Personal VPN on Fedora

[Marko Vojinovic]

On Wednesday 24 August 2011 17:17:15 Manuel Escudero wrote:
> 2011/8/24 Timothy Murphy <gayleard at eircom.net>
> > Manuel Escudero wrote:
> > >> I'm puzzled by this thread.
> > >> It doesn't seem to me to be too difficult to set up an OpenVPN server,
> > >> following the instructions in /usr/share/openvpn/easy-rsa/2.0/ .
> > >> 
> > >> Or are you all trying to do something else?

Sorry to drop in on this thread, but it seems that there is some 
misunderstanding here... ;-)

Yes, apparently Manuel is trying to do something else, which has nothing to do 
with creating a VPN on Fedora. He just expressed himself poorly. Read below.

> > > The idea was to get an easy solution to mount a personal VPN
> > > in Linux using an external "pre-arranged" solution such as those
> > > you might use on windows or mac, (HotspotShield/TunnelBear).

As far as I looked at the HotspotShield and TunnelBear websites, they 
basically say:

<quote>
Q) What is TunnelBear?
A) TunnelBear is the world’s easiest to use consumer VPN software that 
securely “tunnels” your internet connection to locations around the world.

Q) How does TunnelBear work?
A) TunnelBear creates a secure, encrypted connection between your computer and 
a server in the host country you want to connect to. This both protects your 
privacy allows you to simulate the internet experience from another country.

Hotspot Shield:
    * Secure your web session, data, online shopping, and personal information 
online with HTTPS encryption.
    * Protect yourself from identity theft online.
    * Hide your IP address for your privacy online.
    * Access all content privately without censorship; bypass firewalls.
    * Protect yourself from snoopers at Wi-Fi hotspots, hotels, airports, 
corporate offices.
</quote>

So it seems to me that TunnelBear and HotspotShield are commercial
*proxy* *servers*, which clients use by connecting via the VPN.

> > As far as I can see, Hotspot Shield and Tunnel Bear
> > are both running VPN servers, on a free/commercial basis,
> > and if you subscribe to them you can run a VPN client
> > which communicates with or through them.
> > Or have I got that wrong?

You got it right. You get logged on their VPN, and they "guarantee" to clients 
anonymous access to the Internet, using their server as a proxy. The VPN is 
used in order to provide encrypted connection between the server and the 
client, and in addition to provide A&A via pay-for certificates.

> > > See, Win/Mac users don't mount their own VPN servers when they
> > > wanna use VPN because of those apps, I found a solution like
> > > that but for Linux, and that was what I was looking for in the first
> > > place.

This part is a bit confusing. It seems that Manuel doesn't make a distinction 
between a VPN and these commercial proxy services. Win/Mac users that he 
speaks about do not create a VPN, they are just clients to the commercial VPN. 
So they do not need to set up any VPN server or something similar.

AFAIK, if you sign up for this service and get a certificate, you should not 
need any special software to connect to the HS/TB VPN-s. NetworkManager should 
be able to connect to them automatically, if configured to use the appropriate 
certificates. So on Linux at least, no additional software should be necessary, 
unless they are doing something weird and incompatible. As for Windows and 
Mac, I don't know, but if anything needs to be installed, it is a VPN client 
of some kind. Not the server.

> The thing is, in Win & Mac, users just Download an app such as TunnelBear
> for example
> and install it with a "Next>Next>Next" tool, then just click ENABLE and
> they're "magically"
> browsing through VPN connection...

The "Next>Next>Next" tool just installs VPN client software on Win/Mac, and 
sets it up automatically for use with HS/TB networks.

> They don't need to setup a private
> server, then parse the
> keys and the certificates, then install all the things, deal with config
> files and so on...

These are steps you need to do when you want to create *your* *own* VPN, not 
to use somebody else's network. Apples and oranges. :-)

> I commited myself to the simple duty of finding something similar but for
> linux and
> Hostizzle (with a little help from other tools) seem to be the closest
> alternative
> to such software.

Hostizzle is just another commercial proxy, in line with Hotspot Shield and 
TunnelBear. It's not a software, it's an online service. It uses VPN (in 
particular OpenVPN implementation) in order to provide its service.

> More clear? :)

The Hostizzle FAQ is very informative regarding what this is all about:

   http://hostizzle.com/faq/

In a nutshell, you sign up to use their VPN for all your internet traffic, using 
their server as a gateway. This avoids various firewalls, insecure connections, 
blocked ports, etc., at the expense of using their gateway.

The VPN itself has nothing to do with this. It is just a backend technology 
that provides you a convenient way to use their server as a gateway to the 
Internet.

All in all, the title of this thread is completely misleading. You (the OP) 
don't actually want to set up your own VPN, you want to use this kind od 
public proxy service, and need to set up a VPN client because this is the way 
to communicate with that public proxy. Please don't mix these two things. :-)

VPN stands for a "Virtual Private Network", and basically represents an 
emulation of a bunch of (virtual) ethernet cards and appropriate (virtual) 
cables and switches, in order to create a (virtual) LAN over a physically 
distributed set of hosts. This has absolutely nothing to do with the "public 
proxy" service like Hostizzle, regardless of the fact that that VPN is used as 
a backend means of communication between Hostizzle and yourself.

I hope this clears up a few things for everybody, especially for the OP. ;-)

HTH, :-)
Marko