11:59 a.m.
Hi, I have a fedora26 desktop and would like to use a VPN to browse
the Internet. What are my options? Do I need to connect to a VPN
server service which then proxies my request to the remote site?
Are any of the "free" VPN services legit, or do they all do it in
exchange for something like either privacy or some browser plugin
that's required?
The client VPN documentation available with the fedora25 docs is confusing:
https://docs-old.fedoraproject.org/en-US/Fedora/25/html/Networking_Guide/...
Where is this "Super key"?
I know how to use Settings->Network to "Add a VPN" but I don't have an
endpoint.
6:15 a.m.
On Wed, 2017-11-01 at 12:59 -0400, Alex wrote:
Hi, I have a fedora26 desktop and would like to use a VPN to browse
the Internet. What are my options? Do I need to connect to a VPN
server service which then proxies my request to the remote site?
Are any of the "free" VPN services legit, or do they all do it in
exchange for something like either privacy or some browser plugin
that's required?
It depends on what you want to do. A VPN merely connects two endpoints
over a secure channel, but the endpoints can be:
* Your box
* Your local network (VPN to the router)
* A subset of processes within your box, using network namespaces
* Your own private server in a different location, or hosted in a
cloud provider
* A free or commercial VPN service provider
And which one you choose depends on your requirements, e.g.
* Disguise your location to circumvent geoblocking (in which case a
proxy may be enough)
* Protect your browsing history from your ISP or local admin policy
* Protect your communications from casual spying
* Protect your personal security from national governments
For general browsing, your simplest option is to use a VPN provider,
but which one depends on other factors including speed and cost. In
general, the free ones are not fast and the fast ones are not free.
Which are reliable in the sense of not logging your traffic or personal
data is a matter or trust and reputation.
There is also the question of technical competence, e.g. a while back there
was a scare about DNS hijacking via IPv6 on the part of IPv4 providers
(https://www.techrepublic.com/article/ipv6-security-vulnerability-pokes-ho...).
There are several comparison sites you can consult, e.g.
http://www.vpncomparison.org/
The client VPN documentation available with the fedora25 docs is
confusing:
https://docs-old.fedoraproject.org/en-US/Fedora/25/html/Networking_Guide/...
Where is this "Super key"?
I know how to use Settings->Network to "Add a VPN" but I don't have an
endpoint.
No idea. UI indications in the Fedora docs are written for Gnome users
and I use KDE. However in my own case I just use a Shell script
downloaded from my VPN provider, which hooks into OpenVPN.
poc
7:33 p.m.
Hi,
On Thu, Nov 2, 2017 at 7:15 AM, Patrick O'Callaghan
<pocallaghan(a)gmail.com> wrote:
On Wed, 2017-11-01 at 12:59 -0400, Alex wrote:
> Hi, I have a fedora26 desktop and would like to use a VPN to browse
> the Internet. What are my options? Do I need to connect to a VPN
> server service which then proxies my request to the remote site?
>
> Are any of the "free" VPN services legit, or do they all do it in
> exchange for something like either privacy or some browser plugin
> that's required?
It depends on what you want to do. A VPN merely connects two endpoints
over a secure channel, but the endpoints can be:
* Your box
* Your local network (VPN to the router)
* A subset of processes within your box, using network namespaces
* Your own private server in a different location, or hosted in a
cloud provider
* A free or commercial VPN service provider
I believe the endpoint in this case would a VPN service provider.
And which one you choose depends on your requirements, e.g.
* Disguise your location to circumvent geoblocking (in which case a
proxy may be enough)
* Protect your browsing history from your ISP or local admin policy
* Protect your communications from casual spying
* Protect your personal security from national governments
Personal security, but also torrenting.
For general browsing, your simplest option is to use a VPN provider,
but which one depends on other factors including speed and cost. In
general, the free ones are not fast and the fast ones are not free.
Which are reliable in the sense of not logging your traffic or personal
data is a matter or trust and reputation.
There is also the question of technical competence, e.g. a while back there
was a scare about DNS hijacking via IPv6 on the part of IPv4 providers
(https://www.techrepublic.com/article/ipv6-security-vulnerability-pokes-ho...).
There are several comparison sites you can consult, e.g.
http://www.vpncomparison.org/
Thanks. It's been hard to find a trustworthy review site.
> The client VPN documentation available with the fedora25 docs is
confusing:
>
https://docs-old.fedoraproject.org/en-US/Fedora/25/html/Networking_Guide/...
>
> Where is this "Super key"?
>
> I know how to use Settings->Network to "Add a VPN" but I don't have
an endpoint.
No idea. UI indications in the Fedora docs are written for Gnome users
and I use KDE. However in my own case I just use a Shell script
downloaded from my VPN provider, which hooks into OpenVPN.
That explains it. I've implemented openvpn in a subnet-to-subnet
config before from the command-line. Much of this is research for my
father-in-law and his fedora box.
Is the shell script publically available? I'd be very interested in
seeing how they're doing it.
Thanks,
Alex
>
> poc
> _______________________________________________
> users mailing list -- users(a)lists.fedoraproject.org
> To unsubscribe send an email to users-leave(a)lists.fedoraproject.org
11:31 a.m.
On Thu, 2017-11-02 at 20:33 -0400, Alex wrote:
> There are several comparison sites you can consult, e.g.
> http://www.vpncomparison.org/
Thanks. It's been hard to find a trustworthy review site.
I'm not specifically recommending that site, it just popped up when I
did a search.
> > The client VPN documentation available with the fedora25
docs is confusing:
> >
https://docs-old.fedoraproject.org/en-US/Fedora/25/html/Networking_Guide/...
> >
> > Where is this "Super key"?
> >
> > I know how to use Settings->Network to "Add a VPN" but I don't
have an endpoint.
>
> No idea. UI indications in the Fedora docs are written for Gnome users
> and I use KDE. However in my own case I just use a Shell script
> downloaded from my VPN provider, which hooks into OpenVPN.
That explains it. I've implemented openvpn in a subnet-to-subnet
config before from the command-line. Much of this is research for my
father-in-law and his fedora box.
Is the shell script publically available? I'd be very interested in
seeing how they're doing it.
On looking again, it turns out to be a binary executable rather than a
Shell script. Sorry for the confusion. However I'm fairly sure I did
once manage to use openvpn with the credentials supplied by the
provider, so it's not black magic.
poc
12:10 p.m.
On 11/03/2017 09:31 AM, Patrick O'Callaghan wrote:
On Thu, 2017-11-02 at 20:33 -0400, Alex wrote:
>> There are several comparison sites you can consult, e.g.
>> http://www.vpncomparison.org/
>
> Thanks. It's been hard to find a trustworthy review site.
I'm not specifically recommending that site, it just popped up when I
did a search.
>>> The client VPN documentation available with the fedora25 docs is confusing:
>>>
https://docs-old.fedoraproject.org/en-US/Fedora/25/html/Networking_Guide/...
>>>
>>> Where is this "Super key"?
>>>
>>> I know how to use Settings->Network to "Add a VPN" but I
don't have an endpoint.
>>
>> No idea. UI indications in the Fedora docs are written for Gnome users
>> and I use KDE. However in my own case I just use a Shell script
>> downloaded from my VPN provider, which hooks into OpenVPN.
>
> That explains it. I've implemented openvpn in a subnet-to-subnet
> config before from the command-line. Much of this is research for my
> father-in-law and his fedora box.
If the OP's father-in-law is simply trying to stay anonymous and hide
his IP address while he does his cyberbusiness, a VPN isn't really
necessary. What he wants is an anonymous proxy. There are lots of those
around. If he wants to encrypt the traffic between his computer and the
anonymous proxy to shield it from prying eyes, then that's where the VPN
might come in--provided the anonymous proxy supports VPN access and if
so, what kind of VPN it offers.
A VPN is just that...a virtual private network. It simply establishes an
encrypted data link between endpoints (typically while going across one
or more public internet hops) to prevent the "bad guys" from snooping
the data streams. It can be effective, depending on the encryption
algorithms used, the keys the encryption is based on, etc., etc.
> Is the shell script publically available? I'd be very
interested in
> seeing how they're doing it.
On looking again, it turns out to be a binary executable rather than a
Shell script. Sorry for the confusion. However I'm fairly sure I did
once manage to use openvpn with the credentials supplied by the
provider, so it's not black magic.
There's nothing magic about OpenVPN. While we don't use it ourselves (we
use Cisco-based VPNs using ASA devices and clients such as vpnc), I know
a number of people who have deployed OpenVPN with quite reasonable
results (in fact, sometimes better results than we get with our
hardware-based VPN equipment).
Using a VPN all depends on how paranoid you are (or rather the OP's
father-in-law is). They certainly have their uses.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks(a)alldigital.com -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- Do you know where _your_ towel is? -
----------------------------------------------------------------------
1:59 p.m.
On Fri, 2017-11-03 at 10:10 -0700, Rick Stevens wrote:
> > That explains it. I've implemented openvpn in a
subnet-to-subnet
> > config before from the command-line. Much of this is research for my
> > father-in-law and his fedora box.
If the OP's father-in-law is simply trying to stay anonymous and hide
his IP address while he does his cyberbusiness, a VPN isn't really
necessary. What he wants is an anonymous proxy.
Yes, I did mention that in my reply.
There are lots of those
around. If he wants to encrypt the traffic between his computer and the
anonymous proxy to shield it from prying eyes, then that's where the VPN
might come in--provided the anonymous proxy supports VPN access and if
so, what kind of VPN it offers.
A VPN is just that...a virtual private network. It simply establishes an
encrypted data link between endpoints (typically while going across one
or more public internet hops) to prevent the "bad guys" from snooping
the data streams. It can be effective, depending on the encryption
algorithms used, the keys the encryption is based on, etc., etc.
> > Is the shell script publically available? I'd be very interested in
> > seeing how they're doing it.
>
> On looking again, it turns out to be a binary executable rather than a
> Shell script. Sorry for the confusion. However I'm fairly sure I did
> once manage to use openvpn with the credentials supplied by the
> provider, so it's not black magic.
There's nothing magic about OpenVPN.
I meant there isn't anything magical about the specific provider I use,
even though they have a binary-only client, i.e. they are entirely
compatible with OpenVPN, which I think is probably the case for most of
them, to the extent that I'd be suspicious of any public services that
weren't.
While we don't use it ourselves (we
use Cisco-based VPNs using ASA devices and clients such as vpnc), I know
a number of people who have deployed OpenVPN with quite reasonable
results (in fact, sometimes better results than we get with our
hardware-based VPN equipment).
That's the end-to-end use case, so of course you are in control of both
ends.
Using a VPN all depends on how paranoid you are (or rather the
OP's
father-in-law is). They certainly have their uses.
They can also be simpler to set up than proxies, for the non-expert
user, since they are focused on what the general public wants, or
thinks it wants.
poc
6:33 p.m.
On 3 November 2017 at 15:59, Patrick O'Callaghan <pocallaghan(a)gmail.com>
wrote:
On Fri, 2017-11-03 at 10:10 -0700, Rick Stevens wrote:
Using a VPN all depends on how paranoid you are (or rather the
OP's
> father-in-law is). They certainly have their uses.
They can also be simpler to set up than proxies, for the non-expert
user, since they are focused on what the general public wants, or
thinks it wants.
Using a VPN may be telling the bad guys you have something worth
hiding. Bad guys and governments use a variety of information to decide
who merits close watching, so using VPN may bring extra scrutiny of
your activities. VPN can be circumvented if the endpoints aren't secure.
VPN is certainly important if you know you are in a category that attracts
scrutiny, but many ordinary users may be better off maintaining a low
profile and focusing on basic safe practices like installing security
patches, avoiding insecure public wifi, etc.
--
George N. White III <aa056(a)chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia
5:20 a.m.
On Fri, 2017-11-03 at 20:33 -0300, George N. White III wrote:
On 3 November 2017 at 15:59, Patrick O'Callaghan
<pocallaghan(a)gmail.com>
wrote:
> On Fri, 2017-11-03 at 10:10 -0700, Rick Stevens wrote:
> Using a VPN all depends on how paranoid you are (or rather the OP's
> > father-in-law is). They certainly have their uses.
>
> They can also be simpler to set up than proxies, for the non-expert
> user, since they are focused on what the general public wants, or
> thinks it wants.
>
Using a VPN may be telling the bad guys you have something worth
hiding. Bad guys and governments use a variety of information to decide
who merits close watching, so using VPN may bring extra scrutiny of
your activities.
That's unclear. More and more people are using VPNs so it's becoming
less noteworthy.
VPN can be circumvented if the endpoints aren't secure.
Obviously security of endpoints is critical, and a VPN is no more a
magic bullet than anything else.
VPN is certainly important if you know you are in a category that
attracts
scrutiny, but many ordinary users may be better off maintaining a low
profile and focusing on basic safe practices like installing security
patches, avoiding insecure public wifi, etc.
*All* public WiFi is insecure by definition since in general you don't
know anything about who's running it. Whether or not that matters
depends on your requirements. At a minimum, use application-layer
security (HTTPS, SSH, TLS etc.)
poc
2:03 a.m.
Allegedly, on or about 4 November 2017, Patrick O'Callaghan sent:
*All* public WiFi is insecure by definition since in general you
don't know anything about who's running it. Whether or not that
matters depends on your requirements. At a minimum, use application-
layer security (HTTPS, SSH, TLS etc.)
Yes, people forget that the encryption aspect of WiFi only covers the
wireless aspect. Once the access point has the traffic, it goes out
through a LAN then WAN, and *that* is unencrypted, and often directly
accessible to other users, and just as prone to compromise as any other
badly run computer system.
If you access a HTTPS server, the server is responsible for setting up
an encrypted connection between you and them, that *allegedly* can go
through an unsafe network in the middle.
But a lot of services are not encrypted, or only partially. Your
usernames, passwords, dates-of-birth, addresses, etc., all being
transmitted in a captureable way. Some of which seem, on the face of
it, nothing to worry about, but do make up a collection of data which
is useful to miscreants.
--
[tim@localhost ~]$ uname -rsvp
Linux 4.13.9-200.fc26.x86_64 #1 SMP Mon Oct 23 13:52:45 UTC 2017 x86_64
Boilerplate: All mail to my mailbox is automatically deleted.
There is no point trying to privately email me, I only get to see
the messages posted to the mailing list.
Damn, I didn't mean to press *that* button!
2357
days inactive
2361
days old
8 comments
5 participants
participants (5)
-
Alex -
George N. White III -
Patrick O'Callaghan -
Rick Stevens -
Tim