Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   <b>READ-ONLY-MODE: PLEASE DO NOT POST NEW STUFF</b>READ-ONLY-MODE: PLEASE DO NOT POST NEW STUFF 

The time now is Sat 08 Aug 2020, 22:19
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
A Simple VPN Implementation
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 7 of 7 [100 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7
Author Message
Gera

Joined: 21 Sep 2019
Posts: 9

PostPosted: Mon 23 Mar 2020, 12:47    Post subject:  

enrique,
I don't want to take any chances and system-level risk. I am not proficient in Linux. Maybe I will try your advices later. Thanks for help anyway.
Back to top
View user's profile Send private message 
enrique

Joined: 09 Nov 2019
Posts: 598
Location: Planet Earth

PostPosted: Mon 23 Mar 2020, 14:06    Post subject:  

I am sorry if I did scare you with the warning it was not my intention. Please notice that this commands are just normal uses. WE are only using openssl and openvpn via command line. Command line because we want to see the response to find the problem. That is all. No changes are made. I am talking about:

This command ONLY ask openssl to establish a secure connection (HTTPS) with google.com. Purpose is to see if it does completes without errors.
Code:
openssl s_client -connect google.com:443 </dev/null | openssl verify

At the end you need to do [CTRL]-C to close it or close the Terminal Window..


This command ONLY connect to a vpngate server using OpenVPN terminal. Again Purpose to look at the errors.
Code:
openvpn --config vpngate.ovpn --script-security 2 --capath /etc/ssl/certs

At the end you need to do [CTRL]-C to close it or close the Terminal Window..

Up to here no changes to the system are made. Now the CA installation procedure do change your settings. I will be around. You can always send me a PM to wake me up if I do not response.
Back to top
View user's profile Send private message 
markv

Joined: 23 Apr 2020
Posts: 3

PostPosted: Thu 23 Apr 2020, 13:34    Post subject:  

enrique wrote:
I try your file and works perfect.

You need to make sure you new Kodi VPN-start and your netinfo.yad are executable and store at /usr/bin

Code:
chmod + /usr/bin/netinfo.yad
chmod + /usr/bin/vpn-start


You should mod also vpn-start so that it also call netinfo.yad instaed of the browser.

I forget about netinfo.yad, thanks!

Last edited by markv on Fri 26 Jun 2020, 10:36; edited 1 time in total
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 2202
Location: London, England

PostPosted: Sat 23 May 2020, 11:10    Post subject:  

OpenVPN latest release is now 2.4.9
OpenVPN works in conjunction with OpenSSL and it is always good to have your versions of both as recent as possible.

OPENSSL VERSIONS
Debian and Ubuntu compile their openssl with versioning symbols so you have to be careful when compiling and installing openssl from source, otherwise programs complain about "No Version Information" in the library. By tailoring your build environment you can install latest openssl (eg 1.1.1g) from source and then link openvpn against that. Libraries of openssl which have different numbers can co-exist in your system, but openssl 1.1.0 and openssl 1.1.1 both have the number suffix 1.1 so in the case of some Puppies which have 1.1.0 it is probably not good to upgrade to 1.1.1 system-wide from source?
Bionic is a dilemma because early .isos have 1.1.0 but later .isos have a 1.1.1 upgrade. Probably best to install latest via PPM.
In Tahr, openvpn gives an error against latest openssl which does not happen in other Puppies.
In older Puppies which are earlier than openssl 1.1.0 you can add latest 1.1.1g from source alongside as there are no conflicts. Works fine in Wheezy and Slacko 14.0/14.1
I am open to further clarification on this.

CRYPTOFREE VPN
I am looking at this free service from cryptostorm.is
They provide configs which use Ed25519 or Ed448 encryption which is supposedly extremely secure, but openssl must be at least version 1.1.1
It is working well in my tests. Data amount is unlimited but download speeds are restricted to around 1.6 to 1.8 Mbps (not 160kbps as some reports say). User name and password are wildcard so can be anything.

EXPERIMENTAL PACKAGES
Folks are advised to study this thread and build their own programs in accordance with their needs and wishes, but I am also still putting together some test packages compiled in different Puppies. These are mostly now at version 0.4.0 but should not be regarded as stable releases.

OpenVPN version 2.4.9
OpenSSL version 1.1.1g libs added if 1.1.1 not in the Puppy already (Bionic??)
Configs for CryptoFree added
New configs for freevpn.me which has been reduced to 2 servers now
Network info provided by script (thanks to jafadmin) rather than opening a browser
Different DNS handling avoids messy pushing and pulling and resolvconf - script uses reputable Cloudflare and then restores on disconnect

http://smokey01.com/OscarTalks

_________________
Oscar in England

Back to top
View user's profile Send private message 
nilsonmorales


Joined: 15 Apr 2011
Posts: 973
Location: El Salvador

PostPosted: Sat 23 May 2020, 22:23    Post subject:  

gettexted version for tahrpup here, please checkit first
cheers.
Spanish locales in other attachment
MoManager-es-vpn-onoff-0.3.2-i686-tahr.tar.gz
Description  Spanish locales/Traducción al español
gz

 Download 
Filename  MoManager-es-vpn-onoff-0.3.2-i686-tahr.tar.gz 
Filesize  864 Bytes 
Downloaded  45 Time(s) 
gettext_vpn-onoff-0.3.2-i6866-tahr.tar.gz
Description  gettexted version
gz

 Download 
Filename  gettext_vpn-onoff-0.3.2-i6866-tahr.tar.gz 
Filesize  1.73 KB 
Downloaded  46 Time(s) 

_________________
My blog | | Github


Back to top
View user's profile Send private message 
phredo

Joined: 21 Oct 2013
Posts: 65

PostPosted: Wed 03 Jun 2020, 15:25    Post subject:  

Regarding protonvpn:

Since my username and password are 1) encrypted and 2) don't change over time, instead of linking the auth-user-pass setting to /etc/vpn-onoff/vpnpass, is there a way to hard code them into the ovpn files?
That way when using Proton one wouldn't need to go to the trouble of changing the vpnpass file.

Tip: Having so many ovpn files in one directory became confusing, so I created separate sub directories for the different groups. Just need to be sure the new vpnconfig link goes to the proper directory, which is a simple matter of deleting out the sub directory name in the provided path. I notice that one does not have to delete the old vpnconfig file but can just choose to replace it when creating the new link. This way also ensures you are selecting the correct name and location because you get the "replace?" prompt therefore knowing you are replacing the file that exists.
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 2202
Location: London, England

PostPosted: Thu 04 Jun 2020, 06:51    Post subject:  

@phredo
Not sure if there is a way to put the username and password directly in the .ovpn file.
What you could do is create another passfile just for Proton.
For example /etc/vpn-onoff/protonpass
Best if this file does not have any write permissions.
Put your Proton login details in that.
Then set auth-user-pass to /etc/vpn-onoff/protonpass in the Proton .ovpn file.
Then so long as vpnconfig is a link to the Proton .ovpn file, everything is set and needs no editing.
This leaves the original vpnpass passfile for use with the others if ever you are switching to those.

_________________
Oscar in England

Back to top
View user's profile Send private message 
phredo

Joined: 21 Oct 2013
Posts: 65

PostPosted: Thu 04 Jun 2020, 15:08    Post subject:  

Thanks, what a simple, elegant idea! I take it making the file read only is just to keep me from inadvertently changing it?

I notice that freevpn.me reduced their servers to two and find neither of them seem to work much of the time. The next to last time I visited the site, I saw that there were separate passwords for the two servers, and the last time I visited, The link to Server2 didn't work. Is that me, or has anyone else problems with freevpn.me?
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 2202
Location: London, England

PostPosted: Thu 04 Jun 2020, 17:19    Post subject:  

OpenVPN throws a warning if the passfile has write permissions because it regards it as a security vulnerability. I think it still works and you may not see any warning unless you are looking at it in terminal. Running as root you can still change the login details anyway in fact.

Yes, the freevpn.me service is now down to 2 servers. The link (or tab) for Server 2 account details refuses to load in some browsers but works in others. I think it must be a javascript thing which they have not got quite right. For a time the servers were a bit unreliable and I think there was some confusion about the passwords on the site being wrong, but on the occasions I have tried more recently the 2 servers have both loaded and worked OK.

_________________
Oscar in England

Back to top
View user's profile Send private message 
festus


Joined: 14 Jan 2015
Posts: 235

PostPosted: Wed 24 Jun 2020, 11:21    Post subject:  

Thank you, Oscar, for these new versions of vpn-onoff-0.4.0.

I use both the 32 & 64 bit pets and for me this version is your best by far.

I do thank you again...

bliss, festus Very Happy
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 7 of 7 [100 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0900s ][ Queries: 13 (0.0193s) ][ GZIP on ]