Mailing List Archive

Walter Dnes wrote:
> I've been on Gentoo for years and years, but I've never used a VPN, so
> consider me an absolute newbie. Canadian big news media has
> successfully lobbied our government to implement a link tax. Google has
> decided to avoid the tax by not linking to it in Google search. This
> morning I tried to find some news about the Russian invasion from my
> desktop PC, and the results were brutal. No links from any Canadian
> sources (as expected) or US (CNN) or UK (BBC). Talk about draconian. I
> need a VPN to make me "self-identify" as being in the USA, or wherever,
> so that Google doesn't censor news on me.
>
> Many commercial VPNs claim to support linux. Do they do this at the
> OS level as an executable, or at the browser level as an extension?
> Extension would be bad for me, because Chrome and Firefox extensions
> don't work on Pale Moon (my "daily driver"). I notice the existance of
> a "net-vpn" category in the repo, too. What works for people here, and
> how well? What are your experiences?
>


I been using Surfshark and openvpn for over a year.  They have a pretty
large list of countries, multiple cities in some countries, to pick
from.  I deal with torrents and that is my reason for the need of a VPN,
just in case some may be questionable. 

I suspect that some features are not available because I use openvpn
instead of the software Surfshark provides for other binary distros but
it does work with openvpn software.  Once I start openvpn and give it a
minute to set up the connection and all, it works great.  It is a system
wide VPN tho.  Everything goes through the VPN.  There may be a way to
create a tunnel but I've never tried it.  Sometimes, I'd like for a
particular profile of Firefox to bypass the VPN but it may be
complicated to set up so I never tried. 

I do have one bill that I have to disable the VPN to pay.  It picks up
that I'm not where I should be, and have always been in the past, and it
doesn't allow me to login.  My bank did the same at first but I
contacted them and they adjusted the setting on my account to allow me
to login with the VPN running or not.  I did tell them three cities I
use tho, IP of course varies.  No problems since.  If you just use yours
on occasion, this won't likely affect you as you will likely only run
yours when needed. For simplicity, I run mine 24/7. 

The biggest thing to look for when picking a VPN, no logs.  Some VPN
companies do manage to have logs and those can lead to problems if you
are trying to get around legal issues.  Given you are trying to work
around laws in your country, I'd suggest no logs being a requirement. 
Keep in mind, this also limits the ability to assist with problems as
there is no logs for them to look at except for your connection logs
that is generated locally.  So far, I only had one problem and I
switched to another city and it worked great ever since.  I did inform
them of the city I was having problems with in case others report a
similar problem.  No idea if it ever affected anyone else. 

I might add, for a while, I used Surfshark in my router.  That however
created problems with my cell phone.  Some apps just did not like that I
was somewhere else.  It changed a lot. That's why I switched to using
openvpn on the computer itself.  My cell phone knows I'm here in the
real world while the computer appears to be elsewhere.

If you pick Surfshark, I should be able to help set it up.  If I recall
correctly, you pick the config file for the city/location you want,
rename it to openvpn.conf and place it in /etc/openvpn directory.  Start
openvpn and it should work.  I think that is it.  I usually add the name
of the file to the content of the file as a comment so I know what file
the city belongs to easily.  It makes it easier if I want to switch
cities.  I do that sometimes, just to keep anyone guessing.  ROFL 

That help any?  I'd be surprised if the same won't work for others as it
does Surfshark. 

Dale

:-)  :-) 

On Sat, Aug 19, 2023 at 10:27:37PM -0500, Dale wrote

> I been using Surfshark and openvpn for over a year.? They have a pretty
> large list of countries, multiple cities in some countries, to pick
> from.? I deal with torrents and that is my reason for the need of a VPN,
> just in case some may be questionable.?
>
> I suspect that some features are not available because I use openvpn
> instead of the software Surfshark provides for other binary distros but
> it does work with openvpn software.? Once I start openvpn and give it a
> minute to set up the connection and all, it works great.

??? You're saying you run Surfshark on top of OpenVPN ??? I'm
confused here. Why the extra layer? OpenVPN looks rather complex.
According to https://linux.die.net/man/8/openvpn

> OpenVPN is a robust and highly flexible VPN daemon. OpenVPN supports
> SSL/TLS security, ethernet bridging, TCP or UDP tunnel transport
> through proxies or NAT, support for dynamic IP addresses and DHCP,
> scalability to hundreds or thousands of users, and portability to
> most major OS platforms.

I basically want browsers (Pale Moon browser and Google Chrome) to
show up with an IP address in a different country. The major players
that "support linux" do Ubuntu/Debian/Mint. I assume we're looking at
unpacking a .deb.

--
I've seen things, you people wouldn't believe; Gopher, Netscape with
frames, the first Browser Wars. Searching for pages with AltaVista,
pop-up windows self-replicating, trying to uninstall RealPlayer. All
those moments, will be lost in time like tears in rain... time to die.

On Sunday, 20 August 2023 11:49:18 BST Walter Dnes wrote:
> On Sat, Aug 19, 2023 at 10:27:37PM -0500, Dale wrote
>
> > I been using Surfshark and openvpn for over a year. They have a pretty
> > large list of countries, multiple cities in some countries, to pick
> > from. I deal with torrents and that is my reason for the need of a VPN,
> > just in case some may be questionable.
> >
> > I suspect that some features are not available because I use openvpn
> > instead of the software Surfshark provides for other binary distros but
> > it does work with openvpn software. Once I start openvpn and give it a
> > minute to set up the connection and all, it works great.
>
> ??? You're saying you run Surfshark on top of OpenVPN ??? I'm
> confused here. Why the extra layer?

OpenVPN is a VPN implementation using OpenSSL to encrypt the end-to-end
network connection between client and server. There are other VPN
implementations and client-server applications using different encryption
mechanisms and a wide variety of ciphers/algos.

OpenVPN is offered as a method to set up a secure connection to an ever
increasing number of VPN ISPs, who are essentially selling an anonymising
service.

Surfshark happens to be one of these ISPs and OpenVPN is just one of the
methods they offer to secure the connection to their servers.


> OpenVPN looks rather complex.
> According to https://linux.die.net/man/8/openvpn
>
> > OpenVPN is a robust and highly flexible VPN daemon. OpenVPN supports
> > SSL/TLS security, ethernet bridging, TCP or UDP tunnel transport
> > through proxies or NAT, support for dynamic IP addresses and DHCP,
> > scalability to hundreds or thousands of users, and portability to
> > most major OS platforms.

OpenVPN is widely used because it is relatively easy to configure on the
client side and provides binary client applications for every/most OS. Other
VPN methods are IKE/IPSec typically used by corporate setups and the more
recent and arguably better Linux implementation of WireGuard.


> I basically want browsers (Pale Moon browser and Google Chrome) to
> show up with an IP address in a different country. The major players
> that "support linux" do Ubuntu/Debian/Mint. I assume we're looking at
> unpacking a .deb.

What you are looking for is an anonymising *browsing* proxy. Assuming this
has no legal implications for your country, i.e. as an end user circumventing
the newly enacted law, the easiest and free from fees approach would be to
download and use the tor browser:

https://www.torproject.org/download/

Or, if you must use your own browsers, then install the net-vpn/tor and
potentially net-proxy/privoxy daemons, start them up and setup your browser
network tab to point it to your localhost:9050. More detail here:

https://wiki.gentoo.org/wiki/Tor

There used to be a lot of open proxy HTTP/HTTPS/FTP/SOCKS4/SOCKS5 servers
available in datacenters around the world. Some of them may still be free,
but it is also likely they may full of malware and man-in-the-middle attacks.

NOTE: depending on your need to protect your anonymity/privacy, you may also
need to configure your DNS resolver connection to take place via the remote
VPN server, than via your local ISP. Most VPN implementations provide this
function.

Michael wrote:
> On Sunday, 20 August 2023 11:49:18 BST Walter Dnes wrote:
>> On Sat, Aug 19, 2023 at 10:27:37PM -0500, Dale wrote
>>
>>> I been using Surfshark and openvpn for over a year. They have a pretty
>>> large list of countries, multiple cities in some countries, to pick
>>> from. I deal with torrents and that is my reason for the need of a VPN,
>>> just in case some may be questionable.
>>>
>>> I suspect that some features are not available because I use openvpn
>>> instead of the software Surfshark provides for other binary distros but
>>> it does work with openvpn software. Once I start openvpn and give it a
>>> minute to set up the connection and all, it works great.
>> ??? You're saying you run Surfshark on top of OpenVPN ??? I'm
>> confused here. Why the extra layer?
> OpenVPN is a VPN implementation using OpenSSL to encrypt the end-to-end
> network connection between client and server. There are other VPN
> implementations and client-server applications using different encryption
> mechanisms and a wide variety of ciphers/algos.
>
> OpenVPN is offered as a method to set up a secure connection to an ever
> increasing number of VPN ISPs, who are essentially selling an anonymising
> service.
>
> Surfshark happens to be one of these ISPs and OpenVPN is just one of the
> methods they offer to secure the connection to their servers.
>

Some responses are for the OP, some for the person replying or both. 

This is correct.  Like a lot of VPN providers, Surfshark has their own
software you can install however Gentoo doesn't have it in the tree, or
a overlay that I know of.  So basically I pay for the username, password
and access then use my own software for the VPN service.  If you can get
Surfshark to install on Gentoo, from what I've seen it is pretty nice
and highly configurable.  I guess there isn't enough demand for it in
Gentoo.  Either Surfshark would help with a ebuild or someone who knows
how would make one. 

>> OpenVPN looks rather complex.
>> According to https://linux.die.net/man/8/openvpn
>>
>>> OpenVPN is a robust and highly flexible VPN daemon. OpenVPN supports
>>> SSL/TLS security, ethernet bridging, TCP or UDP tunnel transport
>>> through proxies or NAT, support for dynamic IP addresses and DHCP,
>>> scalability to hundreds or thousands of users, and portability to
>>> most major OS platforms.
> OpenVPN is widely used because it is relatively easy to configure on the
> client side and provides binary client applications for every/most OS. Other
> VPN methods are IKE/IPSec typically used by corporate setups and the more
> recent and arguably better Linux implementation of WireGuard.
>

This is also true.  Basically, I got a copy of the config file from
Surfshark for the city I wanted, renamed it and put it in the openvpn
directory.  I then created a login file with my username and password. 
After that, from what I recall, just start the service.  If it gets any
easier, it would be magic. 

>> I basically want browsers (Pale Moon browser and Google Chrome) to
>> show up with an IP address in a different country. The major players
>> that "support linux" do Ubuntu/Debian/Mint. I assume we're looking at
>> unpacking a .deb.
> What you are looking for is an anonymising *browsing* proxy. Assuming this
> has no legal implications for your country, i.e. as an end user circumventing
> the newly enacted law, the easiest and free from fees approach would be to
> download and use the tor browser:
>
> https://www.torproject.org/download/
>
> Or, if you must use your own browsers, then install the net-vpn/tor and
> potentially net-proxy/privoxy daemons, start them up and setup your browser
> network tab to point it to your localhost:9050. More detail here:
>
> https://wiki.gentoo.org/wiki/Tor
>
> There used to be a lot of open proxy HTTP/HTTPS/FTP/SOCKS4/SOCKS5 servers
> available in datacenters around the world. Some of them may still be free,
> but it is also likely they may full of malware and man-in-the-middle attacks.
>
> NOTE: depending on your need to protect your anonymity/privacy, you may also
> need to configure your DNS resolver connection to take place via the remote
> VPN server, than via your local ISP. Most VPN implementations provide this
> function.


That may be a better option and I think it is a free option at that.  As
you point out, make sure what is allowed by law and if needed, make sure
it is safe to use.  I've read that in some countries that even having
certain software installed can be illegal. 

Dale

:-)  :-) 

On Sunday, 20 August 2023 13:58:08 BST Dale wrote:
> Michael wrote:

> > OpenVPN is a VPN implementation using OpenSSL to encrypt the end-to-end
> > network connection between client and server. There are other VPN
> > implementations and client-server applications using different encryption
> > mechanisms and a wide variety of ciphers/algos.
> >
> > OpenVPN is offered as a method to set up a secure connection to an ever
> > increasing number of VPN ISPs, who are essentially selling an anonymising
> > service.
> >
> > Surfshark happens to be one of these ISPs and OpenVPN is just one of the
> > methods they offer to secure the connection to their servers.
>
> Some responses are for the OP, some for the person replying or both.
>
> This is correct. Like a lot of VPN providers, Surfshark has their own
> software you can install however Gentoo doesn't have it in the tree, or
> a overlay that I know of.

As I understand it, Surfshark offers OpenVPN and WireGuard binaries for those
who don't compile their own software, or for those who can't configure their
OpenVPN/WireGuard client to point it to the Surfshark servers.

Surfshark also provide extensions for browsers, for those who can't set their
browser's proxy settings to use selectively the VPN tunnel.

I haven't looked into Surfshark to know their particular offerings, GUI front
ends and mobile phone options, but generally speaking VPN configurations can
be:

Full tunnel, whereby the PC default routing is configured to route all
external network connections through the VPN tunnel.

Split tunnel, whereby some domain/IP connections are routed via the VPN tunnel
(e.g. to your company's LAN/Intranet), but the rest of the PC connections
continue to be routed normally via the local ISP connection. In this way, you
can connect to the corporate network securely to access corporate files/
emails/databases, etc., while still being able to browse the latest sports
results, or whatever is available across the Interwebs without going through
your company's network.

Michael wrote:
> On Sunday, 20 August 2023 13:58:08 BST Dale wrote:
>> Michael wrote:
>>> OpenVPN is a VPN implementation using OpenSSL to encrypt the end-to-end
>>> network connection between client and server. There are other VPN
>>> implementations and client-server applications using different encryption
>>> mechanisms and a wide variety of ciphers/algos.
>>>
>>> OpenVPN is offered as a method to set up a secure connection to an ever
>>> increasing number of VPN ISPs, who are essentially selling an anonymising
>>> service.
>>>
>>> Surfshark happens to be one of these ISPs and OpenVPN is just one of the
>>> methods they offer to secure the connection to their servers.
>> Some responses are for the OP, some for the person replying or both.
>>
>> This is correct. Like a lot of VPN providers, Surfshark has their own
>> software you can install however Gentoo doesn't have it in the tree, or
>> a overlay that I know of.
> As I understand it, Surfshark offers OpenVPN and WireGuard binaries for those
> who don't compile their own software, or for those who can't configure their
> OpenVPN/WireGuard client to point it to the Surfshark servers.
>
> Surfshark also provide extensions for browsers, for those who can't set their
> browser's proxy settings to use selectively the VPN tunnel.
>
> I haven't looked into Surfshark to know their particular offerings, GUI front
> ends and mobile phone options, but generally speaking VPN configurations can
> be:
>
> Full tunnel, whereby the PC default routing is configured to route all
> external network connections through the VPN tunnel.
>
> Split tunnel, whereby some domain/IP connections are routed via the VPN tunnel
> (e.g. to your company's LAN/Intranet), but the rest of the PC connections
> continue to be routed normally via the local ISP connection. In this way, you
> can connect to the corporate network securely to access corporate files/
> emails/databases, etc., while still being able to browse the latest sports
> results, or whatever is available across the Interwebs without going through
> your company's network.


I did my setup the manual way.  I couldn't find a decent howto so I
found it easier.  There may be other ways I'm not aware of but copying
one file and creating a file for login seems easy enough. 

I do sometimes wish I could tell Firefox to bypass the VPN but as I
said, it sounded complicated to setup so I never tried.  I'm sure it is
doable tho. 

At least Walter has a few options.  If he doesn't like Surfshark, I'm
sure others would work the same way.  Your way may be easier and cheaper
tho. 

Dale

:-)  :-) 

> -----Original Message-----
> From: Walter Dnes <waltdnes@waltdnes.org>
> Sent: Saturday, August 19, 2023 7:34 PM
> To: Gentoo Users List <gentoo-user@lists.gentoo.org>
> Subject: [gentoo-user] VPN newbie questions
>
> CAUTION: This is an EXTERNAL email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> I've been on Gentoo for years and years, but I've never used a VPN, so consider me an absolute newbie. Canadian big news media has successfully lobbied our government to implement a link tax. Google has decided to avoid the tax by not linking to it in Google search. This morning I tried to find some news about the Russian invasion from my desktop PC, and the results were brutal. No links from any Canadian sources (as expected) or US (CNN) or UK (BBC). Talk about draconian. I need a VPN to make me "self-identify" as being in the USA, or wherever, so that Google doesn't censor news on me.
>
> Many commercial VPNs claim to support linux. Do they do this at the OS level as an executable, or at the browser level as an extension?
> Extension would be bad for me, because Chrome and Firefox extensions don't work on Pale Moon (my "daily driver"). I notice the existance of a "net-vpn" category in the repo, too. What works for people here, and how well? What are your experiences?
>
> --
> I've seen things, you people wouldn't believe; Gopher, Netscape with frames, the first Browser Wars. Searching for pages with AltaVista, pop-up windows self-replicating, trying to uninstall RealPlayer. All those moments, will be lost in time like tears in rain... time to die.
>
>

If you want something in the tree and free, TOR can be told to expose a control port which you can then use to tell it how many hops you want and what exit nodes to use. One-hop tunnels are not particularly great for disguising yourself, but that's not your goal in this case.

At least... Not until they decide to crack down on link-tax evasion.

There used to be a GUI frontend for it called "Vidalia". But it hasn't been updated in a long time. Not sure if there's a replacement.

LMP

On 20/08/2023 03:34, Walter Dnes wrote:
> I've been on Gentoo for years and years, but I've never used a VPN, so
> consider me an absolute newbie. Canadian big news media has
> successfully lobbied our government to implement a link tax. Google has
> decided to avoid the tax by not linking to it in Google search. This
> morning I tried to find some news about the Russian invasion from my
> desktop PC, and the results were brutal. No links from any Canadian
> sources (as expected) or US (CNN) or UK (BBC). Talk about draconian. I
> need a VPN to make me "self-identify" as being in the USA, or wherever,
> so that Google doesn't censor news on me.

Lets hope it goes the way of the Belgian link tax. Shortly after
enacting it, the local news media etc etc found traffic (and ad revenue)
went through the floor, and begged the search engines to add them back.

I don't know the deal struck, but it sounds like a private contract
between the news agency(s) and the search engines "you index us, and we
won't charge you a penny".

Hopefully your law doesn't outlaw those sorts of deals - or the news
media might soon be begging the government to repeal the law :-)

Cheers,
Wol

On Sat, 2023-08-19 at 22:34 -0400, Walter Dnes wrote:
>   Many commercial VPNs claim to support linux.  Do they do this at the
> OS level as an executable, or at the browser level as an extension?

The real answer, that I suspect you're looking for, is no. There's no
custom software required in almost any case.

Most commercial VPNs are based on OpenVPN. They might publish their
own client, but it is just a dolled-up (non-free) wrapper around
OpenVPN. All of the real work is done in a configuration file.

If you sign up for an account, they will provide you with a set of
credentials, and a configuration file that will connect you to one or
more of their endpoints. You can drop that configuration file right
into /etc/openvpn/ and go.

The provider I use (omitted to avoid any pretense of shilling) provides
a dozen or so different "exit" points in the US. I keep configuration
files for a handful of them so I can switch at will (via a simple shell
script) in case one stops working or I need to switch locations for
whatever reason.