Hi, I have a fedora26 desktop and would like to use a VPN to browse the Internet. What are my options? Do I need to connect to a VPN server service which then proxies my request to the remote site?
Are any of the "free" VPN services legit, or do they all do it in exchange for something like either privacy or some browser plugin that's required?
The client VPN documentation available with the fedora25 docs is confusing: https://docs-old.fedoraproject.org/en-US/Fedora/25/html/Networking_Guide/sec...
Where is this "Super key"?
I know how to use Settings->Network to "Add a VPN" but I don't have an endpoint.
On Wed, 2017-11-01 at 12:59 -0400, Alex wrote:
Hi, I have a fedora26 desktop and would like to use a VPN to browse the Internet. What are my options? Do I need to connect to a VPN server service which then proxies my request to the remote site?
Are any of the "free" VPN services legit, or do they all do it in exchange for something like either privacy or some browser plugin that's required?
It depends on what you want to do. A VPN merely connects two endpoints over a secure channel, but the endpoints can be: * Your box * Your local network (VPN to the router) * A subset of processes within your box, using network namespaces * Your own private server in a different location, or hosted in a cloud provider * A free or commercial VPN service provider
And which one you choose depends on your requirements, e.g. * Disguise your location to circumvent geoblocking (in which case a proxy may be enough) * Protect your browsing history from your ISP or local admin policy * Protect your communications from casual spying * Protect your personal security from national governments
For general browsing, your simplest option is to use a VPN provider, but which one depends on other factors including speed and cost. In general, the free ones are not fast and the fast ones are not free. Which are reliable in the sense of not logging your traffic or personal data is a matter or trust and reputation.
There is also the question of technical competence, e.g. a while back there was a scare about DNS hijacking via IPv6 on the part of IPv4 providers (https://www.techrepublic.com/article/ipv6-security-vulnerability-pokes-holes...).
There are several comparison sites you can consult, e.g. http://www.vpncomparison.org/
The client VPN documentation available with the fedora25 docs is confusing: https://docs-old.fedoraproject.org/en-US/Fedora/25/html/Networking_Guide/sec...
Where is this "Super key"?
I know how to use Settings->Network to "Add a VPN" but I don't have an endpoint.
No idea. UI indications in the Fedora docs are written for Gnome users and I use KDE. However in my own case I just use a Shell script downloaded from my VPN provider, which hooks into OpenVPN.
poc
Hi,
On Thu, Nov 2, 2017 at 7:15 AM, Patrick O'Callaghan pocallaghan@gmail.com wrote:
On Wed, 2017-11-01 at 12:59 -0400, Alex wrote:
Hi, I have a fedora26 desktop and would like to use a VPN to browse the Internet. What are my options? Do I need to connect to a VPN server service which then proxies my request to the remote site?
Are any of the "free" VPN services legit, or do they all do it in exchange for something like either privacy or some browser plugin that's required?
It depends on what you want to do. A VPN merely connects two endpoints over a secure channel, but the endpoints can be:
- Your box
- Your local network (VPN to the router)
- A subset of processes within your box, using network namespaces
- Your own private server in a different location, or hosted in a cloud provider
- A free or commercial VPN service provider
I believe the endpoint in this case would a VPN service provider.
And which one you choose depends on your requirements, e.g.
- Disguise your location to circumvent geoblocking (in which case a proxy may be enough)
- Protect your browsing history from your ISP or local admin policy
- Protect your communications from casual spying
- Protect your personal security from national governments
Personal security, but also torrenting.
For general browsing, your simplest option is to use a VPN provider, but which one depends on other factors including speed and cost. In general, the free ones are not fast and the fast ones are not free. Which are reliable in the sense of not logging your traffic or personal data is a matter or trust and reputation.
There is also the question of technical competence, e.g. a while back there was a scare about DNS hijacking via IPv6 on the part of IPv4 providers (https://www.techrepublic.com/article/ipv6-security-vulnerability-pokes-holes...).
There are several comparison sites you can consult, e.g. http://www.vpncomparison.org/
Thanks. It's been hard to find a trustworthy review site.
The client VPN documentation available with the fedora25 docs is confusing: https://docs-old.fedoraproject.org/en-US/Fedora/25/html/Networking_Guide/sec...
Where is this "Super key"?
I know how to use Settings->Network to "Add a VPN" but I don't have an endpoint.
No idea. UI indications in the Fedora docs are written for Gnome users and I use KDE. However in my own case I just use a Shell script downloaded from my VPN provider, which hooks into OpenVPN.
That explains it. I've implemented openvpn in a subnet-to-subnet config before from the command-line. Much of this is research for my father-in-law and his fedora box.
Is the shell script publically available? I'd be very interested in seeing how they're doing it.
Thanks, Alex
poc _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On Thu, 2017-11-02 at 20:33 -0400, Alex wrote:
There are several comparison sites you can consult, e.g. http://www.vpncomparison.org/
Thanks. It's been hard to find a trustworthy review site.
I'm not specifically recommending that site, it just popped up when I did a search.
The client VPN documentation available with the fedora25 docs is confusing: https://docs-old.fedoraproject.org/en-US/Fedora/25/html/Networking_Guide/sec...
Where is this "Super key"?
I know how to use Settings->Network to "Add a VPN" but I don't have an endpoint.
No idea. UI indications in the Fedora docs are written for Gnome users and I use KDE. However in my own case I just use a Shell script downloaded from my VPN provider, which hooks into OpenVPN.
That explains it. I've implemented openvpn in a subnet-to-subnet config before from the command-line. Much of this is research for my father-in-law and his fedora box.
Is the shell script publically available? I'd be very interested in seeing how they're doing it.
On looking again, it turns out to be a binary executable rather than a Shell script. Sorry for the confusion. However I'm fairly sure I did once manage to use openvpn with the credentials supplied by the provider, so it's not black magic.
poc
On 11/03/2017 09:31 AM, Patrick O'Callaghan wrote:
On Thu, 2017-11-02 at 20:33 -0400, Alex wrote:
There are several comparison sites you can consult, e.g. http://www.vpncomparison.org/
Thanks. It's been hard to find a trustworthy review site.
I'm not specifically recommending that site, it just popped up when I did a search.
The client VPN documentation available with the fedora25 docs is confusing: https://docs-old.fedoraproject.org/en-US/Fedora/25/html/Networking_Guide/sec...
Where is this "Super key"?
I know how to use Settings->Network to "Add a VPN" but I don't have an endpoint.
No idea. UI indications in the Fedora docs are written for Gnome users and I use KDE. However in my own case I just use a Shell script downloaded from my VPN provider, which hooks into OpenVPN.
That explains it. I've implemented openvpn in a subnet-to-subnet config before from the command-line. Much of this is research for my father-in-law and his fedora box.
If the OP's father-in-law is simply trying to stay anonymous and hide his IP address while he does his cyberbusiness, a VPN isn't really necessary. What he wants is an anonymous proxy. There are lots of those around. If he wants to encrypt the traffic between his computer and the anonymous proxy to shield it from prying eyes, then that's where the VPN might come in--provided the anonymous proxy supports VPN access and if so, what kind of VPN it offers.
A VPN is just that...a virtual private network. It simply establishes an encrypted data link between endpoints (typically while going across one or more public internet hops) to prevent the "bad guys" from snooping the data streams. It can be effective, depending on the encryption algorithms used, the keys the encryption is based on, etc., etc.
Is the shell script publically available? I'd be very interested in seeing how they're doing it.
On looking again, it turns out to be a binary executable rather than a Shell script. Sorry for the confusion. However I'm fairly sure I did once manage to use openvpn with the credentials supplied by the provider, so it's not black magic.
There's nothing magic about OpenVPN. While we don't use it ourselves (we use Cisco-based VPNs using ASA devices and clients such as vpnc), I know a number of people who have deployed OpenVPN with quite reasonable results (in fact, sometimes better results than we get with our hardware-based VPN equipment).
Using a VPN all depends on how paranoid you are (or rather the OP's father-in-law is). They certainly have their uses. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Do you know where _your_ towel is? - ----------------------------------------------------------------------
On Fri, 2017-11-03 at 10:10 -0700, Rick Stevens wrote:
That explains it. I've implemented openvpn in a subnet-to-subnet config before from the command-line. Much of this is research for my father-in-law and his fedora box.
If the OP's father-in-law is simply trying to stay anonymous and hide his IP address while he does his cyberbusiness, a VPN isn't really necessary. What he wants is an anonymous proxy.
Yes, I did mention that in my reply.
There are lots of those around. If he wants to encrypt the traffic between his computer and the anonymous proxy to shield it from prying eyes, then that's where the VPN might come in--provided the anonymous proxy supports VPN access and if so, what kind of VPN it offers.
A VPN is just that...a virtual private network. It simply establishes an encrypted data link between endpoints (typically while going across one or more public internet hops) to prevent the "bad guys" from snooping the data streams. It can be effective, depending on the encryption algorithms used, the keys the encryption is based on, etc., etc.
Is the shell script publically available? I'd be very interested in seeing how they're doing it.
On looking again, it turns out to be a binary executable rather than a Shell script. Sorry for the confusion. However I'm fairly sure I did once manage to use openvpn with the credentials supplied by the provider, so it's not black magic.
There's nothing magic about OpenVPN.
I meant there isn't anything magical about the specific provider I use, even though they have a binary-only client, i.e. they are entirely compatible with OpenVPN, which I think is probably the case for most of them, to the extent that I'd be suspicious of any public services that weren't.
While we don't use it ourselves (we use Cisco-based VPNs using ASA devices and clients such as vpnc), I know a number of people who have deployed OpenVPN with quite reasonable results (in fact, sometimes better results than we get with our hardware-based VPN equipment).
That's the end-to-end use case, so of course you are in control of both ends.
Using a VPN all depends on how paranoid you are (or rather the OP's father-in-law is). They certainly have their uses.
They can also be simpler to set up than proxies, for the non-expert user, since they are focused on what the general public wants, or thinks it wants.
poc
On 3 November 2017 at 15:59, Patrick O'Callaghan pocallaghan@gmail.com wrote:
On Fri, 2017-11-03 at 10:10 -0700, Rick Stevens wrote:
Using a VPN all depends on how paranoid you are (or rather the OP's
father-in-law is). They certainly have their uses.
They can also be simpler to set up than proxies, for the non-expert user, since they are focused on what the general public wants, or thinks it wants.
Using a VPN may be telling the bad guys you have something worth hiding. Bad guys and governments use a variety of information to decide who merits close watching, so using VPN may bring extra scrutiny of your activities. VPN can be circumvented if the endpoints aren't secure. VPN is certainly important if you know you are in a category that attracts scrutiny, but many ordinary users may be better off maintaining a low profile and focusing on basic safe practices like installing security patches, avoiding insecure public wifi, etc.
On Fri, 2017-11-03 at 20:33 -0300, George N. White III wrote:
On 3 November 2017 at 15:59, Patrick O'Callaghan pocallaghan@gmail.com wrote:
On Fri, 2017-11-03 at 10:10 -0700, Rick Stevens wrote:
Using a VPN all depends on how paranoid you are (or rather the OP's
father-in-law is). They certainly have their uses.
They can also be simpler to set up than proxies, for the non-expert user, since they are focused on what the general public wants, or thinks it wants.
Using a VPN may be telling the bad guys you have something worth hiding. Bad guys and governments use a variety of information to decide who merits close watching, so using VPN may bring extra scrutiny of your activities.
That's unclear. More and more people are using VPNs so it's becoming less noteworthy.
VPN can be circumvented if the endpoints aren't secure.
Obviously security of endpoints is critical, and a VPN is no more a magic bullet than anything else.
VPN is certainly important if you know you are in a category that attracts scrutiny, but many ordinary users may be better off maintaining a low profile and focusing on basic safe practices like installing security patches, avoiding insecure public wifi, etc.
*All* public WiFi is insecure by definition since in general you don't know anything about who's running it. Whether or not that matters depends on your requirements. At a minimum, use application-layer security (HTTPS, SSH, TLS etc.)
poc
Allegedly, on or about 4 November 2017, Patrick O'Callaghan sent:
*All* public WiFi is insecure by definition since in general you don't know anything about who's running it. Whether or not that matters depends on your requirements. At a minimum, use application- layer security (HTTPS, SSH, TLS etc.)
Yes, people forget that the encryption aspect of WiFi only covers the wireless aspect. Once the access point has the traffic, it goes out through a LAN then WAN, and *that* is unencrypted, and often directly accessible to other users, and just as prone to compromise as any other badly run computer system.
If you access a HTTPS server, the server is responsible for setting up an encrypted connection between you and them, that *allegedly* can go through an unsafe network in the middle.
But a lot of services are not encrypted, or only partially. Your usernames, passwords, dates-of-birth, addresses, etc., all being transmitted in a captureable way. Some of which seem, on the face of it, nothing to worry about, but do make up a collection of data which is useful to miscreants.
-
Alex -
George N. White III -
Patrick O'Callaghan -
Rick Stevens -
Tim