Re: [gentoo-user] VPN newbie questions
Michael wrote: > On Sunday, 20 August 2023 13:58:08 BST Dale wrote: >> Michael wrote: >>> OpenVPN is a VPN implementation using OpenSSL to encrypt the end-to-end >>> network connection between client and server. There are other VPN >>> implementations and client-server applications using different encryption >>> mechanisms and a wide variety of ciphers/algos. >>> >>> OpenVPN is offered as a method to set up a secure connection to an ever >>> increasing number of VPN ISPs, who are essentially selling an anonymising >>> service. >>> >>> Surfshark happens to be one of these ISPs and OpenVPN is just one of the >>> methods they offer to secure the connection to their servers. >> Some responses are for the OP, some for the person replying or both. >> >> This is correct. Like a lot of VPN providers, Surfshark has their own >> software you can install however Gentoo doesn't have it in the tree, or >> a overlay that I know of. > As I understand it, Surfshark offers OpenVPN and WireGuard binaries for those > who don't compile their own software, or for those who can't configure their > OpenVPN/WireGuard client to point it to the Surfshark servers. > > Surfshark also provide extensions for browsers, for those who can't set their > browser's proxy settings to use selectively the VPN tunnel. > > I haven't looked into Surfshark to know their particular offerings, GUI front > ends and mobile phone options, but generally speaking VPN configurations can > be: > > Full tunnel, whereby the PC default routing is configured to route all > external network connections through the VPN tunnel. > > Split tunnel, whereby some domain/IP connections are routed via the VPN > tunnel > (e.g. to your company's LAN/Intranet), but the rest of the PC connections > continue to be routed normally via the local ISP connection. In this way, > you > can connect to the corporate network securely to access corporate files/ > emails/databases, etc., while still being able to browse the latest sports > results, or whatever is available across the Interwebs without going through > your company's network. I did my setup the manual way. I couldn't find a decent howto so I found it easier. There may be other ways I'm not aware of but copying one file and creating a file for login seems easy enough. I do sometimes wish I could tell Firefox to bypass the VPN but as I said, it sounded complicated to setup so I never tried. I'm sure it is doable tho. At least Walter has a few options. If he doesn't like Surfshark, I'm sure others would work the same way. Your way may be easier and cheaper tho. Dale :-) :-)
Re: [gentoo-user] VPN newbie questions
On Sunday, 20 August 2023 13:58:08 BST Dale wrote: > Michael wrote: > > OpenVPN is a VPN implementation using OpenSSL to encrypt the end-to-end > > network connection between client and server. There are other VPN > > implementations and client-server applications using different encryption > > mechanisms and a wide variety of ciphers/algos. > > > > OpenVPN is offered as a method to set up a secure connection to an ever > > increasing number of VPN ISPs, who are essentially selling an anonymising > > service. > > > > Surfshark happens to be one of these ISPs and OpenVPN is just one of the > > methods they offer to secure the connection to their servers. > > Some responses are for the OP, some for the person replying or both. > > This is correct. Like a lot of VPN providers, Surfshark has their own > software you can install however Gentoo doesn't have it in the tree, or > a overlay that I know of. As I understand it, Surfshark offers OpenVPN and WireGuard binaries for those who don't compile their own software, or for those who can't configure their OpenVPN/WireGuard client to point it to the Surfshark servers. Surfshark also provide extensions for browsers, for those who can't set their browser's proxy settings to use selectively the VPN tunnel. I haven't looked into Surfshark to know their particular offerings, GUI front ends and mobile phone options, but generally speaking VPN configurations can be: Full tunnel, whereby the PC default routing is configured to route all external network connections through the VPN tunnel. Split tunnel, whereby some domain/IP connections are routed via the VPN tunnel (e.g. to your company's LAN/Intranet), but the rest of the PC connections continue to be routed normally via the local ISP connection. In this way, you can connect to the corporate network securely to access corporate files/ emails/databases, etc., while still being able to browse the latest sports results, or whatever is available across the Interwebs without going through your company's network. signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] VPN newbie questions
Michael wrote: > On Sunday, 20 August 2023 11:49:18 BST Walter Dnes wrote: >> On Sat, Aug 19, 2023 at 10:27:37PM -0500, Dale wrote >> >>> I been using Surfshark and openvpn for over a year. They have a pretty >>> large list of countries, multiple cities in some countries, to pick >>> from. I deal with torrents and that is my reason for the need of a VPN, >>> just in case some may be questionable. >>> >>> I suspect that some features are not available because I use openvpn >>> instead of the software Surfshark provides for other binary distros but >>> it does work with openvpn software. Once I start openvpn and give it a >>> minute to set up the connection and all, it works great. >> ??? You're saying you run Surfshark on top of OpenVPN ??? I'm >> confused here. Why the extra layer? > OpenVPN is a VPN implementation using OpenSSL to encrypt the end-to-end > network connection between client and server. There are other VPN > implementations and client-server applications using different encryption > mechanisms and a wide variety of ciphers/algos. > > OpenVPN is offered as a method to set up a secure connection to an ever > increasing number of VPN ISPs, who are essentially selling an anonymising > service. > > Surfshark happens to be one of these ISPs and OpenVPN is just one of the > methods they offer to secure the connection to their servers. > Some responses are for the OP, some for the person replying or both. This is correct. Like a lot of VPN providers, Surfshark has their own software you can install however Gentoo doesn't have it in the tree, or a overlay that I know of. So basically I pay for the username, password and access then use my own software for the VPN service. If you can get Surfshark to install on Gentoo, from what I've seen it is pretty nice and highly configurable. I guess there isn't enough demand for it in Gentoo. Either Surfshark would help with a ebuild or someone who knows how would make one. >> OpenVPN looks rather complex. >> According to https://linux.die.net/man/8/openvpn >> >>> OpenVPN is a robust and highly flexible VPN daemon. OpenVPN supports >>> SSL/TLS security, ethernet bridging, TCP or UDP tunnel transport >>> through proxies or NAT, support for dynamic IP addresses and DHCP, >>> scalability to hundreds or thousands of users, and portability to >>> most major OS platforms. > OpenVPN is widely used because it is relatively easy to configure on the > client side and provides binary client applications for every/most OS. Other > VPN methods are IKE/IPSec typically used by corporate setups and the more > recent and arguably better Linux implementation of WireGuard. > This is also true. Basically, I got a copy of the config file from Surfshark for the city I wanted, renamed it and put it in the openvpn directory. I then created a login file with my username and password. After that, from what I recall, just start the service. If it gets any easier, it would be magic. >> I basically want browsers (Pale Moon browser and Google Chrome) to >> show up with an IP address in a different country. The major players >> that "support linux" do Ubuntu/Debian/Mint. I assume we're looking at >> unpacking a .deb. > What you are looking for is an anonymising *browsing* proxy. Assuming this > has no legal implications for your country, i.e. as an end user circumventing > the newly enacted law, the easiest and free from fees approach would be to > download and use the tor browser: > > https://www.torproject.org/download/ > > Or, if you must use your own browsers, then install the net-vpn/tor and > potentially net-proxy/privoxy daemons, start them up and setup your browser > network tab to point it to your localhost:9050. More detail here: > > https://wiki.gentoo.org/wiki/Tor > > There used to be a lot of open proxy HTTP/HTTPS/FTP/SOCKS4/SOCKS5 servers > available in datacenters around the world. Some of them may still be free, > but it is also likely they may full of malware and man-in-the-middle attacks. > > NOTE: depending on your need to protect your anonymity/privacy, you may also > need to configure your DNS resolver connection to take place via the remote > VPN server, than via your local ISP. Most VPN implementations provide this > function. That may be a better option and I think it is a free option at that. As you point out, make sure what is allowed by law and if needed, make sure it is safe to use. I've read that in some countries that even having certain software installed can be illegal. Dale :-) :-)
Re: [gentoo-user] VPN newbie questions
On Sunday, 20 August 2023 11:49:18 BST Walter Dnes wrote: > On Sat, Aug 19, 2023 at 10:27:37PM -0500, Dale wrote > > > I been using Surfshark and openvpn for over a year. They have a pretty > > large list of countries, multiple cities in some countries, to pick > > from. I deal with torrents and that is my reason for the need of a VPN, > > just in case some may be questionable. > > > > I suspect that some features are not available because I use openvpn > > instead of the software Surfshark provides for other binary distros but > > it does work with openvpn software. Once I start openvpn and give it a > > minute to set up the connection and all, it works great. > > ??? You're saying you run Surfshark on top of OpenVPN ??? I'm > confused here. Why the extra layer? OpenVPN is a VPN implementation using OpenSSL to encrypt the end-to-end network connection between client and server. There are other VPN implementations and client-server applications using different encryption mechanisms and a wide variety of ciphers/algos. OpenVPN is offered as a method to set up a secure connection to an ever increasing number of VPN ISPs, who are essentially selling an anonymising service. Surfshark happens to be one of these ISPs and OpenVPN is just one of the methods they offer to secure the connection to their servers. > OpenVPN looks rather complex. > According to https://linux.die.net/man/8/openvpn > > > OpenVPN is a robust and highly flexible VPN daemon. OpenVPN supports > > SSL/TLS security, ethernet bridging, TCP or UDP tunnel transport > > through proxies or NAT, support for dynamic IP addresses and DHCP, > > scalability to hundreds or thousands of users, and portability to > > most major OS platforms. OpenVPN is widely used because it is relatively easy to configure on the client side and provides binary client applications for every/most OS. Other VPN methods are IKE/IPSec typically used by corporate setups and the more recent and arguably better Linux implementation of WireGuard. > I basically want browsers (Pale Moon browser and Google Chrome) to > show up with an IP address in a different country. The major players > that "support linux" do Ubuntu/Debian/Mint. I assume we're looking at > unpacking a .deb. What you are looking for is an anonymising *browsing* proxy. Assuming this has no legal implications for your country, i.e. as an end user circumventing the newly enacted law, the easiest and free from fees approach would be to download and use the tor browser: https://www.torproject.org/download/ Or, if you must use your own browsers, then install the net-vpn/tor and potentially net-proxy/privoxy daemons, start them up and setup your browser network tab to point it to your localhost:9050. More detail here: https://wiki.gentoo.org/wiki/Tor There used to be a lot of open proxy HTTP/HTTPS/FTP/SOCKS4/SOCKS5 servers available in datacenters around the world. Some of them may still be free, but it is also likely they may full of malware and man-in-the-middle attacks. NOTE: depending on your need to protect your anonymity/privacy, you may also need to configure your DNS resolver connection to take place via the remote VPN server, than via your local ISP. Most VPN implementations provide this function. signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] VPN newbie questions
On Sat, Aug 19, 2023 at 10:27:37PM -0500, Dale wrote > I been using Surfshark and openvpn for over a year. They have a pretty > large list of countries, multiple cities in some countries, to pick > from. I deal with torrents and that is my reason for the need of a VPN, > just in case some may be questionable. > > I suspect that some features are not available because I use openvpn > instead of the software Surfshark provides for other binary distros but > it does work with openvpn software. Once I start openvpn and give it a > minute to set up the connection and all, it works great. ??? You're saying you run Surfshark on top of OpenVPN ??? I'm confused here. Why the extra layer? OpenVPN looks rather complex. According to https://linux.die.net/man/8/openvpn > OpenVPN is a robust and highly flexible VPN daemon. OpenVPN supports > SSL/TLS security, ethernet bridging, TCP or UDP tunnel transport > through proxies or NAT, support for dynamic IP addresses and DHCP, > scalability to hundreds or thousands of users, and portability to > most major OS platforms. I basically want browsers (Pale Moon browser and Google Chrome) to show up with an IP address in a different country. The major players that "support linux" do Ubuntu/Debian/Mint. I assume we're looking at unpacking a .deb. -- I've seen things, you people wouldn't believe; Gopher, Netscape with frames, the first Browser Wars. Searching for pages with AltaVista, pop-up windows self-replicating, trying to uninstall RealPlayer. All those moments, will be lost in time like tears in rain... time to die.
