On Fri, 2017-11-03 at 10:10 -0700, Rick Stevens wrote:
> > That explains it. I've implemented openvpn in a
subnet-to-subnet
> > config before from the command-line. Much of this is research for my
> > father-in-law and his fedora box.
If the OP's father-in-law is simply trying to stay anonymous and hide
his IP address while he does his cyberbusiness, a VPN isn't really
necessary. What he wants is an anonymous proxy.
Yes, I did mention that in my reply.
There are lots of those
around. If he wants to encrypt the traffic between his computer and the
anonymous proxy to shield it from prying eyes, then that's where the VPN
might come in--provided the anonymous proxy supports VPN access and if
so, what kind of VPN it offers.
A VPN is just that...a virtual private network. It simply establishes an
encrypted data link between endpoints (typically while going across one
or more public internet hops) to prevent the "bad guys" from snooping
the data streams. It can be effective, depending on the encryption
algorithms used, the keys the encryption is based on, etc., etc.
> > Is the shell script publically available? I'd be very interested in
> > seeing how they're doing it.
>
> On looking again, it turns out to be a binary executable rather than a
> Shell script. Sorry for the confusion. However I'm fairly sure I did
> once manage to use openvpn with the credentials supplied by the
> provider, so it's not black magic.
There's nothing magic about OpenVPN.
I meant there isn't anything magical about the specific provider I use,
even though they have a binary-only client, i.e. they are entirely
compatible with OpenVPN, which I think is probably the case for most of
them, to the extent that I'd be suspicious of any public services that
weren't.
While we don't use it ourselves (we
use Cisco-based VPNs using ASA devices and clients such as vpnc), I know
a number of people who have deployed OpenVPN with quite reasonable
results (in fact, sometimes better results than we get with our
hardware-based VPN equipment).
That's the end-to-end use case, so of course you are in control of both
ends.
Using a VPN all depends on how paranoid you are (or rather the
OP's
father-in-law is). They certainly have their uses.
They can also be simpler to set up than proxies, for the non-expert
user, since they are focused on what the general public wants, or
thinks it wants.
poc