TunnelBear Befriends Penguins  with Limited Linux Support

TunnelBear Befriends Penguins with Limited Linux Support

We’ve done it! Our bears have finally been trained to think of penguins as friends, instead of breakfast. And so, we’re excited to announce that you can now connect to TunnelBear on Linux! We currently have apps for Windows, OSX, iOS and Android. While we aren’t quite ready to build a full application for Linux, we are now offering settings and instructions for manual configuration of a connection to the TunnelBear network (for Giant and Grizzly TunnelBears).

We’ve successfully tested these settings on new installs of Mint and Ubuntu in the office. We want to send a big thank you to the TunnelBear Science Division Volunteers (our Beta group) who helped test these settings on half a dozen other Linux distributions.

Unlike the more common TunnelBear experience “some assembly is required”. Following the steps below should get you tunneling, but you will probably need to use some Linux-style ingenuity to get things working with your particular setup. As such, the Linux instructions and settings are not currently supported by the TunnelBear support team. Although we certainly welcome feedback on how we can improve the instructions.

With all those disclaimers out of the way, here’s how to get a TunnelBear setup on your Linux rig:

  1. Download the OVPN Zip from here: Download (Last updated: 11/24/15)
  2. Unzip the folder to your machine. Do not delete this file after setup, you’ll need to keep it.
  3. Open the synaptic package manager
  4. Search for OpenVPN, install OpenVPN and the plugins:
    • network-manager-openvpn
    • network-manager-openvpn-gnome
    • or use this command line: sudo apt-get install network-manager-openvpn-gnome
  5. Open network settings
  6. Click the plus button to add a new connection
  7. Select VPN as the interface, click “Create”
  8. Select “Import a saved VPN configuration” from the drop-down menu
  9. Find the unzipped folder
  10. Click the .OVPN file for the country you’d like to connect to
  11. Fill out your username and password
  12. All the other fields should be automatically configured
  13. Click save
  14. Select the VPN server you’d like to connect to from the Network settings list
  15. Toggle the switch to “On”
  16. A lock will now appear over the network plug and you should be able to browse to your desired country.
  17. Manually set your DNS servers

The only known issue we saw during testing was with older versions of network manager that had trouble configuring the necessary DNS settings. Once the Bears upgraded to the latest version of their distribution, everything started working fine.

Summary:

  • • TunnelBear for Linux can be setup using the steps above
  • • Linux tunneling is only available for paid Giant or Grizzly accounts
  • • Our ability to troubleshoot problems across every Linux distribution is limited
  • • We’ll only be supporting OpenVPN, we’re not looking at other protocols
  • • TunnelBear for Linux requires OpenVPN v2.3.0+

Update for any Bears experiencing issues with NetworkManager:

We have identified an issue affecting our Linux configuration and NetworkManager. The bug is outlined here: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1211110.

NetworkManager is not picking up the DNS configuration that we are pushing from our VPN servers in order to deal with a DNS leak attack. When establishing the VPN connection from command line directly, there is no issue as DNS is configured outside of NetworkManager and via resolvconf (which edits the master DNS config file /etc/resolv.conf). Some default configurations of NetworkManager run their own DNS daemon (dnsmasq) for DNS caching. Unfortunately, when NetworkManager tries to apply the DNS configuration that we push down from the server, dnsmasq receives and does not apply this configuration globally.

A workaround is offered in the link above that has been tested successfully on Ubuntu 14.04 and 15.04. The fix involves disabling the caching DNS server from being used by NetworkManager by commenting out the dns= directive in /etc/NetworkManager/NetworkManager.conf.