HowTo!!! Verify that your VPN is hooking you up correctly

[jafadmin]

The good folks at Ubuntu have always run a geo-location server for the purposes of facilitating Ubuntu/Mint Linux installations.

HERE IS HOW we can use this to verify our VPN configurations. It uses wget to pull down a quick xml packet with all the GeoLocate info for the web-facing network connection.

It will display your lan IP, public IP, geolocation, and VPN type using yad.

Linky on ur desktop, and Robert is your mother's brother ..

[enrique]

jafadmin This is what I was looking. You made my day. Keep the good work.

[jafadmin]

jafadmin This is what I was looking. You made my day. Keep the good work.

[Flash]

Thanks, jafadmin. I have a question: is either one of the IP addresses the Netinfo shell script returns, the one that should be used to make a P2P PuppyPhone call? I have so many IP addresses to choose from that it's confusing.

[d4rkn1ght]

This is great! It is just what I was looking for. Thanks!

[jafadmin]

Thanks, jafadmin. I have a question: is either one of the IP addresses the Netinfo shell script returns, the one that should be used to make a P2P PuppyPhone call? I have so many IP addresses to choose from that it's confusing.

IT DEPENDS ENTIRELY ON YOUR GATEWAY SETTING!

More about "gateways" on VPN, some other time ...

[gabtech]

Hi jafadmin

How do I execute the script?

[enrique]

I am no expert so please use this as a guide not as the correct answer.

...How do I execute the script?...

I assume you are a newbie, please forgive me if you are not. So I give explicit solution.

1-Need to be sure you have all app needed if not install. In Puppy use PPM. In debian distros us apt.
a-This one you may have: wget bash printf grep tar
b-This ones you may not: yad zenity

2-Lets make a workspace to PLAY in your home folder or ~.
Open a terminal. In my case the prompt look like this root@live:~#. But I will not write this.

Code: Select all

cd ~
mkdir netinfo
cd netinfo

3-Copy "netinfo.yad.tar.gz" & extract the file to your new folder inside HOME ~\netinfo To extract you can do

Code: Select all

tar -xf netinfo.yad.tar.gz

4-Now you have a file name called ~/netinfo/netinfo.yad

5-Lets look at what it contains.

Code: Select all

cat ~/netinfo/netinfo.yad

scroll back and see 1rts line it looks like #! /bin/bash. This means it is a BASH SCRIPT FILE. Lets make sure it is executable

Code: Select all

chmod +x ~/netinfo/netinfo.yad

Now you can execute it by

Code: Select all

~/netinfo/netinfo.yad

or just

Code: Select all

./netinfo.yad

Then you should see your VPN info if you have openvpn running. Something like this:


Edit:
Answer for "Flash" moved to Please sugest: Internet Phone SIP

[Flash]

Wow, that deserves to be its own How-To. Thanks, enrique.

Rox simplifies making a script executable: right-click on the script and choose Permissions, which automatically offers to make the script executable. All you have to do is click on Yes. Then the script will run when you click on it.

If that's too much work, you can open the script in Geany (just clicking on a script will usually open it in Geany), highlight and copy the entire script, then paste it into a console.

[enrique]

@Flash I know Rox and JVM are powerfull. That is the reason to be the standard for Puppy. In my case I come from hated Widows, so I personally prefer LXDE, pcmanfm & lxterminal. I am pretty sure ROX have a lot to offer.

I did posted explicit answers to be consider with our friend gabtech. As he was stuck in "How do I execute the script?". I hope I help him too.

[jafadmin]

Thanks, jafadmin. I have a question: is either one of the IP addresses the Netinfo shell script returns, the one that should be used to make a P2P PuppyPhone call? I have so many IP addresses to choose from that it's confusing.

All kidding aside, the "link IP" adapter is your Layer 2 connection. This is probably what you need for voice. If you use it while running VPN, you may need to add a static route.

The Problem: Some VPN solutions connect and leave you running with multiple "default" gateways and static routes. Use the 'route' command before and after making an OpenVPN connection, and you will see what I mean. This is what leads to "VPN leaking".

"VPN leaking" is when your VPN tunnel fails, but your tcpip traffic continues anyway over the level 2 (real) gateway, exposing your real IP address to those sites you are connected to, without your knowledge.

[gabtech]

Hi enrique

Thanks for the howto.

[enrique]

..."VPN leaking"...

It is not my intention to start a controversial dialog. Just keep in mind that.

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. ...To ensure security, the private network connection is established using an encrypted layered tunneling protocol, and...

This is what VPN was invented. And in fact on early days we use VPN just to connect to our Official Jobs. Accessing the WWW was absolutely impossible as computers where block from www.

Then some realize it was versatile tool to use on Public Host Spot as connection is encrypted.

Finally Nexflix age came, Now netflix users around the world wrongly think what the purpose of VPN. They think VPN are proxy .

An anonymous open proxy allows users to conceal the IP address of their device while browsing the Web or using other Internet services.

So yes many companies offer VPN services for the only purpose of a supposed anonymity. And yes for some time it most likely did the job. BUT People that is not the case today.

Today we live in the era of Cookies, HTTPS and Java Script, etc, etc etc. There are servers in the net that only purpose is to track all the places we been and go. Now ignore all but https. https ONLY defines who you are. It does not only do encryption but it signins all what leaves our PC. So no maters how hard you try to hide your unique signature will expose you. You can use tor, many other black/underground web or even VPN. As soon as you reach the web page you are looking your https will inform that page your uniqueness in the web. Listen I am not even mentioning your IPV6 unique address assigned to you.

So yes try as hard as you can if your intention is to hide. But realize that we got to a time in history that it is impossible to achieve.

Now to the important. My current PC has a wlan0 adapter. I think ( I maybe wrong) I recall in old time that Openvpn will remove wlan0 and all other adapters leaving ONLY the tab0 adapter available. Preventing any leaks. But at the moment I still see wla0 even with openvpn running. I will try to find out how to test this adapter for leaks. But I am pretty sure this comes with systemd era changes.

In my case I leave in America and I do not have to try to change my location. I use VPN for encryption over public networks/hotspot and just a little as to hide who I am.

[OscarTalks]

Hello jafa,

Thanks for this. I have been testing it a bit.
Should it be
if [ -z "$UpLink" ];
in order for the No Network message to appear ( "$" is missing ) ?

The bit about | grep "state UP" -A2 finds nothing so returns no output for me here.
I can grep for something else ( eg MULTICAST ) and get eth0 or wlan0 or tun1 reported plus LAN IP

Personally I prefer CountryName over CountryCode and I increase the widths a bit accordingly.

[jafadmin]

Hello jafa,

Thanks for this. I have been testing it a bit.
Should it be
if [ -z "$UpLink" ];
in order for the No Network message to appear ( "$" is missing ) ?

The bit about | grep "state UP" -A2 finds nothing so returns no output for me here.
I can grep for something else ( eg MULTICAST ) and get eth0 or wlan0 or tun1 reported plus LAN IP

Personally I prefer CountryName over CountryCode and I increase the widths a bit accordingly.

Good catch Oscar. I fixed and uploaded a new one.

You may have a version of 'ip' that responds differently than the version I have. Try running just the "ip address show" command and posting results here so we can compare?
Mine:

Code: Select all

root# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 78:2b:cb:8c:64:2f brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.110/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.19.11.6 peer 10.19.11.5/32 scope global tun0
       valid_lft forever preferred_lft forever
root# 

We'll figger it out ..

.

[enrique]

@OscarTalks nice catch. I been busy to little time to work, I should have seen it did not show "NO Network". Funny I did test yours and found it did not work for me. That is why I made some changes. And now I also realize I did not say anything. Sorry. I need to be more alert in the future.

For the record grep "state UP" -A2 does work for me.

I am using BusterDog64. Ip Vesion

Code: Select all

root@live:~# ip -V
ip utility, iproute2-ss190107

With network I get

Code: Select all

root@live:~# ip address show | grep "state UP" -A2 | grep inet | echo $?
127

Without Network I get

Code: Select all

root@live:~# ip address show | grep "state UP" -A2 | grep inet | echo $?
0

So after the correction if [ -z "$UpLink" ]; All work fine with me.

Let me see if I had time today for the rotate ovpn script. See I am using you guys jafadmin & OscarTalks as an excuse to learn bash. I do write in C but bash is for the most part new to me. Do not get me wrong I can follow a program. Writing one from of my own is another story. HEHEHEHE

[OscarTalks]

The string "state UP" is present in BionicPup32 so it works.
Unfortunately not so in Stretch and not in Wheezy either.
The executable ip is a symlink to busybox in all cases

Stretch with no VPN

Code: Select all

# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
    link/ether 84:2b:2b:95:6f:95 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.14/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
#

Stretch with OpenVPN connected

Code: Select all

# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
    link/ether 84:2b:2b:95:6f:95 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.14/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/[65534] 
    inet 10.211.1.177 peer 10.211.1.178/32 scope global tun0
       valid_lft forever preferred_lft forever
#

Wheezy with no VPN

Code: Select all

# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
    link/ether 84:2b:2b:95:6f:95 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.12/24 brd 192.168.1.255 scope global eth0
#

Wheezy with OpenVPN connected

Code: Select all

# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
    link/ether 84:2b:2b:95:6f:95 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.12/24 brd 192.168.1.255 scope global eth0
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/[65534] 
    inet 10.211.1.197 peer 10.211.1.198/32 scope global tun0
#

[jafadmin]

Thanks, Oscar. I think we can use "MULTICAST,UP" instead. It seems to work on both.

I've changed the script download.

Thanks for the testing.

[foxpup]

@enrique very nice instructions for puppyphone with IP!!

Now you need to know the Port PuppyPhone is using:

Code: Select all

netstat -peanut | grep psip

When I try this I get 2 ports, 5060 and 5061:

Code: Select all

root# netstat -peanut | grep psip
tcp        0      0 0.0.0.0:5060            0.0.0.0:*               LISTEN      0          91578      29175/./psip64      
tcp        0      0 0.0.0.0:5061            0.0.0.0:*               LISTEN      0          91582      29175/./psip64      
udp        0      0 0.0.0.0:5060            0.0.0.0:*                           0          91575      29175/./psip64 

Any idea what this means?
I don't use VPN.

[enrique]

To prevent hijack I answer you here Please sugest: Internet Phone SIP