This guide details a minimal configuration for establishing a Hide.me VPN connection using the OpenVPN protocol over TCP, employing ChaCha20 encryption. This setup prioritizes a balance of security and performance. We assume you have the openvpn client installed. This configuration provides a more secure and potentially more reliable connection than UDP, especially in restrictive network environments.
The following configuration blocks should be placed in a .ovpn file (e.g., hide-me-tcp-chacha20.ovpn). Replace YOUR_USERNAME and YOUR_PASSWORD with your Hide.me credentials. Choose a Hide.me server address from their server list.
client
dev tun
proto tcp
remote <Hide.me Server Address> 443
auth-user-pass
nobind
persist-key
persist-tun
remote-cert-tls server
cipher chacha20-poly1305
auth SHA512
verb 3
This config uses:
client: Specifies that this is an OpenVPN client configuration.
dev tun: Uses a TUN (tunnel) device.
proto tcp: Specifies the TCP protocol.
remote: The Hide.me server and port.
auth-user-pass: Enables username/password authentication.
cipher chacha20-poly1305: Sets the encryption cipher to ChaCha20.
auth SHA512: Sets the HMAC authentication algorithm.
verb 3: Sets the verbosity level for logging.
Create a auth.txt file containing your Hide.me username and password, each on a separate line:
YOUR_USERNAME
YOUR_PASSWORD
To ensure all traffic is routed through the Hide.me VPN and to prevent DNS leaks, add the following lines to your .ovpn configuration file:
redirect-gateway def1
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
These options:
redirect-gateway def1: Redirects all traffic through the VPN.
script-security 2: Allows execution of external scripts.
up/down: Updates DNS settings when the VPN connects/disconnects.
You may need to install openvpn-update-resolv-conf (or equivalent) depending on your system.
After connecting, verify the following:
Your IP address has changed to the Hide.me server's IP. Use a website like ipinfo.io.
Your DNS server is provided by Hide.me. Use a DNS leak test website.
You can access websites and services normally.
To connect, use the command: sudo openvpn --config hide-me-tcp-chacha20.ovpn --auth-user-pass auth.txt
ChaCha20 is a modern cipher known for its speed and security, especially on devices without AES hardware acceleration.
Using TCP can provide more reliable connections in some network environments, but may be slightly slower than UDP.
Adjust the verb level for more or less detailed logging.
This is a minimal configuration; additional options may be added for enhanced security or performance.
Always obtain server addresses and updated configuration information directly from Hide.me.