Re: [Dorset] VPN
You'll have a ton of choices available when looking for vpn services and vpn clients. Companies like Nord et-al are generally very good if what you want is a wide range of available servers, and in many cases good support and knowledgebases for Linux and other clients. Some log their user's use, some do not. Some operate serious encryption, some do not. In all cases there is a performance penalty to pay. Typically that is variable depending upon the workload placed upon their servers. (ie when English Premier League football games are played most company's servers get rather busy...). Alternatively, roll your own - Many people who have some vps space available (on say Digitalocean, Vultr, Bitfolk etc etc etc) will put a vpn server on that as a way of getting a bigger-bang for their buck, and that often mitigates the vast majority of any performance penalty one might find on commercial services. Those are very easy to install and run/maintain and are often cheaper than paying for a commercial solution. That said, it will be fixed to one location, so if you have a need to "move around the world" allot, then that is not always the best answer. At the client end of things on Linux, the Open VPN client is available in pretty much all of the repositories and is very easy and clean to use. (yes it can be turned on and off at will). There are Open VPN clients for just about all platforms as well. It is also possible to install a vpn client on some routers and access-point appliances as well (ie ones that are not the typical crop of ISP supplied junk appliances, but ones with a decent hardware spec running Netgear-WRT, DD-WRT, Asus-WRT, Merlin etc etc). Personally, I use a mix of things. I travel a hell of allot in both my personal and work lives. I have a couple of my own cloud servers available for my own use based here in the UK. The primary use of those servers is not for vpn purposes really but I just add the open-vpn server to it as I am paying for it anyway, I might as well get my money's worth. (each of those servers costs me a flat $5usd per month whether I use them or not). For a commercial provider I have used for many years now the vpnarea service as well which is a commercial service based in Switzerland with many vpn servers located around the world. Tons of choice, very good support for just about all devices and platforms and I think quite good value at $59usd per year (for my use case anyway). Am happy to recommend them to anyone with similar requirements. I guess that it all really boils down to what it is that you feel that you want/need from a vpn service. Many people (to some degree true of myself) just want to be a bit bloody-minded and want to make it harder for the authorities and their ISP's to censor and block them and otherwise interfere. Others just want to watch a game of football on a saturday afternoon at a reasonable price. (thankfully, they don't censor/block the cricket (yet)). Others just want a bit of belt and braces security that always on encryption brings them and their families. There will be other motives I am sure. - - - to each their own I guess, but it's all pretty easy straight forward stuff to implement. On 14/01/2019 17:35, greg oconnell via dorset wrote: I am thinking about installing VPN software. Does anybody have experience of using it? Any pros and cons? Is any particular one recommended? I remember a magazine praising Nord and they seem to be advertising at the moment. I suspect it introduces some delay. I only want it for transactions with financial institutions and possibly playing content that is UK blocked, so can it be "turned off and on" at will? Greg -- Next meeting: BEC, Bournemouth, Tuesday, 2019-02-05 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk -- Next meeting: BEC, Bournemouth, Tuesday, 2019-02-05 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] OpenWRT (was Network connectivity issues)
On 14/01/2019 12:23, Paul Tansom wrote: ** Tim [2019-01-13 16:39]: On 13/01/2019 14:47, t...@ls83.eclipse.co.uk wrote: Hi Ralph On 13/01/19 11:31, Ralph Corderoy wrote: Hi Tim, I'll just ask lots of questions in the hope it strikes lucky. I have a puzzling issue here, in that I can't see a laptop on my network from my own computer (normally I can ssh into the laptop just fine). Both are connected via Wifi. The laptop has a static IP. So both Computer and Laptop are *only* connected by Wi-fi. Yes. Computer's IP address is from the router's DHCP server. The Laptop's IP address is static. Is that last one done by having the DHCP server always dish out the same IP address for Laptop's MAC address, or the Laptop has it configured directly? If the latter, does the DHCP server know to steer clear of the static addresses when allocating dynamically? IP addresses are from third machine (server), which is running dhcpd dishing out addresses to Laptop and Computer. Laptop gets same IP address 192.168.2.8 from its MAC address, Computer gets its from a pool, 192.168.2.205. The DHCP server pool is well clear of the static IP's. Can Laptop see Computer, e.g. ping(1), when Computer can't see Laptop? No. All devices are on the same IP network, including the network mask? Yes. However, I can ssh into a third computer on the network How is Third connected? Also Wi-fi only? Static or dynamic IP address? Cabled, static IP 192.168.2.2. and from there can ping (and ssh into) the laptop. When Computer SSH's into Third, does w(1) show you've come from the Computer IP address you expect? Does `arp' show Computer's MAC address or that of an access point? w(1) shows 192.168.2.205 as expected. arp shows the MAC address of Computer, not an access point. Can Laptop SSH into Third? Ditto above WRT w(1). Haven't got SSH set up for SSH logins from Laptop to Third, although I expect it to work as these machines can see each other on the network. arp lists the laptop HWaddess as incomplete. There's also ip-neighbour(8) that gives `ip neigh' to show the table, and allows an entry to be added. When it's not working, you could try explicitly adding an ARP table entry to Computer for Laptop and see if that makes it work. OK, tried #ip neigh add 192.168.2.8 lladdr 00:24:d2:94:35:16 dev wlp1s0 RTNETLINK answers: File exists Further tests: Disconnecting both Computer and Laptop from the access point and then reconnecting both to a different access point. Now Computer cannot see Laptop /or/ Third computer. So disconnect Computer again and get physically close to the access point. Reconnect and now can see both. Repeat with original access point, ensuring in close proximity. Again can now see Laptop and Third from Computer. So looks like a poor Wifi signal on original connect may be a factor. I have seen something similar previously in terms of getting an IP address from the DHCP server. I appear to be connected to the network but have no IP address assigned to Computer. I am using Network Manager of XFCE and suspect that under weak Wifi conditions I'm only getting a partial connection. I have seen with some WiFi access point the have the "the lights are on but nobody is an home" syndrome, they look like they are working (lights etc) but seemed to get stuck in a loop, you can not talk to them you can not see them they are either limited in what they do or just don't do it at all. Turn the power off to them. wait 10 seconds and then turn it back on again and everything works as normal. Is there a firmware update available for your access point? ** end quote [Tim] I see that sometimes with my access point. It seems to pass traffic fine on the wired connections, and several existing wireless connections work fine, but new ones and the odd existing one and indicate they are working, but completely fail when it comes to actually using anything on the network. After a while they stop picking up DHCP leases (likely beause my AP doesn't handle that as my config is beyond its capabilities - or was historically). After a while (if I leave it that long) other devices start failing to route traffic too. I have found the same issue with my the Billion BiPAC 7800N, the replacement Netgear WNDR3700, the next replacement TP-Link TL-WDR3600 and the current Netgear WNDR3700 with OpenWRT installed (which is actually much better, but still not perfect). The Netgear was aimed at improving performance, but was replaced because there were two features on it that I needed that couldn't be used at the same time (from memory VPN and IPv6). The TP-Link was replaced because it seems that it doesn't support IPv6 with the majority of ISPs in the UK (hard coded a /64 when most supply a /56). I'm still working on IPv6 on OpenWRT. I've got a tunnel with Hurricane Electric working, but not my native addresses from my ISP (I must have a decent conversation with them to confirm their setup). Comparing to the old Billion
[Dorset] VPN
I am thinking about installing VPN software. Does anybody have experience of using it? Any pros and cons? Is any particular one recommended? I remember a magazine praising Nord and they seem to be advertising at the moment. I suspect it introduces some delay. I only want it for transactions with financial institutions and possibly playing content that is UK blocked, so can it be "turned off and on" at will? Greg -- Next meeting: BEC, Bournemouth, Tuesday, 2019-02-05 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Network connectivity issues
** Tim [2019-01-13 16:39]: > On 13/01/2019 14:47, t...@ls83.eclipse.co.uk wrote: > > Hi Ralph > > > > On 13/01/19 11:31, Ralph Corderoy wrote: > > > Hi Tim, > > > > > > I'll just ask lots of questions in the hope it strikes lucky. > > > > > > > I have a puzzling issue here, in that I can't see a laptop on my > > > > network from my own computer (normally I can ssh into the laptop just > > > > fine). Both are connected via Wifi. The laptop has a static IP. > > > > > > So both Computer and Laptop are *only* connected by Wi-fi. > > > > Yes. > > > > Computer's > > > IP address is from the router's DHCP server. The Laptop's IP address is > > > static. Is that last one done by having the DHCP server always dish out > > > the same IP address for Laptop's MAC address, or the Laptop has it > > > configured directly? If the latter, does the DHCP server know to steer > > > clear of the static addresses when allocating dynamically? > > > > > IP addresses are from third machine (server), which is running dhcpd > > dishing out addresses to Laptop and Computer. Laptop gets same IP > > address 192.168.2.8 from its MAC address, Computer gets its from a pool, > > 192.168.2.205. The DHCP server pool is well clear of the static IP's. > > > > > Can Laptop see Computer, e.g. ping(1), when Computer can't see Laptop? > > > > > No. > > > > > All devices are on the same IP network, including the network mask? > > > > > > > Yes. > > > > > > However, I can ssh into a third computer on the network > > > > > > How is Third connected? Also Wi-fi only? Static or dynamic IP address? > > > > Cabled, static IP 192.168.2.2. > > > > > > and from there can ping (and ssh into) the laptop. > > > > > > When Computer SSH's into Third, does w(1) show you've come from the > > > Computer IP address you expect? Does `arp' show Computer's MAC address > > > or that of an access point? > > > > w(1) shows 192.168.2.205 as expected. > > > > arp shows the MAC address of Computer, not an access point. > > > > > > > > Can Laptop SSH into Third? Ditto above WRT w(1). > > > > > > > Haven't got SSH set up for SSH logins from Laptop to Third, although I > > expect it to work as these machines can see each other on the network. > > > > > > arp lists the laptop HWaddess as incomplete. > > > > > > There's also ip-neighbour(8) that gives `ip neigh' to show the table, > > > and allows an entry to be added. When it's not working, you could try > > > explicitly adding an ARP table entry to Computer for Laptop and see if > > > that makes it work. > > > > OK, tried > > > > #ip neigh add 192.168.2.8 lladdr 00:24:d2:94:35:16 dev wlp1s0 > > RTNETLINK answers: File exists > > > > > > Further tests: > > > > Disconnecting both Computer and Laptop from the access point and then > > reconnecting both to a different access point. Now Computer cannot see > > Laptop /or/ Third computer. So disconnect Computer again and get > > physically close to the access point. Reconnect and now can see both. > > > > Repeat with original access point, ensuring in close proximity. Again > > can now see Laptop and Third from Computer. > > > > So looks like a poor Wifi signal on original connect may be a factor. > > > > I have seen something similar previously in terms of getting an IP > > address from the DHCP server. I appear to be connected to the network > > but have no IP address assigned to Computer. I am using Network Manager > > of XFCE and suspect that under weak Wifi conditions I'm only getting a > > partial connection. > > I have seen with some WiFi access point the have the "the lights are on but > nobody is an home" syndrome, they look like they are working (lights etc) > but seemed to get stuck in a loop, you can not talk to them you can not see > them they are either limited in what they do or just don't do it at all. > Turn the power off to them. wait 10 seconds and then turn it back on again > and everything works as normal. Is there a firmware update available for > your access point? ** end quote [Tim] I see that sometimes with my access point. It seems to pass traffic fine on the wired connections, and several existing wireless connections work fine, but new ones and the odd existing one and indicate they are working, but completely fail when it comes to actually using anything on the network. After a while they stop picking up DHCP leases (likely beause my AP doesn't handle that as my config is beyond its capabilities - or was historically). After a while (if I leave it that long) other devices start failing to route traffic too. I have found the same issue with my the Billion BiPAC 7800N, the replacement Netgear WNDR3700, the next replacement TP-Link TL-WDR3600 and the current Netgear WNDR3700 with OpenWRT installed (which is actually much better, but still not perfect). The Netgear was aimed at improving performance, but was replaced because there were two features on it that I needed that couldn't be used at the same time (from