Personal VPN on Fedora

[Manuel Escudero]

2011/8/24 Marko Vojinovic <vvmarko at gmail.com>

> On Wednesday 24 August 2011 17:17:15 Manuel Escudero wrote:
> > 2011/8/24 Timothy Murphy <gayleard at eircom.net>
> > > Manuel Escudero wrote:
> > > >> I'm puzzled by this thread.
> > > >> It doesn't seem to me to be too difficult to set up an OpenVPN
> server,
> > > >> following the instructions in /usr/share/openvpn/easy-rsa/2.0/ .
> > > >>
> > > >> Or are you all trying to do something else?
>
> Sorry to drop in on this thread, but it seems that there is some
> misunderstanding here... ;-)
>
> Yes, apparently Manuel is trying to do something else, which has nothing to
> do
> with creating a VPN on Fedora. He just expressed himself poorly. Read
> below.
>
> > > > The idea was to get an easy solution to mount a personal VPN
> > > > in Linux using an external "pre-arranged" solution such as those
> > > > you might use on windows or mac, (HotspotShield/TunnelBear).
>
> As far as I looked at the HotspotShield and TunnelBear websites, they
> basically say:
>
> <quote>
> Q) What is TunnelBear?
> A) TunnelBear is the world’s easiest to use consumer VPN software that
> securely “tunnels” your internet connection to locations around the world.
>
> Q) How does TunnelBear work?
> A) TunnelBear creates a secure, encrypted connection between your computer
> and
> a server in the host country you want to connect to. This both protects
> your
> privacy allows you to simulate the internet experience from another
> country.
>
> Hotspot Shield:
>    * Secure your web session, data, online shopping, and personal
> information
> online with HTTPS encryption.
>    * Protect yourself from identity theft online.
>    * Hide your IP address for your privacy online.
>    * Access all content privately without censorship; bypass firewalls.
>    * Protect yourself from snoopers at Wi-Fi hotspots, hotels, airports,
> corporate offices.
> </quote>
>
> So it seems to me that TunnelBear and HotspotShield are commercial
> *proxy* *servers*, which clients use by connecting via the VPN.
>
> > > As far as I can see, Hotspot Shield and Tunnel Bear
> > > are both running VPN servers, on a free/commercial basis,
> > > and if you subscribe to them you can run a VPN client
> > > which communicates with or through them.
> > > Or have I got that wrong?
>
> You got it right. You get logged on their VPN, and they "guarantee" to
> clients
> anonymous access to the Internet, using their server as a proxy. The VPN is
> used in order to provide encrypted connection between the server and the
> client, and in addition to provide A&A via pay-for certificates.
>
> > > > See, Win/Mac users don't mount their own VPN servers when they
> > > > wanna use VPN because of those apps, I found a solution like
> > > > that but for Linux, and that was what I was looking for in the first
> > > > place.
>
> This part is a bit confusing. It seems that Manuel doesn't make a
> distinction
> between a VPN and these commercial proxy services. Win/Mac users that he
> speaks about do not create a VPN, they are just clients to the commercial
> VPN.
> So they do not need to set up any VPN server or something similar.
>
> AFAIK, if you sign up for this service and get a certificate, you should
> not
> need any special software to connect to the HS/TB VPN-s. NetworkManager
> should
> be able to connect to them automatically, if configured to use the
> appropriate
> certificates. So on Linux at least, no additional software should be
> necessary,
> unless they are doing something weird and incompatible. As for Windows and
> Mac, I don't know, but if anything needs to be installed, it is a VPN
> client
> of some kind. Not the server.
>
> > The thing is, in Win & Mac, users just Download an app such as TunnelBear
> > for example
> > and install it with a "Next>Next>Next" tool, then just click ENABLE and
> > they're "magically"
> > browsing through VPN connection...
>
> The "Next>Next>Next" tool just installs VPN client software on Win/Mac, and
> sets it up automatically for use with HS/TB networks.
>
> > They don't need to setup a private
> > server, then parse the
> > keys and the certificates, then install all the things, deal with config
> > files and so on...
>
> These are steps you need to do when you want to create *your* *own* VPN,
> not
> to use somebody else's network. Apples and oranges. :-)
>
> > I commited myself to the simple duty of finding something similar but for
> > linux and
> > Hostizzle (with a little help from other tools) seem to be the closest
> > alternative
> > to such software.
>
> Hostizzle is just another commercial proxy, in line with Hotspot Shield and
> TunnelBear. It's not a software, it's an online service. It uses VPN (in
> particular OpenVPN implementation) in order to provide its service.
>
> > More clear? :)
>
> The Hostizzle FAQ is very informative regarding what this is all about:
>
>   http://hostizzle.com/faq/
>
> In a nutshell, you sign up to use their VPN for all your internet traffic,
> using
> their server as a gateway. This avoids various firewalls, insecure
> connections,
> blocked ports, etc., at the expense of using their gateway.
>
> The VPN itself has nothing to do with this. It is just a backend technology
> that provides you a convenient way to use their server as a gateway to the
> Internet.
>
> All in all, the title of this thread is completely misleading. You (the OP)
> don't actually want to set up your own VPN, you want to use this kind od
> public proxy service, and need to set up a VPN client because this is the
> way
> to communicate with that public proxy. Please don't mix these two things.
> :-)
>
> VPN stands for a "Virtual Private Network", and basically represents an
> emulation of a bunch of (virtual) ethernet cards and appropriate (virtual)
> cables and switches, in order to create a (virtual) LAN over a physically
> distributed set of hosts. This has absolutely nothing to do with the
> "public
> proxy" service like Hostizzle, regardless of the fact that that VPN is used
> as
> a backend means of communication between Hostizzle and yourself.
>
> I hope this clears up a few things for everybody, especially for the OP.
> ;-)
>
> HTH, :-)
> Marko
>
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>


Yep, what marko just said is most accurate about the technical
aspect of the whole thing... in one simple sentence: HSS, TunnelBear
Hostizzle, "and friends" are just services where someone mounts a VPN
and then simply share with the people some ways to access it, via free
or paid OpenVPN certificate packs wich contain a "ovpn" file to use in
the configuration via your native networking client (such as
networkmanager)...

Win/Mac solutions are "a little more packed"; In linux it requires some more
"setup steps" to work, but esentially it's the same.

So, yep I wasn't talking about CREATING my own VPN but finding
a service that let me connect to a "pre-mounted" VPN as I perfectly said in
the first
message I sent, (and nobody answered that), so I shared the solution I found
for the actual question.

C'ya! :)

-- 
Manuel Escudero
Linux User #509052
Twitter: @Jmlevick <http://twitter.com/Jmlevick>
Blogger: Blog Xenode <http://xenodesystems.blogspot.com/>
PGP/GnuPG: E2F5 12FA E1C3 FA58 CF15  8481 B77B 00CA C1E1 0FA7
Xenode Systems - xenodesystems.com <http://www.xenodesystems.com/> - "Conéctate
a Tu Mundo"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20110824/a6e7f75e/attachment-0001.html