Viscosity

A guide to setting up Viscosity for Cryptocloud

Viscosity guide for Mac OS X

This guide is courtesy of Breche from the cultureghost.org forums.

You will need

  • Latest version of Viscosity that costs 9$ if you wish to use it past the 30 days trial

  • A Cryptocloud account

Basic steps

  1. Install Viscosity and launch it. If you previously had Tunnelblick installed, Viscosity will ask you if you wish to import your connections from Tunnelblick. Say yes and skip to 11. if you wish to get rid of OpenDNS, otherwise you're done.

  2. Go to the members area and choose the country you wish to connect to. Then go back to member area and chose Download Config files. Once there, download and save every file you see there to the same folder (there are four files that you need).

  3. Back to Viscosity, choose preferences and + to add a new connection.
    Here you have two choices. If you put Import connection and point Viscosity to your client.conf file, it will setup one connection for every server in the config file. You'd be done but the names aren't very explicit so I'd rather suggest you chose New connection instead of Import connection. But hey whatever floats your boat, really.

  4. Name your connection, ex Cryptocloud_AMS01, since we are going to do one connection per country per server. In your client.conf you will have a section at the top with one or more lines that read something like: remote 111.222.333.444 1194 UDP or remote 111.222.333.444 443 TCP. Each of these lines describe a Cryptocloud server, like this: the remote is just a keyword to OpenVPN, 111.222.333.444 is the IP address of the server, this is what you should put in the Remote server address field, 1194 or 443 is the port to use for the connection, 1194 for UDP servers and 443 for TCP. Protocol should match this, UDP for UDP servers and TCP for TCP servers.

  5. Go to certificates, where it says CA, Cert, Key and browse for ca.crt, client.crt and client.key respectively.

  6. In Options you can set custom timeouts, put 5 and 20 (seconds) for now. Make sure everything except Persist Local IP and Persist Remote IP are checked.

  7. If you use a proxy, set it up there (not needed for most users).

  8. Go to Advanced. In the text field put this:
    pull
    tls-client
    ns-cert-type server
    ping-timer-rem
    reneg-sec 72000
    topology subnet
    These are extra options to OpenVPN reflected from the configuration file you downloaded earlier that are not available as options in Viscosity.

  9. Check Connect when Viscosity opens if you wish to connect automatically on launch.

  10. Press Save. Go to General in the main preferences, check Start viscosity at login if you which Viscosity to start automatically. Reconnect active connections on wake to reinitiate tunnels after the computer has been sleeping. Automatically check for update if you want Viscosity to keep track of new versions for you.
    Note that Viscosity will automatically relaunch itself when you restart if it was open when you shut down.

    Restart from 3. if you wish to add other countries/servers using a different IP from the list in 4.

  11. If you wish to use other DNS servers than the default OpenDNS servers, there is a discussion about this here stating pros and cons of OpenDNS in the forums, go to dnsserverlist.org and choose as many as you want from there. It is wise to choose the top ones on the list as they are the fastest.
    Always double check ping times from your computer, see the note in 14 about this.

    Note that for security and privacy's sake, it is not very wise to use your organization, university, workplace or ISP's DNS because even though they cannot see your traffic, they can see which addresses you resolve, knowing what websites you are visiting. This can compromise you especially in countries where whole websites are censored altogether.

    You can also use our DNS to avoid having your lookups logged. The IP for it is: 208.67.222.222

  12. Go back to preferences for your connection and choose the tab General. Check Enable DNS support

  13. Go to Advanced and add the following in the text field for each DNS you would like to use:
    dhcp-option DNS 111.222.333.444
    Replace 111.222.333.444 with the IP address of the DNS server. You can add as many of these as you like but only the top one will be used if it is online. If the first server fails OpenVPN will move on the the next one in the list until it gets a reply.
    Press save and repeat for each of your connections.

  14. Be aware that a fast DNS server from London can be much slower if you connect via Chicago because of potentially busier transatlantic links and longer routes. To test how fast a perticular DNS server is you can ping it. Make sure you ping the specific DNS servers AFTER connecting through different Cryptocloud servers so you can see if pinging times are acceptable. The higher the ping, the longer it will take to load websites regardless of your connection speed. For instance it might be wise to use specific DNS servers when connected to the Netherlands and completely different ones when connecting to a US server. Your mileage may vary.

We hope this helps, if it is confusing or unclear let us know where and we will try to reformulate for clarity. Enjoy privacy on your Mac!