Real Traffic Spawn Install Kodi
Jun 10, 2017. I'd like to introduce you to an all new add-on to the community from a well known member of the community, Kodi-Mad-Man. Well known for all of his fantastic install blogs. Now it's time for me to make an install blog for his addon, Real-Movies. Make sure to follow him on Twitter @kodi_mad. Real-Movies is. Kilauea; Mount Etna; Mount Yasur; Mount Nyiragongo and Nyamuragira; Piton de la Fournaise; Erta Ale.
The Netgear NeoTV 300 Negear’s NeoTV set top boxes are designed to compete with the popular Roku, and can stream video from all the usual sources (Netflix, HuluPlus, Youtube, etc). The NTV300 is one of the least expensive NeoTV models, and while a GPL release is, it contains only copies of the various standard open source utilities used by the NTV300. All the interesting bits – such as Netflix streaming, or the ability to build a custom firmware image – are not included.
Inside the NTV300 we find a Mediatek ARM SoC, a 128MB NAND flash chip and 256MB of RAM. Inside the NTV300 The four pin header in the top right corner of the PCB is a serial port (115200 baud 8N1), and while it provides access to the U-Boot boot loader, it does not provide a root shell. After the system boots, it displays copious debug messages and allows for rudimentary control over the NTV300’s user interface (i.e., pressing the right arrow key on the keyboard while in the serial terminal is the same as pressing the right arrow key on the remote control). Various attempts to send BREAK and SIGINT signals have no affect; we’ll have to dig a little deeper into this one.
Luckily, the firmware updates for the NTV300 aren’t encrypted. Shell successfully spawned on the serial terminal While this provides us with a minimalist shell, it is not very user friendly. There is no command echoing, and a ton of debug output is intermixed with the command output. Let’s see if we can find an easier way to get a shell – preferably one that doesn’t involve taking the device apart. Examining the file system on the live device, there are plenty of files and directories that were not included in the firmware update file. Checking out some of the start up scripts, we find this juicy piece of code in /root/rc.user: if [ -f /mnt/ubi_boot/mfg_test/enable ]; then echo '[WNC RD] Maufacturing Mode' #chmod +x /mnt/ubi_boot/mfg_test/*.sh #if [!
I have no idea if this affects other NeoTV models. It wouldn’t surprise me if it did (vendors tend to re-use code a lot), but the ntv300ui binary seemed specific to the NTV300 so maybe not. The above jailbreak is permanent for the NTV300. The created file persists across reboots and ensures that the telnet server is started on every boot. You could add your own files/binaries to the system and they should remain across a reboot as well. Note that file system modifications do appear to be removed when you reset the device though.
Well, a two reasons. First, I tried that. П™‚ Although inetd would run, for whatever reason, even with the ampersand inetd never returned, so the NeoTV would think that it was permanently stuck trying to “connect” to the AP, and it wouldn’t let me connect to my actual AP in order to telnet in. If you look at the screenshot from when I started the shell on the serial terminal, it prints out a message saying that the shell has no job control, so that might be the culprit. I didn’t really look into it further.
You can probably get around this by plugging in a wired connection to the NeoTV’s ethernet jack. Second, creating the mfg_test/enable file ensures that the telnet server is started every time the devices boots up, so I don’t have to keep re-running inetd each time I reboot the system. Technically yes, but it was a very unfriendly shell. Random characters typed into the shell would get dropped (presumably because the ntv300ui application was also reading keystrokes from the serial port) and with no command echoing there was no way to know if that had happened until after you’d typed out your command and hit enter.
Also, I really wanted a way to do it without having to open the case and connect to the serial port since that would make it easier for others to duplicate if they desired. Plus I really liked the idea of being able to root the box using *only* the remote control.
П˜€ Ultimately, once you have command injection as root, what you do from there is just details and personal preference. Curl is already installed, so you could just as easily have curl download something from a Web server and execute that for example.
It depends on the filesystem(s) used by the embedded device. SquashFS and CramFS are read-only, so you can’t write data to them at all.
RamFS is obviously writable, but gets blown away on a reboot. Other file systems, like JFFS2, EXT2, and Minix, are full read/write file systems and retain data across a reboot. It is not uncommon for devices to use SquashFS/CramFS for the main system files, and have some other directories mounted as JFFS2 so that they can save configuration data there (DD-WRT has separate SquashFS/JFFS2 partitions for example). BTW, with the.58 firmware, I was able to extract the squashfs image by using dd if=NTV300B_V1.00.58NA.bin of=fred bs=1 iseek=4183248 unsquashfs fred It looks like there’s usr/etc/sdk_config.conf file there. If this is more than just a reference, it might be a good vector of attack since we should be able to replace the squashfs image with our own (assuming we can figure out any checksums on the entire.bin blob) and have an injection attack to get the box to update itself. SDK_CONFIG_FACTORY_TEST_MSG_ENABLE = 0 SDK_CONFIG_FACTORY_TEST_AUTO_DL_SCRIPT = 0 SDK_CONFIG_FACTORY_TEST_AUTO_DL_SERVER = SDK_CONFIG_FACTORY_TEST_SCRIPT_FILENAME = factory_test.sh. Craig: I apologize in advance for such an off topic question, but I’m getting nowhere on the Netgear forums and you obviously know your stuff.
I have the base model NTV300 and a recent firmware update added DLNA support which my box isn’t supposed to have. I think it was a mistake and now there is another firmware update pending that I haven’t run because I’m afraid it will “patch out” the new “My Media” channel which includes the DLNA sharing. It also includes the ability to browse USB, which my version doesn’t even have, another reason I think the feature was added in error. Any idea how I can find out if the firmware with DLNA support was indeed intended for my box? Sams Teach Yourself C In 21 Days here. Or to find out if the newest unapplied firmwmare update will wipe it out? Now that I have it I don’t want to lose it. It actually works great thanks.
One option is to get the latest firmware (a link to the latest firmware image can be found ), find and extract the SquashFS file system using binwalk/firmware-mod-kit, then look to see if there are any executables with the string ‘dlna’ in the name (I’m assuming the dlna binary will have the string ‘dlna’ in it). If so, then the new firmware probably has DLNA support (although it’s no guarantee). Since you sound happy with the firmware you have, another option is to trick the NeoTV into thinking that there is no new firmware upgrade.
The NeoTV’s check for firmware upgrades by requesting a URL from updates1.netgear.com. You could set up a fake DNS server on your network to black hole this domain name, or your router might support blocking web requests based on domain name or keywords. There is a more detailed write up on the firmware upgrade process on. Thanks for the idea ‘Craig’. I did one better. I setup a local web server and gave my router a static DNS mapping to point ‘updates1.netgear.com’ to to my web server.
My web server also has the same folder structure as netgear’s. I download an earlier version of the firmware. The lastone that had DLNA for me was 1.0.76NA.
I downloaded and modified ‘fileinfo.xml’. I changed the ‘date’ field in the XML file to one day higher than what was already there. Also, I only increased the DATE field in the XML file. I change the path to the target file to point to 1.076NA and change the “firmware version string to 1.0.77NA” I then had the ntv300b poll for updates. It found one, and installed.
I now have DLNA back from 1.076NA. I picked up the NTV300SL, (NeoTV Max) yesterday. None of this worked on it, and looking at the SquashFS none of this was present in /root/rc.user on the latest firmware for the device (v1.0.76). I managed to get root, though. While sniffing its traffic with wireshark, I noticed it hits a few phone-home URLs on boot. One of these was: Yes, this apparently does just what you’d expect. I used a local DNS server to point that hostname at a local Linux machine, and then created a /ntv300sl/us/gm/web_cmd.sh script on that server.
Lo and behold, it ran it on boot. If you’re attempting to do this, I’ll assume you know how to set up the web server and the DNS configuration. Here’s the web_cmd.sh: cd /tmp curl -O chmod 111 dropbear ln -s dropbear dropbearkey./dropbearkey -t dss -f dropbear_dss_host_key./dropbearkey -t rsa -f dropbear_rsa_hot_key./dropbear -d dropbear_dss_host_key -r dropbear_rsa_hot_key echo “root:vUXETBmux6gC2:0:0:root,,,:/root:/bin/sh” >/etc/passwd Grab the armv6l dropbear binary from here: Rename it to ‘dropbear’ and drop it in the directory with web_cmd.sh.
Reboot your NTV, wait a bit, and then you should be able to ssh with a password of “rooted” (set via the crypt hash in web_cmd.sh). The init scripts check /mnt/ubi_boot/rc.ntv300 (on this particular device) and execute it if it exists. So, I used this to make the SSH config persistent.
Today, i was able to make a custom firmware based on 1.0.76 for NTV300SL ( which was simple process, only modified rootfs squash image ) and it have telnet and thttpd (http server). Download custrom image from here: to install this image: 1) get usb flash drive 2) make a directory on root of flash called “UPG” 3) copy the file 8653_linux_demo_dbg.bin to UPG, you should have something like this: UPG/8653_linux_demo_dbg.bin 4) plug flash memory into NeoTV 5) power on NeoTV 6) It will ask you to update, accept it.
That’s it 😀 you can telnet to your neotv, and use “rooted” as password for root. Netgear did an update over passwd file, and i couldn’t decrypt the root’s password yet.
So i thought i would use Rob’s one 😉. I ended up playing with my neotv all night long last night in a fit of “hacker’s insomnia” as I’m calling it. I’m not exceptionally skilled with embedded linux or arm but I did come up with what I think is a crazy idea last night. Is there a way to clone the live system to a file using dd or another tool so that you could use say qemu to emulate the system for more testing/development purposes. It would also be nice if there was a wiki/forum where everyone interested in working on this project together could collaborate thought’s ideas etc.
Oh and I’m rooted using the UPG usb exploit 🙂 thanks to Zaid. Anyone know how to remap the CUSTOM keys? (such as the ones for Netflix, Hulu, etc).
I want to map one of the keys to another program that would be used more often than say VUDU for example. Maybe replace VUDU with Intel WiDi as a shortcut for example. I’ve tried snooping around, but couldn’t find anything.
Looks like it uses LIRC for receiving remote control strokes, and there is a lirc_monitor that you can run to see the key sequences being received. But wasn’t able to track down where the actual mapping of the keys occurs. (typical lircd would just be in lircd.conf but looks like they’ve hard coded the key mapping into a binary somewhere). Very good idea, and seeing as i have one of these i gave it a shot with minimal success. Here is what i did and how far i got.
Using the quotes with “reboot” did not work, but $(reboot) however did work. I accesed the serial port and spawned the unfriendly shell. But i noticed a few things are missing, specifically the inetd binary. Telnetd is present, but without the superserver it wont run.
I overwrote the /etc/passwd using the ssid exploit to give root a blank password and typed “login” in the shell. Username: root, and it dropped me into a root shell.
I copied utelnetd onto the device and was able to telnet in, but nothing persists across reboots. Seems everything i do in pretty much any directory gets reset on reboots. Any new files get erased, any file changes get reset, and i can’t seem to find any directory that persists. If someone could explain how i could possibly build a custom firmware or any other ideas i would be very grateful. I discovered that if you change gpio 63 to 1 it makes the getHWID utility think the B is a SL. GetHWID # Check unit type, 0 = Basic, 1 = S, 2 = SL(MAX) 0 # Basic unit gpio_prog 63 1 1 #[address] [0 = read / 1 = set] [If set, data] [APP]Gpio 63 input data is: 0 # gpio 63 is currently 0 [APP]Gpio 63 select: 0 # IDK [APP]Gpio 63 output data is: 1 # gpio 63 was successfully set to 1 getHWID 2 # the unit is now detected as a SL (MAX) This still doesn’t work for fooling ntv300ui. It still detects that it’s not a MAX unit.
It also doesn’t persist across reboots. Would someone who has access to a S or SL unit please run the following and post the results here? This will retrieve the state of GPIO (it will not alter it). FYI, reading the high numbered GPIOs caused my unit to reset although it didn’t harm anything. Commands to run. ColtB45 Here it is for a 300SL Also i did find one directorty that persists across reboots for me.
It is /cust_part_1 havent had much time to play with this, but i was able to create files in that directory that persisted across reboots, so i can execute scripts from the essid via the $() exploit, but i still havent found a way to execute something on boot. Have to run $(cp /cust_part_1/passwd /etc) #copys a passwd file with a blank root password $(sh) #spawns a non-interactive shell on the serial console then in minicom i type “login” (i found that if you leave the screen on the one you type the essid in, it was less likely to drop random characters) put root in as the user, and drops into shell. Unfortunately typing login in blanks the screen on the tv so it cant be used once login is typed. Or i can execute a copy of utelnetd i have saved in the cust_part_1 directory and log in remotely through telnet and the regular screen stays up. Though plugging it in to an ethernet cord after executing $(sh) tends to make connecting easier.
Wondering if any new exploits have come up for the ntv300 running V2.1.86? The “ `” results in fatal errors, thespoofing exploit seems to have stopped working with the md5 signatures in the fileinfo.XML. I had some fun hacking the remote app and can trigger the missing channels but the mtkaps are missing and the host list removes the links to the missing swfs.
Wondering if a.tar exploit is an option and/or a curl command to load the missing MyMedia and DNLA apps or edit the host list to add the missing URLs. Need help recovering from a bad flash. Have serial access to the U-Boot prompt. Downloaded the file NTV300SL_V1.1.50.bin I’m stuck how/where to flash it.
I’ve tried from USB with: fatload usb 0:1 03a00000 NTV300SL_V1.1.50.bin The USB light flashes but the process seems to have hung. Right now I’d be happy getting back to stock.
Can someone please point me in the right direction? Fatload with something extracted from bin? Write the bin to a nand partition? I know just enough to be dangerous and create a $40 brick.
README.md Detailed procedure to install Kodi media player on a RPI3 KODI Kodi is free, open-source software designed specifically with home entertainment in mind – and it's perfect if you're a fan of movies, sports, films and TV shows. Although it was originally created for the Microsoft Xbox and called Xbox Media Center (XBMC), Kodi has continued to evolve, spawning a community of its own. Unlike services like Chromecast or Plex, Kodi is managed by the non-profit XBMC Foundation, and it's constantly being modified and upgraded by countless of coders around the world.
Kodi provides access to streaming media content, including videos and music. It allows users to play and view most videos, music, podcasts, and other digital media files from local and network storage media and the internet. Kodi also accesses content over the internet using various “add-ons” created by members of the Kodi open source community.
Therefore, add-ons do not come “out of the box” with any official version of Kodi. RASPBERRY PI The Raspberry Pi is a credit-card-sized, low-cost computer that can plug into your TV and deliver high-definition video. It is a capable little computer which can be used in electronics projects, and for many of the things that your desktop PC does, like spreadsheets, word processing, browsing the internet, and playing games. The RPI3 is one of the newest versions of the Raspberry Pi. Download Golden Phyton Nokia 6120c.
It has support for internal WiFi and bluetooth which the previous version B+ did not have. Things you will need: • A raspberry pi 3 kit. A kit, at a minimum should contain the RPI3 itself, a case, a 2.5A power supply, and the heatsinks for the two processors.
I bought from amazon. • Some kits come with preloaded SD memory cards. I bought a empty 32 G card and loaded the OS from the internet -- as I will explain later.
The SD card should be a good quality card. I bought from amazon. • For initial setup you will need a USB keyboard and mouse. After setup, you can control Kodi from your smartphone using free apps like Kodi Remote on Android which will run on your internal WiFi network.
• Finally, you will need to have an HDMI TV (plus HDMI cable) and a Wifi home network up and running to which the RPI3 can connect in order to download videos and music and stream live to your TV. This is how a connected RPI3 inside a clear case looks like: The top two connectors are the HDMI cable to TV and the USB power supply cord.
The two connectors on the side (one on top of the other) are the USB keyboard and mouse. Loading of the Raspbian desktop Operating System (OS) on the SD card There are several Operating Systems of choice, which you can select by running the NOOBS operating system installation manager. I chose to load the Raspberry Pi desktop OS directly. The desktop OS allows you easy configuration of WiFi, Bluetooth, general settings, as well as access to different programs (browser) and utilities. Go to and click on the RASPBERRY PI DESKTOP link and then on the 'Download ISO' link. This will download the OS image onto your computer.
As of this writing the ISO file name is: rpd_x86-2017--06-22-rpd-x86-jessie.iso Don't be confused with the x86 in the name. The RPI3 is a 64 bit computer running a 32 bit operating system. You will need to write this image file to the blank SD card. WRITING AN ISO IMAGE TO THE SD CARD You will need to use an ISO image writing tool to install the image you have downloaded on your SD card. Once you write this binary image to the SD card and insert it in the Raspberry Pi, the Pi will boot up to the desktop operating system. There are many Image writing programs out there.
I chose Etcher which is free and can be downloaded at Etcher is a graphical SD card writing tool that works on Mac OS, Linux and Windows, and is the easiest option for most users. If your computer does not have an SD card port, you will need to acquire a SD card USB adapter like from amazon.
To write your image with Etcher: • Download Etcher and install it. • Connect an SD card reader with the SD card inside. • Open Etcher and select from your hard drive the Raspberry Pi iso image you downloaded previously. • Select the SD card you wish to write your image to. • Review your selections and click 'Flash!' To begin writing data to the SD card.
BOOTING UP THE RASPBERRY PI FOR THE FIRST TIME Once the ISO image file has been written to the SD card, it is time to boot up the RPI3. Do the following in order, plugging in the power last. • Insert the micro SD card into the memory card slot of the RPI3. • Plug in a HDMI cable between the RPI3 and your TV and turn on the TV. • Plug in a USB mouse and keyboard to your RPI3. • Plug in the power supply between the your RPI3 and a power outlet.
The RPI3 should boot up and you should see a blank linux desktop. The first thing you need to do before installing Kodi is to configure basic settings like your timezone, the keyboard type, WiFi, password, and the language to use. Hover your mouse over the raspberry icon on the top left of the screen and select 'Preferences' from the ensuing dropdown and then 'Raspberry Pi Configuration': You should see the following screen. For security purposes you should always change the default password which is normally 'raspberry'. Click on 'Change Password' button and change the password to something of your choice. Click on 'Localization' and configure Locale, Timezone, Keyboard, and WiFi country to your respective preferences. In my case I have: • Locale: Language-en(English), Country-US(United States), Character Set- UTF-8 • Timezone: Area-America, Location-Phoenix • Keyboard: Country-United States, Variant-English(US, international) • WiFi Country: US United States Last but not least, you need to connect the RPI3 to your internal home WiFi network.
Make sure you have your WiFi password handy and click on the WiFi icon at the top right of the RPI3 screen and choose your WiFi SSID from the list that appears. It will ask for the password to connect. Enter your WiFi password and you are connected to the Internet. For advanced users: To connect to your RPI3 remotely from any other computer on your same home WiFi network using SSH (putty or bitvise for windows), you will need to enable SSH. To do this go to the 'Raspberry Pi Configuration' popup again and instead of clicking on 'Localization', click on 'Interfaces'. Hit the enable radio button for the SSH entry and then click on 'Ok'. You can now connect to your RPI3 using the IP address that your router has assigned to your RPI3: pi@192.168.0.8 in my case.
An easy way to find out the IP address that your RPI3 has is to open a terminal (click on the black terminal icon on the top of the screen) and type ifconfig. You should see your IP address next to the wlan0 entry as inet: 192.168.0.8 (in my case): Installing Kodi on a RPI3 running the Raspbian desktop OS Installing the Kodi Media Center on the Raspberry Pi is easy and only requires a couple of commands to install on your system. There will be a few configurations you will have to do after to make it work properly as well as updating Kodi if you would like. Run the following commands one after the other in a terminal window on your Raspberry Pi. Sudo apt-get update sudo apt-get install kodi That’s basically it. This will grab the latest stable compiled version of Kodi built for Raspbian.
It grabs the files from the official Raspbian Repositories. The download should be around 200MB so it will take a while. It will also download some dependencies and install them. IMPORTANT RASPBERRY PI BOOT CONFIGS FOR KODI The following steps are crucial and need to be done to get proper playback on the Raspberry Pi. If you are having Kodi performance issues or Kodi is only playing audio and the video is black then it could be because of these settings in the Raspberry Pi’s /boot/config.txt file.
Type the following command to edit the Raspberry Pi’s configuration file. Sudo nano /boot/config.txt This file contains some important configurations for our Raspberry Pi. Scroll all the way to the bottom of the file and create 2 new settings. One for GPU_MEM and one for Start_X.
GPU_MEM is the GPU memory in megabytes. This value sets the memory split between the CPU and GPU. The CPU will get the remainer of the unused memory. We will be setting our value to 256 MB. Start_X will allow codec’s to be enable so that you can playback video’s in Kodi. Let’s go to the bottom of the configuration file and add the following 2 lines: gpu_mem=256 start_x=1 Save the file (Ctrl-x -->Y -->Enter) and exit the nano editor. Now simply reboot with the command 'sudo reboot now' and you have successfully installed Kodi on the Raspberry Pi 3.
RUN KODI ON STARTUP At this point you should see KODI as an installed program under 'Sound & Video' in the desktop. If you want KODI to run on startup instead of the RPI3 booting up on the Desktop you can accomplish this by various ways. The way I did it was to edit the RPI3 startup script. You might want to save a copy of this file to your home folder (sudo cp /home/pi/.config/lxsession/LXDE-pi/autostart ~) before modifying it. In case you make a mistake you can always restore the startup file from this copy.
Open the RPI3 startup script by typing: 'sudo nano /home/pi/.config/lxsession/LXDE-pi/autostart' and hitting Enter. Add the following line at the end of the script and save the file. /usr/bin/kodi-standalone The startup script always runs on boot-up and the line above will execute last and launch Kodi.
Reboot your RPI3 (sudo reboot now). Kodi should launch automatically at the end of boot-up.
If at some point you want to go to the Linux desktop, you can always click on the Power Options button at the top left of the screen and click on 'Exit'. This will exit the Kodi application.
VPN Setup on the RPI3 One of the best ways to secure your data is to use a virtual private network (VPN), which provides greater control of how you're identified online. Simply put, a VPN creates a virtual encrypted 'tunnel' between you and a remote server operated by a VPN service. All external internet traffic is routed through this tunnel, so your ISP can't see your data. If the site you're heading to uses HTTPS, your data stays encrypted, too. Best of all, your computer appears to have the IP address of the VPN server, masking your identity. Because you can use a VPN to spoof your location, it's an effective tool for getting around internet censorship. It's also a way to watch region-locked content.
If you log in to a VPN server in the UK, you'll be able to watch BBC streams for free. There are many VPN providers out there. Some better than others. Following advice from a current user, I chose which charges $3.33 per month if you buy a whole year subscription.
The installation instructions are similar for most VPNs as they all implement the OpenVPN suite of virtual private network (VPN) techniques. Once you sign up to your preferred VPN service, they will issue you a userId and a password. They will also give you access to special files (with ovpn extension) which can access specific servers located in different geographical areas. To install and run VPN in the RPI3, open a terminal and do the following: • sudo apt-get update • sudo apt-get install openvpn • cd /etc/openvpn/ • wget • sudo unzip openvpn.zip (this will create a lot of ovpn files) • sudo openvpn 'US West.ovpn' The last command runs VPN on the 'US WEST' server after asking for username and password provided by your VPN service. This means that all your web traffic gets encrypted (and tunnelled through the internet) and goes to and from that server before going out into internet again to fetch the data/webpages requested. That is all fine and good but the best way to use VPN is to forget about it and have it run automatically on startup.
RUN VPN ON STARTUP You need to setup OpenVpn as a service. Create a password file and write your username and password in it. This is necessary, otherwise it will try to ask for them and will stall the startup process. Do the following: • cd /etc/openvpn • sudo touch pswfile (create blank file) • sudo chmod 700 pswfile (give access only to root, so nobody else can see the password) • sudo nano pswfile • Add two lines with no spaces or whitespace between them with the actual username and password: • Save the file Should look something like this: The next step is to choose which ovpn file you are going to use and copy/rename it by replacing any spaces with underscores and changing the extension from ovpn to conf. The OpenVPN service only recognizes conf files • sudo cp 'US West.ovpn' US_West.conf The next step is to edit the new conf file and add the reference to the pswfile in it.
Open the file and look for the line that starts with 'auth-user-pass'. Replace that line with 'auth-user-pass pswfile'. • sudo nano US_West.conf • replace 'auth-user-pass' with 'auth-user-pass pswfile'. Omit the double quotes. • Add the following lines after the previous line: auth-nocache script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf • save the file: Ctrl-X ->Y -->Enter The conf file should look similar to the following snapshot. The modified/new lines are highlighted.
Once you have modified the conf file, you are ready to have the OpenVpn service run at boot-up. To accomplish this you need to add it as a startup service. Run the following command: sudo systemctl enable openvpn The conf file will be read on startup and VPN will start silently in the background on bootup. You are done!
Reboot the RPI3 (sudo reboot now) and the OpenVpn service should start running on startup under the covers. One easy way to check if VPN is working is first to copy the startup openvpn file to your home directory. You don't want to run it from the startup folder /etc/init.d. This is a one time action: sudo cp /etc/init.d/openvpn ~ Once this is done you can check the VPN status any time by issuing this command from your home directory:./openvpn status If all is well, the command will answer: [ ok ] VPN 'US_West' is running. Another way to check your VPN status is to open a browser in the Desktop and going to your VPN provider's website: It will tell you that you are protected and that your webpage is being requested from an IP other than the IP that your ISP provider assigns to you.