A Simple VPN Implementation

How to do things, solutions, recipes, tutorials
Message
Author
Mr.Spenalzo
Posts: 6
Joined: Thu 28 Sep 2017, 17:29

A Simple VPN Implementation

#16 Post by Mr.Spenalzo »

Hello OscarTalks. Thank you for this! Works great on 32 bit TahrPup.

freddieodom

#17 Post by freddieodom »

Very useful and in-depth post. I amazed to read it. Can you let me know that Astrill VPN can run with this program? Thanks

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#18 Post by OscarTalks »

Thanks for the comments.
It is difficult to give a definitive answer regarding Astrill VPN or any of the other paid-for VPN services unless I sign up for them, but generally speaking it should be possible to use this system to access their services. I took a brief look and it appears that they do support OpenVPN which is what my system uses. If you sign up, they should provide you with a bundle of .ovpn configuration files. These are just text files. Not sure if you may also need to grab certificates and add those in as well. Often they are already included in the .ovpn file. Their wiki had some information which you might need to study. Essentially though, you just pluck out the .ovpn file for the VPN server you want to access and use that.
Oscar in England
Image

freddieodom

#19 Post by freddieodom »

Thank you so much @OscarTalks for taking time for me.

foxpup
Posts: 1132
Joined: Fri 29 Jul 2016, 21:08

openvpn in RC3 dPupStretch from radky

#20 Post by foxpup »

I tried simple VPN in the RC3 for Stretch from radky.
I expected that the openvpn pet for stretch from OscarTalks would work, but it didn't.

I compiled it from source then, and now it does work. The version is now 2.4.6.
You can download it here: https://drive.google.com/open?id=1Ead00 ... u5hxaJkm0f

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#21 Post by OscarTalks »

Thanks for letting me know about the stretch .pet
I have removed it from my Smokey01.com repo, at least for now.
Maybe some library version (such as OpenSSL or something) has been updated in Radky's build, but this is now the main version of Dpup Stretch so packages should be compatible with it. Compiling from source is always a good move, or folks can use your openvpn build since it has been tested.

UPDATE
I have compiled openvpn-2.4.6 in Radky's Dpup Stretch so hopefully that will work OK.
Uploaded to http://smokey01.com/OscarTalks
Last edited by OscarTalks on Mon 11 Feb 2019, 01:46, edited 1 time in total.
Oscar in England
Image

foxpup
Posts: 1132
Joined: Fri 29 Jul 2016, 21:08

#22 Post by foxpup »

OscarTalks wrote:Maybe some library version (such as OpenSSL or something) has been updated in Radky's build, but this is now the main version of Dpup Stretch so packages should be compatible with it.

Code: Select all

openvpn --config /etc/vpnconfig
gave some error with 'ifconfig failed' which leeds to busybox and the version of busybox in radky's RC3 is much newer.

BTW, I found the freeVPN servers a lot better than VPNbook. I use it to go on IRC chat sometimes. It could be that VPNbook is better for other uses.

User avatar
bacteriax
Posts: 3
Joined: Wed 06 Feb 2019, 21:10

Need help getting openvpn working please.

#23 Post by bacteriax »

Hi,
My 1st post. Long time linux user.
Previously, used puppy on compaq laptop 12 years ago.
I love this OS, and for the most everything is going great.
Running Xenial 32 booting from usb with 4gb .sfs file.
Followed steps 1-5 in OscarTalks initial post, but when
the default browser opens it reveals my default ip address.
Any ideas as to why or what I can do to correct my
openvpn connection would be appreciated.
Thank you

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#24 Post by OscarTalks »

Hello bacteriax,

Sorry that this thread is something which you have to use as a guide and figure out a few specifics on your Puppy and your system, rather than a simple install-and-go solution.

I can tell you that it is working for me on various Puppies and I use it fairly often.

Might not be easy to help, but I am wondering which version of openvpn you have installed, Ubuntu version via PPM or some other?
I have found that compiling from source is always best if you know how to do that.

Also, which VPN provider are you trying to use?
I know that VPNbook changed some of their servers recently and added a couple of new ones, so you may need to grab a fresh bundle of their .ovpn config files. Some of the old ones will not work at all any more.

I still mostly use the freevpn.me service rather than VPNbook, but the password on that is changing once or twice a week sometimes. Only takes a couple of minutes to grab the new password and update though.

I suggest running from terminal with the command as mentioned above

Code: Select all

openvpn --config /etc/vpnconfig
That should provide more clues as well as to why it is not initialising as it should.
Oscar in England
Image

User avatar
bacteriax
Posts: 3
Joined: Wed 06 Feb 2019, 21:10

openvpn --config /etc/vpnconfig terminal output:

#25 Post by bacteriax »

Hi Oscartalks thanks for your reply.
I have installed the openvpn-2.4.5-i686-xenial that you kindly compiled downloaded from your repo
I I am attempting to connect to vpnbook set to the euro server your build defaults to.
After your suggestion I downloaded the vpnbook pl sever openvpn.zip.
I unzipped and renamed the port 80 file to vpnpl without an extension.
I then deleted the euro1 symlink and made new symlink from vpnpl file called vpnconfig.
I then used the connect vpn menu entry but had same result as before.

Here is the openvpn --config /etc/vpnconfig terminal output:
root# openvpn --config /etc/vpnconfig
Fri Feb 8 10:33:33 2019 OpenVPN 2.4.5 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 24 2018
Fri Feb 8 10:33:33 2019 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Fri Feb 8 10:33:33 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]176.126.237.217:80
Fri Feb 8 10:33:33 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Fri Feb 8 10:33:33 2019 Attempting to establish TCP connection with [AF_INET]176.126.237.217:80 [nonblock]

Any thoughts or insight you can share would be greatly appreciated.
Thanks again,
BX

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#26 Post by OscarTalks »

Hello BX,

Sounds like you are doing the right things.

I don't personally run Xenial, but I'm sure I tested that build after I compiled it so that should be OK

The old euro1 and euro2 servers are definitely gone. The pl one you have used is one of the replacements along with the de which allow p2p. I can only suggest you try some of the other servers and other port numbers by repeating what you did with the pl .ovpn config file.

Ah, just thought of something.
You might need to edit the line in the .ovpn config file which reads
auth-user-pass
You need to add the path to the passfile with stored username and password so it reads:-
auth-user-pass /etc/vpnpass

Here is my edited .ovpn file for pl

Code: Select all

client
dev tun3
proto tcp
remote 51.68.152.226 80
remote pl226.vpnbook.com 80
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass /etc/vpnpass
auth-nocache
comp-lzo
verb 3
cipher AES-128-CBC
pull
route-delay 2
redirect-gateway
<ca>
-----BEGIN CERTIFICATE-----
MIIDyzCCAzSgAwIBAgIJAKRtpjsIvek1MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD
VQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNV
BAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9vay5j
b20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkB2
cG5ib29rLmNvbTAeFw0xMzA0MjQwNDA3NDhaFw0yMzA0MjIwNDA3NDhaMIGgMQsw
CQYDVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDAS
BgNVBAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9v
ay5jb20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1p
bkB2cG5ib29rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyNwZEYs6
WN+j1zXYLEwiQMShc1mHmY9f9cx18hF/rENG+TBgaS5RVx9zU+7a9X1P3r2OyLXi
WzqvEMmZIEhij8MtCxbZGEEUHktkbZqLAryIo8ubUigqke25+QyVLDIBuqIXjpw3
hJQMXIgMic1u7TGsvgEUahU/5qbLIGPNDlUCAwEAAaOCAQkwggEFMB0GA1UdDgQW
BBRZ4KGhnll1W+K/KJVFl/C2+KM+JjCB1QYDVR0jBIHNMIHKgBRZ4KGhnll1W+K/
KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmlj
aDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNvbTELMAkGA1UE
CxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2cG5ib29rLmNv
bTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCkbaY7CL3pNTAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKaoCEWk2pitKjbhChjl1rLj
6FwAZ74bcX/YwXM4X4st6k2+Fgve3xzwUWTXinBIyz/WDapQmX8DHk1N3Y5FuRkv
wOgathAN44PrxLAI8kkxkngxby1xrG7LtMmpATxY7fYLOQ9yHge7RRZKDieJcX3j
+ogTneOl2w6P0xP6lyI6
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID6DCCA1GgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMCQ0gx
DzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5i
b29rLmNvbTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYD
VQQpEwt2cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5j
b20wHhcNMTMwNTA2MDMyMTIxWhcNMjMwNTA0MDMyMTIxWjB4MQswCQYDVQQGEwJD
SDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNVBAoTC3Zw
bmJvb2suY29tMQ8wDQYDVQQDEwZjbGllbnQxIDAeBgkqhkiG9w0BCQEWEWFkbWlu
QHZwbmJvb2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkTM/8E+JH
CjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwKwv1AHYYU6RHpCxS1qFp3BEKL
vQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqbOwxx2Ye/1WoakSHia0pItoZk
xK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQABo4IBVzCCAVMwCQYDVR0TBAIw
ADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRl
MB0GA1UdDgQWBBTDr4BCNSdOEh+Lx6+4RRK11x8XcDCB1QYDVR0jBIHNMIHKgBRZ
4KGhnll1W+K/KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNV
BAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNv
bTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2
cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCk
baY7CL3pNTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZI
hvcNAQEFBQADgYEAoDgD8mpVPnHUh7RhQziwhp8APC8K3jToZ0Dv4MYXQnzyXziH
QbewJZABCcOKYS0VRB/6zYX/9dIBogA/ieLgLrXESIeOp1SfP3xt+gGXSiJaohyA
/NLsTi/Am8OP211IFLyDLvPqZuqlh/+/GOLcMCeCrMj4RYxWstNxtguGQFc=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCkTM/8E+JHCjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwK
wv1AHYYU6RHpCxS1qFp3BEKLvQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqb
Owxx2Ye/1WoakSHia0pItoZkxK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQAB
AoGANX508WQf9nVUUFlJ8LUZnnr4U2sEr5uPPNbcQ7ImTZm8MiMOV6qo/ikesMw5
8qCS+5p26e1PJWRFENPUVhOW9c07z+nRMyHBQzFnNAFD7TiayjNk1gz1oIXarceR
edNGFDdWCwXh+nJJ6whbQn9ioyTg9aqScrcATmHQxTit0GECQQDR5FmwC7g0eGwZ
VHgSc/bZzo0q3VjNGakrA2zSXWUWrE0ybBm2wJNBYKAeskzWxoc6/gJa8mKEU+Vv
ugGb+J/tAkEAyGSEmWROUf4WX5DLl6nkjShdyv4LAQpByhiwLjmiZL7F4/irY4fo
ct2Ii5uMzwERRvHjJ7yzJJic8gkEca2adQJABxjZj4JV8DBCN3kLtlQFfMfnLhPd
9NFxTusGuvY9fM7GrXXKSMuqLwO9ZkxRHNIJsIz2N20Kt76+e1CmzUdS4QJAVvbQ
WKUgHBMRcI2s3PecuOmQspxG+D+UR3kpVBYs9F2aEZIEBuCfLuIW9Mcfd2I2NjyY
4NDSSYp1adAh/pdhVQJBANDrlnodYDu6A+a4YO9otjd+296/T8JpePI/KNxk7N0A
gm7SAhk379I6hr5NXdBbvTedlb1ULrhWV8lpwZ9HW2k=
-----END RSA PRIVATE KEY-----
</key>
There are a couple of other minor edits from the original.
These are not fatal though:-
remote-cert-tls server
auth-nocache

You will need to do this with any and all of the other .ovpn files that you want to include as well.
Then switching the symlink switches the server.
Oscar in England
Image

User avatar
bacteriax
Posts: 3
Joined: Wed 06 Feb 2019, 21:10

#27 Post by bacteriax »

OscarTalks,
After creating a vpnbook pl profile with your provided code I was able to connect without a problem.
Thanks very much for your help!
Best,
BX

AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

VPN-Activator.pet

#28 Post by AvidHunter »

I'm having difficulty finding the VPN-Activator.pet, can someone please supply a link. I'm running Xenial Pup if it makes a difference.

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#29 Post by OscarTalks »

Hello AvidHunter,

The link to the .pet is in the first post of this thread. You should be able to download it from there, BUT take note that most of the VPNbook .ovpn config files are now expired and will not work.

If downloading fresh VPNbook .ovpn config files from their website, or if using .ovpn files from any other VPN provider, take note that you will need to edit them a bit, at least adding the path /etc/vpnpass to the auth-user-pass line. This is because you have to manually enter the username and password in the file /etc/vpnpass and openvpn has to know to look in that file to find those 2 things.

I would recommend anyone interested in using this VPN implementation should read carefully through all the posts of this thread in order to piece together all the bits of information.

I might try to upload an updated package of the scripts and config files when I get some time. The difficulty is that although the scripts should be OK indefinitely and in any Puppy, the .ovpn config files can go out of date if VPN providers change their servers. Also, the full package requires an openvpn executable and a yad executable renamed as "yad-vpn" (if you want a fully functional tray notification icon) and these need to be compiled for the Puppy you are running them in.

As I say though, I use it myself regularly and for a totally free solution it is rather neat.
Oscar in England
Image

AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

VPN-Activator

#30 Post by AvidHunter »

Hello OscarTalks

I have read this through a couple times now and am still unable to locate a link to the VPN-activator.pet file. It is mentioned in the first post but the only links that show up are to VPNbook.com and Smokey01.com/OscarTalks. I have also read through that a couple times and am unable to find a link to the file. How am I missing it?

BTW: my intention is to use the Free version of ProtonVPN because it has no logging and no adds (but is evidently crippled on many features). In any case this is my first venture into a VPN service so I obviously have a learning curve to climb so I want to thank you for this thread and all the support you have put into it, I really appreciate it.

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#31 Post by OscarTalks »

@ AvidHunter

The .pet is near the bottom of the first post as an attachment, below the image attachments. It is in a rectangular box with the .pet name in the title bar and the download link on the right hand side. As I say, it is a bit out of date now.

Are you running 32bit Xenial or 64bit Xenial?

I have put together a much more complete package with updated config files, scripts, icons, .desktop files, and all executables for 32bit Xenial and I gave it a quick test. (64bit Xenial version also added).

I named these .pet packages vpn-onoff-0.1-i686-xenial and vpn-onoff-0.1-x86_64-xenial
Version vpn-onoff-0.1-i686-slack14.1 also added for Slacko 6.3.2 32bit
I will upload them to http://smokey01.com/OscarTalks
Strictly for testing

All configuration is now done in the sub-directory /etc/vpn-onoff
The .ovpn config files (renamed), the vpnconfig symlink, and the vpnpass text file containing username and password are now all in this directory along with a bit of a README.
This is more tidy than having these files among others in /etc
Oscar in England
Image

AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

VPN-Activator --- On-Off

#32 Post by AvidHunter »

@ OscarTalks

I found the VPN-Activator download link just where you said it would be...(that was embarrassing). However, I also grabbed the vpn-onoff-0.1-x86_64-xenial from smokey01 (I'm running the 64 bit xenial) that you just posted and installed it (sweet). I will spend tonight and see if I can get everything running. Thankyou

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#33 Post by OscarTalks »

AvidHunter wrote:BTW: my intention is to use the Free version of ProtonVPN because it has no logging and no adds (but is evidently crippled on many features.
Took a look at ProtonVPN free version and was able to get it working.

Signed up with e-mail
Logged in to their website which gives me my dashboard.
From there I can download the .ovpn config files for each of their servers.
Place this (or several of them) in /etc/vpn-onoff with the others.
Delete the symlink vpnconfig
Right click the ProtonVPN .ovpn file and select "link"
Name the link you are creating as vpnconfig (replacing what you just deleted)
From the dashboard I also obtain the long random username and password which I have to use.
Those I paste into my vpnpass file (also in /etc/vpn-onoff)
I add the path to my vpnpass file into the .ovpn config file:-
auth-user-pass /etc/vpn-onoff/vpnpass
Save and close everything.
The VPN-Start "button" in JWM menu then starts it and connects.

The FREE servers are only 2 in Japan, 2 in The Netherlands, and 2 in USA and they are all very busy, some showing 100% load and none lower than around 80% when I looked. I chose USA2 and it was performing reasonably well, although the first 7 days are trial period so speed may slow down after that.
Oscar in England
Image

AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

ProtonVPN

#34 Post by AvidHunter »

@ OscarTalks

I am so glad you wrote these tutorials I would be so lost.

Anyway I meticulously followed your instructions through, closed the browser and clicked on VPN-start on the network men. I got the 30 second warning pop-up followed by the browser opening to "What is my IP?" web page. I minimized the browser and again clicked on the VPN-start button, again got the 30 second warning and the browser again opened another tab to the "What is my IP?" web page. I do not see the "openVPN already running" pop-up. How do I know if I'm connected?

BTW: netherlands-01 is running at 33% right now, I just can't tell if I'm connecting.

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#35 Post by OscarTalks »

If you know your IP address before you try to connect you can compare it to the IP address after you connect. Also the "What is my IP" page gives additional information such as location, which should match the VPN server location rather than your own real location. You can close the browser once you have looked at the information, whether you are successfully connected or not.

If the browser opens again or opens another tab it would suggest that openvpn is not running or VPN has not initialised, but the information in the page is supposed to indicate that for you anyway. I suspect that something is still not quite right in your configuration process.

The tray notification icon will also re-open the browser on left click.
Right click of the tray notification icon gives the option to VPN-Stop.
Oscar in England
Image

Post Reply