Hello fellow Soylentils. Colour me a nice Soylent Green Canadian who up until recently has only worried somewhat about security. I use linux (mostly Ubuntu) and in the past I have had time to work at config files and do google searches to solve my problems. Today i have far less time to do these things. My question is: can anyone (practically) hand me a good, easy, linux-friendly, and hopefully cheap VPN solution? Extra kudos to those with free options.
Canada seems to be heading in the direction of the United States and I am beginning to worry that my internet is being taken from me. Can anyone come up with a solution to keep my internetting private and my downloads from being pried into? (I've heard VPN is the way to go, but searching for solutions leaves me wondering if I'm getting scammed in the process.)
Thanks in advance for the help.
(Score: 3, Informative) by isostatic on Monday April 14 2014, @06:03PM
A VPN to where? Where do you want your unencrypted traffic to emerge?
I also run linux, I connect to one of my work's private networks in the uk by typing "bcnconnect". This runs up vpnc-connect, which uses a conf file with the ipsec details in. It then sets /proc/sys/net/ipv4/tcp_keepalive_time to a lowish number to get around the dumb firewalls.
My home VPN I'm sad to say is pptp. Moving to SSTP is on my list of things to do.
(Score: 2) by ls671 on Tuesday April 15 2014, @09:15AM
Is either of your VPNs using OpenSSL? ;-)
Everything I write is lies, read between the lines.
(Score: 2) by isostatic on Tuesday April 15 2014, @02:17PM
IPSec isn't OpenSSL, is it?
My https server is Ubuntu 10.04- so running an old version (0.9.8) that's unaffected. Laptop is the same.
Mikrotik's ssl library is also unaffected
(Score: 2) by ls671 on Wednesday April 16 2014, @12:35AM
I thought you may also use other types of VPNs.
Anyway, I was just noting that some VPNs are vulnerable if OpenSSL isn't patched. OpenVPN is one of them.
Take care,
Everything I write is lies, read between the lines.
(Score: 0) by Anonymous Coward on Friday May 02 2014, @07:06PM
Lifestyle factors including but not dramatic.Tsunami waves can occur china from 2, 000 a year., online casino slot machines [onlinecasi...iazone.com], [url="http://onlinecasinoaustraliazone.com/ "]online casino slot machines[/url], 895247, blackjack free games [bestcasinoclubcom.com], [url="http://bestcasinoclubcom.com/"]blackjack free games[/url], 8],
(Score: 4, Interesting) by spxero on Monday April 14 2014, @06:05PM
There are a few services out there, and sites like torrentfreak list features and comparisons between them with extra special focus on copyright-related issues.
One thing to know before hand is if they give you an IP address to connect to or a FQDN to connect to.
Also, if your concern is security, you'll probably want to make sure your border router disallows any traffic without the VPN being up. This way if the VPN service disconnects you won't send VPN-less traffic out.
(Score: 1) by kru on Monday April 14 2014, @07:21PM
One thing to know before hand is if they give you an IP address to connect to or a FQDN to connect to.
Which is better? I assume the domain name is a superior offering.
(Score: 3, Informative) by spxero on Monday April 14 2014, @08:11PM
I have found the opposite. Having the IP address is easier to create static firewall rules. The domain name is easier to remember, but if they add IPs you have to add the same to your firewall (if you set it up to block all but VPN traffic).
(Score: 2) by The Mighty Buzzard on Tuesday April 15 2014, @02:11AM
My rights don't end where your fear begins.
(Score: 2) by MrGuy on Monday April 14 2014, @06:09PM
This is exactly what Tor is designed for. It's slow, but it's private and (if Snowden is to be believed) it's secure. And it's free.
(Score: 3, Informative) by Anonymous Coward on Monday April 14 2014, @06:18PM
Everybody should be aware of the dash spy feature and disable it:
"Unless you have opted out we will send your keystrokes to third parties including: Facebook, Twitter, BBC and Amazon." -- http://www.ubuntu.com/privacy-policy [ubuntu.com]
For the whole scary list of third parties, see http://www.ubuntu.com/privacy-policy/third-parties [ubuntu.com]
Here's a suggested workaround https://fixubuntu.com/ [fixubuntu.com]
(Score: 2) by buswolley on Monday April 14 2014, @06:26PM
damn.
subicular junctures
(Score: 2, Informative) by iWantToKeepAnon on Monday April 14 2014, @06:35PM
> "Unless you have opted out we will send your keystrokes to third parties including: Facebook, ...
Ummm, people voluntarily send their keystrokes to fb and 3rd parties.
http://www.slate.com/articles/technology/future_te nse/2013/12/facebook_self_censorship_what_happens_ to_the_posts_you_don_t_publish.html [slate.com]
"Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
(Score: 2) by maxwell demon on Monday April 14 2014, @07:31PM
How many of those people are even aware that they send their keystrokes?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2, Interesting) by Joe Desertrat on Tuesday April 15 2014, @01:55AM
I wonder if this could be taken advantage of or abused by the end user. Typing in lists of expletives or bizarre forms of porn or long posts of Shakespeare or better yet, info you want to promote, like your website or even your store name, then erasing it. What happens to it then? Can you somehow skew Facebook's marketing and advertising?
(Score: 2) by bucc5062 on Monday April 14 2014, @06:57PM
Why does it seem like those two statements stand in complete conjunction with each other. 'We completely respect your privacy, but we will collect your private acts which has nothing to do with our operating system.'. That is corporate speak to the highest order.
The more things change, the more they look the same
(Score: 2) by FatPhil on Tuesday April 15 2014, @09:13AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by bucc5062 on Tuesday April 15 2014, @01:35PM
you are correct. I had the idea in my head, but it got attached to the wrong word...(sigh)
The more things change, the more they look the same
(Score: 1) by Scruffy on Monday April 14 2014, @08:37PM
"When you enter a search term into the dash ... Unless you have opted out (see the "Online Search" section below), we will also send your keystrokes as a search term to productsearch.ubuntu.com and selected third parties so that we may complement your search results with online search results from such third parties including: Facebook, Twitter, BBC and Amazon."
This sounds similar to Google's instant search. Maybe that doesn't change anyone's mind about things but I found your quote a wee bit disingenuous and wanted to clarify the context.
1087 is a lucky prime.
(Score: 2, Informative) by bryan on Monday April 14 2014, @11:13PM
Or better yet, use one of these and forget about dash/unity:
(Score: 5, Informative) by frojack on Monday April 14 2014, @06:24PM
You first need to determine the end points of your VPN.
Saying you've heard that they are the way do go, suggests you haven't heard enough about them to decide how to use them.
VPNs are nothing but an encrypted link between your network and some other location from which you want to download stuff, or from which you want all your network access to appear to originate from. There are companies that provide VPN services, making your internet access appear to come from their site, which may be in any country of your choosing.
But don't get your hopes up. VPNs are even MORE COMPROMISED than is Openssl. http://torrentfreak.com/nsa-can-spy-on-vpn-traffic -and-other-encrypted-communication-130906/ [torrentfreak.com]r mines-many-kinds-encryption-mean-vpn/ [bestvpn.com]l inksys-router-firmware-hacked-stay-safe-dd-wrt-tom ato/ [flashrouters.com]
https://www.bestvpn.com/blog/7521/nsa-breaks-unde
http://www.flashrouters.com/blog/2014/02/19/asus-
There are packages in UBUNTU that readily implement VPNs. There are Routers with built in VPN software. But all of these are mostly useful to send ALL traffic through a different site, seldom are they useful for ad hoc connections to your porn site (or whatever). You may be using the wrong tool for the task at hand. Its hard to tell, because your request is rather vague.
No, you are mistaken. I've always had this sig.
(Score: -1, Offtopic) by Anonymous Coward on Monday April 14 2014, @06:28PM
So it seems the mouth breathers are starting to infest this place. This question is a joke, right?
(Score: 2, Interesting) by sqrt(-1) on Monday April 14 2014, @06:29PM
The advantage of going with a commercial provider is that you may be able to use multiple IP addresses (potentially across geographic regions). The downside would be potential logging of your traffic.
I run my own with a small VPS (512MB RAM) running Debian that costs US$5/month (uptime of 265 days). IIRC I get 10TB per month - which I have not gone beyond. I predominantly use this when I'm on the road and connected via public WiFi. The downside is that you have to administer/maintain and you are stuck with one static IP and the upside is nobody is logging the traffic (as far as I can tell !).
(Score: 2, Interesting) by dinglebutts on Tuesday April 15 2014, @04:03AM
This. I've got a Digital Ocean VPS set up in this way as well (along with some other useful services). There's minimal configuration to host an OpenVPN Access server, and now my backend computer & server are behind a 24/7 VPN which I have full control over.
My VPS is 512MB ram, $5/mo, but 'only' 1TB of bandwidth. If you do indeed get 10TB/mo for the same price, mind dropping a name?
(Score: 1) by sqrt(-1) on Wednesday April 16 2014, @11:04PM
My bad. I thought I got 10TB, when it was changed from some lower threshold some time ago. I get 1TB as well. Which is sufficient for now. Comcast has "suspended" the 250GB/month usage at home, so even if I use the OpenVPN all the time, it will be less than 500GB at the VPN end.
(Score: 0) by Anonymous Coward on Tuesday April 15 2014, @02:07PM
It also depends on your endpoints. If you're trying to VPN into your own business network, the PPP through an SSH tunnel is reasonably secure and easy to set up. You just have to build your routing and forwarding rules right.
(Score: 1) by Beldin on Monday April 14 2014, @06:38PM
I use a company called TorGuard, multiple end points and they don't log. Well they say they don't and Torrentfreak did there best VPN list and it was on it.
No affiliation, just a customer.
(Score: 2) by Gaaark on Monday April 14 2014, @11:14PM
Thanks for the pointer... will look at TorGuard and will search for options like it.
I am not a mouth-breather (as an anonymous useless tried to say): between work, family life and my autistic son, my time is not what it used to be and I have not been able to keep up with things like security like I wish. Sometimes life just hands you less time than you'd like.
And I appreciate you taking your time to help me! :)
My concern is just that it looks like Canada has joined those countries that used to be 'free', but now are much less so.
I want to hide my activities from my ISP, and my government (as well as the American NSA, it seems)...
If I can do this in a free way, I would appreciate it: if not, I may have to go the way of things like TorGuard.
Again, thank you and the others who have tried to help.
For those 'mouth breathers' who post anonymously and uselessly.......... man up, will you?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Insightful) by Foobar Bazbot on Tuesday April 15 2014, @12:31AM
This sort of anonymity-hate, from the guy asking for help with a VPN for privacy?
If you weren't busy mouth-breathing, you might see the irony there.
(Score: 2) by Gaaark on Tuesday April 15 2014, @12:49AM
Like I said, the anonymous 'useless' posters...
Anonymous haters are what made slashdot such a sucky site... hate to see them moving over here.
I'm just asking a question that I wanted answers to, in a civilized manner, when 'useless' trolls off.
Guess I was just stupid for feeding the troll, in an off-hand manner.
I apologize.
Man.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by egcagrac0 on Monday April 14 2014, @06:46PM
That's the real question - what do you want to do?
Two common uses of "VPN" are to either access a network remotely, as if you're local to the network, or to appear to a foreign network (like the internet) like you're somewhere else on it (like to stream America region restricted video in Asia) (this would also be known as a "proxy").
Who you want to keep it private from is a second concern.
A lot of cheap hosting companies don't want you to use them as a proxy, since their bandwidth isn't available symmetrically. Check the ToS.
Figure out what you want and get back to us, so we have a half a chance of making a reasonable suggestion.
(Score: 0) by Anonymous Coward on Monday April 14 2014, @07:01PM
VPN would be something that you would want to setup so that when you are at say a Starbucks you VPN to your home box and get to the internet through your home connection.
Anonymizing proxy would be something you would want to set up at your home box to anonymize your connections.
(Score: 2) by hemocyanin on Monday April 14 2014, @07:51PM
For the instance where a person wants to use VPN to access his or her own networks, pfSense is a good option for firewall software (assuming like most geeks, you have a spare computer to set it up on): https://www.pfsense.org/ [pfsense.org] For example, set it up as the firewall for your home or office network, and you can VPN into that network using a VPN client from a coffee shop.
For accessing the world however, the person asking this question should be aware that just getting a vpn account on some remote system is pretty easily traceable. It is obvious where you are connecting to, and where that system is then connecting to, and significantly, your credit card (and real name) gets associated with that intermediate address on a regular periodic basis, thus revealing exactly who you are and the fact you are routing everything through a VPN. You are probably more obvious too, with an encrypted stream to only one or a set range of IP addresses -- it's pretty clear what's going on making you an interesting person to investigate.
A VPN is a great thing for the first paragraph option (relatively secure access to your own networks), but I would think a very risky proposition for the second (anonymizing your browsing).
(Score: 2) by cosurgi on Monday April 14 2014, @10:06PM
I use vtun between all my computers scattered around the city. Very convenient and easy to set up. They all appear as if in single LAN.
#
#\ @ ? [adom.de] Colonize Mars [kozicki.pl]
#
(Score: 1) by cwadge on Tuesday April 15 2014, @03:35AM
Just my $0.02, of course.
(Score: 1) by cwadge on Tuesday April 15 2014, @03:06AM
In the interest of full disclosure, I'm not affiliated with OpenVPN-AS in any way, but I have successfully deployed it at several companies in the past. Give it a spin, I think you'll be impressed.
(Score: 1) by pipingDot on Tuesday April 15 2014, @03:14AM
$40ish per year, a dozen servers (half USA, half scattered elsewhere), beta Linux client that works as well as the Windows variety.
(Score: 2) by SlimmPickens on Tuesday April 15 2014, @10:39AM
First you need to start researching the Snowden information and then you'll start to understand what it's going to take to build yourself a secure network. You need a shit load more than a vpn.
(Score: 0) by Anonymous Coward on Wednesday April 16 2014, @12:05PM
I'd suggest mullvad.net, and you can even pay for it with bitcoin so they don't even have records of who you are.