Hey Rodney Byne,
I am pretty new to this subject of openvpn too! But what little I know, I will try to share.
"VPN" is an abbreviation for "virtual private network", the goal of which is to maintain privacy in a public enviornment achieved with the use of encryption between the communicating parties. Perhaps you have bought something online with the use of a credit card, and you may have noticed that the URL changed from "http://whatever" to "https://whatever", with the latter being a secure, encrypted tunnel for your credit card info, protected from those who would steal this info. "https://" is a form of VPN.
There are several different protocols for the structure of VPN, and "openvpn" is one of those protocols. Puppy Linux often has a VPN client already built in using the PPTP protocol (look under Network on Puppy's Menu), and Quirky Tahr certainly has it. Most people believe that openvpn has a higher level of security than PPTP.
Who should be using VPN? Simply put, those who desire privacy. Free wi-fi hotspots are notoriously risky for snoopers, as are airport WI-FIs and other networks open to the public. Corporations (with a VPN server) frequently communicate with their sales and technical people out in the field (with a VPN client) thru VPNs. Millions of people live in countries where the government controls what their citizens can connect to on the internet by monitoring and filtering the destination IP addresses. VPNs can often circumvent this. Only you can decide if a VPN might be useful for you.
Anyhow back to your question.
Dependencies, in my experience, are usually pretty important for proper functioning of a program.
As a test, I deleted openvpn_2.3.2 from my Quirky Tahr, and then went back thru the install process for openvpn_2.3.2, and it said "iproute2" was missing. If you then click on "Examine Dependencies", Puppy Package Manager (PPM) goes looking for iproute2-2.6.29-1-w5.pet which is supposed to be in the Wary 5 packages, but for whatever reason, it seems to be missing, so PPM is not very happy about installing openvpn_2.3.2 with missing dependencies.
You can get a copy of iproute2-2.6.29-1-w5 at https://archive.org/details/Puppy_Linux_Racy. Since it is a .pet file, if you download and click on it, it should install on your copy of Quirky Tahr, and the PPM installation of openvpn_2.3.2 should proceed smoothly.
I will try to detail my configuration of Gadmin-openvpn-client-0.1.9 for use with a commercial openvpn service provider in a subsequent post.
On OpenVPN
-
Rodney Byne
- Posts: 247
- Joined: Fri 31 Jan 2014, 14:12
Continuing Openvpn
Hey yourself Mr. Eowens2,
You did absolutely the right thing in starting this new thread
away from the general melee.
This is a unique subject all on its own to be treated
and discussed separately.
Thank you so much for plainly explaining the principles
of openvpn to me in an understandable way.
You've honed the facts I wanted to know perfectly
and phrased everything just right.
I think there is a similarity here in protecting privacy and
anonymity with the Tor browser, where vpn may be also at its core.
Anyway to the detail at hand with more thanks.
First I located and downloaded the missing iproute file via
your link & installed that ok.
Then downloaded & installed without further incident
openvpn_2.3.2 from the PPM.
Finally I installed your gadmin pet & launched it
also without further incident, so confirming it found
all its associated files.
Now I await with interest the testing and proving stage
of, for me this new experience, as per the final quote
from your previous post:
"I will try to detail my configuration of Gadmin-openvpn-client-0.1.9 for use with a commercial openvpn service provider in a subsequent post"
My guess is, enabling the configured tunnel before Seamonkey is launched.
If Openvpn acts as HTTPS everywhere, will certain web pages
be barred from opening, depending on their individual certificate validations?
This could be a natural caution filter to avoid say, dubious replica
banking sites from stealing personal data, as you said earlier.
Mind you, I'm a total sceptic, so don't do online banking or any
financial transactions on the web at all, being the penny-watching
pensioner that I am!
To my old fashioned way of doing business face-to-face, this is a very precarious practice.
Not to mention a slip of the finger entering a wrong account number - whoops, sudden empty bank balance.
With kind regards.
You did absolutely the right thing in starting this new thread
away from the general melee.
This is a unique subject all on its own to be treated
and discussed separately.
Thank you so much for plainly explaining the principles
of openvpn to me in an understandable way.
You've honed the facts I wanted to know perfectly
and phrased everything just right.
I think there is a similarity here in protecting privacy and
anonymity with the Tor browser, where vpn may be also at its core.
Anyway to the detail at hand with more thanks.
First I located and downloaded the missing iproute file via
your link & installed that ok.
Then downloaded & installed without further incident
openvpn_2.3.2 from the PPM.
Finally I installed your gadmin pet & launched it
also without further incident, so confirming it found
all its associated files.
Now I await with interest the testing and proving stage
of, for me this new experience, as per the final quote
from your previous post:
"I will try to detail my configuration of Gadmin-openvpn-client-0.1.9 for use with a commercial openvpn service provider in a subsequent post"
My guess is, enabling the configured tunnel before Seamonkey is launched.
If Openvpn acts as HTTPS everywhere, will certain web pages
be barred from opening, depending on their individual certificate validations?
This could be a natural caution filter to avoid say, dubious replica
banking sites from stealing personal data, as you said earlier.
Mind you, I'm a total sceptic, so don't do online banking or any
financial transactions on the web at all, being the penny-watching
pensioner that I am!
To my old fashioned way of doing business face-to-face, this is a very precarious practice.
Not to mention a slip of the finger entering a wrong account number - whoops, sudden empty bank balance.
With kind regards.
Part 2: O.K., now let's see if we can set up gadmin-openvpn-client-0.1.9 with a commercial server. The service/server you use will provide you with information on how to connect to it, and you will need to download that information, by going to their website and clicking on something like "download VPN config file".
This file may or may not be what you need. Some of these commercial VPN services may have their own VPN client programs. The VPN service I use (www.strongvpn.com) has a client program for both windows and mac but not linux (boo, hiss!!!), and the structure of the config file you D/L is meant to work smoothly with their vpn client programs.
What you need to use with gadmin-openvpn-client-0.1.9 is a collection of 5 discrete files: a config file, CA Cert, Cert, Key and TA key. Fortunately, when I persisted with my service provider, I found that I could D/L this bundle of files for my account which they labled "generic".
I discovered that the initial single file that I said not to use, actually contains the 5 individual files, with the 5 components isolated by field separators, and if one wants to do the work, using a text editor you could create the 5 individual files from the big file. But it is easier to get the 5 separate files if you can.
O.K., I assume that you now have the 5 files mentioned above, placed in /root/downloads or /root/my-documents or some other easily accessible place.
Open GA-client and click on "Import" at the top of the GUI, then "Import configuration file", migrate to the config file, select it and click on "Apply". The configuration information will enter GA-client as "Imported-setup" regardless of the name of the imported file, and you can see the destination server's IP addresses on the connections tab, you can see the full config info by clicking on the "Client configuration" tab. There are about 25-30 items in this text file from my openvpn service provider.
The "Client configuration" tab is actually a text editor and you can edit anything on this page. I changed the first line "# Connection_name: Imported-setup" to my service provider "# Connection_name: StrongVPN", and when you later click on "Save" at the bottom of the page, the name will appear correctly on the "Connections" page.
Go back to the "Connections" page. Under "Servers", check to see if the info is correct...I had to edit the Port values to be the same as on the configuration page (my server made available 3 different ports to use). As you edit the next few items you may need to shuttle back and forth between the "Connections" and "Configuration" pages.
Next Item: Server Protocol. Click on down arrow at extreme right, and you will see that the options are TCP & UDP. Mine was UDP
Next Item: Device. Options: Tun & Tap, I chose Tun0.
Username: I left blank.
Password: I left blank.
Passfile: GA-client inserts a value here, but I think you can leave it blank. I think the real "passfile" is in the key and cert files.
Mount: Leave blank.
Encryption type: I am not sure what to enter here. I left "Blowfish". I think the real encryption is handled by the key and cert files...I could be wrong.
Use compression: Yes
Share connection: No
Using Firestarter: I selected "No" - I am not sure what it is anyway.
Start at boot - I suggest "No" till you have GA-client up and running the way you want. After that you may want to select "Yes". I have been able to activate or deactivate GA-client in the middle of a browsing session and it seems to stay glued together O.K.. I have never had to re-boot because of it.
Log level: I just left it at 4
Proxy server: Left blank
Proxy Port: Left blank
MSS value: I think this auto-fills-in from the config page. Mine is 1390.
The next 4 fields are where the security comes from, and you will import them into GA-client.
Click on "CA cert." and you can migrate to the folder where the 5 config files are, select the "CA cert" file and click on "Open", and the file is imported. Do the same for "Cert", "Key" and TA key".
Review all of the information in the fields that you have entered on this page, and if you are happy with it, click on "Apply".
At this point I would suggest going back to the "Client configuration" page and click on "Save". The configuration is saved to /etc/gadmin-openvpn/client/<your server's name>/gadmin-openvpn-client.conf. It is this file that is checked each time the program runs, not what you see on the GUI.
Now the question arises, how do you know the darn thing is working?!
I can go to my VPN service provider's homepage and it reflects back to me my IP address and location, and your VPN service provider may do the same; or one can google "IP address locator" and get a whole bunch of websites that do this such as "whatismyipaddress.com".
You simply check your IP address & location before and after activation of GA-client. If your percieved location changes to your commercial server's site, the VPN is activated correctly. (It can say "activated" and still not be working correctly).
At this point you should be ready to roll. Click on "Activate"! Hopefully I presented enough accurate information that you can activate gadmin-openvpn-client-0.1.9 if you choose to do so. I am sure that there are a number of people on this board who know a great deal more about this topic than I, and I welcome their comments and suggestions.
This file may or may not be what you need. Some of these commercial VPN services may have their own VPN client programs. The VPN service I use (www.strongvpn.com) has a client program for both windows and mac but not linux (boo, hiss!!!), and the structure of the config file you D/L is meant to work smoothly with their vpn client programs.
What you need to use with gadmin-openvpn-client-0.1.9 is a collection of 5 discrete files: a config file, CA Cert, Cert, Key and TA key. Fortunately, when I persisted with my service provider, I found that I could D/L this bundle of files for my account which they labled "generic".
I discovered that the initial single file that I said not to use, actually contains the 5 individual files, with the 5 components isolated by field separators, and if one wants to do the work, using a text editor you could create the 5 individual files from the big file. But it is easier to get the 5 separate files if you can.
O.K., I assume that you now have the 5 files mentioned above, placed in /root/downloads or /root/my-documents or some other easily accessible place.
Open GA-client and click on "Import" at the top of the GUI, then "Import configuration file", migrate to the config file, select it and click on "Apply". The configuration information will enter GA-client as "Imported-setup" regardless of the name of the imported file, and you can see the destination server's IP addresses on the connections tab, you can see the full config info by clicking on the "Client configuration" tab. There are about 25-30 items in this text file from my openvpn service provider.
The "Client configuration" tab is actually a text editor and you can edit anything on this page. I changed the first line "# Connection_name: Imported-setup" to my service provider "# Connection_name: StrongVPN", and when you later click on "Save" at the bottom of the page, the name will appear correctly on the "Connections" page.
Go back to the "Connections" page. Under "Servers", check to see if the info is correct...I had to edit the Port values to be the same as on the configuration page (my server made available 3 different ports to use). As you edit the next few items you may need to shuttle back and forth between the "Connections" and "Configuration" pages.
Next Item: Server Protocol. Click on down arrow at extreme right, and you will see that the options are TCP & UDP. Mine was UDP
Next Item: Device. Options: Tun & Tap, I chose Tun0.
Username: I left blank.
Password: I left blank.
Passfile: GA-client inserts a value here, but I think you can leave it blank. I think the real "passfile" is in the key and cert files.
Mount: Leave blank.
Encryption type: I am not sure what to enter here. I left "Blowfish". I think the real encryption is handled by the key and cert files...I could be wrong.
Use compression: Yes
Share connection: No
Using Firestarter: I selected "No" - I am not sure what it is anyway.
Start at boot - I suggest "No" till you have GA-client up and running the way you want. After that you may want to select "Yes". I have been able to activate or deactivate GA-client in the middle of a browsing session and it seems to stay glued together O.K.. I have never had to re-boot because of it.
Log level: I just left it at 4
Proxy server: Left blank
Proxy Port: Left blank
MSS value: I think this auto-fills-in from the config page. Mine is 1390.
The next 4 fields are where the security comes from, and you will import them into GA-client.
Click on "CA cert." and you can migrate to the folder where the 5 config files are, select the "CA cert" file and click on "Open", and the file is imported. Do the same for "Cert", "Key" and TA key".
Review all of the information in the fields that you have entered on this page, and if you are happy with it, click on "Apply".
At this point I would suggest going back to the "Client configuration" page and click on "Save". The configuration is saved to /etc/gadmin-openvpn/client/<your server's name>/gadmin-openvpn-client.conf. It is this file that is checked each time the program runs, not what you see on the GUI.
Now the question arises, how do you know the darn thing is working?!
I can go to my VPN service provider's homepage and it reflects back to me my IP address and location, and your VPN service provider may do the same; or one can google "IP address locator" and get a whole bunch of websites that do this such as "whatismyipaddress.com".
You simply check your IP address & location before and after activation of GA-client. If your percieved location changes to your commercial server's site, the VPN is activated correctly. (It can say "activated" and still not be working correctly).
At this point you should be ready to roll. Click on "Activate"! Hopefully I presented enough accurate information that you can activate gadmin-openvpn-client-0.1.9 if you choose to do so. I am sure that there are a number of people on this board who know a great deal more about this topic than I, and I welcome their comments and suggestions.
-
Rodney Byne
- Posts: 247
- Joined: Fri 31 Jan 2014, 14:12
re part 2
When I read through your procedure several times,
I realised I'm way out of my depth so I'm not going to pursue
this subject. The skill knowledge level is very high.
But your hard work is nonetheless most appreciated.
Thanks again.
I realised I'm way out of my depth so I'm not going to pursue
this subject. The skill knowledge level is very high.
But your hard work is nonetheless most appreciated.
Thanks again.
Rodney, writing it all down makes it seem more complicated than it really is.
Once you download the config files to your computer, it is mostly just a matter of importing them into the right places in gadmin-openvpn-client-0.1.9.
It's like importing a contacts file into an e-mail client, you just have to do it 5 times instead of once, and then edit one of the files a little.
Once you download the config files to your computer, it is mostly just a matter of importing them into the right places in gadmin-openvpn-client-0.1.9.
It's like importing a contacts file into an e-mail client, you just have to do it 5 times instead of once, and then edit one of the files a little.