FreeLAN Review: VPN for professionals

What to do if you need to use VPN in a flexible way rather than in the way offered by VPN services? … Or using third-party servers is not allowed or inefficient? What if you need to create your own protected network? In such cases, configuring your own VPN based on its infrastructure may be helpful.

FreeLAN can be the solution to that task.

FreeLAN is free all-around VPN open-source software for Windows, Linux, and macOS that can be used to create three types of VPN:

• Client-server
• Peer-to-peer
• Hybrid that includes the two types mentioned above.

In this review, I’ll tell you what features are offered by FreeLAN, what its pros and cons are, describe the peculiarities of its configuring and using, and finally, I’ll give you some recommendations.

FreeLAN is different from other VPNs as there is no UI. You won’t be able to use the OpenVPN client with this VPN. That’s why I don’t recommend using it if you just need to hide your IP or unblock sites. For these tasks, you can find VPN apps that are easier to use and more or less efficient.

FreeLAN is good for creating your own flexible Virtual Private Network, including the one without a VPN server, using only client computers.

So, you’ll know about:

• FreeLAN features
• Its pros
• Why FreeLAN is not user-friendly
• The alternatives to FreeLAN

Table of contents:

• FreeLAN features
• FreeLAN pros
• FreeLAN cons
• Specifications of use
• Information about the owner
• Conclusion
• The best alternatives

FreeLAN features

Main functions

• Reliable traffic encryption
• Creating the client-server tunnel
• Creating the client-client (pear-to-pear) tunnel
• Creating the network that consists of several computers and servers in different combinations
• Masking IP addresses
• Unblocking websites

Additional functions and opportunities:

• Invisibility when the use of VPN is monitored

FreeLAN is a multiplatform software to create a VPN tunnel without using VPN services. But it’s not a multifunctional VPN such as OpenVPN. The network operated by FreeLAN is used in a command mode and requires additional routing configurations. Besides, you need the C++ compiler to set it up and OpenSSL to create certificates and keys. Thus, FreeLAN is software for encrypting connections between devices, but it doesn’t offer GUI apps and convenient routing.

The characteristics mentioned above make it different from VPN services that offer fully-functional easy-to-use client apps and configurations for the OpenVPN client.

You can download and set up FreeLAN on Windows, Linux, and macOS. You need to configure at least two devices to create a VPN network as FreeLAN doesn’t offer its own servers.

FreeLAN applies the FSCP (FreeLAN Secure Channel Protocol) protocol that allows you to create both traditional a client-server VPN and direct coaction between clients who use the PP technology. The possibility to use P2P and a client-server connection simultaneously makes FreeLAN different from OpenVPN, for example.

The protocol is based on UDP and has a lot of settings:

• in-built function of launching the https server,
• port forwarding,
• support of the back-end DNS,
• functioning on the IP and Ethernet levels,
• IPv6 support,
• 3 kinds of elliptic curves to use for the sessions,
• Opportunity to choose 128- or 256-bit encryption keys,
• Tap/tan,
• switch/hub.

It’s impossible to set up FreeLAN on MacOS in a standard way as the software is not signed by the verified developer. But it’s being solved. I’ll tell you more in the ‘’Specifications of use’’ chapter.

At Centos, there are difficult conflicts of the system libraries versions and Python, which is necessary to set up FreeLAN with the help of C++.

I also faced some problems with the intervisibility of devices within the FreeLan network.

Keep on reading and I’ll tell you about other bugs of FreeLan, but first of all, I’ll enlarge upon its pros.

FreeLAN pros

One of the major FreeLAN pros is the possibility to create local networks. Using it as a traditional VPN is reasonable just because it is invisible for the systems monitoring the use of VPN, for example, for countries with censorship. But there is a disadvantage as well – FreeLAN apples the UDP protocol and port 12000 which aren’t available in many cases.

Nevertheless, I’ll tell you about its advantages which were known from the very beginning and the ones that were proved after I tested the service.

FreeLAN is absolutely free

The FreeLAN software is distributed according to the GNU GPL license, which means that it’s a free open-source one that can be modified, but you can’t develop a paid product on its base.

It’s convenient for creating your own infrastructure based on FreeLAN technology. I didn’t find any detailed descriptions of those systems, but on specialized forums, I saw the discussions related to the specifications of their configurations.

An open-source code allows you to create your own graphics-based environment based on the FreeLAN technology if it’s necessary.

Opportunity to create networks without a server

The main technical advantage of FreeLAN is that it can work directly between the clients of the network, without servers. There’s even no server or it may be used to connect to another network (for example, the Internet) and/or to monitor the work of the network and its logging/administration.

I tested the work of FreeLAN in a Peer-to-Peer mode in the network of computers operated by Windows for 1 day with different configurations. The background work of the network was stable, the processor load was minimal. Each computer of the network was visible for the others, and no servers were used.

Still, it was hard to get the stable work of the network and it was likely to have problems related to intervisibility when turning on/off the network’s computers.

Multiplatformity

FreeLAN is compatible with:

• Windows
• Linux Debian (I failed to set up FreeLAN on Centos because of the malfunction of g++ with the FreeLAN source code)
• OSX
• Docker
• Sailfishos

The easiest setup process is for Debian (you can find it in the repository), Windows (the setup file is available) and macOS (there’s a setup file as well, but you need to allow the installation from an unverified source.

Thus, you can create both single-platform and multiplatform networks based on FreeLAN. For example, you can connect a Windows-based computer to the one that’s based on Mac and then connect them to a Linux-based server configured as a VPN server.

High security standards

FreeLAN offers AES-128-GCM and AES-256-GCM encrypting standards with the RSA cryptosystem and SHA 256 algorithm. Today AES 128/256 encryption standards are the most widely-spread and reliable ones. By the way, AES-128 is recognized as the official encryption standard for protecting the national data of the USA, and AES-256 – highly sensitive data.

Here is the extract from the FreeLAN configuration file with choosing the encryption parameters:

You can choose the length of the authentication key when generating certificates with the help of OpenSSL, for example, 4096.

So, it tells of the advanced level of data protection in the FreeLAN tunnel. The network is almost invulnerable when applying professional protection of client computers and a server (if there is).

Thus, the pros are quite essential. Let’s turn to its cons.

FreeLAN cons

The pros are related to the use of FreeLAN as a traditional VPN. At the same time, that will entail the cons related to using it as a traditional VPN and creating an isolated network, including the problems I faced while testing it.

No detailed documentation

At first sight, www.freelan.org looks professional and has credibility. And it seems to be right until you turn to technical details and instructions.

There is little information about the opportunities of the FreeLAN technology, setup procedure and the way you can use it. There are no real examples of using it.

There are no specifications of the software configurations but only the links to the source code and technical specifications of the FSCP protocol.

No real examples of using

There is a short example of configuring a client-client connection with the use of certificates and without them (using a login and password). But this information won’t help you to understand how to configure a client-server connection, including for using it as a traditional VPN.

For all ‘’further questions’’, you have to contact the developer by email. But it’s mentioned on the website that the developer undertakes the project only in his free time as it’s free and doesn’t produce a profit. So, you’ll probably wait for the reply for more than one day:

There is also some information on GitHub and other forums, but there is no definitive manual for using FreeLAN.

Complicated and unpredictable setup

Absence of the structured and detailed information made it difficult to test the opportunities of FreeLAN. For example, I failed to solve the conflict of the setup script and C++ version on Centos. Besides, the installer doesn’t check the versions of Python and gcc installed. This causes unexpected errors that you can’t use to define the reason for the problem if you aren’t experienced enough.

For instance, you can’t set up FreeLAN 2.2 and 2.3 if Linux Centos applies the Python version earlier than 2.7 and g++ version which is earlier than 4.7. Moreover, even after all the discrepancies were fixed, the installation wasn’t successful for an unknown reason:

Probably, C++ specialists will be able to solve this problem.

As far as other platforms are concerned, I faced some problems with them as well.

For example, when installing it on Mac OS, I had to look for a way to set up without the verified digital signature. Here are the steps to follow:

1. Find freelan_{your version}.pkg on Finder.
2. Holding Ctrl, click on it.
3. Choose “Open”.

Probably, in your case, it will work. But on my macOS High Sierra, I saw an unknown error:

That’s why I failed to test FreeLAN on Mac.

In fact, using a short configuration example from the official website, I managed to set up and launch the network only on Windows-based computers.

This network didn’t have a server that’s why I failed to configure a full-fledged VPN as well.

But even if I had managed to set up FreeLAN on Centos (or I had had a server with Debian which is used to set up FreeLAN from the repository), to launch a full-fledged VPN I would have had to configure the routes on the server and client computers manually. For this procedure, you need to be experienced enough in the administration of networks for different platforms. In fact, without a detailed manual, only experienced sysadmins can do it.

Low popularity

The FreeLAN project was launched in 2013, but it has been under development since 2007. Nevertheless, it hasn’t become popular yet, no matter it is potentially flexible and all-round.

Probably, it’s connected with the absence of a detailed manual for installing, configuring and using the technology. … Or the reason for its low popularity is in a complicated installation for some popular platforms.

Anyway, FreeLAN’s low popularity should be taken into account when choosing your network solution, and especially, when choosing software for VPN.

Specifications of use

In this chapter, I’ll share my experience of using FreeLAN.

As I have already mentioned, I failed to configure FreeLAN either on Mac or Centos Linux. That’s why I managed to test its work in a Peer-to-peer mode only o PC. Taking into account the fact that I didn’t find much information about the practical use of FreeLAN, even these test results may be useful.

So, there are two ways to launch the FreeLAN network:

• Using a login/password combination
• Using certificates

There is an example of a simple connection of two clients with a login and password:

As root on computer 1:

freelan --security.passphrase "my_secret"

And on computer 2:

freelan --security.passphrase "my_secret" --tap_adapter.ipv4_address_prefix_length 9.0.0.2/24 --fscp.contact $IP1:12000

But this solution is appropriate only for connecting two computers. That’s why if you need to create a network of more than two devices, you have to configure certificates and write them in configurations files on all the computers. I won’t describe the procedure as there are a detailed instruction and an example of a simple configuration on the official website.

But in order to generate the certificates, you need to set up OpenSSL. If you do according to the instructions on freelan.org, you may face some problems. It is easier and more efficient to install it from the setup file, which can be downloaded here.

Besides, you need to add the following line the system variable PATH:

C:\Program Files\OpenSSL-Win64\bin;

After it’s done, you can generate the certificates as it’s said in the FreeLAN instruction. The procedure won’t cause any trouble. It’s just important to follow the instructions and not to forget to copy the full set to each computer of the network.

You may face unexpected troubles when launching the network. The fact is that in my case there was no error, but the ping didn’t change from 9.0.0.2 to  9.0.0.1. In fact, the network didn’t work. But there were no errors in the log. The problem was solved only after following the steps to launch the FreeLAN service. In other words, the succession of launching the clients is very important.

What’s more, each time I restarted the client on the computer, I had to repeat the procedure on another computer as well. Otherwise, the ping disappeared no matter the automatic reconnect was successful. It’s quite strange and inconvenient. In fact, the problem caused more inconveniences when testing the network, and I failed to solve it.

Taking into account my experience of using FreeLAN, that’s everything I can share with you. I tried several times to configure the routing to simulate the practical use of VPN via FreLAN, but I failed to do it. Without a good manual with real examples of use, it was an overwhelming task to test the opportunities of FreeLAN. Of course, you can contact the developer by email, but it’s dead inconvenient.

Information about the owner

The developer of FreeLAN is Julien Kauffmann from Canada.

Today he is a Project Manager and Agile Coach at BRED IT Ltd (Thailand). It’s mentioned on the official website that he undertakes the project only in his free time.

The official website: www.freelan.org

Conclusion

Thus, it’s impossible to call FreeLAN a traditional VPN. It’s not a VPN provider that’s why there are its own servers. Its software doesn’t have a graphics-based environment. In order to install and use FreeLAN, you need to be good at configuring networks on different platforms.

That’s why I don’t recommend using it as a VPN when you can use traditional paid and free VPN services to get more efficiency. The cases include:

• Hiding your IP and traffic on the internet
• Unblocking websites
• Bypassing censorship
• Torrenting
• Bypassing geo-restrictions for video content
• Using VPN on mobile devices

For these tasks, it’s easier and more efficient to use VPN services or OpenVPN.

Besides, taking into account numerous problems, FreeLAN is not the best solution for creating private secure networks, including P2P. For this task, other solutions are better, and I published the link to one of them in the next chapter.

The best alternatives

Alternative to the P2P VPN software

Cjdns – cross-platform network protocol that allows you to create a scaling P2P network with traffic encryption. It works only with the IPv6 protocol. It is regularly updated and widely used.

Alternative VPN services

For using a VPN, you don’t always need to configure your own network. The advantage of VPN services is the extended functionality offered in addition to the VPN technology. It allows you to increase the stability and security of a VPN, use it not only for standard tasks. The client has to set up the software offered by the VPN provider. It’s possible to have up to 5+ simultaneous connections per one subscription.

NordVPN – the largest VPN service with 5050+ servers in 60 countries, fast speeds, compatible with all platforms and user-friendly client software.

CyberGhost VPN – one of the best all-round VPN services. Along with traditional functions, there are some additional ones. It’s perfect for unblocking the geo-restricted Netflix content. It’s compatible with all platforms, including browsers.

Surfshark – another VPN service which suits for any task. What attracts users is that it’s cheap and can work even in China.