Friday, 27 November 2015

How to set up Cloak VPN on your Asus RT or DD-WRT router using OpenVPN

Hey all!
I was quite surprised today at how little information there is out there on how to configure Cloak on non-apple devices, so I thought I'd do a little write-up to save everyone the hour or two it took me to gather all this information myself. For me, the reason I need Cloak on my router is so that I can watch American Netflix on my Chromecast (and future Apple TV hehe).

Cloak is a great VPN service that's geared towards Apple products, but its official support is limited to ONLY iOS and OSX devices, with no indication of future support of other systems (so if you want a VPN android or windows support have a look at services like ExpressVPN). on the OSX client it uses an OpenVPN profile with the following configuration (don't worry if this makes no sense):

/Applications/Cloak.app/Contents/MacOS/openvpn --client --daemon cloak --writepid /var/run/cloak-openvpn.pid --log-append /var/log/cloak.log --dev tun --lport 0 --comp-lzo --ca /.../cloakca --remote-cert-tls server --ifconfig-noexec --route-noexec --server-poll-timeout 10 --auth-user-pass --auth-nocache --auth-retry interact --management /.../cloakmgt.unix --management-client --management-query-passwords --up-delay --up-restart --plugin /Applications/Cloak.app/Contents/MacOS/cloakvpn.so --script-security 0 --verb 2 --setenv cloak_logging_uid UID --setenv cloak_plugin_server /.../cloak.pluginserver --remote ENDPOINT_1 443 tcp --remote ENDPOINT_1 443 udp --remote ENDPOINT_2 443 tcp --remote ENDPOINT_2 443 udp --remote ENDPOINT_3 443 tcp --remote ENDPOINT_3 443 udp --remote openvpn.getcloakvpn.com 443 tcp --remote openvpn.getcloakvpn.com 443 udp
And after some googling i found a gist written by davepeck (one of the guys from Cloak) that specified an OpenVPN config file for using with cloak here Awesome! But it didn't work for me :(

Nov 27 10:28:09 rc_service: waitting "start_vpnclient1" via udhcpc ...
Nov 27 10:28:10 openvpn[726]: Options error: You must define CA file (--ca) or CA path (--capath)
Nov 27 10:28:10 openvpn[726]: Use --help for more information.
So I did some playing around with the config file and eventually I got one working for me, here is where to download it  (I uncommented one line)

So here are the full instructions:

Get your router:

This is my Asus RT-AC67U. It's a fast, powerful router with a great UI (and I got it for free from work!)


Update your router firmware

Add a new VPN Client Profile
Upload the OpenVPN configuration settings provided in my gist here
Tick Import the CA file or edit the .ovpn file manually." and copy the CA from the file (including the start and finish lines) into the CA field

Click OK and Activate the VPN profile.

If everything went well, you should be exiting out of the closest exit node (in my case, Melbourne)

Now, here's where things get hacky...

Update the openVPN server in the config

If you want to exit through another country, you have to activate cloak on another device, and then resolve the domain openvpn.getcloakvpn.com to get the ip address of the exit node then replace the instances of openvpn.getcloakvpn.com with that IP. Yes, this seems like a pretty silly hack but it totally worked for me! I can't guarantee the stability of this but it's lasted me a few hours.


Now I have a portal to california, I'm free to browse the internet anonymously and American Netflix on my Chromecast!




No comments:

Post a Comment