key
  • (MacOS ‘Show Package Contents’) [proXPN Location]/proXPN.app/Contents/Resources/
    • proxpn.ovpn
    • ca.crt
    • client.crt
    • client.key

Open all of the config files in a text editor (I like Notepad++ for Windows and TextWrangerl for MacOS).

In the proxpn.ovpn file, make the following additions:

  • Add a line with remote ios-d2.proxpn.com 443. If you want to follow convention, add this after the prot tcp line.
  • Delete or comment out the ca ssl/ca.crt, cert ssl/client.crt, key ssl/client.key.
  • At the end of the file add:
  • At the end of the file add:
    [ENTIRE CONTENTS OF client.crt]
  • At the end of the file add:
    [ENTIRE CONTENTS OF client.key]

Load the proxpn.ovpn file on your iOS device and open it in the OpenVPN Connect app. You can load the file through iTunes and sending it directly to the app or transfer it using another means (e.g. email, DropBox). Open the OpenVPN Connect app, tap the green plus to import the profile, enter your credentials, and tap the slider below ‘Disconnect’. Your VPN is now configured and active.

Free SSL on Dreamhost

Dreamhost supports SNI to enable SSH/TLS on their shared hosting offerings. While I wanted to enable SSL/TLS on my site, I thought I would have to buy a certificate from one of the major Root Certificate Authorities. I was happily surprised when I found StartSSL.com which offers free SSL Certificates. StartSSL.com is a trusted root CA on MacOS, Windows, and Mozilla; so compatibility is not a major concern. StartSSL.com is located in Israel, so I feel more comfortable with this free offering than say a Russian company.

Generating a CSR

The first step is to generate a Certificate Signing Request (CSR). You need a computer with OpenSSL to follow these steps. All files below should be located in the same folder and all commands should be run from within this folder.

  1. DigiCert has a very nice CSR Creation Tool. Fill in the required fields, click ‘Generate’, and copy the generated command. StartSSL only supports RSA keys.
  2. (optional) Gather additional entropy.
    1. Go to a number of entropy providing sites or password generating sites. Copy the output into text files in the folder you will be generating your CSR in. The exact format of the text isn’t important, as OpenSSL will just add the data to the entropy pool. For the examples later, I’ll assume you’ve named your file(s) entropy1.txt, entropy2.txt, etc./li>
    2. Some sites to gather entropy from are:
    3. Add -rand entropy1.txt:entropy2.txt:entropy3.txt to the command from Step 1.
  3. (optional) Use a stronger hash algorithm
    1. If you’re using RSA add -sha256 to the command from Step 1. You can use -sha512; however, sha512 is not commonly used with certificates and might not be supported by all servers and clients. sha256 might not be supported by older clients. Currently OpenSSL only supports SHA-1 with DSA and ECDSA certificates.
  4. Run the command from Step 1 with any optional adjustments, for example:
    • openssl req -new -newkey rsa:2048 -nodes -out www_tidgubi_com.csr -keyout www_tidgubi_com.key -sha256 -rand entropy1.txt:entropy2.txt -subj "/C=US/ST=California/L=San Luis Obispo/O=Kenji Yoshino/CN=www.tidgubi.com"
  5. The .key and .csr files will be used later.

Get your CSR Signed

Begin by registering with StartSSL.com. Make sure you do this from a private computer, because StartSSL.com will generate an identification certificate and install it in your browser. This certificate will be used to identify you on subsequent visits to StartSSL.com.

  1. Click ‘Validations Wizard’
  2. Select ‘Domain Name Validation’
  3. Enter your domain without any prefixes (e.g. www)
  4. You will need to specify an email address associated with your domain to verify domain ownership. Another verification code will be sent to this email address.
  5. Enter the verification code in StartSSL.
  6. Click ‘Certificates Wizard’
  7. Select ‘Web Server SSL/TLS Certificate’
  8. Skip having StartSSL generate a CSR for you.
  9. Copy and paste the entire CSR including the “—–BEGIN CERTIFICATE REQUEST—–” and “—–END CERTIFICATE REQUEST—–“
  10. Select your domain and click ‘Next’
  11. Add the “www” subdomain (Startssl requires you to add one) and click ‘Continue’
  12. Copy the entire certificate text including the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“. Save the text to a .crt file.
  13. Download the intermediate CA file and optionally the root CA file.
  14. If you downloaded the root CA, combine the two files by running cat sub.class1.server.ca.pem ca.pem > chain.pem. The root CA provides browsers with the full certificate chain. Most browsers do not need the root CA to be included to trust the intermediate CA, so it is up to you if you want to include the root CA.

Configure SSL on Dreamhost

  1. Login ot your panel at panel.dreamhost.com
  2. Click ‘Manage Domains’
  3. Click ‘Add’ or ‘Certificates’ in the Secure Hosting column. If adding, leave unique IP as none and click ‘Add Now’, and then ‘Edit’.
  4. Select ‘Manual Configuration’
    • Delete or replace the CSR text (it is just informational)
    • Copy the text from your certificate including “—–BEGIN CERTIFICATE REQUEST—–” and “—–END CERTIFICATE REQUEST—–“
    • Copy our your private key including “—–BEGIN RSA PRIVATE KEY—–” and “—–END RSA PRIVATE KEY—–“
    • Copy the certificate chain, either the intermediate CA certificate or the intermediate and root CA certificate concatenated together.
    • Click ‘Save Changes Now!’
  5. It too about 4 minutes for changes on tidgubi.com to take effect.

Now your Dreamhost site allows SSL. Dreamhost only uses the TLS_RSA_WITH_RC4_128_SHA cipher suite with TLSv1.0 or SSLv3.0, so while it doesn’t provide great security, it’s better than nothing. I’m now tunneling my administrative traffic through TLS and SSH. From Securing Administration of Shared Hosting, I just changed 80:www.tidgubi.com:80 to 443:www.tidgubi.com:443 to specify the HTTPS port (443) instead of the standard HTTP port (80).