OpenVPN mode is not working, says "certificate has expired"
Unfortunately that's correct. The CA certificate used to satisfy OpenVPN's requirement for verifiable TLS certificates has expired on May 28, 2013. We have build new certificates and installed them on the servers. Unfortunately this means that you need to use new certificates on the client side as well, and this means that you need to use a YF client version of 20130528-02 or above, older versions will not do anymore. Please update your client installation.
N.b. these certificates are not used to provide encryption or authentication. The OpenVPN session runs through the already protected tunnel.
I am receiving lots of emails from email@example.com, stop this!
You are receiving these emails because you have asked for them. It's what happens if you click on "watch conference" in one of our forums. To get rid of these emails, just visit the respective forum while logged in to the web page and click on "stop watching conference". This will delete your subscription to the forum. You need to do that for each forum you have subscribed to.
OpenVPN error: "All TAP-Win32 adapters on this system are currently in use."
This means that the OpenVPN process could not acquire a TAP interface (a virtual network interface) on your PC because all such interfaces are currently being used. In most cases there will only be one such interface (created during the installation of OpenVPN), so the message is equivalent to "another OpenVPN process is running". Open the task manager and find the "openvpn.exe" process (click "show all users' processes" if necessary), then terminate it.
If that doesn't fix the problem, check out the "Utilities" directory of OpenVPN (Windows start menu). Remove all TAPs, then create one (or some).
Generally, CGI connection mode is the slowest of all possible connection modes. This is due to the way it works, it needs to accumulate data before it sends it off to the other side. But you can adjust a few knobs and try to make it faster.
You need to locate the ".ems.cfg" config file first. Have a look at the user guide if you need help with this step. This file can be edited with any text editor, for example Notepad. Ensure the YF client is NOT running when you edit the file or your changes may be lost. It is difficult to break this file so don't hesitate to try...
There are four values that control the timing of CGI connections and you can change everyone of them, but I would not recommend changing any other timing but "cgi_uplink_maxdelay". Here are the parameters with their default values and their meaning:
cgi_uplink_maxdelay. Defaults to 500 milliseconds. The YF client will accumulate data for at most this time until it initiates a new uplink connection no matter how much data has been accumulated. You might want to set this to a lower value, maybe 200 milliseconds.
cgi_uplink_urgentdelay. Defaults to 20 milliseconds. The YF client will use this value instead of the previous value when it has frames to deliver that are considered urgent, for example acknowledgements.
cgi_uplink_threshold. Defaults to 3. If this many frames (YF data units) are to be delivered, a new uplink connection will be made right away. Setting this to 1 will effectively disable data accumulation and make your connection much more responsive, but it will also create much more overhead. If you don't care about how many connections are made and how much overhead it generates, set this to 1 and don't worry about the rest.
cgi_uplink_mindelay. Defaults to 1 millisecond. This is the minimum amount of time between two uplink connections. You should not set it to 0 and most people should not have to increase it, but if your network connection drops connection attempts that appear in bursts, try setting it to a higher value!
All these values normally do not appear in the config file and are not configurable through the front end. Just add lines to the file (it does not matter where) that contain the name of the value, a space, and the numeric value to which you would like to set it (no unit).
Optimum performance is probably achieved by setting cgi_uplink_threshold to 1 and cgi_uplink_mindelay to maybe 20. Try it, you can't break anything, if it doesn't work just remove the lines again.
First of all, if you see the message in this form then you are using a very much outdated version of our software. You should update your installation.
The message means that for some reasons the client installation (not you, not the user account, not the client version) is on our blacklist and cannot be used with our service anymore. The reason is that either one of the administrators or an automated system has seen unacceptable activity from a specific client installation (i.e. a specific PC) and wants to make sure that simply registering a new user account won't get the culprit access again. You should be able to judge for yourself if the person in question is you or not. The most popular reasons for getting on our blacklist are: sending SPAM, making fraudulent payments on our web site or on others, and committing all kinds of vandalism. It's not difficult to tell whether we actually meant you (your particular user account) or not: if we did, your account will be disabled and you won't be able to log in anymore, i.e. you never see this message. :-)
In most cases, our servers are able to identify each client installation uniquely (they only use this ability for the blacklist, nothing else). But unfortunately some installations cannot be told apart when they connect with older YF client versions. This is the case for practically all YF client versions before 20090826-01, especially for those released between March and April 2009.
So the simple and most effective solution is: remove your outdated YF client installation and install the most current version. We cannot solve the problem for you, you need to solve it yourself.
First of all it means that you client installation is outdated, because otherwise you should see a human readable message instead and wouldn't ask this question in the first place, so please update your client installation.
Second, it means that you have exceeded the usage time limits of the FreeFreedom account. This account type is limited in usage time. Please note that multiple accounts used by the same person count as one -- the servers notice this.
There are two ways you can solve this. Either wait until both limits are no longer exceeded (we recalculate these values only twice a day if the limits have been exceeded, but every few minutes if not -- for technical reasons), or consider buying a BasicFreedom package or using BasicFreedom vouchers. Each time you buy a package or send a voucher all recorded usage time for this account gets deleted. If you need a working Your Freedom account to access our web page, use username "unregistered" and password "unregistered"; it only provides access to our web page and only through the web proxy feature.
Please understand that while we certainly want to maintain a free service for everyone we've got bills to pay -- servers cost money and employees want a paycheck every month. No-one gets filthy rich with Your Freedom.
What does "Authentication not valid for your country of residence" mean?
It means that your account does not have permission to use the YF server (or service) from the country you are accessing it from. At the time of writing, there are two reasons why you would see this message:
You are a Sesawe user (see www.sesawe.net) and you are using the Sesawe version of the YF client from a country other than the ones on the list of supported countries for this client version.
You are a FreeFreedom user from Nigeria. Some of our servers do no longer permit this account type to connect from Nigeria. This is a defensive measure -- FreeFreedom accounts from Nigeria are responsible for over 95% of all SPAM sent through YF despite all our protective measures against it, and this is getting us into trouble with our providers. Say thank-you to your fellow citizens. Please use another YF server, and please do NOT send us email about it.
There's no way we can keep website admins from deciding which connection they will accept and which not. There are companies like Maxmind offering lists of "high-risk" IP addresses for fraud protection, and naturally a service like ours will end up on it. They've got a point too... we've got a good deal of work because of fraud committed through our systems, not to talk of all the SPAM. The very very sorry fact is that 95% of it all comes from only one country. :-(
In short, we're not telling anyone that the request is coming from a proxy service like ours. But it's really not that difficult to figure it out. And there's nothing we can do about it other than setting up the occational new server -- your best bet is to try the servers added last.
I cannot run YF on the Mac, it says "unsupported class version"
The YF client only runs with Java 6, not Java 5. Leopard does not ship with Java 6 but you can get it from http://developer.apple.com/java/download/ (download "Java for Mac OS X 10.5 Update (whatever)"). Once you've installed it, Java 5 is still activated by default. The installer we provide should be able to automatically ensure the right
version is taken; if that doesn't work try to change the default: Open Finder, go to Applications, Utilities, Java, run "Java Preferences". Move "Java SE 6" to the top for applications. This should solve this problem.
Protocol restrictions on some servers (BLOCKED PROTOCOL messages)
Unfortunately, some of you use a perfectly legal technology to do perfectly illegal things. We appreciate that this may be the main reason why you are using a service like Your Freedom in the first place (even though we don't permit it), but it is still causing trouble in some places, namely the US, where the service providers are under a lot of pressure to combat copyright infringements. Stupidly this is not technically possible (and not a technical problem in the first place!), but their standard way of ensuring conformity with legal requirements is to shut down routing to IP addresses that have been reportedly used to register content of interest with tracker servers that infringes on other people's rights, and this is part of their general business terms.
In essence, this means that we are facing two options: not have any servers at all in the US, or ensure that there is no easily detectable illegal activity through them (just for clearness: our Acceptable Use Policy makes it perfectly clear that we do not tolerate violation of other people's rights, but we are not the police and not responsible for uncovering such cases). For the benefit of those of you who need topologically close servers for applications like gaming, we have decided to restrict the servers in question (ems01, ems13, ems16, and on special user request ems08) -- P2P applications will no longer work with them. On some other servers we have blocked access to torrent trackers (please use DHT or other tracker-less technology with them).
We appreciate that there are many legal uses for P2P technology (for example, many online games use this technology to distribute updates) but there is no automated way of telling the difference.
We are currently working on a mechanism that ensures that automatic server selection does not shift you from a server of one group to a server of another; in the meantime, to avoid problems arising from being pushed off to a server that you cannot use for your application, please select a suitable server manually (via the Wizard -- select high preference for P2P enabled servers first) and disable automatic server selection.
Why do I get 512k instead of 4M? I'm an Enhanced Freedom user
Your bandwidth is capped at 512 kBytes/sec then, not 512 kbit/sec. 512 kBytes/sec is the same as 4 Mbit/sec. The display unit is configurable, just click on "Configure", choose the "Settings" tab and set the unit to "kbit/s", then restart the YF client, and the display should be as expected.
Older client versions did not clearly indicate the unit, that's where the confusion comes from. It's not your fault. :-)
Well, what does it sound like? :-) Your YF client installation is too old and you should upgrade to a current version, please see our download section. (In fact it's so old it cannot even display the text properly.) Once you've upgraded your YF client installation the message should go away -- if it doesn't you've tried to upgrade one of the installer types with the other. Best thing is you uninstall the YF client first, then install the new version. Your configuration is not lost if you choose to keep your settings (small installer version).
You are probably using the small installer version of a client version 20080820-01 or newer on a system without Java 6 installed. This can't work. Ensure that Java 6 is installed on your system (click Start, Settings, Software). Java 6 is available from Sun's download page: http://java.sun.com/javase/downloads/index.jsp
Alternatively, uninstall YF and install the full installer version.
Vista is just trying to be clever and protecting you from all the evil in the world (you can't really blame Microsoft that they finally try). The OpenVPN software needs admin privileges to install the necessary routes in your system's routing table, and the only way it can get these privileges is to inherit them from the Your Freedom client. This means that the Your Freedom client needs to have these privileges as well, and there are two ways how you can grant them to it.
The first is to always run the Your Freedom client through right-click, then choosing "run as administrator".
The second and once-and-for-all method is to right-click on the link in the start menu or on the desktop (choose the one you use, or do both), choose "Properties", then click on the "Compatibility" tab and tick the "run as administrator" check-box. This will make the YF client run as admin as long as you always run it through this link.
Some of our providers either do not allow their customers to access IRC servers or block access to port 6667/tcp. We cannot maintain a list here -- just try the servers. Oh, and please, PLEASE, avoid everything that could lead to DDoS attacks against our servers. The servers don't really care but the providers do, and it's a pain in the backside to get them unblocked again. We don't want to disallow IRC entirely, please help us.
I'm having high latency in a game I'm playing, what can I do?
Enable round trip time measurements by configuring periodic measurements every 2000 milliseconds. Start the connection and play your game. If you encounter latency problems, check out the message log -- are the round trip times going up in spikes? If yes, fire up the task manager, locate the java/javaw/freedom process (the name depends on how you started it), then right-click on it and change the priority to "higher than normal" or "high".
If you don't know how to increase the priority, here's how. Fire up the task manager (Ctrl-Alt-Del). Click on the "Processes" tab. Click on "Name" to sort by name. Locate the process (it's called "freedom.exe" if you are using the big installer version, otherwise it's called "javaw.exe" or "java.exe"), right-click on it and choose "Set priority". Select "higher than normal" or "high". A window will pop up, asking you whether you are sure. Say "yes". Unfortunately you'll have to do this everytime you run Your Freedom.
If that doesn't help, try another server. Try a different connection mode as well.
Btw. buying a package will not automatically improve latency. It is true that we prioritize sessions of paying customers but this only has a significant effect on busy servers. Also, more bandwidth will only yield less latency if the root cause of the latency is the lack of bandwidth, and the bottleneck is our shaping. If you consider to give it a try, please use our "Try Before You Buy" offer to ensure that you benefit from a package before you buy one.
I'm getting lots of messages about clock skew, what's wrong?
Likely your system is very busy. It happens a lot with CPU greedy games. Try to increase the priority of the java/javaw/freedom process in task manager to "higher than normal", this should fix it.
You really want to fix it because if clock skew is detected when there isn't any, it means that your connection will be hanging sporadically as well, resulting in latency and hangs in the game.
My application refuses to use 127.0.0.1 or localhost as a proxy, what can I do?
We know that some apps just don't like 127.0.0.1 as web or SOCKS proxy. Sometimes they refuse it, sometimes it just doesn't work. An example is Yahoo messenger.
But there are ways around it. Most apps can be fooled by other representations of the same IP address, like one of the following:
Don't be amazed -- these all represent 127.0.0.1 and the system libraries will happily accept them.
Yes, it does. But that's only the short answer. The long answer is that you need to be aware of a few things and take appropriate measures.
Don't use the full installer version (that's the 28 meg one). The full installer version comes bundled with a version of Java that is not running very well under Vista, if at all. Install a current Java Runtime Environment (we recommend Sun's JDK6 available from Sun's Java page and use the installer version or the ZIP version of Your Freedom.
When using the installer version and you would like to run YF in dump mode, or if you are using OpenVPN mode, don't simply click on the start menu item to run it but right-click and choose "Run as administrator". If you don't YF won't be able to write the dump file in the install directory and it won't be able to install routes into the tunnel in the routing table.
If you are running a 64 bit version of Vista, you need to add a command line option. Edit the links in the start menu and on the desktop by right-clicking on them, then choose Properties. In there select the link tab and locate the "target". Edit the value and append (after the double quotes and with a leading space) "--noappwizard".
We will rectify these issues in the future so that Your Freedom will run on Vista without any corrective measures.
Well, who doesn't? :-)
Vista has broken many things for Java. The latest Java releases work around these problems but earlier versions, such as the one bundled with the full installer version, don't. This means that you should not use the full installer version with Vista.
Use the smaller installer version or the ZIP file version instead. It relies on the currently installed Java runtime engine of your system instead of bringing its own. Make sure your version of Java is supporting Vista (and don't let yourself be confused by Microsoft's smoke grenades -- they were never supporting Java and never will, so this isn't actually news).
We won't start shipping full installers that support Vista; instead, we will more likely cease to ship them at all.
More precisely, a little bit of the YF client does not work, because it relies on an external DLL that has been compiled for IA32 systems. We should have never started using native code, but it's just not possible to support Windows properly without. Blame the guys in Redmond.
The part that does not work is the "Applications" wizard, something you probably don't need anyway. Starting from version 20070227-01 you can turn it off using the command line option "--noappwizard". This should fix your problem and make YF work.
In the smaller of the two installer versions (the "full installer" version probably doesn't work at all) you can add this option to the link that you use to start YF. Find the Your Freedom link on your desktop, right-click on it and choose Properties. Locate the "target" field and add to the end of it (using a space in-between) the option --nowizard
You can, just not on all servers. Many online games, including World of Warcraft and Lineage 2 use Peer To Peer (P2P) technologies, BitTorrent in most cases, to distribute updates. These protocols are not permitted on some of our servers. Note that because these servers may not be used for bandwidth-intensive P2P applications they are good choices for online gaming -- just not for updating the game.
For every YF account only one simultaneous login is allowed, meaning that you can only use your account on one PC at a time. When you try to log in a second time while your other connection is still connected, the earlier connection will be terminated and the client will show a "Duplicate Login" error message.
This message can also occur in rare cases where the YF client is having trouble shutting down a previous session on the server. Exiting the YF client and restarting it will solve the issue.