A Simple VPN Implementation

How to do things, solutions, recipes, tutorials
Message
Author
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

Comcast blocking VPN

#46 Post by AvidHunter »

@ OscarTalks

Reconfigured everything for VPNbook and got the same results. Everything connects but no web access, so I went to bed frustrated.

Next Day (today) I took the laptop a few cities south to a location where I had access to a commercial account with the same ISP (Comcast). WAHLA!!! everything works perfectly, Comcast is blocking VPN use from residential accounts. Any suggestions on how to deal with this? I wonder if Comcast blocks a Tor browser?

User avatar
festus
Posts: 235
Joined: Wed 14 Jan 2015, 19:10

#47 Post by festus »

@OscarTalks

I am using your "Simple VPN Implementation" successfully on upupbb & both 32 & 64 bit xenial-7.5

Is there any way to configure other pkgs, eg: claws-mail, to use this vpn pkg?

Thank you very much, for this important pkg.

bliss,
festus :)

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

Re: Comcast blocking VPN

#48 Post by OscarTalks »

AvidHunter wrote:Reconfigured everything for VPNbook and got the same results. Everything connects but no web access, so I went to bed frustrated.

Next Day (today) I took the laptop a few cities south to a location where I had access to a commercial account with the same ISP (Comcast). WAHLA!!! everything works perfectly, Comcast is blocking VPN use from residential accounts. Any suggestions on how to deal with this? I wonder if Comcast blocks a Tor browser?
At least that is partial good news in that it works on that computer.
Since I have no experience of ISP blocking I don't have any immediate ideas.
If this is a widespread issue I would have thought that search engines might reveal something.

There is still a possibility that the problem is caused by your router or a router setting, unless you have found official confirmation that the ISP domestic accounts are definitely VPN blocked.

Tor Browser Bundle is easy to test.
http://murga-linux.com/puppy/viewtopic.php?t=91141
Oscar in England
Image

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#49 Post by OscarTalks »

festus wrote:I am using your "Simple VPN Implementation" successfully on upupbb & both 32 & 64 bit xenial-7.5

Is there any way to configure other pkgs, eg: claws-mail, to use this vpn pkg?

Thank you very much, for this important pkg.

bliss,
festus
Hello Festus,
Thanks for the report.
This program does open the browser as a form of notification so you can see if your IP has changed, but it does route your main system connection through the VPN, so other programs that connect should also be doing so via the VPN. This applies to streaming media players and Transmission torrent client for example. Have you found that claws-mail doesn't work when connected to VPN? I don't use an e-mail client myself, only webmail.
Oscar in England
Image

User avatar
festus
Posts: 235
Joined: Wed 14 Jan 2015, 19:10

#50 Post by festus »

Have you found that claws-mail doesn't work when connected to VPN? I don't use an e-mail client myself, only webmail.
Hello, Oscar, thanks for the reply.

With the VPN active, these pks connected and worked fine:
PPM, Pup Advert Blocker, Palemoon, Firefox, dogradio, vlc

The only pkgs that would NOT work were my email pks, claws-mail & thunderbird

Here is the logfile from claws-mail:

Code: Select all

* Account 'xxxx@xxxx.net@pop3.xxxxx.net': Connecting to POP3 server: pop3.xxxxxx.net:995...
** Session timed out. You may be able to recover by increasing the timeout value in Preferences/Other/Miscellaneous.
I increased the timeout period from the default ~62 secs to 120 seconds with still no connectivity with either email client.

This behavior is alright with me; I just figure it is something to do with the big-bother gov't trying to catch "terrists". :lol:

Anyway, thank you, again Oscar...

bliss,
festus

LeithR
Posts: 338
Joined: Mon 24 Jan 2011, 12:15
Location: Kemnay, Aberdeenshire/Scotland

#51 Post by LeithR »

Thanks all for your efforts on this activity. I eventually got it going this afternoon.
Basically the steps I took to set it up on a new installation of xenialpup64-7.5-UEFI was as follows
Download from the smokey01/OscarTalks web page the openvpn files similarly named to your operating system so I downloaded openvpn-2.4.6-x86_64-xenial.pet and vpn-onoff-0.1-x86_64-xenial.pet.
I loaded both of them onto the machine, checked that I had VPN-Start and VPN-Stop showing in Menu>Network then went to
https://www.vpnbook.com/freevpn

I then downloaded from the Free OpenVPN column the FR Open VPN Certificate Bundle (Depends where in the world you are located so download one adjacent to where you live). Noted the Username and Password.

Then opened the file /etc/vpn-onoff/vpnpass as text and overwrote the words username and password in the file (2nd Tab called vpnpass). Don't forget to save the change.

To note that you are starting a vpn session, firstly run What is my vpn address as per suggestion in OcarTalks first note, take note of it, then start vpn from Menu>Network>VPN-Start then re-open what is my vpn address. The should be quite different thus indicating that you are running in VPN.

Many thanks to OscarTalks for putting this thread together, its been an interesting couple of days figuring it out.

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#52 Post by OscarTalks »

Hello LeithR, glad to know you got it working.

Just a couple of points for yourself and others, the experimental vpn-onoff package does already contain all the needed components, including openvpn, so there is no need to install openvpn as well.

The openvpn packages are intended for people who want to run it from command line or as a dependency of other tools.

The vpn-onoff package also contains a selection of the .ovpn configuration files which allow connection to all the available servers (at the time of writing) of VPNbook and FreeVPN.me although these configuration files have been renamed for simplicity.

Users can (and should) download other configuration files if they want to use a different protocol (UDP or TCP) or a different port number, or in the event that these providers change server details or introduce new servers that you want to use.

As things stand, the vpn-onoff package should work on completion of only one step, which is to grab the VPNbook password and paste it into the second line of /etc/vpn-onoff/vpnpass in place of the word "password".
Oscar in England
Image

AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

Router passthrough -- not!

#53 Post by AvidHunter »

@ OscarTalks

My ISP denies any culpability. I've been playing with my modem/router (netgear C6220) and it does not support VPN pass through. Even when I plug another router into the unit so the modem acts as a bridge only I still can't get through it with the VPN. Now begins the search for a new modem.

Anyway I greatly appreciate everything you have provided here, without your efforts I doubt that I would have gotten anywhere near this far. Thank you.

AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

New Router Tests Comming

#54 Post by AvidHunter »

@ OscarTalks

I've got a new modem/router to install and test...coming soon.

However I have another curiosity question. I really like what you have done here and I have another laptop running Lubuntu. Since the latest version of puppy is based on ubuntu, or at least able to use ubuntu packages, what would it take to package this up so it would install on Lubuntu?

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

Re: New Router Tests Comming

#55 Post by OscarTalks »

AvidHunter wrote: what would it take to package this up so it would install on Lubuntu?
I have never tried to package anything as a .deb, I think it is not too difficult to do in Puppy, although I would not want to attempt to make a package for Lubuntu without first examining the structure of the Lubuntu system.

What you could try if you wanted to experiment is to extract the .pet and then copy or move the files into the Lubuntu directory tree (manual installation), leaving out anything which is already in Lubuntu (eg the openvpn executable).

By the way, I have still been using the ProtonVPN Free servers for quite a number of days now using the command-line tool which they provide. One advantage of it is that it even routes DNS lookups through the VPN for you. Speed is not quite as fast as FreeVPN.me but certainly quite acceptable. Once it is set up, it is just pvpn -c to connect and pvpn -d to disconnect. One disadvantage is that there is no tray icon to remind you that you are in VPN, but certainly worth having on board as an alternative to my system.
Oscar in England
Image

User avatar
MrDuckGuy
Posts: 155
Joined: Thu 31 Jan 2019, 09:06
Location: Hermosa Beach, CA, USA

Re: A Simple VPN Implementation

#56 Post by MrDuckGuy »

OscarTalks wrote: ... method uses openvpn ... Install
openvpn. ... Click the VPN-Start menu entry
and wait for around 30 seconds ... default
browser should open ... default browser
should open and show your normal IP address
... method can ... be adapted for other
VPN providers ... Ideas are welcome ...
Hello, I am trying this. I am a customer of
a VPN provider called 'Ivacy'.

Ivacy has a list of 30 or 40 VPN providers
on their website, and I have a username and
password that allows me to access the
service.

I tried to use the pre-installed
'Gpptp VPN v 2.0' and loaded in my username,
password, along with one of the VPN server
URL addresses. I think it's connected but I
don't know how to implement it.

Also I have loaded your widget as well and
it's succeeded in configuring one of the
open VPN clients but I found that it, when
browsing to many sites, the system hangs and
won't connect. I'd like to configure open
VPN to access one of my provider's sites.

I have edited the password as you directed.
I already know how to edit the username and
password from reading this thread, but how
do I change the url of the VPN provider?

Also how does one implement the
Gpptp VPN 2.0 system? My browser shows no
change in ip address.

As always, thanks in advance, Kelikaku. B'H.
Attachments
2019-03-13-GpptpVPNv2.0_output.png
Output from the GpptpVPN program. B'H.
(51.25 KiB) Downloaded 831 times

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#57 Post by rcrsn51 »

Deleted.

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#58 Post by OscarTalks »

PPTP and OpenVPN are alternative protocols for establishing a VPN connection so you would use either one or the other, therefore you would not use Gpptp in conjunction with my system which uses OpenVPN. I can't advise on Gpptp as I have no experience of it.

My thing is mainly designed to be used with the mentioned free providers. In practice it can be adapted to operate with other providers, but there are no guarantees with this.

You will need to obtain .ovpn config file(s) from Ivacy in order to configure my thing to connect to their servers. I asked them (in their chat applet) and they said they do provide these to their subscribers. You will need to pick out the one which corresponds to the server (location) you want to use. Place it in /etc/vpn-onoff along with the others, delete the vpnconfig symlink and make a new vpnconfig symlink which links to your Ivacy config file. Enter your Ivacy username and password in to the vpnpass file. Then see if it connects.

The URL of the VPN provider is contained within each of the .ovpn config files
There may be some other lines in it that you will need to edit.
The main one will need to read:-
auth-user-pass /etc/vpn-onoff/vpnpass
Without this it will not know where to look for the username and password so is unlikely to work.
Oscar in England
Image

User avatar
Indy
Posts: 73
Joined: Wed 01 Feb 2006, 10:52
Location: Sydney, Australia

#59 Post by Indy »

I can confirm that this works with (paid) Private Internet Access (PIA). I have it working on two machines, one running xenialpup32 and the other xenialpup64 and it's working very well on both, rock solid. Thanks, OscarTalks! :P

Everything worked exactly as per your instructions.

Here's how I did it:
  1. Installed vpn-onoff-0.1-i686-xenial.pet. It creates /etc/vpn-onoff. (installed vpn-onoff-0.1-x86_64-xenial.pet for the 64-bit laptop)
  2. Downloaded the .ovpn config files from the PIA website
  3. Copied all the (.ovpn) files into /etc/vpn-onoff.
  4. Went into /etc/vpn-onoff and recreated a symlink of vpnconfig to my chosen region (e.g. "AU Sydney.ovpn")
  5. Edited the .ovpn file of my chosen region, looked for the line "auth-user-pass" and changed it to "auth-user-pass /etc/vpn-onoff/vpnpass"
  6. Edited /etc/vpn-onoff/vpnpass and entered my PIA username/password
To run, Menu > Network > VPN-Start. (I didn't have to to mess with Gpptp.)

The PIA website (www.privateinternetaccess.com) reflects your IP address and tells you if you're protected by PIA (as in, if you're reaching that web page via their VPN, I suppose). I decided to use that to check my VPN status as a PIA user. So, I edited vpn-start and vpn-stop (both found in /usr/bin) and replaced everywhere I found "http://my-ip-address.co" with "https://www.privateinternetaccess.com". So now, every time I start or stop the VPN, that PIA website pops up for me.

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#60 Post by OscarTalks »

Now testing "vpn-onoff" version 0.2
Added DNS handling using openresolv
Version upgrade of OpenVPN to 2.4.7
Update of freevpn.me configuration files to reflect changes and addition of 1 new server.
See first post.
Oscar in England
Image

User avatar
festus
Posts: 235
Joined: Wed 14 Jan 2015, 19:10

#61 Post by festus »

OscarTalks wrote:Now testing "vpn-onoff" version 0.2
Added DNS handling using openresolv
Version upgrade of OpenVPN to 2.4.7
Update of freevpn.me configuration files to reflect changes and addition of 1 new server.
See first post.
Hello, OscarTalks

I am using and very pleased with version 0.2 of this package.

I tested the DNS for leaks here>
https://ipleak.net/
The results looked fine to me...

Thank you for taking the time to make and share this important piece

bliss,
festus

User avatar
fabrice_035
Posts: 765
Joined: Mon 28 Apr 2014, 17:54
Location: Bretagne / France

#62 Post by fabrice_035 »

Hello,

I can't run a script when the network is disconnected.
Of course i found option (placed in .ovpn script/file)

Code: Select all

...
up "/root/VPN/connect.sh"
down "/root/VPN/disconnect.sh"
...
but if I disconnect the network cable from my computer I don't receive any alert
'down' work only if i kill openvpn or exit .
Any suggestion ?

Thx
Bionicpup64-8.0 _ Kernel 5.4.27-64oz _ Asus Rog GL752

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#63 Post by OscarTalks »

Hello Festus,
Thanks very much for the report.

Hello Fabrice,
Sorry but I don't have a definite answer. I have been trying to study these functions as there are other things I would like to do including some more notifications. I guess that disconnecting the cable produces a different response within the program when compared to issuing a kill or exit command. You could try running openvpn from terminal and study the output to see if you can use any changes to run a script. That is my only suggestion at the moment.
Oscar in England
Image

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#64 Post by OscarTalks »

VPNbook have added 2 new free servers
Canada (CA198) has been added
France (FR8) has been added
CA222 and FR1 remain active, taking the total number of free servers available to 8
Users requiring p2p should use PL or DE (or one of the freevpn.me servers)
See http://vpnbook.com

I have added configuration files for these 2 new servers to my experimental vpn-onoff packages and re-uploaded. Package number remains the same at 0.2
http://smokey01.com/OscarTalks
Oscar in England
Image

User avatar
Mike Walsh
Posts: 6351
Joined: Sat 28 Jun 2014, 12:42
Location: King's Lynn, UK.

#65 Post by Mike Walsh »

Hallo, Oscar.

Mate, this works absolutely perfect. I can't thank you enough.....and so simple to use.

I thought it was time I got summat 'sorted' ahead of the forthcoming UK internet censorship law, coming into effect on the the 15th July 2019. Not that I visit very many 'dodgy' sites, if at all - :lol: - but from what some of the tech blog site sites have been reporting, the implementation is going to be so draconian that it'll throw the UK internet completely for a 'curve ball'.....and nothing will be the same going forward.

Even many relatively innocuous sites will be caught in the net.....and I have absolutely no intentions of registering my real name and credit card details, simply to 'prove my age'. Why the hell should any of us have to, come to that?

This article from WIRED.co.uk makes for interesting reading, and is a worrying taste of things to come.....

(Note section 3 in particular. Imagine that getting hacked, and all the possible ensuing blackmail on social media.....not to mention law-enforcement agencies taking it into their heads to conduct huge 'trawling' operations, based on the details within.)

Ouch. Literally.

----------------------------

I tried your early efforts on this, I'll admit, more out of curiosity than owt else. From those early 'manual' efforts this has matured into a beautifully easy-to-use way for any Puppian to use a VPN, newbie and veteran alike. Full marks to you.....and thanks again.

(According to my-ip-address.co, I'm posting this from a small village somewhere in south-eastern France...!!)

Well done, mate. You're a real credit to our community.


Image


Mike. :wink:

Post Reply