Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 12 submissions in the queue.
posted by mrcoolbp on Monday April 14 2014, @05:58PM   Printer-friendly
from the all-your-VPN-are-belong-to-us dept.

Hello fellow Soylentils. Colour me a nice Soylent Green Canadian who up until recently has only worried somewhat about security. I use linux (mostly Ubuntu) and in the past I have had time to work at config files and do google searches to solve my problems. Today i have far less time to do these things. My question is: can anyone (practically) hand me a good, easy, linux-friendly, and hopefully cheap VPN solution? Extra kudos to those with free options.

Canada seems to be heading in the direction of the United States and I am beginning to worry that my internet is being taken from me. Can anyone come up with a solution to keep my internetting private and my downloads from being pried into? (I've heard VPN is the way to go, but searching for solutions leaves me wondering if I'm getting scammed in the process.)

Thanks in advance for the help.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by isostatic on Monday April 14 2014, @06:03PM

    by isostatic (365) on Monday April 14 2014, @06:03PM (#31437) Journal

    A VPN to where? Where do you want your unencrypted traffic to emerge?

    I also run linux, I connect to one of my work's private networks in the uk by typing "bcnconnect". This runs up vpnc-connect, which uses a conf file with the ipsec details in. It then sets /proc/sys/net/ipv4/tcp_keepalive_time to a lowish number to get around the dumb firewalls.

    My home VPN I'm sad to say is pptp. Moving to SSTP is on my list of things to do.

    • (Score: 2) by ls671 on Tuesday April 15 2014, @09:15AM

      by ls671 (891) on Tuesday April 15 2014, @09:15AM (#31715) Homepage

      Is either of your VPNs using OpenSSL? ;-)

      --
      Everything I write is lies, including this sentence.
      • (Score: 2) by isostatic on Tuesday April 15 2014, @02:17PM

        by isostatic (365) on Tuesday April 15 2014, @02:17PM (#31805) Journal

        IPSec isn't OpenSSL, is it?
        My https server is Ubuntu 10.04- so running an old version (0.9.8) that's unaffected. Laptop is the same.
        Mikrotik's ssl library is also unaffected

        • (Score: 2) by ls671 on Wednesday April 16 2014, @12:35AM

          by ls671 (891) on Wednesday April 16 2014, @12:35AM (#32092) Homepage

          I thought you may also use other types of VPNs.

          Anyway, I was just noting that some VPNs are vulnerable if OpenSSL isn't patched. OpenVPN is one of them.

          Take care,

          --
          Everything I write is lies, including this sentence.
    • (Score: 0) by Anonymous Coward on Friday May 02 2014, @07:06PM

      by Anonymous Coward on Friday May 02 2014, @07:06PM (#39039)

      Lifestyle factors including but not dramatic.Tsunami waves can occur china from 2, 000 a year., online casino slot machines [onlinecasi...iazone.com], [url="http://onlinecasinoaustraliazone.com/ "]online casino slot machines[/url], 895247, blackjack free games [bestcasinoclubcom.com], [url="http://bestcasinoclubcom.com/"]blackjack free games[/url], 8],

  • (Score: 4, Interesting) by spxero on Monday April 14 2014, @06:05PM

    by spxero (3061) on Monday April 14 2014, @06:05PM (#31439)

    There are a few services out there, and sites like torrentfreak list features and comparisons between them with extra special focus on copyright-related issues.

    One thing to know before hand is if they give you an IP address to connect to or a FQDN to connect to.

    Also, if your concern is security, you'll probably want to make sure your border router disallows any traffic without the VPN being up. This way if the VPN service disconnects you won't send VPN-less traffic out.

    • (Score: 1) by kru on Monday April 14 2014, @07:21PM

      by kru (795) on Monday April 14 2014, @07:21PM (#31491)

      One thing to know before hand is if they give you an IP address to connect to or a FQDN to connect to.
       
      Which is better? I assume the domain name is a superior offering.

      • (Score: 3, Informative) by spxero on Monday April 14 2014, @08:11PM

        by spxero (3061) on Monday April 14 2014, @08:11PM (#31512)

        I have found the opposite. Having the IP address is easier to create static firewall rules. The domain name is easier to remember, but if they add IPs you have to add the same to your firewall (if you set it up to block all but VPN traffic).

        • (Score: 2) by The Mighty Buzzard on Tuesday April 15 2014, @02:11AM

          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday April 15 2014, @02:11AM (#31626) Homepage Journal
          On the other hand, it's easy enough to script an ifup script along the lines of "what IP address is am I VPNing through? do me a favor and DROP ipv4 on eth0 aside from that address" or just scrape their list of IPs and whitelist them all. Having more IPs is a good thing; less blocking and it's cheaper for your vpn service which is theoretically cheaper for you.
          --
          My rights don't end where your fear begins.
  • (Score: 2) by MrGuy on Monday April 14 2014, @06:09PM

    by MrGuy (1007) on Monday April 14 2014, @06:09PM (#31443)

    This is exactly what Tor is designed for. It's slow, but it's private and (if Snowden is to be believed) it's secure. And it's free.

  • (Score: 3, Informative) by Anonymous Coward on Monday April 14 2014, @06:18PM

    by Anonymous Coward on Monday April 14 2014, @06:18PM (#31448)

    Everybody should be aware of the dash spy feature and disable it:

    "Unless you have opted out we will send your keystrokes to third parties including: Facebook, Twitter, BBC and Amazon." -- http://www.ubuntu.com/privacy-policy [ubuntu.com]

    For the whole scary list of third parties, see http://www.ubuntu.com/privacy-policy/third-parties [ubuntu.com]

    Here's a suggested workaround https://fixubuntu.com/ [fixubuntu.com]

    • (Score: 2) by buswolley on Monday April 14 2014, @06:26PM

      by buswolley (848) on Monday April 14 2014, @06:26PM (#31454)

      damn.

      --
      subicular junctures
    • (Score: 2, Informative) by iWantToKeepAnon on Monday April 14 2014, @06:35PM

      by iWantToKeepAnon (686) on Monday April 14 2014, @06:35PM (#31459) Homepage Journal

      > "Unless you have opted out we will send your keystrokes to third parties including: Facebook, ...

      Ummm, people voluntarily send their keystrokes to fb and 3rd parties.

      http://www.slate.com/articles/technology/future_te nse/2013/12/facebook_self_censorship_what_happens_ to_the_posts_you_don_t_publish.html [slate.com]

      --
      "Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
      • (Score: 2) by maxwell demon on Monday April 14 2014, @07:31PM

        by maxwell demon (1608) on Monday April 14 2014, @07:31PM (#31493) Journal

        How many of those people are even aware that they send their keystrokes?

        --
        The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 2, Interesting) by Joe Desertrat on Tuesday April 15 2014, @01:55AM

        by Joe Desertrat (2454) on Tuesday April 15 2014, @01:55AM (#31619)

        "...Ummm, people voluntarily send their keystrokes to fb and 3rd parties..."

        I wonder if this could be taken advantage of or abused by the end user. Typing in lists of expletives or bizarre forms of porn or long posts of Shakespeare or better yet, info you want to promote, like your website or even your store name, then erasing it. What happens to it then? Can you somehow skew Facebook's marketing and advertising?

    • (Score: 2) by bucc5062 on Monday April 14 2014, @06:57PM

      by bucc5062 (699) on Monday April 14 2014, @06:57PM (#31478)

      Canonical collects personal information from you in a number of different ways....

      At Canonical, we consider your privacy to be extremely important to us. ...

      Why does it seem like those two statements stand in complete conjunction with each other. 'We completely respect your privacy, but we will collect your private acts which has nothing to do with our operating system.'. That is corporate speak to the highest order.

      --
      The more things change, the more they look the same
      • (Score: 2) by FatPhil on Tuesday April 15 2014, @09:13AM

        by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Tuesday April 15 2014, @09:13AM (#31714) Homepage
        "conjunction with" should read "contradiction to" or "disjunction from".
        --
        Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
        • (Score: 2) by bucc5062 on Tuesday April 15 2014, @01:35PM

          by bucc5062 (699) on Tuesday April 15 2014, @01:35PM (#31785)

          you are correct. I had the idea in my head, but it got attached to the wrong word...(sigh)

          --
          The more things change, the more they look the same
    • (Score: 1) by Scruffy on Monday April 14 2014, @08:37PM

      by Scruffy (1087) on Monday April 14 2014, @08:37PM (#31525)

      "When you enter a search term into the dash ... Unless you have opted out (see the "Online Search" section below), we will also send your keystrokes as a search term to productsearch.ubuntu.com and selected third parties so that we may complement your search results with online search results from such third parties including: Facebook, Twitter, BBC and Amazon."

      This sounds similar to Google's instant search. Maybe that doesn't change anyone's mind about things but I found your quote a wee bit disingenuous and wanted to clarify the context.

      --
      1087 is a lucky prime.
    • (Score: 2, Informative) by bryan on Monday April 14 2014, @11:13PM

      by bryan (29) <bryan@pipedot.org> on Monday April 14 2014, @11:13PM (#31558) Homepage Journal

      Or better yet, use one of these and forget about dash/unity:

      • http://xubuntu.org/
      • http://www.kubuntu.org/
      • http://lubuntu.net/
  • (Score: 5, Informative) by frojack on Monday April 14 2014, @06:24PM

    by frojack (1554) on Monday April 14 2014, @06:24PM (#31451) Journal

    You first need to determine the end points of your VPN.

    Saying you've heard that they are the way do go, suggests you haven't heard enough about them to decide how to use them.

    VPNs are nothing but an encrypted link between your network and some other location from which you want to download stuff, or from which you want all your network access to appear to originate from. There are companies that provide VPN services, making your internet access appear to come from their site, which may be in any country of your choosing.

    But don't get your hopes up. VPNs are even MORE COMPROMISED than is Openssl. http://torrentfreak.com/nsa-can-spy-on-vpn-traffic -and-other-encrypted-communication-130906/ [torrentfreak.com]
    https://www.bestvpn.com/blog/7521/nsa-breaks-under mines-many-kinds-encryption-mean-vpn/ [bestvpn.com]
    http://www.flashrouters.com/blog/2014/02/19/asus-l inksys-router-firmware-hacked-stay-safe-dd-wrt-tom ato/ [flashrouters.com]

    There are packages in UBUNTU that readily implement VPNs. There are Routers with built in VPN software. But all of these are mostly useful to send ALL traffic through a different site, seldom are they useful for ad hoc connections to your porn site (or whatever). You may be using the wrong tool for the task at hand. Its hard to tell, because your request is rather vague.

    --
    No, you are mistaken. I've always had this sig.
  • (Score: -1, Offtopic) by Anonymous Coward on Monday April 14 2014, @06:28PM

    by Anonymous Coward on Monday April 14 2014, @06:28PM (#31455)

    So it seems the mouth breathers are starting to infest this place. This question is a joke, right?

  • (Score: 2, Interesting) by sqrt(-1) on Monday April 14 2014, @06:29PM

    by sqrt(-1) (3039) on Monday April 14 2014, @06:29PM (#31456)

    The advantage of going with a commercial provider is that you may be able to use multiple IP addresses (potentially across geographic regions). The downside would be potential logging of your traffic.

    I run my own with a small VPS (512MB RAM) running Debian that costs US$5/month (uptime of 265 days). IIRC I get 10TB per month - which I have not gone beyond. I predominantly use this when I'm on the road and connected via public WiFi. The downside is that you have to administer/maintain and you are stuck with one static IP and the upside is nobody is logging the traffic (as far as I can tell !).

    • (Score: 2, Interesting) by dinglebutts on Tuesday April 15 2014, @04:03AM

      by dinglebutts (3942) on Tuesday April 15 2014, @04:03AM (#31658)

      This. I've got a Digital Ocean VPS set up in this way as well (along with some other useful services). There's minimal configuration to host an OpenVPN Access server, and now my backend computer & server are behind a 24/7 VPN which I have full control over.

      My VPS is 512MB ram, $5/mo, but 'only' 1TB of bandwidth. If you do indeed get 10TB/mo for the same price, mind dropping a name?

      • (Score: 1) by sqrt(-1) on Wednesday April 16 2014, @11:04PM

        by sqrt(-1) (3039) on Wednesday April 16 2014, @11:04PM (#32455)

        My VPS is 512MB ram, $5/mo, but 'only' 1TB of bandwidth. If you do indeed get 10TB/mo for the same price, mind dropping a name?

        My bad. I thought I got 10TB, when it was changed from some lower threshold some time ago. I get 1TB as well. Which is sufficient for now. Comcast has "suspended" the 250GB/month usage at home, so even if I use the OpenVPN all the time, it will be less than 500GB at the VPN end.

    • (Score: 0) by Anonymous Coward on Tuesday April 15 2014, @02:07PM

      by Anonymous Coward on Tuesday April 15 2014, @02:07PM (#31802)

      It also depends on your endpoints. If you're trying to VPN into your own business network, the PPP through an SSH tunnel is reasonably secure and easy to set up. You just have to build your routing and forwarding rules right.

  • (Score: 1) by Beldin on Monday April 14 2014, @06:38PM

    by Beldin (397) on Monday April 14 2014, @06:38PM (#31462) Homepage

    I use a company called TorGuard, multiple end points and they don't log. Well they say they don't and Torrentfreak did there best VPN list and it was on it.

    No affiliation, just a customer.

    • (Score: 2) by Gaaark on Monday April 14 2014, @11:14PM

      by Gaaark (41) on Monday April 14 2014, @11:14PM (#31559) Journal

      Thanks for the pointer... will look at TorGuard and will search for options like it.

      I am not a mouth-breather (as an anonymous useless tried to say): between work, family life and my autistic son, my time is not what it used to be and I have not been able to keep up with things like security like I wish. Sometimes life just hands you less time than you'd like.

      And I appreciate you taking your time to help me! :)

      My concern is just that it looks like Canada has joined those countries that used to be 'free', but now are much less so.

      I want to hide my activities from my ISP, and my government (as well as the American NSA, it seems)...

      If I can do this in a free way, I would appreciate it: if not, I may have to go the way of things like TorGuard.

      Again, thank you and the others who have tried to help.

      For those 'mouth breathers' who post anonymously and uselessly.......... man up, will you?

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
      • (Score: 3, Insightful) by Foobar Bazbot on Tuesday April 15 2014, @12:31AM

        by Foobar Bazbot (37) on Tuesday April 15 2014, @12:31AM (#31583) Journal

        For those 'mouth breathers' who post anonymously and uselessly.......... man up, will you?

        This sort of anonymity-hate, from the guy asking for help with a VPN for privacy?
        If you weren't busy mouth-breathing, you might see the irony there.

        • (Score: 2) by Gaaark on Tuesday April 15 2014, @12:49AM

          by Gaaark (41) on Tuesday April 15 2014, @12:49AM (#31592) Journal

          Like I said, the anonymous 'useless' posters...

          Anonymous haters are what made slashdot such a sucky site... hate to see them moving over here.

          I'm just asking a question that I wanted answers to, in a civilized manner, when 'useless' trolls off.
          Guess I was just stupid for feeding the troll, in an off-hand manner.
          I apologize.

          Man.

          --
          --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
  • (Score: 2) by egcagrac0 on Monday April 14 2014, @06:46PM

    by egcagrac0 (2705) on Monday April 14 2014, @06:46PM (#31467)

    That's the real question - what do you want to do?

    Two common uses of "VPN" are to either access a network remotely, as if you're local to the network, or to appear to a foreign network (like the internet) like you're somewhere else on it (like to stream America region restricted video in Asia) (this would also be known as a "proxy").

    Who you want to keep it private from is a second concern.

    A lot of cheap hosting companies don't want you to use them as a proxy, since their bandwidth isn't available symmetrically. Check the ToS.

    Figure out what you want and get back to us, so we have a half a chance of making a reasonable suggestion.

  • (Score: 0) by Anonymous Coward on Monday April 14 2014, @07:01PM

    by Anonymous Coward on Monday April 14 2014, @07:01PM (#31482)

    VPN would be something that you would want to setup so that when you are at say a Starbucks you VPN to your home box and get to the internet through your home connection.

    Anonymizing proxy would be something you would want to set up at your home box to anonymize your connections.

    • (Score: 2) by hemocyanin on Monday April 14 2014, @07:51PM

      by hemocyanin (186) on Monday April 14 2014, @07:51PM (#31504) Journal

      For the instance where a person wants to use VPN to access his or her own networks, pfSense is a good option for firewall software (assuming like most geeks, you have a spare computer to set it up on): https://www.pfsense.org/ [pfsense.org] For example, set it up as the firewall for your home or office network, and you can VPN into that network using a VPN client from a coffee shop.

      For accessing the world however, the person asking this question should be aware that just getting a vpn account on some remote system is pretty easily traceable. It is obvious where you are connecting to, and where that system is then connecting to, and significantly, your credit card (and real name) gets associated with that intermediate address on a regular periodic basis, thus revealing exactly who you are and the fact you are routing everything through a VPN. You are probably more obvious too, with an encrypted stream to only one or a set range of IP addresses -- it's pretty clear what's going on making you an interesting person to investigate.

      A VPN is a great thing for the first paragraph option (relatively secure access to your own networks), but I would think a very risky proposition for the second (anonymizing your browsing).

  • (Score: 2) by cosurgi on Monday April 14 2014, @10:06PM

    by cosurgi (272) on Monday April 14 2014, @10:06PM (#31534) Journal

    I use vtun between all my computers scattered around the city. Very convenient and easy to set up. They all appear as if in single LAN.

    --
    #
    #\ @ ? [adom.de] Colonize Mars [kozicki.pl]
    #
    • (Score: 1) by cwadge on Tuesday April 15 2014, @03:35AM

      by cwadge (3324) on Tuesday April 15 2014, @03:35AM (#31653) Homepage Journal
      ...then the attackers have a "trusted" back-channel into all of your hosts, whether their functions are related or not. I'm playing devil's advocate here of course; maybe they're all super well-hardened, the same from the inside as from outside the private network, but that's still a pretty large and potentially complex perimeter to defend.

      Just my $0.02, of course.
  • (Score: 1) by cwadge on Tuesday April 15 2014, @03:06AM

    by cwadge (3324) on Tuesday April 15 2014, @03:06AM (#31642) Homepage Journal
    • It's open source.
    • The client works on all the major platforms, and also with off-the-shelf VPN clients like Tunnelblick and Viscosity.
    • The server works with most major Linux distributions, on bare metal or in [para]virtualization.
    • It's free for the first two (simultaneous) users.
    • Licensing is very reasonable after two users (less than $10/yr/seat, IIRC).
    • It uses PolarSSL under the hood, not OpenSSL, so it was never vulnerable to Heartbleed.
    • It's super easy for an admin to configure securely.
    • It's also super easy for the client to use.

    In the interest of full disclosure, I'm not affiliated with OpenVPN-AS in any way, but I have successfully deployed it at several companies in the past. Give it a spin, I think you'll be impressed.

  • (Score: 1) by pipingDot on Tuesday April 15 2014, @03:14AM

    by pipingDot (107) on Tuesday April 15 2014, @03:14AM (#31646)

    $40ish per year, a dozen servers (half USA, half scattered elsewhere), beta Linux client that works as well as the Windows variety.

  • (Score: 2) by SlimmPickens on Tuesday April 15 2014, @10:39AM

    by SlimmPickens (1056) on Tuesday April 15 2014, @10:39AM (#31732)

    First you need to start researching the Snowden information and then you'll start to understand what it's going to take to build yourself a secure network. You need a shit load more than a vpn.

  • (Score: 0) by Anonymous Coward on Wednesday April 16 2014, @12:05PM

    by Anonymous Coward on Wednesday April 16 2014, @12:05PM (#32267)

    I'd suggest mullvad.net, and you can even pay for it with bitcoin so they don't even have records of who you are.