Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
VPN "How to"?
12 views
Skip to first unread message
Alek
Jul 15, 2018, 8:59:41 PM7/15/18
to
Can someone please recommend a basic "How To" for VPN usage?
You install the software and register/whatever it.
You run it.
Then ????
Can I print a webpage while the VPN is "on"
What about a document?
Thanks.
You install the software and register/whatever it.
You run it.
Then ????
Can I print a webpage while the VPN is "on"
What about a document?
Thanks.
Arlen Holder
Jul 16, 2018, 12:00:02 AM7/16/18
to
In response to the following from Alek:
There are *many* completely different ways to answer that question.
I will *assume* you are asking for two things specifically:
a. You want to connect by a "vpn client"...
b. to an existing public (free or paid) "vpn server".
And then I will assume this is just a first pass test, so, you want to be
up and running, so that you can "play around" with VPN just to get your
feet wet.
Then you can spend the umpteen hours it takes to choose a good VPN service,
just as it takes that much time to choose a good wife (where the variance
is similar).
Suffice to say I have years of experience with connecting all common
consumer platforms (sans MacOSX) to free public VPN servers, where most
people who are starting out agonize about the *many* (and I mean many!)
decisions that need to be made (witness what Mike Easter & Shadow said last
the group discussed this topic).
<https://groups.google.com/d/msg/microsoft.public.windowsxp.general/56KgMK6n090/HKhGegCAAQAJ>
Here is just the *simplest* (and I mean simplest) way to "get started".
(No login. No registration. No money. No complex software. No passwords.)
You only need two things.
1. A text file, and,
2. A vpn client app.
That's it.
The details involved in the choice of which of those two things are best
for any one person "can" drive you nuts, so I'm gonna tell you *exactly*
which (1) text file and exactly which (2) app, and you'll be "on vpn" in
less than a minute.
A. The text file is any of the top 10 text files on this web site:
http://vpngate.net (click on the link "OpenVPN Config file")
(You get from 1 to 4 choices, UDB & TCP ... just take any of them.)
B. The vpn client software is the opensource OpenVPN client software:
Play: <https://play.google.com/store/apps/details?id=de.blinkt.openvpn>
Fdroid: <https://f-droid.org/en/packages/de.blinkt.openvpn/>
Use model:
a. You save a few of those text files in a convenient location
b. You start the client and point to one of those text files.
Voila! You're on VPN. (Doublecheck with http://whatismyipaddress.com).
Cross-functional hint - The OpenVPN client is on all common platforms:
iOS: <https://itunes.apple.com/us/app/openvpn-connect/id590379981>
Ubuntu: <sudo apt-get install openvpn>
Windows <https://openvpn.net/index.php/open-source/downloads.html>
MacOSX: <https://openvpn.net/index.php/access-server/docs/admin-guides/183-how-to-connect-to-access-server-from-a-mac.html>
============== fine print ==============
Disclaimer1: On Android, I use the F-Droid OpenVPN because I don't have and
never use a Google Play account for privacy reasons and because once you've
set up any Android phone just once, you almost never need Google Play again
no matter how many other Android phones you subsequently set up; but I'm
sure the Google Play OpenVPN will work fine for you (someone test).
All you do is start the OpenVPN client and press the button to load in the
text file you previously downloaded to, oh, say, your Downloads location:
/sdcard0/Downloads/file.ovpn
More information in the archives <http://tinyurl.com/comp.mobile.android>
Disclaimer2: I consider Windows the hardest to set up if all you want to do
is to just double-click on the text file to start OpenVPN because the
Windows client assumes you want to use the GUI (where I personally see no
need for a GUI). Installation instructions are here.
<https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide>
Many guides have been posted to various Windows Usenet groups:
<http://tinyurl.com/windowsxp-general>
Disclaimer3: On Ubuntu, you generally don't use the GUI (nor do I use the
GUI on Windows as I grew up on Ubuntu first and found I don't need no
stinkin' GUI) where you simply have to *point* to the text file:
sudo openvpn --config /path/to/your/text/file/filename.ovpn
<https://askubuntu.com/questions/460871/how-to-setup-openvpn-client#461003>
Note that Marek Novotny, William Unruh, Caver1, and many others helped
write the scores of wget and networktest and geolocation and naming, etc.,
scripts used to completely manage my Ubuntu VPN environment; but you don't
need any of those. If desired, search the archives for them, as they're all
posted online for others to benefit from every action:
<http://tinyurl.com/alt-os-linux>
Disclaimer4: I no longer use MacOSX (and never will ever again, I hope),
where most seem to be using "tunnelblick" since the default VPN client that
comes native with MacOSX can't handle the modern protocols discussed here:
Mhttps://openvpn.net/index.php/access-server/docs/admin-guides/183-how-to-connect-to-access-server-from-a-mac.html>
Even the simplest questions become instant morass on Apple groups, so see:
<http://tinyurl.com/comp-sys-mac-apps>
<http://tinyurl.com/comp-sys-mac-system>
Disclaimer5: All sorts of people are "keyword driven" such that they always
respond to *all* posts with the same response (e.g., I could ask how to
spell VPN, and they'd tell me that the NSA runs the particular public
server I've selected above). I chose the server above for good reasons, but
there are plenty of good reasons to use some other server. 99.99999% of all
vpn discussions on Usenet revolve around people complaining that they don't
like your server. Picking servers is like picking wives - it's a personal
thing - so use *any* freaking server you like. The process doesn't change
(well, each service can have a totally different process but if they're
OpenVPN servers, the process will be the same. They may give you the
password separately though, where the service I selected above puts the
password inside the file so you don't need to know what it is.)
Disclaimer6: The server I selected for simplicity is a Japanese educational
research facility. Who knows what they're doing with your data? So only use
them to get up and running - and then, when you get the idea of how this
game works, go pick any other service you like, free or paid. Don't argue
about this service because picking the service is like picking a wife.
Nobody else's choice will satisfy you. There are a dozen key criteria
(e.g., encryption, speed, logs, cost, reliability, country of origin,
privacy policy, etc.). Just pick one. Another caveat is that, due to the
particular role of this service, some of the text files you download are
purposefully bad (to foil censors, they say). So, just pick *another* file
if you don't at first connect. Easy peasy.
Disclaimer7: I hacked this out after reading it, so errors may have cropped
into the ad-hoc response, where I had first answered the Android question,
but the answer is the same for all the newsgroups, with the only difference
being the setup for the OpenVPN client - so - as always - to leverage all
efforts as much as possible, I added the cc list - where - the followup is
set to the Android newsgroup. If you want to follow up to your platform
group, have fun (I monitor them all and read all posts from all of them,
but I do not respond to all posts - particularly the child-like old men
trolls whom I will name and confront if necessary because they are all
cowardly bullies to a manchild).
HINT: This post was posted using the vpngate free public VPN service.
I will *assume* you are asking for two things specifically:
a. You want to connect by a "vpn client"...
b. to an existing public (free or paid) "vpn server".
And then I will assume this is just a first pass test, so, you want to be
up and running, so that you can "play around" with VPN just to get your
feet wet.
Then you can spend the umpteen hours it takes to choose a good VPN service,
just as it takes that much time to choose a good wife (where the variance
is similar).
Suffice to say I have years of experience with connecting all common
consumer platforms (sans MacOSX) to free public VPN servers, where most
people who are starting out agonize about the *many* (and I mean many!)
decisions that need to be made (witness what Mike Easter & Shadow said last
the group discussed this topic).
<https://groups.google.com/d/msg/microsoft.public.windowsxp.general/56KgMK6n090/HKhGegCAAQAJ>
Here is just the *simplest* (and I mean simplest) way to "get started".
(No login. No registration. No money. No complex software. No passwords.)
You only need two things.
1. A text file, and,
2. A vpn client app.
That's it.
The details involved in the choice of which of those two things are best
for any one person "can" drive you nuts, so I'm gonna tell you *exactly*
which (1) text file and exactly which (2) app, and you'll be "on vpn" in
less than a minute.
A. The text file is any of the top 10 text files on this web site:
http://vpngate.net (click on the link "OpenVPN Config file")
(You get from 1 to 4 choices, UDB & TCP ... just take any of them.)
B. The vpn client software is the opensource OpenVPN client software:
Play: <https://play.google.com/store/apps/details?id=de.blinkt.openvpn>
Fdroid: <https://f-droid.org/en/packages/de.blinkt.openvpn/>
Use model:
a. You save a few of those text files in a convenient location
b. You start the client and point to one of those text files.
Voila! You're on VPN. (Doublecheck with http://whatismyipaddress.com).
Cross-functional hint - The OpenVPN client is on all common platforms:
iOS: <https://itunes.apple.com/us/app/openvpn-connect/id590379981>
Ubuntu: <sudo apt-get install openvpn>
Windows <https://openvpn.net/index.php/open-source/downloads.html>
MacOSX: <https://openvpn.net/index.php/access-server/docs/admin-guides/183-how-to-connect-to-access-server-from-a-mac.html>
============== fine print ==============
Disclaimer1: On Android, I use the F-Droid OpenVPN because I don't have and
never use a Google Play account for privacy reasons and because once you've
set up any Android phone just once, you almost never need Google Play again
no matter how many other Android phones you subsequently set up; but I'm
sure the Google Play OpenVPN will work fine for you (someone test).
All you do is start the OpenVPN client and press the button to load in the
text file you previously downloaded to, oh, say, your Downloads location:
/sdcard0/Downloads/file.ovpn
More information in the archives <http://tinyurl.com/comp.mobile.android>
Disclaimer2: I consider Windows the hardest to set up if all you want to do
is to just double-click on the text file to start OpenVPN because the
Windows client assumes you want to use the GUI (where I personally see no
need for a GUI). Installation instructions are here.
<https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide>
Many guides have been posted to various Windows Usenet groups:
<http://tinyurl.com/windowsxp-general>
Disclaimer3: On Ubuntu, you generally don't use the GUI (nor do I use the
GUI on Windows as I grew up on Ubuntu first and found I don't need no
stinkin' GUI) where you simply have to *point* to the text file:
sudo openvpn --config /path/to/your/text/file/filename.ovpn
<https://askubuntu.com/questions/460871/how-to-setup-openvpn-client#461003>
Note that Marek Novotny, William Unruh, Caver1, and many others helped
write the scores of wget and networktest and geolocation and naming, etc.,
scripts used to completely manage my Ubuntu VPN environment; but you don't
need any of those. If desired, search the archives for them, as they're all
posted online for others to benefit from every action:
<http://tinyurl.com/alt-os-linux>
Disclaimer4: I no longer use MacOSX (and never will ever again, I hope),
where most seem to be using "tunnelblick" since the default VPN client that
comes native with MacOSX can't handle the modern protocols discussed here:
Mhttps://openvpn.net/index.php/access-server/docs/admin-guides/183-how-to-connect-to-access-server-from-a-mac.html>
Even the simplest questions become instant morass on Apple groups, so see:
<http://tinyurl.com/comp-sys-mac-apps>
<http://tinyurl.com/comp-sys-mac-system>
Disclaimer5: All sorts of people are "keyword driven" such that they always
respond to *all* posts with the same response (e.g., I could ask how to
spell VPN, and they'd tell me that the NSA runs the particular public
server I've selected above). I chose the server above for good reasons, but
there are plenty of good reasons to use some other server. 99.99999% of all
vpn discussions on Usenet revolve around people complaining that they don't
like your server. Picking servers is like picking wives - it's a personal
thing - so use *any* freaking server you like. The process doesn't change
(well, each service can have a totally different process but if they're
OpenVPN servers, the process will be the same. They may give you the
password separately though, where the service I selected above puts the
password inside the file so you don't need to know what it is.)
Disclaimer6: The server I selected for simplicity is a Japanese educational
research facility. Who knows what they're doing with your data? So only use
them to get up and running - and then, when you get the idea of how this
game works, go pick any other service you like, free or paid. Don't argue
about this service because picking the service is like picking a wife.
Nobody else's choice will satisfy you. There are a dozen key criteria
(e.g., encryption, speed, logs, cost, reliability, country of origin,
privacy policy, etc.). Just pick one. Another caveat is that, due to the
particular role of this service, some of the text files you download are
purposefully bad (to foil censors, they say). So, just pick *another* file
if you don't at first connect. Easy peasy.
Disclaimer7: I hacked this out after reading it, so errors may have cropped
into the ad-hoc response, where I had first answered the Android question,
but the answer is the same for all the newsgroups, with the only difference
being the setup for the OpenVPN client - so - as always - to leverage all
efforts as much as possible, I added the cc list - where - the followup is
set to the Android newsgroup. If you want to follow up to your platform
group, have fun (I monitor them all and read all posts from all of them,
but I do not respond to all posts - particularly the child-like old men
trolls whom I will name and confront if necessary because they are all
cowardly bullies to a manchild).
HINT: This post was posted using the vpngate free public VPN service.
nospam
Jul 16, 2018, 1:00:51 AM7/16/18
to
In article <pih581$qj8$1...@news.mixmin.net>, Arlen Holder
> I will *assume* you are asking for two things specifically:
>
> a. You want to connect by a "vpn client"...
> b. to an existing public (free or paid) "vpn server".
never assume, especially when the questions are very clear.
> And then I will assume this is just a first pass test, so, you want to be
> up and running, so that you can "play around" with VPN just to get your
> feet wet.
>
> Then you can spend the umpteen hours it takes to choose a good VPN service,
> just as it takes that much time to choose a good wife (where the variance
> is similar).
what a fucked up comparison.
> Suffice to say I have years of experience with connecting all common
> consumer platforms (sans MacOSX)
actually, you don't, and what little experience you might have is full
of erroneous info.
the bigger question is why did you intentionally crosspost to several
irrelevant groups, including comp.sys.mac.apps, a platform you claim to
not use, but in other posts, you claim otherwise, despite the original
post being only in comp.mobile.android and having set the followup to
only that group?
if that doesn't reek of troll, i don't know what does.
Newsgroups:
comp.mobile.android,misc.phone.mobile.iphone,microsoft.public.windowsxp.
general,alt.os.linux,comp.sys.mac.apps
Followup-To: comp.mobile.android
> to free public VPN servers,
not a wise move.
rest of your garbage snipped, as it doesn't answer the original
question, which is that printing is unaffected and there are numerous
reasons for a vpn, none of which you mentioned.
<arlen...@nospam.net> wrote:
> In response to the following from Alek:
> > Can someone please recommend a basic "How To" for VPN usage?
> >
> > You install the software and register/whatever it.
> > You run it.
> > Then ????
> >
> > Can I print a webpage while the VPN is "on"
> > What about a document?
> >
> > Thanks.
>
> There are *many* completely different ways to answer that question.
and yet you can't provide *any* of it.
> In response to the following from Alek:
> > Can someone please recommend a basic "How To" for VPN usage?
> >
> > You install the software and register/whatever it.
> > You run it.
> > Then ????
> >
> > Can I print a webpage while the VPN is "on"
> > What about a document?
> >
> > Thanks.
>
> There are *many* completely different ways to answer that question.
> I will *assume* you are asking for two things specifically:
>
> a. You want to connect by a "vpn client"...
> b. to an existing public (free or paid) "vpn server".
> And then I will assume this is just a first pass test, so, you want to be
> up and running, so that you can "play around" with VPN just to get your
> feet wet.
>
> Then you can spend the umpteen hours it takes to choose a good VPN service,
> just as it takes that much time to choose a good wife (where the variance
> is similar).
> Suffice to say I have years of experience with connecting all common
> consumer platforms (sans MacOSX)
of erroneous info.
the bigger question is why did you intentionally crosspost to several
irrelevant groups, including comp.sys.mac.apps, a platform you claim to
not use, but in other posts, you claim otherwise, despite the original
post being only in comp.mobile.android and having set the followup to
only that group?
if that doesn't reek of troll, i don't know what does.
Newsgroups:
comp.mobile.android,misc.phone.mobile.iphone,microsoft.public.windowsxp.
general,alt.os.linux,comp.sys.mac.apps
Followup-To: comp.mobile.android
> to free public VPN servers,
rest of your garbage snipped, as it doesn't answer the original
question, which is that printing is unaffected and there are numerous
reasons for a vpn, none of which you mentioned.
Arlen Holder
Jul 16, 2018, 9:43:33 AM7/16/18
to
On 15 Jul 2018 16:59:40 GMT, Alek wrote:
> Can I print a webpage while the VPN is "on"
> What about a document?
There's usually no difference between printing a web page or a document.
> Can I print a webpage while the VPN is "on"
> What about a document?
When set up normally, your local network is usually unaffected.
Hence *everything* on your local network works the same as it did prior.
DISCLAIMER:
Some of us use killswitches which *can* affect the local network.
a. The Linux vpnkill killswitch that Marek wrote doesn't affect the LAN.
b. The Windows killgw.bat liquidvpn-based killswitch does affect the LAN.
c. We didn't test an Android/iOS/MacOS killswitch.
nospam
Jul 16, 2018, 9:53:12 AM7/16/18
to
Alek
Jul 16, 2018, 3:13:36 PM7/16/18
to
WOW! Thanks so much. I can't wait to get started (but after my nap :-).
Alek
Jul 16, 2018, 3:17:25 PM7/16/18
to
nospam wrote on 7/16/2018 1:00 AM:
> In article <pih581$qj8$1...@news.mixmin.net>, Arlen Holder
> <arlen...@nospam.net> wrote:
>
>> In response to the following from Alek:
>> > Can someone please recommend a basic "How To" for VPN usage?
>> >
>> > You install the software and register/whatever it.
>> > You run it.
>> > Then ????
>> >
>> > Can I print a webpage while the VPN is "on"
>> > What about a document?
>> >
>> > Thanks.
<snip>
> In article <pih581$qj8$1...@news.mixmin.net>, Arlen Holder
> <arlen...@nospam.net> wrote:
>
>> In response to the following from Alek:
>> > Can someone please recommend a basic "How To" for VPN usage?
>> >
>> > You install the software and register/whatever it.
>> > You run it.
>> > Then ????
>> >
>> > Can I print a webpage while the VPN is "on"
>> > What about a document?
>> >
>> > Thanks.
> ... printing is unaffected
The reason I asked about printing is that my visiting nurse said that
her soon-to-be-ex-husband installed a VPN and she can no longer print.
He said he's have to turn the VPN off and would not tell her how to do it.
Alek
Jul 16, 2018, 3:19:24 PM7/16/18
to
Arlen Holder wrote on 7/16/2018 9:43 AM:
> On 15 Jul 2018 16:59:40 GMT, Alek wrote:
>
>> Can I print a webpage while the VPN is "on"
>> What about a document?
>
> There's usually no difference between printing a web page or a document.
>
> When set up normally, your local network is usually unaffected.
>
> Hence *everything* on your local network works the same as it did prior.
My visiting nurse told me that she cannot print since her
> On 15 Jul 2018 16:59:40 GMT, Alek wrote:
>
>> Can I print a webpage while the VPN is "on"
>> What about a document?
>
> There's usually no difference between printing a web page or a document.
>
> When set up normally, your local network is usually unaffected.
>
> Hence *everything* on your local network works the same as it did prior.
soon-to-be-ex-husband installed a VPN. :-( However, she will have her
own place soon and will not have to face a VPN.
Thanks.
nospam
Jul 16, 2018, 3:28:37 PM7/16/18
to
In article <piir05$g85$1...@dont-email.me>, Alek <alek.t...@gmail.com>
wrote:
> > ... printing is unaffected
>
> The reason I asked about printing is that my visiting nurse said that
> her soon-to-be-ex-husband installed a VPN and she can no longer print.
> He said he's have to turn the VPN off and would not tell her how to do it.
if the printer is connected via usb, a vpn will have *no* effect since
it's a directly attached device.
if the printer is on the local network, a vpn should not have any
effect, but it's possible he fucked up the vpn configuration. although
possible, it's not likely and would also cause other problems as well.
chances are he intentionally did something to disable printing.
wrote:
> > ... printing is unaffected
>
> The reason I asked about printing is that my visiting nurse said that
> her soon-to-be-ex-husband installed a VPN and she can no longer print.
> He said he's have to turn the VPN off and would not tell her how to do it.
it's a directly attached device.
if the printer is on the local network, a vpn should not have any
effect, but it's possible he fucked up the vpn configuration. although
possible, it's not likely and would also cause other problems as well.
chances are he intentionally did something to disable printing.
Mike Easter
Jul 16, 2018, 3:41:13 PM7/16/18
to
Arlen Holder wrote:
> In response to the following from Alek:
>
>> Can someone please recommend a basic "How To" for VPN usage?
>>
>
> In response to the following from Alek:
>
>> Can someone please recommend a basic "How To" for VPN usage?
>>
>
> Disclaimer3: On Ubuntu, you generally don't use the GUI (nor do I use the
> GUI on Windows as I grew up on Ubuntu first and found I don't need no
> stinkin' GUI) where you simply have to *point* to the text file:
> sudo openvpn --config /path/to/your/text/file/filename.ovpn
> <https://askubuntu.com/questions/460871/how-to-setup-openvpn-client#461003>
This askub does not address the drop protection/ killswitch issue; since
> GUI on Windows as I grew up on Ubuntu first and found I don't need no
> stinkin' GUI) where you simply have to *point* to the text file:
> sudo openvpn --config /path/to/your/text/file/filename.ovpn
> <https://askubuntu.com/questions/460871/how-to-setup-openvpn-client#461003>
NM network manager doesn't have a built-in 'killswitch' for VPN.
> Note that Marek Novotny, William Unruh, Caver1, and many others helped
> write the scores of wget and networktest and geolocation and naming, etc.,
> scripts used to completely manage my Ubuntu VPN environment; but you don't
> need any of those. If desired, search the archives for them, as they're all
> posted online for others to benefit from every action:
> <http://tinyurl.com/alt-os-linux>
much deprecated.
The earlier Marek scripts for drop protection are not extant.
Here is one article suggesting using UFW uncomplicated firewall to
function to prevent any traffic other than the VPN and setting up a
couple of scripts to do it and undo it. The author previously proposed
VPNDemon script to monitor the NM connection and disconnect, but it
wasn't consistently successful.
https://thetinhat.com/tutorials/misc/linux-vpn-drop-protection-firewall.html
The Best VPN Kill Switch For Linux Using Easy Firewall Rules
https://github.com/primaryobjects/vpndemon Monitor a VPN connection on
Linux and kill a process upon disconnect
Perhaps the vpndemon's weakness was related to a greater 'fail'
sequence, ie not detecting a 'disconnect' *instantly*.
--
Mike Easter
Mike Easter
Jul 16, 2018, 3:44:24 PM7/16/18
to
Arlen Holder wrote:
> In response to the following from Alek:
>
>> Can someone please recommend a basic "How To" for VPN usage?
>>
>
> Disclaimer3: On Ubuntu, you generally don't use the GUI (nor do I use
> the GUI on Windows as I grew up on Ubuntu first and found I don't
> need no stinkin' GUI) where you simply have to *point* to the text
> file: sudo openvpn --config /path/to/your/text/file/filename.ovpn
> >
https://askubuntu.com/questions/460871/how-to-setup-openvpn-client#461003>
> the GUI on Windows as I grew up on Ubuntu first and found I don't
> need no stinkin' GUI) where you simply have to *point* to the text
> file: sudo openvpn --config /path/to/your/text/file/filename.ovpn
> >
https://askubuntu.com/questions/460871/how-to-setup-openvpn-client#461003>
This askub does not address the drop protection/ killswitch issue; since
NM network manager doesn't have a built-in 'killswitch' for VPN.
NM network manager doesn't have a built-in 'killswitch' for VPN.
> Note that Marek Novotny, William Unruh, Caver1, and many others
> helped write the scores of wget and networktest and geolocation and
> naming, etc., scripts used to completely manage my Ubuntu VPN
> environment; but you don't need any of those. If desired, search the
> archives for them, as they're all posted online for others to benefit
> from every action: <http://tinyurl.com/alt-os-linux>
> helped write the scores of wget and networktest and geolocation and
> naming, etc., scripts used to completely manage my Ubuntu VPN
> environment; but you don't need any of those. If desired, search the
> archives for them, as they're all posted online for others to benefit
> from every action: <http://tinyurl.com/alt-os-linux>
That is just a pointer to GG for a.o.l. which GG search functions are
much deprecated.
The earlier Marek scripts for drop protection are not extant.
Here is one article suggesting using UFW uncomplicated firewall to
function to prevent any traffic other than the VPN and setting up a
couple of scripts to do it and undo it. The author previously proposed
VPNDemon script to monitor the NM connection and disconnect, but it
wasn't consistently successful.
https://thetinhat.com/tutorials/misc/linux-vpn-drop-protection-firewall.html
The Best VPN Kill Switch For Linux Using Easy Firewall Rules
https://github.com/primaryobjects/vpndemon Monitor a VPN connection on
Linux and kill a process upon disconnect
Perhaps the vpndemon's weakness was related to a greater 'fail' surface,
much deprecated.
The earlier Marek scripts for drop protection are not extant.
Here is one article suggesting using UFW uncomplicated firewall to
function to prevent any traffic other than the VPN and setting up a
couple of scripts to do it and undo it. The author previously proposed
VPNDemon script to monitor the NM connection and disconnect, but it
wasn't consistently successful.
https://thetinhat.com/tutorials/misc/linux-vpn-drop-protection-firewall.html
The Best VPN Kill Switch For Linux Using Easy Firewall Rules
https://github.com/primaryobjects/vpndemon Monitor a VPN connection on
Linux and kill a process upon disconnect
Mike Easter
Jul 16, 2018, 3:58:16 PM7/16/18
to
Mike Easter wrote:
oops x2; that message intended for alt.os.linux
--
Mike Easter
oops x2; that message intended for alt.os.linux
--
Mike Easter
Arlen Holder
Jul 16, 2018, 6:59:07 PM7/16/18
to
In response to the following from Alek:
> My visiting nurse told me that she cannot print since her
> soon-to-be-ex-husband installed a VPN. :-( However, she will have her
> own place soon and will not have to face a VPN.
There are two fundamental VPN use models and two fundamental reasons for
> soon-to-be-ex-husband installed a VPN. :-( However, she will have her
> own place soon and will not have to face a VPN.
using VPN.
The two fundamental use models are:
a. End-to-end encryption (e.g., in a corporate environment),
b. Encryption up to the server (e.g., in the public VPN environment)
Hence, you get *different* things from each.
In the corporate environment, you get security.
In the public environment, you get privacy.
Hence it matters what environment the 'visiting nurse' is in, because if
it's corporate, it's different than if it's public.
For public, you only get security from you to the VPN service.
You get privacy from everyone except the VPN service.
You may not completely understand what I'm saying, as I'm summarizing
greatly and you may not have played with VPN long enough, but suffice to
say that "normally" VPN doesn't interfere with printing - but it can.
Can your 'visiting nurse" ping her router while on VPN?
ping 191.168.1.1 (or whatever it happens to be)
nospam
Jul 16, 2018, 7:04:52 PM7/16/18
to
In article <pij7vq$84a$1...@news.mixmin.net>, Arlen Holder
> The two fundamental use models are:
> a. End-to-end encryption (e.g., in a corporate environment),
> b. Encryption up to the server (e.g., in the public VPN environment)
both are end-to-end encrypted. that's the whole point.
what you really mean is site-to-site and client-to-site.
<arlen...@nospam.net> wrote:
> There are two fundamental VPN use models and two fundamental reasons for
> using VPN.
more than two.
> There are two fundamental VPN use models and two fundamental reasons for
> using VPN.
> The two fundamental use models are:
> a. End-to-end encryption (e.g., in a corporate environment),
> b. Encryption up to the server (e.g., in the public VPN environment)
what you really mean is site-to-site and client-to-site.
Arlen Holder
Jul 16, 2018, 7:11:04 PM7/16/18
to
In response to the following from Mike Easter:
> This askub does not address the drop protection/ killswitch issue; since
> NM network manager doesn't have a built-in 'killswitch' for VPN.
I know you know this Mike Easter, and I realize you're purposefully helpful
(unlike nospam), so I'll just let the others know that if they search for
Marek Novotney's posts on a killswitch, they'll find them in a.o.l, where,
I think, he had named it something like 'vpnkill' or something like that.
http://tinyurl.com/alt-os-linux
The use model Marek came up with was to let the user define the apps he
wanted killed when the VPN dropped out, such as torrent apps, or web
clients or MUAs, or whatever the user considered sensitive.
Then Marek spent a *lot* of effort finding the *fastest* way to kill those
apps, where it took quite a few iterations, as I recall, for him to come up
with something that worked great on Linux.
> That is just a pointer to GG for a.o.l. which GG search functions are
> much deprecated.
Hehhehheh... do you have something better?
(HINT: Complaining about the weather isn't helpful.)
> The earlier Marek scripts for drop protection are not extant.
I'm *sure* they're on a.o.l tribal knowledge archives since I know I posted
everything that Marek gave us as I tested them. So they *are* there, at
least twice for each script functionality.
There were many functionalities, as I recall, such as the wget script that
ran daily to download the ever changing VPN configuration files, to the
geolocation script that renamed them by country and city, and the testing
script that tested each one on the fly daily to put the "good" ones in a
pile (bearing in mind the good ones and bad ones flipflopped all the time),
to scripts for testing the network speeds, etc.
All those scripts should still be there in the tribal knowledge archives.
> Here is one article suggesting using UFW uncomplicated firewall to
> function to prevent any traffic other than the VPN and setting up a
> couple of scripts to do it and undo it. The author previously proposed
> VPNDemon script to monitor the NM connection and disconnect, but it
> wasn't consistently successful.
Yup. We have a thread, which I think you were part of, on the Windows ng,
as I recall, covering all the ways you can kill things when the VPN drops.
The firewall method was one of them.
On Windows, I use the LiquidVPN killswitch - but to each their own.
@echo off
:: GetAdmin
:-------------------------------------
:: Verify permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
:: On Error No Admin
if '%errorlevel%' NEQ '0' (
echo Getting administrative privileges...
goto DoUAC
) else ( goto getAdmin )
:DoUAC
echo Set UAC = CreateObject^("Shell.Application"^) >
"%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >>
"%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B
:getAdmin
pushd "%CD%"
CD /D "%~dp0"
:--------------------------------------
@echo off
:: CHANGE DEFAULT GW IP BELOW
set defgw=192.168.0.1
@For /f "tokens=3" %%1 in (
'route.exe print 0.0.0.0 ^|findstr "\<0.0.0.0.*0.0.0.0\>"') Do set
defgw=%%1
cls
:start
cls
echo.
color 0C
echo LiquidVPN's Simple VPN Kill Switch, ver. 0.1 - by LiquidVPN
echo.
echo.
echo Your routers gateway is probably "%defgw%"
echo -if nothing appears or its incorrect, add it manually (Press '3')
echo.
echo USAGE:
echo.
echo -Press "1" to Enable Kill Switch (IP "%defgw%")
echo -Press "2" to Disable Kill Switch (IP "%defgw%")
echo -Press "3" to manually set default gateway if its not detected above.
echo -Press "h" for Kill Switch Help
echo -Press "x" to exit Kill Switch.
echo.
set /p option=Your option:
if '%option%'=='1' goto :option1
if '%option%'=='2' goto :option2
if '%option%'=='3' goto :option3
if '%option%'=='x' goto :exit
if '%option%'=='h' goto :help
echo Insert 1, 2, x or h
timeout 3
goto start
:option1
route delete 0.0.0.0 %defgw%
echo Default gateway "%defgw%" removed
timeout 3
goto start
:option2
route add 0.0.0.0 mask 0.0.0.0 %defgw%
echo Defaulte gateway "%defgw%" restored
timeout 3
goto start
:option3
echo
set /p defgw=your gw IP (e.g. 192.168.0.1):
goto start
:help
cls
echo.
echo.
echo ======================
echo This simple kill switch removes your default gateway
echo and blocks traffic from reaching the internet when
echo your VPN gets disconnected.
echo.
echo Here is how you use it.
echo.
echo Step 1: Connect to LiquidVPN
echo Step 2: Enable LiquidVPN's Kill Switch (option "1")
echo.
echo Now Any internet traffic will pass through LiquidVPN only.
echo.
echo - If your VPN gets disconnected so will your internet.
echo - Disable the Kill Switch and reconnect.
echo.
echo.
echo When you disconnect from LiquidVPN follow these steps
echo to reconnect or to browse the internet normally.
echo.
echo Step 1: Close any software that may leak your real IP
echo Step 2: Disable the LiquidVPN kill switch (Option "2")
echo Step 3: Reconnect to LiquidVPN and enable the kill switch (Option "1")
echo.
timeout /T -1
goto start
:exit
exit
used for years for me before I knew about the firewall.
I agree with you that the firewall is a good idea.
Do you think it is a good approach for Android?
Or just Windows & Linux?
> Perhaps the vpndemon's weakness was related to a greater 'fail'
> sequence, ie not detecting a 'disconnect' *instantly*.
As I recall, Marek spent a *lot* of time detecting a failure as quickly as
possible. I tested all his scripts that he posted, where in the beginning,
I told him they were too slow and he vastly improved the speed such that I
was satisfied in the end.
I sure hope Marek the best, as none of us have heard from him in a very
long time so we hope he's fine, especially after his medical emergencies.
> This askub does not address the drop protection/ killswitch issue; since
> NM network manager doesn't have a built-in 'killswitch' for VPN.
(unlike nospam), so I'll just let the others know that if they search for
Marek Novotney's posts on a killswitch, they'll find them in a.o.l, where,
I think, he had named it something like 'vpnkill' or something like that.
http://tinyurl.com/alt-os-linux
The use model Marek came up with was to let the user define the apps he
wanted killed when the VPN dropped out, such as torrent apps, or web
clients or MUAs, or whatever the user considered sensitive.
Then Marek spent a *lot* of effort finding the *fastest* way to kill those
apps, where it took quite a few iterations, as I recall, for him to come up
with something that worked great on Linux.
> That is just a pointer to GG for a.o.l. which GG search functions are
> much deprecated.
(HINT: Complaining about the weather isn't helpful.)
> The earlier Marek scripts for drop protection are not extant.
everything that Marek gave us as I tested them. So they *are* there, at
least twice for each script functionality.
There were many functionalities, as I recall, such as the wget script that
ran daily to download the ever changing VPN configuration files, to the
geolocation script that renamed them by country and city, and the testing
script that tested each one on the fly daily to put the "good" ones in a
pile (bearing in mind the good ones and bad ones flipflopped all the time),
to scripts for testing the network speeds, etc.
All those scripts should still be there in the tribal knowledge archives.
> Here is one article suggesting using UFW uncomplicated firewall to
> function to prevent any traffic other than the VPN and setting up a
> couple of scripts to do it and undo it. The author previously proposed
> VPNDemon script to monitor the NM connection and disconnect, but it
> wasn't consistently successful.
as I recall, covering all the ways you can kill things when the VPN drops.
The firewall method was one of them.
On Windows, I use the LiquidVPN killswitch - but to each their own.
@echo off
:: GetAdmin
:-------------------------------------
:: Verify permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
:: On Error No Admin
if '%errorlevel%' NEQ '0' (
echo Getting administrative privileges...
goto DoUAC
) else ( goto getAdmin )
:DoUAC
echo Set UAC = CreateObject^("Shell.Application"^) >
"%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >>
"%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B
:getAdmin
pushd "%CD%"
CD /D "%~dp0"
:--------------------------------------
@echo off
:: CHANGE DEFAULT GW IP BELOW
set defgw=192.168.0.1
@For /f "tokens=3" %%1 in (
'route.exe print 0.0.0.0 ^|findstr "\<0.0.0.0.*0.0.0.0\>"') Do set
defgw=%%1
cls
:start
cls
echo.
color 0C
echo LiquidVPN's Simple VPN Kill Switch, ver. 0.1 - by LiquidVPN
echo.
echo.
echo Your routers gateway is probably "%defgw%"
echo -if nothing appears or its incorrect, add it manually (Press '3')
echo.
echo USAGE:
echo.
echo -Press "1" to Enable Kill Switch (IP "%defgw%")
echo -Press "2" to Disable Kill Switch (IP "%defgw%")
echo -Press "3" to manually set default gateway if its not detected above.
echo -Press "h" for Kill Switch Help
echo -Press "x" to exit Kill Switch.
echo.
set /p option=Your option:
if '%option%'=='1' goto :option1
if '%option%'=='2' goto :option2
if '%option%'=='3' goto :option3
if '%option%'=='x' goto :exit
if '%option%'=='h' goto :help
echo Insert 1, 2, x or h
timeout 3
goto start
:option1
route delete 0.0.0.0 %defgw%
echo Default gateway "%defgw%" removed
timeout 3
goto start
:option2
route add 0.0.0.0 mask 0.0.0.0 %defgw%
echo Defaulte gateway "%defgw%" restored
timeout 3
goto start
:option3
echo
set /p defgw=your gw IP (e.g. 192.168.0.1):
goto start
:help
cls
echo.
echo.
echo ======================
echo This simple kill switch removes your default gateway
echo and blocks traffic from reaching the internet when
echo your VPN gets disconnected.
echo.
echo Here is how you use it.
echo.
echo Step 1: Connect to LiquidVPN
echo Step 2: Enable LiquidVPN's Kill Switch (option "1")
echo.
echo Now Any internet traffic will pass through LiquidVPN only.
echo.
echo - If your VPN gets disconnected so will your internet.
echo - Disable the Kill Switch and reconnect.
echo.
echo.
echo When you disconnect from LiquidVPN follow these steps
echo to reconnect or to browse the internet normally.
echo.
echo Step 1: Close any software that may leak your real IP
echo Step 2: Disable the LiquidVPN kill switch (Option "2")
echo Step 3: Reconnect to LiquidVPN and enable the kill switch (Option "1")
echo.
timeout /T -1
goto start
:exit
exit
> The Best VPN Kill Switch For Linux Using Easy Firewall Rules
> https://github.com/primaryobjects/vpndemon Monitor a VPN connection on
> Linux and kill a process upon disconnect
I would have set up a firewall if Marek didn't already write the scripts I
> https://github.com/primaryobjects/vpndemon Monitor a VPN connection on
> Linux and kill a process upon disconnect
used for years for me before I knew about the firewall.
I agree with you that the firewall is a good idea.
Do you think it is a good approach for Android?
Or just Windows & Linux?
> Perhaps the vpndemon's weakness was related to a greater 'fail'
> sequence, ie not detecting a 'disconnect' *instantly*.
possible. I tested all his scripts that he posted, where in the beginning,
I told him they were too slow and he vastly improved the speed such that I
was satisfied in the end.
I sure hope Marek the best, as none of us have heard from him in a very
long time so we hope he's fine, especially after his medical emergencies.
Alek
Jul 16, 2018, 8:29:38 PM7/16/18
to
Arlen Holder wrote on 7/16/2018 6:59 PM:
> In response to the following from Alek:
>
>> My visiting nurse told me that she cannot print since her
>> soon-to-be-ex-husband installed a VPN. :-( However, she will have her
>> own place soon and will not have to face a VPN.
>
> There are two fundamental VPN use models and two fundamental reasons for
> using VPN.
>
> The two fundamental use models are:
> a. End-to-end encryption (e.g., in a corporate environment),
> b. Encryption up to the server (e.g., in the public VPN environment)
>
> Hence, you get *different* things from each.
>
> In the corporate environment, you get security.
> In the public environment, you get privacy.
>
> Hence it matters what environment the 'visiting nurse' is in, because if
> it's corporate, it's different than if it's public.
It's her home.
> In response to the following from Alek:
>
>> My visiting nurse told me that she cannot print since her
>> soon-to-be-ex-husband installed a VPN. :-( However, she will have her
>> own place soon and will not have to face a VPN.
>
> There are two fundamental VPN use models and two fundamental reasons for
> using VPN.
>
> The two fundamental use models are:
> a. End-to-end encryption (e.g., in a corporate environment),
> b. Encryption up to the server (e.g., in the public VPN environment)
>
> Hence, you get *different* things from each.
>
> In the corporate environment, you get security.
> In the public environment, you get privacy.
>
> Hence it matters what environment the 'visiting nurse' is in, because if
> it's corporate, it's different than if it's public.
>
> For public, you only get security from you to the VPN service.
> You get privacy from everyone except the VPN service.
>
> You may not completely understand what I'm saying, as I'm summarizing
> greatly and you may not have played with VPN long enough, but suffice to
> say that "normally" VPN doesn't interfere with printing - but it can.
> Can your 'visiting nurse" ping her router while on VPN?
> ping 191.168.1.1 (or whatever it happens to be)
In any case, she'll have her own place soon enough.
Thanks for the help and patience.
Arlen Holder
Jul 16, 2018, 8:53:04 PM7/16/18
to
In response to the following from Alek:
> She's OK with medical technology but would turn while if I ask her that.
> In any case, she'll have her own place soon enough.
Ok. Fair enough.
> In any case, she'll have her own place soon enough.
Let us know when you get VPN up and running on your Android phone.
That's why we're here ... to be helpful.
So it's nice to know when/if you've been helped.
nospam
Jul 17, 2018, 3:19:31 AM7/17/18
to
In article <pijd9i$ved$1...@dont-email.me>, Alek <alek.t...@gmail.com>
wrote:
> So maybe her STBEH made a configuration error?
more likely it was a deliberate act.
> She's OK with medical technology but would turn while if I ask her that.
> In any case, she'll have her own place soon enough.
if he did something to her computer, that may not change anything.
wrote:
> So maybe her STBEH made a configuration error?
> She's OK with medical technology but would turn while if I ask her that.
> In any case, she'll have her own place soon enough.
n...@none.invalid
Jul 17, 2018, 10:36:34 PM7/17/18
to
On Sun, 15 Jul 2018 20:59:40 -0400, Alek <alek.t...@gmail.com>
wrote:
I got a life time subscription to VPN Unlimited for 40 bucks.
wrote:
I R A Darth Aggie
Jul 21, 2018, 10:39:50 AM7/21/18
to
On Sun, 15 Jul 2018 20:59:40 -0400,
Alek <alek.t...@gmail.com>, in
sets up routes for various traffic.
The simple example is everything that would go to your network
provider and out to the external world will be routed thru a encrypted
pipe to your VPN provider, and from there go out to the world. Your
apparent IP address should be your VPN provider's address.
That's the way my paid-for VPN works.
My employer provides a VPN service, and that software is configured to
only route traffic thru the VPN if it is destined for their address
space. Example: I try to connect to www.myemployer.example, that goes
thru their VPN. Connecting to google.com does not.
What's local should stay local. According to my understanding, the
private LAN networks are non-routable, so they cannot be forwarded
thru a VPN.
https://en.wikipedia.org/wiki/Private_network
--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.
Arlen Holder
Jul 21, 2018, 3:50:02 PM7/21/18
to
On 21 Jul 2018 14:39:50 GMT, I R A Darth Aggie wrote:
> A VPN is just a *cough* Network routing configuration. The software
> sets up routes for various traffic.
Agreed, for the most part, in that if you mean that the "route print" will
> A VPN is just a *cough* Network routing configuration. The software
> sets up routes for various traffic.
show all packets (including DNS port 53 packets) except the LAN
(192.168.x.x) going to the VPN server, that seems to be a correct summary.
There's also the encryption though... which is a separate thing from the
routing.
> The simple example is everything that would go to your network
> provider and out to the external world will be routed thru a encrypted
> pipe to your VPN provider, and from there go out to the world. Your
> apparent IP address should be your VPN provider's address.
Once you're on VPN, an http://whatismyipaddress (or curl of icanhazip.com)
will reveal the IP address that the ultimate destination sees.
NOTE: As of about a month or two ago, curl.exe is now native in Windows, so
there's no need to use whatismyipaddress.com anymore if you don't want to.
> That's the way my paid-for VPN works.
A lot of VPNs seem to like to have you locked into their VPN client though.
> My employer provides a VPN service, and that software is configured to
> only route traffic thru the VPN if it is destined for their address
> space. Example: I try to connect to www.myemployer.example, that goes
> thru their VPN. Connecting to google.com does not.
The two go hand in hand.
I wonder how DNS requests on port 53 are handled though?
Does the employer handle *all* DNS requests?
> What's local should stay local. According to my understanding, the
> private LAN networks are non-routable, so they cannot be forwarded
> thru a VPN.
There are at least three IP "categories", as you noted:
1. Local stuff (non-routable addresses like 192.168.x.y)
2. DNS stuff (port 53)
3. Specific stuff (e.g., your employer's IP addresses)
3. Regular stuff (all other IP addresses)
All of the non-DNS stuff can be visualized with a route print command.
Looking at my old scripts on Windows, some of those commands might be:
netsh int ip show route > showroute.log
route print > routeprint.log
ipconfig > ipconfig.log
etc.
Thanks for adding technical value to every public conversation!
Arlen Holder
Jul 21, 2018, 3:53:16 PM7/21/18
to
On 21 Jul 2018 19:50:02 GMT, Arlen Holder wrote:
> Agreed, for the most part, in that if you mean that the "route print" will
> show all packets (including DNS port 53 packets) except the LAN
> (192.168.x.x) going to the VPN server, that seems to be a correct summary.
Ops. "excluding DNS packets".
> Agreed, for the most part, in that if you mean that the "route print" will
> show all packets (including DNS port 53 packets) except the LAN
> (192.168.x.x) going to the VPN server, that seems to be a correct summary.
I forget how to tell where the DNS packets are going by the command line,
but a tcpdump wireshark scan will filter on port 53.
There are DNS-leak web sites, but the good ones are hard to find since a
lot are shills for a particular VPN provider.
That's why an independent DNS leak command would be useful on Android and
on Windows or Linux (that doesn't require the complexity of Wireshark).
0 new messages